Skip to content

chore: poetry update and nix flake update #337

chore: poetry update and nix flake update

chore: poetry update and nix flake update #337

Workflow file for this run

---
name: CI
# Ensure only one job per branch.
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
on:
push:
branches: [master]
tags: ["*"]
pull_request:
branches: [master]
types: [opened, synchronize]
jobs:
test:
name: Test
runs-on: ubuntu-latest
steps:
- name: Checkout repo
uses: actions/checkout@v4
- name: Set up Nix
uses: ./.github/actions/setup-nix
with:
cachix_auth_token: '${{ secrets.CACHIX_AUTH_TOKEN }}'
- name: Run tests
run: nix develop .#ci --command make test
- name: Upload test report
if: always()
uses: mikepenz/action-junit-report@v4
with:
check_name: Test report
report_paths: '**/.junit.xml'
- name: Upload coverage
uses: paambaati/codeclimate-action@v9.0.0
env:
CC_TEST_REPORTER_ID: ${{ secrets.CC_TEST_REPORTER_ID }}
with:
coverageLocations: |
${{ github.workspace }}/.coverage.xml:cobertura
lint:
name: ${{ matrix.lint.name }}
runs-on: ubuntu-latest
strategy:
matrix:
lint:
- name: Lint style
rule: lint-style
- name: Lint types
rule: lint-types
- name: Lint other metrics
rule: lint-metrics
- name: Scan AST security
rule: scan-sec-ast
- name: Scan dependencies
rule: scan-sec-deps
steps:
- name: Checkout repo
uses: actions/checkout@v4
- name: Set up Nix
uses: ./.github/actions/setup-nix
with:
cachix_auth_token: '${{ secrets.CACHIX_AUTH_TOKEN }}'
- name: ${{ matrix.lint.name }}
run: |
if [ "${{ matrix.lint.rule }}" = "scan-sec-deps" ]; then
nix develop .#ci --command make ${{ matrix.lint.rule }} || (echo "::warning file=scan-sec-deps::Scan dependencies failed with exit code $?.")
else
nix develop .#ci --command make ${{ matrix.lint.rule }}
fi
continue-on-error: ${{ matrix.lint.rule == 'scan-sec-deps' }}
pub-image:
name: Publish Docker image
runs-on: ubuntu-latest
needs: [lint, test]
steps:
- name: Checkout repo
uses: actions/checkout@v4
- name: Set up Nix
uses: ./.github/actions/setup-nix
with:
cachix_auth_token: '${{ secrets.CACHIX_AUTH_TOKEN }}'
- name: Set image tag
run: >
if [ "${{ github.ref_type }}" = "tag" ] && [ -n "${{ github.ref_name }}" ]; then
echo "IMG_TAG=$(echo ${{ github.ref_name }} | sed 's/^v//')" >> ${GITHUB_ENV}
else
echo "IMG_TAG=latest" >> ${GITHUB_ENV}
fi
- name: Update pyproject.toml version with
if: github.ref_type == 'tag' && github.ref_name != ''
run: nix develop --command poetry dynamic-versioning
- name: Capture current commit hash
run: printf "${{ github.sha }}" > .rev && git add .rev
- name: Build and push image to registry
run: >
nix build .#dockerArchiveStreamer
&& ./result
| gzip --fast
| skopeo copy
--dest-creds ${{ github.repository_owner }}:${{ secrets.GITHUB_TOKEN }}
docker-archive:/dev/stdin
docker://ghcr.io/${{ github.repository }}:${IMG_TAG}
pub-docs:
name: Publish documentation
runs-on: ubuntu-latest
needs: [lint, test]
steps:
- name: Checkout repo
uses: actions/checkout@v4
- name: Set up Nix
uses: ./.github/actions/setup-nix
with:
cachix_auth_token: '${{ secrets.CACHIX_AUTH_TOKEN }}'
- name: Push to ReadTheDocs
env:
RTD_BUILD_API_URL: https://readthedocs.org/api/v3/projects/volt/versions/latest/builds/
run: >
nix develop .#ci --command
curl -X POST -H "Authorization: Token ${{ secrets.RTD_TOKEN }}" ${RTD_BUILD_API_URL}