From 7780382f950d84562e33c34aa970a7826f7b819e Mon Sep 17 00:00:00 2001 From: Ee Durbin Date: Thu, 18 Sep 2025 17:38:07 +0100 Subject: [PATCH] Revert "run our docker ci on gha runners directly (#17442)" This reverts commit 1abb6df1be09cc1390c0b4f9c11ce48d4ac492e0. --- .github/workflows/ci-depot.yml | 52 -------------- .github/workflows/ci-gha.yml | 79 --------------------- .github/workflows/{ci-base.yml => ci.yml} | 83 +++++++++++++---------- Dockerfile | 4 +- 4 files changed, 49 insertions(+), 169 deletions(-) delete mode 100644 .github/workflows/ci-depot.yml delete mode 100644 .github/workflows/ci-gha.yml rename .github/workflows/{ci-base.yml => ci.yml} (68%) diff --git a/.github/workflows/ci-depot.yml b/.github/workflows/ci-depot.yml deleted file mode 100644 index cf4ee601abfc..000000000000 --- a/.github/workflows/ci-depot.yml +++ /dev/null @@ -1,52 +0,0 @@ -name: CI -on: - push: - branches: - - main - pull_request: - merge_group: - types: [checks_requested] - workflow_dispatch: # generally only for the "combine-prs" workflow -permissions: - contents: read -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} - cancel-in-progress: true -jobs: - build: - if: github.repository == 'pypi/warehouse' - runs-on: depot-ubuntu-24.04-arm - outputs: - buildId: ${{ steps.build.outputs.build-id}} - permissions: - id-token: write - steps: - - name: Check out repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - with: - persist-credentials: false - - name: Set up Depot CLI - uses: depot/setup-action@b0b1ea4f69e92ebf5dea3f8713a1b0c37b2126a5 # v1.6.0 - - name: Build image - id: build - uses: depot/build-push-action@9785b135c3c76c33db102e45be96a25ab55cd507 # v1.16.2 - with: - save: true - build-args: | - DEVEL=yes - CI=yes - tags: pypi/warehouse:ci-${{ github.run_id }} - - ci: - if: github.repository == 'pypi/warehouse' - needs: build - uses: ./.github/workflows/ci-base.yml - with: - runner: depot-ubuntu-24.04-arm - runner_large: depot-ubuntu-24.04-arm-4 - image_registry: registry.depot.dev/rltf7cln5v - build_id: ${{ needs.build.outputs.buildId }} - use_depot: true - permissions: - id-token: write - packages: read \ No newline at end of file diff --git a/.github/workflows/ci-gha.yml b/.github/workflows/ci-gha.yml deleted file mode 100644 index 360d904f10ee..000000000000 --- a/.github/workflows/ci-gha.yml +++ /dev/null @@ -1,79 +0,0 @@ -name: CI (GHA) -on: - push: - branches: - - main - pull_request: - merge_group: - types: [checks_requested] - workflow_dispatch: # generally only for the "combine-prs" workflow -permissions: - contents: read -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} - cancel-in-progress: true -jobs: - build: - runs-on: ubuntu-24.04-arm - outputs: - buildId: ${{ github.run_id }} - permissions: - packages: write - steps: - - name: Check out repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - with: - persist-credentials: false - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 - - name: Cache - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 # zizmor: ignore[cache-poisoning] - id: cache - with: - path: | - var-cache-apt - var-lib-apt - root-cache-pip - root-npm - key: cache-${{ hashFiles('Dockerfile') }} - - name: inject cache into docker - uses: reproducible-containers/buildkit-cache-dance@653a570f730e3b9460adc576db523788ba59a0d7 # v3.2.0 - with: - cache-map: | - { - "var-cache-apt": "/var/cache/apt", - "var-lib-apt": "/var/lib/apt", - "root-cache-pip": "/root/.cache/pip", - "root-npm": "/root/.npm" - } - skip-extraction: ${{ steps.cache.outputs.cache-hit }} - - name: Login To GHCR - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: Build and push - uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0 - with: - context: . - cache-from: type=gha - cache-to: type=gha,mode=max - push: true - build-args: | - DEVEL=yes - CI=yes - tags: | - ghcr.io/pypi/warehouse:ci-${{ github.run_id }} - - ci: - needs: build - uses: ./.github/workflows/ci-base.yml - with: - runner: ubuntu-24.04-arm - image_registry: ghcr.io/pypi/warehouse - build_id: ci-${{ needs.build.outputs.buildId }} - use_depot: false - permissions: - id-token: write - packages: read \ No newline at end of file diff --git a/.github/workflows/ci-base.yml b/.github/workflows/ci.yml similarity index 68% rename from .github/workflows/ci-base.yml