improve devcontainer #5246
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI/CD | |
on: | |
pull_request: # any pull request | |
push: | |
branches: | |
- master | |
defaults: | |
run: | |
shell: bash | |
env: | |
AWS_DEFAULT_OUTPUT: json | |
AWS_DEFAULT_REGION: us-east-1 | |
AWS_MAX_ATTEMPTS: 20 # retry attempts for AWS API calls | |
AWS_RETRY_MODE: adaptive # defaults to "legacy"; this handles more errors | |
NODE_VERSION: '20' | |
PYTEST_ADDOPTS: --color=yes | |
RUNWAY_TEST_NAMESPACE: gh-${{ github.run_id }} | |
PIPENV_IGNORE_VIRTUALENVS: '1' | |
jobs: | |
changes: | |
runs-on: ubuntu-latest | |
outputs: | |
infra-test: ${{ steps.filter.outputs.infrastructure-test }} | |
infra-test-alt: ${{ steps.filter.outputs.infrastructure-test-alt }} | |
steps: | |
- name: ⤵️ Check out code from GitHub | |
uses: actions/checkout@v4 # not needed for pull_request | |
if: | | |
github.event_name == 'push' | |
- uses: dorny/paths-filter@v3 # cspell:ignore dorny | |
id: filter | |
with: | |
filters: | | |
infrastructure-test: | |
- 'infrastructure/blueprints/admin_user.py' | |
- 'infrastructure/blueprints/cfngin_bucket.py' | |
- 'infrastructure/blueprints/prevent_privilege_escalation.py' | |
- 'infrastructure/blueprints/test_runner_boundary.py' | |
- 'infrastructure/blueprints/test_runner_user.py' | |
- 'infrastructure/test/common/**' | |
infrastructure-test-alt: | |
- 'infrastructure/blueprints/admin_role.py' | |
- 'infrastructure/blueprints/cfngin_bucket.py' | |
- 'infrastructure/blueprints/prevent_privilege_escalation.py' | |
- 'infrastructure/blueprints/test_runner_boundary.py' | |
- 'infrastructure/test-alt/common/**' | |
info: | |
name: Output useful information | |
runs-on: ubuntu-latest | |
outputs: | |
is-actor-bot: ${{ steps.gh-context.outputs.is-actor-bot }} # if the actor (user) is a bot | |
is-fork: ${{ steps.gh-context.outputs.is-fork }} # if the action is running in or from (PR) a fork | |
repo-head: ${{ steps.gh-context.outputs.repo-head }} # repo where change occurred | |
repo-origin: ${{ steps.gh-context.outputs.repo-origin }} # origin of codebase | |
steps: | |
- name: ℹ️ Output GitHub Context | |
id: gh-context | |
run: | | |
export _REPO_ORIGIN="rackspace/runway"; | |
echo "repo-origin=${_REPO_ORIGIN}" >> "${GITHUB_OUTPUT}"; | |
export _REPO_HEAD="${{ github.event.pull_request.head.repo.full_name || github.repository }}"; | |
echo "repo-head=${_REPO_HEAD}" >> "${GITHUB_OUTPUT}"; | |
if [[ "${_REPO_HEAD}" == "${_REPO_ORIGIN}" ]]; then | |
echo "is-fork=false" >> "${GITHUB_OUTPUT}"; | |
else | |
echo "is-fork=true" >> "${GITHUB_OUTPUT}"; | |
fi; | |
if [[ ${{ github.actor }} == *"[bot]" ]]; then | |
echo "is-actor-bot=true" >> "${GITHUB_OUTPUT}"; | |
else | |
echo "is-actor-bot=false" >> "${GITHUB_OUTPUT}"; | |
fi; | |
deploy-test-infrastructure: | |
name: Deploy Test Infrastructure | |
environment: test | |
concurrency: test-infrastructure | |
needs: | |
- changes | |
- info | |
if: | | |
needs.info.outputs.is-fork == 'false' && | |
(needs.changes.outputs.infra-test == 'true' || needs.changes.outputs.infra-test-alt == 'true') | |
runs-on: ubuntu-latest | |
steps: | |
- name: ⤵️ Check out code from GitHub | |
uses: actions/checkout@v4 | |
- name: 🏗 Setup Python | |
uses: finleyfamily/action-setup-python@v1.0.0 | |
with: | |
poetry-plugins: poetry-dynamic-versioning[plugin] | |
- name: 🏗 Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-access-key-id: ${{ secrets.DEPLOY_AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.DEPLOY_AWS_SECRET_ACCESS_KEY }} | |
aws-region: us-east-1 | |
- name: 🚀 Deploy to the test environment | |
run: make deploy test | |
working-directory: infrastructure | |
- name: 🚀 Deploy to the test-alt environment | |
run: make deploy test-alt | |
working-directory: infrastructure | |
lint-python: | |
name: Lint Python | |
strategy: | |
fail-fast: false | |
matrix: | |
python-version: [3.9, '3.10', '3.11'] | |
os: [ubuntu-latest, windows-latest] | |
runs-on: ${{ matrix.os }} | |
env: | |
