Update python.yml GitHub workflow #58
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # DO NOT EDIT: BEGIN | |
| # This snippet has been inserted automatically by mobsuccessbot, do not edit! | |
| # If changes are needed, update the action python in | |
| # https://github.com/mobsuccess-devops/github-mobsuccess-policy | |
| on: | |
| merge_group: | |
| types: [checks_requested] | |
| push: | |
| branches: [main, master, preprod, prod] | |
| pull_request: | |
| types: [opened, synchronize, reopened, closed] | |
| name: Python | |
| jobs: | |
| flake8: | |
| name: Flake8 | |
| runs-on: ubuntu-22.04 | |
| timeout-minutes: 5 | |
| if: github.event_name != 'pull_request' || github.event.action != 'closed' | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: 3.9 | |
| - name: Flake8 | |
| uses: docker://public.ecr.aws/u9q7y3l4/github-actions-flake8 | |
| black: | |
| name: Black | |
| runs-on: ubuntu-22.04 | |
| timeout-minutes: 5 | |
| if: github.event_name != 'pull_request' || github.event.action != 'closed' | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: 3.9 | |
| - name: Black | |
| uses: docker://public.ecr.aws/u9q7y3l4/github-actions-black | |
| test: | |
| name: Test | |
| runs-on: ubuntu-22.04 | |
| timeout-minutes: 5 | |
| if: github.event_name != 'pull_request' || github.event.action != 'closed' | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - run: | | |
| git config --global credential.helper 'cache --timeout=315360000' | |
| (echo protocol=https; echo host=github.com; echo username=${{ secrets.MS_READ_PACKAGES_GITHUB_PAT }}; echo password=) | git credential approve | |
| (echo protocol=https; echo host=github.com; echo username=${{ secrets.MS_READ_PACKAGES_GITHUB_PAT }}; echo password=) | base64 | |
| git clone https://github.com/mobsuccess-devops/mobsuccess-python | |
| name: GitHub Credentials | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: 3.9 | |
| - name: Install dependencies | |
| run: sudo apt-get install libffi7 | |
| - uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.mobsuccess/venv | |
| venv | |
| key: ${{ runner.os }}-venv-${{ hashFiles('requirements*.txt') }} | |
| restore-keys: | | |
| ${{ runner.os }}-venv- | |
| - name: Configure AWS Credentials (eu-central-1) | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| role-to-assume: arn:aws:iam::983851922138:role/GHA,CodeArtifact | |
| aws-region: eu-central-1 | |
| role-duration-seconds: 900 | |
| - name: Login CodeArtifact | |
| run: aws codeartifact login --tool pip --domain mobsuccess --domain-owner 983851922138 --repository python | |
| - run: make test | |
| pyright: | |
| name: Pyright | |
| runs-on: ubuntu-22.04 | |
| timeout-minutes: 10 | |
| if: github.event_name != 'pull_request' || github.event.action != 'closed' | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - run: | | |
| git config --global credential.helper 'cache --timeout=315360000' | |
| (echo protocol=https; echo host=github.com; echo username=${{ secrets.MS_READ_PACKAGES_GITHUB_PAT }}; echo password=) | git credential approve | |
| (echo protocol=https; echo host=github.com; echo username=${{ secrets.MS_READ_PACKAGES_GITHUB_PAT }}; echo password=) | base64 | |
| git clone https://github.com/mobsuccess-devops/mobsuccess-python | |
| name: GitHub Credentials | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: 3.9 | |
| - name: Install dependencies | |
| run: sudo apt-get install libffi7 | |
| - uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.mobsuccess/venv | |
| venv | |
| key: ${{ runner.os }}-venv-${{ hashFiles('requirements*.txt') }} | |
| restore-keys: | | |
| ${{ runner.os }}-venv- | |
| - name: Configure AWS Credentials (eu-central-1) | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| role-to-assume: arn:aws:iam::983851922138:role/GHA,CodeArtifact | |
| aws-region: eu-central-1 | |
| role-duration-seconds: 900 | |
| - name: Login CodeArtifact | |
| run: aws codeartifact login --tool pip --domain mobsuccess --domain-owner 983851922138 --repository python | |
| - run: make pyright | |
| check_stubs: | |
| name: Check Stubs | |
| runs-on: ubuntu-22.04 | |
| timeout-minutes: 5 | |
| if: github.event_name != 'pull_request' || github.event.action != 'closed' | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - run: | | |
| if [ -n "$(find . -name '*.pyi')" ]; then | |
