Skip to content

Code CI

Code CI #787

Workflow file for this run

name: Code CI
on:
push:
pull_request:
schedule:
# Run weekly to check latest versions of dependencies
- cron: "0 8 * * WED"
env:
# The target python version, which must match the Dockerfile version
CONTAINER_PYTHON: "3.11"
jobs:
lint:
# pull requests are a duplicate of a branch push if within the same repo.
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.repository
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install python packages
uses: ./.github/actions/install_requirements
with:
python_version: "3.9"
requirements_file: requirements-dev-3.x.txt
install_options: -e .[dev]
- name: Lint
run: tox -e pre-commit,mypy
test_core:
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.repository
strategy:
fail-fast: false
matrix:
os: ["ubuntu-latest"] # can add windows-latest, macos-latest
python: ["3.9", "3.10", "3.11"]
install_options: ["-e .[dev]"]
marker: ["core"]
# Make one version be non-editable to test both paths of version code
include:
- os: "ubuntu-latest"
python: "3.9"
install_options: ".[dev]"
marker: "core"
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: ./.github/actions/do_tests
with:
install_options: ${{ matrix.install_options }}
marker: ${{ matrix.marker }}
python: ${{ matrix.python }}
test_compat:
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.repository
strategy:
fail-fast: false
matrix:
os: ["ubuntu-latest"] # can add windows-latest, macos-latest
python: ["3.9", "3.10", "3.11"]
install_options: ["-e .[dev]"]
marker: ["numcertain", "pint"]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: ./.github/actions/do_tests
with:
install_options: ${{ matrix.install_options }}
marker: ${{ matrix.marker }}
python: ${{ matrix.python }}
push_badges:
needs: ["test_core", "test_compat"]
if: always() && github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.repository
runs-on: "ubuntu-latest"
permissions:
contents: write
steps:
- name: Checkout workflow branch
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Get branch name
id: branch-name
uses: ./.github/actions/get_branch
- name: Checkout badges branch
uses: actions/checkout@v4
with:
ref: gh-badges
- name: Download badges
uses: actions/download-artifact@v4
with:
name: badges-${{ steps.branch-name.outputs.sanitized_name }}
path: ${{ steps.branch-name.outputs.sanitized_name }}
- name: Create badge commit
shell: bash
run: |
git config --local user.email "github-actions[bot]@users.noreply.github.com"
git config --local user.name "github-actions[bot]"
git add ${{ steps.branch-name.outputs.sanitized_name }}/*.svg
git commit -m "Add/Update badges" || true
- name: Push badge commit
uses: ad-m/github-push-action@master
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
branch: gh-badges
dist:
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.repository
runs-on: "ubuntu-latest"
steps:
- name: Checkout
uses: actions/checkout@v4
with:
# Need this to get version number from last tag
fetch-depth: 0
- name: Build sdist and wheel
run: |
export SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct) && \
pipx run build
- name: Upload sdist and wheel as artifacts
uses: actions/upload-artifact@v4
with:
name: dist
path: dist
- name: Check for packaging errors
run: pipx run twine check --strict dist/*
- name: Install python packages
uses: ./.github/actions/install_requirements
with:
python_version: ${{env.CONTAINER_PYTHON}}
requirements_file: requirements.txt
install_options: dist/*.whl
- name: Test module --version works using the installed wheel
# If more than one module in src/ replace with module name to test
run: python -m $(ls src | head -1) --version
container:
needs: [lint, dist, test_core]
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Checkout
uses: actions/checkout@v4
# image names must be all lower case
- name: Generate image repo name
run: echo IMAGE_REPOSITORY=ghcr.io/$(tr '[:upper:]' '[:lower:]' <<< "${{ github.repository }}") >> $GITHUB_ENV
- name: Download wheel and lockfiles
uses: actions/download-artifact@v4
with:
path: .devcontainer
- name: Log in to GitHub Docker Registry
if: github.event_name != 'pull_request'
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.IMAGE_REPOSITORY }}
tags: |
type=ref,event=tag
type=raw,value=latest
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v3
- name: Build runtime image
uses: docker/build-push-action@v5
with:
build-args: |
PIP_OPTIONS=-r lockfiles/requirements.txt dist/*.whl
push: ${{ github.event_name == 'push' && startsWith(github.ref, 'refs/tags') }}
load: ${{ ! (github.event_name == 'push' && startsWith(github.ref, 'refs/tags')) }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
context: .devcontainer
# If you have a long docker build, uncomment the following to turn on caching
# For short build times this makes it a little slower
#cache-from: type=gha
#cache-to: type=gha,mode=max
release:
# upload to PyPI and make a release on every tag
needs: [lint, dist, test_core]
if: ${{ github.event_name == 'push' && startsWith(github.ref, 'refs/tags') }}
runs-on: ubuntu-latest
steps:
- uses: actions/download-artifact@v4
- name: Fixup blank lockfiles
# Github release artifacts can't be blank
run: for f in lockfiles/*; do [ -s $f ] || echo '# No requirements' >> $f; done
- name: Github Release
# We pin to the SHA, not the tag, for security reasons.
# https://docs.github.com/en/actions/learn-github-actions/security-hardening-for-github-actions#using-third-party-actions
uses: softprops/action-gh-release@3198ee18f814cdf787321b4a32a26ddbf37acc52 # v2.0.2
with:
prerelease: ${{ contains(github.ref_name, 'a') || contains(github.ref_name, 'b') || contains(github.ref_name, 'rc') }}
files: |
dist/*
lockfiles/*
generate_release_notes: true
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Publish to PyPI
uses: pypa/gh-action-pypi-publish@release/v1
with:
password: ${{ secrets.PYPI_TOKEN }}