update python-copier-template to branch ci-split

.copier-answers.yml

@@ -1,5 +1,5 @@
 # Changes here will be overwritten by Copier
-_commit: 1.0.0
+_commit: 1.0.0-8-g1361223
 _src_path: gh:DiamondLightSource/python-copier-template
 author_email: [email protected]
 author_name: Tom Cobb

.devcontainer/devcontainer.json

@@ -3,11 +3,7 @@
     "name": "Python 3 Developer Container",
     "build": {
         "dockerfile": "../Dockerfile",
-        "target": "build",
-        // Only upgrade pip, we will install the project below
-        "args": {
-            "PIP_OPTIONS": "--upgrade pip"
-        }
+        "target": "developer"
     },
     "remoteEnv": {
         "DISPLAY": "${localEnv:DISPLAY}"
@@ -19,11 +15,11 @@
             "upgradePackages": false
         }
     },
-    // Set *default* container specific settings.json values on container create.
-    "settings": {
-        "python.defaultInterpreterPath": "/venv/bin/python"
-    },
     "customizations": {
+        // Set *default* container specific settings.json values on container create.
+        "settings": {
+            "python.defaultInterpreterPath": "/venv/bin/python"
+        },
         "vscode": {
             // Add the IDs of extensions you want installed when the container is created.
             "extensions": [
@@ -51,4 +47,4 @@
     "workspaceFolder": "${localWorkspaceFolder}",
     // After the container is created, install the python project in editable form
     "postCreateCommand": "pip install -e '.[dev]'"
-}
+}

.github/actions/install_requirements/action.yml

@@ -1,60 +1,34 @@
 name: Install requirements
-description: Run pip install with requirements and upload resulting requirements
+description: Install a version of python then call pip install and report what was installed
 inputs:
-  requirements_file:
-    description: Name of requirements file to use and upload
-    required: true
-  install_options:
+  python-version:
+    description: Python version to install, default is from Dockerfile
+    default: "dev"
+  pip-install:
     description: Parameters to pass to pip install
-    required: true
-  artifact_name:
-    description: A user friendly name to give the produced artifacts
-    required: true
-  python_version:
-    description: Python version to install
-    default: "3.x"
+    default: "-e .[dev]"
 
 runs:
   using: composite
-
   steps:
+    - name: Get version of python
+      run: |
+        PYTHON_VERSION="${{ inputs.python-version }}"
+        if [ $PYTHON_VERSION == "dev" ]; then
+          PYTHON_VERSION=$(sed -n "s/ARG PYTHON_VERSION=//p" Dockerfile)
+        fi
+        echo "PYTHON_VERSION=$PYTHON_VERSION" >> "$GITHUB_ENV"
+      shell: bash
+
     - name: Setup python
       uses: actions/setup-python@v5
       with:
-        python-version: ${{ inputs.python_version }}
+        python-version: ${{ env.PYTHON_VERSION }}
 
-    - name: Pip install
-      run: |
-        touch ${{ inputs.requirements_file }}
-        # -c uses requirements.txt as constraints, see 'Validate requirements file'
-        pip install -c ${{ inputs.requirements_file }} ${{ inputs.install_options }}
+    - name: Install packages
+      run: pip install ${{ inputs.pip-install }}
       shell: bash
 
-    - name: Create lockfile
-      run: |
-        mkdir -p lockfiles
-        pip freeze --exclude-editable > lockfiles/${{ inputs.requirements_file }}
-        # delete the self referencing line and make sure it isn't blank
-        sed -i'' -e '/file:/d' lockfiles/${{ inputs.requirements_file }}
-      shell: bash
-
-    - name: Upload lockfiles
-      uses: actions/[email protected]
-      with:
-        name: lockfiles-${{ inputs.python_version }}-${{ inputs.artifact_name }}-${{ github.sha }}
-        path: lockfiles
-
-    # This eliminates the class of problems where the requirements being given no
-    # longer match what the packages themselves dictate. E.g. In the rare instance
-    # where I install some-package which used to depend on vulnerable-dependency
-    # but now uses good-dependency (despite being nominally the same version)
-    # pip will install both if given a requirements file with -r
-    - name: If requirements file exists, check it matches pip installed packages
-      run: |
-        if [ -s ${{ inputs.requirements_file }} ]; then
-          if ! diff -u ${{ inputs.requirements_file }} lockfiles/${{ inputs.requirements_file }}; then
-            echo "Error: ${{ inputs.requirements_file }} need the above changes to be exhaustive"
-            exit 1
-          fi
-        fi
+    - name: Report what was installed
+      run: pip freeze
       shell: bash

