Merge pull request #165 from felddy/enhancement/refactor

Refactor and add local use and tests of workflows
felddy · Jan 18, 2024 · 960ca10 · 960ca10
2 parents 5930f0b + bdedb03
commit 960ca10
Show file tree

Hide file tree

Showing 18 changed files with 486 additions and 29 deletions.
diff --git a/.bandit.yml b/.bandit.yml
@@ -10,4 +10,4 @@ tests:
 # - B102
 
 skips:
-# - B101 # skip "assert used" check since assertions are required in pytests
+  - B101  # skip "assert used" check since assertions are required in pytests
diff --git a/.github/workflows/_build.yml b/.github/workflows/_build.yml
@@ -19,12 +19,135 @@ permissions:
   contents: read
 
 jobs:
+  diagnostics:
+    name: "Diagnostics"
+    uses: ./.github/workflows/diagnostics.yml
+
   config:
     name: "Config"
     uses: ./.github/workflows/_config.yml
 
+  metadata:
+    name: "Metadata"
+    needs: [config]
+    uses: ./.github/workflows/docker-metadata.yml
+    with:
+      image_name: ${{ needs.config.outputs.image_name }}
+
   lint:
     name: "Lint"
+    uses: ./.github/workflows/common-lint.yml
+
+  build-image-for-testing:
+    name: "Build image for testing"
     needs:
       - config
-    uses: ./.github/workflows/common-lint.yml
+      - lint
+      - metadata
+    uses: ./.github/workflows/docker-build-image.yml
+    with:
+      artifact_name: ${{ needs.config.outputs.image_archive_artifact_name }}
+      cache_from_scopes: ${{ needs.config.outputs.test_platform }}
+      cache_to_scope: ${{ needs.config.outputs.test_platform }}
+      image_archive_name_stem: ${{ needs.config.outputs.test_platform }}
+      image_labels: ${{ needs.metadata.outputs.image_labels }}
+      platforms: ${{ needs.config.outputs.test_platform }}
+
+  test-image:
+    name: "Test image"
+    needs:
+      - build-image-for-testing
+      - config
+    uses: ./.github/workflows/docker-pytest-image.yml
+    with:
+      data_artifact_name: ${{ needs.config.outputs.data_artifact_name }}
+      image_artifact_name: ${{ needs.config.outputs.image_archive_artifact_name }}
+      image_archive_name: ${{ needs.build-image-for-testing.outputs.image_archive_name }}
+
+  build-each-platform:
+    name: "Build platform"
+    needs:
+      - config
+      - lint
+      - metadata
+      - test-image
+    if: github.event_name != 'pull_request'
+    strategy:
+      matrix:
+        platform: ${{ fromJson(needs.config.outputs.platforms_json) }}
+        exclude:
+          - platform: ${{ needs.config.outputs.test_platform }}
+    uses: ./.github/workflows/docker-build-image.yml
+    with:
+      artifact_name: ${{ needs.config.outputs.image_archive_artifact_name }}
+      cache_from_scopes: ${{ matrix.platform }}
+      cache_to_scope: ${{ matrix.platform }}
+      image_labels: ${{ needs.metadata.outputs.image_labels }}
+      image_archive_name_stem: ${{ matrix.platform }}
+      platforms: ${{ matrix.platform }}
+
+  generate-sboms:
+    name: "Bill of Materials"
+    needs:
+      - build-each-platform
+      - config
+    permissions:
+      contents: write
+    uses: ./.github/workflows/sbom-artifact.yml
+    with:
+      image_artifact_name: ${{ needs.config.outputs.image_archive_artifact_name }}
+
+  docker-secrets:
+    name: "Docker secrets"
+    runs-on: ubuntu-latest
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895  # tag=v2.6.1
+        with:
+          egress-policy: block
+
+      - name: Check docker.com credentials
+        run: |
+          return_code=0
+          if [ -z "${{ secrets.DOCKER_USERNAME }}" ]; then
+            echo "::warning::Set the DOCKER_USERNAME secret."
+            return_code=1
+          fi
+          if [ -z "${{ secrets.DOCKER_PASSWORD }}" ]; then
+            echo "::warning::Set the DOCKER_PASSWORD secret."
+            return_code=1
+          fi
+          exit $return_code
+
+  build-multi-arch-image:
+    name: "Publish image"
+    needs:
+      - build-each-platform
+      - config
+      - docker-secrets
+      - metadata
+    if: github.event_name != 'pull_request'
+    permissions:
+      packages: write
+    uses: ./.github/workflows/docker-multi-arch-push.yml
+    with:
+      artifact_name: ${{ needs.config.outputs.image_archive_artifact_name }}
+      image_tags: ${{ needs.metadata.outputs.image_tags }}
+    secrets:
+      docker_password: ${{ secrets.DOCKER_PASSWORD }}
+      docker_username: ${{ secrets.DOCKER_USERNAME }}
+
+  publish-readme:
+    name: "Publish docs"
+    needs:
+      - build-multi-arch-image
+      - config
+      - docker-secrets
+      - metadata
+    if: needs.metadata.outputs.latest == 'true'
+    uses: ./.github/workflows/docker-publish-description.yml
+    with:
+      image_name: ${{ needs.config.outputs.image_name }}
+    secrets:
+      docker_password: ${{ secrets.DOCKER_PASSWORD }}
+      docker_username: ${{ secrets.DOCKER_USERNAME }}
diff --git a/.github/workflows/_config.yml b/.github/workflows/_config.yml
@@ -3,27 +3,35 @@ name: "Config"
 
