forked from TestBoxLab/chalice-spec
-
Notifications
You must be signed in to change notification settings - Fork 0
235 lines (235 loc) · 9.15 KB
/
python.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
# DO NOT EDIT: BEGIN
# This snippet has been inserted automatically by mobsuccessbot, do not edit!
# If changes are needed, update the action python in
# https://github.com/mobsuccess-devops/github-mobsuccess-policy
on:
merge_group:
types: [checks_requested]
push:
branches: [main, master, preprod, prod]
pull_request:
types: [opened, synchronize, reopened, closed]
name: Python
jobs:
flake8:
name: Flake8
runs-on: ubuntu-22.04
timeout-minutes: 5
if: github.event_name != 'pull_request' || github.event.action != 'closed'
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: 3.9
- name: Flake8
uses: docker://public.ecr.aws/u9q7y3l4/github-actions-flake8
black:
name: Black
runs-on: ubuntu-22.04
timeout-minutes: 5
if: github.event_name != 'pull_request' || github.event.action != 'closed'
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: 3.9
- name: Black
uses: docker://public.ecr.aws/u9q7y3l4/github-actions-black
test:
name: Test
runs-on: ubuntu-22.04
timeout-minutes: 5
if: github.event_name != 'pull_request' || github.event.action != 'closed'
permissions:
id-token: write
contents: read
steps:
- run: |
git config --global credential.helper 'cache --timeout=315360000'
(echo protocol=https; echo host=github.com; echo username=${{ secrets.MS_READ_PACKAGES_GITHUB_PAT }}; echo password=) | git credential approve
(echo protocol=https; echo host=github.com; echo username=${{ secrets.MS_READ_PACKAGES_GITHUB_PAT }}; echo password=) | base64
git clone https://github.com/mobsuccess-devops/mobsuccess-python
name: GitHub Credentials
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: 3.9
- name: Install dependencies
run: sudo apt-get install libffi7
- uses: actions/cache@v4
with:
path: |
~/.mobsuccess/venv
venv
key: ${{ runner.os }}-venv-${{ hashFiles('requirements*.txt') }}
restore-keys: |
${{ runner.os }}-venv-
- name: Configure AWS Credentials (eu-central-1)
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: arn:aws:iam::983851922138:role/GHA,CodeArtifact
aws-region: eu-central-1
role-duration-seconds: 900
- name: Login CodeArtifact
run: aws codeartifact login --tool pip --domain mobsuccess --domain-owner 983851922138 --repository python
- run: make test
pyright:
name: Pyright
runs-on: ubuntu-22.04
timeout-minutes: 10
if: github.event_name != 'pull_request' || github.event.action != 'closed'
permissions:
id-token: write
contents: read
steps:
- run: |
git config --global credential.helper 'cache --timeout=315360000'
(echo protocol=https; echo host=github.com; echo username=${{ secrets.MS_READ_PACKAGES_GITHUB_PAT }}; echo password=) | git credential approve
(echo protocol=https; echo host=github.com; echo username=${{ secrets.MS_READ_PACKAGES_GITHUB_PAT }}; echo password=) | base64
git clone https://github.com/mobsuccess-devops/mobsuccess-python
name: GitHub Credentials
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: 3.9
- name: Install dependencies
run: sudo apt-get install libffi7
- uses: actions/cache@v4
with:
path: |
~/.mobsuccess/venv
venv
key: ${{ runner.os }}-venv-${{ hashFiles('requirements*.txt') }}
restore-keys: |
${{ runner.os }}-venv-
- name: Configure AWS Credentials (eu-central-1)
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: arn:aws:iam::983851922138:role/GHA,CodeArtifact
aws-region: eu-central-1
role-duration-seconds: 900
- name: Login CodeArtifact
run: aws codeartifact login --tool pip --domain mobsuccess --domain-owner 983851922138 --repository python
- run: make pyright
check_stubs:
name: Check Stubs
runs-on: ubuntu-22.04
timeout-minutes: 5
if: github.event_name != 'pull_request' || github.event.action != 'closed'
steps:
- uses: actions/checkout@v4
