-
Notifications
You must be signed in to change notification settings - Fork 1
227 lines (219 loc) · 8.42 KB
/
build_breadbox.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
---
name: Build breadbox
on:
pull_request:
paths:
- "breadbox/**"
- "breadbox-client/**"
- ".github/workflows/build_breadbox.yml"
types:
- opened
- reopened
- edited
- synchronize
workflow_dispatch:
push:
branches:
- "master"
- "internal"
- "qa"
- "peddep*"
- "dmc*"
- "external*"
permissions:
contents: write
env:
DOCKER_REPO: us.gcr.io/broad-achilles/depmap-breadbox
DOCKER_TAG: ga2-build-${{ github.run_number }}
jobs:
check-pr-title:
runs-on: ubuntu-latest
if: ${{ github.event_name == 'pull_request' && github.base_ref == 'master' }}
defaults:
run:
working-directory: ./breadbox
steps:
- name: Check out
uses: actions/checkout@v3
with:
token: "${{ secrets.GITHUB_TOKEN }}"
fetch-depth: 0
- name: Install and configure Poetry
uses: snok/install-poetry@v1
with:
version: 1.7.1
virtualenvs-create: true
virtualenvs-in-project: true
- name: Set up cache
uses: actions/cache@v2
id: cached-poetry-dependencies
with:
path: .venv
key: venv-${{ runner.os }}-${{ steps.full-python-version.outputs.version }}-${{ hashFiles('**/poetry.lock') }}
- name: Install dependencies from project
run: poetry install
# if: steps.cached-poetry-dependencies.outputs.cache-hit != 'true'
# We want to use the rules defined in breadbox/pyproject.toml
- name: Check PR title
run: poetry run cz check -m '${{ github.event.pull_request.title }}'
pyright-breadbox-client:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Generate breadbox client
uses: ./.github/actions/generate-breadbox-client # defined as a re-usable action
- name: check that the breadbox client passes pyright
working-directory: ./breadbox-client
run: |
poetry install && poetry run pyright breadbox_facade
build-docker:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Update build id
run: |
echo "SHA=\"${{ github.sha }}\"" > breadbox/build.py
- name: Login to GCR
uses: docker/login-action@v1
with:
registry: us.gcr.io
username: _json_key
password: ${{ secrets.DEPMAP_DEPLOY_SVC_ACCT }}
- name: Build Elara
run: |
yarn --cwd frontend install
yarn --cwd frontend test
yarn --cwd frontend "build:elara"
- name: build docker image
run: bash breadbox/build-docker-image.sh ${{ env.DOCKER_REPO }}:${{ env.DOCKER_TAG }}
- name: Run pyright-ratchet
run: |
docker run -v $PWD/breadbox/pyright-ratchet-errors.txt:/install/breadbox/pyright-ratchet-errors.txt ${{ env.DOCKER_REPO }}:${{ env.DOCKER_TAG }} poetry run pyright-ratchet
- name: Push Docker image
run: docker push ${{ env.DOCKER_REPO }}:${{ env.DOCKER_TAG }}
run-pytest:
runs-on: ubuntu-latest
needs: build-docker
steps:
- uses: actions/checkout@v2
- name: Login to GCR
uses: docker/login-action@v1
with:
registry: us.gcr.io
username: _json_key
password: ${{ secrets.DEPMAP_DEPLOY_SVC_ACCT }}
- name: Pull Docker image
run: docker pull ${{ env.DOCKER_REPO }}:${{ env.DOCKER_TAG }}
- name: Run pytest
run: |
cd breadbox
docker run -e PYTHONWARNINGS="ignore::DeprecationWarning" -v $PWD/mypy.ini:/install/breadbox/mypy.ini -v $PWD/.env.dev:/install/breadbox/.env -v $PWD/tests:/install/breadbox/tests ${{ env.DOCKER_REPO }}:${{ env.DOCKER_TAG }} poetry run pytest
push-docker-tag:
runs-on: ubuntu-latest
needs:
- build-docker
- run-pytest
steps:
- uses: actions/checkout@v2
- name: Login to GCR
uses: docker/login-action@v1
with:
registry: us.gcr.io
username: _json_key
password: ${{ secrets.DEPMAP_DEPLOY_SVC_ACCT }}
- name: Pull Docker image
run: docker pull ${{ env.DOCKER_REPO }}:${{ env.DOCKER_TAG }}
- name: Push Docker tags
run: |