 on:
   workflow_call:
+    inputs:
+      platforms:
+        description: "The platforms to build (CSV)"
+        default: linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/ppc64le,linux/s390x
+        required: false
+        type: string
+    outputs:
+      data_artifact_name:
+        description: "The name of the test data artifact"
+        value: test-output
+      image_archive_artifact_name:
+        description: "The name of the image archives artifact"
+        value: image-archives
+      image_name:
+        description: "The Docker image name"
+        value: felddy/reusable-workflow
+      platforms_csv:
+        description: "The platforms to build (CSV)"
+        value: ${{ inputs.platforms }}
+      platforms_json:
+        description: "The platforms to build (JSON)"
+        value: ${{ jobs.csv-to-json.outputs.json }}
+      test_platform:
+        description: "The platform to use for testing"
+        value: linux/amd64
 
 jobs:
-  diagnostics:
-    name: "Diagnostics"
-    runs-on: ubuntu-latest
-    steps:
-      - name: Harden Runner
-        uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895  # tag=v2.6.1
-        with:
-          egress-policy: block
-          allowed-endpoints: >
-            azure.archive.ubuntu.com:443
-            azure.archive.ubuntu.com:80
-            packages.microsoft.com:443
-            www.githubstatus.com:443
-
-      - name: Check GitHub Status
-        uses: crazy-max/ghaction-github-status@df4d23a4977438215339cf0fafceda8d9af8a0e5  # tag=v4.0.0
-        with:
-          overall_threshold: major
-          packages_threshold: major_outage
-
-      - name: Dump context
-        uses: crazy-max/ghaction-dump-context@8b55fa205ab4530d36f787a4de1009afaaa7f3b4  # tag=v2.1.0
+  csv-to-json:
+    name: "Convert CSV to JSON"
+    uses: ./.github/workflows/csv-to-json.yml
+    with:
+      csv: ${{ inputs.platforms }}
diff --git a/.github/workflows/csv-to-json.yml b/.github/workflows/csv-to-json.yml
@@ -0,0 +1,34 @@
+---
+name: "CSV to JSON"
+
+# This workflow converts a comma-separated list of platforms to a JSON array.
+
+on:
+  workflow_call:
+    inputs:
+      csv:
+        description: "Comma-separated list"
+        required: true
+        type: string
+    outputs:
+      json:
+        description: "JSON array"
+        value: ${{ jobs.convert.outputs.json }}
+
+jobs:
+  convert:
+    name: "Convert platforms CSV to JSON"
+    runs-on: ubuntu-latest
+    outputs:
+      json: ${{ steps.csv-to-json.outputs.json }}
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895  # tag=v2.6.1
+        with:
+          egress-policy: block
+          allowed-endpoints: >
+
+      - name: Convert CSV to JSON
+        id: csv-to-json
+        run: |
+          echo "json=$(echo -n ${{ inputs.csv }} | jq --raw-input --compact-output 'split(",")')" >> $GITHUB_OUTPUT
diff --git a/.github/workflows/diagnostics.yml b/.github/workflows/diagnostics.yml
@@ -0,0 +1,34 @@
+---
+name: "Diagnostics"
+
