Merge pull request #13 from webis-de/dependabot/github_actions/docker⦠#41
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "CI" | |
on: | |
push: | |
jobs: | |
python-build: | |
name: "ποΈ Build Python wheels" | |
strategy: | |
matrix: | |
python: | |
- "3.11" | |
# - "3.12" | |
runs-on: ubuntu-latest | |
steps: | |
- name: "π₯ Check-out" | |
uses: actions/checkout@v4 | |
- name: "π§° Install Protoc" | |
run: sudo apt install protobuf-compiler | |
- name: "π§° Install Python" | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ matrix.python }} | |
cache: pip | |
cache-dependency-path: pyproject.toml | |
- name: "π§° Install dependencies" | |
run: pip install build twine | |
- name: "ποΈ Build Python wheels" | |
run: python -m build | |
- name: "π§ͺ Check package bundles" | |
run: twine check dist/* | |
- name: "π€ Upload Python wheels" | |
uses: actions/upload-artifact@v4 | |
if: matrix.python == '3.11' | |
with: | |
name: wheels | |
path: dist | |
python-code-check: | |
name: "π Check Python code" | |
strategy: | |
matrix: | |
python: | |
- "3.11" | |
# - "3.12" | |
runs-on: ubuntu-latest | |
steps: | |
- name: "π₯ Check-out" | |
uses: actions/checkout@v4 | |
- name: "π§° Install Protoc" | |
run: sudo apt install protobuf-compiler | |
- name: "π§° Install Python" | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ matrix.python }} | |
cache: pip | |
cache-dependency-path: pyproject.toml | |
- name: "π§° Install dependencies" | |
run: pip install .[tests] | |
- name: "π Check Python code" | |
run: ruff check . | |
# python-typing: | |
# name: "π Check Python static typing" | |
# strategy: | |
# matrix: | |
# python: | |
# - "3.11" | |
# # - "3.12" | |
# runs-on: ubuntu-latest | |
# steps: | |
# - name: "π₯ Check-out" | |
# uses: actions/checkout@v4 | |
# - name: "π§° Install Protoc" | |
# run: sudo apt install protobuf-compiler | |
# - name: "π§° Install Python" | |
# uses: actions/setup-python@v5 | |
# with: | |
# python-version: ${{ matrix.python }} | |
# cache: pip | |
# cache-dependency-path: pyproject.toml | |
# - name: "π§° Install dependencies" | |
# run: pip install .[tests] | |
# - name: "π Check Python static typing" | |
# run: mypy . | |
python-security: | |
name: "π Check Python code security" | |
strategy: | |
matrix: | |
python: | |
- "3.11" | |
# - "3.12" | |
runs-on: ubuntu-latest | |
steps: | |
- name: "π₯ Check-out" | |
uses: actions/checkout@v4 | |
- name: "π§° Install Protoc" | |
run: sudo apt install protobuf-compiler | |
- name: "π§° Install Python" | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ matrix.python }} | |
cache: pip | |
cache-dependency-path: pyproject.toml | |
- name: "π§° Install dependencies" | |
run: pip install .[tests] | |
- name: "π Check Python code security" | |
run: bandit -c pyproject.toml -r . | |
python-test: | |
name: "π§ͺ Test Python code" | |
strategy: | |
matrix: | |
python: | |
- "3.11" | |
# - "3.12" | |
runs-on: ubuntu-latest | |
steps: | |
- name: "π₯ Check-out" | |
uses: actions/checkout@v4 | |
- name: "π§° Install Protoc" | |
run: sudo apt install protobuf-compiler | |
- name: "π§° Install Python" | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ matrix.python }} | |
cache: pip | |
cache-dependency-path: pyproject.toml | |
- name: "π§° Install dependencies" | |
run: pip install .[tests] | |
- name: "π§ͺ Test Python code" | |
run: pytest --cov --cov-report=xml . | |
- name: "π€ Upload coverage to Codecov" | |
uses: codecov/codecov-action@v4 | |
if: matrix.python == '3.11' | |
with: | |
token: ${{ secrets.CODECOV_TOKEN }} | |
docker-build: | |
name: "ποΈ Build Docker image" | |
runs-on: ubuntu-latest | |
steps: | |
- name: "π₯ Check-out" | |
uses: actions/checkout@v4 | |
- name: "π§° Set up QEMU" | |
uses: docker/setup-qemu-action@v3 | |
- name: "π§° Set up Docker Buildx" | |
uses: docker/setup-buildx-action@v3 | |
- name: "ποΈ Build Docker image" | |
uses: docker/build-push-action@v6 | |
with: | |
context: . | |
push: false | |
python-publish: | |
name: "π Publish Python wheels" | |
if: github.event_name == 'push' && endsWith(github.event.base_ref, 'main') && startsWith(github.ref, 'refs/tags') | |
needs: | |
- python-build | |
- python-code-check | |
# - python-typing | |
- python-security | |
- python-test | |
- docker-build | |
runs-on: ubuntu-latest | |
permissions: | |
id-token: write | |
steps: | |
- name: "π₯ Check-out" | |
uses: actions/checkout@v4 | |
- name: "π₯ Download Python wheels" | |
uses: actions/download-artifact@v4 | |
with: | |
name: wheels | |
path: dist | |
- name: "π Publish Python wheels" | |
uses: pypa/gh-action-pypi-publish@release/v1 | |
docker-publish: | |
name: "π Publish Docker image" | |
if: github.event_name == 'push' && endsWith(github.event.base_ref, 'main') && startsWith(github.ref, 'refs/tags') | |
permissions: | |
packages: write | |
needs: | |
- python-build | |
- python-code-check | |
# - python-typing | |
- python-security | |
- python-test | |
- docker-build | |
runs-on: ubuntu-latest | |
steps: | |
- name: "π₯ Check-out" | |
uses: actions/checkout@v4 | |
- name: "π§° Set up QEMU" | |
uses: docker/setup-qemu-action@v3 | |
- name: "π§° Set up Docker Buildx" | |
uses: docker/setup-buildx-action@v3 | |
- name: "π Login to GitHub Packages" | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: "βΉοΈ Extract image metadata" | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: | | |
ghcr.io/${{ github.repository }} | |
- name: "π Build and push image" | |
uses: docker/build-push-action@v6 | |
with: | |
context: . | |
push: true | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
github-release: | |
name: "π Create GitHub release" | |
if: github.event_name == 'push' && endsWith(github.event.base_ref, 'main') && startsWith(github.ref, 'refs/tags') | |
needs: | |
- python-build | |
- python-code-check | |
# - python-typing | |
- python-security | |
- python-test | |
- docker-build | |
permissions: | |
contents: write | |
runs-on: ubuntu-latest | |
steps: | |
- name: "π₯ Check-out" | |
uses: actions/checkout@v4 | |
- name: "π₯ Download Python wheels" | |
uses: actions/download-artifact@v4 | |
with: | |
name: wheels | |
path: dist | |
- name: "π Create GitHub release" | |
uses: softprops/action-gh-release@v2 | |
with: | |
name: Release ${{ github.ref_name }} | |
files: dist/* | |
fail_on_unmatched_files: true | |
draft: false | |
prerelease: false | |
generate_release_notes: true |