Skip to content

📝 Update / fix of the doc #60

📝 Update / fix of the doc

📝 Update / fix of the doc #60

Workflow file for this run

name: DevOps
on:
[push, pull_request]
env:
pythonLastVersion: '3.11'
GHCR_REGISTRY: ghcr.io
IMAGE_NAME: llaumgui/seedboxsync
jobs:
##############################################################################
# Test python application
#
test_python:
runs-on: ubuntu-latest
name: Test Python
strategy:
fail-fast: false
matrix:
python-version: ['3.8', '3.9', '3.10', '3.11', '3.12']
steps:
- name: Git checkout
uses: actions/checkout@v4
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
- uses: actions/cache@v4
with:
path: ${{ env.pythonLocation }}
key: ${{ env.pythonLocation }}-${{ hashFiles('setup.py') }}-${{ hashFiles('dev-requirements.txt') }}
- name: Install Dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements.txt
pip install -r requirements-dev.txt
- name: Make all tests with make
run: make test
##############################################################################
# Markdownlint
#
test_markdownlint:
runs-on: ubuntu-latest
name: MarkdownLint
steps:
- name: Git checkout
uses: actions/checkout@v4
- name: markdownlint-cli
uses: nosborn/github-action-markdown-cli@v3.3.0
with:
files: "*.md docs/*.md"
config_file: ".markdownlint.yaml"
##############################################################################
# Dockerfile tests
#
test_dockerfiles:
if: ${{ github.event.schedule == '' }}
runs-on: ubuntu-latest
name: Linters for Dockerfile
steps:
- name: Git checkout
uses: actions/checkout@v4
- name: hadolint
uses: hadolint/hadolint-action@v3.1.0
with:
recursive: true
##############################################################################
# SonarCloud job
#
test_sonar:
if: ${{ github.event_name != 'pull_request' && github.actor != 'dependabot[bot]' }}
needs: [
test_python,
test_markdownlint,
test_dockerfiles
]
runs-on: ubuntu-latest
name: SonarCloud analyse
steps:
- name: Git checkout
uses: actions/checkout@v4
with:
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
- name: SonarCloud Scan
uses: sonarsource/sonarcloud-github-action@master
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
with:
args: >
-Dsonar.verbose=true
##############################################################################
# Package job
#
package:
needs: [
test_sonar
]
runs-on: ubuntu-latest
name: Build package
steps:
- name: Git checkout
uses: actions/checkout@v4
- name: Set up Python ${{ env.pythonLastVersion }}
uses: actions/setup-python@v5
with:
python-version: ${{ env.pythonLastVersion }}
- uses: actions/cache@v4
with:
path: ${{ env.pythonLocation }}
key: ${{ env.pythonLocation }}-${{ hashFiles('setup.py') }}-${{ hashFiles('dev-requirements.txt') }}
- name: Install Dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements.txt
pip install -r requirements-dev.txt
- name: Package
run: make dist
- name: Archive package
uses: actions/upload-artifact@v4
with:
name: seedboxsync-${{ github.sha }}.tar.gz
path: dist/*.tar.gz
##############################################################################
# Build and tests Docker image
#
test_docker:
needs: [
test_sonar
]
runs-on: ubuntu-latest
name: Build and test docker images
steps:
- name: Git checkout
uses: actions/checkout@v4
# Extract metadata (tags, labels) for Docker
# https://github.com/docker/metadata-action
- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@v5
with:
images:
${{ env.IMAGE_NAME }}
# Build and push Docker image with Buildx (don't push on PR)
# https://github.com/docker/build-push-action
- name: Build Docker image
uses: docker/build-push-action@v5
with:
tags: |
${{ env.IMAGE_NAME }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=registry,ref=${{ env.IMAGE_NAME }}
cache-to: type=inline
# Test with Trivy
# https://github.com/aquasecurity/trivy-action
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ env.IMAGE_NAME }}
format: 'template'
template: '@/contrib/sarif.tpl'
output: 'trivy-results.sarif'
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: 'trivy-results.sarif'
##############################################################################
# Build and deploy job (only on main)
#
docker_build_deploy:
if: ${{ github.event_name != 'pull_request' && ( github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v') ) }}
needs: [
test_docker
]
runs-on: ubuntu-latest
name: Build and deploy docker images
steps:
- name: Git checkout
uses: actions/checkout@v4
# Login against 2 Docker registries except on PR
# https://github.com/docker/login-action
- name: Log in to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Log into registry ${{ env.GHCR_REGISTRY }}
uses: docker/login-action@v3
with:
registry: ${{ env.GHCR_REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
# Extract metadata (tags, labels) for Docker
# https://github.com/docker/metadata-action
- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@v5
with:
images: |
${{ env.IMAGE_NAME }}
${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }}
# Build and push Docker image with Buildx (don't push on PR)
# https://github.com/docker/build-push-action
- name: Build and push Docker image
if: ${{ github.ref == 'refs/heads/main' }}
uses: docker/build-push-action@v5
with:
push: ${{ github.event_name != 'pull_request' }}
tags: |
${{ env.IMAGE_NAME }}:main
${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }}:main
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=registry,ref=${{ env.IMAGE_NAME }}:main
cache-to: type=inline
- name: Set env
if: ${{ startsWith(github.ref, 'refs/tags/v') }}
run: echo "RELEASE_VERSION=${GITHUB_REF:11}" >> $GITHUB_ENV
- name: Build and push Docker image
if: ${{ startsWith(github.ref, 'refs/tags/v') }}
uses: docker/build-push-action@v5
with:
push: ${{ github.event_name != 'pull_request' }}
tags: |
${{ env.IMAGE_NAME }}:${{ env.RELEASE_VERSION }}
${{ env.IMAGE_NAME }}:latest
${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.RELEASE_VERSION }}
${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }}:latest
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=registry,ref=${{ env.IMAGE_NAME }}:latest
cache-to: type=inline
##############################################################################
# Release job
#
release:
if: ${{ startsWith(github.ref, 'refs/tags/v') }}
needs: [
package,
]
runs-on: ubuntu-latest
name: Release on GitHub and PyPi
steps:
- name: Git checkout
uses: actions/checkout@v4
- name: Set env
run: echo "RELEASE_VERSION=${GITHUB_REF:11}" >> $GITHUB_ENV
- name: Set up Python ${{ env.pythonLastVersion }}
uses: actions/setup-python@v5
with:
python-version: ${{ env.pythonLastVersion }}
- uses: actions/cache@v4
with:
path: ${{ env.pythonLocation }}
key: ${{ env.pythonLocation }}-${{ hashFiles('setup.py') }}-${{ hashFiles('dev-requirements.txt') }}
- name: Install Dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements.txt
pip install -r requirements-dev.txt
- name: Package
run: make dist
- name: Create GitHub release
id: create_release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ github.ref }}
release_name: Release ${{ github.ref }}
body: |
Changes in this Release
- First Change
- Second Change
draft: true
prerelease: false
- name: Upload asset in GitHub release
id: upload-release-asset
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps
asset_path: dist/seedboxsync-${{ env.RELEASE_VERSION }}.tar.gz
asset_name: seedboxsync-${{ env.RELEASE_VERSION }}.tar.gz
asset_content_type: application/tar+gzip
- name: Publish package
uses: pypa/gh-action-pypi-publish@master
with:
user: __token__
password: ${{ secrets.PYPI_PASSWORD }}