-
Notifications
You must be signed in to change notification settings - Fork 9
196 lines (194 loc) · 6.98 KB
/
docker-image.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
name: Pycroft CI
on:
push:
branches: [ master, develop ]
pull_request:
jobs:
pre-commit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
# TODO: find a way to shallow clone precisely pr_base..pr_head;
# wee need this context to do an adequate `darker` report.
# as it stands this is wasteful.
# assuming no PR has more than 50 commits.
fetch-depth: 50
- uses: actions/setup-python@v5
with:
python-version: '3.11'
cache: 'pip'
- name: "Run pre-commit hooks for HEAD"
uses: pre-commit/[email protected]
if: github.event_name != 'pull_request'
- name: "Run pre-commit hooks for PR range"
uses: pre-commit/[email protected]
with:
extra_args: >
--from-ref=${{ github.event.pull_request.base.sha }}
--to-ref=${{ github.event.pull_request.head.sha }}
if: github.event_name == 'pull_request'
python-lint:
runs-on: ubuntu-latest
steps:
- name: Check out pycroft and submodules
uses: actions/checkout@v4
with:
submodules: recursive
- uses: actions/setup-python@v5
with:
python-version: '3.11'
# cache: 'pip'
- name: set up `uv`
run: pip install uv && uv pip list
- name: restore uv cache
uses: actions/cache/restore@v4
id: cache-uv-restore
with:
path: ~/.cache/uv
key: uv
- name: install pip dependencies with uv
run: >
uv pip sync --system requirements.dev.txt
&& uv pip install --system . deps/wtforms-widgets
&& uv pip list --system
id: pip-install
- name: save uv cache
uses: actions/cache/save@v4
id: cache-uv-save
with:
path: ~/.cache/uv
key: uv
# now come the tests
- name: Execute ruff
run: ruff check --output-format=github .
if: success() || steps.pip-install.conclusion == 'success'
- name: Execute mypy
run: ./scripts/run_mypy.sh
if: success() || steps.pip-install.conclusion == 'success'
# docs stuff
- name: Build sphinx docs
run: make SPHINXOPTS="-EN -w sphinx.log" -C doc html
if: success() || steps.pip-install.conclusion == 'success'
- name: Render sphinx warnings as annotations
run: python ./scripts/render_sphinx_log.py doc/sphinx.log
if: success() || steps.pip-install.conclusion == 'success'
- name: Publish sphinx docs as pages artifact
uses: actions/upload-pages-artifact@v3
with:
path: doc/_build/html
# see https://github.com/actions/deploy-pages#usage
deploy-docs:
if: (github.event_name == 'push') && (github.ref == 'refs/heads/develop' || github.ref == 'refs/heads/master')
# Add a dependency to the build job
needs: python-lint
# Grant GITHUB_TOKEN the permissions required to make a Pages deployment
permissions:
pages: write # to deploy to Pages
id-token: write # to verify the deployment originates from an appropriate source
# Deploy to the github-pages environment. see
# https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment
# for general information abotu environments.
environment:
name: github-pages
url: ${{ steps.deployment.outputs.page_url }}
runs-on: ubuntu-latest
steps:
- name: Deploy sphinx docs to GitHub Pages
id: deployment
uses: actions/deploy-pages@v4
npm-build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: oven-sh/setup-bun@v1
with:
bun-version: 1.1.26
- run: bun install --frozen-lockfile
- run: bun run bundle --prod
- name: Check for outdated NPM packages
run: ./scripts/bun_outdated.sh | tee "${GITHUB_STEP_SUMMARY}"
build:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
submodules: 'true'
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
version: v0.10.0
- name: Fix permissions
run: sudo chmod -R a+rw .
- name: print buildx definition
run: docker buildx bake --file docker-compose.prod.yml --print
- name: Build the Docker image
run: docker buildx bake --file docker-compose.prod.yml --load
- name: Login to GitLab Registry
uses: docker/login-action@v3
with:
registry: registry.agdsn.de
username: "github-actions"
password: ${{ secrets.GITLAB_REGISTRY_PASSWORD }}
- name: Tag built image
run: docker tag agdsn/pycroft-prod:latest registry.agdsn.de/agdsn/coreos/pycroft/pycroft:${GITHUB_REF##*/}
- name: Push to GitLab registry
run: docker push registry.agdsn.de/agdsn/coreos/pycroft/pycroft:${GITHUB_REF##*/}
test:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
submodules: 'true'
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
version: v0.10.0
- name: Fix permissions
run: sudo chmod -R a+rw .
- name: print buildx definition
run: docker buildx bake --print
- name: Build
run: docker buildx bake --load
- name: Run test-app entrypoints
run: docker compose -f docker-compose.test.yml run --rm --no-deps test-app
- name: Start
run: docker compose -f docker-compose.test.yml up --quiet-pull --wait --wait-timeout=60 test-app
- name: list npm packages for debug output
run: docker compose -f docker-compose.test.yml run --rm test-app shell bun pm ls --all
- name: Run esbuild
run: docker compose -f docker-compose.test.yml run --rm test-app bun run bundle --prod
- name: Run tests
run: >
docker compose -f docker-compose.test.yml run --rm test-app
test -m "not legacy"
--junitxml=junit/test-results.xml
--cov=pycroft --cov=web --cov=ldap_sync --cov=hades_logs --cov-append
--cov-report html --cov-report xml
- name: Publish Test Report
uses: mikepenz/action-junit-report@v4
if: always() # always run even if the previous step fails
with:
report_paths: 'junit/test-*.xml'
- name: Publish coverage XML report as markdown comment
uses: irongut/[email protected]
with:
filename: coverage.xml
badge: true
fail_below_min: false
format: markdown
hide_branch_rate: false
hide_complexity: true
indicators: true
output: both
thresholds: '60 80'
- name: Add Coverage to PR summary
run: cat code-coverage-results.md >> $GITHUB_STEP_SUMMARY
- name: Publish coverage HTML report as artifact
uses: actions/upload-artifact@v4
if: always()
with:
name: coverage
path: htmlcov