From d30746d25e67a72b8805fe313bea7d157e0f4354 Mon Sep 17 00:00:00 2001 From: Jonathan Sick Date: Wed, 20 Dec 2023 16:02:43 -0500 Subject: [PATCH] Update github actions to match template Update GitHub Actions workflows, including integrating Neophile for dependency updates. Uses the build-and-push-to-ghcr action for docker builds. --- .github/workflows/ci.yaml | 64 ++++++++----------- .github/workflows/dependencies.yaml | 33 ++++++++++ .github/workflows/periodic-ci.yaml | 50 +++++++++++++++ changelog.d/20231220_160149_jsick_DM_40143.md | 3 + 4 files changed, 113 insertions(+), 37 deletions(-) create mode 100644 .github/workflows/dependencies.yaml create mode 100644 .github/workflows/periodic-ci.yaml create mode 100644 changelog.d/20231220_160149_jsick_DM_40143.md diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index e1b1c90..d60e3e0 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -1,6 +1,8 @@ name: CI "on": + merge_group: {} + pull_request: {} push: branches-ignore: # These should always correspond to pull requests, so ignore them for @@ -8,21 +10,17 @@ name: CI # trigger, avoiding running the workflow twice. This is a minor # optimization so there's no need to ensure this is comprehensive. - "dependabot/**" + - "gh-readonly-queue/**" - "renovate/**" - "tickets/**" - "u/**" tags: - "*" - pull_request: {} jobs: - test: + lint: runs-on: ubuntu-latest - - strategy: - matrix: - python: - - "3.11" + timeout-minutes: 5 steps: - uses: actions/checkout@v3 @@ -30,11 +28,23 @@ jobs: - name: Set up Python uses: actions/setup-python@v4 with: - python-version: ${{ matrix.python }} + python-version: "3.11" - name: Run pre-commit uses: pre-commit/action@v3.0.0 + test: + runs-on: ubuntu-latest + timeout-minutes: 10 + + strategy: + matrix: + python: + - "3.11" + + steps: + - uses: actions/checkout@v3 + - name: Run tox uses: lsst-sqre/run-tox@v1 with: @@ -43,7 +53,8 @@ jobs: build: runs-on: ubuntu-latest - needs: [test] + needs: [lint, test] + timeout-minutes: 10 # Only do Docker builds of tagged releases and pull requests from ticket # branches. This will still trigger on pull requests from untrusted @@ -51,38 +62,17 @@ jobs: # but in this case the build will fail with an error since the secret # won't be set. if: > - startsWith(github.ref, 'refs/tags/') - || startsWith(github.head_ref, 'tickets/') + github.event_name != 'merge_group' + && (startsWith(github.ref, 'refs/tags/') + || startsWith(github.head_ref, 'tickets/')) steps: - uses: actions/checkout@v3 with: fetch-depth: 0 - - name: Define the Docker tag - id: vars - run: echo ::set-output name=tag::$(scripts/docker-tag.sh) - - - name: Print the tag - id: print - run: echo ${{ steps.vars.outputs.tag }} - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - - - name: Log in to GitHub Container Registry - uses: docker/login-action@v2 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Build and push - uses: docker/build-push-action@v4 + - uses: lsst-sqre/build-and-push-to-ghcr@v1 + id: build with: - context: . - push: true - tags: | - ghcr.io/lsst-sqre/noteburst:${{ steps.vars.outputs.tag }} - cache-from: type=gha - cache-to: type=gha,mode=max + image: ${{ github.repository }} + github_token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/dependencies.yaml b/.github/workflows/dependencies.yaml new file mode 100644 index 0000000..96075c9 --- /dev/null +++ b/.github/workflows/dependencies.yaml @@ -0,0 +1,33 @@ +name: Dependency Update + +"on": + schedule: + - cron: "0 12 * * 1" + workflow_dispatch: {} + +jobs: + update: + runs-on: ubuntu-latest + timeout-minutes: 10 + + steps: + - uses: actions/checkout@v3 + + - name: Run neophile + uses: lsst-sqre/run-neophile@v1 + with: + python-version: "3.11" + mode: pr + types: pre-commit + app-id: ${{ secrets.NEOPHILE_APP_ID }} + app-secret: ${{ secrets.NEOPHILE_PRIVATE_KEY }} + + - name: Report status + if: always() + uses: ravsamhq/notify-slack-action@v2 + with: + status: ${{ job.status }} + notify_when: "failure" + notification_title: "Periodic dependency update for {repo} failed" + env: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_ALERT_WEBHOOK }} diff --git a/.github/workflows/periodic-ci.yaml b/.github/workflows/periodic-ci.yaml new file mode 100644 index 0000000..b7bb9fe --- /dev/null +++ b/.github/workflows/periodic-ci.yaml @@ -0,0 +1,50 @@ +# This is a separate run of the Python test suite that runs from a schedule, +# doesn't cache the tox environment, and updates pinned dependencies first. +# The purpose is to test compatibility with the latest versions of +# dependencies. + +name: Periodic CI + +"on": + schedule: + - cron: "0 12 * * 1" + workflow_dispatch: {} + +jobs: + test: + runs-on: ubuntu-latest + timeout-minutes: 10 + + strategy: + matrix: + python: + - "3.11" + + steps: + - uses: actions/checkout@v3 + + # Use the oldest supported version of Python to update dependencies, + # not the matrixed Python version, since this accurately reflects + # how dependencies should later be updated. + - name: Run neophile + uses: lsst-sqre/run-neophile@v1 + with: + python-version: "3.11" + mode: update + + - name: Run tests in tox + uses: lsst-sqre/run-tox@v1 + with: + python-version: ${{ matrix.python }} + tox-envs: "lint,typing,py" + use-cache: false + + - name: Report status + if: always() + uses: ravsamhq/notify-slack-action@v2 + with: + status: ${{ job.status }} + notify_when: "failure" + notification_title: "Periodic test for {repo} failed" + env: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_ALERT_WEBHOOK }} diff --git a/changelog.d/20231220_160149_jsick_DM_40143.md b/changelog.d/20231220_160149_jsick_DM_40143.md new file mode 100644 index 0000000..67b2590 --- /dev/null +++ b/changelog.d/20231220_160149_jsick_DM_40143.md @@ -0,0 +1,3 @@ +### Other changes + +- Update GitHub Actions workflows, including integrating Neophile for dependency updates.