Code CI #803
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Code CI | |
on: | |
push: | |
pull_request: | |
schedule: | |
# Run weekly to check latest versions of dependencies | |
- cron: "0 8 * * WED" | |
env: | |
# The target python version, which must match the Dockerfile version | |
CONTAINER_PYTHON: "3.11" | |
jobs: | |
lint: | |
# pull requests are a duplicate of a branch push if within the same repo. | |
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.repository | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Install python packages | |
uses: ./.github/actions/install_requirements | |
with: | |
python_version: "3.9" | |
requirements_file: requirements-dev-3.x.txt | |
install_options: -e .[dev] | |
- name: Lint | |
run: tox -e pre-commit,mypy | |
test_core: | |
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.repository | |
strategy: | |
fail-fast: false | |
matrix: | |
os: ["ubuntu-latest"] # can add windows-latest, macos-latest | |
python: ["3.9", "3.10", "3.11"] | |
install_options: ["-e .[dev]"] | |
marker: ["core"] | |
# Make one version be non-editable to test both paths of version code | |
include: | |
- os: "ubuntu-latest" | |
python: "3.9" | |
install_options: ".[dev]" | |
marker: "core" | |
runs-on: ${{ matrix.os }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- uses: ./.github/actions/do_tests | |
with: | |
install_options: ${{ matrix.install_options }} | |
marker: ${{ matrix.marker }} | |
python: ${{ matrix.python }} | |
test_compat: | |
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.repository | |
strategy: | |
fail-fast: false | |
matrix: | |
os: ["ubuntu-latest"] # can add windows-latest, macos-latest | |
python: ["3.9", "3.10", "3.11"] | |
install_options: ["-e .[dev]"] | |
marker: ["numcertain", "pint"] | |
runs-on: ${{ matrix.os }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- uses: ./.github/actions/do_tests | |
with: | |
install_options: ${{ matrix.install_options }} | |
marker: ${{ matrix.marker }} | |
python: ${{ matrix.python }} | |
push_badges: | |
needs: ["test_core", "test_compat"] | |
if: always() && github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.repository | |
runs-on: "ubuntu-latest" | |
permissions: | |
contents: write | |
steps: | |
- name: Checkout workflow branch | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Get branch name | |
id: branch-name | |
uses: ./.github/actions/get_branch | |
- name: Checkout badges branch | |
uses: actions/checkout@v4 | |
with: | |
ref: gh-badges | |
- name: Download badges | |
uses: actions/download-artifact@v4 | |
with: | |
name: badges-${{ steps.branch-name.outputs.sanitized_name }} | |
path: ${{ steps.branch-name.outputs.sanitized_name }} | |
- name: Create badge commit | |
shell: bash | |
run: | | |
git config --local user.email "github-actions[bot]@users.noreply.github.com" | |
git config --local user.name "github-actions[bot]" | |
git add ${{ steps.branch-name.outputs.sanitized_name }}/*.svg | |
git commit -m "Add/Update badges" || true | |
- name: Push badge commit | |
uses: ad-m/github-push-action@master | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
branch: gh-badges | |
dist: | |
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.repository | |
runs-on: "ubuntu-latest" | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
# Need this to get version number from last tag | |
fetch-depth: 0 | |
- name: Build sdist and wheel | |
run: | | |
export SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct) && \ | |
pipx run build | |
- name: Upload sdist and wheel as artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: dist | |
path: dist | |
- name: Check for packaging errors | |
run: pipx run twine check --strict dist/* | |
- name: Install python packages | |
uses: ./.github/actions/install_requirements | |
with: | |
python_version: ${{env.CONTAINER_PYTHON}} | |
requirements_file: requirements.txt | |
install_options: dist/*.whl | |
- name: Test module --version works using the installed wheel | |
# If more than one module in src/ replace with module name to test | |
run: python -m $(ls src | head -1) --version | |
container: | |
needs: [lint, dist, test_core] | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
packages: write | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
# image names must be all lower case | |
- name: Generate image repo name | |
run: echo IMAGE_REPOSITORY=ghcr.io/$(tr '[:upper:]' '[:lower:]' <<< "${{ github.repository }}") >> $GITHUB_ENV | |
- name: Download wheel and lockfiles | |
uses: actions/download-artifact@v4 | |
with: | |
path: .devcontainer | |
- name: Log in to GitHub Docker Registry | |
if: github.event_name != 'pull_request' | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Docker meta | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: ${{ env.IMAGE_REPOSITORY }} | |
tags: | | |
type=ref,event=tag | |
type=raw,value=latest | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Build runtime image | |
uses: docker/build-push-action@v5 | |
with: | |
build-args: | | |
PIP_OPTIONS=-r lockfiles/requirements.txt dist/*.whl | |
push: ${{ github.event_name == 'push' && startsWith(github.ref, 'refs/tags') }} | |
load: ${{ ! (github.event_name == 'push' && startsWith(github.ref, 'refs/tags')) }} | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
context: .devcontainer | |
# If you have a long docker build, uncomment the following to turn on caching | |
# For short build times this makes it a little slower | |
#cache-from: type=gha | |
#cache-to: type=gha,mode=max | |
release: | |
# upload to PyPI and make a release on every tag | |
needs: [lint, dist, test_core] | |
if: ${{ github.event_name == 'push' && startsWith(github.ref, 'refs/tags') }} | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/download-artifact@v4 | |
- name: Fixup blank lockfiles | |
# Github release artifacts can't be blank | |
run: for f in lockfiles/*; do [ -s $f ] || echo '# No requirements' >> $f; done | |
- name: Github Release | |
# We pin to the SHA, not the tag, for security reasons. | |
# https://docs.github.com/en/actions/learn-github-actions/security-hardening-for-github-actions#using-third-party-actions | |
uses: softprops/action-gh-release@3198ee18f814cdf787321b4a32a26ddbf37acc52 # v2.0.2 | |
with: | |
prerelease: ${{ contains(github.ref_name, 'a') || contains(github.ref_name, 'b') || contains(github.ref_name, 'rc') }} | |
files: | | |
dist/* | |
lockfiles/* | |
generate_release_notes: true | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Publish to PyPI | |
uses: pypa/gh-action-pypi-publish@release/v1 | |
with: | |
password: ${{ secrets.PYPI_TOKEN }} |