Publication workflow (#26)

Addition of workflows to publish to PyPI and GHCR.
wmo-im · Aug 22, 2024 · 1a11c73 · 1a11c73
1 parent 170e5f1
commit 1a11c73
Show file tree

Hide file tree

Showing 5 changed files with 111 additions and 15 deletions.
diff --git a/.github/workflows/publish-ghcr.yml b/.github/workflows/publish-ghcr.yml
@@ -0,0 +1,48 @@
+name: release
+
+on:
+  release:
+    types: [published]
+
+permissions:
+  contents: read
+  packages: write
+  issues: write
+  pull-requests: write
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  ghcr-build-and-publish:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+      # Uses the `docker/login-action` action to log in to the Container registry registry using the account and password that will publish the packages. Once published, the packages are scoped to the account defined here.
+      - name: Log in to the Container registry
+        uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      # This step uses [docker/metadata-action](https://github.com/docker/metadata-action#about) to extract tags and labels that will be applied to the specified image. The `id` "meta" allows the output of this step to be referenced in a subsequent step. The `images` value provides the base name for the tags and labels.
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+      # This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`. If the build succeeds, it pushes the image to GitHub Packages.
+      # It uses the `context` parameter to define the build's context as the set of files located in the specified path. For more information, see "[Usage](https://github.com/docker/build-push-action#usage)" in the README of the `docker/build-push-action` repository.
+      # It uses the `tags` and `labels` parameters to tag and label the image with the output from the "meta" step.
+      - name: Build and push Docker image
+        uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
+        with:
+          context: .
+          file: ./docker/Dockerfile
+          push: true
+          tags: |
+            ${{ steps.meta.outputs.tags }}
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
+          labels: ${{ steps.meta.outputs.labels }}
diff --git a/.github/workflows/publish-pypi.yml b/.github/workflows/publish-pypi.yml
@@ -0,0 +1,35 @@
+name: release
+
+on:
+  release:
+    types: [published]
+
+permissions:
+  contents: read
+  packages: write
+  issues: write
+  pull-requests: write
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+  TWINE_USERNAME: __token__
+  TWINE_PASSWORD: ${{ secrets.PYPI_PWD }}
+
+jobs:
+  pypi-build-dist-artefacts-and-publish:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Setup pyenv
+        run: |
+          python -m pip install build twine
+      - name: Build and publish
+        run: |
+          # build
+          echo "Building ..."
+          python -m build
+          # use twine
+          echo "Uploading ..."
+          twine upload dist/*
diff --git a/.github/workflows/test-docker.yml b/.github/workflows/test-docker.yml
@@ -18,6 +18,8 @@ jobs:
       - name: Build test environment
         working-directory: docker/tests
         run: |
+          DOCKER_GID="$(getent group docker | cut -d: -f3)"
+          export DOCKER_GID          
           # create user for wis2downloader
           sudo usermod -aG docker "$(whoami)"
           docker compose build  # build containers
@@ -78,4 +80,6 @@ jobs:
       - name: Shutdown
         working-directory: docker/tests
         run: |
+          DOCKER_GID="$(getent group docker | cut -d: -f3)"
+          export DOCKER_GID          
           docker compose down
diff --git a/docker/Dockerfile b/docker/Dockerfile
@@ -1,7 +1,7 @@
 FROM python:3.12-slim-bookworm
+ARG USER_ID=12135
 
 SHELL ["/bin/bash", "-c"]
-
 # default ENV / config
 ENV DOWNLOAD_BROKER_HOST "globalbroker.meteo.fr"
 ENV DOWNLOAD_BROKER_PORT 443
@@ -15,7 +15,7 @@ ENV DOWNLOAD_VALIDATE_TOPICS "false"
 ENV DOWNLOAD_WORKERS 8
 ENV LOG_PATH "/home/wis2downloader/app/logs"
 ENV WIS2DOWNLOADER_CONFIG "/home/wis2downloader/app/config/config.json"
-ENV USER_ID 12135
+
 
 # Update, upgrade packages and install / clean up
 RUN apt-get update && \
@@ -37,23 +37,32 @@ RUN python3.12 -m venv /home/wis2downloader/.venv && \
 
 # install python dependencies
 RUN source /home/wis2downloader/.venv/bin/activate && \
-    python -m pip install --no-cache-dir gunicorn==23.0.0 requests==2.32.3 && \
-    python -m pip install --no-cache-dir pyopenssl==24.2.1 --upgrade && \
-    python -m pip install --no-cache-dir wis2downloader==0.3.0 # git+https://github.com/wmo-im/wis2downloader@docker2
-
-# copy config and entrypoint to the Docker image
-COPY config/. /home/wis2downloader/app/config
-COPY entrypoint.sh /home/wis2downloader/app/entrypoint.sh
-COPY clean_downloads.cron /home/wis2downloader/app/clean_downloads.cron
-COPY clean_downloads.py /home/wis2downloader/app/clean_downloads.py
+    python -m pip install --no-cache-dir gunicorn==23.0.0 requests==2.32.3 build==1.2.1 && \
+    python -m pip install --no-cache-dir pyopenssl==24.2.1 --upgrade
 
 USER root
-RUN chown -R wis2downloader /home/wis2downloader/app && \
+# Now copy files
+COPY . /home/wis2downloader/tmp
+COPY ./docker/config/. /home/wis2downloader/app/config
+COPY ./docker/entrypoint.sh /home/wis2downloader/app/entrypoint.sh
+COPY ./docker/clean_downloads.cron /home/wis2downloader/app/clean_downloads.cron
+COPY ./docker/clean_downloads.py /home/wis2downloader/app/clean_downloads.py
+
+# set ownership / permisssions
+RUN chown -R wis2downloader /home/wis2downloader/tmp && \
+    chown -R wis2downloader /home/wis2downloader/app && \
     chmod +x /home/wis2downloader/app/entrypoint.sh && \
     chmod 600 /home/wis2downloader/app/clean_downloads.py && \
     chmod 600 /home/wis2downloader/app/clean_downloads.cron
 
 USER wis2downloader
+WORKDIR /home/wis2downloader/tmp
+RUN source /home/wis2downloader/.venv/bin/activate && \
+    python -m pip install --no-cache-dir .
+# clean up \
+WORKDIR /home/wis2downloader/
+RUN rm -R /home/wis2downloader/tmp
+
 # Set the working directory to /app
 WORKDIR /home/wis2downloader
 RUN crontab ./app/clean_downloads.cron

diff --git a/docker/tests/docker-compose.yml b/docker/tests/docker-compose.yml
@@ -20,8 +20,8 @@ services:
 
   subscriber:
       build:
-        context: ./../
-        dockerfile: Dockerfile
+        context: ./../../
+        dockerfile: ./docker/Dockerfile
       container_name: subscriber
       environment:
         DOWNLOAD_BROKER_HOST: "broker"
@@ -32,7 +32,7 @@ services:
         - "5000:5000"
       depends_on:
         - broker
-      user: 12135:$DOCKER_GID
+      user: "12135:$DOCKER_GID"
       volumes:
         - ./data:/home/wis2downloader/app/data/downloads:rw