+# This workflow outputs diagnostic information about the runner and the environment
+
+on:
+  workflow_call:
+
+permissions:
+  contents: read
+
+jobs:
+  diagnostics:
+    name: "Diagnostics"
+    runs-on: ubuntu-latest
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895  # tag=v2.6.1
+        with:
+          egress-policy: block
+          allowed-endpoints: >
+            azure.archive.ubuntu.com:443
+            azure.archive.ubuntu.com:80
+            packages.microsoft.com:443
+            www.githubstatus.com:443
+
+      - name: Check GitHub Status
+        uses: crazy-max/ghaction-github-status@df4d23a4977438215339cf0fafceda8d9af8a0e5  # tag=v4.0.0
+        with:
+          overall_threshold: major
+          packages_threshold: major_outage
+
+      - name: Dump context
+        uses: crazy-max/ghaction-dump-context@8b55fa205ab4530d36f787a4de1009afaaa7f3b4  # tag=v2.1.0
diff --git a/.github/workflows/docker-pytest-image.yml b/.github/workflows/docker-pytest-image.yml
@@ -149,8 +149,9 @@ jobs:
           # Tag the image with the a test tag
           docker tag "${image_id}" "${{ env.TEST_IMAGE_TAG }}"
 
-      - name: Set data directory permissions
+      - name: Ensure data directory exists
         run: |
+          mkdir -p ${{ inputs.data_artifact_path }}
           chmod a+rwx ${{ inputs.data_artifact_path }}
 
       - name: Run tests

diff --git a/.gitignore b/.gitignore
@@ -5,4 +5,7 @@
 ## Python ##
 __pycache__
 .mypy_cache
+.pytest_cache
 .python-version
+*.egg-info
+venv
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,32 @@
+# Stage 1: Set up the cross-compilation environment
+FROM --platform=$BUILDPLATFORM tonistiigi/xx:latest AS xx
+
+# Base image for the build
+FROM --platform=$BUILDPLATFORM debian:bookworm AS build
+
+# Copy the xx scripts for setting up the cross-compilation environment
+COPY --from=xx / /
+
+# Install build dependencies
+RUN apt-get update && apt-get install -y \
+    clang
+
+# Set up the working directory
+WORKDIR /workspace
+
+# Copy the C source file into the image
+COPY src/arch_info.c .
+
+# Compile the program for the target platform
+ARG TARGETPLATFORM
+RUN xx-apt install -y libc6-dev gcc
+RUN xx-clang --static -o arch_info arch_info.c
+
+# Stage 2: Create the final minimal output image
+FROM scratch
+
+# Copy the compiled binary from the build stage
+COPY --from=build /workspace/arch_info /
+
+# Set the entry point to the compiled binary
+ENTRYPOINT ["/arch_info"]
diff --git a/pytest.ini b/pytest.ini
@@ -0,0 +1,8 @@
+[pytest]
+addopts = --capture=no --color=yes --runslow --verbose -rA
+
+log_cli = true
+log_cli_level = INFO
+
+markers =
+    slow: marks tests as slow (deselect with '-m "not slow"')
diff --git a/requirements-dev.txt b/requirements-dev.txt
@@ -1,2 +1,3 @@
 --requirement requirements-test.txt
 ipython
+semver
diff --git a/requirements-test.txt b/requirements-test.txt
@@ -1,2 +1 @@
---requirement requirements.txt
-pre-commit
+-e .[test]
diff --git a/requirements.txt b/requirements.txt
@@ -1,2 +1 @@
-setuptools
-wheel
+-e .