Skip to content

Merge branch 'main' into dependabot/docker/python-3.13.0-slim #4361

Merge branch 'main' into dependabot/docker/python-3.13.0-slim

Merge branch 'main' into dependabot/docker/python-3.13.0-slim #4361

Workflow file for this run

name: "CI"
# The workflow should be triggered on any push and release events.
# Release events can push tags (triggering a push event).
# Therefore:
# - docker-publish-staging – is only triggered on push events to main branch
# - docker-publish-release – is only triggered on release events
on:
push:
pull_request:
release:
types: [ released ]
jobs:
flake8:
name: flake8
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- uses: actions/cache@v4
with:
path: ~/.cache/pip
key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements-dev.txt') }}
restore-keys: |
${{ runner.os }}-pip-
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.13.0'
- name: Install dependencies
run: |
pip install -U wheel setuptools
pip install -r requirements-dev.txt
- name: flake8
uses: liskin/gh-problem-matcher-wrap@v3
with:
linters: flake8
run: flake8
isort:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- uses: actions/cache@v4
with:
path: ~/.cache/pip
key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements-dev.txt') }}
restore-keys: |
${{ runner.os }}-pip-
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.13.0'
- name: Install dependencies
run: |
pip install -U wheel setuptools
pip install -r requirements-dev.txt
- name: isort
uses: liskin/gh-problem-matcher-wrap@v3
with:
linters: isort
run: isort --check --profile black src/
black:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- uses: actions/cache@v4
with:
path: ~/.cache/pip
key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements-dev.txt') }}
restore-keys: |
${{ runner.os }}-pip-
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.13.0'
- name: Install dependencies
run: |
pip install -U wheel setuptools
pip install -r requirements-dev.txt
- name: black
run: black --check src/
django-check:
runs-on: ubuntu-latest
services:
postgres:
image: postgres:13-alpine
env:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
ports:
- 5432:5432
env:
SECRET_KEY: 'insecure_key_for_dev'
POSTGRES_HOST: localhost
POSTGRES_PORT: 5432
AWS_ACCESS_KEY_ID: 'example-aws-access-key-id'
AWS_SECRET_ACCESS_KEY: 'example-aws-secret-access-key'
AWS_STORAGE_BUCKET_NAME: 'example-aws-storage-bucket-name'
steps:
- name: Check out repository code
uses: actions/checkout@v4
- uses: actions/cache@v4
with:
path: ~/.cache/pip
key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements-dev.txt') }}
restore-keys: |
${{ runner.os }}-pip-
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.13.0'
- name: Install dependencies
run: |
pip install -U wheel setuptools
pip install -r requirements-dev.txt
- name: Run mypy
run: mypy --strict src/chains src/safe_apps
- name: Check pending migrations
run: python src/manage.py makemigrations --check --dry-run
- name: Run migrations
run: python src/manage.py migrate
- name: Django System Check
run: python src/manage.py check
- name: Run tests with coverage
run: coverage run -m pytest src
- name: Coveralls
uses: coverallsapp/github-action@v2
docker-publish-staging:
if: (github.event_name == 'push' && github.ref == 'refs/heads/main')
needs: [ flake8, isort, black, django-check ]
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up QEMU
uses: docker/[email protected]
with:
platforms: arm64
- name: Set up Docker Buildx
uses: docker/[email protected]
- name: Cache Docker layers
uses: actions/cache@v4
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-
- name: Login to DockerHub
uses: docker/[email protected]
with:
username: ${{ secrets.DOCKER_USER }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Build and push
id: docker_build
uses: docker/[email protected]
with:
context: .
platforms: linux/amd64,linux/arm64
push: true
build-args: |
BUILD_NUMBER=${{ env.BUILD_NUMBER }}
VERSION=${{ github.ref_name }}
tags: safeglobal/safe-config-service:staging
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache-new
- # Temp fix
# https://github.com/docker/build-push-action/issues/252
# https://github.com/moby/buildkit/issues/1896
name: Move cache
run: |
rm -rf /tmp/.buildx-cache
mv /tmp/.buildx-cache-new /tmp/.buildx-cache
- name: Image digest
run: echo ${{ steps.docker_build.outputs.digest }}
docker-publish-release:
if: (github.event_name == 'release' && github.event.action == 'released')
needs: [ flake8, isort, black, django-check ]
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up QEMU
uses: docker/[email protected]
with:
platforms: arm64
- name: Set up Docker Buildx
uses: docker/[email protected]
- name: Cache Docker layers
uses: actions/cache@v4
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-
- name: Login to DockerHub
uses: docker/[email protected]
with:
username: ${{ secrets.DOCKER_USER }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Build and push
id: docker_build
uses: docker/[email protected]
with:
context: .
platforms: linux/amd64,linux/arm64
push: true
build-args: |
BUILD_NUMBER=${{ env.BUILD_NUMBER }}
VERSION=${{ github.ref_name }}
tags: |
safeglobal/safe-config-service:${{ github.event.release.tag_name }}
safeglobal/safe-config-service:latest
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache-new
- # Temp fix
# https://github.com/docker/build-push-action/issues/252
# https://github.com/moby/buildkit/issues/1896
name: Move cache
run: |
rm -rf /tmp/.buildx-cache
mv /tmp/.buildx-cache-new /tmp/.buildx-cache
- name: Image digest
run: echo ${{ steps.docker_build.outputs.digest }}
autodeploy:
runs-on: ubuntu-latest
needs: [docker-publish-staging]
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
steps:
- uses: actions/checkout@v4
- name: Deploy Staging
run: bash scripts/autodeploy.sh
env:
AUTODEPLOY_URL: ${{ secrets.AUTODEPLOY_URL }}
AUTODEPLOY_TOKEN: ${{ secrets.AUTODEPLOY_TOKEN }}
TARGET_ENV: "staging"