Skip to content

Merge pull request #13 from webis-de/dependabot/github_actions/docker… #41

Merge pull request #13 from webis-de/dependabot/github_actions/docker…

Merge pull request #13 from webis-de/dependabot/github_actions/docker… #41

Workflow file for this run

name: "CI"
on:
push:
jobs:
python-build:
name: "πŸ—οΈ Build Python wheels"
strategy:
matrix:
python:
- "3.11"
# - "3.12"
runs-on: ubuntu-latest
steps:
- name: "πŸ“₯ Check-out"
uses: actions/checkout@v4
- name: "🧰 Install Protoc"
run: sudo apt install protobuf-compiler
- name: "🧰 Install Python"
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python }}
cache: pip
cache-dependency-path: pyproject.toml
- name: "🧰 Install dependencies"
run: pip install build twine
- name: "πŸ—οΈ Build Python wheels"
run: python -m build
- name: "πŸ§ͺ Check package bundles"
run: twine check dist/*
- name: "πŸ“€ Upload Python wheels"
uses: actions/upload-artifact@v4
if: matrix.python == '3.11'
with:
name: wheels
path: dist
python-code-check:
name: "πŸ” Check Python code"
strategy:
matrix:
python:
- "3.11"
# - "3.12"
runs-on: ubuntu-latest
steps:
- name: "πŸ“₯ Check-out"
uses: actions/checkout@v4
- name: "🧰 Install Protoc"
run: sudo apt install protobuf-compiler
- name: "🧰 Install Python"
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python }}
cache: pip
cache-dependency-path: pyproject.toml
- name: "🧰 Install dependencies"
run: pip install .[tests]
- name: "πŸ” Check Python code"
run: ruff check .
# python-typing:
# name: "πŸ” Check Python static typing"
# strategy:
# matrix:
# python:
# - "3.11"
# # - "3.12"
# runs-on: ubuntu-latest
# steps:
# - name: "πŸ“₯ Check-out"
# uses: actions/checkout@v4
# - name: "🧰 Install Protoc"
# run: sudo apt install protobuf-compiler
# - name: "🧰 Install Python"
# uses: actions/setup-python@v5
# with:
# python-version: ${{ matrix.python }}
# cache: pip
# cache-dependency-path: pyproject.toml
# - name: "🧰 Install dependencies"
# run: pip install .[tests]
# - name: "πŸ” Check Python static typing"
# run: mypy .
python-security:
name: "πŸ” Check Python code security"
strategy:
matrix:
python:
- "3.11"
# - "3.12"
runs-on: ubuntu-latest
steps:
- name: "πŸ“₯ Check-out"
uses: actions/checkout@v4
- name: "🧰 Install Protoc"
run: sudo apt install protobuf-compiler
- name: "🧰 Install Python"
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python }}
cache: pip
cache-dependency-path: pyproject.toml
- name: "🧰 Install dependencies"
run: pip install .[tests]
- name: "πŸ” Check Python code security"
run: bandit -c pyproject.toml -r .
python-test:
name: "πŸ§ͺ Test Python code"
strategy:
matrix:
python:
- "3.11"
# - "3.12"
runs-on: ubuntu-latest
steps:
- name: "πŸ“₯ Check-out"
uses: actions/checkout@v4
- name: "🧰 Install Protoc"
run: sudo apt install protobuf-compiler
- name: "🧰 Install Python"
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python }}
cache: pip
cache-dependency-path: pyproject.toml
- name: "🧰 Install dependencies"
run: pip install .[tests]
- name: "πŸ§ͺ Test Python code"
run: pytest --cov --cov-report=xml .
- name: "πŸ“€ Upload coverage to Codecov"
uses: codecov/codecov-action@v4
if: matrix.python == '3.11'
with:
token: ${{ secrets.CODECOV_TOKEN }}
docker-build:
name: "πŸ—οΈ Build Docker image"
runs-on: ubuntu-latest
steps:
- name: "πŸ“₯ Check-out"
uses: actions/checkout@v4
- name: "🧰 Set up QEMU"
uses: docker/setup-qemu-action@v3
- name: "🧰 Set up Docker Buildx"
uses: docker/setup-buildx-action@v3
- name: "πŸ—οΈ Build Docker image"
uses: docker/build-push-action@v6
with:
context: .
push: false
python-publish:
name: "πŸš€ Publish Python wheels"
if: github.event_name == 'push' && endsWith(github.event.base_ref, 'main') && startsWith(github.ref, 'refs/tags')
needs:
- python-build
- python-code-check
# - python-typing
- python-security
- python-test
- docker-build
runs-on: ubuntu-latest
permissions:
id-token: write
steps:
- name: "πŸ“₯ Check-out"
uses: actions/checkout@v4
- name: "πŸ“₯ Download Python wheels"
uses: actions/download-artifact@v4
with:
name: wheels
path: dist
- name: "πŸš€ Publish Python wheels"
uses: pypa/gh-action-pypi-publish@release/v1
docker-publish:
name: "πŸš€ Publish Docker image"
if: github.event_name == 'push' && endsWith(github.event.base_ref, 'main') && startsWith(github.ref, 'refs/tags')
permissions:
packages: write
needs:
- python-build
- python-code-check
# - python-typing
- python-security
- python-test
- docker-build
runs-on: ubuntu-latest
steps:
- name: "πŸ“₯ Check-out"
uses: actions/checkout@v4
- name: "🧰 Set up QEMU"
uses: docker/setup-qemu-action@v3
- name: "🧰 Set up Docker Buildx"
uses: docker/setup-buildx-action@v3
- name: "πŸ”‘ Login to GitHub Packages"
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: "ℹ️ Extract image metadata"
id: meta
uses: docker/metadata-action@v5
with:
images: |
ghcr.io/${{ github.repository }}
- name: "πŸš€ Build and push image"
uses: docker/build-push-action@v6
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
github-release:
name: "πŸš€ Create GitHub release"
if: github.event_name == 'push' && endsWith(github.event.base_ref, 'main') && startsWith(github.ref, 'refs/tags')
needs:
- python-build
- python-code-check
# - python-typing
- python-security
- python-test
- docker-build
permissions:
contents: write
runs-on: ubuntu-latest
steps:
- name: "πŸ“₯ Check-out"
uses: actions/checkout@v4
- name: "πŸ“₯ Download Python wheels"
uses: actions/download-artifact@v4
with:
name: wheels
path: dist
- name: "πŸš€ Create GitHub release"
uses: softprops/action-gh-release@v2
with:
name: Release ${{ github.ref_name }}
files: dist/*
fail_on_unmatched_files: true
draft: false
prerelease: false
generate_release_notes: true