diff --git a/.github/workflows/python.yml b/.github/workflows/python.yml index 55303b9..96e2f16 100644 --- a/.github/workflows/python.yml +++ b/.github/workflows/python.yml @@ -8,23 +8,206 @@ on: push: branches: [main, master, preprod, prod] pull_request: - types: [opened, synchronize, reopened] + types: [opened, synchronize, reopened, closed] name: Python jobs: flake8: name: Flake8 runs-on: ubuntu-20.04 timeout-minutes: 5 + if: github.event_name != 'pull_request' || github.event.action != 'closed' steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Flake8 uses: docker://public.ecr.aws/u9q7y3l4/github-actions-flake8 black: name: Black runs-on: ubuntu-20.04 timeout-minutes: 5 + if: github.event_name != 'pull_request' || github.event.action != 'closed' steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Black uses: docker://public.ecr.aws/u9q7y3l4/github-actions-black + test: + name: Test + runs-on: ubuntu-20.04 + timeout-minutes: 5 + if: github.event_name != 'pull_request' || github.event.action != 'closed' + permissions: + id-token: write + contents: read + steps: + - run: | + git config --global credential.helper 'cache --timeout=315360000' + (echo protocol=https; echo host=github.com; echo username=${{ secrets.MS_READ_PACKAGES_GITHUB_PAT }}; echo password=) | git credential approve + (echo protocol=https; echo host=github.com; echo username=${{ secrets.MS_READ_PACKAGES_GITHUB_PAT }}; echo password=) | base64 + git clone https://github.com/mobsuccess-devops/mobsuccess-python + name: GitHub Credentials + - uses: actions/checkout@v4 + - uses: actions/setup-python@v4 + with: + python-version: "3.8.5" + - uses: actions/setup-node@v1 + with: + node-version: ^16.13 + - run: | + python3 -m venv venv + source venv/bin/activate + - uses: actions/cache@v3 + with: + path: | + ${{ env.pythonLocation }} + venv + key: ${{ env.pythonLocation }}-${{ hashFiles('requirements*.txt') }} + - name: Configure AWS Credentials (eu-central-1) + uses: aws-actions/configure-aws-credentials@v1 + with: + role-to-assume: arn:aws:iam::983851922138:role/GHA,CodeArtifact + aws-region: eu-central-1 + role-duration-seconds: 900 + - name: Login CodeArtifact + run: aws codeartifact login --tool pip --domain mobsuccess --domain-owner 983851922138 --repository python + - run: source venv/bin/activate && for r in requirements*.txt; do pip install -r $r; done + - run: source venv/bin/activate && make test + pyright: + name: Pyright + runs-on: ubuntu-20.04 + timeout-minutes: 5 + if: github.event_name != 'pull_request' || github.event.action != 'closed' + permissions: + id-token: write + contents: read + steps: + - run: | + git config --global credential.helper 'cache --timeout=315360000' + (echo protocol=https; echo host=github.com; echo username=${{ secrets.MS_READ_PACKAGES_GITHUB_PAT }}; echo password=) | git credential approve + (echo protocol=https; echo host=github.com; echo username=${{ secrets.MS_READ_PACKAGES_GITHUB_PAT }}; echo password=) | base64 + git clone https://github.com/mobsuccess-devops/mobsuccess-python + name: GitHub Credentials + - uses: actions/checkout@v4 + - uses: actions/setup-python@v4 + with: + python-version: "3.8.5" + - uses: actions/setup-node@v1 + with: + node-version: ^16.13 + - run: | + python3 -m venv venv + source venv/bin/activate + - uses: actions/cache@v3 + with: + path: | + ${{ env.pythonLocation }} + venv + key: ${{ env.pythonLocation }}-${{ hashFiles('requirements*.txt') }} + - name: Configure AWS Credentials (eu-central-1) + uses: aws-actions/configure-aws-credentials@v1 + with: + role-to-assume: arn:aws:iam::983851922138:role/GHA,CodeArtifact + aws-region: eu-central-1 + role-duration-seconds: 900 + - name: Login CodeArtifact + run: aws codeartifact login --tool pip --domain mobsuccess --domain-owner 983851922138 --repository python + - run: source venv/bin/activate && for r in requirements*.txt; do