Set user to app in Dockerfile #125
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test, build, and release | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| branches: | |
| - main | |
| merge_group: | |
| jobs: | |
| test: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| python-version: ["3.11", "3.12"] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python ${{ matrix.python-version }} | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Install dependencies | |
| run: | | |
| python -m venv venv | |
| venv/bin/pip install -r requirements.txt | |
| venv/bin/pip install -e . --no-deps | |
| - name: Verify requirements.txt | |
| if: ${{ matrix.python-version == '3.11' }} | |
| run: | | |
| venv/bin/pip-compile --quiet --allow-unsafe --generate-hashes --strip-extras | |
| git diff --exit-code -- requirements.txt | |
| - name: Run lint check | |
| if: ${{ matrix.python-version == '3.11' }} | |
| run: | | |
| PATH="venv/bin:$PATH" bin/lint.sh | |
| - name: Run tests | |
| env: | |
| SENTRY_DSN: http://public@localhost:8090/1 | |
| STORAGE_EMULATOR_HOST: http://localhost:8001 | |
| PUBSUB_EMULATOR_HOST: localhost:5010 | |
| run: | | |
| docker compose up -d fakesentry gcs-emulator pubsub | |
| # Run outside docker because we are testing the matrix python version | |
| PATH="venv/bin:$PATH" bin/test.sh | |
| # stop services immediate and ignore errors | |
| docker compose down -t0 || true | |
| build-and-release: | |
| permissions: | |
| contents: write | |
| id-token: write | |
| if: ${{ github.ref == 'refs/heads/main' }} | |
| needs: test | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Fetch tags | |
| run: git fetch --tags origin | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: 3.11 | |
| - name: Install dependencies | |
| run: | | |
| python -m venv venv | |
| venv/bin/pip install -r requirements.txt | |
| - name: Generate release tag | |
| run: echo RELEASE_TAG="$(venv/bin/python -c 'import obs_common.release; print(obs_common.release.generate_tag())')" >> "$GITHUB_ENV" | |
| - name: Overrride dynamic version | |
| run: sed 's/dynamic = \["version"]/# dynamic = ["version"]\nversion = "'"$RELEASE_TAG"'"/' -i pyproject.toml | |
| - name: Build wheel | |
| run: venv/bin/python -m build | |
| - uses: google-github-actions/auth@v2 | |
| with: | |
| workload_identity_provider: ${{ vars.GCPV2_GITHUB_WORKLOAD_IDENTITY_PROVIDER }} | |
| service_account: artifact-writer@${{ secrets.GCP_PROJECT_ID }}.iam.gserviceaccount.com | |
| - name: Publish package | |
| run: | |
| venv/bin/twine upload --verbose --repository-url https://us-python.pkg.dev/${{ secrets.GCP_PROJECT_ID }}/cavendish-prod-python/ dist/*.whl | |
| - name: Publish release | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: gh release create "$RELEASE_TAG" --repo="$GITHUB_REPOSITORY" --generate-notes dist/*.whl |