Skip to content

add new config,dry-run and enforce profiles #191

add new config,dry-run and enforce profiles

add new config,dry-run and enforce profiles #191

name: CI/CD
on:
push:
branches:
- main
- '*\@[0-9]+.[0-9]+.[0-9]+*' # package development branch
jobs:
build:
if: ${{ !contains(github.event.head_commit.message, '[no ci]') }}
runs-on: ubuntu-latest
outputs:
branch: ${{ steps.get_pkg_info.outputs.branch }}
pkg_name: ${{ steps.get_pkg_info.outputs.pkg_name }}
pkg_ver: ${{ steps.get_pkg_info.outputs.pkg_ver }}
docker_file: ${{ steps.get_pkg_info.outputs.docker_file }}
repo_lowercase: ${{ steps.repo_lowercase.outputs.lowercase }}
steps:
- uses: actions/checkout@v2
- name: Set up Python 3.10
uses: actions/setup-python@v3
with:
python-version: "3.10"
architecture: "x64"
env:
AGENT_TOOLSDIRECTORY: /opt/hostedtoolcache
- name: Extract package name and version from branch name
id: get_pkg_info
shell: bash
run: |
echo "::set-output name=branch::$(echo ${GITHUB_REF#refs/heads/})"
PKG_NAME=$(echo ${GITHUB_REF#refs/heads/} | awk -F'@' '{print $1}')
PKG_VER=$(echo ${GITHUB_REF#refs/heads/} | awk -F'@' '{print $2}')
echo "::set-output name=pkg_name::$(echo $PKG_NAME)"
echo "::set-output name=pkg_ver::$(echo $PKG_VER)"
if [[ -f "./$PKG_NAME/Dockerfile" ]]; then
echo "::set-output name=docker_file::$(echo ./$PKG_NAME/Dockerfile)"
else
echo "::set-output name=docker_file::"
fi
- name: Login to GitHub Container Registry
if: ${{ steps.get_pkg_info.outputs.branch != 'main' && steps.get_pkg_info.outputs.docker_file != ''}}
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.CR_PAT }}
- id: repo_lowercase
uses: ASzc/change-string-case-action@v1
with:
string: ${{ github.repository }}
- name: Build image
if: ${{ steps.get_pkg_info.outputs.branch != 'main' && steps.get_pkg_info.outputs.docker_file != ''}}
uses: docker/build-push-action@v2
with:
context: "./${{steps.get_pkg_info.outputs.pkg_name}}"
file: "${{steps.get_pkg_info.outputs.docker_file}}"
platforms: linux/amd64
load: true
tags: |
ghcr.io/${{ steps.repo_lowercase.outputs.lowercase }}.${{ steps.get_pkg_info.outputs.pkg_name }}:${{ steps.get_pkg_info.outputs.pkg_ver }}
- name: Push image to ghcr.io
id: push_to_ghcr
if: ${{ steps.get_pkg_info.outputs.branch != 'main' && steps.get_pkg_info.outputs.docker_file != ''}}
shell: bash
run: |
docker push ghcr.io/${{ steps.repo_lowercase.outputs.lowercase }}.${{ steps.get_pkg_info.outputs.pkg_name }}:${{ steps.get_pkg_info.outputs.pkg_ver }} | tee ./ghcr.io.stdout
IMAGE_SHA=$(cat ./ghcr.io.stdout | tr ' ' '\n' | grep 'sha256:' | awk -F':' '{print $2}')
echo "::set-output name=image_sha256::$(echo ${IMAGE_SHA})"
echo "::set-output name=created_at::$(date -u +%FT%TZ)"
test-and-release:
runs-on: ubuntu-latest
needs: [build]
steps:
- uses: actions/checkout@v2
- name: Set up Python 3.10
uses: actions/setup-python@v3
with:
python-version: "3.10"
architecture: "x64"
env:
AGENT_TOOLSDIRECTORY: /opt/hostedtoolcache
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install wfpm
if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
if [ -f requirements-test.txt ]; then pip install -r requirements-test.txt; fi
if [ -f requirements-dev.txt ]; then pip install -r requirements-dev.txt; fi
- name: Install Nextflow
run: |
wget --tries=10 -qO- https://get.nextflow.io | bash
sudo chmod 755 nextflow
sudo mv nextflow /usr/local/bin/
- name: "Login to GitHub Container Registry" # normally shouldn't need to login, but new image when just created is private
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.CR_PAT }}
- name: Run tests for all packages
if: ${{ needs.build.outputs.branch == 'main' }}
run: |
wfpm test
- name: Run tests for the current package only
if: ${{ needs.build.outputs.branch != 'main' }}
run: |
cd ./${{needs.build.outputs.pkg_name}}
wfpm test
- name: Check whether to proceed with release
id: to_release
run: |
if [[ \
"${{ github.event.head_commit.message }}" = "Merge"[[:space:]]"pull"[[:space:]]"request"* && \
"${{ github.event.head_commit.message }}" = *"@"* && \
"${{ github.event.head_commit.message }}" = *"[release]"* && \
"${{ needs.build.outputs.branch }}" = 'main'
]]; then
echo "::set-output name=release::$(echo Y)"
else
echo "::set-output name=release::$(echo N)"
fi
- name: Extract package name and version from commit message
if: ${{ steps.to_release.outputs.release == 'Y' }}
