Merge branch 'develop' into fix/cleanup-pipelines #741
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This workflow will install Python dependencies, run tests and lint with a variety of Python versions | ||
# For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions | ||
name: Trestle Deploy | ||
on: | ||
push: | ||
branches: | ||
- main | ||
jobs: | ||
build: | ||
runs-on: ${{ matrix.os }} | ||
strategy: | ||
matrix: | ||
os: [ubuntu-latest, macos-latest, windows-latest] | ||
include: | ||
- os: ubuntu-latest | ||
path: ~/.cache/pip | ||
- os: macos-latest | ||
path: ~/Library/Caches/pip | ||
- os: windows-latest | ||
path: ~\AppData\Local\pip\Cache | ||
python-version: [${{ vars.PYTHON_MIN }}, ${{ vars.PYTHON_MAX }}] | ||
steps: | ||
- name: Don't mess with line endings | ||
run: | | ||
git config --global core.autocrlf false | ||
- uses: actions/checkout@v4 | ||
with: | ||
submodules: true | ||
- name: Set up Python ${{ matrix.python-version }} | ||
uses: actions/setup-python@v5 | ||
with: | ||
python-version: ${{ matrix.python-version }} | ||
- uses: actions/cache@v4 | ||
with: | ||
path: ${{ matrix.path }} | ||
key: ${{ matrix.os }}-${{ matrix.python-version }}-pip-${{ hashFiles('setup.cfg') }} | ||
restore-keys: | | ||
${{ matrix.os }}-${{ matrix.python-version }}-pip- | ||
- name: Install build tools | ||
run: | | ||
make develop | ||
- name: Setup pre-commit | ||
if: ${{ (matrix.os == 'ubuntu-latest' && matrix.python-version == vars.PYTHON_MAX) }} | ||
run: | | ||
make pre-commit | ||
- name: Install dependencies | ||
run: | | ||
make install | ||
- name: Run md document formatting (mdformat) | ||
if: ${{ (matrix.os == 'ubuntu-latest' && matrix.python-version == vars.PYTHON_MAX) }} | ||
run: | | ||
make mdformat | ||
- name: Run code formatting (yapf) | ||
if: ${{ (matrix.os == 'ubuntu-latest' && matrix.python-version == vars.PYTHON_MAX) }} | ||
run: | | ||
make code-format | ||
- name: Run code linting (flake8) | ||
if: ${{ (matrix.os == 'ubuntu-latest' && matrix.python-version == vars.PYTHON_MAX) }} | ||
run: | | ||
make code-lint | ||
- name: Run code typing check (mypy) | ||
if: ${{ (matrix.os == 'ubuntu-latest' && matrix.python-version == vars.PYTHON_MAX) }} | ||
continue-on-error: true | ||
run: | | ||
make code-typing | ||
- name: Validate website content (mkdocs) | ||
if: ${{ (matrix.os == 'ubuntu-latest' && matrix.python-version == vars.PYTHON_MAX) }} | ||
run: | | ||
make docs-validate | ||
- name: Pytest Fast | ||
if: ${{ !(matrix.os == 'ubuntu-latest' && matrix.python-version == vars.PYTHON_MAX) }} | ||
run: | | ||
make test | ||
- name: Pytest Cov | ||
if: ${{ matrix.os == 'ubuntu-latest' && matrix.python-version == vars.PYTHON_MAX }} | ||
run: | | ||
make test-cov | ||
deploy: | ||
runs-on: ubuntu-latest | ||
needs: build | ||
permissions: | ||
id-token: write | ||
environment: | ||
name: release | ||
url: https://pypi.org/p/compliance-trestle | ||
if: github.ref == 'refs/heads/main' && github.repository == 'oscal-compass/compliance-trestle' | ||
steps: | ||
- uses: actions/checkout@v4 | ||
with: | ||
submodules: true | ||
fetch-depth: 0 | ||
token: ${{ secrets.ADMIN_PAT }} | ||
- name: Set up Python ${{ vars.PYTHON_MAX }} | ||
uses: actions/setup-python@v5 | ||
with: | ||
python-version: ${{ vars.PYTHON_MAX }} | ||
- name: Install build tools | ||
run: | | ||
make develop | ||
# This action uses Python Semantic Release v8 | ||
- name: Python Semantic Release | ||
id: release | ||
uses: python-semantic-release/[email protected] | ||
with: | ||
github_token: ${{ secrets.ADMIN_PAT }} | ||
- name: Publish package distributions to PyPI | ||
uses: pypa/gh-action-pypi-publish@release/v1 | ||
# NOTE: DO NOT wrap the conditional in ${{ }} as it will always evaluate to true. | ||
# See https://github.com/actions/runner/issues/1173 | ||
if: steps.release.outputs.released == 'true' | ||
- name: Publish package distributions to GitHub Releases | ||
uses: python-semantic-release/[email protected] | ||
if: steps.release.outputs.released == 'true' | ||
with: | ||
github_token: ${{ secrets.ADMIN_PAT }} | ||
deploy-docs: | ||
runs-on: ubuntu-latest | ||
needs: deploy | ||
concurrency: | ||
group: ${{ github.ref }}-${{ github.workflow }}-${{ github.job }}-docs | ||
cancel-in-progress: true | ||
# Temporary hack: allow develop as well as master to deploy docs. | ||
if: github.ref == 'refs/heads/main' | ||
steps: | ||
- uses: actions/checkout@v4 | ||
with: | ||
submodules: true | ||
fetch-depth: 0 | ||
token: ${{ secrets.ADMIN_PAT }} | ||
- name: Set up Python ${{ vars.PYTHON_MAX }} | ||
uses: actions/setup-python@v5 | ||
# This is deliberately not using a custom credential as it relies on native github actions token to have push rights. | ||
with: | ||
python-version: ${{ vars.PYTHON_MAX }} | ||
- name: Install build tools | ||
run: | | ||
make develop | ||
- name: Create release | ||
shell: bash | ||
run: | | ||
mkdocs gh-deploy | ||
merge-main-to-develop: | ||
name: Merge main -> develop | ||
runs-on: ubuntu-latest | ||
needs: deploy | ||
concurrency: | ||
group: ${{ github.ref }}-${{ github.workflow }}-${{ github.job }}-main | ||
cancel-in-progress: true | ||
if: github.ref == 'refs/heads/main' | ||
steps: | ||
- uses: actions/checkout@v4 | ||
with: | ||
submodules: true | ||
ref: main | ||
fetch-depth: 0 | ||
token: ${{ secrets.ADMIN_PAT }} | ||
- name: Configure Git | ||
run: | | ||
git config user.name "Vikas Agarwal" | ||
git config user.email "<>" | ||
- name: Merge Main to Develop | ||
run: | | ||
git checkout develop | ||
git merge --no-ff main -m "chore: Merge back version tags and changelog into develop." | ||
git push origin develop |