This repository has been archived by the owner on Dec 13, 2023. It is now read-only.
CI #372
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
workflow_dispatch: | |
push: | |
branches: | |
- '**' | |
- '!ws-iac-scan-results/**' | |
- '!whitesource-remediate/master-all**' | |
- '!whitesource/**' | |
tags: | |
- '*' | |
schedule: | |
- cron: '0 4 * * *' | |
env: | |
APP_NAME: mend_import_sbom | |
jobs: | |
build-and-test: | |
runs-on: ubuntu-latest | |
outputs: | |
python_version: ${{ steps.set_env_vars.outputs.PYTHON_VERSION }} | |
min_py_ver: ${{ steps.set_env_vars.outputs.MIN_PY_VER }} | |
version: ${{ steps.set_env_vars.outputs.VERSION }} | |
release: ${{ steps.set_env_vars.outputs.RELEASE }} | |
app_dir: ${{ steps.set_env_vars.outputs.APP_DIR }} | |
pkg_name: ${{ steps.set_env_vars.outputs.PKG_NAME }} | |
whl_name: ${{ steps.set_env_vars.outputs.WHL_NAME }} | |
source_branch: ${{ steps.get_source_branch.outputs.SOURCE_BRANCH }} | |
strategy: | |
matrix: | |
python-version: ['3.9', '3.10', '3.11'] | |
steps: | |
- name: Set Environment Variables | |
id: set_env_vars | |
run: | | |
pkgVersion=0.0.0.ci0 | |
pkgRelease=false | |
echo "========= GITHUB_OUTPUT =========" | |
echo "PYTHON_VERSION=${{ matrix.python-version }}" >> $GITHUB_OUTPUT | |
if [[ ${{ strategy.job-index }} == 0 ]]; then | |
echo "MIN_PY_VER=${{ matrix.python-version }}" >> $GITHUB_OUTPUT | |
fi | |
if [[ "$GITHUB_REF" == *"refs/tags/v"* || "$GITHUB_REF" == *"refs/tags/test-v"* ]]; then | |
pkgVersion="$(echo ${{ github.ref }} | sed -r 's/^[\/a-zA-z-]+//')" | |
if [[ $pkgVersion != *@(a|b)* ]]; then | |
pkgRelease=true | |
fi | |
elif [[ "$GITHUB_REF" == *"/staging" ]]; then | |
latestVer="$(git describe --tags $(git rev-list --tags --max-count=1) | sed -r 's/^[\/a-zA-z-]+//')" | |
if [[ $(echo "$latestVer" | cut -d. -f1,2) == $(date +"%y.%-m") ]] ; then | |
nextVersion="$(date +"%y.%-m").$(( $(echo "$latestVer" | sed 's/.*\.//') + 1 ))" | |
else | |
nextVersion="$(date +"%y.%-m.1")" | |
fi | |
pkgVersion="${nextVersion}rc$(date +"%Y%m%d%H%M")" | |
fi | |
echo "VERSION=$pkgVersion" >> $GITHUB_OUTPUT | |
echo "RELEASE=$pkgRelease" >> $GITHUB_OUTPUT | |
echo "APP_DIR=${{ env.APP_NAME }}" >> $GITHUB_OUTPUT | |
echo "PKG_NAME=${{ env.APP_NAME }}-${pkgVersion}" >> $GITHUB_OUTPUT | |
echo "WHL_NAME=${{ env.APP_NAME }}-${pkgVersion}-py3-none-any.whl" >> $GITHUB_OUTPUT | |
echo "========== GITHUB_ENV ===========" | |
echo "PYTHON_VERSION=${{ matrix.python-version }}" >> $GITHUB_ENV | |
echo "VERSION=$pkgVersion" >> $GITHUB_ENV | |
echo "APP_DIR=${{ env.APP_NAME }}" >> $GITHUB_ENV | |
echo "PKG_NAME=${{ env.APP_NAME }}-${pkgVersion}" >> $GITHUB_ENV | |
echo "WHL_NAME=${{ env.APP_NAME }}-${pkgVersion}-py3-none-any.whl" >> $GITHUB_ENV | |
- uses: actions/checkout@v3 | |
- name: Get Source Branch | |
id: get_source_branch | |
run: | | |
echo "SOURCE_BRANCH=$(git branch --contains ${{ github.sha }} | grep -E 'feature|staging' | sed 's/[ *]//g')" >> $GITHUB_OUTPUT | |
- name: Set Package Version | |
id: set_package_version | |
run: | | |
sed -E -i "s/^__version__ = \"[a-z0-9\.]+\"/__version__ = \"${{ env.VERSION }}\"/g" "${{ env.APP_DIR }}/_version.py" | |
cat "${{ env.APP_DIR }}/_version.py" | |
- name: Setup Python ${{ matrix.python-version }} | |
id: setup_python | |
uses: actions/setup-python@v4 | |
with: | |
python-version: ${{ matrix.python-version }} | |
