Merge pull request #433 from lsst-sqre/r810 #1693
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
env: | |
# Current supported Python version for the controller. For applications, | |
# there is generally no reason to support multiple Python versions, so all | |
# actions are run with this version. Quote the version to avoid | |
# interpretation as a floating point number. | |
# | |
# The client may eventually need to span multiple versions, but | |
# initially a single one is fine. | |
# | |
# The JupyterHub plugins use a separate matrix of versions because they have | |
# to work with the version of Python that is included in the JupyterHub | |
# images. | |
PYTHON_VERSION: "3.12" | |
"on": | |
merge_group: {} | |
pull_request: {} | |
push: | |
branches-ignore: | |
# These should always correspond to pull requests, so ignore them for | |
# the push trigger and let them be triggered by the pull_request | |
# trigger, avoiding running the workflow twice. This is a minor | |
# optimization so there's no need to ensure this is comprehensive. | |
- "dependabot/**" | |
- "gh-readonly-queue/**" | |
- "renovate/**" | |
- "tickets/**" | |
- "u/**" | |
tags: | |
- "*" | |
release: | |
types: [published] | |
jobs: | |
lint: | |
runs-on: ubuntu-latest | |
timeout-minutes: 5 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ env.PYTHON_VERSION }} | |
- name: Run pre-commit | |
uses: pre-commit/action@v3.0.1 | |
test: | |
runs-on: ubuntu-latest | |
timeout-minutes: 10 | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: lsst-sqre/run-nox@v1 | |
with: | |
cache-dependency: "controller/requirements/*.txt" | |
cache-key-prefix: test | |
nox-sessions: "typing typing-inithome typing-client test test-inithome test-client" | |
python-version: ${{ env.PYTHON_VERSION }} | |
# The controller requires Python 3.12, but the modules we add to the Hub | |
# have to run with Python 3.10 since that's what the JupyterHub image uses. | |
# Run a separate matrix to test those modules. | |
test-hub: | |
runs-on: ubuntu-latest | |
timeout-minutes: 15 | |
strategy: | |
matrix: | |
python: | |
- "3.10" | |
- "3.11" | |
- "3.12" | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: lsst-sqre/run-nox@v1 | |
with: | |
cache-dependency: "hub/requirements/*.txt" | |
cache-key-prefix: test-hub | |
nox-sessions: "typing-hub test-hub" | |
python-version: ${{ matrix.python }} | |
docs: | |
runs-on: ubuntu-latest | |
timeout-minutes: 15 | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
# Ensure the documentation gets the right version. | |
fetch-depth: 0 | |
- name: Filter paths | |
uses: dorny/paths-filter@v3 | |
id: filter | |
with: | |
filters: | | |
docs: | |
- "docs/**" | |
- name: Update package lists | |
run: sudo apt-get update | |
- name: Install extra packages | |
run: sudo apt install -y graphviz | |
- uses: lsst-sqre/run-nox@v1 | |
with: | |
cache-dependency: "controller/requirements/*.txt" | |
cache-key-prefix: docs | |
nox-sessions: docs | |
python-version: ${{ env.PYTHON_VERSION }} | |
# Upload docs: | |
# - on any push to main | |
# - on pushes to tickets/ branches if docs/ directory content changed | |
- name: Upload to LSST the Docs | |
uses: lsst-sqre/ltd-upload@v1 | |
with: | |
project: nublado | |
dir: "docs/_build/html" | |
username: ${{ secrets.LTD_USERNAME }} | |
password: ${{ secrets.LTD_PASSWORD }} | |
if: > | |
(github.event_name == 'push' && github.ref_name == 'main') | |
|| (github.event_name == 'pull_request' | |
&& startsWith(github.head_ref, 'tickets/') | |
&& steps.filter.outputs.docs == 'true') | |
linkcheck: | |
runs-on: ubuntu-latest | |
timeout-minutes: 15 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Update package lists | |
run: sudo apt-get update | |
- name: Install extra packages | |
run: sudo apt install -y graphviz | |
- uses: lsst-sqre/run-nox@v1 | |
with: | |
cache-dependency: "controller/requirements/*.txt" | |
cache-key-prefix: docs | |
nox-sessions: docs-linkcheck | |
python-version: ${{ env.PYTHON_VERSION }} | |
build: | |
runs-on: ubuntu-latest | |
needs: [lint, test, test-hub] | |
timeout-minutes: 15 | |
# Only do Docker builds of tagged releases and pull requests from ticket | |
# branches. This will still trigger on pull requests from untrusted | |
# repositories whose branch names match our tickets/* branch convention, | |
# but in this case the build will fail with an error since the secret | |
# won't be set. | |
if: > | |
startsWith(github.ref, 'refs/tags/') | |
|| startsWith(github.head_ref, 'tickets/') | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
# Full history is required for setuptools_scm versioning. | |
fetch-depth: 0 | |
- uses: lsst-sqre/build-and-push-to-ghcr@v1 | |
id: build-controller | |
with: | |
dockerfile: Dockerfile.controller | |
image: ${{ github.repository }}-controller | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Report result | |
run: | | |
echo Pushed ghcr.io/${{ github.repository }}-controller:${{ steps.build-controller.outputs.tag }} | |
- uses: lsst-sqre/build-and-push-to-ghcr@v1 | |
id: build-hub | |
with: | |
dockerfile: Dockerfile.hub | |
image: ${{ github.repository }}-jupyterhub | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Report result | |
run: | | |
echo Pushed ghcr.io/${{ github.repository }}-jupyterhub:${{ steps.build-hub.outputs.tag }} | |
- uses: lsst-sqre/build-and-push-to-ghcr@v1 | |
id: build-inithome | |
with: | |
dockerfile: Dockerfile.inithome | |
image: ${{ github.repository }}-inithome | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Report result | |
run: | | |
echo Pushed ghcr.io/${{ github.repository }}-inithome:${{ steps.build-inithome.outputs.tag }} | |
build-rsp-base: | |
runs-on: ubuntu-latest | |
timeout-minutes: 45 | |
# Only do Docker builds of tagged releases and pull requests from ticket | |
# branches. This will still trigger on pull requests from untrusted | |
# repositories whose branch names match our tickets/* branch convention, | |
# but in this case the build will fail with an error since the secret | |
# won't be set. | |
if: > | |
startsWith(github.ref, 'refs/tags/') | |
|| startsWith(github.head_ref, 'tickets/') | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
# Full history is required for setuptools_scm versioning. | |
fetch-depth: 0 | |
- uses: lsst-sqre/build-and-push-to-ghcr@v1 | |
id: build-jupyterlab-base | |
with: | |
dockerfile: Dockerfile.jupyterlab-base | |
image: ${{ github.repository }}-jupyterlab-base | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Report result | |
run: | | |
echo Pushed ghcr.io/${{ github.repository }}-jupyterlab-base:${{ steps.build-jupyterlab-base.outputs.tag }} | |
pypi: | |
name: Upload release to PyPI | |
runs-on: ubuntu-latest | |
timeout-minutes: 10 | |
needs: [lint, test, docs] | |
environment: | |
name: pypi | |
url: https://pypi.org/p/rubin-nublado-client | |
permissions: | |
id-token: write | |
if: github.event_name == 'release' && github.event.action == 'published' | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 # full history for setuptools_scm | |
- uses: lsst-sqre/build-and-publish-to-pypi@v2 | |
with: | |
python-version: ${{ env.PYTHON_VERSION }} | |
working-directory: "client" |