chore: small ci refinements #57
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build Docker and Push Python Package | |
on: | |
push: | |
branches: | |
- main | |
jobs: | |
build-and-push: | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write | |
id-token: write | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v3 # Update to v3 | |
with: | |
fetch-depth: 0 # Fetch all history and tags | |
- name: Fetch all branches | |
run: | | |
git fetch --all | |
git fetch --tags | |
- name: Set up Python | |
uses: actions/setup-python@v2 | |
with: | |
python-version: "3.x" | |
- name: Install dependencies | |
run: | | |
python -m pip install --upgrade pip | |
pip install setuptools wheel twine bumpversion | |
- name: Check for package changes | |
run: | | |
if [ "${{ github.event_name }}" = "pull_request" ]; then | |
# Fetch base branch to compare with PR branch | |
git fetch origin ${{ github.base_ref }}:${{ github.base_ref }} | |
CHANGED_FILES=$(git diff --name-only ${{ github.base_ref }}...HEAD) | |
else | |
# Compare current commit with the previous commit | |
CHANGED_FILES=$(git diff --name-only HEAD^ HEAD) | |
fi | |
echo "Changed files: $CHANGED_FILES" | |
if echo "$CHANGED_FILES" | grep -qE '(tools/|contract_bootloader/|compiled_contracts/|setup.py|requirements.txt|setup.sh|environment.dockerfile)'; then | |
echo "CHANGES_DETECTED=true" >> $GITHUB_ENV | |
else | |
echo "CHANGES_DETECTED=false" >> $GITHUB_ENV | |
fi | |
echo "Changes detected: $CHANGES_DETECTED" | |
- name: Log in to Docker Hub | |
if: env.CHANGES_DETECTED == 'true' && github.event_name == 'push' && github.ref == 'refs/heads/main' | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Create remote builder certificates | |
if: env.CHANGES_DETECTED == 'true' && github.event_name == 'push' && github.ref == 'refs/heads/main' | |
run: | | |
echo "${{ secrets.BUILDKIT_CA_PEM }}" > ${{ github.workspace }}/client-ca.pem | |
echo "${{ secrets.BUILDKIT_CERT_PEM }}" > ${{ github.workspace }}/client-cert.pem | |
echo "${{ secrets.BUILDKIT_KEY_PEM }}" > ${{ github.workspace }}/client-key.pem | |
- name: Set up Docker Buildx | |
if: env.CHANGES_DETECTED == 'true' && github.event_name == 'push' && github.ref == 'refs/heads/main' | |
uses: docker/setup-buildx-action@v3 | |
with: | |
driver: remote | |
endpoint: "tcp://buildkit.herodotus.dev:5000" | |
driver-opts: | | |
cacert=${{ github.workspace }}/client-ca.pem | |
cert=${{ github.workspace }}/client-cert.pem | |
key=${{ github.workspace }}/client-key.pem | |
cleanup: true | |
- name: Bump version | |
if: env.CHANGES_DETECTED == 'true' && github.event_name == 'push' && github.ref == 'refs/heads/main' | |
run: | | |
git config --local user.email "action@github.com" | |
git config --local user.name "GitHub Action" | |
bumpversion patch --allow-dirty | |
NEW_VERSION=$(python setup.py --version) | |
echo "NEW_VERSION=$NEW_VERSION" >> $GITHUB_ENV | |
git push origin "v${NEW_VERSION}" # Push only the new tag | |
git push | |
- name: Build and push Docker image | |
if: env.CHANGES_DETECTED == 'true' && github.event_name == 'push' && github.ref == 'refs/heads/main' | |
uses: docker/build-push-action@v5 | |
with: | |
file: environment.dockerfile | |
tags: | | |
dataprocessor/hdp-cairo:latest | |
dataprocessor/hdp-cairo:v${{ env.NEW_VERSION }} | |
platforms: linux/amd64,linux/arm64 | |
push: true | |
context: https://github.com/HerodotusDev/hdp-cairo.git#main | |
- name: Debug output | |
run: | | |
echo "Event name: ${{ github.event_name }}" | |
echo "GitHub ref: ${{ github.ref }}" | |
echo "Changes detected: ${{ env.CHANGES_DETECTED }}" | |
- name: Build Python package | |
if: env.CHANGES_DETECTED == 'true' | |
run: | | |
python setup.py sdist bdist_wheel | |
- name: Check PyPI package (dry run) | |
if: env.CHANGES_DETECTED == 'true' | |
run: | | |
twine check dist/* | |
echo "Package check completed. In a real publish, the package would be uploaded to PyPI." | |
- name: Publish package to PyPI | |
if: env.CHANGES_DETECTED == 'true' && github.event_name == 'push' && github.ref == 'refs/heads/main' | |
uses: pypa/gh-action-pypi-publish@release/v1 | |
with: | |
password: ${{ secrets.PYPI_API_TOKEN }} |