Setup Github CI

Signed-off-by: Aurélien Bompard <[email protected]>
fedora-infra · Apr 11, 2024 · 4dec208 · 4dec208
1 parent 62438a4
commit 4dec208
Show file tree

Hide file tree

Showing 5 changed files with 186 additions and 30 deletions.
diff --git a/.cico.pipeline b/.cico.pipeline
diff --git a/.github/renovate.json b/.github/renovate.json
@@ -0,0 +1,4 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": ["local>fedora-infra/shared:renovate-config"]
+}
diff --git a/.github/workflows/label-when-deployed.yml b/.github/workflows/label-when-deployed.yml
@@ -0,0 +1,26 @@
+name: Apply labels when deployed
+
+on:
+  push:
+    branches:
+      - staging
+      - stable
+
+jobs:
+  label:
+    name: Apply labels
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Staging deployment
+        uses: fedora-infra/label-when-in-branch@v1
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          branch: staging
+          label: deployed:staging
+      - name: Production deployment
+        uses: fedora-infra/label-when-in-branch@v1
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          branch: stable
+          label: deployed:prod
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -1,28 +1,155 @@
-name: Running Fedora Badges test cases on GitHub Actions
+name: Test & Build
+
 on:
   push:
     branches:
+      - stable
       - develop
+    tags:
   pull_request:
     branches:
+      - stable
       - develop
+
 jobs:
-  fedora-badges:
+
+  # checks:
+  #   name: Checks
+  #   runs-on: ubuntu-latest
+  #   container: fedorapython/fedora-python-tox:latest
+  #   steps:
+  #     - uses: actions/checkout@v4
+
+  #     - name: Install dependencies
+  #       run: |
+  #         dnf install -y pre-commit git libpq-devel krb5-devel
+  #         pip install poetry>=1.2
+
+  #     - name: Mark the working directory as safe for Git
+  #       run: git config --global --add safe.directory $PWD
+
+  #     - name: Install the project
+  #       run: poetry install
+
+  #     - name: Run pre-commit checks
+  #       run: pre-commit run --all-files
+
+  unit-tests:
+    name: Unit tests
     runs-on: ubuntu-latest
+    container: fedorapython/fedora-python-tox:latest
     steps:
-      - name: "What was the triggering event for this job?"
-        run: echo "The job was automatically triggered by a ${{ github.event_name }} event."
-      - name: "What is the job running on?"
-        run: echo "This job is now running on a ${{ runner.os }} server."
-      - name: "Which branch of the repository are running the job on?"
-        run: echo "The job is running on ${{ github.ref }} branch of ${{ github.repository }} repository."
-      - name: "Checkout the branch code into the container"
-        uses: actions/checkout@v2
-      - name: "Install libkrb5-dev on Ubuntu as one of the recurring dependencies"
-        run: sudo apt install libkrb5-dev -y
-      - name: "Install the dependencies locally"
-        run: pip3 install -r requirements.txt
-      - name: "Run Tox tests on the cloned repository"
-        run: python3 setup.py test
-      - name: "What was the job outcome status?"
-        run: echo "This job's status is ${{ job.status }}."
+      - uses: actions/checkout@v4
+
+      - name: Install dependencies
+        run: |
+          dnf install -y libpq-devel krb5-devel
+          pip install poetry>=1.2
+
+      - name: Run the tests
+        run: tox -e ${{ matrix.pyver }}
+
+    strategy:
+      matrix:
+        pyver:
+          - py310
+          - py311
+          - py312
+
+
+  # https://packaging.python.org/en/latest/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/
+  build:
+    name: Build distribution 📦
+    runs-on: ubuntu-latest
+    needs:
+      # - checks
+      - unit-tests
+    # outputs:
+    #   release-notes: ${{ steps.extract-changelog.outputs.markdown }}
+
+    steps:
+
+      - uses: actions/checkout@v4
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.x"
+
+      - name: Install pypa/build
+        run: python3 -m pip install build --user
+
+      - name: Build a binary wheel and a source tarball
+        run: python3 -m build
+
+      - name: Store the distribution packages
+        uses: actions/upload-artifact@v3
+        with:
+          name: python-package-distributions
+          path: dist/
+
+      # - name: Extract changelog section
+      #   id: extract-changelog
+      #   uses: sean0x42/markdown-extract@v2
+      #   with:
+      #     file: docs/release_notes.md
+      #     pattern: 'Version\s+\[[[:word:].-]+\]\(.*\)'
+      #     no-print-matched-heading: true
+      # - name: Show the changelog
+      #   env:
+      #     CHANGELOG: ${{ steps.extract-changelog.outputs.markdown }}
+      #   run: echo "$CHANGELOG"
+
+
+  publish-to-pypi:
+    name: Publish to PyPI 🚀
+    if: startsWith(github.ref, 'refs/tags/') && !contains(github.ref, 'rc')  # only publish to PyPI on final tag pushes
+    needs:
+      - build
+    runs-on: ubuntu-latest
+    environment:
+      name: pypi
+      url: https://pypi.org/p/fedbadges
+    permissions:
+      id-token: write  # IMPORTANT: mandatory for trusted publishing
+
+    steps:
+      - name: Download all the dists
+        uses: actions/download-artifact@v3
+        with:
+          name: python-package-distributions
+          path: dist/
+
+      - name: Publish distribution to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1
+
+
+  github-release:
+    name: Create a GitHub Release 📢
+    needs:
+      - publish-to-pypi
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write  # IMPORTANT: mandatory for making GitHub Releases
+      id-token: write  # IMPORTANT: mandatory for sigstore
+
+    steps:
+      - name: Download all the dists
+        uses: actions/download-artifact@v3
+        with:
+          name: python-package-distributions
+          path: dist/
+
+      - name: Sign the dists with Sigstore
+        uses: sigstore/[email protected]
+        with:
+          inputs: >-
+            ./dist/*.tar.gz
+            ./dist/*.whl
+
+      - name: Release
+        uses: softprops/action-gh-release@v2
+        with:
+          files: dist/*
+          fail_on_unmatched_files: true
+          generate_release_notes: true
+          # body: ${{ needs.build.outputs.release-notes }}
diff --git a/tox.ini b/tox.ini
@@ -1,5 +1,5 @@
 [tox]
-envlist = py310
+envlist = py310,py311,py312
 isolated_build = True
 
 [testenv]
@@ -19,13 +19,13 @@ commands =
     poetry run coverage xml
     poetry run coverage html
 
-[testenv:docs]
-changedir = docs
-allowlist_externals =
-    {[testenv]allowlist_externals}
-    mkdir
-    rm
-commands=
-    mkdir -p _static
-    rm -rf _build
-    poetry run sphinx-build -W -b html -d {envtmpdir}/doctrees .  _build/html
+# [testenv:docs]
+# changedir = docs
+# allowlist_externals =
+#     {[testenv]allowlist_externals}
+#     mkdir
+#     rm
+# commands=
+#     mkdir -p _static
+#     rm -rf _build
+#     poetry run sphinx-build -W -b html -d {envtmpdir}/doctrees .  _build/html