Skip to content

🔒 Raise error if migration is done by wrong user #4693

🔒 Raise error if migration is done by wrong user

🔒 Raise error if migration is done by wrong user #4693

Workflow file for this run

name: build
on:
push:
branches: [main, staging]
pull_request:
branches: [main]
repository_dispatch:
types: [build]
jobs:
# tests only on production hub
hub-prod:
runs-on: ubuntu-latest
timeout-minutes: 6
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
with:
python-version: "3.10" # run one job on 3.9
cache: "pip"
- uses: aws-actions/configure-aws-credentials@v2
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: eu-central-1
- run: pip install "laminci@git+https://x-access-token:${{ secrets.LAMIN_BUILD_DOCS }}@github.com/laminlabs/laminci"
- run: nox -s "install(group='hub-prod')"
- run: nox -s "build(lamin_env='prod', group='hub-prod')"
- uses: actions/upload-artifact@v2
with:
name: coverage--hub-prod
path: .coverage
# tests both on production and staging hub
hub-cloud:
runs-on: ubuntu-22.04
strategy:
fail-fast: false
matrix:
include:
- lamin_env: "prod"
python-version: "3.11"
- lamin_env: "staging"
python-version: "3.10" # test on 3.9
timeout-minutes: 7
steps:
- uses: aws-actions/configure-aws-credentials@v2
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: eu-central-1
- uses: actions/checkout@v4
- uses: actions/setup-python@v4
with:
python-version: ${{ matrix.python-version }}
cache: "pip"
cache-dependency-path: ".github/workflows/build.yml"
- uses: actions/checkout@v4
with:
repository: laminlabs/laminhub
token: ${{ secrets.GH_TOKEN_DEPLOY_LAMINAPP }}
path: laminhub
ref: main
- uses: actions/cache@v3
with:
path: ~/.cache/pre-commit
key: pre-commit-${{ runner.os }}-${{ hashFiles('.pre-commit-config.yaml') }}
- id: cache-postgres
uses: actions/cache@v3
with:
path: ~/postgres.tar
key: cache-postgres-0
- if: steps.cache-postgres.outputs.cache-hit != 'true'
run: docker pull postgres:latest && docker image save postgres:latest --output ~/postgres.tar
- if: steps.cache-postgres.outputs.cache-hit == 'true'
run: docker image load --input ~/postgres.tar
- run: pip install "laminci@git+https://x-access-token:${{ secrets.LAMIN_BUILD_DOCS }}@github.com/laminlabs/laminci"
# account for in a different job
# - uses: "google-github-actions/auth@v0"
# with:
# credentials_json: "${{ secrets.GCP_CREDENTIALS }}"
# - uses: "google-github-actions/setup-gcloud@v0"
- run: nox -s "install(group='hub-cloud')"
- run: nox -s "build(lamin_env='${{ matrix.lamin_env }}', group='hub-cloud')"
- uses: actions/upload-artifact@v2
if: ${{ matrix.lamin_env == 'prod' }}
with:
name: coverage--hub-cloud
path: .coverage
# test user access to storage
storage:
runs-on: ubuntu-latest
timeout-minutes: 6
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v4
with:
python-version: "3.9"
cache: "pip"
cache-dependency-path: ".github/workflows/build.yml"
- run: pip install "laminci@git+https://x-access-token:${{ secrets.LAMIN_BUILD_DOCS }}@github.com/laminlabs/laminci"
- run: nox -s "install(group='storage')"
- run: nox -s lint
- run: nox -s storage
env:
TEST_INSTANCE_PRIVATE_POSTGRES: ${{ secrets.TEST_INSTANCE_PRIVATE_POSTGRES }}
TMP_AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
TMP_AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
- uses: actions/upload-artifact@v2
with:
name: coverage--storage
path: .coverage
# test low-level hub functionality
hub-local:
runs-on: ubuntu-latest
timeout-minutes: 6
