Refactor GH workflows (#1416)

Refactor Github action from a single workflow to multiple workflows. The purpose is to make the workflows easier to follow and understand. Explanation of workflows.. * check: runs before a merge (i.e. PRs) or after a push (merge or forced push). Mainly for running quick validation jobs. * gate: runs after a merge or a forced push to any branch. Allows admins to trigger long running integration tests as a gate to merging into the main branch. * release: runs on a tag to publish Sceptre to registries and repositories
Sceptre · Jan 26, 2024 · f6ba551 · f6ba551
1 parent b204ad7
commit f6ba551
Show file tree

Hide file tree

Showing 4 changed files with 196 additions and 187 deletions.
diff --git a/.github/workflows/check.yaml b/.github/workflows/check.yaml
@@ -0,0 +1,79 @@
+name: check
+
+on:
+  push:
+    branches:
+      - '*'
+  pull_request:
+    branches:
+      - '*'
+
+jobs:
+  packaging:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Install Poetry
+        uses: snok/install-poetry@v1
+      - name: build package
+        run: poetry build
+
+  documentation:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Install Poetry
+        uses: snok/install-poetry@v1
+      - name: Install dependencies
+        run: poetry install --no-interaction --all-extras
+      - name: build documentation
+        run: poetry run make html --directory docs
+
+  # use https://github.com/medmunds/tox-gh-matrix to export tox envlist to GH actions
+  get-tox-envlist:
+    runs-on: ubuntu-latest
+    outputs:
+      envlist: ${{ steps.generate-envlist.outputs.envlist }}
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v4
+      - name: Install Poetry
+        uses: snok/install-poetry@v1
+      - name: Install dependencies
+        run: poetry install --no-interaction --all-extras
+      - id: generate-envlist
+        run: poetry run tox --gh-matrix
+
+  unit-tests:
+    needs: get-tox-envlist
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: true
+      matrix:
+        tox: ${{ fromJSON(needs.get-tox-envlist.outputs.envlist) }}
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v4
+      - name: Setup Python
+        id: setup-python
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.tox.python.spec }}
+      - name: Install Poetry
+        uses: snok/install-poetry@v1
+      - name: Install dependencies
+        run: poetry install --no-interaction --all-extras
+      - name: run python tests
+        run: poetry run tox -e ${{ matrix.tox.name }}
+      - name: run python test report
+        run: poetry run tox -e report
+
+  docker-build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v4
+      - name: Build Docker Image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
diff --git a/.github/workflows/gate.yaml b/.github/workflows/gate.yaml
@@ -0,0 +1,73 @@
+name: gate
+
+env:
+  AWS_REGION: us-east-1
+  AWS_ROLE_DURATION: 3600
+  # role generated from https://github.com/Sceptre/sceptre-aws/blob/master/config/prod/gh-oidc-sceptre-tests.yaml
+  AWS_ROLE: arn:aws:iam::743644221192:role/gh-oidc-sceptre-tests
+
+on:
+  workflow_run:
+    workflows:
+      - check
+    types:
+      - completed
+    branches:
+      - master
+
+jobs:
+  integration-tests:
+    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+    steps:
+      - uses: actions/checkout@v4
+      - name: Install Poetry
+        uses: snok/install-poetry@v1
+      - name: Install dependencies
+        run: poetry install --no-interaction --all-extras
+      # Update poetry for https://github.com/python-poetry/poetry/issues/7184
+      - name: update poetry
+        run: poetry self update --no-ansi
+      - name: Setup Python
+        id: setup-python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.10'
+          cache: 'poetry'
+      - name: Assume AWS role
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: ${{ env.AWS_REGION }}
+          role-to-assume: ${{ env.AWS_ROLE }}
+          role-session-name: GHA-${{ github.repository_owner }}-${{ github.event.repository.name }}-${{ github.run_id }}
+          role-duration-seconds: ${{ env.AWS_ROLE_DURATION }}
+      - name: run tests
+        run: poetry run behave integration-tests/features --junit --junit-directory build/behave
+        env:
+          AWS_DEFAULT_REGION: eu-west-1
+
+  docker-build-push:
+    needs:
+      - integration-tests
+    if: ${{ github.ref == 'refs/heads/master' }}
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+      # docker convention: edge tag refers to the very latest code
+      - name: Build and push Docker image to sceptreorg/sceptre:${{ steps.meta.outputs.tags }}
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: true
+          tags: sceptreorg/sceptre:edge
+          labels: ${{ steps.meta.outputs.labels }}
diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -0,0 +1,44 @@
+name: release
+
+on:
+  push:
+    tags:
+      - 'v[0-9]+.[0-9]+.[0-9]+([0-9]+)'
+
+jobs:
+  docker-build-release:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+      # docker convention: latest tag refers to the last stable release
+      - name: Build and push Docker image to sceptreorg/sceptre:latest
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: true
+          tags: sceptreorg/sceptre:latest
+          labels: ${{ steps.meta.outputs.labels }}
+      - name: Build and push Docker image to sceptreorg/sceptre:${{ steps.meta.outputs.tags }}
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: true
+          tags: sceptreorg/sceptre:${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+
+  pypi-release:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Install Poetry
+        uses: snok/install-poetry@v1
+      - name: Publish to pypi
+        run: poetry publish --build -u __token__ -p ${{ secrets.PYPI_API_TOKEN }}