🔒 Raise error if migration is done by wrong user #4693
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: build | |
on: | |
push: | |
branches: [main, staging] | |
pull_request: | |
branches: [main] | |
repository_dispatch: | |
types: [build] | |
jobs: | |
# tests only on production hub | |
hub-prod: | |
runs-on: ubuntu-latest | |
timeout-minutes: 6 | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: "3.10" # run one job on 3.9 | |
cache: "pip" | |
- uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: eu-central-1 | |
- run: pip install "laminci@git+https://x-access-token:${{ secrets.LAMIN_BUILD_DOCS }}@github.com/laminlabs/laminci" | |
- run: nox -s "install(group='hub-prod')" | |
- run: nox -s "build(lamin_env='prod', group='hub-prod')" | |
- uses: actions/upload-artifact@v2 | |
with: | |
name: coverage--hub-prod | |
path: .coverage | |
# tests both on production and staging hub | |
hub-cloud: | |
runs-on: ubuntu-22.04 | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- lamin_env: "prod" | |
python-version: "3.11" | |
- lamin_env: "staging" | |
python-version: "3.10" # test on 3.9 | |
timeout-minutes: 7 | |
steps: | |
- uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: eu-central-1 | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: ${{ matrix.python-version }} | |
cache: "pip" | |
cache-dependency-path: ".github/workflows/build.yml" | |
- uses: actions/checkout@v4 | |
with: | |
repository: laminlabs/laminhub | |
token: ${{ secrets.GH_TOKEN_DEPLOY_LAMINAPP }} | |
path: laminhub | |
ref: main | |
- uses: actions/cache@v3 | |
with: | |
path: ~/.cache/pre-commit | |
key: pre-commit-${{ runner.os }}-${{ hashFiles('.pre-commit-config.yaml') }} | |
- id: cache-postgres | |
uses: actions/cache@v3 | |
with: | |
path: ~/postgres.tar | |
key: cache-postgres-0 | |
- if: steps.cache-postgres.outputs.cache-hit != 'true' | |
run: docker pull postgres:latest && docker image save postgres:latest --output ~/postgres.tar | |
- if: steps.cache-postgres.outputs.cache-hit == 'true' | |
run: docker image load --input ~/postgres.tar | |
- run: pip install "laminci@git+https://x-access-token:${{ secrets.LAMIN_BUILD_DOCS }}@github.com/laminlabs/laminci" | |
# account for in a different job | |
# - uses: "google-github-actions/auth@v0" | |
# with: | |
# credentials_json: "${{ secrets.GCP_CREDENTIALS }}" | |
# - uses: "google-github-actions/setup-gcloud@v0" | |
- run: nox -s "install(group='hub-cloud')" | |
- run: nox -s "build(lamin_env='${{ matrix.lamin_env }}', group='hub-cloud')" | |
- uses: actions/upload-artifact@v2 | |
if: ${{ matrix.lamin_env == 'prod' }} | |
with: | |
name: coverage--hub-cloud | |
path: .coverage | |
# test user access to storage | |
storage: | |
runs-on: ubuntu-latest | |
timeout-minutes: 6 | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: "3.9" | |
cache: "pip" | |
cache-dependency-path: ".github/workflows/build.yml" | |
- run: pip install "laminci@git+https://x-access-token:${{ secrets.LAMIN_BUILD_DOCS }}@github.com/laminlabs/laminci" | |
- run: nox -s "install(group='storage')" | |
- run: nox -s lint | |
- run: nox -s storage | |
env: | |
TEST_INSTANCE_PRIVATE_POSTGRES: ${{ secrets.TEST_INSTANCE_PRIVATE_POSTGRES }} | |
TMP_AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
TMP_AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
- uses: actions/upload-artifact@v2 | |
with: | |
name: coverage--storage | |
path: .coverage | |
# test low-level hub functionality | |
hub-local: | |
runs-on: ubuntu-latest | |
timeout-minutes: 6 | |
steps: | |
- uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: eu-central-1 | |
