build #3100
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: build | |
| on: | |
| push: | |
| branches: [main, staging] | |
| pull_request: | |
| branches: [main] | |
| repository_dispatch: | |
| types: [build] | |
| jobs: | |
| # just tests on production | |
| prod-only: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.10' | |
| cache: 'pip' | |
| cache-dependency-path: '.github/workflows/build.yml' | |
| - uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: eu-central-1 | |
| - run: pip install -U laminci | |
| - run: nox -s lint | |
| - run: nox -s "install(group='prod-only')" | |
| - run: nox -s "build(lamin_env='prod', group='prod-only')" | |
| - uses: actions/upload-artifact@v2 | |
| with: | |
| name: coverage--prod-only | |
| path: .coverage | |
| # tests on both production and staging | |
| prod-staging: | |
| runs-on: ubuntu-22.04 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| lamin_env: | |
| - 'staging' | |
| - 'prod' | |
| timeout-minutes: 15 | |
| steps: | |
| - uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: eu-central-1 | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.10' | |
| cache: 'pip' | |
| cache-dependency-path: '.github/workflows/build.yml' | |
| - name: checkout laminhub-rest | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: laminlabs/laminhub-rest | |
| token: ${{ secrets.GH_TOKEN_DEPLOY_LAMINAPP }} | |
| path: laminhub-rest | |
| ref: main | |
| - uses: actions/cache@v3 | |
| with: | |
| path: ~/.cache/pre-commit | |
| key: pre-commit-${{ runner.os }}-${{ hashFiles('.pre-commit-config.yaml') }} | |
| - id: cache-postgres | |
| uses: actions/cache@v3 | |
| with: | |
| path: ~/postgres.tar | |
| key: cache-postgres-0 | |
| - if: steps.cache-postgres.outputs.cache-hit != 'true' | |
| run: docker pull postgres:latest && docker image save postgres:latest --output ~/postgres.tar | |
| - if: steps.cache-postgres.outputs.cache-hit == 'true' | |
| run: docker image load --input ~/postgres.tar | |
| - run: pip install -U laminci | |
| - uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: eu-central-1 | |
| # account for in a different job | |
| # - uses: "google-github-actions/auth@v0" | |
| # with: | |
| # credentials_json: "${{ secrets.GCP_CREDENTIALS }}" | |
| # - uses: "google-github-actions/setup-gcloud@v0" | |
| - run: nox -s "install(group='prod-staging')" | |
| - run: nox -s "build(lamin_env='${{ matrix.lamin_env }}', group='prod-staging')" | |
| - uses: actions/upload-artifact@v2 | |
| if: ${{ matrix.lamin_env == 'prod' }} | |
| with: | |
| name: coverage--prod-staging | |
| path: .coverage | |
| # a test group for testing user access to storage | |
| storage: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.10' | |
| cache: 'pip' | |
| cache-dependency-path: '.github/workflows/build.yml' | |
| - run: pip install -U laminci | |
| - run: nox -s "install(group='storage')" | |
| - run: nox -s storage | |
| env: | |
| TEST_INSTANCE_PRIVATE_POSTGRES: ${{ secrets.TEST_INSTANCE_PRIVATE_POSTGRES }} | |
| TMP_AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| TMP_AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| - uses: actions/upload-artifact@v2 | |
| with: | |
| name: coverage--storage | |
| path: .coverage | |
| # a test group for testing low-level hub functionality | |
| hub-local: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 15 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: checkout laminhub-rest | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: laminlabs/laminhub-rest | |
| token: ${{ secrets.GH_TOKEN_DEPLOY_LAMINAPP }} | |
| path: laminhub-rest | |
| ref: main | |
| - uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.10' | |
| cache: 'pip' | |
| cache-dependency-path: '.github/workflows/build.yml' | |
| - run: pip install -U laminci | |
| - run: nox -s "install(group='hub-local')" | |
| - id: cache-supabase | |
| uses: actions/cache@v3 | |
| with: | |
| path: /var/lib/docker | |
| key: cache-supabase | |
| - uses: supabase/setup-cli@v1 | |
| - run: nox -s hub_local | |
| - uses: actions/upload-artifact@v2 | |
| with: | |
| name: coverage--hub-local | |
| path: .coverage | |
| coverage: | |
| needs: [prod-only, prod-staging, storage, hub-local] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.10' | |
| cache: 'pip' | |
| cache-dependency-path: '.github/workflows/build.yml' | |
| - run: | | |
| pip install coverage[toml] | |
| pip install --no-deps . | |
| - uses: actions/download-artifact@v2 | |
| - name: run coverage | |
| run: | | |
| coverage combine coverage--*/.coverage* | |
| coverage report --fail-under=0 | |
| coverage xml | |
| - uses: codecov/codecov-action@v2 | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| docs: | |
| needs: prod-staging | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: eu-central-1 | |
| - uses: actions/checkout@v4 | |
| with: | |
| submodules: recursive | |
| fetch-depth: 0 | |
| - name: checkout lndocs | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: laminlabs/lndocs | |
| ssh-key: ${{ secrets.READ_LNDOCS }} | |
| path: lndocs | |
| ref: main | |
| - uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.10' | |
| cache: 'pip' | |
| cache-dependency-path: '.github/workflows/build.yml' | |
| - run: pip install -U laminci | |
| - run: nox -s "install(group='storage')" | |
| - uses: actions/download-artifact@v2 | |
| - run: nox -s docs | |
| - uses: nwtgck/actions-netlify@v1.2 | |
| with: | |
| publish-dir: '_build/html' | |
| production-deploy: ${{ github.event_name == 'push' }} | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| enable-commit-comment: false | |
| env: | |
| NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }} | |
| NETLIFY_SITE_ID: ${{ secrets.NETLIFY_SITE_ID }} | |
| notify: | |
| if: always() | |
| # this here is only for notifying developers of laminhub-rest | |
| # hence, it only needs groups hub-local and prod-staging | |
| needs: [hub-local, prod-staging] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: voxmedia/github-action-slack-notify-build@v1 | |
| if: ${{ needs.hub-local.result == 'success' && needs.prod-staging.result == 'success' && github.event_name == 'repository_dispatch' }} | |
| env: | |
| SLACK_BOT_TOKEN: ${{ secrets.SLACK_GITHUB_ACTION }} | |
| with: | |
| channel: web-hub-tests | |
| status: SUCCESS | |
| color: good | |
| - uses: voxmedia/github-action-slack-notify-build@v1 | |
| if: ${{ ( needs.hub-local.result == 'failure' || needs.prod-staging.result == 'failure' ) && github.event_name == 'repository_dispatch' }} | |
| env: | |
| SLACK_BOT_TOKEN: ${{ secrets.SLACK_GITHUB_ACTION }} | |
| with: | |
| channel: web-hub-tests | |
| status: FAILURE | |
| color: danger |