-
Notifications
You must be signed in to change notification settings - Fork 7
138 lines (119 loc) · 3.93 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
---
name: CI
# Ensure only one job per branch.
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
on:
push:
branches: [master]
tags: ["*"]
pull_request:
branches: [master]
types: [opened, synchronize]
jobs:
test:
name: Test
runs-on: ubuntu-latest
steps:
- name: Checkout repo
uses: actions/checkout@v4
- name: Set up Nix
uses: ./.github/actions/setup-nix
with:
cachix_auth_token: '${{ secrets.CACHIX_AUTH_TOKEN }}'
- name: Run tests
run: nix develop .#ci --command make test
- name: Upload test report
if: always()
uses: mikepenz/action-junit-report@v4
with:
check_name: Test report
report_paths: '**/.junit.xml'
- name: Upload coverage
uses: paambaati/codeclimate-action@v9.0.0
env:
CC_TEST_REPORTER_ID: ${{ secrets.CC_TEST_REPORTER_ID }}
with:
coverageLocations: |
${{ github.workspace }}/.coverage.xml:cobertura
lint:
name: ${{ matrix.lint.name }}
runs-on: ubuntu-latest
strategy:
matrix:
lint:
- name: Lint style
rule: lint-style
- name: Lint types
rule: lint-types
- name: Lint other metrics
rule: lint-metrics
- name: Scan AST security
rule: scan-sec-ast
- name: Scan dependencies
rule: scan-sec-deps
steps:
- name: Checkout repo
uses: actions/checkout@v4
- name: Set up Nix
uses: ./.github/actions/setup-nix
with:
cachix_auth_token: '${{ secrets.CACHIX_AUTH_TOKEN }}'
- name: ${{ matrix.lint.name }}
run: |
if [ "${{ matrix.lint.rule }}" = "scan-sec-deps" ]; then
nix develop .#ci --command make ${{ matrix.lint.rule }} || (echo "::warning file=scan-sec-deps::Scan dependencies failed with exit code $?.")
else
nix develop .#ci --command make ${{ matrix.lint.rule }}
fi
continue-on-error: ${{ matrix.lint.rule == 'scan-sec-deps' }}
pub-image:
name: Publish Docker image
runs-on: ubuntu-latest
needs: [lint, test]
steps:
- name: Checkout repo
uses: actions/checkout@v4
- name: Set up Nix
uses: ./.github/actions/setup-nix
with:
cachix_auth_token: '${{ secrets.CACHIX_AUTH_TOKEN }}'
- name: Set image tag
run: >
if [ "${{ github.ref_type }}" = "tag" ] && [ -n "${{ github.ref_name }}" ]; then
echo "IMG_TAG=$(echo ${{ github.ref_name }} | sed 's/^v//')" >> ${GITHUB_ENV}
else
echo "IMG_TAG=latest" >> ${GITHUB_ENV}
fi
- name: Update pyproject.toml version with
if: github.ref_type == 'tag' && github.ref_name != ''
run: nix develop --command poetry dynamic-versioning
- name: Capture current commit hash
run: printf "${{ github.sha }}" > .rev && git add .rev
- name: Build and push image to registry
run: >
nix build .#dockerArchiveStreamer
&& ./result
| gzip --fast
| skopeo copy
--dest-creds ${{ github.repository_owner }}:${{ secrets.GITHUB_TOKEN }}
docker-archive:/dev/stdin
docker://ghcr.io/${{ github.repository }}:${IMG_TAG}
pub-docs:
name: Publish documentation
runs-on: ubuntu-latest
needs: [lint, test]
steps:
- name: Checkout repo
uses: actions/checkout@v4
- name: Set up Nix
uses: ./.github/actions/setup-nix
with:
cachix_auth_token: '${{ secrets.CACHIX_AUTH_TOKEN }}'
- name: Push to ReadTheDocs
env:
RTD_BUILD_API_URL: https://readthedocs.org/api/v3/projects/volt/versions/latest/builds/
run: >
nix develop .#ci --command
curl -X POST -H "Authorization: Token ${{ secrets.RTD_TOKEN }}" ${RTD_BUILD_API_URL}