Merge pull request #425 from python-discord/sebastiaan/backend/fix-flake8-in-ci

Ensure that flake8 runs correctly in the CI
author: Leon Sandøy <[email protected]> 2020-11-19 02:13:08 +0100
committer: GitHub <[email protected]> 2020-11-19 02:13:08 +0100
commit: 52364520468c9ea03fb80c9718ec8ea6fb43725b (patch)
tree: 216f4e59e25d73d6ddeb4838a287b61acfc36710 /.github
parent: Default to HTTPS for account URLs (diff)
parent: Update badges in README to reflect new workflows (diff)
2 files changed, 83 insertions, 67 deletions
diff --git a/.github/workflows/build-deploy.yaml b/.github/workflows/build-deploy.yaml
new file mode 100644
index 00000000..668927e0
--- /dev/null
+++ b/.github/workflows/build-deploy.yaml
@@ -0,0 +1,70 @@
+name: Build & Deploy
+
+on:
+  workflow_run:
+    workflows: ["Lint & Test"]
+    branches:
+      - master
+    types:
+      - completed
+
+  build-and-deploy:
+    name: Build and Deploy to Kubernetes
+    needs: lint-test
+    if: github.event.workflow_run.conclusion == 'success'
+    runs-on: ubuntu-latest
+
+    steps:
+      # Create a commit SHA-based tag for the container repositories
+      - name: Create SHA Container Tag
+        id: sha_tag
+        run: |
+          tag=$(cut -c 1-7 <<< $GITHUB_SHA)
+          echo "::set-output name=tag::$tag"
+
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      # The current version (v2) of Docker's build-push action uses
+      # buildx, which comes with BuildKit features that help us speed
+      # up our builds using additional cache features. Buildx also
+      # has a lot of other features that are not as relevant to us.
+      #
+      # See https://github.com/docker/build-push-action
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+
+      - name: Login to Github Container Registry
+        uses: docker/login-action@v1
+        with:
+          registry: ghcr.io
+          username: ${{ secrets.GHCR_USER }}
+          password: ${{ secrets.GHCR_TOKEN }}
+
+      # Build the container, including an inline cache manifest to
+      # allow us to use the registry as a cache source.
+      - name: Build and push
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          file: ./Dockerfile
+          push: true
+          cache-from: type=registry,ref=ghcr.io/python-discord/site:latest
+          cache-to: type=inline
+          tags: |
+            ghcr.io/python-discord/site:latest
+            ghcr.io/python-discord/site:${{ steps.sha_tag.outputs.tag }}
+
+      - name: Authenticate with Kubernetes
+        uses: azure/k8s-set-context@v1
+        with:
+          method: kubeconfig
+          kubeconfig: ${{ secrets.KUBECONFIG }}
+
+      - name: Deploy to Kubernetes
+        uses: Azure/k8s-deploy@v1
+        with:
+          manifests: |
+              deployment.yaml
+          images: 'ghcr.io/python-discord/site:${{ steps.sha_tag.outputs.tag }}'
+          kubectl-version: 'latest'
diff --git a/.github/workflows/lint-test-deploy.yaml b/.github/workflows/lint-test.yaml
index 7369a3b8..80305322 100644
--- a/.github/workflows/lint-test-deploy.yaml
+++ b/.github/workflows/lint-test.yaml
@@ -1,13 +1,10 @@
-name: Lint, Test & Deploy
+name: Lint & Test
 
 on:
   push:
     branches:
       - master
-  # We use pull_request_target as we get PRs from
-  # forks, but need to be able to add annotations
-  # for our flake8 step.
-  pull_request_target:
+  pull_request:
 
 
 jobs:
@@ -34,12 +31,8 @@ jobs:
       - name: Add custom PYTHONUSERBASE to PATH
         run: echo '${{ env.PYTHONUSERBASE }}/bin/' >> $GITHUB_PATH
 
-      # We don't want to persist credentials, as our GitHub Action
-      # may be run when a PR is made from a fork.
       - name: Checkout repository
         uses: actions/checkout@v2
-        with:
-          persist-credentials: false
 
       - name: Setup python
         id: python
@@ -86,14 +79,18 @@ jobs:
       - name: Run pre-commit hooks
         run: export PIP_USER=0; SKIP=flake8 pre-commit run --all-files
 
-      # This step requires `pull_request_target`, as adding annotations
-      # requires "write" permissions to the repo.
+      # Run flake8 and have it format the linting errors in the format of
+      # the GitHub Workflow command to register error annotations. This
+      # means that our flake8 output is automatically added as an error
+      # annotation to both the run result and in the "Files" tab of a
+      # pull request.
+      #
+      # Format used:
+      # ::error file={filename},line={line},col={col}::{message}
       - name: Run flake8
-        uses: julianwachholz/flake8-action@v1
-        with:
-          checkName: lint-test
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: "flake8 \
+        --format='::error file=%(path)s,line=%(row)d,col=%(col)d::\
+        [flake8] %(code)s: %(text)s'"
 
       - name: Run database using docker-compose
         run: docker-compose run -d -p 7777:5432 --name pydis_web postgres
@@ -119,54 +116,3 @@ jobs:
       - name: Tear down docker-compose containers
         run: docker-compose stop
         if: ${{ always() }}
-
-  build-and-deploy:
-    name: Build and Deploy to Kubernetes
-    needs: lint-test
-    if: github.event_name != 'pull_request_target' && github.ref == 'refs/heads/master'
-    runs-on: ubuntu-latest
-
-    steps:
-      # Create a commit SHA-based tag for the container repositories
-      - name: Create SHA Container Tag
-        id: sha_tag
-        run: |
-          tag=$(cut -c 1-7 <<< $GITHUB_SHA)
-          echo "::set-output name=tag::$tag"
-      - name: Checkout code
-        uses: actions/checkout@v2
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
-
-      - name: Login to Github Container Registry
-        uses: docker/login-action@v1
-        with:
-          registry: ghcr.io
-          username: ${{ secrets.GHCR_USER }}
-          password: ${{ secrets.GHCR_TOKEN }}
-
-      - name: Build and push
-        uses: docker/build-push-action@v2
-        with:
-          context: .
-          file: ./Dockerfile
-          push: true
-          cache-from: type=registry,ref=ghcr.io/python-discord/site:latest
-          tags: |
-            ghcr.io/python-discord/site:latest
-            ghcr.io/python-discord/site:${{ steps.sha_tag.outputs.tag }}
-
-      - name: Authenticate with Kubernetes
-        uses: azure/k8s-set-context@v1
-        with:
-          method: kubeconfig
-          kubeconfig: ${{ secrets.KUBECONFIG }}
-
-      - name: Deploy to Kubernetes
-        uses: Azure/k8s-deploy@v1
-        with:
-          manifests: |
-              deployment.yaml
-          images: 'ghcr.io/python-discord/site:${{ steps.sha_tag.outputs.tag }}'
-          kubectl-version: 'latest'
author	Leon Sandøy <[email protected]>	2020-11-19 02:13:08 +0100
committer	GitHub <[email protected]>	2020-11-19 02:13:08 +0100
commit	52364520468c9ea03fb80c9718ec8ea6fb43725b (patch)
tree	216f4e59e25d73d6ddeb4838a287b61acfc36710 /.github
parent	Default to HTTPS for account URLs (diff)
parent	Update badges in README to reflect new workflows (diff)