-
Notifications
You must be signed in to change notification settings - Fork 103
238 lines (218 loc) · 7.31 KB
/
ci-cd.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
---
name: CI/CD
on:
merge_group:
push:
branches: [ main ]
tags: [ 'v*' ]
pull_request:
branches: [ main ]
schedule:
- cron: '0 6 * * *' # Daily 6AM UTC build
env:
PYTHON_LATEST: '3.12'
PROJECT_NAME: aiodocker
# For re-actors/checkout-python-sdist
dists-artifact-name: python-package-distributions
jobs:
build:
name: 📦 Build the distribution packages
runs-on: ubuntu-latest
steps:
- name: Checkout project
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: ${{ env.PYTHON_LATEST }}
cache: pip
- name: Install core libraries for build
run: python -Im pip install build
- name: Build artifacts
run: python -Im build
- name: Upload built artifacts for testing
uses: actions/upload-artifact@v4
with:
name: ${{ env.dists-artifact-name }}
path: |
dist/${{ env.PROJECT_NAME }}*.tar.gz
dist/${{ env.PROJECT_NAME }}*.whl
retention-days: 15
lint:
name: Linter
needs:
- build
runs-on: ubuntu-latest
timeout-minutes: 5
outputs:
version: ${{ steps.version.outputs.version }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Download all the dists
uses: actions/download-artifact@v4
with:
name: ${{ env.dists-artifact-name }}
path: dist
- name: Setup Python ${{ env.PYTHON_LATEST }}
uses: actions/setup-python@v5
with:
python-version: ${{ env.PYTHON_LATEST }}
cache: pip
- name: Install dependencies
run: |
python -m pip install --upgrade pip
python -m pip install -e .[ci,dev]
- uses: actions/cache@v4
with:
path: ~/.cache/pre-commit/
key: pre-commit-4|${{ env.pythonLocation }}|${{ hashFiles('.pre-commit-config.yaml') }}
- name: Run linters
run: |
make lint
- name: Run twine checker
run: |
pip install twine
twine check --strict dist/*
test:
name: test
needs:
- build
strategy:
matrix:
python-version: ['3.8', '3.9', '3.10', '3.11', '3.12']
os: [ubuntu]
registry: ['1']
pytest-arg: ['']
include:
- python-version: '3.12'
os: windows
registry: '0'
pytest-arg: '-k test_integration'
runs-on: ${{ matrix.os }}-latest
timeout-minutes: 30
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Python ${{ matrix.python-version }}
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
cache: pip
- name: Install dependencies
run: |
python -m pip install --upgrade pip
python -m pip install -e .[ci,dev]
# NOTE: Unfortunately the gain of image caching is too small,
# and even it increases the latency of Linux jobs. :(
# - name: Cache Docker images
# uses: ScribeMD/docker-cache@0.5.0
# with:
# key: docker-${{ runner.os }}
- name: Prepare Docker images (Linux)
if: ${{ runner.os == 'Linux' }}
run: |
docker pull python:alpine
- name: Prepare Docker images (Windows)
if: ${{ runner.os == 'Windows' }}
# Unfortunately, there is no slim version for Windows.
# This may take more than 10 minutes as the image size is a few gigabytes.
run: |
docker pull python:latest
- name: Start Docker services
if: ${{ matrix.registry == '1' }}
run: |
docker run -d --name ${{ env.PROJECT_NAME }}-test-registry -p 5000:5000 registry:2
docker run -d -p 5001:5001 --name ${{ env.PROJECT_NAME }}-test-registry2 -v `pwd`/tests/certs:/certs -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/certs/htpasswd -e REGISTRY_HTTP_ADDR=0.0.0.0:5001 -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/registry.crt -e REGISTRY_HTTP_TLS_KEY=/certs/registry.key registry:2
- name: Run unittests
env:
COLOR: 'yes'
DOCKER_VERSION: ${{ matrix.docker }}
run: |
python -m pytest -vv --durations=10 ${{ matrix.pytest-arg }}
- name: Rename coverage logs
run: |
mv coverage.xml "coverage-unit-${{ matrix.python-version }}-${{ matrix.os }}-${{ matrix.registry }}.xml"
- name: Upload coverage artifact
uses: actions/upload-artifact@v4
with:
name: coverage-unit-${{ matrix.python-version }}-${{ matrix.os }}-${{ matrix.registry }}
path: coverage-unit-${{ matrix.python-version }}-${{ matrix.os }}-${{ matrix.registry }}.xml
if-no-files-found: error
retention-days: 1
- name: Clean up Docker images produced during tests
run: |
docker image list --filter 'reference=aiodocker-*' --format '{{.Repository}}:{{.Tag}}' | xargs -r docker rmi
check: # This job does nothing and is only used for the branch protection
name: ✅ Ensure the required checks passing
if: always()
needs:
- lint
- test
runs-on: ubuntu-latest
steps:
- name: Decide whether the needed jobs succeeded or failed
uses: re-actors/alls-green@release/v1
with:
jobs: ${{ toJSON(needs) }}
- name: Checkout
uses: actions/checkout@v4
with:
ref: ${{ github.sha }}
- name: Download coverage artifact
uses: actions/download-artifact@v4
with:
pattern: coverage-unit-*
path: coverage
merge-multiple: true
- name: Upload code coverage report
uses: codecov/codecov-action@v4
with:
token: ${{ secrets.CODECOV_TOKEN }}
directory: coverage
publish: # Run only on creating release for new tag
name: 📦 Publish to PyPI
needs:
- check
runs-on: ubuntu-latest
# Run only on pushing a tag
if: github.event_name == 'push' && contains(github.ref, 'refs/tags/')
permissions:
contents: write # IMPORTANT: mandatory for making GitHub Releases
id-token: write # IMPORTANT: mandatory for trusted publishing & sigstore
environment:
name: pypi
url: >-
https://pypi.org/project/${{ env.PROJECT_NAME }}/${{ github.ref_name }}
steps:
- name: Download all the dists
uses: actions/download-artifact@v4
with:
name: ${{ env.dists-artifact-name }}
path: dist
- name: Release
uses: aio-libs/create-release@v1.6.6
with:
changes_file: CHANGES.rst
name: ${{ env.PROJECT_NAME }}
github_token: ${{ secrets.GITHUB_TOKEN }}
head_line: "{version}\\s+\\({date}\\)\n====+\n?"
- name: >-
Publish 🐍📦 to PyPI
uses: pypa/gh-action-pypi-publish@release/v1
- name: Sign the dists with Sigstore
uses: sigstore/gh-action-sigstore-python@v2.1.1
with:
inputs: >-
./dist/${{ env.PROJECT_NAME }}*.tar.gz
./dist/${{ env.PROJECT_NAME }}*.whl
- name: Upload artifact signatures to GitHub Release
# Confusingly, this action also supports updating releases, not
# just creating them. This is what we want here, since we've manually
# created the release above.
uses: softprops/action-gh-release@v2
with:
# dist/ contains the built packages, which smoketest-artifacts/
# contains the signatures and certificates.
files: dist/**
...