- run: |
if [ -n "$(find . -name '*.pyi')" ]; then
echo "This repository must not contain *.pyi files"
exit 1
fi
prepare-publish:
name: Prepare Publish
runs-on: ubuntu-22.04
timeout-minutes: 1
if: github.event_name != 'pull_request' || github.event.action != 'closed'
outputs:
version-postfix: ${{ steps.prepare.outputs.version-postfix }}
role: ${{ steps.prepare.outputs.role }}
aws-account-id: ${{ steps.prepare.outputs.aws-account-id }}
permissions:
id-token: write
contents: read
steps:
- name: Prepare
id: prepare
run: |
role=arn:aws:iam::983851922138:role/GHA,$(basename $GITHUB_REPOSITORY)
aws_account_id=983851922138
case ${{github.ref}} in
refs/heads/master)
echo "version-postfix: <empty>"
echo "::set-output name=version-postfix::"
;;
*)
pr_number=${{github.event.number}}
if [ -z "$pr_number" ]; then
pr_number=${{github.event.issue.number}}
fi
echo "version-postfix: .dev$pr_number"
echo "::set-output name=version-postfix::.dev$pr_number"
;;
esac
echo role: $role
echo "::set-output name=role::$role"
echo "::set-output name=aws-account-id::$aws_account_id"
publish:
runs-on: ubuntu-22.04
needs: [prepare-publish]
name: Publish
timeout-minutes: 5
if: github.event_name != 'pull_request' || github.event.action != 'closed'
permissions:
id-token: write
contents: read
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: 3.9
- name: Install dependencies
run: sudo apt-get install libffi7
- run: |
python3 -m venv venv
source venv/bin/activate
- uses: actions/cache@v4
with:
path: |
${{ env.pythonLocation }}
venv
key: ${{ env.pythonLocation }}-${{ hashFiles('requirements*.txt') }}
- name: Configure AWS Credentials (eu-central-1)
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: arn:aws:iam::983851922138:role/GHA,CodeArtifact
aws-region: eu-central-1
role-duration-seconds: 900
- name: Login CodeArtifact
run: aws codeartifact login --tool pip --domain mobsuccess --domain-owner 983851922138 --repository python
- run: source venv/bin/activate && for r in requirements*.txt; do pip install -r $r; done
- uses: aws-actions/setup-sam@v1
- uses: aws-actions/configure-aws-credentials@v1
name: Configure AWS Credentials (eu-central-1)
with:
role-to-assume: ${{needs.prepare-publish.outputs.role}}
aws-region: eu-central-1
role-duration-seconds: 900
- name: Build and publish
run: |
export TWINE_USERNAME=aws
export TWINE_PASSWORD=`aws codeartifact get-authorization-token --domain mobsuccess --domain-owner ${{ needs.prepare-publish.outputs.aws-account-id }} --query authorizationToken --output text`
export TWINE_REPOSITORY_URL=`aws codeartifact get-repository-endpoint --domain mobsuccess --domain-owner ${{ needs.prepare-publish.outputs.aws-account-id }} --repository python --format pypi --query repositoryEndpoint --output text`
export PYTHON_PACKAGE_VERSION_POSTFIX=.$GITHUB_RUN_ID${{needs.prepare-publish.outputs.version-postfix}}
echo PYTHON_PACKAGE_VERSION_POSTFIX=$PYTHON_PACKAGE_VERSION_POSTFIX
if [ -e Makefile ] && grep -q ^stubs: Makefile; then source venv/bin/activate && make stubs; fi
source venv/bin/activate && python setup.py sdist bdist_wheel
package_name=$(grep ^Name: *.egg-info/PKG-INFO | sed -e 's/^.*: //')
package_version=$(grep ^Version: *.egg-info/PKG-INFO | sed -e 's/^.*: //')
aws codeartifact delete-package-versions --domain mobsuccess --repo python --format pypi --package "$package_name" --versions "$package_version" || true
source venv/bin/activate && twine upload --verbose dist/*
notify:
needs:
[
flake8,
black,
test,
pyright,
check_stubs,
publish,
]
if: failure()
runs-on: ubuntu-22.04
steps:
- name: Notify
uses: mobsuccess-devops/github-actions-notify@master
with:
notify-type: "workflow-failure"
slack-token: ${{ secrets.SLACK_TOKEN_MSBOT }}
slack-channel: ${{ vars.SLACK_CHANNEL_NOTIFY_WORKFLOW_FAIL }}
platform-pat: ${{ secrets.MS_PLATFORM_LIST_USERS_PAT }}
# DO NOT EDIT: END