Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci: Update CI to use Pixi #971

Merged
merged 31 commits into from
Nov 12, 2024
Merged

ci: Update CI to use Pixi #971

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
31 commits
Select commit Hold shift + click to select a range
01e6195
ci: Update CI to use Pixi
hoxbro Oct 14, 2024
7b4271b
Lint
hoxbro Oct 14, 2024
b7b2fe1
Update test.yaml
hoxbro Oct 14, 2024
30d8759
Update test-example task
hoxbro Oct 14, 2024
e5a37d0
Update pytest options
hoxbro Oct 14, 2024
9b86c11
Remove pre-commit warning
hoxbro Oct 14, 2024
59ef7f4
fix lowerbound
hoxbro Oct 14, 2024
c4142f6
Merge branch 'main' into pixi
hoxbro Oct 14, 2024
9f1acf8
fix: Windows examples
hoxbro Oct 14, 2024
da85896
Update pixi.toml
hoxbro Oct 14, 2024
cb16601
Try fixing gen on Python 3.13 and Windows
hoxbro Oct 14, 2024
6dfb850
lint in docs.yaml
hoxbro Oct 14, 2024
53780af
Update docs.yaml to use Pixi
hoxbro Oct 14, 2024
20fbeeb
Update time for test_reactive_gen_py
hoxbro Oct 14, 2024
9fbde59
lint build.yaml
hoxbro Oct 14, 2024
7d35e0f
Update to build to pixi
hoxbro Oct 14, 2024
50c741f
Add conda build script
hoxbro Oct 14, 2024
00e1c03
Comment out build checks for now
hoxbro Oct 14, 2024
2916ab5
Fix extension of conda build
hoxbro Oct 14, 2024
14b936f
remove docs env
hoxbro Oct 14, 2024
c61d27b
Use .tar.gz for build conda
hoxbro Nov 7, 2024
942af55
Add conda-forge channel
hoxbro Nov 7, 2024
006e7da
Uncomment publish step
hoxbro Nov 7, 2024
49647c6
Remove hatch settings from pyproject.toml
hoxbro Nov 7, 2024
45c7f29
Remove test-313
hoxbro Nov 7, 2024
515eb87
Update dev. guide
hoxbro Nov 7, 2024
b5b46f7
remove dev focused optional dependencies from pyproject.toml
hoxbro Nov 7, 2024
edc0810
Remove mention of ui test from dev guide
hoxbro Nov 7, 2024
2d7b1b3
Add nighly lock
hoxbro Nov 7, 2024
b6303e7
Clean up
hoxbro Nov 7, 2024
e619273
Update pyproject.toml
hoxbro Nov 9, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
162 changes: 111 additions & 51 deletions .github/workflows/build.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,81 +2,141 @@ name: packages
on:
push:
tags:
- 'v[0-9]+.[0-9]+.[0-9]+'
- 'v[0-9]+.[0-9]+.[0-9]+a[0-9]+'
- 'v[0-9]+.[0-9]+.[0-9]+b[0-9]+'
- 'v[0-9]+.[0-9]+.[0-9]+rc[0-9]+'
- "v[0-9]+.[0-9]+.[0-9]+"
- "v[0-9]+.[0-9]+.[0-9]+a[0-9]+"
- "v[0-9]+.[0-9]+.[0-9]+b[0-9]+"
- "v[0-9]+.[0-9]+.[0-9]+rc[0-9]+"
# Dry-run only
workflow_dispatch:
schedule:
- cron: '0 13 * * SUN'
- cron: "0 13 * * SUN"

defaults:
run:
shell: bash -e {0}

env:
PYTHON_VERSION: "3.11"
PACKAGE: "param"

jobs:
waiting_room:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this mean I'll have to click somewhere to release Param? I don't think I've done it yet for other places where you added that. If so, am I supposed to check something specific before I click?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes. It is done on the other repos, though I have limited it to lead maintainers (and me).

I use it to double-check that the version tag is correct.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have limited it to lead maintainers (and me).

Ok. Where is the least of lead maintainers defined?

I use it to double-check that the version tag is correct.

Too bad we no longer trust the system to produce the right version tag, but that's fine.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Too bad we no longer trust the system to produce the right version tag, but that's fine.

The "system" is writing tags ourselves and git push (ref). PyPi also strongly encourages it (ref).

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PyPi also strongly encourages it (ref).

I'm sorry I don't understand, this page links to using a trusted publisher. Are we doing that?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe we are in places (though maybe not everywhere yet).

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm sorry I don't understand, this page links to using a trusted publisher. Are we doing that?

Just to be sure:

  • The waiting room job itself is to ensure that all the building steps succeed. For example, if the PyPi build step fails, the conda package will not be released.
  • Inside the waiting room is an environment publish, which people must be approved before release. This was what I tried to reference in the PyPI ref.
    image

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok thanks I got it.

The waiting room job itself is to ensure that all the building steps succeed. For example, if the PyPi build step fails, the conda package will not be released.

