Skip to content
Trestle Deploy

Merge pull request #1774 from oscal-compass/develop #749

Sign in to view logs

Merge pull request #1774 from oscal-compass/develop

Merge pull request #1774 from oscal-compass/develop #749

Workflow file for this run

.github/workflows/python-push.yml at 32bc1c9
# This workflow will install Python dependencies, run tests and lint with a variety of Python versions
# For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions
name: Trestle Deploy
on:
push:
branches:
- main
permissions: {}
jobs:
set-versions:
runs-on: ubuntu-latest
outputs:
min: ${{ steps.versions.outputs.min }}
max: ${{ steps.versions.outputs.max }}
steps:
- uses: actions/checkout@v4
- id: versions
run: |
min_version=$(jq '.PYTHON_MIN' -r version.json)
max_version=$(jq '.PYTHON_MAX' -r version.json)
echo "min=$min_version"
echo "max=$max_version"
echo "min=$min_version" >> $GITHUB_OUTPUT
echo "max=$max_version" >> $GITHUB_OUTPUT
build:
needs: set-versions
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-latest, macos-latest, windows-latest]
include:
- os: ubuntu-latest
path: ~/.cache/pip
- os: macos-latest
path: ~/Library/Caches/pip
- os: windows-latest
path: ~\AppData\Local\pip\Cache
python-version: [ '${{ needs.set-versions.outputs.min }}', '${{ needs.set-versions.outputs.max }}']
steps:
- name: Don't mess with line endings
run: |
git config --global core.autocrlf false
- uses: actions/checkout@v4
with:
submodules: true
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
- uses: actions/cache@v4
with:
path: ${{ matrix.path }}
key: ${{ matrix.os }}-${{ matrix.python-version }}-pip-${{ hashFiles('setup.cfg') }}
restore-keys: |
${{ matrix.os }}-${{ matrix.python-version }}-pip-
- name: Is core test version
id: core-version
run: echo "core=${{ (matrix.os == 'ubuntu-latest' && matrix.python-version == needs.set-versions.outputs.max ) }}" >> $GITHUB_OUTPUT
- name: Install build tools
run: |
make develop
- name: Setup pre-commit
if: steps.core-version.outputs.core == 'true'
run: |
make pre-commit
- name: Install dependencies
run: |
make install
- name: Run md document formatting (mdformat)
if: steps.core-version.outputs.core == 'true'
run: |
make mdformat
- name: Run code formatting (yapf)
if: steps.core-version.outputs.core == 'true'
run: |
make code-format
- name: Run code linting (flake8)
if: steps.core-version.outputs.core == 'true'
run: |
make code-lint
- name: Run code typing check (mypy)
if: steps.core-version.outputs.core == 'true'
continue-on-error: true
run: |
make code-typing
- name: Install documenation dependencies
if: steps.core-version.outputs.core == 'true'
run: |
make docs-ubuntu-deps
- name: Validate website content (mkdocs)
if: steps.core-version.outputs.core == 'true'
run: |
make docs-validate
- name: Pytest Fast
if: steps.core-version.outputs.core != 'true'
run: |
make test
- name: Pytest Cov
if: steps.core-version.outputs.core == 'true'
run: |
make test-cov
deploy:
runs-on: ubuntu-latest
needs: [ build, set-versions ]
permissions:
id-token: write
environment:
name: release
url: https://pypi.org/p/compliance-trestle
if: github.ref == 'refs/heads/main' && github.repository == 'oscal-compass/compliance-trestle'
steps:
- uses: actions/create-github-app-token@v1
id: app-token
with:
app-id: ${{ secrets.APP_ID }}
private-key: ${{ secrets.PRIVATE_KEY }}
- uses: actions/checkout@v4
with:
submodules: true
fetch-depth: 0
token: ${{ steps.app-token.outputs.token }}
- name: Set up Python ${{ needs.set-versions.outputs.max }}
uses: actions/setup-python@v5
with:
python-version: ${{ needs.set-versions.outputs.max }}
- name: Install build tools
run: |
make develop
# This action uses Python Semantic Release v8
- name: Python Semantic Release
id: release
uses: python-semantic-release/[email protected]
with:
github_token: ${{ steps.app-token.outputs.token }}
- name: Publish package distributions to PyPI
uses: pypa/gh-action-pypi-publish@release/v1
# NOTE: DO NOT wrap the conditional in ${{ }} as it will always evaluate to true.
# See https://github.com/actions/runner/issues/1173
if: steps.release.outputs.released == 'true'
- name: Publish package distributions to GitHub Releases
uses: python-semantic-release/[email protected]
if: steps.release.outputs.released == 'true'
with:
github_token: ${{ steps.app-token.outputs.token }}
merge-main-to-develop:
name: Merge main -> develop
runs-on: ubuntu-latest
needs: deploy
concurrency:
group: ${{ github.ref }}-${{ github.workflow }}-${{ github.job }}-main
cancel-in-progress: true
if: github.ref == 'refs/heads/main'
steps:
- uses: actions/create-github-app-token@v1
id: app-token
with:
app-id: ${{ secrets.APP_ID }}
private-key: ${{ secrets.PRIVATE_KEY }}
- uses: actions/checkout@v4
with:
submodules: true
ref: main
fetch-depth: 0
token: ${{ steps.app-token.outputs.token }}
- name: Get GitHub App User ID
id: get-user-id
run: echo "user-id=$(gh api "/users/${{ env.SLUG }}[bot]" --jq .id)" >> "$GITHUB_OUTPUT"
env:
GH_TOKEN: ${{ steps.app-token.outputs.token }}
SLUG: ${{ steps.app-token.outputs.app-slug }}
- name: Configure Git
run: |
git config --global user.name '${{ env.SLUG }}[bot]'
git config --global user.email '${{ env.ID }}+${{ env.SLUG }}[bot]@users.noreply.github.com'
env:
SLUG: ${{ steps.app-token.outputs.app-slug }}
ID: ${{ steps.get-user-id.outputs.user-id }}
# https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
- name: Merge Main to Develop
run: |
git checkout develop
git merge --no-ff main -m "chore: Merge back version tags and changelog into develop."
git push origin develop