- uses: actions/checkout@v4 | |
- uses: actions/checkout@v4 | |
with: | |
repository: laminlabs/laminhub | |
token: ${{ secrets.GH_TOKEN_DEPLOY_LAMINAPP }} | |
path: laminhub | |
ref: main | |
- name: Set env file for local test of edge functions | |
run: | | |
touch .env.local | |
echo "AWS_ACCESS_KEY_ID_HOSTED_S3=${{ secrets.AWS_ACCESS_KEY_ID }}" >> .env.local | |
echo "AWS_SECRET_ACCESS_KEY_HOSTED_S3=${{ secrets.AWS_SECRET_ACCESS_KEY }}" >> .env.local | |
working-directory: laminhub/rest-hub/supabase | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: "3.11" # we need to run everything for coverage on 3.11 | |
cache: "pip" | |
cache-dependency-path: ".github/workflows/build.yml" | |
- run: pip install "laminci@git+https://x-access-token:${{ secrets.LAMIN_BUILD_DOCS }}@github.com/laminlabs/laminci" | |
- run: nox -s "install(group='hub-local')" | |
- id: cache-supabase | |
uses: actions/cache@v3 | |
with: | |
path: /var/lib/docker | |
key: cache-supabase | |
- uses: supabase/setup-cli@v1 | |
- run: nox -s hub_local | |
env: | |
LAMIN_ENV: "local" | |
- uses: actions/upload-artifact@v2 | |
with: | |
name: coverage--hub-local | |
path: .coverage | |
coverage: | |
needs: [hub-prod, hub-cloud, storage, hub-local] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: "3.11" | |
cache: "pip" | |
- run: | | |
pip install coverage[toml] | |
pip install --no-deps . | |
- uses: actions/download-artifact@v2 | |
- name: run coverage | |
run: | | |
coverage combine coverage--*/.coverage* | |
coverage report --fail-under=0 | |
coverage xml | |
- uses: codecov/codecov-action@v2 | |
with: | |
token: ${{ secrets.CODECOV_TOKEN }} | |
docs: | |
needs: hub-cloud | |
runs-on: ubuntu-latest | |
steps: | |
- uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: eu-central-1 | |
- uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
fetch-depth: 0 | |
- name: checkout lndocs | |
uses: actions/checkout@v4 | |
with: | |
repository: laminlabs/lndocs | |
ssh-key: ${{ secrets.READ_LNDOCS }} | |
path: lndocs | |
ref: main | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: "3.10" | |
cache: "pip" | |
cache-dependency-path: ".github/workflows/build.yml" | |
- run: pip install "laminci@git+https://x-access-token:${{ secrets.LAMIN_BUILD_DOCS }}@github.com/laminlabs/laminci" | |
- run: nox -s "install(group='docs')" | |
- uses: actions/download-artifact@v2 | |
- run: nox -s docs | |
- uses: nwtgck/[email protected] | |
with: | |
publish-dir: "_build/html" | |
production-deploy: ${{ github.event_name == 'push' }} | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
enable-commit-comment: false | |
env: | |
NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }} | |
NETLIFY_SITE_ID: ${{ secrets.NETLIFY_SITE_ID }} | |
notify: | |
if: always() | |
# this here is only for notifying developers of laminhub | |
# hence, it only needs groups hub-local and hub-cloud | |
needs: [hub-local, hub-cloud] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: voxmedia/github-action-slack-notify-build@v1 | |
if: ${{ needs.hub-local.result == 'success' && needs.hub-cloud.result == 'success' && github.event_name == 'repository_dispatch' }} | |
env: | |
SLACK_BOT_TOKEN: ${{ secrets.SLACK_GITHUB_ACTION }} | |
with: | |
channel_id: C05S2C02JHM | |
status: SUCCESS | |
color: good | |
- uses: voxmedia/github-action-slack-notify-build@v1 | |
if: ${{ ( needs.hub-local.result == 'failure' || needs.hub-cloud.result == 'failure' ) && github.event_name == 'repository_dispatch' }} | |
env: | |
SLACK_BOT_TOKEN: ${{ secrets.SLACK_GITHUB_ACTION }} | |
with: | |
channel_id: C05S2C02JHM | |
status: FAILURE | |
color: danger |