It sounds like it's more for manually checking the two builds, since otherwise it could be automated.

Inside the waiting room is an environment publish, which people must be approved before release. This was what I tried to reference in the PyPI ref.

Ok I understand better how you use the environment to add this protection rule. Seems not so related to the trusted publisher thing for which environment is optional but permissions with id-token: write is not.

image

By the way I think you should add Jean-Luc and we probably need to update the list of maintainers.

image

All of that sounds like it would be worth being documented somewhere, it's kind of hard to follow.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

manually checking the two builds

It is automatically done. If the environment were not there, it would do everything without interaction.

All of that sounds like it would be worth being documented somewhere

Yes. I will update the holoviz site (soon).

name: Waiting Room
runs-on: ubuntu-latest
needs: [conda_build, pip_install]
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
environment:
name: publish
steps:
- run: echo "All builds have finished, have been approved, and ready to publish"

pixi_lock:
name: Pixi lock
runs-on: ubuntu-latest
steps:
- uses: holoviz-dev/holoviz_tasks/pixi_lock@v0

conda_build:
name: Build Conda Packages
runs-on: 'ubuntu-latest'
name: Build Conda
needs: [pixi_lock]
runs-on: "ubuntu-latest"
steps:
- uses: holoviz-dev/holoviz_tasks/pixi_install@v0
with:
environments: "build"
download-data: false
install: false
- name: conda build
run: pixi run -e build build-conda
- uses: actions/upload-artifact@v4
if: always()
with:
name: conda
path: dist/*.tar.bz2
if-no-files-found: error

conda_publish:
name: Publish Conda
runs-on: ubuntu-latest
needs: [conda_build, waiting_room]
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
defaults:
run:
shell: bash -l {0}
env:
CHANS_DEV: "-c pyviz/label/dev"
PKG_TEST_PYTHON: "--test-python=py37"
PYTHON_VERSION: "3.9"
CHANS: "-c pyviz"
CONDA_UPLOAD_TOKEN: ${{ secrets.CONDA_UPLOAD_TOKEN }}
shell: bash -el {0}
steps:
- uses: actions/checkout@v4
- name: Fetch unshallow
run: git fetch --prune --tags --unshallow -f
- uses: actions/setup-python@v5
- uses: actions/download-artifact@v4
with:
python-version: "3.9"
name: conda
path: dist/
- name: Set environment variables
run: |
echo "TAG=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
echo "CONDA_FILE=$(ls dist/*.conda)" >> $GITHUB_ENV
- uses: conda-incubator/setup-miniconda@v3
with:
miniconda-version: "latest"
- name: Set output
id: vars
run: echo "tag=${GITHUB_REF#refs/*/}" >> $GITHUB_OUTPUT
channel: "conda-forge"
- name: conda setup
run: |
conda update --name base conda
conda install anaconda-client conda-build
pip install hatch
- name: conda build
run: |
VERSION=`hatch version` conda build conda.recipe/
conda install -y anaconda-client
- name: conda dev upload
if: (github.event_name == 'push' && (contains(steps.vars.outputs.tag, 'a') || contains(steps.vars.outputs.tag, 'b') || contains(steps.vars.outputs.tag, 'rc')))
if: contains(env.TAG, 'a') || contains(env.TAG, 'b') || contains(env.TAG, 'rc')
run: |
anaconda --token $CONDA_UPLOAD_TOKEN upload --user pyviz --label=dev $(VERSION=`hatch version` conda build --output conda.recipe)
anaconda --token ${{ secrets.CONDA_UPLOAD_TOKEN }} upload --user pyviz --label=dev $CONDA_FILE
- name: conda main upload
if: (github.event_name == 'push' && !(contains(steps.vars.outputs.tag, 'a') || contains(steps.vars.outputs.tag, 'b') || contains(steps.vars.outputs.tag, 'rc')))
if: (!(contains(env.TAG, 'a') || contains(env.TAG, 'b') || contains(env.TAG, 'rc')))
run: |
anaconda --token $CONDA_UPLOAD_TOKEN upload --user pyviz --label=dev --label=main $(VERSION=`hatch version` conda build --output conda.recipe)
anaconda --token ${{ secrets.CONDA_UPLOAD_TOKEN }} upload --user pyviz --label=dev --label=main $CONDA_FILE

pip_build:
name: Build PyPI Packages
runs-on: 'ubuntu-latest'
defaults:
run:
shell: bash -l {0}
name: Build PyPI
needs: [pixi_lock]
runs-on: "ubuntu-latest"
steps:
- uses: holoviz-dev/holoviz_tasks/pixi_install@v0
with:
environments: "build"
download-data: false
install: false
- name: Build package
run: pixi run -e build build-pip
- uses: actions/upload-artifact@v4
if: always()
with:
name: pip
path: dist/
if-no-files-found: error

