-
Notifications
You must be signed in to change notification settings - Fork 0
292 lines (244 loc) · 8.53 KB
/
ci.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
name: CI
env:
# Current supported Python version for the controller. For applications,
# there is generally no reason to support multiple Python versions, so all
# actions are run with this version. Quote the version to avoid
# interpretation as a floating point number.
#
# The JupyterHub plugins use a separate matrix of versions because they have
# to work with the version of Python that is included in the JupyterHub
# images.
PYTHON_VERSION: "3.13"
"on":
merge_group: {}
pull_request: {}
push:
branches-ignore:
# These should always correspond to pull requests, so ignore them for
# the push trigger and let them be triggered by the pull_request
# trigger, avoiding running the workflow twice. This is a minor
# optimization so there's no need to ensure this is comprehensive.
- "dependabot/**"
- "gh-readonly-queue/**"
- "renovate/**"
- "tickets/**"
- "u/**"
tags:
- "*"
release:
types: [published]
jobs:
lint:
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: ${{ env.PYTHON_VERSION }}
- name: Run pre-commit
uses: pre-commit/action@v3.0.1
test:
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- uses: actions/checkout@v4
- uses: lsst-sqre/run-nox@v1
with:
cache-dependency: "controller/requirements/*.txt"
cache-key-prefix: test
nox-sessions: "typing typing-inithome test test-inithome"
python-version: ${{ env.PYTHON_VERSION }}
# The Nublado client must support the Python versions of all of the packages
# that use it, so its minimum Python version can only be raised once all of
# the services that depend on it have moved to a newer version. Use a matrix
# to test all supported versions.
test-client:
runs-on: ubuntu-latest
timeout-minutes: 15
strategy:
matrix:
python:
- "3.12"
- "3.13"
steps:
- uses: actions/checkout@v4
- uses: lsst-sqre/run-nox@v1
with:
cache-dependency: "client/pyproject.toml"
cache-key-prefix: test-client
nox-sessions: "typing-client test-client"
python-version: ${{ matrix.python }}
# The JupyterHub Docker image may not always track the Python version we use
# and the modules must support that version of Python. Use a matrix to test
# every version of Python from that version to the most recent so that we
# can safely upgrade when the JupyterHub Python upgrades.
test-hub:
runs-on: ubuntu-latest
timeout-minutes: 15
strategy:
matrix:
python:
- "3.12"
- "3.13"
steps:
- uses: actions/checkout@v4
- uses: lsst-sqre/run-nox@v1
with:
cache-dependency: "hub/requirements/*.txt"
cache-key-prefix: test-hub
nox-sessions: "typing-hub test-hub"
python-version: ${{ matrix.python }}
docs:
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- uses: actions/checkout@v4
with:
# Ensure the documentation gets the right version.
fetch-depth: 0
- name: Filter paths
uses: dorny/paths-filter@v3
id: filter
with:
filters: |
docs:
- "docs/**"
- name: Update package lists
run: sudo apt-get update
- name: Install extra packages
run: sudo apt install -y graphviz
- uses: lsst-sqre/run-nox@v1
with:
cache-dependency: "controller/requirements/*.txt"
cache-key-prefix: docs
nox-sessions: docs
python-version: ${{ env.PYTHON_VERSION }}
# Upload docs:
# - on any push to main
# - on pushes to tickets/ branches if docs/ directory content changed
- name: Upload to LSST the Docs
uses: lsst-sqre/ltd-upload@v1
with:
project: nublado
dir: "docs/_build/html"
username: ${{ secrets.LTD_USERNAME }}
password: ${{ secrets.LTD_PASSWORD }}
if: >
(github.event_name == 'push' && github.ref_name == 'main')
|| (github.event_name == 'pull_request'
&& startsWith(github.head_ref, 'tickets/')
&& steps.filter.outputs.docs == 'true')
linkcheck:
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- uses: actions/checkout@v4
- name: Update package lists
run: sudo apt-get update
- name: Install extra packages
run: sudo apt install -y graphviz
- uses: lsst-sqre/run-nox@v1
with:
cache-dependency: "controller/requirements/*.txt"
cache-key-prefix: docs
nox-sessions: docs-linkcheck
python-version: ${{ env.PYTHON_VERSION }}
build:
runs-on: ubuntu-latest
needs: [lint, test, test-hub]
