Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update python.yml GitHub workflow #12

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
217 changes: 212 additions & 5 deletions .github/workflows/python.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,23 +8,230 @@ on:
push:
branches: [main, master, preprod, prod]
pull_request:
types: [opened, synchronize, reopened]
types: [opened, synchronize, reopened, closed]
name: Python
jobs:
flake8:
name: Flake8
runs-on: ubuntu-20.04
runs-on: ubuntu-22.04
timeout-minutes: 5
if: github.event_name != 'pull_request' || github.event.action != 'closed'
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: 3.9
- name: Flake8
uses: docker://public.ecr.aws/u9q7y3l4/github-actions-flake8
black:
name: Black
runs-on: ubuntu-20.04
runs-on: ubuntu-22.04
timeout-minutes: 5
if: github.event_name != 'pull_request' || github.event.action != 'closed'
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: 3.9
- name: Black
uses: docker://public.ecr.aws/u9q7y3l4/github-actions-black
test:
name: Test
runs-on: ubuntu-22.04
timeout-minutes: 5
if: github.event_name != 'pull_request' || github.event.action != 'closed'
permissions:
id-token: write
contents: read
steps:
- run: |
git config --global credential.helper 'cache --timeout=315360000'
(echo protocol=https; echo host=github.com; echo username=${{ secrets.MS_READ_PACKAGES_GITHUB_PAT }}; echo password=) | git credential approve
(echo protocol=https; echo host=github.com; echo username=${{ secrets.MS_READ_PACKAGES_GITHUB_PAT }}; echo password=) | base64
git clone https://github.com/mobsuccess-devops/mobsuccess-python
name: GitHub Credentials
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: 3.9
- name: Install dependencies
run: sudo apt-get install libffi7
- uses: actions/cache@v4
with:
path: |
~/.mobsuccess/venv/*/*
!~/.mobsuccess/venv/*/.pip-version-*
venv
key: ${{ runner.os }}-venv-test-${{ hashFiles('requirements*.txt') }}
restore-keys: |
${{ runner.os }}-venv-test-
- name: Configure AWS Credentials (eu-central-1)
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: arn:aws:iam::983851922138:role/GHA,CodeArtifact
aws-region: eu-central-1
role-duration-seconds: 900
- name: Login CodeArtifact
run: aws codeartifact login --tool pip --domain mobsuccess --domain-owner 983851922138 --repository python
- run: make test
pyright:
name: Pyright
runs-on: ubuntu-22.04
timeout-minutes: 10
if: github.event_name != 'pull_request' || github.event.action != 'closed'
permissions:
id-token: write
contents: read
steps:
- run: |
git config --global credential.helper 'cache --timeout=315360000'
(echo protocol=https; echo host=github.com; echo username=${{ secrets.MS_READ_PACKAGES_GITHUB_PAT }}; echo password=) | git credential approve
(echo protocol=https; echo host=github.com; echo username=${{ secrets.MS_READ_PACKAGES_GITHUB_PAT }}; echo password=) | base64
git clone https://github.com/mobsuccess-devops/mobsuccess-python
name: GitHub Credentials
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: 3.9
- name: Install dependencies
run: sudo apt-get install libffi7
- uses: actions/cache@v4
with:
path: |
~/.mobsuccess/venv/*/*
!~/.mobsuccess/venv/*/.pip-version-*
venv
key: ${{ runner.os }}-venv-pyright-${{ hashFiles('requirements*.txt') }}
restore-keys: |
${{ runner.os }}-venv-pyright-
- name: Configure AWS Credentials (eu-central-1)
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: arn:aws:iam::983851922138:role/GHA,CodeArtifact
aws-region: eu-central-1
role-duration-seconds: 900
- name: Login CodeArtifact
run: aws codeartifact login --tool pip --domain mobsuccess --domain-owner 983851922138 --repository python
- run: make pyright
check_stubs:
name: Check Stubs
runs-on: ubuntu-22.04
timeout-minutes: 5
if: github.event_name != 'pull_request' || github.event.action != 'closed'
steps:
- uses: actions/checkout@v4
