Merge pull request #449 from lsst-sqre/tickets/DM-48216 #1743
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
env: | |
# Current supported Python version for the controller. For applications, | |
# there is generally no reason to support multiple Python versions, so all | |
# actions are run with this version. Quote the version to avoid | |
# interpretation as a floating point number. | |
# | |
# The JupyterHub plugins use a separate matrix of versions because they have | |
# to work with the version of Python that is included in the JupyterHub | |
# images. | |
PYTHON_VERSION: "3.13" | |
"on": | |
merge_group: {} | |
pull_request: {} | |
push: | |
branches-ignore: | |
# These should always correspond to pull requests, so ignore them for | |
# the push trigger and let them be triggered by the pull_request | |
# trigger, avoiding running the workflow twice. This is a minor | |
# optimization so there's no need to ensure this is comprehensive. | |
- "dependabot/**" | |
- "gh-readonly-queue/**" | |
- "renovate/**" | |
- "tickets/**" | |
- "u/**" | |
tags: | |
- "*" | |
release: | |
types: [published] | |
jobs: | |
lint: | |
runs-on: ubuntu-latest | |
timeout-minutes: 5 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ env.PYTHON_VERSION }} | |
- name: Run pre-commit | |
uses: pre-commit/action@v3.0.1 | |
test: | |
runs-on: ubuntu-latest | |
timeout-minutes: 10 | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: lsst-sqre/run-nox@v1 | |
with: | |
cache-dependency: "controller/requirements/*.txt" | |
cache-key-prefix: test | |
nox-sessions: "typing typing-inithome test test-inithome" | |
python-version: ${{ env.PYTHON_VERSION }} | |
# The Nublado client must support the Python versions of all of the packages | |
# that use it, so its minimum Python version can only be raised once all of | |
# the services that depend on it have moved to a newer version. Use a matrix | |
# to test all supported versions. | |
test-client: | |
runs-on: ubuntu-latest | |
timeout-minutes: 15 | |
strategy: | |
matrix: | |
python: | |
- "3.12" | |
- "3.13" | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: lsst-sqre/run-nox@v1 | |
with: | |
cache-dependency: "client/pyproject.toml" | |
cache-key-prefix: test-client | |
nox-sessions: "typing-client test-client" | |
python-version: ${{ matrix.python }} | |
# The JupyterHub Docker image may not always track the Python version we use | |
# and the modules must support that version of Python. Use a matrix to test | |
# every version of Python from that version to the most recent so that we | |
# can safely upgrade when the JupyterHub Python upgrades. | |
test-hub: | |
runs-on: ubuntu-latest | |
timeout-minutes: 15 | |
strategy: | |
matrix: | |
python: | |
- "3.12" | |
- "3.13" | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: lsst-sqre/run-nox@v1 | |
with: | |
cache-dependency: "hub/requirements/*.txt" | |
cache-key-prefix: test-hub | |
nox-sessions: "typing-hub test-hub" | |
python-version: ${{ matrix.python }} | |
docs: | |
runs-on: ubuntu-latest | |
timeout-minutes: 15 | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
# Ensure the documentation gets the right version. | |
fetch-depth: 0 | |
- name: Filter paths | |
uses: dorny/paths-filter@v3 | |
id: filter | |
with: | |
filters: | | |
docs: | |
- "docs/**" | |
- name: Update package lists | |
run: sudo apt-get update | |
- name: Install extra packages | |
run: sudo apt install -y graphviz | |
- uses: lsst-sqre/run-nox@v1 | |
with: | |
cache-dependency: "controller/requirements/*.txt" | |
cache-key-prefix: docs | |
nox-sessions: docs | |
python-version: ${{ env.PYTHON_VERSION }} | |
# Upload docs: | |
# - on any push to main | |
# - on pushes to tickets/ branches if docs/ directory content changed | |
- name: Upload to LSST the Docs | |
uses: lsst-sqre/ltd-upload@v1 | |
with: | |
project: nublado | |
dir: "docs/_build/html" | |
username: ${{ secrets.LTD_USERNAME }} | |
password: ${{ secrets.LTD_PASSWORD }} | |
if: > | |
(github.event_name == 'push' && github.ref_name == 'main') | |
