-
Notifications
You must be signed in to change notification settings - Fork 6
218 lines (209 loc) · 8.19 KB
/
ci-cd.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
# This workflows will upload a Python Package using Twine when a release is created
# For more information see: https://help.github.com/en/actions/language-and-framework-guides/using-python-with-github-actions#publishing-to-package-registries
name: CI/CD
on:
push:
branches: [ main, develop ]
tags: [ '*' ]
pull_request:
branches: [ main, develop ]
release:
types: [published]
workflow_dispatch: # Allow manual triggering by a user with write access to this repo
defaults:
run:
shell: bash
env:
PYPI_URL: https://pypi.org/simple
jobs:
build-docs:
runs-on: ubuntu-20.04
steps:
- name: Checkout repository
uses: actions/checkout@v2
with:
submodules: recursive # Fetch Hugo themes (true OR recursive)
fetch-depth: 1 # Fetch all history for .GitInfo and .Lastmod
# TODO: Need a unique key we can pass, but as we're targeting
# arcana@master, this is not trivial.
#
# - name: Cache dependencies
# uses: actions/cache@v1
# with:
# path: ~/.local/lib
# key: ${{ runner.os }}-python-${{ hashFiles('**/package-lock.json') }}
# restore-keys: |
# ${{ runner.os }}-python-
- name: Setup Python
uses: actions/setup-python@v2
with:
python-version: '3.11' # Version range or exact version of a Python version to use, using SemVer'
- name: Install python dependencies
run: pip install -r ./requirements.txt
- name: Generate pipeline docs
run: arcana deploy make-docs specs/australian-imaging-service-community docs/pipelines --flatten --default-data-space arcana.common:Clinical
- uses: actions/upload-artifact@v3
with:
name: built-docs
path: docs/build/html
python:
needs: ["build-docs"]
strategy:
matrix:
subpackage:
- au.edu.sydney.sydneyimaging
fail-fast: false
runs-on: ubuntu-latest
defaults:
run:
shell: bash -l {0}
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Unset header
# checkout@v2 adds a header that makes branch protection report errors
# because the Github action bot is not a collaborator on the repo
run: git config --local --unset http.https://github.com/.extraheader
- name: Fetch tags
run: git fetch --prune --unshallow
- name: Disable etelemetry
run: echo "NO_ET=TRUE" >> $GITHUB_ENV
- name: Set up Python
uses: actions/setup-python@v2
with:
python-version: "3.12"
- name: Update build tools
run: python3 -m pip install --upgrade pip
- name: Install Package
run: python3 -m pip install -e ./src/${{ matrix.subpackage }}[test]
- name: Pytest
run: >
pytest -vvs --cov australianimagingservice.community.${{ matrix.subpackage }}
--cov-config .coveragerc --cov-report xml ./src/${{ matrix.subpackage }}
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v2
with:
fail_ci_if_error: true
token: ${{ secrets.CODECOV_TOKEN }}
- name: Install build tools
run: python3 -m pip install build twine
- name: Build source and wheel distributions
run: python3 -m build ./src/${{ matrix.subpackage }}
- name: Check distributions
run: twine check ./src/${{ matrix.subpackage }}/dist/*
- name: Extract package name and versions
run: |
PKG=$(ls ./src/${{ matrix.subpackage }}/dist | grep -e '.tar.gz')
PKG=${PKG%.tar.gz}
echo "PKG_NAME=${PKG%%-*}" >> $GITHUB_ENV
echo "PKG_VERSION=${PKG##*-}" >> $GITHUB_ENV
echo "PYPI_VERSION=$(curl -s "${PYPI_URL}/${PKG_NAME}/" | grep -oP "${PKG_NAME}-\K[0-9]+\.[0-9]+\.[0-9]+(?=\.tar\.gz)" | sort -V | tail -n 1)" >> $GITHUB_ENV
- name: Check for PyPI token on tag
id: deployable
if: github.event_name == 'release'
env:
PYPI_API_TOKEN: "${{ secrets.PYPI_API_TOKEN }}"
run: if [ -n "$PYPI_API_TOKEN" ] && [ "$PKG_VERSION" != "$PYPI_VERSION" ]; then echo "DEPLOY=true" >> $GITHUB_OUTPUT; fi
- name: Upload to PyPI
if: steps.deployable.outputs.DEPLOY
uses: pypa/gh-action-pypi-publish@release/v1
with:
user: __token__
password: ${{ secrets.PYPI_API_TOKEN }}
- name: Wait for package to mirror
if: steps.deployable.outputs.DEPLOY
run: |
MAX_ATTEMPTS=60 # Adjust the maximum number of attempts as needed
SLEEP_INTERVAL=5 # Adjust the sleep interval (in seconds) as needed
for ((attempt = 1; attempt <= MAX_ATTEMPTS; attempt++)); do
LATEST_VERSION=$(curl -s "${PYPI_URL}/${PKG_NAME}/" | grep -oP "${PKG_NAME}-\K[0-9]+\.[0-9]+\.[0-9]+(?=\.tar\.gz)" | sort -V | tail -n 1)
if [ "$PKG_VERSION" == "$LATEST_VERSION" ]; then
echo "Updated package version ${PKG_VERSION} is now available on PyPI. Exiting..."
