Skip to content

Use fedora:41 as base image for the execution environment (#484) #1831

Use fedora:41 as base image for the execution environment (#484)

Use fedora:41 as base image for the execution environment (#484) #1831

Workflow file for this run

---
name: tox
on:
push:
branches:
- "main"
pull_request:
branches:
- "main"
release:
types: [published]
schedule:
- cron: "0 0 * * *"
workflow_call:
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${ github.event_name }-${{ github.event.pull_request.number || github.sha }}
cancel-in-progress: ${{ startsWith(github.ref, 'refs/pull/') }}
permissions:
checks: read
packages: write # tox/devspaces, tox/ee, publish-* jobs
pull-requests: write # tox/check jobs
contents: write # push job to update release notes
id-token: write # tox/check job
jobs:
tox:
uses: ansible/team-devtools/.github/workflows/tox.yml@main
with:
run_pre: ./tools/test-setup.sh
max_python: "3.13"
default_python: "3.11" # min version, for 'lint' in particular
jobs_producing_coverage: 8
other_names_also: |
devspaces
ee-amd64:tox -e ee:runner=devtools-multiarch-builder
ee-arm64:tox -e ee:runner=ubuntu-24.04-arm64-2core
secrets: inherit # needed for logging to the ghcr.io registry
codeql:
name: codeql
runs-on: ubuntu-24.04
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
language: ["python"]
steps:
- name: Checkout repository
uses: actions/checkout@v4
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.
# Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
# queries: security-extended,security-and-quality
- name: Autobuild
uses: github/codeql-action/autobuild@v3
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
category: "/language:${{matrix.language}}"
publish-ee:
# environment: release # approval
runs-on: ubuntu-24.04
needs:
- tox
# if: github.ref == 'refs/heads/main'
# github.event_name == 'release' && github.event.action == 'published'
steps:
- name: Check out repository
uses: actions/checkout@v4
- name: pull-merge-push for the the two arch images under a single manifest
env:
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
run: ./tools/ee.sh --publish "${{ github.event.release.tag_name || github.sha }}" "${{ (github.event_name == 'release' && github.event.action == 'published') || '--dry' }}"
publish-devspaces:
runs-on: ubuntu-24.04
needs:
- codeql
- tox
if: github.ref == 'refs/heads/main' || (github.event_name == 'release' && github.event.action == 'published')
steps:
- name: Push image to ghcr.io as ansible-devspaces-tmp:${GITHUB_SHA}
run: |
echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u "$GITHUB_ACTOR" --password-stdin
docker pull "ghcr.io/ansible/ansible-devspaces-tmp:${GITHUB_SHA}"
docker tag "ghcr.io/ansible/ansible-devspaces-tmp:${GITHUB_SHA}" "ghcr.io/ansible/ansible-devspaces:${GITHUB_SHA}"
- name: Push image to ghcr.io as ${{ github.event.release.tag_name }}
if: github.event_name == 'release' && github.event.action == 'published'
run: |
docker tag "ghcr.io/ansible/ansible-devspaces:${GITHUB_SHA}" "ghcr.io/ansible/ansible-devspaces:${{ github.event.release.tag_name }}"
docker tag "ghcr.io/ansible/ansible-devspaces:${GITHUB_SHA}" "ghcr.io/ansible/ansible-devspaces:latest"
docker push "ghcr.io/ansible/ansible-devspaces:${{ github.event.release.tag_name }}"
docker push "ghcr.io/ansible/ansible-devspaces:latest"
publish-wheel:
needs:
- codeql
- tox
if: github.event_name == 'release' && github.event.action == 'published'
environment: release # approval
runs-on: ubuntu-24.04
env:
FORCE_COLOR: 1
PY_COLORS: 1
TOXENV: pkg
TOX_EXTRA_BINDEP: 0
steps:
- name: Switch to using Python 3.11 by default
uses: actions/setup-python@v5
with:
python-version: "3.11"
- name: Install tox
run: python3 -m pip install --user "tox>=4.0.0"
- name: Check out src from Git
uses: actions/checkout@v4
with:
fetch-depth: 0 # needed by setuptools-scm
submodules: true
- name: Build dists
run: python3 -m tox
- name: Publish to pypi.org
if: >- # "create" workflows run separately from "push" & "pull_request"
github.event_name == 'release'
uses: pypa/gh-action-pypi-publish@release/v1
forum-post:
if: github.event_name == 'release' && github.event.action == 'published'
needs:
- publish-wheel
- publish-ee
- publish-devspaces
runs-on: ubuntu-24.04
steps:
- name: Retreive the forum post script from team-devtools
run: curl -O https://raw.githubusercontent.com/ansible/team-devtools/main/.github/workflows/forum_post.py
- name: Run the forum post script
run: python3 forum_post.py ${{ github.event.repository.full_name }} ${{ github.event.release.tag_name }} ${{ secrets.FORUM_KEY }} ${{ secrets.FORUM_USER }}
push:
if: >
github.event_name == 'push' && contains(
fromJSON('["refs/heads/main", "refs/heads/releases", "refs/heads/stable"]'),
github.ref)
uses: ansible/team-devtools/.github/workflows/push.yml@main