Migrate CI Pipeline to GitHub Actions

I've migrated our Azure CI Pipeline to GitHub Actions. While the general workflow is the same, there are a few changes: - `flake8` is no longer run by `pre-commit`, but rather by a separate action that adds annotations to the GH Action results page. - As we no longer have need for xml-formatted coverage files, the xmlrunner for unittest has been removed as a dependency. Instead, we now publish our coverage results to coveralls.io. - We use version 2 of docker's GitHub Action build-and-push flow, which is split over multiple steps instead of one. - I have changed the badges to GitHub Actions and coveralls.io badges. Note: Because we accept PRs from forks, we need to be a bit careful with our secrets. While we do use the `pull_request_target` event, we should not expose secrets in steps that run code from the repository. Signed-off-by: Sebastiaan Zeeff <[email protected]>
author: Sebastiaan Zeeff <[email protected]> 2020-11-13 18:39:04 +0100
committer: Sebastiaan Zeeff <[email protected]> 2020-11-14 00:54:59 +0100
commit: 4d4dfe42632cc88265efcb8052b7bca5209d3f4d (patch)
tree: 01e5e8203dd891972fbfc9bc894fc79d3dbc6d1a /.github
parent: CI: disable 'continueOnError' (diff)
1 files changed, 122 insertions, 0 deletions
diff --git a/.github/workflows/lint-test-build.yml b/.github/workflows/lint-test-build.yml
new file mode 100644
index 000000000..dc472ec8e
--- /dev/null
+++ b/.github/workflows/lint-test-build.yml
@@ -0,0 +1,122 @@
+name: Lint, Test, Build
+
+on:
+  push:
+    branches:
+      - master
+  # We use pull_request_target as we get PRs from
+  # forks, but need to be able to add annotations
+  # for our flake8 step.
+  pull_request_target:
+
+
+jobs:
+  lint-test:
+    runs-on: ubuntu-latest
+    env:
+      BOT_API_KEY: foo
+      BOT_SENTRY_DSN: blah
+      BOT_TOKEN: bar
+      REDDIT_CLIENT_ID: spam
+      REDDIT_SECRET: ham
+      REDIS_PASSWORD: ''
+
+      PIP_NO_CACHE_DIR: false
+      PIP_USER: 1
+      PIPENV_HIDE_EMOJIS: 1
+      PIPENV_IGNORE_VIRTUALENVS: 1
+      PIPENV_NOSPIN: 1
+      PRE_COMMIT_HOME: ${{ github.workspace }}/.cache/pre-commit-cache
+      PYTHONUSERBASE: ${{ github.workspace }}/.cache/py-user-base
+
+    steps:
+      - name: Add custom PYTHONUSERBASE to PATH
+        run: echo '${{ env.PYTHONUSERBASE }}/bin/' >> $GITHUB_PATH
+
+      - name: Checkout repository
+        uses: actions/checkout@v2
+
+      - name: Setup python
+        id: python
+        uses: actions/setup-python@v2
+        with:
+          python-version: '3.8'
+
+      - name: Python Dependency Caching
+        uses: actions/cache@v2
+        id: python_cache
+        with:
+          path: ${{ env.PYTHONUSERBASE }}
+          key: "python-0-${{ runner.os }}-${{ env.PYTHONUSERBASE }}-\
+          ${{ steps.python.outputs.python-version }}-\
+          ${{ hashFiles('./Pipfile', './Pipfile.lock') }}"
+
+      - name: Install dependencies using pipenv
+        if: steps.python_cache.outputs.cache-hit != 'true'
+        run: |
+          pip install pipenv
+          pipenv install --dev --deploy --system
+
+      - name: Pre-commit Environment Caching
+        uses: actions/cache@v2
+        id: pre_commit_cache
+        with:
+          path: ${{ env.PRE_COMMIT_HOME }}
+          key: "precommit-0-${{ runner.os }}-${{ env.PRE_COMMIT_HOME }}-\
+          ${{ steps.python.outputs.python-version }}-\
+          ${{ hashFiles('./.pre-commit-config.yaml') }}"
+
+      # We will not run `flake8` here, as we will use a separate flake8 action
+      - name: Run pre-commit hooks
+        run: export PIP_USER=0; SKIP=flake8 pre-commit run --all-files
+
+      # This step requires `pull_request_target` due to the use of annotations
+      - name: Run flake8
+        uses: julianwachholz/flake8-action@v1
+        with:
+          checkName: lint
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      # We run `coverage` using the `python` command so we can suppress
+      # irrelevant warnings in our CI output.
+      - name: Run tests and generate coverage report
+        run: |
+            python -Wignore -m coverage run -m unittest
+            coverage report -m
+
+      # This step will publish the coverage reports coveralls.io and
+      # print a "job" link in the output of the GitHub Action
+      - name: Publish coverage report to coveralls.io
+        env:
+            GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          pip install coveralls
+          coveralls
+
+  build-and-push:
+    needs: lint-test
+    if: github.event_name != 'pull_request_target' && github.ref == 'refs/heads/master'
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+
+      - name: Login to DockerHub
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          file: ./Dockerfile
+          push: true
+          cache-from: type=registry,ref=pythondiscord/bot:latest
+          tags: pythondiscord/bot:latest
author	Sebastiaan Zeeff <[email protected]>	2020-11-13 18:39:04 +0100
committer	Sebastiaan Zeeff <[email protected]>	2020-11-14 00:54:59 +0100
commit	4d4dfe42632cc88265efcb8052b7bca5209d3f4d (patch)
tree	01e5e8203dd891972fbfc9bc894fc79d3dbc6d1a /.github
parent	CI: disable 'continueOnError' (diff)