monty-python/.github/workflows/ci.yaml at 16d8247f8e7a7a935b7943cc4f51849b7c4c9ccb · onerandomusername/monty-python · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
# Github Action Workflow enforcing our code style and running tests.

name: CI

# Trigger the workflow on both push (to the main repository)
# and pull requests (against the main repository, but from any repo).
on:
  push:
    branches:
      - main
  pull_request:

concurrency:
  group: ${{ github.workflow }}-${{ github.repository }}-${{ github.ref }}
  cancel-in-progress: false

defaults:
  run:
    shell: bash

env:
  # https://docs.astral.sh/uv/reference/environment/
  UV_LOCKED: 1
  UV_NO_SYNC: 1
  UV_PYTHON_DOWNLOADS: never

permissions:
  contents: read
jobs:
  lint:
    name: lint
    runs-on: ubuntu-latest
    permissions:
      contents: read
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false
      - uses: j178/prek-action@0bb87d7f00b0c99306c8bcb8b8beba1eb581c037 # v1.1.1
        env:
          RUFF_OUTPUT_FORMAT: "github"

  sessions:
    name: nox sessions
    runs-on: ubuntu-latest
    outputs:
      sessions: ${{ steps.set-sessions.outputs.sessions }}
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false

      - name: set up environment
        id: setup-env
        uses: ./.github/actions/setup-env
        with:
          python-version: "3.10"

      - name: export nox sessions
        id: set-sessions
        run: |
          echo "sessions=$(nox --list -t ci --json | jq -c '[.[].session]')" >> $GITHUB_OUTPUT

  ci:
    name: ${{ matrix.session }}
    runs-on: ubuntu-latest
    needs: [sessions]
    strategy:
      matrix:
        session: ${{ fromJson(needs.sessions.outputs.sessions) }}
    env:
      NOXSESSION: ${{ matrix.session }}
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false

      - name: set up environment
        id: setup-env
        uses: ./.github/actions/setup-env
        with:
          python-version: "3.10"

      - name: Install dependencies
        run: |
          nox --install-only

      - name: Run nox -s ${{ matrix.session }}
        run:
          nox

      - name: check diff
        run:
          git diff --exit-code

  check:
    name: Check CI passed
    if: always()
    needs:
      - lint
      - ci

    runs-on: ubuntu-latest

    steps:
      - name: Decide whether the needed jobs succeeded or failed
        uses: re-actors/alls-green@05ac9388f0aebcb5727afa17fcccfecd6f8ec5fe # v1.2.2
        with:
          jobs: ${{ toJSON(needs) }}


  build:
    if: github.ref == 'refs/heads/main' && github.event_name == 'push'
    name: Build & Push
    needs: [check]
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write # used to publish to GHCR

    steps:
      # Create a commit SHA-based tag for the container repositories
      - name: Create SHA Container Tag
        id: sha_tag
        run: |
          tag=$(cut -c 1-7 <<< $GITHUB_SHA)
          echo "tag=$tag" >> $GITHUB_OUTPUT
      # Check out the current repository in the `monty` subdirectory
      - name: Checkout code
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          path: monty
          persist-credentials: false

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0

      - name: Login to Github Container Registry
        uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN  }}

      # Build and push the container to the GitHub Container
      # Repository. The container will be tagged as "latest"
      # and with the short SHA of the commit.
      - name: Build and push
        uses: docker/build-push-action@601a80b39c9405e50806ae38af30926f9d957c47 # v6.19.1
        with:
          context: monty/
          file: monty/Dockerfile
          push: true
          cache-from: type=registry,ref=ghcr.io/${{ github.repository_owner }}/monty-python:latest
          cache-to: type=inline
          tags: |
            ghcr.io/${{ github.repository_owner }}/monty-python:latest
            ghcr.io/${{ github.repository_owner }}/monty-python:${{ steps.sha_tag.outputs.tag }}
          build-args: |
            git_sha=${{ github.sha }}