Skip to content

Commit

Permalink
feat: create python-app.yaml
Browse files Browse the repository at this point in the history
- Also add testing dependencies in poetry.
  • Loading branch information
dupuy committed Mar 6, 2024
1 parent 2ee9326 commit 5e3a5fa
Show file tree
Hide file tree
Showing 3 changed files with 353 additions and 2 deletions.
167 changes: 167 additions & 0 deletions .github/workflows/python-app.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,167 @@
# This workflow installs Python dependencies, runs tests, builds a release.
# For tagged pushes, it also creates a release, uploads build artifacts to the
# GitHub release, and publishes it to PyPI.
# Originally from:
# https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-python

name: 'Build, test, release, upload, and publish Python app'

on:
push:
branches: ['main']
pull_request:
branches: ['main']

# Declare default permissions as read only.
permissions:
contents: read

jobs:
build:
runs-on: ubuntu-22.04

outputs:
changelog-body: '${{ steps.changelog.outputs.content }}'
commit-tag: '${{ steps.envs.outputs.commit-tag }}'
dist-artifact-name: '${{ steps.envs.outputs.artifact-name }}'

steps:
- name: 'Harden runner'
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
disable-sudo: true
egress-policy: audit
allowed-endpoints: >
files.pythonhosted.org:443
github.com:443
pypi.org:443
- name: 'Checkout repository'
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
fetch-depth: 0
fetch-tags: true
persist-credentials: false

- name: 'Install Poetry'
run: 'pipx install poetry'

- name: 'Set up Python'
id: setup-python
uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
with:
python-version: '>=3.9 <3.13'
cache: 'poetry'

- name: 'Get tag-based commit name'
id: envs
run: |
TAG=$(git describe --tags) && echo "commit-tag=$TAG" | tee -a "$GITHUB_OUTPUT" >>"$GITHUB_ENV"
echo 'python-version=${{ steps.setup-python.outputs.python-version }}' >>"$GITHUB_ENV"
echo 'artifact-name=dist-reliabot-${{ env.commit-tag }}-${{ env.python-version }}' >>"$GITHUB_OUTPUT"
shell: bash

- name: 'Build distribution packages'
run: 'poetry build'

- name: 'Generate a changelog for release'
id: changelog
uses: orhun/git-cliff-action@8b17108aad4d9362649a5dae020746c2a767c90d # v3.0.2
with:
config: pyproject.toml
env:
OUTPUT: dist/ChangeLog.md

- name: 'Upload distribution package as an artifact'
id: upload-artifact
# if: "startsWith(github.ref, 'refs/tags/') && github.repository == 'dupuy/reliabot'"
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with:
if-no-files-found: error
name: '${{ steps.envs.outputs.artifact-name }}'
overwrite: true
path: 'dist/'
retention-days: 14

test:
runs-on: ubuntu-22.04

strategy:
matrix:
fail-fast: [true]
max-concurrency: [5]
python-version:
- '3.8'
- '3.9'
- '3.10'
- '3.11'
- '3.12'

steps:
- name: 'Harden runner'
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
disable-sudo: true
egress-policy: audit
allowed-endpoints: >
files.pythonhosted.org:443
github.com:443
pypi.org:443
- name: 'Checkout repository'
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
fetch-depth: 1
fetch-tags: false
persist-credentials: false

- name: 'Install Poetry'
run: 'pipx install poetry'

- name: 'Set up Python'
id: setup-python
uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
with:
python-version: '${{ matrix.python-version }}'
cache: 'poetry'

- name: 'Install dependencies'
run: 'poetry install --extras re2-wheels --with testing'

- name: 'Run tests with coverage'
run: 'poetry run tox -e py'

release:
runs-on: ubuntu-22.04

# if: "startsWith(github.ref, 'refs/tags/') && github.repository == 'dupuy/reliabot'"

needs:
- build
- test

permissions:
contents: write

steps:
- name: 'Harden runner'
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
egress-policy: audit

- name: 'Download release artifacts'
uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4
with:
name: '${{ needs.build.outputs.dist-artifact-name }}'
path: dist/

- name: 'Create pre-release and upload artifacts'
if: "${{ contains(github.ref, '-') }}"
uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0
with:
allowUpdates: true
artifactErrorsFailBuild: true
artifacts: dist/*
draft: true
name: 'Pre-release ${{ needs.build.outputs.commit-tag }}'
prerelease: true
182 changes: 180 additions & 2 deletions poetry.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

6 changes: 6 additions & 0 deletions pyproject.toml
Original file line number Diff line number Diff line change
Expand Up @@ -155,6 +155,12 @@ python = "^3.8" # 3.8 end-of-life 2024-10
pyre2 = { version = "^0.3.6", optional = true }
pyre2-updated = { version = "^0.3.8", optional = true }

[tool.poetry.group.testing]
optional = true

[tool.poetry.group.testing.dependencies]
tox = "^4.13.0"

[tool.poetry.extras]
re2 = ["pyre2"]
re2-wheels = ["pyre2-updated"]
Expand Down

0 comments on commit 5e3a5fa

Please sign in to comment.