pip_install:
name: Install PyPI
runs-on: "ubuntu-latest"
needs: [pip_build]
steps:
- uses: actions/checkout@v4
- name: Fetch unshallow
run: git fetch --prune --tags --unshallow -f
- uses: actions/setup-python@v5
with:
python-version: "3.9"
- name: env setup
run: |
python -m pip install --upgrade pip
python -m pip install build
- name: pip build
run: |
python -m build
- name: Publish package to PyPI
if: github.event_name == 'push'
python-version: ${{ env.PYTHON_VERSION }}
- uses: actions/download-artifact@v4
with:
name: pip
path: dist/
- name: Install package
run: python -m pip install dist/*.whl
- name: Import package
run: python -c "import $PACKAGE; print($PACKAGE.__version__)"

pip_publish:
name: Publish PyPI
runs-on: ubuntu-latest
needs: [pip_build, waiting_room]
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
steps:
- uses: actions/download-artifact@v4
with:
name: pip
path: dist/
- name: Publish to PyPI
uses: pypa/gh-action-pypi-publish@release/v1
with:
user: ${{ secrets.PPU }}
password: ${{ secrets.PPP }}
packages_dir: dist/
repository-url: "https://upload.pypi.org/legacy/"
77 changes: 49 additions & 28 deletions .github/workflows/docs.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,50 +2,71 @@ name: docs
on:
push:
tags:
- 'v[0-9]+.[0-9]+.[0-9]+'
- 'v[0-9]+.[0-9]+.[0-9]+a[0-9]+'
- 'v[0-9]+.[0-9]+.[0-9]+b[0-9]+'
- 'v[0-9]+.[0-9]+.[0-9]+rc[0-9]+'
- "v[0-9]+.[0-9]+.[0-9]+"
- "v[0-9]+.[0-9]+.[0-9]+a[0-9]+"
- "v[0-9]+.[0-9]+.[0-9]+b[0-9]+"
- "v[0-9]+.[0-9]+.[0-9]+rc[0-9]+"
workflow_dispatch:
inputs:
target:
description: 'Site to build and deploy'
description: "Site to build and deploy"
type: choice
options:
- dev
- main
- dryrun
- dev
- main
- dryrun
required: true
default: dryrun
schedule:
- cron: '0 13 * * SUN'
- cron: "0 13 * * SUN"

defaults:
run:
shell: bash -e {0}

env:
DISPLAY: ":99.0"

jobs:
build_docs:
name: Documentation
runs-on: 'ubuntu-latest'
pixi_lock:
name: Pixi lock
runs-on: ubuntu-latest
steps:
- uses: holoviz-dev/holoviz_tasks/pixi_lock@v0

docs_build:
name: Build Documentation
needs: [pixi_lock]
runs-on: "ubuntu-latest"
timeout-minutes: 120
defaults:
run:
shell: bash -l {0}
steps:
- uses: actions/checkout@v4
- name: Fetch unshallow
run: git fetch --prune --tags --unshallow -f
- uses: actions/setup-python@v5
- uses: holoviz-dev/holoviz_tasks/pixi_install@v0
with:
environments: docs
- name: Build documentation
run: pixi run -e docs docs-build
- uses: actions/upload-artifact@v4
if: always()
with:
python-version: '3.9'
name: docs
if-no-files-found: error
path: builtdocs
- name: Set output
id: vars
run: echo "tag=${GITHUB_REF#refs/*/}" >> $GITHUB_OUTPUT
- name: graphviz
run: sudo apt install graphviz graphviz-dev
- name: env setup
run: |
python -m pip install --upgrade pip
python -m pip install hatch
- name: build docs
run: hatch -v run docs:build

docs_publish:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is this workflow divided in two jobs?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If the upload fails because of a connection issue, you don't need to build the docs again. However, it is not a big problem in param.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah ok, I've never seen that fail before during a docs build. Do you mind simplifying this workflow into one single job? Let's keep things simple!

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's keep things simple!

I agree, though I think the simplest thing is to align the CI files across projects.

name: Publish Documentation
runs-on: "ubuntu-latest"
needs: [docs_build]
steps:
- uses: actions/download-artifact@v4
with:
name: docs
path: builtdocs/
- name: Set output
id: vars
run: echo "tag=${{ needs.docs_build.outputs.tag }}" >> $GITHUB_OUTPUT
- name: Deploy dev
uses: peaceiris/actions-gh-pages@v4
if: |
Expand Down
25 changes: 25 additions & 0 deletions .github/workflows/nightly_lock.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
name: nightly_lock
on:
workflow_dispatch:
schedule:
- cron: "0 0 * * *"

env:
PACKAGE: "param"

jobs:
pixi_lock:
name: Pixi lock
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
- uses: holoviz-dev/holoviz_tasks/pixi_lock@v0
- name: Upload lock-file to S3
if: '!github.event.pull_request.head.repo.fork'
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: "eu-west-1"
run: |
zip $(date +%Y-%m-%d).zip pixi.lock pixi.toml
aws s3 cp ./$(date +%Y-%m-%d).zip s3://assets.holoviz.org/lock/$PACKAGE/
Loading