This repository has been archived by the owner on Oct 26, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
149 lines (131 loc) · 4.87 KB
/
test.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
name: Test
on:
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
paths-ignore:
- "research/**"
- "**.ipynb"
- "**.md"
push:
branches:
- main
paths-ignore:
- "research/**"
- "**.ipynb"
- "**.md"
permissions:
id-token: write
contents: read
jobs:
lint:
if: github.event.pull_request.draft == false
timeout-minutes: 15
name: Lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Install pre-commit
run: pipx install pre-commit
- name: set PY
run: echo "PY=$(python -VV | sha256sum | cut -d' ' -f1)" >> $GITHUB_ENV
- name: Cache pre-commit
uses: actions/cache@v3
with:
path: ~/.cache/pre-commit
key: pre-commit|${{ env.PY }}|${{ hashFiles('.pre-commit-config.yaml') }}
id: precommitcache
# The hooks will be installed automatically when pre-commit run is
# called. But it's nice to do it separately for more visibility in the
# GitHub interface into where a failure happens and how long each step
# takes.
- name: Install pre-commit hooks
run: pre-commit install --install-hooks
- name: Run all pre-commit checks on all files
run: pre-commit run --color=always -a
if: github.ref == 'refs/heads/main'
test:
if: github.event.pull_request.draft == false
timeout-minutes: 15
strategy:
fail-fast: false
matrix:
os: ["ubuntu-latest"]
python-version: ["3.10"]
name: Test (${{ matrix.python-version }}, ${{ matrix.os }})
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v3
- name: Install poetry
run: pipx install poetry
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v4
with:
python-version: ${{ matrix.python-version }}
cache: 'poetry'
- name: Update environment
run: |
poetry env use ${{ matrix.python-version }} && poetry install --with=test,cloud
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: arn:aws:iam::644171722153:role/GitHubActionsRole
aws-region: us-east-1
- name: Sops Binary Installer
uses: mdgreenwald/mozilla-sops-action@v1.4.1
with:
version: 'latest'
- name: Pytest
run: |
sops -d --output .env test_secrets.enc.env
poetry run pytest -n auto -s
push_to_imprint:
# See docs/git_subrepo.md for further details on this stuff.
# See docs/git_subrepo.md for further details on this stuff.
# See docs/git_subrepo.md for further details on this stuff.
#
# comment out the if statement when you need to debug this! then you don't
# need to merge to main to trigger the workflow. also can be nice to
# comments out the "needs"
if: github.ref == 'refs/heads/main'
needs: [test, lint]
runs-on: ubuntu-latest
name: Synchronize with imprint
# A couple actions that helped me to write this:
# https://github.com/NxtLvLSoftware/git-subtree-action
# https://github.com/paygoc6/action-pull-request-another-repo
steps:
# NOTE: This step is unnecessary for running on the main branch. But when
# debugging, it's nice to run in a PR, so I've left it here. You'll also
# need to uncomment the `ref:` line below in actions/checkout
# - name: Extract branch name
# shell: bash
# run: echo "##[set-output name=branch;]$(echo ${GITHUB_HEAD_REF#refs/heads/})"
# id: extract_branch
- name: Install subrepo
run: |
git clone https://github.com/ingydotnet/git-subrepo ~/git-subrepo
- name: Setup bot git user
run: |
git config --global user.email "research@confirmsol.org"
git config --global user.name "SubrepoBot"
- uses: actions/checkout@v3
with:
fetch-depth: 0
# ref: ${{ steps.extract_branch.outputs.branch }}
# Important!! We need to replace the default token in order to also
# access the imprint github repo.
# https://github.com/actions/checkout/blob/b4626ce19ce1106186ddf9bb20e706842f11a7c3/adrs/0153-checkout-v2.md#persist-credentials
# key phrase "If users want to authenticate to an additional private remote, they should provide the token input."
token: ${{ secrets.SUBREPO_BOT_TOKEN }}
- name: Push to imprint
run: |
source ~/git-subrepo/.rc
git pull
git subrepo push imprint \
--branch main \
--squash \
--debug \
--verbose \
--message "Push from Confirm" \
--remote https://github.com/Confirm-Solutions/imprint.git
git push