-
Notifications
You must be signed in to change notification settings - Fork 0
151 lines (133 loc) · 5 KB
/
publish-ghrch.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
name: Docker Image CI for GHRC
on:
push:
branches:
- "main"
- "preprod"
- "develop"
pull_request:
branches:
- "main"
- "develop"
- "preprod"
jobs:
code-quality:
strategy:
fail-fast: false
matrix:
python-version:
- "3.12.3"
os: [ ubuntu-latest ]
runs-on: ${{ matrix.os }}
environment:
name: code-quality
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v3
with:
python-version: ${{ matrix.python-version }}
architecture: 'x64'
- name: Install pipx, Poetry and Upgrade pip/setuptools
run: |
python --version
python -m pip install pipx
python -m pipx ensurepath
python -m pipx install poetry
export PATH=$PATH:/root/.local/bin
poetry env use python
poetry run pip install --upgrade pip setuptools
poetry add black flake8 bandit
- name: Run black
run: poetry run black . --check
- name: Run flake8
run: poetry run flake8 .
- name: Run bandit
run: poetry run bandit .
tests:
needs: [code-quality]
strategy:
fail-fast: false
max-parallel: 4
matrix:
python-version:
- "3.12.3"
os: [ubuntu-latest]
runs-on: ${{ matrix.os }}
environment:
name: tests
steps:
- name: Checkout code
uses: actions/checkout@v3
with:
submodules: recursive
token: ${{ secrets.GH_SUBMODULE_TOKEN }}
fetch-depth: 0
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v3
with:
python-version: ${{ matrix.python-version }}
architecture: 'x64'
- name: Install pipx, Poetry and Upgrade pip/setuptools
run: |
python --version
python -m pip install pipx
python -m pipx ensurepath
python -m pipx install poetry
export PATH=$PATH:/root/.local/bin
poetry env use python
poetry run pip install --upgrade pip setuptools
poetry install --no-root
- name: Run Tests
run: |
echo "Starting tests ..."
poetry run pytest --cov --cov-report term --cov-report xml:coverage.xml tests
- name: Upload coverage report
uses: actions/upload-artifact@v3
with:
name: coverage
path: coverage.xml
staging:
needs: [tests]
runs-on: ubuntu-latest
environment:
name: ${{ (github.ref == 'refs/heads/main' && 'latest') || (github.ref == 'refs/heads/preprod' && 'preprod') || 'dev' }}
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
submodules: true
token: ${{ secrets.GH_SUBMODULE_TOKEN }}
- name: Login to Docker registry
run: |
echo "Logging into Docker registry..."
echo "${{ secrets.GHRC_PASSWORD }}" | \
docker login ghcr.io -u ${{ secrets.GHRC_USERNAME }} --password-stdin
echo "Logging into Docker registry success"
- name: Determine image tag and build (improved logic)
id: build
run: |
if [[ "${{ github.event_name }}" == "push" ]]; then
BRANCH_NAME="${{ github.ref_name }}"
elif [[ "${{ github.event_name }}" == "pull_request" ]]; then
BRANCH_NAME="${{ github.base_ref }}"
else
echo "Unsupported event: ${{ github.event_name }}"
exit 1
fi
echo "Branch name: $BRANCH_NAME"
if [[ "$BRANCH_NAME" == "main" || "$BRANCH_NAME" == "master" ]]; then
DOCKER_TAG_NAME="latest"
elif [[ "$BRANCH_NAME" == "preprod" ]]; then
DOCKER_TAG_NAME="preprod"
elif [[ "$BRANCH_NAME" == "develop" ]]; then
DOCKER_TAG_NAME="dev"
else
echo "No valid tag found for branch $BRANCH_NAME, exiting..."
exit 1
fi
echo "Building Docker image with tag $DOCKER_TAG_NAME ..."
docker build --no-cache -t ${{ secrets.GHRC_REGISTRY_ADDR }}:$DOCKER_TAG_NAME .
docker push ${{ secrets.GHRC_REGISTRY_ADDR }}:$DOCKER_TAG_NAME
echo "Build and push Docker image ok ..."