Add buildx builder support to get_ssh_agent_image #604
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build | |
on: | |
- push | |
- pull_request | |
jobs: | |
test: | |
# When running with act (https://github.com/nektos/act), these lines need to be appended with the ACT variable | |
# to force each job to run | |
if: github.repository == 'adobe/buildrunner' #|| ${{ env.ACT }} | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
python-version: | |
- 3.8 | |
- 3.9 | |
- '3.10' | |
- '3.11' | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Set up Python ${{ matrix.python-version }} | |
uses: actions/setup-python@v2 | |
with: | |
python-version: ${{ matrix.python-version }} | |
- name: Install dependencies | |
run: | | |
python -m pip install --upgrade pip | |
pip install -r requirements.txt | |
pip install -r test_requirements.txt | |
- name: Pre-commit checks | |
run: pre-commit run --all-files | |
- name: Write SSH keys | |
env: | |
# These were generated with: | |
# ssh-keygen -t ecdsa -m PEM '' | |
# and then installed as a read-only deploy key on the buildrunner repository | |
# | |
# Since this is a public repository and the key provides the same rights that even anonymous users have, | |
# this key is rather worthless and can be stored safely in code here. This *could* be used as a secret, | |
# but since secrets are not available to forks, we cannot test SSH functionality in PRs which defeats | |
# the purpose somewhat. | |
DEPLOY_SSH_KEY: "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW\nQyNTUxOQAAACBasvUoRzAAdHZ5nFWtDR/5DQU+FWtDYNXD0xPGSdjKtwAAAJiLXobki16G\n5AAAAAtzc2gtZWQyNTUxOQAAACBasvUoRzAAdHZ5nFWtDR/5DQU+FWtDYNXD0xPGSdjKtw\nAAAEBcRwB1PEnUHF5aK6q3JYyuOlT+adQ0mcRrIxsmJiiq1Vqy9ShHMAB0dnmcVa0NH/kN\nBT4Va0Ng1cPTE8ZJ2Mq3AAAAEWJ1aWxkcnVubmVyQGFkb2JlAQIDBA==\n-----END OPENSSH PRIVATE KEY-----" | |
DEPLOY_SSH_KEY_PUB: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFqy9ShHMAB0dnmcVa0NH/kNBT4Va0Ng1cPTE8ZJ2Mq3 buildrunner@adobe" | |
run: | | |
mkdir -p ~/.ssh | |
printf -- "$DEPLOY_SSH_KEY" > ~/.ssh/buildrunner-deploy-id_rsa | |
printf -- "$DEPLOY_SSH_KEY_PUB" > ~/.ssh/buildrunner-deploy-id_rsa.pub | |
chmod 700 ~/.ssh | |
chmod 600 ~/.ssh/buildrunner-deploy-* | |
- name: Test with pytest | |
run: pytest -v --junitxml=test-reports/test-results.xml | |
- name: Publish test results | |
uses: EnricoMi/publish-unit-test-result-action/composite@v1 | |
# exclude this step for 3.6, since it fails due to a breaking change to EnricoMi/publish-unit-test-result-action | |
if: always() && matrix.python-version != '3.6' | |
with: | |
files: test-reports/test-results.xml | |
check_name: "Test Results ${{ matrix.python-version }}" | |
tag-commit: | |
if: github.repository == 'adobe/buildrunner' && github.event_name == 'push' && github.ref == 'refs/heads/main' | |
runs-on: ubuntu-latest | |
needs: test | |
steps: | |
- uses: actions/checkout@v2 | |
with: | |
# Fetch all history instead of the latest commit | |
fetch-depth: 0 | |
- name: Get and set version in env | |
run: echo "CURRENT_VERSION=$( python setup.py --version )" >> $GITHUB_ENV | |
- name: Print current version | |
run: echo CURRENT_VERSION ${{ env.CURRENT_VERSION }} | |
- name: Tag commit | |
run: git tag ${{ env.CURRENT_VERSION }} && git push --tags | |
publish-pypi: | |
if: github.repository == 'adobe/buildrunner' | |
runs-on: ubuntu-latest | |
needs: test | |
steps: | |
- uses: actions/checkout@v2 | |
with: | |
# Fetch all history instead of the latest commit | |
fetch-depth: 0 | |
- name: Set up Python | |
uses: actions/setup-python@v2 | |
with: | |
python-version: 3.8 | |
- name: Remove version file | |
# This is just in case something else created it, destroy it to get a fresh version | |
run: rm -f buildrunner/version.py | |
- name: Install wheel | |
run: pip install wheel build | |
- name: Build | |
run: python -m build | |
- name: Check upload | |
run: pip install twine && twine check dist/* | |
- name: Publish to PyPi | |
uses: pypa/gh-action-pypi-publish@release/v1 | |
# Only publish on pushes to main | |
if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
with: | |
user: __token__ | |
password: ${{ secrets.ADOBE_BOT_PYPI_TOKEN }} | |
publish-docker: | |
if: github.repository == 'adobe/buildrunner' | |
runs-on: ubuntu-latest | |
needs: test | |
steps: | |
- uses: actions/checkout@v2 | |
with: | |
# Fetch all history instead of the latest commit | |
fetch-depth: 0 | |
- name: Get and set version in env | |
run: echo "CURRENT_VERSION=$( python setup.py --version )" >> $GITHUB_ENV | |
- name: Print current version | |
run: echo CURRENT_VERSION ${{ env.CURRENT_VERSION }} | |
- name: Docker Tags | |
id: docker_tags | |
uses: docker/metadata-action@v3 | |
with: | |
images: ghcr.io/adobe/buildrunner | |
tags: | | |
latest | |
${{ env.CURRENT_VERSION }} | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v1 | |
with: | |
platforms: linux/amd64,linux/arm64 | |
# Buildx is used to build multi-platform images | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v1 | |
# Login to the docker registry | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v1 | |
# Only login if this a push to main | |
if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build and Push Image | |
uses: docker/build-push-action@v2 | |
with: | |
context: . | |
# Only push images if this is a push to main | |
push: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }} | |
platforms: linux/amd64,linux/arm64 | |
tags: ${{ steps.docker_tags.outputs.tags }} | |
labels: ${{ steps.docker_tags.outputs.labels }} |