Fix #680 #1040
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Pycroft CI | |
on: | |
push: | |
branches: [ master, develop ] | |
pull_request: | |
jobs: | |
pre-commit: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
# TODO: find a way to shallow clone precisely pr_base..pr_head; | |
# wee need this context to do an adequate `darker` report. | |
# as it stands this is wasteful. | |
# assuming no PR has more than 50 commits. | |
fetch-depth: 50 | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: '3.10' | |
cache: 'pip' | |
- name: "Run pre-commit hooks for HEAD" | |
uses: pre-commit/[email protected] | |
if: github.event_name != 'pull_request' | |
- name: "Run pre-commit hooks for PR range" | |
uses: pre-commit/[email protected] | |
with: | |
extra_args: > | |
--from-ref=${{ github.event.pull_request.base.sha }} | |
--to-ref=${{ github.event.pull_request.head.sha }} | |
if: github.event_name == 'pull_request' | |
python-lint: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out pycroft and submodules | |
uses: actions/checkout@v3 | |
with: | |
submodules: recursive | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: '3.10' | |
cache: 'pip' | |
- name: print information about pip cache | |
run: pip cache info && pip cache list | |
- name: ensure presence of `wheel` | |
run: pip install wheel | |
- name: install pip dependencies | |
run: pip install -r requirements.txt -r requirements.dev.txt | |
id: pip-install | |
# now come the tests | |
- name: Execute ruff | |
run: ruff check --format=github . | |
if: success() || steps.pip-install.conclusion == 'success' | |
- name: Execute mypy | |
run: ./scripts/run_mypy.sh | |
if: success() || steps.pip-install.conclusion == 'success' | |
# docs stuff | |
- name: Build sphinx docs | |
run: make SPHINXOPTS="-EN -w sphinx.log" -C doc html | |
if: success() || steps.pip-install.conclusion == 'success' | |
- name: Render sphinx warnings as annotations | |
run: python ./scripts/render_sphinx_log.py doc/sphinx.log | |
if: success() || steps.pip-install.conclusion == 'success' | |
- name: Publish sphinx docs as pages artifact | |
uses: actions/upload-pages-artifact@v1 | |
with: | |
path: doc/_build/html | |
# see https://github.com/actions/deploy-pages#usage | |
deploy-docs: | |
if: (github.event_name == 'push') && (github.ref == 'refs/heads/develop' || github.ref == 'refs/heads/master') | |
# Add a dependency to the build job | |
needs: python-lint | |
# Grant GITHUB_TOKEN the permissions required to make a Pages deployment | |
permissions: | |
pages: write # to deploy to Pages | |
id-token: write # to verify the deployment originates from an appropriate source | |
# Deploy to the github-pages environment. see | |
# https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment | |
# for general information abotu environments. | |
environment: | |
name: github-pages | |
url: ${{ steps.deployment.outputs.page_url }} | |
runs-on: ubuntu-latest | |
steps: | |
- name: Deploy sphinx docs to GitHub Pages | |
id: deployment | |
uses: actions/deploy-pages@v1 | |
npm-build: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: 16 | |
- run: npm ci | |
- run: npm run build | |
- name: Check for outdated NPM packages | |
run: | | |
(npm outdated --json | tee outdated.json) || [[ $? == 1 ]] | |
python ./scripts/render_outdated.py outdated.json >> "${GITHUB_STEP_SUMMARY}" | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
submodules: 'true' | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
with: | |
version: v0.10.0 | |
- name: Fix permissions | |
run: sudo chmod -R a+rw . | |
- name: print buildx definition | |
run: docker buildx bake --file docker-compose.prod.yml --print | |
- name: Build the Docker image | |
run: docker buildx bake --file docker-compose.prod.yml --load | |
- name: Login to GitLab Registry | |
uses: docker/login-action@v1 | |
with: | |
registry: registry.agdsn.de | |
username: "github-actions" | |
password: ${{ secrets.GITLAB_REGISTRY_PASSWORD }} | |
- name: Tag built image | |
run: docker tag agdsn/pycroft-prod:latest registry.agdsn.de/agdsn/coreos/pycroft/pycroft:${GITHUB_REF##*/} | |
- name: Push to GitLab registry | |
run: docker push registry.agdsn.de/agdsn/coreos/pycroft/pycroft:${GITHUB_REF##*/} | |
test: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
submodules: 'true' | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
with: | |
version: v0.10.0 | |
- name: Fix permissions | |
run: sudo chmod -R a+rw . | |
- name: print buildx definition | |
run: docker buildx bake --print | |
- name: Build | |
run: docker buildx bake --load | |
- name: Run test-app entrypoints | |
run: docker compose -f docker-compose.test.yml run --rm --no-deps test-app | |
- name: Start | |
run: docker compose -f docker-compose.test.yml up --wait --wait-timeout=60 test-app | |
- name: Run webpack | |
run: docker compose -f docker-compose.test.yml run --rm test-app webpack --mode production | |
- name: Run tests | |
run: > | |
docker compose -f docker-compose.test.yml run --rm test-app | |
test -m "not legacy" | |
--junitxml=junit/test-results.xml | |
--cov=pycroft --cov=web --cov=ldap_sync --cov=hades_logs --cov-append | |
--cov-report html --cov-report xml | |
- name: Publish Test Report | |
uses: mikepenz/action-junit-report@v3 | |
if: always() # always run even if the previous step fails | |
with: | |
report_paths: 'junit/test-*.xml' | |
- name: Publish coverage XML report as markdown comment | |
uses: irongut/[email protected] | |
with: | |
filename: coverage.xml | |
badge: true | |
fail_below_min: false | |
format: markdown | |
hide_branch_rate: false | |
hide_complexity: true | |
indicators: true | |
output: both | |
thresholds: '60 80' | |
- name: Add Coverage to PR summary | |
run: cat code-coverage-results.md >> $GITHUB_STEP_SUMMARY | |
- name: Publish coverage HTML report as artifact | |
uses: actions/upload-artifact@v3 | |
if: always() | |
with: | |
name: coverage | |
path: htmlcov |