# populating AWS creds with fake values | |
AWS_ACCESS_KEY_ID: test | |
AWS_SECRET_ACCESS_KEY: test | |
steps: | |
- name: ⤵️ Check out code from GitHub | |
uses: actions/checkout@v4 | |
- name: 🏗 Setup Node | |
uses: actions/setup-node@v4 | |
with: | |
cache: npm | |
node-version: ${{ env.NODE_VERSION }} | |
- name: 🏗 Setup Python | |
uses: finleyfamily/action-setup-python@v1.0.0 | |
with: | |
poetry-plugins: poetry-dynamic-versioning[plugin] | |
python-version: ${{ matrix.python-version }} | |
- name: ⤵️ Install Node Dependencies | |
run: make setup-npm | |
- name: 🚀 Run Linters | |
run: make lint | |
test-functional: | |
name: Functional Tests | |
needs: | |
- deploy-test-infrastructure | |
- info | |
if: | | |
always() && | |
needs.info.outputs.is-fork == 'false' && | |
needs.info.outputs.is-actor-bot == 'false' && | |
(needs.deploy-test-infrastructure.result == 'success' || needs.deploy-test-infrastructure.result == 'skipped') | |
runs-on: ubuntu-latest | |
steps: | |
- name: ⤵️ Check out code from GitHub | |
uses: actions/checkout@v4 | |
- name: 🏗 Setup Node | |
uses: actions/setup-node@v4 | |
with: | |
cache: npm | |
node-version: ${{ env.NODE_VERSION }} | |
- name: 🏗 Setup Python | |
uses: finleyfamily/action-setup-python@v1.0.0 | |
with: | |
poetry-plugins: poetry-dynamic-versioning[plugin] | |
python-version: '3.10' | |
- name: ⤵️ Install Ubuntu Dependencies | |
run: | | |
sudo apt update -y | |
sudo apt install -y default-libmysqlclient-dev libxml2-dev libxmlsec1-dev libxmlsec1-openssl pkg-config | |
- name: 🏗 Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-access-key-id: ${{ secrets.TEST_RUNNER_AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.TEST_RUNNER_AWS_SECRET_ACCESS_KEY }} | |
aws-region: us-east-1 | |
- name: 🚀 Run Tests | |
run: make test-functional | |
test-python: | |
name: Test Python | |
strategy: | |
fail-fast: false | |
matrix: | |
python-version: [3.9, '3.10', '3.11'] | |
os: [ubuntu-latest, windows-latest] | |
runs-on: ${{ matrix.os }} | |
env: | |
# populating AWS creds with fake values | |
AWS_ACCESS_KEY_ID: test | |
AWS_SECRET_ACCESS_KEY: test | |
steps: | |
- name: ⤵️ Check out code from GitHub (complete) | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: 🏗 Setup Node | |
uses: actions/setup-node@v4 | |
with: | |
cache: npm | |
node-version: ${{ env.NODE_VERSION }} | |
- name: 🏗 Setup Python | |
uses: finleyfamily/action-setup-python@v1.0.0 | |
with: | |
poetry-plugins: poetry-dynamic-versioning[plugin] | |
python-version: ${{ matrix.python-version }} | |
- name: ⤵️ Install Node Dependencies | |
run: make setup-npm | |
- name: 🏗 Configure Pagefile # avoid MemoryError during tests | |
if: runner.os == 'Windows' | |
uses: al-cheb/configure-pagefile-action@v1.4 # cspell:ignore cheb | |
with: | |
minimum-size: 16GB | |
maximum-size: 16GB | |
disk-root: 'C:' | |
- name: 🚀 Run Integration & Unit Tests | |
# assertions assume linux so some fail when run on windows | |
run: make test cov-xml | |
- name: ⤴️ Upload to Codecov | |
uses: codecov/codecov-action@v4.5.0 | |
with: | |
token: ${{ secrets.CODECOV_TOKEN }} | |
fail_ci_if_error: true | |
build-pypi: | |
name: Build PyPi 📦 | |
runs-on: ubuntu-latest | |
steps: | |
- name: ⤵️ Check out code from GitHub (complete) | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: 🏗 Setup Python | |
uses: finleyfamily/action-setup-python@v1.0.0 | |
with: | |
poetry-install: false | |
poetry-plugins: poetry-dynamic-versioning[plugin] | |
# Remove apt repos that are known to break from time to time | |
# See https://github.com/actions/virtual-environments/issues/323 | |
- name: Remove broken apt repos (ubuntu) | |
run: | | |
for apt_file in `grep -lr microsoft /etc/apt/sources.list.d/`; do sudo rm $apt_file; done | |
- name: ⤵️ Install Dependencies (ubuntu) | |
run: sudo apt-get update && sudo apt-get install sed -y | |
- name: 👷 Build | |
run: make build | |
- name: ⤴️ Upload distribution artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: pypi-dist | |
path: dist |