confirm group membership ending #1447
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Pycroft CI | |
on: | |
push: | |
branches: [ master, develop ] | |
pull_request: | |
jobs: | |
pre-commit: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
# TODO: find a way to shallow clone precisely pr_base..pr_head; | |
# wee need this context to do an adequate `darker` report. | |
# as it stands this is wasteful. | |
# assuming no PR has more than 50 commits. | |
fetch-depth: 50 | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: '3.12' | |
cache: 'pip' | |
- name: "Run pre-commit hooks for HEAD" | |
uses: pre-commit/[email protected] | |
if: github.event_name != 'pull_request' | |
- name: "Run pre-commit hooks for PR range" | |
uses: pre-commit/[email protected] | |
with: | |
extra_args: > | |
--from-ref=${{ github.event.pull_request.base.sha }} | |
--to-ref=${{ github.event.pull_request.head.sha }} | |
if: github.event_name == 'pull_request' | |
python-lint: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out pycroft and submodules | |
uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: '3.12' | |
# cache: 'pip' | |
- name: set up `uv` | |
run: pip install uv && uv pip list | |
- name: restore uv cache | |
uses: actions/cache/restore@v4 | |
id: cache-uv-restore | |
with: | |
path: ~/.cache/uv | |
key: uv | |
- name: install pip dependencies with uv | |
run: > | |
uv pip sync --system requirements.dev.txt | |
&& uv pip install --system . deps/wtforms-widgets | |
&& uv pip list --system | |
id: pip-install | |
- name: save uv cache | |
uses: actions/cache/save@v4 | |
id: cache-uv-save | |
with: | |
path: ~/.cache/uv | |
key: uv | |
# now come the tests | |
- name: Execute ruff | |
run: ruff check --output-format=github . | |
if: success() || steps.pip-install.conclusion == 'success' | |
- name: Execute mypy | |
run: ./scripts/run_mypy.sh | |
if: success() || steps.pip-install.conclusion == 'success' | |
# docs stuff | |
- name: Build sphinx docs | |
run: make SPHINXOPTS="-EN -w sphinx.log" -C doc html | |
if: success() || steps.pip-install.conclusion == 'success' | |
- name: Render sphinx warnings as annotations | |
run: python ./scripts/render_sphinx_log.py doc/sphinx.log | |
if: success() || steps.pip-install.conclusion == 'success' | |
- name: Publish sphinx docs as pages artifact | |
uses: actions/upload-pages-artifact@v3 | |
with: | |
path: doc/_build/html | |
# see https://github.com/actions/deploy-pages#usage | |
deploy-docs: | |
if: (github.event_name == 'push') && (github.ref == 'refs/heads/develop' || github.ref == 'refs/heads/master') | |
# Add a dependency to the build job | |
needs: python-lint | |
# Grant GITHUB_TOKEN the permissions required to make a Pages deployment | |
permissions: | |
pages: write # to deploy to Pages | |
id-token: write # to verify the deployment originates from an appropriate source | |
# Deploy to the github-pages environment. see | |
# https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment | |
# for general information abotu environments. | |
environment: | |
name: github-pages | |
url: ${{ steps.deployment.outputs.page_url }} | |
runs-on: ubuntu-latest | |
steps: | |
- name: Deploy sphinx docs to GitHub Pages | |
id: deployment | |
uses: actions/deploy-pages@v4 | |
npm-build: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: oven-sh/setup-bun@v1 | |
with: | |
bun-version: 1.1.26 | |
- run: bun install --frozen-lockfile | |
- run: bun run bundle --prod | |
- name: Check for outdated NPM packages | |
run: ./scripts/bun_outdated.sh | tee "${GITHUB_STEP_SUMMARY}" | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
submodules: 'true' | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
with: | |
version: v0.10.0 | |
- name: Fix permissions | |
run: sudo chmod -R a+rw . | |
- name: print buildx definition | |
run: docker buildx bake --file docker-compose.prod.yml --print | |
- name: Build the Docker image | |
run: docker buildx bake --file docker-compose.prod.yml --load | |
- name: Login to GitLab Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: registry.agdsn.de | |
username: "github-actions" | |
password: ${{ secrets.GITLAB_REGISTRY_PASSWORD }} | |
- name: Tag built image | |
run: docker tag agdsn/pycroft-prod:latest registry.agdsn.de/agdsn/coreos/pycroft/pycroft:${GITHUB_REF##*/} | |
- name: Push to GitLab registry | |
run: docker push registry.agdsn.de/agdsn/coreos/pycroft/pycroft:${GITHUB_REF##*/} | |
test: | |
runs-on: ubuntu-latest | |
permissions: | |
id-token: write | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
submodules: 'true' | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
with: | |
version: v0.10.0 | |
- name: Fix permissions | |
run: sudo chmod -R a+rw . | |
- name: print buildx definition | |
run: docker buildx bake --print | |
- name: Build | |
run: docker buildx bake --load | |
- name: Run test-app entrypoints | |
run: docker compose -f docker-compose.test.yml run --rm --no-deps test-app | |
- name: Start | |
run: docker compose -f docker-compose.test.yml up --quiet-pull --wait --wait-timeout=60 test-app | |
- name: list npm packages for debug output | |
run: docker compose -f docker-compose.test.yml run --rm test-app shell bun pm ls --all | |
- name: Run esbuild | |
run: docker compose -f docker-compose.test.yml run --rm test-app bun run bundle --prod | |
- name: Run tests | |
run: > | |
docker compose -f docker-compose.test.yml run --rm test-app | |
test -m "not legacy" | |
--junitxml=junit/test-results.xml | |
--cov=pycroft --cov=web --cov=ldap_sync --cov=hades_logs --cov-append | |
--cov-report html --cov-report xml | |
- name: Publish Test Report | |
uses: mikepenz/action-junit-report@v4 | |
if: always() # always run even if the previous step fails | |
with: | |
report_paths: 'junit/test-*.xml' | |
annotate_only: true | |
- name: Publish coverage XML report as markdown comment | |
uses: irongut/[email protected] | |
with: | |
filename: coverage.xml | |
badge: true | |
fail_below_min: false | |
format: markdown | |
hide_branch_rate: false | |
hide_complexity: true | |
indicators: true | |
output: both | |
thresholds: '60 80' | |
- name: Add Coverage to PR summary | |
run: cat code-coverage-results.md >> $GITHUB_STEP_SUMMARY | |
- name: Publish coverage HTML report as artifact | |
uses: actions/upload-artifact@v4 | |
if: always() | |
with: | |
name: coverage | |
path: htmlcov | |
- name: Upload results to Codecov | |
uses: codecov/codecov-action@v5 | |
with: | |
disable_search: true | |
files: ./coverage.xml | |
use_oidc: true | |
verbose: true |