exit 0
else
echo "Package version ${PKG_VERSION} not yet available on PyPI (latest found = $LATEST_VERSION). Waiting..."
sleep $SLEEP_INTERVAL
fi
done
echo "Timeout reached. Exiting..."
exit 1
pipelines:
needs: [python]
runs-on: ubuntu-latest
steps:
- name: Remove unnecessary tools to free space
run: |
sudo rm -rf /usr/share/dotnet
sudo rm -rf "$AGENT_TOOLSDIRECTORY"
- name: Checkout
uses: actions/checkout@v2
- name: Get release tag
run: |
git fetch --prune --unshallow
echo "VERSION=`echo $(git describe --tags --abbrev=0)`" >> $GITHUB_ENV
- name: Unset header
# checkout@v2 adds a header that makes branch protection report errors
# because the Github action bot is not a collaborator on the repo
run: git config --local --unset http.https://github.com/.extraheader
- name: Set up Python
uses: actions/setup-python@v2
with:
python-version: '3.11'
- name: Update build tools
run: python -m pip install --upgrade pip
- name: Install dependencies
run: pip install -r requirements.txt
- uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }} # - must be in GitHub Secrets!
- name: Check for tagged release
if: github.event_name == 'release'
run: echo "RELEASE=1" >> $GITHUB_ENV
- name: Build and push container images
run: |
if [ -z "$RELEASE" ]; then
OPTIONS=--push
else
OPTIONS=--use-local-packages
pip install -e ./src
fi
arcana deploy make-app specs/australian-imaging-service-community xnat:XnatApp \
--registry ghcr.io --check-registry --clean-up --tag-latest --loglevel info \
--release pipelines-community-metapackage $VERSION $OPTIONS
deploy-docs:
needs: [build-docs, pipelines]
runs-on: ubuntu-latest
steps:
- name: Download built docs
uses: actions/download-artifact@v3
with:
name: built-docs
path: docs/build/html
- name: Remove /docs/pipelines/ from .gitignore
run: sed -i 's%^/docs/pipelines/\*$%%' .gitignore
- name: Check for GHPAGES_DEPLOY_KEY token on tag
id: deployable
if: github.event_name == 'release'
env:
GHPAGES_DEPLOY_KEY: "${{ secrets.GHPAGES_DEPLOY_KEY }}"
run: if [ -n "$GHPAGES_DEPLOY_KEY" ]; then echo "DEPLOY=true" >> $GITHUB_OUTPUT; fi
- name: Deploy docs
uses: peaceiris/actions-gh-pages@v3
if: steps.deployable.outputs.DEPLOY
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
publish_dir: .
publish_branch: docs
enable_jekyll: true # This branch isn't actually fed to GH pages
# It's possible, likely even, that we'll trigger unnecessary docs
# rebuilds with this. Running this properly as a separate workflow
# only when real docs changes occur would require using a PAT.
- name: Trigger rebuild of docs
uses: peter-evans/repository-dispatch@v1
if: steps.deployable.outputs.DEPLOY
with:
token: ${{ secrets.GITHUBPAGES_KEY }}
repository: Australian-Imaging-Service/Australian-Imaging-Service.github.io
event-type: Rebuild docs