-
Notifications
You must be signed in to change notification settings - Fork 0
184 lines (158 loc) · 5.57 KB
/
pr_lint.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
name: PR Validation
on:
pull_request:
jobs:
validate-labels:
runs-on: ubuntu-latest
steps:
- name: Check labels
uses: actions/github-script@v7
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
# language=JavaScript
script: |
const {
data: pullRequest
} = await github.rest.pulls.get({
owner: context.repo.owner,
repo: context.repo.repo,
pull_number: context.issue.number
});
const labels = pullRequest.labels.map(label => label.name);
const invalidLabels = ['feature request', 'invalid', 'question'];
const hasInvalidLabel = labels.some(label => invalidLabels.includes(label));
if (labels.length === 0) {
core.setFailed('Pull request must have at least one label!');
}
if (hasInvalidLabel) {
core.setFailed('Pull request must have an invalid label: ' + invalidLabels.join(', '));
}
- name: Check assignees
uses: actions/github-script@v7
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
# language=JavaScript
script: |
const {
data: pullRequest
} = await github.rest.pulls.get({
owner: context.repo.owner,
repo: context.repo.repo,
pull_number: context.issue.number
});
if (pullRequest.assignees.length === 0) {
core.setFailed('Pull request must have an assignee');
}
- name: Check draft status
uses: actions/github-script@v7
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
# language=JavaScript
script: |
const {
data: pullRequest
} = await github.rest.pulls.get({
owner: context.repo.owner,
repo: context.repo.repo,
pull_number: context.issue.number
});
if (pullRequest.draft) {
core.setFailed('Pull request must not be a draft');
}
validate-code:
runs-on: ubuntu-latest
outputs:
version: ${{ steps.get_version.outputs.version }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Install poetry
run: pipx install poetry
- uses: actions/setup-python@v5
with:
python-version: '3.12'
cache: 'poetry'
- name: Install dependencies
run: poetry install
- name: Run Ruff
run: poetry run ruff check --output-format=github .
- name: Run pre-commit hooks
run: poetry run pre-commit run --all-files --show-diff-on-failure
- name: Get version from pyproject.toml
id: get_version
run: |
echo "version=$(poetry version -s)" >> $GITHUB_OUTPUT
validate-branch:
runs-on: ubuntu-latest
needs:
- validate-code
if: startsWith(github.head_ref, 'release/')
steps:
- name: Check branch name with version
run: |
# Extract the branch name from the GitHub context
branch_name=${{ github.head_ref }}
# Check if the branch name starts with "release/" and does not match the version
if [[ $branch_name == release/* && $branch_name != "release/${{ needs.validate-code.outputs.version }}" ]]; then
echo "Branch name does not match the version in pyproject.toml"
exit 1
fi
validate-docker-build:
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
packages: read
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
# - name: Login to Docker Hub
# uses: docker/login-action@v3
# with:
# username: ${{ secrets.DOCKERHUB_USERNAME }}
# password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@v5
with:
labels: |
org.opencontainers.image.revision=${{ github.sha }}
tags: |
type=sha,prefix=,suffix=,format=short
- name: Cache Docker layers
uses: actions/cache@v4
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-
- name: Build Docker image
uses: docker/build-push-action@v5
id: build-and-push
with:
context: .
push: false
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache
platforms: linux/amd64,linux/arm64,linux/arm/v7
- name: Docker Scout
uses: docker/scout-action@v1
with:
command: quickview,recommendations,compare,environment
image: ${{ steps.meta.outputs.tags }}
to-latest: true
github-token: ${{ secrets.GITHUB_TOKEN }}
dockerhub-user: ${{ secrets.DOCKERHUB_USERNAME }}
dockerhub-password: ${{ secrets.DOCKERHUB_TOKEN }}
registry-user: ${{ github.actor }}
registry-password: ${{ secrets.GITHUB_TOKEN }}