- name: Install Dependencies | |
id: install_dependencies | |
run: | | |
python -m pip install --upgrade pip | |
pip install flake8 wheel pytest -r requirements.txt | |
- name: Lint with flake8 | |
id: lint_with_flake8 | |
run: | | |
# stop the build if there are Python syntax errors or undefined names | |
flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics --ignore=E501,F841 | |
# exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide | |
flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics | |
- name: Create wheel Package | |
id: create_whl | |
run: python setup.py bdist_wheel | |
- name: Install ${{ env.PKG_NAME }} | |
id: install_whl | |
run: pip install "dist/${{ env.WHL_NAME }}" | |
- name: Check Unit Test Files | |
id: check_test_files | |
uses: andstor/file-existence-action@v2 | |
with: | |
files: "*/tests/test_*.py" | |
- name: Run Tests with pytest | |
id: tests_pytest | |
if: steps.check_test_files.outputs.files_exists == 'true' | |
run: pytest | |
- name: Unittest | |
id: test_unittest | |
if: steps.check_test_files.outputs.files_exists == 'true' | |
run: python -m unittest | |
- name: Copy wheel | |
id: copy_whl | |
run: | | |
mkdir "dist/${{ env.PYTHON_VERSION }}" | |
cp "dist/${{ env.WHL_NAME }}" "dist/${{ env.PYTHON_VERSION }}/" | |
- name: Cache wheel | |
id: cache_whl | |
uses: actions/cache@v3 | |
with: | |
path: dist/${{ env.PYTHON_VERSION }}/${{ env.WHL_NAME }} | |
key: ${{ env.PYTHON_VERSION }}_${{ env.APP_DIR }}_${{ github.run_id }} | |
publish-staging: | |
if: ${{ github.ref == 'refs/heads/staging'}} | |
needs: [build-and-test] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Get Environment Variables | |
id: get_env_vars | |
run: | | |
echo "MIN_PY_VER=${{ needs.build-and-test.outputs.min_py_ver }}" >> $GITHUB_ENV | |
echo "APP_DIR=${{ needs.build-and-test.outputs.app_dir }}" >> $GITHUB_ENV | |
echo "VERSION=${{ needs.build-and-test.outputs.version }}" >> $GITHUB_ENV | |
echo "WHL_NAME=${{ needs.build-and-test.outputs.whl_name }}" >> $GITHUB_ENV | |
echo "SOURCE_BRANCH=${{ needs.build-and-test.outputs.source_branch }}" >> $GITHUB_ENV | |
echo "AWS_REGION=eu-west-1" >> $GITHUB_ENV | |
echo "AWS_BUCKET=mend-ps-staging" >> $GITHUB_ENV | |
echo "AWS_DOMAIN=mend-ps" >> $GITHUB_ENV | |
echo "AWS_REPO=mend-ps-staging" >> $GITHUB_ENV | |
- name: Restore whl | |
id: restore_whl | |
uses: actions/cache@v3 | |
with: | |
path: dist/${{ env.MIN_PY_VER }}/${{ env.WHL_NAME }} | |
key: ${{ env.MIN_PY_VER }}_${{ env.APP_DIR }}_${{ github.run_id }} | |
- name: Configure AWS Credentials | |
id: config_aws_creds | |
uses: aws-actions/configure-aws-credentials@v3 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: ${{ env.AWS_REGION }} | |
- name: Configure AWS CodeArtifact | |
id: config_aws_codeartifact | |
run: | | |
pip install twine | |
twinePass="$(aws codeartifact get-authorization-token --domain ${{ env.AWS_DOMAIN }} --domain-owner ${{ secrets.AWS_ACCOUNT_ID }} --query authorizationToken --output text)" | |
twineRepo="$(aws codeartifact get-repository-endpoint --domain ${{ env.AWS_DOMAIN }} --domain-owner ${{ secrets.AWS_ACCOUNT_ID }} --repository ${{ env.AWS_REPO }} --format pypi --query repositoryEndpoint --output text)" | |
echo "TWINE_USERNAME=aws" >> $GITHUB_ENV | |
echo "TWINE_PASSWORD=$twinePass" >> $GITHUB_ENV | |
echo "TWINE_REPOSITORY_URL=$twineRepo" >> $GITHUB_ENV | |
