debug #246
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Pipeline | |
| on: | |
| push: | |
| branches: | |
| - develop | |
| - feat/* | |
| - hotfix/* | |
| - main | |
| pull_request: | |
| branches: | |
| - develop | |
| - feat/* | |
| - hotfix/* | |
| - main | |
| jobs: | |
| init: | |
| name: Init | |
| runs-on: ubuntu-24.04 | |
| outputs: | |
| VERSION: ${{ steps.version.outputs.version }} | |
| VERSION_FULL: ${{ steps.version.outputs.version_full }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/[email protected] | |
| with: | |
| # We need all Git history for "version.sh" | |
| fetch-depth: 0 | |
| # Ensure "version.sh" submodule are up-to-date | |
| submodules: recursive | |
| - name: Generate versions | |
| id: version | |
| run: | | |
| echo "version=$(bash cicd/version/version.sh -g . -c)" >> $GITHUB_OUTPUT | |
| echo "version_full=$(bash cicd/version/version.sh -g . -c -m)" >> $GITHUB_OUTPUT | |
| test: | |
| name: Test | |
| permissions: | |
| id-token: write | |
| runs-on: ubuntu-24.04 | |
| needs: | |
| - init | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| step: | |
| - test-static | |
| # - test-unit | |
| python-version: | |
| - '3.12' | |
| - '3.13' | |
| steps: | |
| - name: Checkout | |
| uses: actions/[email protected] | |
| - name: Set up Python | |
| uses: actions/[email protected] | |
| with: | |
| cache: pip | |
| python-version: "3.13" | |
| - name: Login to Azure | |
| uses: Azure/[email protected] | |
| with: | |
| client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
| subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
| - name: Cache pytest | |
| uses: actions/[email protected] | |
| with: | |
| key: pytest-${{ github.head_ref || github.ref_name }}-${{ hashFiles('requirements-dev.txt') }} | |
| path: .pytest_cache | |
| - name: Cache Ruff | |
| uses: actions/[email protected] | |
| with: | |
| key: ruff-${{ github.head_ref || github.ref_name }}-${{ hashFiles('requirements-dev.txt') }} | |
| path: .ruff_cache | |
| - name: Set up dependencies | |
| run: make install-deps | |
| - name: Configure environment variables | |
| run: echo "${{ secrets.DOTENV_UNIT_TESTS }}" > .env | |
| - name: Run tests | |
| run: make ${{ matrix.step }} version_full=${{ needs.init.outputs.VERSION_FULL }} | |
| - name: Upload artifacts | |
| uses: actions/[email protected] | |
| if: always() | |
| with: | |
| compression-level: 9 | |
| name: test-results | |
| path: test-reports/* | |
| build-wheels: | |
| name: Build wheels | |
| runs-on: ubuntu-24.04 | |
| needs: | |
| - init | |
| - test | |
| steps: | |
| - name: Checkout | |
| uses: actions/[email protected] | |
| - name: Set up Python | |
| uses: actions/[email protected] | |
| with: | |
| cache: pip | |
| python-version: "3.13" | |
| - name: Set up build dependencies | |
| run: | | |
| python3 -m pip install --upgrade pip build | |
| - name: Write version | |
| run: echo '__version__ = "${{ needs.init.outputs.VERSION_FULL }}"' > app/__init__.py | |
| - name: Build wheels | |
| run: | | |
| make build | |
| - name: Upload artifacts | |
| uses: actions/[email protected] | |
| with: | |
| compression-level: 9 | |
| name: wheels | |
| path: dist/*.whl | |
| attest-binaries: | |
| name: Attest binaries | |
| permissions: | |
| contents: write | |
| id-token: write | |
| runs-on: ubuntu-24.04 | |
| needs: | |
| - build-wheels | |
| steps: | |
| - name: Download artifacts | |
| uses: actions/[email protected] | |
| with: | |
| name: wheels-* | |
| - name: Generate attestations | |
| uses: actions/[email protected] | |
| with: | |
| subject-path: dist/* | |
| attest-dependencies: | |
| name: Attest dependencies | |
| permissions: | |
| contents: write | |
| id-token: write | |
| runs-on: ubuntu-24.04 | |
| needs: | |
| - test | |
| steps: | |
| - name: Checkout | |
| uses: actions/[email protected] | |
| - name: Run attestation | |
| uses: advanced-security/[email protected] | |
| with: | |
| directoryExclusionList: docs | |
| attest-sbom: | |
| name: Attest SBOM | |
| runs-on: ubuntu-24.04 | |
| needs: | |
| - init | |
| - test | |
| steps: | |
| - name: Checkout | |
| uses: actions/[email protected] | |
| - name: Init Syft | |
| uses: anchore/sbom-action/[email protected] | |
| - name: Run attestation | |
| run: make sbom version_full=${{ needs.init.outputs.VERSION_FULL }} | |
| - name: Upload results to release | |
| uses: actions/[email protected] | |
| with: | |
| compression-level: 9 | |
| name: sbom | |
| path: sbom-reports/* | |
| publish-testpypi: | |
| name: Publish to TestPyPI | |
| environment: | |
| name: testpypi | |
| url: https://test.pypi.org/p/scrape-it-now | |
| permissions: | |
| id-token: write | |
| runs-on: ubuntu-24.04 | |
| needs: | |
| - attest-binaries | |
| - attest-dependencies | |
| - attest-sbom | |
| - build-wheels | |
| steps: | |
| - name: Download artifacts | |
| uses: actions/[email protected] | |
| with: | |
| merge-multiple: true | |
| path: dist | |
| pattern: wheels-* | |
| - name: Publish to TestPyPI | |
| uses: pypa/[email protected] | |
| with: | |
| repository-url: https://test.pypi.org/legacy | |
| publish-pypi: | |
| name: Publish to PyPI | |
| environment: | |
| name: pypi | |
| url: https://pypi.org/p/scrape-it-now | |
| permissions: | |
| id-token: write | |
| runs-on: ubuntu-24.04 | |
| needs: | |
| # Always publish first to TestPyPI as a safety precaution | |
| - publish-testpypi | |
| if: github.ref == 'refs/heads/main' | |
| steps: | |
| - name: Download artifacts | |
| uses: actions/[email protected] | |
| with: | |
| merge-multiple: true | |
| path: dist | |
| pattern: wheels-* | |
| - name: Publish to PyPI | |
| uses: pypa/[email protected] | |
| publish-release: | |
| name: Publish release | |
| permissions: | |
| contents: write | |
| runs-on: ubuntu-24.04 | |
| needs: | |
| - attest-binaries | |
| - attest-dependencies | |
| - attest-sbom | |
| - build-wheels | |
| - init | |
| if: github.ref == 'refs/heads/main' | |
| steps: | |
| - name: Download artifacts | |
| id: download | |
| uses: actions/[email protected] | |
| with: | |
| merge-multiple: true | |
| path: artifacts | |
| - name: Publish | |
| uses: softprops/[email protected] | |
| with: | |
| files: artifacts/* | |
| generate_release_notes: true | |
| make_latest: true | |
| name: scrape-it-now v${{ needs.init.outputs.VERSION }} | |
| tag_name: v${{ needs.init.outputs.VERSION }} |