Merge branch 'master' into feature/ogc-1891-organisation-mapping-if-o… #996
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build | |
on: | |
workflow_dispatch: # allow to run manually | |
push: | |
branches: | |
- '**' | |
tags: | |
- '**' | |
jobs: | |
build-and-push-image: | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
packages: write | |
attestations: write | |
id-token: write | |
outputs: | |
version: ${{ steps.meta.outputs.version }} | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Log in to the container registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Extract metadata (tags, labels) for docker | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: ghcr.io/onegov/onegov-cloud | |
- name: Build and push docker image | |
id: push | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
push: true | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
- name: Generate artifact attestation | |
uses: actions/attest-build-provenance@v1 | |
with: | |
subject-name: ghcr.io/onegov/onegov-cloud | |
subject-digest: ${{ steps.push.outputs.digest }} | |
push-to-registry: true | |
test-image: | |
needs: build-and-push-image | |
strategy: | |
matrix: | |
group: [1, 2, 3, 4, 5, 6] | |
runs-on: ubuntu-latest | |
# we pull the image we just built in the previous step | |
container: | |
image: ghcr.io/onegov/onegov-cloud:${{ needs.build-and-push-image.outputs.version }} | |
credentials: | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
defaults: | |
run: | |
shell: bash | |
if: startsWith(github.ref, 'refs/tags/') || contains(github.event.head_commit.message, '[test-container]') | |
steps: | |
- name: Install packages | |
run: | | |
apt-get update | |
apt-get install -y \ | |
wget \ | |
apparmor \ | |
curl \ | |
chromium-browser \ | |
git-core \ | |
postgresql \ | |
redis \ | |
openjdk-8-jre-headless \ | |
gcc \ | |
libc-dev \ | |
fonts-liberation \ | |
libappindicator3-1 \ | |
libasound2t64 \ | |
libdrm2 \ | |
libgbm1 \ | |
libnspr4 \ | |
libnss3 \ | |
libu2f-udev \ | |
libvulkan1 \ | |
libx11-xcb1 \ | |
libxcb-dri3-0 \ | |
libxshmfence1 \ | |
libxss1 \ | |
unzip \ | |
xdg-utils | |
- name: Install Chrome | |
uses: browser-actions/setup-chrome@v1 | |
with: | |
# FIXME: Unpin once selenium works with newer version | |
chrome-version: 127 | |
install-chromedriver: true | |
- name: Checkout repo | |
uses: actions/checkout@v4 | |
- name: Get branch name (merge) | |
if: github.event_name != 'pull_request' | |
run: | | |
echo "CODECOV_BRANCH=$(echo ${GITHUB_REF#refs/heads/} | tr / -)" \ | |
>> $GITHUB_ENV | |
- name: Get branch name (pull request) | |
if: github.event_name == 'pull_request' | |
run: | | |
echo "CODECOV_BRANCH=$(echo ${GITHUB_HEAD_REF} | tr / -)" \ | |
>> $GITHUB_ENV | |
- name: Install dependencies | |
run: | | |
source /app/bin/activate | |
python -m pip install --upgrade uv | |
uv pip install pytest-split pytest-cov pytest-codecov pytest-xdist psutil | |
# TEMPORARY: editable build so we don't need a path-fix in codecov | |
uv pip install -e .[test] | |
- name: Prepare test environment | |
run: | | |
# reset the build asset permissions | |
# TEMPORARY: if we no longer do an editable install, then the base | |
# path needs to change to /app/lib/ | |
find . -type d -iname assets -print0 | xargs -0 chmod a+w -R | |
# add unprivileged test user | |
adduser --disabled-password --gecos "" test | |
redis-server --daemonize yes | |
- name: Run tests | |
run: | | |
run-as "$(id -u test)":test /app/bin/py.test \ | |
-n logical \ | |
-o cache_dir=/tmp/pytest \ | |
--dist loadgroup \ | |
--splits "6" \ | |
--group "${{matrix.group}}" \ | |
--cov \ | |
--cov-config=pyproject.toml \ | |
--codecov \ | |
--codecov-branch="$CODECOV_BRANCH" \ | |
--codecov-commit="$GITHUB_SHA" \ | |
--codecov-slug=OneGov/onegov-cloud \ | |
--codecov-token="${{ secrets.CODECOV_TOKEN }}" \ | |
tests | |
env: | |
LC_ALL: C.UTF-8 | |
LANG: C.UTF-8 | |
JAVA_HOME: /usr/lib/jvm/java-8-openjdk-amd64 | |
SKIP_DRIVER_MANAGER: '1' | |
cleanup-images: | |
runs-on: ubuntu-latest | |
needs: build-and-push-image | |
steps: | |
- name: Delete unttaged images | |
uses: seantis/delete-package-versions@main | |
with: | |
package-name: 'onegov-cloud' | |
package-type: 'container' | |
min-versions-to-keep: 0 | |
delete-only-untagged-versions: 'true' | |
- name: Delete images tagged with commit hash | |
uses: seantis/delete-package-versions@main | |
with: | |
package-name: 'onegov-cloud' | |
package-type: 'container' | |
min-versions-to-keep: 0 | |
ignore-versions: '^(?!sha).*$' | |
ignore-versions-include-tags: true | |
- name: Delete old images | |
uses: seantis/delete-package-versions@main | |
with: | |
package-name: 'onegov-cloud' | |
package-type: 'container' | |
min-versions-to-keep: 20 | |
ignore-versions: '^release-.*$' | |
ignore-versions-include-tags: true |