chore(deps): update python to v3.14.2 (#176) #836
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| workflow_dispatch: | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} | |
| cancel-in-progress: true | |
| permissions: | |
| contents: read | |
| jobs: | |
| lint: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| # required for upload-sarif action | |
| # https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github#example-workflow-for-sarif-files-generated-outside-of-a-repository | |
| security-events: write | |
| steps: | |
| - name: Checkout ${{ github.repository }} | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| persist-credentials: false | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6 | |
| id: setup-uv | |
| with: | |
| # renovate: datasource=pypi dependency=uv | |
| version: "0.9.18" | |
| - name: Install pre-commit | |
| run: | | |
| uv sync --locked --only-dev | |
| - uses: mschoettle/pre-commit-action@0ffaba63d7e205c4109d6a3ca4ced5fc4decd04b # v4.2.3 | |
| env: | |
| SKIP: markdownlint-cli2 | |
| - name: Run markdownlint | |
| if: '!cancelled()' | |
| env: | |
| # renovate: datasource=docker depName=davidanson/markdownlint-cli2-rules versioning=semver | |
| MARKDOWNLINT_CLI2_VERSION: v0.20.0 | |
| uses: YannickTeKulve/docker-run-action@37eb44806428df732c5cc168b96f2b6be8153632 | |
| with: | |
| image: davidanson/markdownlint-cli2-rules:${{ env.MARKDOWNLINT_CLI2_VERSION }} | |
| # node user does not have permissions to workspace due to user id mismatch | |
| options: -v ${{ github.workspace }}:/workdir --user root | |
| # don't fail step if there are violations | |
| run: markdownlint-cli2 --config .github/markdownlint/.markdownlint-cli2.yaml "**/*.md" | |
| - name: Run the production stack | |
| run: | | |
| docker compose build --build-arg STATS_WEBSITE_ID=test_website_id | |
| docker compose up -d | |
| - name: Check stats website ID | |
| run: | | |
| curl --silent http://localhost | grep --quiet 'data-website-id="test_website_id"' | |
| - name: Check redirects | |
| run: uv run --script .github/redirects/check_redirects.py | |
| - name: Stop production stack | |
| run: docker compose down | |
| build: | |
| # https://docs.github.com/en/actions/using-github-hosted-runners/using-github-hosted-runners/about-github-hosted-runners#standard-github-hosted-runners-for-public-repositories | |
| runs-on: ubuntu-24.04-arm | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ${{ github.repository }} | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| persist-credentials: false | |
| lfs: true | |
| # fetch the full git history to be able to determine creation dates for pages | |
| # see: https://github.com/timvink/mkdocs-git-revision-date-localized-plugin?tab=readme-ov-file#note-when-using-build-environments | |
| fetch-depth: 0 | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 | |
| if: github.event_name != 'pull_request' | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 | |
| - name: Validate build configuration | |
| uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 | |
| with: | |
| call: check | |
| - name: Extract metadata (tags, labels) for Docker | |
| id: meta | |
| uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| - name: Build Docker image | |
| uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 | |
| with: | |
| # use path context to make .git available in build | |
| # https://github.com/docker/build-push-action?tab=readme-ov-file#git-context | |
| context: . | |
| platforms: linux/arm64 | |
| build-args: | |
| "STATS_WEBSITE_ID=${{ secrets.STATS_WEBSITE_ID }}" | |
| # load image into docker to test it in the next step | |
| load: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| # https://docs.docker.com/build/ci/github-actions/cache/#github-cache | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| - name: Test image | |
| env: | |
| TAGS: ${{ steps.meta.outputs.tags }} | |
| run: docker run --rm "${TAGS}" --version | |
| - name: Push Docker image | |
| uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 | |
| with: | |
| # use path context to make .git available in build | |
| # https://github.com/docker/build-push-action?tab=readme-ov-file#git-context | |
| context: . | |
| build-args: | |
| "STATS_WEBSITE_ID=${{ secrets.STATS_WEBSITE_ID }}" | |
| platforms: linux/arm64 | |
| # only push to the registry when it is not a PR (i.e., main branch) | |
| push: ${{ github.event_name != 'pull_request' }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| # https://docs.docker.com/build/ci/github-actions/cache/#github-cache | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| deploy: | |
| uses: ./.github/workflows/cd.yml | |
| if: success() && github.ref == 'refs/heads/main' | |
| needs: | |
| - lint | |
| - build | |
| secrets: | |
| SSH_HOST: ${{ secrets.SSH_HOST }} | |
| SSH_PORT: ${{ secrets.SSH_PORT }} | |
| SSH_USER: ${{ secrets.SSH_USER }} | |
| SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} |