steps:
- uses: aws-actions/configure-aws-credentials@v2
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: eu-central-1
- uses: actions/checkout@v4
- uses: actions/checkout@v4
with:
repository: laminlabs/laminhub
token: ${{ secrets.GH_TOKEN_DEPLOY_LAMINAPP }}
path: laminhub
ref: main
- name: Set env file for local test of edge functions
run: |
touch .env.local
echo "AWS_ACCESS_KEY_ID_HOSTED_S3=${{ secrets.AWS_ACCESS_KEY_ID }}" >> .env.local
echo "AWS_SECRET_ACCESS_KEY_HOSTED_S3=${{ secrets.AWS_SECRET_ACCESS_KEY }}" >> .env.local
working-directory: laminhub/rest-hub/supabase
- uses: actions/setup-python@v4
with:
python-version: "3.11" # we need to run everything for coverage on 3.11
cache: "pip"
cache-dependency-path: ".github/workflows/build.yml"
- run: pip install "laminci@git+https://x-access-token:${{ secrets.LAMIN_BUILD_DOCS }}@github.com/laminlabs/laminci"
- run: nox -s "install(group='hub-local')"
- id: cache-supabase
uses: actions/cache@v3
with:
path: /var/lib/docker
key: cache-supabase
- uses: supabase/setup-cli@v1
- run: nox -s hub_local
env:
LAMIN_ENV: "local"
- uses: actions/upload-artifact@v2
with:
name: coverage--hub-local
path: .coverage
coverage:
needs: [hub-prod, hub-cloud, storage, hub-local]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v4
with:
python-version: "3.11"
cache: "pip"
- run: |
pip install coverage[toml]
pip install --no-deps .
- uses: actions/download-artifact@v2
- name: run coverage
run: |
coverage combine coverage--*/.coverage*
coverage report --fail-under=0
coverage xml
- uses: codecov/codecov-action@v2
with:
token: ${{ secrets.CODECOV_TOKEN }}
docs:
needs: hub-cloud
runs-on: ubuntu-latest
steps:
- uses: aws-actions/configure-aws-credentials@v2
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: eu-central-1
- uses: actions/checkout@v4
with:
submodules: recursive
fetch-depth: 0
- name: checkout lndocs
uses: actions/checkout@v4
with:
repository: laminlabs/lndocs
ssh-key: ${{ secrets.READ_LNDOCS }}
path: lndocs
ref: main
- uses: actions/setup-python@v4
with:
python-version: "3.10"
cache: "pip"
cache-dependency-path: ".github/workflows/build.yml"
- run: pip install "laminci@git+https://x-access-token:${{ secrets.LAMIN_BUILD_DOCS }}@github.com/laminlabs/laminci"
- run: nox -s "install(group='docs')"
- uses: actions/download-artifact@v2
- run: nox -s docs
- uses: nwtgck/[email protected]
with:
publish-dir: "_build/html"
production-deploy: ${{ github.event_name == 'push' }}
github-token: ${{ secrets.GITHUB_TOKEN }}
enable-commit-comment: false
env:
NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }}
NETLIFY_SITE_ID: ${{ secrets.NETLIFY_SITE_ID }}
notify:
if: always()
# this here is only for notifying developers of laminhub
# hence, it only needs groups hub-local and hub-cloud
needs: [hub-local, hub-cloud]
runs-on: ubuntu-latest
steps:
- uses: voxmedia/github-action-slack-notify-build@v1
if: ${{ needs.hub-local.result == 'success' && needs.hub-cloud.result == 'success' && github.event_name == 'repository_dispatch' }}
env:
SLACK_BOT_TOKEN: ${{ secrets.SLACK_GITHUB_ACTION }}
with:
channel_id: C05S2C02JHM
status: SUCCESS
color: good
- uses: voxmedia/github-action-slack-notify-build@v1
if: ${{ ( needs.hub-local.result == 'failure' || needs.hub-cloud.result == 'failure' ) && github.event_name == 'repository_dispatch' }}
env:
SLACK_BOT_TOKEN: ${{ secrets.SLACK_GITHUB_ACTION }}
with:
channel_id: C05S2C02JHM
status: FAILURE
color: danger