moving api key validation to special function #115
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Workflow | |
| on: | |
| push: | |
| branches: [ "master" ] | |
| pull_request: | |
| branches: [ "master" ] | |
| permissions: | |
| contents: read | |
| jobs: | |
| linters: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@main | |
| - name: Set up Python | |
| uses: actions/setup-python@main | |
| with: | |
| python-version: "3.10" | |
| - name: Install dependencies | |
| run: | | |
| pip install poetry | |
| poetry config virtualenvs.create false | |
| poetry install --no-root --no-interaction --with test,dev | |
| - name: Lint with flake8 | |
| run: flake8 . --count --max-complexity=10 --max-line-length=127 --statistics --show-source | |
| - name: Lint with black | |
| run: black . --check | |
| - name: Lint with isort | |
| run: isort . --check | |
| - name: Lint with mypy | |
| run: mypy . | |
| tests: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@main | |
| - name: Set up Python | |
| uses: actions/setup-python@main | |
| with: | |
| python-version: "3.10" | |
| - name: Install dependencies | |
| run: | | |
| pip install poetry | |
| poetry config virtualenvs.create false | |
| poetry install --no-root --no-interaction --with test,dev | |
| - name: Test with pytest | |
| run: | | |
| python -m pytest tests | |
| build-and-push-image: | |
| runs-on: ubuntu-latest | |
| needs: [linters, tests] | |
| permissions: | |
| contents: read | |
| packages: write | |
| attestations: write | |
| id-token: write | |
| env: | |
| REGISTRY: ${{ secrets.REGISTRY_HOST }} | |
| outputs: | |
| version: ${{ steps.meta.outputs.version }} | |
| steps: | |
| - name: Repository name to lowercase | |
| id: imagename | |
| uses: ASzc/change-string-case-action@v6 | |
| with: | |
| string: ${{ github.repository }} | |
| - name: Checkout repository | |
| uses: actions/checkout@main | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ secrets.REGISTRY_USERNAME }} | |
| password: ${{ secrets.REGISTRY_PASSWORD }} | |
| - name: Extract metadata (tags, labels) for Docker | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ steps.imagename.outputs.lowercase }} | |
| tags: | | |
| type=raw,value=latest,enable={{ is_default_branch }},priority=100 | |
| type=ref,event=branch,suffix=-{{ sha }},enable={{ is_default_branch }},priority=200 | |
| type=ref,event=pr,priority=100 | |
| type=ref,event=pr,suffix=-{{ sha }},priority=200 | |
| - name: Build and push Docker image | |
| id: push | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=registry,ref=${{ env.REGISTRY }}/${{ steps.imagename.outputs.lowercase }}:buildcache | |
| cache-to: type=registry,ref=${{ env.REGISTRY }}/${{ steps.imagename.outputs.lowercase }}:buildcache,mode=max | |
| - name: Generate artifact attestation | |
| uses: actions/attest-build-provenance@v1 | |
| with: | |
| subject-name: ${{ env.REGISTRY }}/${{ steps.imagename.outputs.lowercase }} | |
| subject-digest: ${{ steps.push.outputs.digest }} | |
| push-to-registry: true | |
| update-cluster-config: | |
| runs-on: ubuntu-latest | |
| needs: build-and-push-image | |
| steps: | |
| - uses: actions/checkout@main | |
| with: | |
| repository: eldies/cluster-config | |
| ref: 'main' | |
| token: ${{ secrets.ACTIONS_GITHUB_TOKEN }} | |
| - name: setup git config | |
| run: | | |
| git config user.name "GitHub Actions Bot" | |
| git config user.email "<>" | |
| - name: prepare config content | |
| id: vars | |
| run: | | |
| echo "tag=${{ needs.build-and-push-image.outputs.version }}" >> "$GITHUB_OUTPUT" | |
| - name: prepare commit message and filename - push | |
| if: github.event_name == 'push' | |
| run: | | |
| echo 'COMMIT_MESSAGE=push to master' >> "$GITHUB_ENV" | |
| echo "FILENAME=production" >> "$GITHUB_ENV" | |
| - name: prepare commit message and filename - pull request | |
| if: github.event_name == 'pull_request' | |
| run: | | |
| echo 'COMMIT_MESSAGE=pull request https://github.com/${{ github.repository }}/pull/${{ github.event.number }}' >> "$GITHUB_ENV" | |
| echo "FILENAME=pr-${{ github.event.number }}-${{ github.head_ref || github.ref_name }}" >> "$GITHUB_ENV" | |
| - name: make config file | |
| run: | | |
| echo '${{ toJSON(steps.vars.outputs) }}' > apps/image-storage/configs/${{ env.FILENAME }}.json | |
| - run: | | |
| git add . | |
| git commit -m "[actions] image-storage config updated - ${{ env.COMMIT_MESSAGE }}" | |
| git push origin main |