Bump docker/build-push-action from 5 to 6 #69
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Code CI | |
on: | |
push: | |
pull_request: | |
env: | |
# The target python version, which must match the Dockerfile version | |
CONTAINER_PYTHON: "3.11" | |
DIST_WHEEL_PATH: dist-${{ github.sha }} | |
jobs: | |
lint: | |
# pull requests are a duplicate of a branch push if within the same repo. | |
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.repository | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Install python packages | |
uses: ./.github/actions/install_requirements | |
with: | |
requirements_file: requirements-dev-3.x.txt | |
install_options: -e .[dev] | |
artifact_name: lint | |
- name: Lint | |
run: tox -e pre-commit,mypy | |
test: | |
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.repository | |
strategy: | |
fail-fast: false | |
matrix: | |
os: ["ubuntu-latest"] # can add windows-latest, macos-latest | |
python: ["3.9", "3.10"] | |
install: ["-e .[dev]"] | |
# Make one version be non-editable to test both paths of version code | |
include: | |
- os: "ubuntu-latest" | |
python: "3.11" | |
install: ".[dev]" | |
runs-on: ${{ matrix.os }} | |
env: | |
# https://github.com/pytest-dev/pytest/issues/2042 | |
PY_IGNORE_IMPORTMISMATCH: "1" | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
# Need this to get version number from last tag | |
fetch-depth: 0 | |
- name: Install python packages | |
uses: ./.github/actions/install_requirements | |
with: | |
python_version: ${{ matrix.python }} | |
requirements_file: requirements-test-${{ matrix.os }}-${{ matrix.python }}.txt | |
install_options: ${{ matrix.install }} | |
artifact_name: tests | |
- name: List dependency tree | |
run: pipdeptree | |
- name: Run tests | |
run: tox -e pytest | |
- name: Upload coverage to Codecov | |
uses: codecov/codecov-action@v3 | |
with: | |
name: ${{ matrix.python }}/${{ matrix.os }} | |
files: cov.xml | |
dist: | |
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.repository | |
runs-on: "ubuntu-latest" | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
# Need this to get version number from last tag | |
fetch-depth: 0 | |
- name: Build sdist and wheel | |
run: | | |
export SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct) && \ | |
pipx run build | |
- name: Upload sdist and wheel as artifacts | |
uses: actions/[email protected] | |
with: | |
name: ${{ env.DIST_WHEEL_PATH }} | |
path: dist | |
- name: Check for packaging errors | |
run: pipx run twine check --strict dist/* | |
- name: Install python packages | |
uses: ./.github/actions/install_requirements | |
with: | |
python_version: ${{env.CONTAINER_PYTHON}} | |
requirements_file: requirements.txt | |
install_options: dist/*.whl | |
artifact_name: dist | |
- name: Test module --version works using the installed wheel | |
# If more than one module in src/ replace with module name to test | |
run: python -m $(ls --hide='*.egg-info' src | head -1) --version | |
container: | |
needs: [lint, dist, test] | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
packages: write | |
env: | |
TEST_TAG: "testing" | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
# image names must be all lower case | |
- name: Generate image repo name | |
run: echo IMAGE_REPOSITORY=ghcr.io/$(tr '[:upper:]' '[:lower:]' <<< "${{ github.repository }}") >> $GITHUB_ENV | |
- name: Set lockfile location in environment | |
run: | | |
echo "DIST_LOCKFILE_PATH=lockfiles-${{ env.CONTAINER_PYTHON }}-dist-${{ github.sha }}" >> $GITHUB_ENV | |
- name: Download wheel and lockfiles | |
uses: actions/[email protected] | |
with: | |
path: artifacts/ | |
pattern: "*dist*" | |
- name: Log in to GitHub Docker Registry | |
if: github.event_name != 'pull_request' | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Build and export to Docker local cache | |
uses: docker/build-push-action@v6 | |
with: | |
# Note build-args, context, file, and target must all match between this | |
# step and the later build-push-action, otherwise the second build-push-action | |
# will attempt to build the image again | |
build-args: | | |
PIP_OPTIONS=-r ${{ env.DIST_LOCKFILE_PATH }}/requirements.txt ${{ env.DIST_WHEEL_PATH }}/*.whl | |
context: artifacts/ | |
file: ./Dockerfile | |
target: runtime | |
load: true | |
tags: ${{ env.TEST_TAG }} | |
# If you have a long docker build (2+ minutes), uncomment the | |
# following to turn on caching. For short build times this | |
# makes it a little slower | |
#cache-from: type=gha | |
#cache-to: type=gha,mode=max | |
- name: Test cli works in cached runtime image | |
run: docker run docker.io/library/${{ env.TEST_TAG }} --version | |
- name: Create tags for publishing image | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: ${{ env.IMAGE_REPOSITORY }} | |
tags: | | |
type=ref,event=tag | |
type=raw,value=latest, enable=${{ github.ref_type == 'tag' }} | |
# type=edge,branch=main | |
# Add line above to generate image for every commit to given branch, | |
# and uncomment the end of if clause in next step | |
- name: Push cached image to container registry | |
if: github.ref_type == 'tag' # || github.ref_name == 'main' | |
uses: docker/build-push-action@v6 | |
# This does not build the image again, it will find the image in the | |
# Docker cache and publish it | |
with: | |
# Note build-args, context, file, and target must all match between this | |
# step and the previous build-push-action, otherwise this step will | |
# attempt to build the image again | |
build-args: | | |
PIP_OPTIONS=-r ${{ env.DIST_LOCKFILE_PATH }}/requirements.txt ${{ env.DIST_WHEEL_PATH }}/*.whl | |
context: artifacts/ | |
file: ./Dockerfile | |
target: runtime | |
push: true | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
release: | |
# upload to PyPI and make a release on every tag | |
needs: [lint, dist, test] | |
if: ${{ github.event_name == 'push' && github.ref_type == 'tag' }} | |
runs-on: ubuntu-latest | |
env: | |
HAS_PYPI_TOKEN: ${{ secrets.PYPI_TOKEN != '' }} | |
steps: | |
- name: Download wheel and lockfiles | |
uses: actions/[email protected] | |
with: | |
path: artifacts/ | |
pattern: "*dist*" | |
- name: Fixup blank lockfiles | |
# Github release artifacts can't be blank | |
run: for f in ${{ env.DIST_LOCKFILE_PATH }}/*; do [ -s $f ] || echo '# No requirements' >> $f; done | |
- name: Github Release | |
# We pin to the SHA, not the tag, for security reasons. | |
# https://docs.github.com/en/actions/learn-github-actions/security-hardening-for-github-actions#using-third-party-actions | |
uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v0.1.15 | |
with: | |
prerelease: ${{ contains(github.ref_name, 'a') || contains(github.ref_name, 'b') || contains(github.ref_name, 'rc') }} | |
files: | | |
${{ env.DIST_WHEEL_PATH }}/* | |
${{ env.DIST_LOCKFILE_PATH }}/* | |
generate_release_notes: true | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Publish to PyPI | |
if: ${{ env.HAS_PYPI_TOKEN }} | |
uses: pypa/gh-action-pypi-publish@release/v1 | |
with: | |
password: ${{ secrets.PYPI_TOKEN }} |