- name: Upload to AWS CodeArtifact | |
id: upload_aws_codeartifact | |
run: | | |
twine upload --repository-url ${{ env.TWINE_REPOSITORY_URL }} "dist/${{ env.MIN_PY_VER }}/${{ env.WHL_NAME }}" | |
- name: Staging Version Upload Notification (TBD) | |
id: staging_upload_notification | |
run: | | |
echo "Package is ready for testing" | |
echo " App Name: ${{ env.APP_NAME }}" | |
echo " Version: ${{ env.VERSION }}" | |
echo "" | |
echo "To install, use the commands:" | |
echo ' CODEARTIFACT_AUTH_TOKEN=`aws codeartifact get-authorization-token --domain ${{ env.AWS_DOMAIN }} --domain-owner ${{ secrets.AWS_ACCOUNT_ID }} --region ${{ secrets.AWS_ACCOUNT_ID }} --query authorizationToken --output text`' | |
echo ' pip install --no-cache-dir --index-url=https://aws:$CODEARTIFACT_AUTH_TOKEN@${{ env.AWS_DOMAIN }}-${{ secrets.AWS_ACCOUNT_ID }}.d.codeartifact.${{ secrets.AWS_REGION }}.amazonaws.com/pypi/${{ secrets.AWS_REPO }}/simple/ ${{ env.APP_NAME }}' | |
publish-release: | |
if: ${{ startsWith(github.ref, 'refs/tags/v') }} | |
needs: [build-and-test] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Get Environment Variables | |
id: get_env_vars | |
run: | | |
echo "MIN_PY_VER=${{ needs.build-and-test.outputs.min_py_ver }}" >> $GITHUB_ENV | |
echo "APP_DIR=${{ needs.build-and-test.outputs.app_dir }}" >> $GITHUB_ENV | |
echo "VERSION=${{ needs.build-and-test.outputs.version }}" >> $GITHUB_ENV | |
echo "WHL_NAME=${{ needs.build-and-test.outputs.whl_name }}" >> $GITHUB_ENV | |
echo "SOURCE_BRANCH=${{ needs.build-and-test.outputs.source_branch }}" >> $GITHUB_ENV | |
- name: Restore whl | |
id: restore_whl | |
uses: actions/cache@v3 | |
with: | |
path: dist/${{ env.MIN_PY_VER }}/${{ env.WHL_NAME }} | |
key: ${{ env.MIN_PY_VER }}_${{ env.APP_DIR }}_${{ github.run_id }} | |
- name: Publish to PyPI (Test) | |
if: startsWith(github.ref, 'refs/tags/v') | |
run: | | |
echo "packages_dir: dist/${{ env.MIN_PY_VER }}" | |
- name: Publish to PyPI | |
if: startsWith(github.ref, 'refs/tags/v') | |
uses: pypa/gh-action-pypi-publish@release/v1 | |
with: | |
skip_existing: true | |
user: __token__ | |
password: ${{ secrets.PYPI_API_TOKEN }} | |
packages_dir: dist/${{ needs.build-and-test.outputs.min_py_ver }} | |
# - uses: actions/checkout@v3 | |
# - name: Create Release | |
# if: startsWith(github.ref, 'refs/tags/v') | |
# uses: ncipollo/release-action@v1 | |
# with: | |
# token: ${{ secrets.GITHUB_TOKEN }} | |
# allowUpdates: true | |
# artifacts: dist/${{needs.build-and-test.outputs.min_py_ver}}/${{needs.build-and-test.outputs.app_dir}}-${{needs.build-and-test.outputs.version}}-py3-none-any.whl | |
# prerelease: ${{ needs.build-and-test.outputs.release != 'true' }} | |
# generateReleaseNotes: true | |
# - name: Publish to Confluence - Public | |
# if: startsWith(github.ref, 'refs/tags/v') | |
# uses: cupcakearmy/confluence-markdown-sync@v1 | |
# with: | |
# from: README.md | |
# to: 2225406280 | |
# cloud: whitesource | |
# user: ${{ secrets.CONFLUENCE_USER }} | |
# token: ${{ secrets.CONFLUENCE_TOKEN }} | |
# - name: Publish to Confluence - Internal | |
# if: startsWith(github.ref, 'refs/tags/v') | |
# uses: cupcakearmy/confluence-markdown-sync@v1 | |
# with: | |
# from: README.md | |
# to: 2313290370 | |
# cloud: whitesource | |
# user: ${{ secrets.CONFLUENCE_USER }} | |
# token: ${{ secrets.CONFLUENCE_TOKEN }} |