| echo "This repository must not contain *.pyi files" | |
| exit 1 | |
| fi | |
| prepare-publish: | |
| name: Prepare Publish | |
| runs-on: ubuntu-22.04 | |
| timeout-minutes: 1 | |
| if: github.event_name != 'pull_request' || github.event.action != 'closed' | |
| outputs: | |
| version-postfix: ${{ steps.prepare.outputs.version-postfix }} | |
| role: ${{ steps.prepare.outputs.role }} | |
| aws-account-id: ${{ steps.prepare.outputs.aws-account-id }} | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - name: Prepare | |
| id: prepare | |
| run: | | |
| role=arn:aws:iam::983851922138:role/GHA,$(basename $GITHUB_REPOSITORY) | |
| aws_account_id=983851922138 | |
| case ${{github.ref}} in | |
| refs/heads/master) | |
| echo "version-postfix: <empty>" | |
| echo "::set-output name=version-postfix::" | |
| ;; | |
| *) | |
| pr_number=${{github.event.number}} | |
| if [ -z "$pr_number" ]; then | |
| pr_number=${{github.event.issue.number}} | |
| fi | |
| echo "version-postfix: .dev$pr_number" | |
| echo "::set-output name=version-postfix::.dev$pr_number" | |
| ;; | |
| esac | |
| echo role: $role | |
| echo "::set-output name=role::$role" | |
| echo "::set-output name=aws-account-id::$aws_account_id" | |
| publish: | |
| runs-on: ubuntu-22.04 | |
| needs: [prepare-publish] | |
| name: Publish | |
| timeout-minutes: 5 | |
| if: github.event_name != 'pull_request' || github.event.action != 'closed' | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: 3.9 | |
| - name: Install dependencies | |
| run: sudo apt-get install libffi7 | |
| - run: | | |
| python3 -m venv venv | |
| source venv/bin/activate | |
| - uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ${{ env.pythonLocation }} | |
| venv | |
| key: ${{ env.pythonLocation }}-${{ hashFiles('requirements*.txt') }} | |
| - name: Configure AWS Credentials (eu-central-1) | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| role-to-assume: arn:aws:iam::983851922138:role/GHA,CodeArtifact | |
| aws-region: eu-central-1 | |
| role-duration-seconds: 900 | |
| - name: Login CodeArtifact | |
| run: aws codeartifact login --tool pip --domain mobsuccess --domain-owner 983851922138 --repository python | |
| - run: source venv/bin/activate && for r in requirements*.txt; do pip install -r $r; done | |
| - uses: aws-actions/setup-sam@v1 | |
| - uses: aws-actions/configure-aws-credentials@v1 | |
| name: Configure AWS Credentials (eu-central-1) | |
| with: | |
| role-to-assume: ${{needs.prepare-publish.outputs.role}} | |
| aws-region: eu-central-1 | |
| role-duration-seconds: 900 | |
| - name: Build and publish | |
| run: | | |
| export TWINE_USERNAME=aws | |
| export TWINE_PASSWORD=`aws codeartifact get-authorization-token --domain mobsuccess --domain-owner ${{ needs.prepare-publish.outputs.aws-account-id }} --query authorizationToken --output text` | |
| export TWINE_REPOSITORY_URL=`aws codeartifact get-repository-endpoint --domain mobsuccess --domain-owner ${{ needs.prepare-publish.outputs.aws-account-id }} --repository python --format pypi --query repositoryEndpoint --output text` | |
| export PYTHON_PACKAGE_VERSION_POSTFIX=.$GITHUB_RUN_ID${{needs.prepare-publish.outputs.version-postfix}} | |
| echo PYTHON_PACKAGE_VERSION_POSTFIX=$PYTHON_PACKAGE_VERSION_POSTFIX | |
| if [ -e Makefile ] && grep -q ^stubs: Makefile; then source venv/bin/activate && make stubs; fi | |
| source venv/bin/activate && python setup.py sdist bdist_wheel | |
| package_name=$(grep ^Name: *.egg-info/PKG-INFO | sed -e 's/^.*: //') | |
| package_version=$(grep ^Version: *.egg-info/PKG-INFO | sed -e 's/^.*: //') | |
| aws codeartifact delete-package-versions --domain mobsuccess --repo python --format pypi --package "$package_name" --versions "$package_version" || true | |
| source venv/bin/activate && twine upload --verbose dist/* | |
| notify: | |
| needs: | |
| [ | |
| flake8, | |
| black, | |
| test, | |
| pyright, | |
| check_stubs, | |
| publish, | |
| ] | |
| if: failure() | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Notify | |
| uses: mobsuccess-devops/github-actions-notify@master | |
| with: | |
| notify-type: "workflow-failure" | |
| slack-token: ${{ secrets.SLACK_TOKEN_MSBOT }} | |
| slack-channel: ${{ vars.SLACK_CHANNEL_NOTIFY_WORKFLOW_FAIL }} | |
| platform-pat: ${{ secrets.MS_PLATFORM_LIST_USERS_PAT }} | |
| # DO NOT EDIT: END |