-
Notifications
You must be signed in to change notification settings - Fork 0
140 lines (126 loc) · 4.41 KB
/
wipac-cicd.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
name: wipac ci/cd
on: [ push ]
jobs:
py-versions:
runs-on: ubuntu-latest
outputs:
matrix: ${{ steps.versions.outputs.matrix }}
steps:
- uses: actions/checkout@v4
- id: versions
uses: WIPACrepo/wipac-dev-py-versions-action@v2.4
######################################################################################
flake8:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
- uses: WIPACrepo/wipac-dev-flake8-action@v1.0
mypy:
needs: [ py-versions ]
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
py3: ${{ fromJSON(needs.py-versions.outputs.matrix) }}
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: ${{ matrix.py3 }}
- uses: WIPACrepo/wipac-dev-mypy-action@v2.0
######################################################################################
writable-branch-detect:
runs-on: ubuntu-latest
outputs:
OKAY: ${{ steps.detect.outputs.OKAY }}
steps:
- name: is this a non-dependabot branch?
id: detect
# dependabot can't access normal secrets
# & don't run non-branch triggers (like tags)
# & we don't want to trigger an update on PR's merge to main/master/default (which is a branch)
run: |
if [[ \
${{github.actor}} != 'dependabot[bot]' && \
${{github.ref_type}} == 'branch' && \
${{format('refs/heads/{0}', github.event.repository.default_branch)}} != ${{github.ref}} \
]]; then
echo "OKAY=true" >> "$GITHUB_OUTPUT"
echo "yes, this branch is compatible"
else
echo "OKAY=false" >> "$GITHUB_OUTPUT"
echo "no, this branch is incompatible"
fi
py-setup:
needs: [ writable-branch-detect ]
runs-on: ubuntu-latest
steps:
- if: needs.writable-branch-detect.outputs.OKAY == 'true'
uses: actions/checkout@v4
with:
token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
- if: needs.writable-branch-detect.outputs.OKAY == 'true'
uses: WIPACrepo/wipac-dev-py-setup-action@v4.1
with:
python_min: 3.9
pypi_name: wipac-dev-tools
author: WIPAC Developers
author_email: developers@icecube.wisc.edu
keywords: WIPAC python tools utilities
py-dependencies:
needs: [ writable-branch-detect ]
runs-on: ubuntu-latest
steps:
- if: needs.writable-branch-detect.outputs.OKAY == 'true'
uses: actions/checkout@v4
with:
token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
- if: needs.writable-branch-detect.outputs.OKAY == 'true'
uses: WIPACrepo/wipac-dev-py-dependencies-action@v2.0
with:
use_directory: true
######################################################################################
tests:
needs: [ py-versions ]
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
py3: ${{ fromJSON(needs.py-versions.outputs.matrix) }}
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: ${{ matrix.py3 }}
- name: Pytest
run: |
pip install --upgrade pip wheel setuptools pytest
pip install .[dev]
pytest -vvvv tests
######################################################################################
release:
# only run on main/master/default
if: format('refs/heads/{0}', github.event.repository.default_branch) == github.ref
needs: [ flake8, mypy, py-setup, py-dependencies, tests ]
runs-on: ubuntu-latest
concurrency: release # prevent any possible race conditions
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
# Python-Package Version Bump
- uses: python-semantic-release/python-semantic-release@v9.8.1
id: psr-psr
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
# PyPI Release
- uses: pypa/gh-action-pypi-publish@v1.8.14
if: steps.psr-psr.outputs.released == 'true'
with:
password: ${{ secrets.PYPI_TOKEN }}
# GitHub Release
- uses: python-semantic-release/upload-to-gh-release@v9.8.1
if: steps.psr-psr.outputs.released == 'true'
with:
github_token: ${{ secrets.GITHUB_TOKEN }}