Add documentation for PEP-740 attestations using GitLab CI/CD (#17133) #2923
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
merge_group: | |
types: [checks_requested] | |
workflow_dispatch: # generally only for the "combine-prs" workflow | |
permissions: | |
contents: read | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} | |
cancel-in-progress: true | |
jobs: | |
build: | |
if: github.repository == 'pypi/warehouse' | |
runs-on: depot-ubuntu-22.04-arm | |
outputs: | |
buildId: ${{ steps.build.outputs.build-id}} | |
permissions: | |
id-token: write | |
steps: | |
- name: Check out repository | |
uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- name: Set up Depot CLI | |
uses: depot/setup-action@v1 | |
- name: Build image | |
id: build | |
uses: depot/build-push-action@v1 | |
with: | |
save: true | |
build-args: | | |
DEVEL=yes | |
CI=yes | |
tags: pypi/warehouse:ci-${{ github.run_id }} | |
test: | |
# Time out if our test suite has gotten hung | |
timeout-minutes: 15 | |
needs: build | |
strategy: | |
matrix: | |
include: | |
- name: Tests | |
command: bin/tests --postgresql-host postgres | |
- name: Lint | |
command: bin/lint | |
- name: User Documentation | |
command: bin/user-docs | |
- name: Developer Documentation | |
command: bin/dev-docs | |
- name: Dependencies | |
command: bin/deps | |
- name: Licenses | |
command: bin/licenses | |
- name: Translations | |
command: bin/translations | |
runs-on: depot-ubuntu-22.04-arm | |
container: | |
image: registry.depot.dev/rltf7cln5v:${{ needs.build.outputs.buildId }} | |
env: | |
BILLING_BACKEND: warehouse.subscriptions.services.MockStripeBillingService api_base=http://stripe:12111 api_version=2020-08-27 | |
permissions: | |
id-token: write | |
services: | |
postgres: | |
image: ${{ (matrix.name == 'Tests') && 'postgres:16.1' || '' }} | |
ports: | |
- 5432:5432 | |
env: | |
POSTGRES_HOST_AUTH_METHOD: trust # never do this in production! | |
POSTGRES_INITDB_ARGS: '--no-sync --set fsync=off --set full_page_writes=off' | |
# Set health checks to wait until postgres has started | |
options: --health-cmd "pg_isready --username=postgres --dbname=postgres" --health-interval 10s --health-timeout 5s --health-retries 5 | |
redis: | |
image: ${{ (matrix.name == 'Tests') && 'redis:7.0' || '' }} | |
ports: | |
- 6379:6379 | |
stripe: | |
image: ${{ (matrix.name == 'Tests') && 'stripe/stripe-mock:v0.162.0' || '' }} | |
ports: | |
- 12111:12111 | |
name: ${{ matrix.name }} | |
steps: | |
- name: Check out repository | |
uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- name: Cache mypy results | |
if: ${{ (matrix.name == 'Lint') }} | |
uses: actions/cache@v4 | |
with: | |
path: | | |
dev/.mypy_cache | |
key: ${{ runner.os }}-mypy-${{ env.pythonLocation }}-${{ hashFiles('requirements.txt', 'requirements/*.txt') }} | |
- name: Run ${{ matrix.name }} | |
run: ${{ matrix.command }} | |
check_db: | |
name: Check Database Consistency | |
needs: build | |
runs-on: depot-ubuntu-22.04-arm | |
continue-on-error: true | |
container: | |
image: registry.depot.dev/rltf7cln5v:${{ needs.build.outputs.buildId }} | |
permissions: | |
id-token: write | |
services: | |
postgres: | |
image: postgres:16.1 | |
ports: | |
- 5432:5432 | |
env: | |
POSTGRES_DB: warehouse | |
POSTGRES_HOST_AUTH_METHOD: trust # never do this in production! | |
POSTGRES_INITDB_ARGS: '--no-sync --set fsync=off --set full_page_writes=off' | |
# Set health checks to wait until postgres has started | |
options: --health-cmd "pg_isready --username=postgres --dbname=postgres" --health-interval 10s --health-timeout 5s --health-retries 5 | |
steps: | |
- name: Check out repository | |
uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- name: Dotenv Action | |
# We need to load the environment variables to run the CLI | |
id: dotenv | |
uses: falti/dotenv-action@v1 | |
with: | |
path: dev/environment | |
export-variables: true | |
keys-case: upper | |
- name: Check Database | |
run: bin/db-check | |
env: | |
# override the hostname set in `dev/environment` | |
DATABASE_URL: 'postgresql+psycopg://postgres@postgres/warehouse' |