-
Notifications
You must be signed in to change notification settings - Fork 8
209 lines (174 loc) · 6 KB
/
ci.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
name: CI
"on":
merge_group: {}
pull_request: {}
push:
branches-ignore:
# These should always correspond to pull requests, so ignore them for
# the push trigger and let them be triggered by the pull_request
# trigger, avoiding running the workflow twice. This is a minor
# optimization so there's no need to ensure this is comprehensive.
- "dependabot/**"
- "gh-readonly-queue/**"
- "renovate/**"
- "tickets/**"
- "u/**"
tags:
- "*"
jobs:
ui:
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- uses: actions/checkout@v4
- name: Set up Node
uses: actions/setup-node@v3
with:
node-version-file: .nvmrc
cache: npm
cache-dependency-path: ui/package-lock.json
- name: Read .nvmrc
id: node_version
run: echo NODE_VERSION="$(cat .nvmrc)" >> $GITHUB_OUTPUT
# First try to restore the fully-installed node modules. If that
# works (no changes to the JavaScript layer), skip npm i and
# restoring the cache of downloaded modules. If that fails, restore
# the cache of the downloaded modules and then run npm
# clean-install.
- name: Cache installed Node modules
uses: actions/cache@v3
id: node-cache
with:
path: ./ui/node_modules
key: node-${{ steps.node_version.outputs.NODE_VERSION }}-${{ hashFiles('**/package-lock.json') }}
# --legacy-peer-deps is currently required because react-aria-modal
# hasn't been updated for the latest React.
- name: Install Node dependencies
run: npm ci --legacy-peer-deps
if: steps.node-cache.outputs.cache-hit != 'true'
working-directory: ./ui
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: "3.11"
# This has to happen after installing Node modules because we run
# eslint and it wants react to be already installed. We therefore
# do all the linting here instead of during the test job.
- name: Run pre-commit
uses: pre-commit/[email protected]
- name: Build the UI
run: npm run build
working-directory: ./ui
# Cache the built web UI in a build artifact so that it can be used
# by both the test job and the docker job. We only use this
# artifact internally in this workflow, so only keep it for a day,
# not the full 90 day default.
- name: Cache UI artifact
uses: actions/upload-artifact@v3
with:
name: ui
path: ui/public
retention-days: 1
test:
runs-on: ubuntu-latest
needs: [ui]
timeout-minutes: 15
strategy:
matrix:
python:
- "3.11"
steps:
- uses: actions/checkout@v4
# Reuse the built UI from the ui job.
- name: Restore UI artifact
uses: actions/download-artifact@v3
with:
name: ui
path: ui/public
- name: Update package lists
run: sudo apt-get update
- name: Install extra packages
run: sudo apt install -y libpq-dev libldap2-dev libsasl2-dev
- name: Set up Minikube
uses: medyagh/[email protected]
with:
kubernetes-version: "v1.27.3"
- uses: lsst-sqre/run-tox@v1
with:
python-version: ${{ matrix.python }}
tox-envs: "typing,py-full,coverage-report"
tox-plugins: tox-docker
cache-key-prefix: test
docs:
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- uses: actions/checkout@v4
with:
# Ensure the documentation gets the right version.
fetch-depth: 0
- name: Update package lists
run: sudo apt-get update
- name: Install extra packages
run: sudo apt install -y graphviz libpq-dev libldap2-dev libsasl2-dev
- uses: lsst-sqre/run-tox@v1
with:
python-version: "3.11"
tox-envs: "docs"
cache-key-prefix: "docs"
# Only attempt documentation uploads for long-lived branches, tagged
# releases, and pull requests from ticket branches. This avoids version
# clutter in the docs and failures when a PR doesn't have access to
# secrets.
- uses: lsst-sqre/ltd-upload@v1
with:
project: gafaelfawr
dir: "docs/_build/html"
username: ${{ secrets.LTD_USERNAME }}
password: ${{ secrets.LTD_PASSWORD }}
if: >
github.event_name != 'merge_group'
&& (github.event_name != 'pull_request'
|| startsWith(github.head_ref, 'tickets/'))
linkcheck:
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- uses: actions/checkout@v4
- name: Update package lists
run: sudo apt-get update
- name: Install extra packages
run: sudo apt install -y graphviz libpq-dev libldap2-dev libsasl2-dev
- name: Check links
uses: lsst-sqre/run-tox@v1
with:
python-version: "3.11"
tox-envs: "docs-linkcheck"
build:
runs-on: ubuntu-latest
needs: [test]
timeout-minutes: 10
# Only do Docker builds of tagged releases and pull requests from ticket
# branches. This will still trigger on pull requests from untrusted
# repositories whose branch names match our tickets/* branch convention,
# but in this case the build will fail with an error since the secret
# won't be set.
if: >
github.event_name != 'merge_group'
&& (startsWith(github.ref, 'refs/tags/')
|| startsWith(github.head_ref, 'tickets/'))
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
# Reuse the built UI from the ui job.
- name: Restore UI artifact
uses: actions/download-artifact@v3
with:
name: ui
path: ui/public
- uses: lsst-sqre/build-and-push-to-ghcr@v1
id: build
with:
image: ${{ github.repository }}
github_token: ${{ secrets.GITHUB_TOKEN }}