Skip to content

Commit

Permalink
chore(gha): update python.yml GitHub workflow
Browse files Browse the repository at this point in the history
  • Loading branch information
ms-bot committed Aug 29, 2024
1 parent f4203a1 commit 6a8bfd3
Showing 1 changed file with 210 additions and 5 deletions.
215 changes: 210 additions & 5 deletions .github/workflows/python.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,23 +8,228 @@ on:
push:
branches: [main, master, preprod, prod]
pull_request:
types: [opened, synchronize, reopened]
types: [opened, synchronize, reopened, closed]
name: Python
jobs:
flake8:
name: Flake8
runs-on: ubuntu-20.04
runs-on: ubuntu-22.04
timeout-minutes: 5
if: github.event_name != 'pull_request' || github.event.action != 'closed'
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: 3.9
- name: Flake8
uses: docker://public.ecr.aws/u9q7y3l4/github-actions-flake8
black:
name: Black
runs-on: ubuntu-20.04
runs-on: ubuntu-22.04
timeout-minutes: 5
if: github.event_name != 'pull_request' || github.event.action != 'closed'
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: 3.9
- name: Black
uses: docker://public.ecr.aws/u9q7y3l4/github-actions-black
test:
name: Test
runs-on: ubuntu-22.04
timeout-minutes: 5
if: github.event_name != 'pull_request' || github.event.action != 'closed'
permissions:
id-token: write
contents: read
steps:
- run: |
git config --global credential.helper 'cache --timeout=315360000'
(echo protocol=https; echo host=github.com; echo username=${{ secrets.MS_READ_PACKAGES_GITHUB_PAT }}; echo password=) | git credential approve
(echo protocol=https; echo host=github.com; echo username=${{ secrets.MS_READ_PACKAGES_GITHUB_PAT }}; echo password=) | base64
git clone https://github.com/mobsuccess-devops/mobsuccess-python
name: GitHub Credentials
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: 3.9
- name: Install dependencies
run: sudo apt-get install libffi7
- uses: actions/cache@v4
with:
path: |
~/.mobsuccess/venv
venv
key: ${{ runner.os }}-venv-${{ hashFiles('requirements*.txt') }}
restore-keys: |
${{ runner.os }}-venv-
- name: Configure AWS Credentials (eu-central-1)
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: arn:aws:iam::983851922138:role/GHA,CodeArtifact
aws-region: eu-central-1
role-duration-seconds: 900
- name: Login CodeArtifact
run: aws codeartifact login --tool pip --domain mobsuccess --domain-owner 983851922138 --repository python
- run: make test
pyright:
name: Pyright
runs-on: ubuntu-22.04
timeout-minutes: 10
if: github.event_name != 'pull_request' || github.event.action != 'closed'
permissions:
id-token: write
contents: read
steps:
- run: |
git config --global credential.helper 'cache --timeout=315360000'
(echo protocol=https; echo host=github.com; echo username=${{ secrets.MS_READ_PACKAGES_GITHUB_PAT }}; echo password=) | git credential approve
(echo protocol=https; echo host=github.com; echo username=${{ secrets.MS_READ_PACKAGES_GITHUB_PAT }}; echo password=) | base64
git clone https://github.com/mobsuccess-devops/mobsuccess-python
name: GitHub Credentials
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: 3.9
- name: Install dependencies
run: sudo apt-get install libffi7
- uses: actions/cache@v4
with:
path: |
~/.mobsuccess/venv
venv
key: ${{ runner.os }}-venv-${{ hashFiles('requirements*.txt') }}
restore-keys: |
${{ runner.os }}-venv-
- name: Configure AWS Credentials (eu-central-1)
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: arn:aws:iam::983851922138:role/GHA,CodeArtifact
aws-region: eu-central-1
role-duration-seconds: 900
- name: Login CodeArtifact
run: aws codeartifact login --tool pip --domain mobsuccess --domain-owner 983851922138 --repository python
- run: make pyright
check_stubs:
name: Check Stubs
runs-on: ubuntu-22.04
timeout-minutes: 5
if: github.event_name != 'pull_request' || github.event.action != 'closed'
steps:
- uses: actions/checkout@v4
