From f1e80a14e75eef738fff818736127b290f572977 Mon Sep 17 00:00:00 2001 From: Daniel Grittner Date: Tue, 20 Aug 2024 11:04:43 +0200 Subject: [PATCH] feat: add ci workflow for main, move release workflow to release, only publish pypi if version changed --- .github/workflows/main.yml | 11 +++++++++ .github/workflows/publish-docker-hub.yml | 4 ++++ .github/workflows/publish-to-pypi.yml | 29 +++++++++++++++++++----- .github/workflows/release.yml | 9 +++----- .github/workflows/unit-test.yml | 14 ++++++++++++ 5 files changed, 55 insertions(+), 12 deletions(-) create mode 100644 .github/workflows/main.yml diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml new file mode 100644 index 00000000..ae7c93a6 --- /dev/null +++ b/.github/workflows/main.yml @@ -0,0 +1,11 @@ +name: Main CI Workflow +on: + push: + branches: + - main +jobs: + setup-and-test: + uses: ./.github/workflows/unit-test.yml + with: + os: ubuntu-latest + secrets: inherit diff --git a/.github/workflows/publish-docker-hub.yml b/.github/workflows/publish-docker-hub.yml index d9dedfd2..a848033a 100644 --- a/.github/workflows/publish-docker-hub.yml +++ b/.github/workflows/publish-docker-hub.yml @@ -22,14 +22,18 @@ jobs: with: repository: ${{ github.repository }} ref: ${{ github.event.pull_request.head.sha }} + - name: Set up QEMU uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 + - name: Login to Docker Hub uses: docker/login-action@v3 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} + - name: Build and push Docker images run: cd docker && ./release_images.sh diff --git a/.github/workflows/publish-to-pypi.yml b/.github/workflows/publish-to-pypi.yml index 8e69838f..63db009a 100644 --- a/.github/workflows/publish-to-pypi.yml +++ b/.github/workflows/publish-to-pypi.yml @@ -1,3 +1,4 @@ +# TODO: switch to a tag-based approach later name: Publish PyPI Package on: workflow_call: @@ -5,25 +6,41 @@ jobs: publish_to_pypi: name: Publish Python package to PyPI runs-on: ubuntu-latest - # Set permissions for trusted publishing. - permissions: - id-token: write - contents: read steps: - uses: actions/checkout@v4.1.1 + - name: Set up Python uses: actions/setup-python@v2 with: python-version: 3.12 + - name: Install Poetry uses: snok/install-poetry@v1.4.1 with: virtualenvs-create: true virtualenvs-in-project: true + - name: Build package run: poetry build + - name: Build package run: poetry build - - name: Publish the package with poetry + + - name: Extract version from pyproject.toml + id: get_version run: | - poetry publish -u __token__ -p '${{ secrets.PYPI_API_TOKEN }}' + version=$(grep '^version = ' pyproject.toml | sed -E 's/version = "(.*)"/\1/') + echo "Package version: $version" + echo "::set-output name=VERSION::$version" + + - name: Get the latest published version from PyPI + id: get_pypi_version + run: | + package_name=$(grep '^name = ' pyproject.toml | sed -E 's/name = "(.*)"/\1/') + latest_version=$(python -m pip install -U pip && pip search "$package_name" | grep -Eo "$package_name \([0-9]*\.[0-9]*\.[0-9]*\)") + echo "Latest version on PyPI: $latest_version" + echo "::set-output name=LATEST_VERSION::$latest_version" + + - name: Publish the package with poetry if the version has changed + if: steps.get_version.outputs.VERSION != steps.get_pypi_version.outputs.LATEST_VERSION + run: poetry publish -u __token__ -p '${{ secrets.PYPI_API_TOKEN }}' diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f67d93d3..5a87867d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -2,24 +2,21 @@ name: Release Package & Docker Images on: push: branches: - - main - # - release + - release jobs: setup-and-test: uses: ./.github/workflows/unit-test.yml with: os: ubuntu-latest secrets: inherit + publish-python-package: if: github.repository == 'Admyral-Security/admyral' needs: - setup-and-test uses: ./.github/workflows/publish-to-pypi.yml - # Set permissions for trusted publishing. - permissions: - id-token: write - contents: read secrets: inherit + publish-docker-images: if: github.repository == 'Admyral-Security/admyral' needs: diff --git a/.github/workflows/unit-test.yml b/.github/workflows/unit-test.yml index 8f4604d1..20f763d5 100644 --- a/.github/workflows/unit-test.yml +++ b/.github/workflows/unit-test.yml @@ -22,23 +22,30 @@ jobs: with: repository: ${{ github.repository }} ref: ${{ github.event.pull_request.head.sha }} + - name: Set up Python uses: actions/setup-python@v2 with: python-version: 3.12 + - name: Install Poetry uses: snok/install-poetry@v1.4.1 with: virtualenvs-create: true virtualenvs-in-project: true + - name: Install dependencies run: poetry install + - name: Run linter run: poetry run ruff format --check + - name: Run linter run: poetry run ruff check + - name: Run unit tests run: poetry run pytest tests/ + web-unit-test: name: Web Unit Tests runs-on: ${{ inputs.os }} @@ -48,22 +55,29 @@ jobs: with: repository: ${{ github.repository }} ref: ${{ github.event.pull_request.head.sha }} + - name: Install Node.js uses: actions/setup-node@v2 with: node-version: 18 + - name: Setup pnpm uses: pnpm/action-setup@v4.0.0 with: version: 9 + - name: Install dependencies run: cd web && pnpm install + - name: Run linter run: cd web && pnpm lint + - name: Run prettier check run: cd web && pnpm prettier:check + - name: Run build run: cd web && pnpm build + # TODO: activate when tests are available # - name: Run unit tests # run: cd web && pnpm test