id: get_pkg_info
shell: bash
run: |
MERGED_BR=$(echo -e '${{ github.event.head_commit.message }}' | \
{ grep '^Merge pull request'||:; } | tr ' ' '\n' |{ grep '@'||:; } | awk -F'/' '{print $2}')
PKG_NAME=$(echo $MERGED_BR | awk -F'@' '{print $1}')
PKG_VER=$(echo $MERGED_BR | awk -F'@' '{print $2}')
echo "::set-output name=pkg_name::$(echo ${PKG_NAME})"
echo "::set-output name=pkg_ver::$(echo ${PKG_VER})"
if [[ -f "./$PKG_NAME/Dockerfile" ]]; then
echo "::set-output name=docker_file::$(echo ./$PKG_NAME/Dockerfile)"
echo "::set-output name=docker_image::$(echo ghcr.io/${{ needs.build.outputs.repo_lowercase }}.$PKG_NAME:$PKG_VER)"
else
echo "::set-output name=docker_file::"
echo "::set-output name=docker_image::"
fi
- name: Prepare package release tarball
id: prep_assets
if: ${{ steps.to_release.outputs.release == 'Y' }}
shell: bash
run: |
./scripts/cleanup_temp_files.sh # just in case
PKG_TAR=${{ steps.get_pkg_info.outputs.pkg_name }}.v${{ steps.get_pkg_info.outputs.pkg_ver }}.tar.gz
pushd ${{ steps.get_pkg_info.outputs.pkg_name }}
tar --exclude=wfpr_modules --dereference -czvf ../$PKG_TAR .
popd
echo "::set-output name=pkg_tar::$(echo ${PKG_TAR})"
echo "::set-output name=pkg_tar_sha::$(sha256sum ${PKG_TAR} |awk '{print $1}')"
echo "::set-output name=pkg_tar_size::$(ls -l ${PKG_TAR} |awk '{print $5}')"
echo "::set-output name=created_at::$(date -u +%FT%TZ)"
- name: Create release
id: create_release
if: ${{ steps.to_release.outputs.release == 'Y' }}
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ steps.get_pkg_info.outputs.pkg_name }}.v${{ steps.get_pkg_info.outputs.pkg_ver }}
release_name: ${{ steps.get_pkg_info.outputs.pkg_name }}.v${{ steps.get_pkg_info.outputs.pkg_ver }}
body: |
* Release `${{ steps.get_pkg_info.outputs.pkg_name }}.v${{ steps.get_pkg_info.outputs.pkg_ver }}` (${{ github.sha }})
* Package `${{ steps.prep_assets.outputs.pkg_tar }}` (sha256: `${{ steps.prep_assets.outputs.pkg_tar_sha }}`)
* Package URI `github.com/${{ needs.build.outputs.repo_lowercase }}/${{ steps.get_pkg_info.outputs.pkg_name }}@${{ steps.get_pkg_info.outputs.pkg_ver }}`
* Run the package: `nextflow run ${{ needs.build.outputs.repo_lowercase }}/${{ steps.get_pkg_info.outputs.pkg_name }}/main.nf -r ${{ steps.get_pkg_info.outputs.pkg_name }}.v${{ steps.get_pkg_info.outputs.pkg_ver }} -params-file <params-json-file>`
draft: false
prerelease: false
- name: Prepare in pkg-release.json
if: ${{ steps.to_release.outputs.release == 'Y' }}
shell: bash
run: |
WFPM_VER=$(wfpm -v | cut -d ' ' -f 2)
if [[ '${{ steps.get_pkg_info.outputs.docker_file }}' != '' ]]; then
docker pull ${{ steps.get_pkg_info.outputs.docker_image }} | tee image.info
IMAGE_SHA=$(cat ./image.info | tr ' ' '\n' | grep 'sha256:' | awk -F':' '{print $2}')
else
IMAGE_SHA=$(echo)
fi
# temporary solution
TAG="${{ steps.get_pkg_info.outputs.pkg_name }}.v${{ steps.get_pkg_info.outputs.pkg_ver }}"
./scripts/prepare_package_release_json.py -p ${{ steps.get_pkg_info.outputs.pkg_name }}/pkg.json -d \
"
{
\"_release\": {
\"created\": \"${{ steps.prep_assets.outputs.created_at }}\",
\"hash\": {
\"checksum_type\": \"sha1\",
\"checksume\": \"${{ github.sha }}\"
},
\"tag\": \"$TAG\",
\"assets\": [
{
\"filename\": \"$TAG.tar.gz\",
\"download_url\": \"https://github.com/${{ github.repository }}/releases/download/$TAG/$TAG.tar.gz\",
\"checksum\": \"${{ steps.prep_assets.outputs.pkg_tar_sha }}\",
\"checksum_type\": \"sha256\",
\"size\": ${{ steps.prep_assets.outputs.pkg_tar_size }}
},
{
\"_NOTE_\": \"this file\",
\"filename\": \"pkg-release.json\",
\"download_url\": \"https://github.com/${{ github.repository }}/releases/download/$TAG/pkg-release.json\",
\"checksum\": null,
\"checksum_type\": null,
\"size\": null
}
]
},
\"_image_digest\": {
\"checksum\": \"$IMAGE_SHA\",
\"checksum_type\": \"sha256\"
},
\"_wfpm_ver\": \"$WFPM_VER\"
}
" > pkg-release.json
- name: Upload package release tarball
if: ${{ steps.to_release.outputs.release == 'Y' }}
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: ./${{ steps.prep_assets.outputs.pkg_tar }}
asset_name: ${{ steps.prep_assets.outputs.pkg_tar }}
asset_content_type: application/zip
- name: Upload package release json
if: ${{ steps.to_release.outputs.release == 'Y' }}
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: ./pkg-release.json
asset_name: pkg-release.json
asset_content_type: application/json