From f4a65fc28e223c907ac78b3b31011d2532f93407 Mon Sep 17 00:00:00 2001 From: Sebastiaan Zeeff Date: Sun, 15 Nov 2020 00:24:51 +0100 Subject: Migrate to GH Actions & GH Container Registry I've migrated site to GitHub Actions and GitHub Container Registry. This also means that coverage results will be pushed to coveralls.io. This commit also removes the pretty useless codeql analysis action. --- .github/workflows/codeql-analysis.yml | 32 ------- .github/workflows/lint-test-build.yaml | 157 +++++++++++++++++++++++++++++++++ 2 files changed, 157 insertions(+), 32 deletions(-) delete mode 100644 .github/workflows/codeql-analysis.yml create mode 100644 .github/workflows/lint-test-build.yaml (limited to '.github') diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml deleted file mode 100644 index 8760b35e..00000000 --- a/.github/workflows/codeql-analysis.yml +++ /dev/null @@ -1,32 +0,0 @@ -name: "Code scanning - action" - -on: - push: - pull_request: - schedule: - - cron: '0 12 * * *' - -jobs: - CodeQL-Build: - - runs-on: ubuntu-latest - - steps: - - name: Checkout repository - uses: actions/checkout@v2 - with: - fetch-depth: 2 - - - run: git checkout HEAD^2 - if: ${{ github.event_name == 'pull_request' }} - - - name: Initialize CodeQL - uses: github/codeql-action/init@v1 - with: - languages: python - - - name: Autobuild - uses: github/codeql-action/autobuild@v1 - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 diff --git a/.github/workflows/lint-test-build.yaml b/.github/workflows/lint-test-build.yaml new file mode 100644 index 00000000..0d83c45e --- /dev/null +++ b/.github/workflows/lint-test-build.yaml @@ -0,0 +1,157 @@ +name: Lint & Test + +on: + push: + branches: + - master + # We use pull_request_target as we get PRs from + # forks, but need to be able to add annotations + # for our flake8 step. + pull_request_target: + + +jobs: + lint-test: + runs-on: ubuntu-latest + env: + # Configure pip to cache dependencies and do a user install + PIP_NO_CACHE_DIR: false + PIP_USER: 1 + + # Hide the graphical elements from pipenv's output + PIPENV_HIDE_EMOJIS: 1 + PIPENV_NOSPIN: 1 + + # Make sure pipenv does not try reuse an environment it's running in + PIPENV_IGNORE_VIRTUALENVS: 1 + + # Specify explicit paths for python dependencies and the pre-commit + # environment so we know which directories to cache + PYTHONUSERBASE: ${{ github.workspace }}/.cache/py-user-base + PRE_COMMIT_HOME: ${{ github.workspace }}/.cache/pre-commit-cache + + steps: + - name: Add custom PYTHONUSERBASE to PATH + run: echo '${{ env.PYTHONUSERBASE }}/bin/' >> $GITHUB_PATH + + # We don't want to persist credentials, as our GitHub Action + # may be run when a PR is made from a fork. + - name: Checkout repository + uses: actions/checkout@v2 + with: + persist-credentials: false + + - name: Setup python + id: python + uses: actions/setup-python@v2 + with: + python-version: '3.9' + + # This step caches our Python dependencies. To make sure we + # only restore a cache when the dependencies, the python version, + # the runner operating system, and the dependency location haven't + # changed, we create a cache key that is a composite of those states. + # + # Only when the context is exactly the same, we will restore the cache. + - name: Python Dependency Caching + uses: actions/cache@v2 + id: python_cache + with: + path: ${{ env.PYTHONUSERBASE }} + key: "python-0-${{ runner.os }}-${{ env.PYTHONUSERBASE }}-\ + ${{ steps.python.outputs.python-version }}-\ + ${{ hashFiles('./Pipfile', './Pipfile.lock') }}" + + # Install our dependencies if we did not restore a dependency cache + - name: Install dependencies using pipenv + if: steps.python_cache.outputs.cache-hit != 'true' + run: | + pip install pipenv + pipenv install --dev --deploy --system + + # This step caches our pre-commit environment. To make sure we + # do create a new environment when our pre-commit setup changes, + # we create a cache key based on relevant factors. + - name: Pre-commit Environment Caching + uses: actions/cache@v2 + with: + path: ${{ env.PRE_COMMIT_HOME }} + key: "precommit-0-${{ runner.os }}-${{ env.PRE_COMMIT_HOME }}-\ + ${{ steps.python.outputs.python-version }}-\ + ${{ hashFiles('./.pre-commit-config.yaml') }}" + + # We will not run `flake8` here, as we will use a separate flake8 + # action. As pre-commit does not support user installs, we set + # PIP_USER=0 to not do a user install. + - name: Run pre-commit hooks + run: export PIP_USER=0; SKIP=flake8 pre-commit run --all-files + + # This step requires `pull_request_target`, as adding annotations + # requires "write" permissions to the repo. + - name: Run flake8 + uses: julianwachholz/flake8-action@v1 + with: + checkName: lint-test + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Run database using docker-compose + run: docker-compose run -d -p 7777:5432 --name pydis_web postgres + + - name: Migrations and run tests with coverage.py + run: | + python manage.py makemigrations --check + python manage.py migrate + coverage run manage.py test --no-input + coverage report -m + env: + CI: GHA + DATABASE_URL: postgres://pysite:pysite@localhost:7777/pysite + METRICITY_DB_URL: postgres://pysite:pysite@localhost:7777/metricity + + # This step will publish the coverage reports coveralls.io and + # print a "job" link in the output of the GitHub Action + - name: Publish coverage report to coveralls.io + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: coveralls + + - name: Tear down docker-compose containers + run: docker-compose stop + if: ${{ always() }} + + build-and-push: + needs: lint-test + if: github.event_name != 'pull_request_target' && github.ref == 'refs/heads/master' + runs-on: ubuntu-latest + + steps: + # Create a commit SHA-based tag for the container repositories + - name: Create SHA Container Tag + id: sha_tag + run: | + tag=$(cut -c 1-7 <<< $GITHUB_SHA) + echo "::set-output name=tag::$tag" + - name: Checkout code + uses: actions/checkout@v2 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + + - name: Login to Github Container Registry + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ secrets.GHCR_USER }} + password: ${{ secrets.GHCR_TOKEN }} + + - name: Build and push + uses: docker/build-push-action@v2 + with: + context: . + file: ./Dockerfile + push: true + cache-from: type=registry,ref=ghcr.io/python-discord/site:latest + tags: | + ghcr.io/python-discord/site:latest + ghcr.io/python-discord/site:${{ steps.sha_tag.outputs.tag }} -- cgit v1.2.3 From a6a47da670f6e915c3fcb4b61b060790a21f7d75 Mon Sep 17 00:00:00 2001 From: Leon Sandøy Date: Sun, 15 Nov 2020 01:27:58 +0100 Subject: Make the value of the CI env var 'True' This makes it clearer that the env var switches on or off "CI-mode" --- .github/workflows/lint-test-build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to '.github') diff --git a/.github/workflows/lint-test-build.yaml b/.github/workflows/lint-test-build.yaml index 0d83c45e..e8d4e9cc 100644 --- a/.github/workflows/lint-test-build.yaml +++ b/.github/workflows/lint-test-build.yaml @@ -105,7 +105,7 @@ jobs: coverage run manage.py test --no-input coverage report -m env: - CI: GHA + CI: True DATABASE_URL: postgres://pysite:pysite@localhost:7777/pysite METRICITY_DB_URL: postgres://pysite:pysite@localhost:7777/metricity -- cgit v1.2.3