-
Notifications
You must be signed in to change notification settings - Fork 0
193 lines (160 loc) · 5.44 KB
/
cicd.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
name: CI/CD
on:
push:
branches:
- main
tags-ignore:
- '**'
pull_request:
types: [opened, reopened, synchronize]
release:
types: [published]
workflow_dispatch:
jobs:
## SETUP -------------------------------------------------------------------
# Set up the workflow (load environment variables, install dependencies) and
# provide data (Python version matrix) for subsequent jobs
setup:
name: Workflow Setup
uses: ./.github/workflows/_get_matrix_config.yml
## PYTHON TESTS ------------------------------------------------------------
# Run Python unit and integration tests
test:
name: Python Tests (Python ${{ matrix.python-version }})
needs: setup
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix: ${{ fromJSON(needs.setup.outputs.matrix) }}
steps:
- name: Check Out Repository Files
uses: actions/checkout@v3
- name: Run Setup Action
uses: ./.github/workflows/composite-actions/setup
with:
python-version: ${{ matrix.python-version }}
pip-requirements-file: requirements.txt
- name: Run Python Tests
run: python3 run_tests.py
test-success:
name: Determine Python Test Success
needs: test
if: ${{ success() }}
uses: ./.github/workflows/_matrix_output_success.yml
test-status-check:
name: Python Tests
needs: test-success
if: ${{ always() }}
uses: ./.github/workflows/_matrix_status_check.yml
with:
success: ${{ needs.test-success.outputs.success }}
## LINTING -----------------------------------------------------------------
# Run several Python code linters and scans to enforce code style, reduce
# the risk of bugs, and check for security vulnerabilities
linting:
name: Python Code Linting (Python ${{ matrix.python-version }})
needs: setup
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix: ${{ fromJSON(needs.setup.outputs.matrix) }}
steps:
- name: Check Out Repository Files
uses: actions/checkout@v3
- name: Run Setup Action
uses: ./.github/workflows/composite-actions/setup
with:
python-version: ${{ matrix.python-version }}
- name: Run Linting with Pylint
if: ${{ always() }}
run: pylint "${{ env.PACKAGE_NAME }}"
- name: Run Linting with Flake8
if: ${{ always() }}
run: flake8 --count "${{ env.PACKAGE_NAME }}"
- name: Run Static Type Checking with Mypy
if: ${{ always() }}
run: mypy "${{ env.PACKAGE_NAME }}"
- name: Run Security Analysis Scan
if: ${{ always() }}
run: bandit -rv "${{ env.PACKAGE_NAME }}"
linting-success:
name: Determine Python Code Linting Success
needs: linting
if: ${{ success() }}
uses: ./.github/workflows/_matrix_output_success.yml
linting-status-check:
name: Python Code Linting
needs: linting-success
if: ${{ always() }}
uses: ./.github/workflows/_matrix_status_check.yml
with:
success: ${{ needs.linting-success.outputs.success }}
## SPHINX DOCUMENTATION TESTS ----------------------------------------------
# Checks the project documentation for build and spelling issues
doc-tests:
name: Documentation Tests
runs-on: ubuntu-latest
steps:
- name: Check Out Repository Files
uses: actions/checkout@v3
- name: Run Setup Action
uses: ./.github/workflows/composite-actions/setup
with:
python-version: release
pip-requirements-file: docs/requirements.txt
- name: Build Documentation
if: ${{ always() }}
run: |
cd $GITHUB_WORKSPACE/docs
SPHINXOPTS="-W" make html
- name: Run Spell-Checking
if: ${{ always() }}
run: |
cd $GITHUB_WORKSPACE/docs
SPHINXOPTS="-W" make spelling
- name: Test Documentation Code Snippets
if: ${{ always() }}
run: |
cd $GITHUB_WORKSPACE/docs
SPHINXOPTS="-W" make doctest
# DEPLOYMENT ---------------------------------------------------------------
# Build a distributable package, upload as a workflow artifact, and possibly
# publish to PyPI
deploy:
name: Build and Deploy Package
needs:
- test-status-check
- linting-status-check
- doc-tests
if: ${{ success() }}
runs-on: ubuntu-latest
steps:
- name: Check Out Repository Files
uses: actions/checkout@v3
- name: Run Setup Action
uses: ./.github/workflows/composite-actions/setup
with:
python-version: release
- name: Build Package
run: python3 -m build --sdist --wheel --outdir dist/ .
- name: Run Twine Check
run: twine check --strict dist/*
- name: Upload Package as Artifact
uses: actions/upload-artifact@v3
with:
name: dist-upload
path: dist/
retention-days: 7
if-no-files-found: error
- name: Check Release Formatting and Tag
if: ${{ github.event_name == 'release' }}
uses: ./.github/workflows/composite-actions/check-release
with:
package-name: ${{ env.PACKAGE_NAME }}
release-tag: ${{ github.ref_name }}
- name: Publish to PyPI
if: ${{ success() && github.event_name == 'release' }}
env:
TWINE_USERNAME: __token__
TWINE_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
run: twine upload --verbose dist/*