Skip to content

Update to release workflow template file #8

Update to release workflow template file

Update to release workflow template file #8

name: Pull request validation workflow
on:
pull_request:
types:
- opened
- synchronize
- labeled
paths-ignore:
- '**.md'
env:
GCR_TOKEN: ${{ secrets.GCR_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
STEP_SCRIPTS: ${{ github.workspace }}/.github/steps/pull-request
jobs:
update-pr-branch-version:
runs-on: ubuntu-latest
outputs:
new-version: ${{ steps.update-version.outputs.new-version }}
steps:
- uses: uwit-iam/actions/[email protected]
id: guidance
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
- uses: uwit-iam/actions/update-pr-branch-version@main
with:
github-token: ${{ env.GITHUB_TOKEN }}
version-guidance: ${{ steps.guidance.outputs.guidance }}
id: update-version
validate-image-quality:
permissions:
contents: write
id-token: write
pull-requests: write
needs: [update-pr-branch-version]
runs-on: ubuntu-latest
env:
APP_VERSION: ${{ needs.update-pr-branch-version.outputs.new-version }}
pr_tag: pull-request-${{ github.event.pull_request.number }} # e.g., "pull-request-15"
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.ref }}
- name: Set up environment
id: configure
run: |
sudo apt-get -y install jq
pip install poetry
poetry install
- name: Auth to Google Cloud
# important! this 'auth' is referenced as `steps.auth` on the next job
id: auth
# https://github.com/google-github-actions/auth#authenticating-via-service-account-key-json-1
uses: 'google-github-actions/auth@v1'
with:
credentials_json: '${{ secrets.MCI_GCLOUD_AUTH_JSON }}'
token_format: 'access_token'
- name: Auth to Google Artifact Registry
# https://github.com/google-github-actions/auth#authenticating-to-container-registry-and-artifact-registry
# requires role: roles/iam.serviceAccountTokenCreator
run: |-
echo '${{ steps.auth.outputs.access_token }}' | docker login -u oauth2accesstoken --password-stdin https://us-docker.pkg.dev
- run: |
# this will tag the image with e.g., "pull-request-15"
# NOTE that this produces tags for ${template:app_name}.dependencies, ${template:app_name}.app, ${template:app_name}.tests (but not "${template:app_name}")
./scripts/build.sh -t "${{ env.pr_tag }}" --cache
# TODO: this container image URI should be dynamically generated from e..g, fingerprints.yaml
- run: docker push us-docker.pkg.dev/uwit-mci-iam/containers/${template:app_name}.app:${{ env.pr_tag }}
- name: Run validation checks and tests
run: |
poetry run pytest
poetry run flake8
poetry run black --check .
id: run-validations
- uses: mshick/add-pr-comment@v1
env:
# TODO: this container image URI should be dynamically generated from e..g, fingerprints.yaml
image: us-docker.pkg.dev/uwit-mci-iam/containers/${template:app_name}.app:${{ env.pr_tag }}
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
repo-token-user-login: 'github-actions[bot]'
allow-repeats: false
message: |
Download and run the latest build with:
```
docker pull ${{ env.image }}
docker run -it ${{ env.image }}
```