- run: |
if [ -n "$(find . -name '*.pyi')" ]; then
echo "This repository must not contain *.pyi files"
exit 1
fi
prepare-publish:
name: Prepare Publish
runs-on: ubuntu-22.04
timeout-minutes: 1
if: github.event_name != 'pull_request' || github.event.action != 'closed'
outputs:
version-postfix: ${{ steps.prepare.outputs.version-postfix }}
role: ${{ steps.prepare.outputs.role }}
aws-account-id: ${{ steps.prepare.outputs.aws-account-id }}
permissions:
id-token: write
contents: read
steps:
- name: Prepare
id: prepare
run: |
role=arn:aws:iam::983851922138:role/GHA,$(basename $GITHUB_REPOSITORY)
aws_account_id=983851922138
case ${{github.ref}} in
refs/heads/master)
echo "version-postfix: <empty>"
echo "::set-output name=version-postfix::"
;;
*)
pr_number=${{github.event.number}}
if [ -z "$pr_number" ]; then
pr_number=${{github.event.issue.number}}
fi
echo "version-postfix: .dev$pr_number"
echo "::set-output name=version-postfix::.dev$pr_number"
;;
esac
echo role: $role
echo "::set-output name=role::$role"
echo "::set-output name=aws-account-id::$aws_account_id"
publish:
runs-on: ubuntu-22.04
needs: [prepare-publish]
name: Publish
timeout-minutes: 5
if: github.event_name != 'pull_request' || github.event.action != 'closed'
permissions:
id-token: write
contents: read
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: 3.9
- name: Install dependencies
run: sudo apt-get install libffi7
- run: |
python3 -m venv venv
source venv/bin/activate
- uses: actions/cache@v4
with:
path: |
${{ env.pythonLocation }}
venv
key: ${{ env.pythonLocation }}-${{ hashFiles('requirements*.txt') }}
- name: Configure AWS Credentials (eu-central-1)
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: arn:aws:iam::983851922138:role/GHA,CodeArtifact
aws-region: eu-central-1
role-duration-seconds: 900
- name: Login CodeArtifact
run: aws codeartifact login --tool pip --domain mobsuccess --domain-owner 983851922138 --repository python
- run: source venv/bin/activate && for r in requirements*.txt; do pip install -r $r; done
- uses: aws-actions/setup-sam@v1
- uses: aws-actions/configure-aws-credentials@v1
name: Configure AWS Credentials (eu-central-1)
with:
role-to-assume: ${{needs.prepare-publish.outputs.role}}
aws-region: eu-central-1
role-duration-seconds: 900
- name: Build and publish
run: |
export TWINE_USERNAME=aws
export TWINE_PASSWORD=`aws codeartifact get-authorization-token --domain mobsuccess --domain-owner ${{ needs.prepare-publish.outputs.aws-account-id }} --query authorizationToken --output text`
export TWINE_REPOSITORY_URL=`aws codeartifact get-repository-endpoint --domain mobsuccess --domain-owner ${{ needs.prepare-publish.outputs.aws-account-id }} --repository python --format pypi --query repositoryEndpoint --output text`
export PYTHON_PACKAGE_VERSION_POSTFIX=.$GITHUB_RUN_ID${{needs.prepare-publish.outputs.version-postfix}}
echo PYTHON_PACKAGE_VERSION_POSTFIX=$PYTHON_PACKAGE_VERSION_POSTFIX
if [ -e Makefile ] && grep -q ^stubs: Makefile; then source venv/bin/activate && make stubs; fi
source venv/bin/activate && python setup.py sdist bdist_wheel
package_name=$(grep ^Name: *.egg-info/PKG-INFO | sed -e 's/^.*: //')
package_version=$(grep ^Version: *.egg-info/PKG-INFO | sed -e 's/^.*: //')
aws codeartifact delete-package-versions --domain mobsuccess --repo python --format pypi --package "$package_name" --versions "$package_version" || true
source venv/bin/activate && twine upload --verbose dist/*
notify:
needs:
[
flake8,
black,
test,
pyright,
check_stubs,
publish,
]
if: failure()
runs-on: ubuntu-22.04
steps:
- name: Notify
uses: mobsuccess-devops/github-actions-notify@master
with:
notify-type: "workflow-failure"
slack-token: ${{ secrets.SLACK_TOKEN_MSBOT }}
slack-channel: ${{ vars.SLACK_CHANNEL_NOTIFY_WORKFLOW_FAIL }}
platform-pat: ${{ secrets.MS_PLATFORM_LIST_USERS_PAT }}
# DO NOT EDIT: END
Loading