forked from adobe/buildrunner
-
Notifications
You must be signed in to change notification settings - Fork 0
151 lines (150 loc) · 6.09 KB
/
build.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
name: Build
on:
- push
- pull_request
jobs:
test:
# When running with act (https://github.com/nektos/act), these lines need to be appended with the ACT variable
# to force each job to run
if: github.repository == 'shanejbrown/buildrunner' #|| ${{ env.ACT }}
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
python-version:
- 3.8
- 3.9
- '3.10'
- '3.11'
steps:
- uses: actions/checkout@v2
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v2
with:
python-version: ${{ matrix.python-version }}
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements.txt
pip install -r test_requirements.txt
- name: Lint with pylint
run: pylint buildrunner
- name: Check code style with pycodestyle
run: pycodestyle buildrunner
- name: Write SSH keys
env:
# These were generated with:
# ssh-keygen -t ecdsa -m PEM ''
# and then installed as a read-only deploy key on the buildrunner repository
#
# Since this is a public repository and the key provides the same rights that even anonymous users have,
# this key is rather worthless and can be stored safely in code here. This *could* be used as a secret,
# but since secrets are not available to forks, we cannot test SSH functionality in PRs which defeats
# the purpose somewhat.
DEPLOY_SSH_KEY: "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW\nQyNTUxOQAAACBasvUoRzAAdHZ5nFWtDR/5DQU+FWtDYNXD0xPGSdjKtwAAAJiLXobki16G\n5AAAAAtzc2gtZWQyNTUxOQAAACBasvUoRzAAdHZ5nFWtDR/5DQU+FWtDYNXD0xPGSdjKtw\nAAAEBcRwB1PEnUHF5aK6q3JYyuOlT+adQ0mcRrIxsmJiiq1Vqy9ShHMAB0dnmcVa0NH/kN\nBT4Va0Ng1cPTE8ZJ2Mq3AAAAEWJ1aWxkcnVubmVyQGFkb2JlAQIDBA==\n-----END OPENSSH PRIVATE KEY-----"
DEPLOY_SSH_KEY_PUB: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFqy9ShHMAB0dnmcVa0NH/kNBT4Va0Ng1cPTE8ZJ2Mq3 buildrunner@adobe"
run: |
mkdir -p ~/.ssh
printf -- "$DEPLOY_SSH_KEY" > ~/.ssh/buildrunner-deploy-id_rsa
printf -- "$DEPLOY_SSH_KEY_PUB" > ~/.ssh/buildrunner-deploy-id_rsa.pub
chmod 700 ~/.ssh
chmod 600 ~/.ssh/buildrunner-deploy-*
# - name: Test with pytest
# run: pytest -v --junitxml=test-reports/test-results.xml
# - name: Publish test results
# uses: EnricoMi/publish-unit-test-result-action/composite@v1
# # exclude this step for 3.6, since it fails due to a breaking change to EnricoMi/publish-unit-test-result-action
# if: always() && matrix.python-version != '3.6'
# with:
# files: test-reports/test-results.xml
# check_name: "Test Results ${{ matrix.python-version }}"
tag-commit:
if: github.repository == 'shanejbrown/buildrunner' && github.event_name == 'push' && github.ref == 'refs/heads/version-test'
runs-on: ubuntu-latest
needs: test
steps:
- uses: actions/checkout@v2
with:
# Fetch only the latest commit
fetch-depth: 1
- name: Get and set version in env
run: echo "CURRENT_VERSION=$( python setup.py --version )" >> $GITHUB_ENV
- name: Print current version
run: echo CURRENT_VERSION ${{ env.CURRENT_VERSION }}
- name: Tag commit
run: git tag -f latest && git tag -f ${{ env.CURRENT_VERSION }} && git push --tags
# publish-pypi:
# if: github.repository == 'shanejbrown/buildrunner'
# runs-on: ubuntu-latest
# needs: test
# steps:
# - uses: actions/checkout@v2
# with:
# # Fetch all history instead of the latest commit
# fetch-depth: 0
# - name: Set up Python
# uses: actions/setup-python@v2
# with:
# python-version: 3.8
# - name: Remove version file
# # This is just in case something else created it, destroy it to get a fresh version
# run: rm -f buildrunner/version.py
# - name: Install wheel
# run: pip install wheel build
# - name: Build
# run: python -m build
# - name: Check upload
# run: pip install twine && twine check dist/*
# - name: Publish to PyPi
# uses: pypa/gh-action-pypi-publish@release/v1
# # Only publish on pushes to main
# if: github.event_name == 'push' && github.ref == 'refs/heads/version-test'
# with:
# user: __token__
# password: ${{ secrets.ADOBE_BOT_PYPI_TOKEN }}
publish-docker:
if: github.repository == 'shanejbrown/buildrunner'
runs-on: ubuntu-latest
needs: test
steps:
- uses: actions/checkout@v2
with:
# Fetch all history instead of the latest commit
fetch-depth: 0
- name: Get and set version in env
run: echo "CURRENT_VERSION=$( python setup.py --version )" >> $GITHUB_ENV
- name: Print current version
run: echo CURRENT_VERSION ${{ env.CURRENT_VERSION }}
- name: Docker Tags
id: docker_tags
uses: docker/metadata-action@v3
with:
images: ghcr.io/shanejbrown/buildrunner
tags: |
latest
${{ env.CURRENT_VERSION }}
- name: Set up QEMU
uses: docker/setup-qemu-action@v1
with:
platforms: linux/amd64,linux/arm64
# Buildx is used to build multi-platform images
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
# Login to the docker registry
- name: Login to GitHub Container Registry
uses: docker/login-action@v1
# Only login if this a push to main
if: github.event_name == 'push' && github.ref == 'refs/heads/version-test'
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and Push Image
uses: docker/build-push-action@v2
with:
context: .
# Only push images if this is a push to main
push: ${{ github.event_name == 'push' && github.ref == 'refs/heads/version-test' }}
platforms: linux/amd64,linux/arm64
tags: ${{ steps.docker_tags.outputs.tags }}
labels: ${{ steps.docker_tags.outputs.labels }}