.github/dependabot.yml

@@ -10,11 +10,15 @@ updates:
     schedule:
       interval: "weekly"
     groups:
-      github-artifacts:
+      actions:
         patterns:
-          - actions/*-artifact
+          - "*"
 
   - package-ecosystem: "pip"
     directory: "/"
     schedule:
       interval: "weekly"
+    groups:
+      dev-dependencies:
+        patterns:
+          - "*"

.github/pages/make_switcher.py

@@ -24,7 +24,7 @@ def get_sorted_tags_list() -> List[str]:
     return report_output(stdout, "Tags list")
 
 
-def get_versions(ref: str, add: Optional[str], remove: Optional[str]) -> List[str]:
+def get_versions(ref: str, add: Optional[str]) -> List[str]:
     """Generate the file containing the list of all GitHub Pages builds."""
     # Get the directories (i.e. builds) from the GitHub Pages branch
     try:
@@ -36,9 +36,6 @@ def get_versions(ref: str, add: Optional[str], remove: Optional[str]) -> List[st
     # Add and remove from the list of builds
     if add:
         builds.add(add)
-    if remove:
-        assert remove in builds, f"Build '{remove}' not in {sorted(builds)}"
-        builds.remove(remove)
 
     # Get a sorted list of tags
     tags = get_sorted_tags_list()
@@ -59,7 +56,7 @@ def get_versions(ref: str, add: Optional[str], remove: Optional[str]) -> List[st
 def write_json(path: Path, repository: str, versions: str):
     org, repo_name = repository.split("/")
     struct = [
-        {"version": version, "url": f"https://{org}.github.io/{repo_name}/{version}/"}
+        dict(version=version, url=f"https://{org}.github.io/{repo_name}/{version}/")
         for version in versions
     ]
     text = json.dumps(struct, indent=2)
@@ -69,16 +66,12 @@ def write_json(path: Path, repository: str, versions: str):
 
 def main(args=None):
     parser = ArgumentParser(
-        description="Make a versions.txt file from gh-pages directories"
+        description="Make a versions.json file from gh-pages directories"
     )
     parser.add_argument(
         "--add",
         help="Add this directory to the list of existing directories",
     )
-    parser.add_argument(
-        "--remove",
-        help="Remove this directory from the list of existing directories",
-    )
     parser.add_argument(
         "repository",
         help="The GitHub org and repository name: ORG/REPO",
@@ -91,7 +84,7 @@ def main(args=None):
     args = parser.parse_args(args)
 
     # Write the versions file
-    versions = get_versions("origin/gh-pages", args.add, args.remove)
+    versions = get_versions("origin/gh-pages", args.add)
     write_json(args.output, args.repository, versions)
 
 

.github/workflows/_check.yml

@@ -0,0 +1,28 @@
+on:
+  workflow_call:
+    outputs:
+      not-in-pr:
+        description: The PR number if the branch is in one
+        value: ${{ jobs.pr.outputs.not-in-pr }}
+
+jobs:
+  pr:
+    runs-on: "ubuntu-latest"
+    outputs:
+      not-in-pr: ${{ steps.script.outputs.result }}
+    steps:
+      - uses: actions/github-script@v7
+        id: script
+        if: github.event_name == 'push'
+        with:
+          script: |
+            const prs = await github.rest.pulls.list({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              head: context.repo.owner + ':${{ github.ref_name }}'
+            })
+            if (prs.data.length) {
+              console.log(`::notice ::Skipping CI on branch push as it is already run in PR #${prs.data[0]["number"]}`)
+            } else {
+              return "not-in-pr"
+            }

