Remove deploy key usage and instead use temporary SSH key #652
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build | |
on: | |
# Only run workflow when there is push to main or when there is a pull request to main | |
push: | |
branches: | |
- main | |
pull_request: | |
branches: | |
- main | |
jobs: | |
test: | |
# When running with act (https://github.com/nektos/act), these lines need to be appended with the ACT variable | |
# to force each job to run | |
if: github.repository == 'adobe/buildrunner' #|| ${{ env.ACT }} | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
python-version: | |
- 3.8 | |
- 3.9 | |
- '3.10' | |
- '3.11' | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Set up Python ${{ matrix.python-version }} | |
uses: actions/setup-python@v2 | |
with: | |
python-version: ${{ matrix.python-version }} | |
- name: Install dependencies | |
run: | | |
python -m pip install --upgrade pip | |
pip install -r requirements.txt | |
pip install -r test_requirements.txt | |
- name: Pre-commit checks | |
run: pre-commit run --all-files | |
- name: Test with pytest | |
# Create the ssh key file once for all testing | |
run: | | |
ssh-keygen -t ecdsa -m PEM -N '' -f /tmp/buildrunner-test-id_rsa | |
pytest -v -m "not serial" --numprocesses=auto --junitxml=test-reports/non-serial-test-results.xml | |
pytest -v -m "serial" --junitxml=test-reports/serial-test-results.xml | |
python scripts/combine_xml.py test-reports/serial-test-results.xml test-reports/non-serial-test-results.xml > test-reports/test-result.xml | |
- name: Publish test results | |
uses: EnricoMi/publish-unit-test-result-action/linux@v2 | |
if: always() | |
with: | |
files: test-reports/test-results.xml | |
check_name: "Test Results ${{ matrix.python-version }}" | |
github_retries: 10 | |
secondary_rate_limit_wait_seconds: 60.0 | |
tag-commit: | |
if: github.repository == 'adobe/buildrunner' && github.event_name == 'push' && github.ref == 'refs/heads/main' | |
runs-on: ubuntu-latest | |
needs: test | |
steps: | |
- uses: actions/checkout@v2 | |
with: | |
# Fetch all history instead of the latest commit | |
fetch-depth: 0 | |
- name: Get and set version in env | |
run: echo "CURRENT_VERSION=$( python setup.py --version )" >> $GITHUB_ENV | |
- name: Print current version | |
run: echo CURRENT_VERSION ${{ env.CURRENT_VERSION }} | |
- name: Tag commit | |
run: git tag ${{ env.CURRENT_VERSION }} && git push --tags | |
publish-pypi: | |
if: github.repository == 'adobe/buildrunner' | |
runs-on: ubuntu-latest | |
needs: test | |
steps: | |
- uses: actions/checkout@v2 | |
with: | |
# Fetch all history instead of the latest commit | |
fetch-depth: 0 | |
- name: Set up Python | |
uses: actions/setup-python@v2 | |
with: | |
python-version: 3.8 | |
- name: Remove version file | |
# This is just in case something else created it, destroy it to get a fresh version | |
run: rm -f buildrunner/version.py | |
- name: Install wheel | |
run: pip install wheel build | |
- name: Build | |
run: python -m build | |
- name: Check upload | |
run: pip install twine && twine check dist/* | |
- name: Publish to PyPi | |
uses: pypa/gh-action-pypi-publish@release/v1 | |
# Only publish on pushes to main | |
if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
with: | |
user: __token__ | |
password: ${{ secrets.ADOBE_BOT_PYPI_TOKEN }} | |
publish-docker: | |
if: github.repository == 'adobe/buildrunner' | |
runs-on: ubuntu-latest | |
needs: test | |
steps: | |
- uses: actions/checkout@v2 | |
with: | |
# Fetch all history instead of the latest commit | |
fetch-depth: 0 | |
- name: Get and set version in env | |
run: echo "CURRENT_VERSION=$( python setup.py --version )" >> $GITHUB_ENV | |
- name: Print current version | |
run: echo CURRENT_VERSION ${{ env.CURRENT_VERSION }} | |
- name: Docker Tags | |
id: docker_tags | |
uses: docker/metadata-action@v3 | |
with: | |
images: ghcr.io/adobe/buildrunner | |
tags: | | |
latest | |
${{ env.CURRENT_VERSION }} | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v1 | |
with: | |
platforms: linux/amd64,linux/arm64 | |
# Buildx is used to build multi-platform images | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v1 | |
# Login to the docker registry | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v1 | |
# Only login if this a push to main | |
if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build and Push Image | |
uses: docker/build-push-action@v2 | |
with: | |
context: . | |
# Only push images if this is a push to main | |
push: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }} | |
platforms: linux/amd64,linux/arm64 | |
tags: ${{ steps.docker_tags.outputs.tags }} | |
labels: ${{ steps.docker_tags.outputs.labels }} |