pip install -r $r; done + - run: source venv/bin/activate && make pyright + check_stubs: + name: Check Stubs + runs-on: ubuntu-20.04 + timeout-minutes: 5 + if: github.event_name != 'pull_request' || github.event.action != 'closed' + steps: + - uses: actions/checkout@v4 + - run: | + if [ -n "$(find . -name '*.pyi')" ]; then + echo "This repository must not contain *.pyi files" + exit 1 + fi + prepare-publish: + name: Prepare Publish + runs-on: ubuntu-20.04 + timeout-minutes: 1 + if: github.event_name != 'pull_request' || github.event.action != 'closed' + outputs: + version-postfix: ${{ steps.prepare.outputs.version-postfix }} + role: ${{ steps.prepare.outputs.role }} + aws-account-id: ${{ steps.prepare.outputs.aws-account-id }} + permissions: + id-token: write + contents: read + steps: + - name: Prepare + id: prepare + run: | + role=arn:aws:iam::983851922138:role/GHA,$(basename $GITHUB_REPOSITORY) + aws_account_id=983851922138 + case ${{github.ref}} in + refs/heads/master) + echo "version-postfix: " + echo "::set-output name=version-postfix::" + ;; + *) + pr_number=${{github.event.number}} + if [ -z "$pr_number" ]; then + pr_number=${{github.event.issue.number}} + fi + echo "version-postfix: .dev$pr_number" + echo "::set-output name=version-postfix::.dev$pr_number" + ;; + esac + echo role: $role + echo "::set-output name=role::$role" + echo "::set-output name=aws-account-id::$aws_account_id" + publish: + runs-on: ubuntu-20.04 + needs: [prepare-publish] + name: Publish + timeout-minutes: 5 + if: github.event_name != 'pull_request' || github.event.action != 'closed' + permissions: + id-token: write + contents: read + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-python@v4 + with: + python-version: "3.8.5" + - run: | + python3 -m venv venv + source venv/bin/activate + - uses: actions/cache@v3 + with: + path: | + ${{ env.pythonLocation }} + venv + key: ${{ env.pythonLocation }}-${{ hashFiles('requirements*.txt') }} + - name: Configure AWS Credentials (eu-central-1) + uses: aws-actions/configure-aws-credentials@v1 + with: + role-to-assume: arn:aws:iam::983851922138:role/GHA,CodeArtifact + aws-region: eu-central-1 + role-duration-seconds: 900 + - name: Login CodeArtifact + run: aws codeartifact login --tool pip --domain mobsuccess --domain-owner 983851922138 --repository python + - run: source venv/bin/activate && for r in requirements*.txt; do pip install -r $r; done + - uses: aws-actions/setup-sam@v1 + - uses: aws-actions/configure-aws-credentials@v1 + name: Configure AWS Credentials (eu-central-1) + with: + role-to-assume: ${{needs.prepare-publish.outputs.role}} + aws-region: eu-central-1 + role-duration-seconds: 900 + - name: Build and publish + run: | + export TWINE_USERNAME=aws + export TWINE_PASSWORD=`aws codeartifact get-authorization-token --domain mobsuccess --domain-owner ${{ needs.prepare-publish.outputs.aws-account-id }} --query authorizationToken --output text` + export TWINE_REPOSITORY_URL=`aws codeartifact get-repository-endpoint --domain mobsuccess --domain-owner ${{ needs.prepare-publish.outputs.aws-account-id }} --repository python --format pypi --query repositoryEndpoint --output text` + export PYTHON_PACKAGE_VERSION_POSTFIX=.$GITHUB_RUN_ID${{needs.prepare-publish.outputs.version-postfix}} + echo PYTHON_PACKAGE_VERSION_POSTFIX=$PYTHON_PACKAGE_VERSION_POSTFIX + if [ -e Makefile ] && grep -q ^stubs: Makefile; then source venv/bin/activate && make stubs; fi + source venv/bin/activate && python setup.py sdist bdist_wheel + package_name=$(grep ^Name: *.egg-info/PKG-INFO | sed -e 's/^.*: //') + package_version=$(grep ^Version: *.egg-info/PKG-INFO | sed -e 's/^.*: //') + aws codeartifact delete-package-versions --domain mobsuccess --repo python --format pypi --package "$package_name" --versions "$package_version" || true + source venv/bin/activate && twine upload --verbose dist/* # DO NOT EDIT: END