.github/workflows/_container.yml

@@ -0,0 +1,56 @@
+on:
+  workflow_call:
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          # Need this to get version number from last tag
+          fetch-depth: 0
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to GitHub Docker Registry
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and export to Docker local cache
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          # Need load and tags so we can test it below
+          load: true
+          tags: tag_for_testing
+
+      - name: Test cli works in cached runtime image
+        run: docker run --rm tag_for_testing --version
+
+      - name: Create tags for publishing image
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ghcr.io/${{ github.repository }}
+          tags: |
+            type=ref,event=tag
+            type=raw,value=latest
+
+      - name: Push cached image to container registry
+        if: github.ref_type == 'tag'
+        uses: docker/build-push-action@v5
+        # This does not build the image again, it will find the image in the
+        # Docker cache and publish it
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}

.github/workflows/_dist.yml

@@ -0,0 +1,36 @@
+on:
+  workflow_call:
+
+jobs:
+  build:
+    runs-on: "ubuntu-latest"
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          # Need this to get version number from last tag
+          fetch-depth: 0
+
+      - name: Build sdist and wheel
+        run: >
+          export SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct) &&
+          pipx run build
+
+      - name: Upload sdist and wheel as artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: dist
+          path: dist
+
+      - name: Check for packaging errors
+        run: pipx run twine check --strict dist/*
+
+      - name: Install produced wheel
+        uses: ./.github/actions/install_requirements
+        with:
+          pip-install: dist/*.whl
+
+      - name: Test module --version works using the installed wheel
+        # If more than one module in src/ replace with module name to test
+        run: python -m $(ls --hide='*.egg-info' src | head -1) --version

.github/workflows/docs.yml → .github/workflows/_docs.yml

@@ -1,54 +1,53 @@
-name: Docs CI
-
 on:
-  push:
-  pull_request:
+  workflow_call:
 
 jobs:
-  docs:
-    if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.repository
+  build:
     runs-on: ubuntu-latest
 
     steps:
-      - name: Avoid git conflicts when tag and branch pushed at same time
-        if: startsWith(github.ref, 'refs/tags')
-        run: sleep 60
-
       - name: Checkout
         uses: actions/checkout@v4
         with:
           # Need this to get version number from last tag
           fetch-depth: 0
 
       - name: Install system packages
-        # Can delete this if you don't use graphviz in your docs
         run: sudo apt-get install graphviz
 
       - name: Install python packages
         uses: ./.github/actions/install_requirements
-        with:
-          requirements_file: requirements-dev-3.x.txt
-          install_options: -e .[dev]
-          artifact_name: docs
 
       - name: Build docs
         run: tox -e docs
 
+      - name: Remove environment.pickle
+        run: rm build/html/.doctrees/environment.pickle
+
       - name: Sanitize ref name for docs version
         run: echo "DOCS_VERSION=${GITHUB_REF_NAME//[^A-Za-z0-9._-]/_}" >> $GITHUB_ENV
 
       - name: Move to versioned directory
-        run: mv build/html .github/pages/$DOCS_VERSION
+        run: mv build/html build/$DOCS_VERSION
+
+      - name: Upload built docs artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: docs
+          path: build
+
+      - name: Add other static pages files
+        run: cp .github/pages/* build
 
       - name: Write switcher.json
-        run: python .github/pages/make_switcher.py --add $DOCS_VERSION ${{ github.repository }} .github/pages/switcher.json
+        run: python .github/pages/make_switcher.py --add $DOCS_VERSION ${{ github.repository }} build/switcher.json
 
       - name: Publish Docs to gh-pages
-        if: github.event_name == 'push' && github.actor != 'dependabot[bot]'
+        if: github.ref_type == 'tag' || github.ref_name == 'main'
         # We pin to the SHA, not the tag, for security reasons.
         # https://docs.github.com/en/actions/learn-github-actions/security-hardening-for-github-actions#using-third-party-actions
-        uses: peaceiris/actions-gh-pages@64b46b4226a4a12da2239ba3ea5aa73e3163c75b # v3.9.1
+        uses: peaceiris/actions-gh-pages@373f7f263a76c20808c831209c920827a82a2847 # v3.9.3
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
-          publish_dir: .github/pages
+          publish_dir: build
           keep_files: true