-
Notifications
You must be signed in to change notification settings - Fork 16
148 lines (148 loc) · 5.88 KB
/
build.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
name: Build
on:
- push
- pull_request
jobs:
test:
# When running with act (https://github.com/nektos/act), these lines need to be appended with the ACT variable
# to force each job to run
if: github.repository == 'adobe/buildrunner' #|| ${{ env.ACT }}
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
python-version:
- 3.8
- 3.9
- '3.10'
- '3.11'
steps:
- uses: actions/checkout@v2
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v2
with:
python-version: ${{ matrix.python-version }}
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements.txt
pip install -r test_requirements.txt
- name: Pre-commit checks
run: pre-commit run --all-files
- name: Write SSH keys
env:
# These were generated with:
# ssh-keygen -t ecdsa -m PEM ''
# and then installed as a read-only deploy key on the buildrunner repository
#
# Since this is a public repository and the key provides the same rights that even anonymous users have,
# this key is rather worthless and can be stored safely in code here. This *could* be used as a secret,
# but since secrets are not available to forks, we cannot test SSH functionality in PRs which defeats
# the purpose somewhat.
DEPLOY_SSH_KEY: "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW\nQyNTUxOQAAACBasvUoRzAAdHZ5nFWtDR/5DQU+FWtDYNXD0xPGSdjKtwAAAJiLXobki16G\n5AAAAAtzc2gtZWQyNTUxOQAAACBasvUoRzAAdHZ5nFWtDR/5DQU+FWtDYNXD0xPGSdjKtw\nAAAEBcRwB1PEnUHF5aK6q3JYyuOlT+adQ0mcRrIxsmJiiq1Vqy9ShHMAB0dnmcVa0NH/kN\nBT4Va0Ng1cPTE8ZJ2Mq3AAAAEWJ1aWxkcnVubmVyQGFkb2JlAQIDBA==\n-----END OPENSSH PRIVATE KEY-----"
DEPLOY_SSH_KEY_PUB: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFqy9ShHMAB0dnmcVa0NH/kNBT4Va0Ng1cPTE8ZJ2Mq3 buildrunner@adobe"
run: |
mkdir -p ~/.ssh
printf -- "$DEPLOY_SSH_KEY" > ~/.ssh/buildrunner-deploy-id_rsa
printf -- "$DEPLOY_SSH_KEY_PUB" > ~/.ssh/buildrunner-deploy-id_rsa.pub
chmod 700 ~/.ssh
chmod 600 ~/.ssh/buildrunner-deploy-*
- name: Test with pytest
run: pytest -v --junitxml=test-reports/test-results.xml
- name: Publish test results
uses: EnricoMi/publish-unit-test-result-action/composite@v1
# exclude this step for 3.6, since it fails due to a breaking change to EnricoMi/publish-unit-test-result-action
if: always() && matrix.python-version != '3.6'
with:
files: test-reports/test-results.xml
check_name: "Test Results ${{ matrix.python-version }}"
tag-commit:
if: github.repository == 'adobe/buildrunner' && github.event_name == 'push' && github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
needs: test
steps:
- uses: actions/checkout@v2
with:
# Fetch all history instead of the latest commit
fetch-depth: 0
- name: Get and set version in env
run: echo "CURRENT_VERSION=$( python setup.py --version )" >> $GITHUB_ENV
- name: Print current version
run: echo CURRENT_VERSION ${{ env.CURRENT_VERSION }}
- name: Tag commit
run: git tag ${{ env.CURRENT_VERSION }} && git push --tags
publish-pypi:
if: github.repository == 'adobe/buildrunner'
runs-on: ubuntu-latest
needs: test
steps:
- uses: actions/checkout@v2
with:
# Fetch all history instead of the latest commit
fetch-depth: 0
- name: Set up Python
uses: actions/setup-python@v2
with:
python-version: 3.8
- name: Remove version file
# This is just in case something else created it, destroy it to get a fresh version
run: rm -f buildrunner/version.py
- name: Install wheel
run: pip install wheel build
- name: Build
run: python -m build
- name: Check upload
run: pip install twine && twine check dist/*
- name: Publish to PyPi
uses: pypa/gh-action-pypi-publish@release/v1
# Only publish on pushes to main
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
with:
user: __token__
password: ${{ secrets.ADOBE_BOT_PYPI_TOKEN }}
publish-docker:
if: github.repository == 'adobe/buildrunner'
runs-on: ubuntu-latest
needs: test
steps:
- uses: actions/checkout@v2
with:
# Fetch all history instead of the latest commit
fetch-depth: 0
- name: Get and set version in env
run: echo "CURRENT_VERSION=$( python setup.py --version )" >> $GITHUB_ENV
- name: Print current version
run: echo CURRENT_VERSION ${{ env.CURRENT_VERSION }}
- name: Docker Tags
id: docker_tags
uses: docker/metadata-action@v3
with:
images: ghcr.io/adobe/buildrunner
tags: |
latest
${{ env.CURRENT_VERSION }}
- name: Set up QEMU
uses: docker/setup-qemu-action@v1
with:
platforms: linux/amd64,linux/arm64
# Buildx is used to build multi-platform images
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
# Login to the docker registry
- name: Login to GitHub Container Registry
uses: docker/login-action@v1
# Only login if this a push to main
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and Push Image
uses: docker/build-push-action@v2
with:
context: .
# Only push images if this is a push to main
push: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
platforms: linux/amd64,linux/arm64
tags: ${{ steps.docker_tags.outputs.tags }}
labels: ${{ steps.docker_tags.outputs.labels }}