Merge pull request #418 from renovate-bot/renovate/renovatebot-pre-co… #950
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
# yamllint disable rule:line-length | |
name: "CI Workflow" | |
on: # yamllint disable-line rule:truthy | |
push: | |
branches: | |
- main | |
tags: ["*"] | |
pull_request: | |
# The branches below must be a subset of the branches above | |
branches: | |
- main | |
workflow_dispatch: | |
env: | |
CONTAINER_IMAGE: ghcr.io/johnstrunk/jira-summarizer | |
jobs: | |
pre-commit: | |
name: "Pre-commit checks" | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout repository | |
# https://github.com/actions/checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Set up Python | |
# https://github.com/actions/setup-python | |
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 | |
id: setup-py | |
with: | |
python-version: "3.12" | |
- name: Enable cache for pre-commit hooks | |
# https://github.com/actions/cache | |
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 | |
with: | |
path: ~/.cache/pre-commit | |
key: pre-commit|${{ steps.setup-py.outputs.python-version}}|${{ hashFiles('.pre-commit-config.yaml') }} | |
restore-keys: | | |
pre-commit|${{ steps.setup-py.outputs.python-version}}| | |
pre-commit| | |
- name: Run pre-commit checks | |
run: pipx run --python ${{ steps.setup-py.outputs.python-version}} pre-commit run -a | |
- name: Run pre-commit gc | |
run: pipx run --python ${{ steps.setup-py.outputs.python-version}} pre-commit gc | |
tests: | |
name: "Tests" | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout repository | |
# https://github.com/actions/checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Set up Python | |
# https://github.com/actions/setup-python | |
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 | |
id: setup-py | |
with: | |
cache: 'pipenv' | |
python-version: "3.12" | |
- name: Install pipenv | |
run: pipx install --python ${{ steps.setup-py.outputs.python-version}} pipenv | |
- name: Install dependencies | |
run: pipenv install --dev | |
- name: Run tests | |
run: pipenv run pytest -v | |
devcontainer: | |
name: "Build devcontainer image" | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout repository | |
# https://github.com/actions/checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Set up Docker Buildx | |
# https://github.com/docker/setup-buildx-action | |
uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 | |
id: setup-buildx | |
- name: Expose variables required for actions cache | |
# https://github.com/crazy-max/ghaction-github-runtime | |
uses: crazy-max/ghaction-github-runtime@b3a9207c0e1ef41f4cf215303c976869d0c2c1c4 # v3.0.0 | |
- name: Build devcontainer | |
run: npx -- @devcontainers/cli build --workspace-folder . --cache-from type=gha,scope=devcontainer --cache-to type=gha,mode=max,scope=devcontainer | |
container: | |
name: "Build (and push) container image" | |
needs: [pre-commit, tests] | |
runs-on: ubuntu-latest | |
permissions: | |
attestations: write # For build attestation | |
contents: read | |
id-token: write # For build attestation | |
packages: write # Required to push to GitHub Container Registry | |
steps: | |
- name: Checkout repository | |
# https://github.com/actions/checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Set up Docker Buildx | |
# https://github.com/docker/setup-buildx-action | |
uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 | |
id: setup-buildx | |
- name: Login to GitHub Container Registry | |
# https://github.com/docker/login-action | |
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
if: github.event_name != 'pull_request' | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Set container metadata | |
# https://github.com/docker/metadata-action | |
uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 | |
id: meta | |
env: | |
DOCKER_METADATA_ANNOTATIONS_LEVELS: index,manifest | |
with: | |
annotations: | | |
org.opencontainers.image.title=jira-summarizer | |
org.opencontainers.image.description=A simple bot that uses an AI model to summarize Jira issues | |
images: ${{ env.CONTAINER_IMAGE }} | |
labels: | | |
org.opencontainers.image.title=jira-summarizer | |
org.opencontainers.image.description=A simple bot that uses an AI model to summarize Jira issues | |
# semver lines are for mapping git tags to container tags | |
# v1.2.3 -> 1.2.3, 1.2, 1 | |
# type=raw sets 'latest' to match the most recent commit on main | |
tags: | | |
type=semver,pattern={{version}} | |
type=semver,pattern={{major}}.{{minor}} | |
type=semver,pattern={{major}},enable=${{ !startsWith(github.ref, 'refs/tags/v0.') }} | |
type=raw,value=latest,enable={{is_default_branch}} | |
- name: Build and push Docker image | |
id: push | |
# https://github.com/docker/build-push-action | |
uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 | |
with: | |
annotations: ${{ steps.meta.outputs.annotations }} | |
context: . | |
labels: ${{ steps.meta.outputs.labels }} | |
platforms: linux/amd64 | |
push: ${{ github.event_name != 'pull_request' }} | |
tags: ${{ steps.meta.outputs.tags }} | |
# https://docs.docker.com/build/cache/backends/gha/ | |
# Effect on build times (B&P step only): | |
# No caching: 44s | |
# Max mode, no cache: 79s | |
# Max mode, changed deps: 61s | |
# Max mode, changed code: | |
# Max mode, perfect hit: 8s | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
- name: Add image attestation | |
# Match the push condition above | |
if: github.event_name != 'pull_request' | |
# https://github.com/actions/attest-build-provenance | |
uses: actions/attest-build-provenance@ef244123eb79f2f7a7e75d99086184180e6d0018 # v1.4.4 | |
with: | |
subject-name: ${{ env.CONTAINER_IMAGE }} | |
subject-digest: ${{ steps.push.outputs.digest }} | |
push-to-registry: true | |
# This is a dummy job that can be used to determine success of CI: | |
# - by Mergify instead of having to list a bunch of other jobs | |
# - for branch protection rules | |
ci-success: | |
name: CI Workflow - Success | |
needs: [container, devcontainer, pre-commit, tests] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Success | |
run: echo "Previous steps were successful" |