Skip to content
CI

build: Use nix for pushing to RTD #272

Sign in to view logs

build: Use nix for pushing to RTD

build: Use nix for pushing to RTD #272

Workflow file for this run

.github/workflows/ci.yml at c88d972
---
name: CI
# Ensure only one job per branch.
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
on:
push:
branches: [master]
tags: ["*"]
pull_request:
branches: [master]
types: [opened, synchronize]
jobs:
test:
name: Test
runs-on: ubuntu-latest
steps:
- name: Checkout repo
uses: actions/checkout@v4
- name: Install Nix
uses: cachix/install-nix-action@v27
with:
nix_path: nixpkgs=flake:nixpkgs
- name: Install Cachix
uses: cachix/cachix-action@v15
with:
name: bow
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
- name: Run tests
run: nix develop .#ci --command make test
- name: Upload test report
if: always()
uses: mikepenz/action-junit-report@v4
with:
check_name: Test report
report_paths: '**/.junit.xml'
- name: Upload coverage
uses: paambaati/codeclimate-action@v5.0.0
env:
CC_TEST_REPORTER_ID: ${{ secrets.CC_TEST_REPORTER_ID }}
with:
coverageLocations: |
${{ github.workspace }}/.coverage.xml:cobertura
lint:
name: ${{ matrix.lint.name }}
runs-on: ubuntu-latest
strategy:
matrix:
lint:
- name: Lint style
rule: lint-style
- name: Lint types
rule: lint-types
- name: Lint other metrics
rule: lint-metrics
- name: Scan AST security
rule: scan-sec-ast
- name: Scan dependencies
rule: scan-sec-deps
steps:
- name: Checkout repo
uses: actions/checkout@v4
- name: Install Nix
uses: cachix/install-nix-action@v27
with:
nix_path: nixpkgs=flake:nixpkgs
- name: Install Cachix
uses: cachix/cachix-action@v15
with:
name: bow
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
- name: ${{ matrix.lint.name }}
run: |
if [ "${{ matrix.lint.rule }}" = "scan-sec-deps" ]; then
nix develop .#ci --command make ${{ matrix.lint.rule }} || (echo "::warning file=scan-sec-deps::Scan dependencies failed with exit code $?.")
else
nix develop .#ci --command make ${{ matrix.lint.rule }}
fi
continue-on-error: ${{ matrix.lint.rule == 'scan-sec-deps' }}
pub-image:
name: Publish Docker image
runs-on: ubuntu-latest
needs: [lint, test]
steps:
- name: Checkout repo
uses: actions/checkout@v4
with:
# Ensure all git history is cloned, so we can infer the correct version for tagging.
fetch-depth: 0
- name: Install Nix
uses: cachix/install-nix-action@v27
with:
nix_path: nixpkgs=flake:nixpkgs
- name: Install Cachix
uses: cachix/cachix-action@v15
with:
name: bow
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
- name: Update pyproject.toml version with
if: github.ref_type == 'tag' && github.ref_name != ''
run: nix develop --command poetry dynamic-versioning
- name: Build and push image to registry
run: >
nix build .#dockerArchiveStreamer
&& ./result
| gzip --fast
| skopeo copy
--dest-creds ${{ github.repository_owner }}:${{ secrets.GITHUB_TOKEN }}
docker-archive:/dev/stdin
docker://ghcr.io/${{ github.repository }}
pub-docs:
name: Publish documentation
runs-on: ubuntu-latest
needs: [lint, test]
steps:
- name: Checkout repo
uses: actions/checkout@v4
- name: Install Nix
uses: cachix/install-nix-action@v27
with:
nix_path: nixpkgs=flake:nixpkgs
- name: Install Cachix
uses: cachix/cachix-action@v15
with:
name: bow
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
- name: Push to ReadTheDocs
env:
RTD_BUILD_API_URL: https://readthedocs.org/api/v3/projects/volt/versions/latest/builds/
run: >
nix develop .#ci --command
curl -X POST -H "Authorization: Token ${{ secrets.RTD_TOKEN }}" ${RTD_BUILD_API_URL}