-
Notifications
You must be signed in to change notification settings - Fork 0
172 lines (140 loc) · 4.58 KB
/
ci.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
name: CI
env:
PYTHON_VERSION: "3.12"
"on":
merge_group: {}
pull_request: {}
push:
branches-ignore:
# These should always correspond to pull requests, so ignore them for
# the push trigger and let them be triggered by the pull_request
# trigger, avoiding running the workflow twice. This is a minor
# optimization so there's no need to ensure this is comprehensive.
- "dependabot/**"
- "gh-readonly-queue/**"
- "renovate/**"
- "tickets/**"
- "u/**"
tags:
- "*"
release:
types: [published]
jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: ${{ env.PYTHON_VERSION }}
- name: Run pre-commit
uses: pre-commit/[email protected]
test:
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: ${{ env.PYTHON_VERSION }}
- name: Start Kafka
run: docker compose -f kafka-compose.yaml up -d
- name: Run nox
uses: lsst-sqre/run-nox@v1
with:
cache-dependency: "*/pyproject.toml"
nox-sessions: "typing test"
python-version: ${{ env.PYTHON_VERSION }}
- name: Stop Kafka
run: docker compose -f kafka-compose.yaml down
docs:
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- uses: actions/checkout@v4
with:
# Ensure the documentation gets the right version.
fetch-depth: 0
- name: Update package lists
run: sudo apt-get update
- name: Install extra packages
run: sudo apt install -y graphviz
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: ${{ env.PYTHON_VERSION }}
- name: Run nox
uses: lsst-sqre/run-nox@v1
with:
cache-dependency: "*/pyproject.toml"
nox-sessions: "docs"
python-version: ${{ env.PYTHON_VERSION }}
# Only attempt documentation uploads for long-lived branches, tagged
# releases, and pull requests from ticket branches. This avoids version
# clutter in the docs and failures when a PR doesn't have access to
# secrets.
- name: Upload to LSST the Docs
uses: lsst-sqre/ltd-upload@v1
with:
project: squarebot
dir: "docs/_build/html"
username: ${{ secrets.LTD_USERNAME }}
password: ${{ secrets.LTD_PASSWORD }}
if: >
github.event_name != 'merge_group'
&& (github.event_name != 'pull_request'
|| startsWith(github.head_ref, 'tickets/'))
build:
runs-on: ubuntu-latest
needs: [lint, test]
# Only do Docker builds of tagged releases and pull requests from ticket
# branches. This will still trigger on pull requests from untrusted
# repositories whose branch names match our tickets/* branch convention,
# but in this case the build will fail with an error since the secret
# won't be set.
if: >
startsWith(github.ref, 'refs/tags/')
|| startsWith(github.head_ref, 'tickets/')
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # full history for setuptools_scm
- uses: lsst-sqre/build-and-push-to-ghcr@v1
id: build
with:
image: ${{ github.repository }}
github_token: ${{ secrets.GITHUB_TOKEN }}
- run: echo Pushed ghcr.io/${{ github.repository }}/${{ steps.build.outputs.tag }}
test-package:
name: Test PyPI package build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # full history for setuptools_scm
- name: Build and publish
uses: lsst-sqre/build-and-publish-to-pypi@v2
with:
python-version: ${{ env.PYTHON_VERSION }}
upload: "false"
working-directory: "client"
pypi-publish:
name: Upload release to PyPI
runs-on: ubuntu-latest
environment:
name: pypi
url: https://pypi.org/p/rubin-squarebot
permissions:
id-token: write
if: github.event_name == 'release' && github.event.action == 'published'
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # full history for setuptools_scm
- name: Build and publish
uses: lsst-sqre/build-and-publish-to-pypi@v2
with:
python-version: ${{ env.PYTHON_VERSION }}
working-directory: "client"