timeout-minutes: 15
# Only do Docker builds of tagged releases and pull requests from ticket
# branches. This will still trigger on pull requests from untrusted
# repositories whose branch names match our tickets/* branch convention,
# but in this case the build will fail with an error since the secret
# won't be set.
if: >
startsWith(github.ref, 'refs/tags/')
|| startsWith(github.head_ref, 'tickets/')
steps:
- uses: actions/checkout@v4
with:
# Full history is required for setuptools_scm versioning.
fetch-depth: 0
- uses: lsst-sqre/build-and-push-to-ghcr@v1
id: build-controller
with:
dockerfile: Dockerfile.controller
image: ${{ github.repository }}-controller
github_token: ${{ secrets.GITHUB_TOKEN }}
- name: Report result
run: |
echo Pushed ghcr.io/${{ github.repository }}-controller:${{ steps.build-controller.outputs.tag }}
- uses: lsst-sqre/build-and-push-to-ghcr@v1
id: build-hub
with:
dockerfile: Dockerfile.hub
image: ${{ github.repository }}-jupyterhub
github_token: ${{ secrets.GITHUB_TOKEN }}
- name: Report result
run: |
echo Pushed ghcr.io/${{ github.repository }}-jupyterhub:${{ steps.build-hub.outputs.tag }}
- uses: lsst-sqre/build-and-push-to-ghcr@v1
id: build-inithome
with:
dockerfile: Dockerfile.inithome
image: ${{ github.repository }}-inithome
github_token: ${{ secrets.GITHUB_TOKEN }}
- name: Report result
run: |
echo Pushed ghcr.io/${{ github.repository }}-inithome:${{ steps.build-inithome.outputs.tag }}
build-rsp-base:
runs-on: ubuntu-latest
timeout-minutes: 45
# Only do Docker builds of tagged releases and pull requests from ticket
# branches. This will still trigger on pull requests from untrusted
# repositories whose branch names match our tickets/* branch convention,
# but in this case the build will fail with an error since the secret
# won't be set.
if: >
startsWith(github.ref, 'refs/tags/')
|| startsWith(github.head_ref, 'tickets/')
steps:
- uses: actions/checkout@v4
with:
# Full history is required for setuptools_scm versioning.
fetch-depth: 0
- name: Filter paths
uses: dorny/paths-filter@v3
id: filter
with:
filters: |
rsp_base:
- "Dockerfile.jupyterlab-base"
- "jupyterlab-base/**"
- uses: lsst-sqre/build-and-push-to-ghcr@v1
id: build-jupyterlab-base
with:
dockerfile: Dockerfile.jupyterlab-base
image: ${{ github.repository }}-jupyterlab-base
github_token: ${{ secrets.GITHUB_TOKEN }}
if: steps.filter.outputs.rsp_base == 'true'
- name: Report result
run: |
echo Pushed ghcr.io/${{ github.repository }}-jupyterlab-base:${{ steps.build-jupyterlab-base.outputs.tag }}
pypi:
name: Upload release to PyPI
runs-on: ubuntu-latest
timeout-minutes: 10
needs: [lint, test, docs]
environment:
name: pypi
url: https://pypi.org/p/rubin-nublado-client
permissions:
id-token: write
if: github.event_name == 'release' && github.event.action == 'published'
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # full history for setuptools_scm
- uses: lsst-sqre/build-and-publish-to-pypi@v2
with:
python-version: ${{ env.PYTHON_VERSION }}
working-directory: "client"