Pin runner images to specific versions #8
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: ci/cd | |
on: [push, pull_request] | |
jobs: | |
lint: | |
runs-on: ubuntu-24.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install uv | |
uses: astral-sh/setup-uv@v5 | |
with: | |
enable-cache: true | |
- name: Set up python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: "3.9" | |
- name: Lint | |
run: make lint | |
test: | |
runs-on: ${{ matrix.os }} | |
strategy: | |
matrix: | |
os: | |
- ubuntu-24.04 # renovate: github-runner | |
- macos-14 # renovate: github-runner | |
- windows-2022 # renovate: github-runner | |
python-version: | |
- "3.9" | |
- "3.10" | |
- "3.11" | |
- "3.12" | |
- "3.13" | |
- "pypy3.9" | |
- "pypy3.10" | |
fail-fast: false | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install uv | |
uses: astral-sh/setup-uv@v5 | |
with: | |
enable-cache: true | |
- name: Set up python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ matrix.python-version }} | |
allow-prereleases: true | |
- name: Test | |
env: | |
COVERAGE_FILE: .coverage.${{ matrix.os }}.${{ matrix.python-version }} | |
run: make pytest | |
- name: Upload coverage data | |
uses: actions/upload-artifact@v4 | |
with: | |
name: coverage-data-${{ matrix.os }}-${{ matrix.python-version }} | |
path: .coverage.${{ matrix.os }}.${{ matrix.python-version }} | |
include-hidden-files: true | |
coverage: | |
runs-on: ubuntu-24.04 | |
needs: test | |
outputs: | |
percentage: ${{ steps.percentage.outputs.percentage }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install Coverage.py | |
run: pipx install coverage[toml] | |
- name: Download coverage data | |
uses: actions/download-artifact@v4 | |
with: | |
pattern: coverage-data-* | |
merge-multiple: true | |
- name: Combine data | |
run: coverage combine | |
- name: Output coverage percentage | |
id: percentage | |
run: | | |
coverage json | |
echo "percentage=$(jq '.totals.percent_covered_display' coverage.json)" >> $GITHUB_OUTPUT | |
- name: Save coverage report | |
run: coverage report --format=markdown >> $GITHUB_STEP_SUMMARY | |
- name: Ensure 100% coverage | |
run: coverage report --fail-under=100 | |
coverage-badge: | |
runs-on: ubuntu-24.04 | |
needs: coverage | |
if: github.event_name == 'push' && github.ref_name == 'main' | |
permissions: | |
contents: write | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
ref: "coverage-badge" | |
- name: Calculate badge color | |
id: color | |
run: | | |
echo "color=$(python3 -Ic 'print( | |
min( | |
(percentage, color) | |
for percentage, color in [ | |
(100, "brightgreen"), | |
(90, "green"), | |
(70, "yellowgreen"), | |
(50, "yellow"), | |
(30, "orange"), | |
(0, "red"), | |
] | |
if percentage >= int(${{ needs.coverage.outputs.percentage }}) | |
)[1] | |
)')" >> $GITHUB_OUTPUT | |
- name: Update JSON file | |
run: | | |
jq -n \ | |
--argjson schemaVersion 1 \ | |
--arg label coverage \ | |
--arg message ${{ needs.coverage.outputs.percentage }}% \ | |
--arg color ${{ steps.color.outputs.color }} \ | |
'$ARGS.named' > coverage-badge.json | |
- name: Create commit | |
run: | | |
git config user.name 'github-actions[bot]' | |
git config user.email '41898282+github-actions[bot]@users.noreply.github.com' | |
git commit -am "Update coverage" && git push || true | |
build: | |
runs-on: ubuntu-24.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install uv | |
uses: astral-sh/setup-uv@v5 | |
with: | |
enable-cache: true | |
- name: Build project | |
run: uv build | |
- name: Upload artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: artifacts | |
path: dist/* | |
if-no-files-found: error | |
pypi-publish: | |
runs-on: ubuntu-24.04 | |
needs: | |
- lint | |
- test | |
- coverage | |
- build | |
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags') | |
environment: pypi-publish | |
permissions: | |
id-token: write | |
steps: | |
- name: Download artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
name: artifacts | |
path: dist | |
- name: Publish to PyPI | |
uses: pypa/gh-action-pypi-publish@release/v1 | |
lint-spec-parser: | |
runs-on: ubuntu-24.04 | |
defaults: | |
run: | |
working-directory: spec_parser | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install uv | |
uses: astral-sh/setup-uv@v5 | |
with: | |
enable-cache: true | |
- name: Set up python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: "3.9" | |
- name: Lint | |
run: make lint | |
dummy-required-job: | |
runs-on: ubuntu-24.04 | |
needs: | |
- lint | |
- test | |
- coverage | |
- build | |
- lint-spec-parser | |
if: always() | |
steps: | |
- run: exit 1 | |
if: ${{ contains( needs.*.result, 'failure' ) || contains( needs.*.result, 'cancelled' ) }} |