chmod +x ./.github/push_docker.py
# GITHUB_REF##*/ is github actions magic which expands to the branch name
./.github/push_docker.py ${{ env.DOCKER_REPO }} ${{ env.DOCKER_REPO }}:${{ env.DOCKER_TAG }} ${GITHUB_REF##*/}
bump-versions:
if: ${{ !startsWith(github.event.head_commit.message, 'bump:') && (!startsWith(github.actor, 'github-actions') || !startsWith(github.event.pusher.name, 'github-actions')) && (github.ref_name == 'master') && (github.event_name == 'push') }}
needs: push-docker-tag
runs-on: ubuntu-latest
name: "Bump breadbox and breadbox-client version and create changelog with commitizen"
outputs:
# Map the step outputs to job outputs
current_version: ${{ steps.current-version.outputs.current_version }}
bumped_version: ${{ steps.bumped-version.outputs.bumped_version }}
defaults:
run:
working-directory: ./breadbox
steps:
- name: Check out
uses: actions/checkout@v3
with:
token: "${{ secrets.GITHUB_TOKEN }}"
fetch-depth: 0
- name: Install and configure Poetry
uses: snok/install-poetry@v1
with:
version: 1.7.1
virtualenvs-create: true
virtualenvs-in-project: true
- name: Install dependencies
run: poetry install
- name: Store current version
id: current-version
run: echo "current_version=$(poetry run cz version -p)" >> $GITHUB_OUTPUT
- name: Get current version
run: echo "${{ steps.current-version.outputs.current_version}}"
- name: Bump version and tag
run: |
git config user.name github-actions
git config user.email [email protected]
git pull origin HEAD:master
poetry run ./bb bump-version
git push origin HEAD:master
git push origin HEAD:master --tags
- name: Store bumped version
id: bumped-version
run: echo "bumped_version=$(poetry run cz version -p)" >> $GITHUB_OUTPUT
- name: Get bumped version
run: echo "${{ steps.current-version.outputs.bumped_version}}"
publish-breadbox-client:
needs: bump-versions
if: ${{ (needs.bump-versions.outputs.current_version != needs.bump-versions.outputs.bumped_version) && (github.ref_name == 'master') }}
runs-on: ubuntu-latest
steps:
- name: Check out
uses: actions/checkout@v3
with:
token: "${{ secrets.GITHUB_TOKEN }}"
fetch-depth: 0
- run: |
git pull origin HEAD:master
- name: Authenticate to Google Cloud
uses: google-github-actions/auth@v2
with:
# See instructions here: https://github.com/google-github-actions/auth?tab=readme-ov-file#service-account-key-json
credentials_json: ${{ secrets.DEPMAP_ARTIFACTS_SVC_ACCT }}
- name: Install and configure Poetry
uses: snok/install-poetry@v1
with:
version: 1.7.1
virtualenvs-create: true
virtualenvs-in-project: true
- name: Set up cache
uses: actions/cache@v2
id: cached-poetry-dependencies
with:
path: .venv
key: venv-${{ runner.os }}-${{ steps.full-python-version.outputs.version }}-${{ hashFiles('**/poetry.lock') }}
- name: Generate breadbox client
uses: ./.github/actions/generate-breadbox-client # defined as a re-usable action
# the above does a checkout which deletes the credential file, so we need to execute authenticate to google cloud after it
- name: Authenticate to Google Cloud
uses: google-github-actions/auth@v2
with:
# See instructions here: https://github.com/google-github-actions/auth?tab=readme-ov-file#service-account-key-json
credentials_json: ${{ secrets.DEPMAP_ARTIFACTS_SVC_ACCT }}
- name: Set up for publishing breadbox client
working-directory: ./breadbox-client
run: |
poetry self add keyrings.google-artifactregistry-auth
poetry config repositories.public-python https://us-central1-python.pkg.dev/cds-artifacts/public-python/
- name: Publish new breadbox client version to Artifact Registry
working-directory: ./breadbox-client
run: poetry publish --build --repository public-python