Add example ci pipeline

This commit is contained in:
ted-cdw 2023-02-09 10:55:57 -05:00
parent 4ddb3f73ba
commit 82a6d535b6
4 changed files with 34 additions and 155 deletions

34
.github/workflows/flaskr-ci.yaml vendored Normal file
View file

@ -0,0 +1,34 @@
name: Build Flaskr App
on: [push]
jobs:
build:
runs-on: ubuntu-latest
# strategy:
# matrix:
# python-version: ["3.7", "3.8", "3.9", "3.10"]
steps:
- uses: actions/checkout@v3
- name: Set up Python 3.11
uses: actions/setup-python@v4
with:
python-version: '3.11.x'
architecture: 'x64'
- name: Install dependencies
run: |
python -c "import sys; print(sys.version)"
python -m pip install --upgrade pip
pip install flake8 pytest
if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
- name: Lint with flake8
run: |
# stop the build if there are Python syntax errors or undefined names
flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
# exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide
flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics
- name: Test with pytest
run: |
pytest

View file

@ -1,25 +0,0 @@
name: 'Lock threads'
# Lock closed issues that have not received any further activity for
# two weeks. This does not close open issues, only humans may do that.
# We find that it is easier to respond to new issues with fresh examples
# rather than continuing discussions on old issues.
on:
schedule:
- cron: '0 0 * * *'
permissions:
issues: write
pull-requests: write
concurrency:
group: lock
jobs:
lock:
runs-on: ubuntu-latest
steps:
- uses: dessant/lock-threads@c1b35aecc5cdb1a34539d14196df55838bb2f836
with:
issue-inactive-days: 14
pr-inactive-days: 14

View file

@ -1,72 +0,0 @@
name: Publish
on:
push:
tags:
- '*'
jobs:
build:
runs-on: ubuntu-latest
outputs:
hash: ${{ steps.hash.outputs.hash }}
steps:
- uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c
- uses: actions/setup-python@d27e3f3d7c64b4bbf8e4abfb9b63b83e846e0435
with:
python-version: '3.x'
cache: 'pip'
cache-dependency-path: 'requirements/*.txt'
- run: pip install -r requirements/build.txt
# Use the commit date instead of the current date during the build.
- run: echo "SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct)" >> $GITHUB_ENV
- run: python -m build
# Generate hashes used for provenance.
- name: generate hash
id: hash
run: cd dist && echo "hash=$(sha256sum * | base64 -w0)" >> $GITHUB_OUTPUT
- uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce
with:
path: ./dist
provenance:
needs: ['build']
permissions:
actions: read
id-token: write
contents: write
# Can't pin with hash due to how this workflow works.
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.4.0
with:
base64-subjects: ${{ needs.build.outputs.hash }}
create-release:
# Upload the sdist, wheels, and provenance to a GitHub release. They remain
# available as build artifacts for a while as well.
needs: ['provenance']
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
- name: create release
run: >
gh release create --draft --repo ${{ github.repository }}
${{ github.ref_name }}
*.intoto.jsonl/* artifact/*
env:
GH_TOKEN: ${{ github.token }}
publish-pypi:
needs: ['provenance']
# Wait for approval before attempting to upload to PyPI. This allows reviewing the
# files in the draft release.
environment: 'publish'
runs-on: ubuntu-latest
steps:
- uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
# Try uploading to Test PyPI first, in case something fails.
- uses: pypa/gh-action-pypi-publish@c7f29f7adef1a245bd91520e94867e5c6eedddcc
with:
password: ${{ secrets.TEST_PYPI_TOKEN }}
repository_url: https://test.pypi.org/legacy/
packages_dir: artifact/
- uses: pypa/gh-action-pypi-publish@c7f29f7adef1a245bd91520e94867e5c6eedddcc
with:
password: ${{ secrets.PYPI_TOKEN }}
packages_dir: artifact/

View file

@ -1,58 +0,0 @@
name: Tests
on:
push:
branches:
- main
- '*.x'
paths-ignore:
- 'docs/**'
- '*.md'
- '*.rst'
pull_request:
branches:
- main
- '*.x'
paths-ignore:
- 'docs/**'
- '*.md'
- '*.rst'
jobs:
tests:
name: ${{ matrix.name }}
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
include:
- {name: Linux, python: '3.11', os: ubuntu-latest, tox: py311}
- {name: Windows, python: '3.11', os: windows-latest, tox: py311}
- {name: Mac, python: '3.11', os: macos-latest, tox: py311}
- {name: '3.12-dev', python: '3.12-dev', os: ubuntu-latest, tox: py312}
- {name: '3.10', python: '3.10', os: ubuntu-latest, tox: py310}
- {name: '3.9', python: '3.9', os: ubuntu-latest, tox: py39}
- {name: '3.8', python: '3.8', os: ubuntu-latest, tox: py38}
- {name: '3.7', python: '3.7', os: ubuntu-latest, tox: py37}
- {name: 'PyPy', python: 'pypy-3.9', os: ubuntu-latest, tox: pypy39}
- {name: 'Pallets Minimum Versions', python: '3.11', os: ubuntu-latest, tox: py311-min}
- {name: 'Pallets Development Versions', python: '3.7', os: ubuntu-latest, tox: py37-dev}
- {name: Typing, python: '3.11', os: ubuntu-latest, tox: typing}
steps:
- uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c
- uses: actions/setup-python@d27e3f3d7c64b4bbf8e4abfb9b63b83e846e0435
with:
python-version: ${{ matrix.python }}
cache: 'pip'
cache-dependency-path: 'requirements/*.txt'
- name: update pip
run: |
pip install -U wheel
pip install -U setuptools
python -m pip install -U pip
- name: cache mypy
uses: actions/cache@627f0f41f6904a5b1efbaed9f96d9eb58e92e920
with:
path: ./.mypy_cache
key: mypy|${{ matrix.python }}|${{ hashFiles('pyproject.toml') }}
if: matrix.tox == 'typing'
- run: pip install tox
- run: tox run -e ${{ matrix.tox }}