rename to .github/workflows/ci.yml index 64d34d0796db..6422f8761d36 100644 --- a/.github/workflows/ci-base.yml +++ b/.github/workflows/ci.yml @@ -1,42 +1,54 @@ -name: CI Base +name: CI on: - workflow_call: - inputs: - runner: - required: true - type: string - description: 'Runner to use for jobs' - runner_large: - required: false - type: string - description: 'Large runner to use for heavy jobs' - image_registry: - required: true - type: string - description: 'Container registry for images' - build_id: - required: true - type: string - description: 'Build ID for the container image' - use_depot: - required: false - type: boolean - default: false - description: 'Whether to use Depot for builds' - + push: + branches: + - main + pull_request: + merge_group: + types: [checks_requested] + workflow_dispatch: # generally only for the "combine-prs" workflow +permissions: + contents: read +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} + cancel-in-progress: true jobs: + build: + if: github.repository == 'pypi/warehouse' + runs-on: depot-ubuntu-24.04-arm + outputs: + buildId: ${{ steps.build.outputs.build-id}} + permissions: + id-token: write + steps: + - name: Check out repository + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + persist-credentials: false + - name: Set up Depot CLI + uses: depot/setup-action@b0b1ea4f69e92ebf5dea3f8713a1b0c37b2126a5 # v1.6.0 + - name: Build image + id: build + uses: depot/build-push-action@9785b135c3c76c33db102e45be96a25ab55cd507 # v1.16.2 + with: + save: true + build-args: | + DEVEL=yes + CI=yes + tags: pypi/warehouse:ci-${{ github.run_id }} test: # Time out if our test suite has gotten hung timeout-minutes: 15 + needs: build strategy: matrix: include: - name: Tests command: bin/tests --postgresql-host postgres - use_large_runner: true + runs_on: depot-ubuntu-24.04-arm-4 - name: Lint command: bin/lint - use_large_runner: true + runs_on: depot-ubuntu-24.04-arm-4 - name: User Documentation command: bin/user-docs - name: Developer Documentation @@ -47,14 +59,13 @@ jobs: command: bin/licenses - name: Translations command: bin/translations - runs-on: ${{ (matrix.use_large_runner && inputs.runner_large != '') && inputs.runner_large || inputs.runner }} + runs-on: ${{ (matrix.runs_on != null) && matrix.runs_on || 'depot-ubuntu-24.04-arm' }} container: - image: ${{ inputs.image_registry }}:${{ inputs.build_id }} + image: registry.depot.dev/rltf7cln5v:${{ needs.build.outputs.buildId }} env: BILLING_BACKEND: warehouse.subscriptions.services.MockStripeBillingService api_base=http://stripe:12111 api_version=2020-08-27 permissions: id-token: write - packages: read services: postgres: image: ${{ (matrix.name == 'Tests') && 'postgres:17.5' || '' }} @@ -73,7 +84,7 @@ jobs: image: ${{ (matrix.name == 'Tests') && 'stripe/stripe-mock:v0.162.0' || '' }} ports: - 12111:12111 - name: ${{ matrix.name }}${{ !inputs.use_depot && ' (GHA)' || '' }} + name: ${{ matrix.name }} steps: - name: Check out repository uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 @@ -90,14 +101,14 @@ jobs: run: ${{ matrix.command }} check_db: - name: Check Database Consistency${{ !inputs.use_depot && ' (GHA)' || '' }} - runs-on: ${{ inputs.runner }} + name: Check Database Consistency + needs: build + runs-on: depot-ubuntu-24.04-arm continue-on-error: true container: - image: ${{ inputs.image_registry }}:${{ inputs.build_id }} + image: registry.depot.dev/rltf7cln5v:${{ needs.build.outputs.buildId }} permissions: id-token: write - packages: read services: postgres: image: postgres:17.5 @@ -128,4 +139,4 @@ jobs: run: bin/db-check env: # override the hostname set in `dev/environment` - DATABASE_URL: 'postgresql+psycopg://postgres@postgres/warehouse' \ No newline at end of file + DATABASE_URL: 'postgresql+psycopg://postgres@postgres/warehouse' diff --git a/Dockerfile b/Dockerfile index 7e6aef5e1d8f..37645d17bda3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -184,8 +184,8 @@ RUN --mount=type=cache,target=/root/.cache/pip \ FROM python:${PYTHON_IMAGE_VERSION} # Setup some basic environment variables that are ~never going to change. -ENV PYTHONUNBUFFERED=1 -ENV PYTHONPATH=/opt/warehouse/src/ +ENV PYTHONUNBUFFERED 1 +ENV PYTHONPATH /opt/warehouse/src/ ENV PATH="/opt/warehouse/bin:${PATH}" WORKDIR /opt/warehouse/src/