|| (github.event_name == 'pull_request' | |
&& startsWith(github.head_ref, 'tickets/') | |
&& steps.filter.outputs.docs == 'true') | |
linkcheck: | |
runs-on: ubuntu-latest | |
timeout-minutes: 15 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Update package lists | |
run: sudo apt-get update | |
- name: Install extra packages | |
run: sudo apt install -y graphviz | |
- uses: lsst-sqre/run-nox@v1 | |
with: | |
cache-dependency: "controller/requirements/*.txt" | |
cache-key-prefix: docs | |
nox-sessions: docs-linkcheck | |
python-version: ${{ env.PYTHON_VERSION }} | |
build: | |
runs-on: ubuntu-latest | |
needs: [lint, test, test-hub] | |
timeout-minutes: 15 | |
# Only do Docker builds of tagged releases and pull requests from ticket | |
# branches. This will still trigger on pull requests from untrusted | |
# repositories whose branch names match our tickets/* branch convention, | |
# but in this case the build will fail with an error since the secret | |
# won't be set. | |
if: > | |
startsWith(github.ref, 'refs/tags/') | |
|| startsWith(github.head_ref, 'tickets/') | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
# Full history is required for setuptools_scm versioning. | |
fetch-depth: 0 | |
- uses: lsst-sqre/build-and-push-to-ghcr@v1 | |
id: build-controller | |
with: | |
dockerfile: Dockerfile.controller | |
image: ${{ github.repository }}-controller | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Report result | |
run: | | |
echo Pushed ghcr.io/${{ github.repository }}-controller:${{ steps.build-controller.outputs.tag }} | |
- uses: lsst-sqre/build-and-push-to-ghcr@v1 | |
id: build-hub | |
with: | |
dockerfile: Dockerfile.hub | |
image: ${{ github.repository }}-jupyterhub | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Report result | |
run: | | |
echo Pushed ghcr.io/${{ github.repository }}-jupyterhub:${{ steps.build-hub.outputs.tag }} | |
- uses: lsst-sqre/build-and-push-to-ghcr@v1 | |
id: build-inithome | |
with: | |
dockerfile: Dockerfile.inithome | |
image: ${{ github.repository }}-inithome | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Report result | |
run: | | |
echo Pushed ghcr.io/${{ github.repository }}-inithome:${{ steps.build-inithome.outputs.tag }} | |
build-rsp-base: | |
runs-on: ubuntu-latest | |
timeout-minutes: 45 | |
# Only do Docker builds of tagged releases and pull requests from ticket | |
# branches. This will still trigger on pull requests from untrusted | |
# repositories whose branch names match our tickets/* branch convention, | |
# but in this case the build will fail with an error since the secret | |
# won't be set. | |
if: > | |
startsWith(github.ref, 'refs/tags/') | |
|| startsWith(github.head_ref, 'tickets/') | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
# Full history is required for setuptools_scm versioning. | |
fetch-depth: 0 | |
- name: Filter paths | |
uses: dorny/paths-filter@v3 | |
id: filter | |
with: | |
filters: | | |
rsp_base: | |
- "Dockerfile.jupyterlab-base" | |
- "jupyterlab-base/**" | |
- uses: lsst-sqre/build-and-push-to-ghcr@v1 | |
id: build-jupyterlab-base | |
with: | |
dockerfile: Dockerfile.jupyterlab-base | |
image: ${{ github.repository }}-jupyterlab-base | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
if: steps.filter.outputs.rsp_base == 'true' | |
- name: Report result | |
run: | | |
echo Pushed ghcr.io/${{ github.repository }}-jupyterlab-base:${{ steps.build-jupyterlab-base.outputs.tag }} | |
pypi: | |
name: Upload release to PyPI | |
runs-on: ubuntu-latest | |
timeout-minutes: 10 | |
needs: [lint, test, docs] | |
environment: | |
name: pypi | |
url: https://pypi.org/p/rubin-nublado-client | |
permissions: | |
id-token: write | |
if: github.event_name == 'release' && github.event.action == 'published' | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 # full history for setuptools_scm | |
- uses: lsst-sqre/build-and-publish-to-pypi@v2 | |
with: | |
python-version: ${{ env.PYTHON_VERSION }} | |
working-directory: "client" |