Skip to content

Set user to app in Dockerfile #126

Set user to app in Dockerfile

Set user to app in Dockerfile #126

Workflow file for this run

name: Test, build, and release
on:
push:
branches:
- main
pull_request:
branches:
- main
merge_group:
jobs:
test:
runs-on: ubuntu-latest
strategy:
matrix:
python-version: ["3.11", "3.12"]
steps:
- uses: actions/checkout@v4
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
- name: Install dependencies
run: |
python -m venv venv
venv/bin/pip install -r requirements.txt
venv/bin/pip install -e . --no-deps
- name: Verify requirements.txt
if: ${{ matrix.python-version == '3.11' }}
run: |
venv/bin/pip-compile --quiet --allow-unsafe --generate-hashes --strip-extras
git diff --exit-code -- requirements.txt
- name: Run lint check
if: ${{ matrix.python-version == '3.11' }}
run: |
PATH="venv/bin:$PATH" bin/lint.sh
- name: Run tests
env:
SENTRY_DSN: http://public@localhost:8090/1
STORAGE_EMULATOR_HOST: http://localhost:8001
PUBSUB_EMULATOR_HOST: localhost:5010
run: |
docker compose up -d fakesentry gcs-emulator pubsub
# Run outside docker because we are testing the matrix python version
PATH="venv/bin:$PATH" bin/test.sh
# stop services immediate and ignore errors
docker compose down -t0 || true
build-and-release:
permissions:
contents: write
id-token: write
if: ${{ github.ref == 'refs/heads/main' }}
needs: test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Fetch tags
run: git fetch --tags origin
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: 3.11
- name: Install dependencies
run: |
python -m venv venv
venv/bin/pip install -r requirements.txt
- name: Generate release tag
run: echo RELEASE_TAG="$(venv/bin/python -c 'import obs_common.release; print(obs_common.release.generate_tag())')" >> "$GITHUB_ENV"
- name: Overrride dynamic version
run: sed 's/dynamic = \["version"]/# dynamic = ["version"]\nversion = "'"$RELEASE_TAG"'"/' -i pyproject.toml
- name: Build wheel
run: venv/bin/python -m build
- uses: google-github-actions/auth@v2
with:
workload_identity_provider: ${{ vars.GCPV2_GITHUB_WORKLOAD_IDENTITY_PROVIDER }}
service_account: artifact-writer@${{ secrets.GCP_PROJECT_ID }}.iam.gserviceaccount.com
- name: Publish package
run:
venv/bin/twine upload --verbose --repository-url https://us-python.pkg.dev/${{ secrets.GCP_PROJECT_ID }}/cavendish-prod-python/ dist/*.whl
- name: Publish release
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: gh release create "$RELEASE_TAG" --repo="$GITHUB_REPOSITORY" --generate-notes dist/*.whl