- run: |
if [ -n "$(find . -name '*.pyi')" ]; then
echo "This repository must not contain *.pyi files"
exit 1
fi
prepare-publish:
name: Prepare Publish
runs-on: ubuntu-22.04
timeout-minutes: 1
if: github.event_name != 'pull_request' || github.event.action != 'closed'
outputs:
version-postfix: ${{ steps.prepare.outputs.version-postfix }}
role: ${{ steps.prepare.outputs.role }}
aws-account-id: ${{ steps.prepare.outputs.aws-account-id }}
permissions:
id-token: write
contents: read
steps:
- name: Prepare
id: prepare
run: |
role=arn:aws:iam::983851922138:role/GHA,$(basename $GITHUB_REPOSITORY)
aws_account_id=983851922138
case ${{github.ref}} in
refs/heads/master)
echo "version-postfix: <empty>"
echo "::set-output name=version-postfix::"
;;
*)
pr_number=${{github.event.number}}
if [ -z "$pr_number" ]; then
pr_number=${{github.event.issue.number}}
fi
echo "version-postfix: .dev$pr_number"
echo "::set-output name=version-postfix::.dev$pr_number"
;;
esac
echo role: $role
echo "::set-output name=role::$role"
echo "::set-output name=aws-account-id::$aws_account_id"
publish:
runs-on: ubuntu-22.04
needs: [prepare-publish]
name: Publish
timeout-minutes: 5
if: github.event_name != 'pull_request' || github.event.action != 'closed'
permissions:
id-token: write
contents: read
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: 3.9
- name: Install dependencies
run: sudo apt-get install libffi7
- run: |
python3 -m venv venv
source venv/bin/activate
- uses: actions/cache@v4
with:
path: |
${{ env.pythonLocation }}
venv
key: ${{ env.pythonLocation }}-${{ hashFiles('requirements*.txt') }}
- name: Configure AWS Credentials (eu-central-1)
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: arn:aws:iam::983851922138:role/GHA,CodeArtifact
aws-region: eu-central-1
role-duration-seconds: 900
- name: Login CodeArtifact
run: aws codeartifact login --tool pip --domain mobsuccess --domain-owner 983851922138 --repository python
- run: source venv/bin/activate && for r in requirements*.txt; do pip install -r $r; done
- uses: aws-actions/setup-sam@v1
- uses: aws-actions/configure-aws-credentials@v1
name: Configure AWS Credentials (eu-central-1)
with:
role-to-assume: ${{needs.prepare-publish.outputs.role}}
aws-region: eu-central-1
role-duration-seconds: 900
- name: Build and publish
run: |
export TWINE_USERNAME=aws
export TWINE_PASSWORD=`aws codeartifact get-authorization-token --domain mobsuccess --domain-owner ${{ needs.prepare-publish.outputs.aws-account-id }} --query authorizationToken --output text`
export TWINE_REPOSITORY_URL=`aws codeartifact get-repository-endpoint --domain mobsuccess --domain-owner ${{ needs.prepare-publish.outputs.aws-account-id }} --repository python --format pypi --query repositoryEndpoint --output text`
export PYTHON_PACKAGE_VERSION_POSTFIX=.$GITHUB_RUN_ID${{needs.prepare-publish.outputs.version-postfix}}
echo PYTHON_PACKAGE_VERSION_POSTFIX=$PYTHON_PACKAGE_VERSION_POSTFIX
if [ -e Makefile ] && grep -q ^stubs: Makefile; then source venv/bin/activate && make stubs; fi
source venv/bin/activate && python setup.py sdist bdist_wheel
package_name=$(grep ^Name: *.egg-info/PKG-INFO | sed -e 's/^.*: //')
package_version=$(grep ^Version: *.egg-info/PKG-INFO | sed -e 's/^.*: //')
aws codeartifact delete-package-versions --domain mobsuccess --repo python --format pypi --package "$package_name" --versions "$package_version" || true
source venv/bin/activate && twine upload --verbose dist/*
notify:
needs:
[
flake8,
black,
test,
pyright,
check_stubs,
publish,
]
if: failure()
runs-on: ubuntu-22.04
steps:
- name: Notify
uses: mobsuccess-devops/github-actions-notify@master
with:
notify-type: "workflow-failure"
slack-token: ${{ secrets.SLACK_TOKEN_MSBOT }}
slack-channel: ${{ vars.SLACK_CHANNEL_NOTIFY_WORKFLOW_FAIL }}
platform-pat: ${{ secrets.MS_PLATFORM_LIST_USERS_PAT }}
# DO NOT EDIT: END

0 comments on commit 6a8bfd3

Please sign in to comment.