Skip to content

Merge pull request #445 from renovate-bot/renovate/docker-setup-build… #1032

Merge pull request #445 from renovate-bot/renovate/docker-setup-build…

Merge pull request #445 from renovate-bot/renovate/docker-setup-build… #1032

Workflow file for this run

---
# yamllint disable rule:line-length
name: "CI Workflow"
on: # yamllint disable-line rule:truthy
push:
branches:
- main
tags: ["*"]
pull_request:
# The branches below must be a subset of the branches above
branches:
- main
workflow_dispatch:
env:
CONTAINER_IMAGE: ghcr.io/johnstrunk/jira-summarizer
jobs:
pre-commit:
name: "Pre-commit checks"
runs-on: ubuntu-latest
steps:
- name: Checkout repository
# https://github.com/actions/checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up Python
# https://github.com/actions/setup-python
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
id: setup-py
with:
python-version: "3.12"
- name: Enable cache for pre-commit hooks
# https://github.com/actions/cache
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: ~/.cache/pre-commit
key: pre-commit|${{ steps.setup-py.outputs.python-version}}|${{ hashFiles('.pre-commit-config.yaml') }}
restore-keys: |
pre-commit|${{ steps.setup-py.outputs.python-version}}|
pre-commit|
- name: Run pre-commit checks
run: pipx run --python ${{ steps.setup-py.outputs.python-version}} pre-commit run -a
- name: Run pre-commit gc
run: pipx run --python ${{ steps.setup-py.outputs.python-version}} pre-commit gc
tests:
name: "Tests"
runs-on: ubuntu-latest
steps:
- name: Checkout repository
# https://github.com/actions/checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up Python
# https://github.com/actions/setup-python
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
id: setup-py
with:
cache: 'pipenv'
python-version: "3.12"
- name: Install pipenv
run: pipx install --python ${{ steps.setup-py.outputs.python-version}} pipenv
- name: Install dependencies
run: pipenv install --dev
- name: Run tests
run: pipenv run pytest -v
devcontainer:
name: "Build devcontainer image"
runs-on: ubuntu-latest
steps:
- name: Checkout repository
# https://github.com/actions/checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up Docker Buildx
# https://github.com/docker/setup-buildx-action
uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0
id: setup-buildx
- name: Expose variables required for actions cache
# https://github.com/crazy-max/ghaction-github-runtime
uses: crazy-max/ghaction-github-runtime@b3a9207c0e1ef41f4cf215303c976869d0c2c1c4 # v3.0.0
- name: Build devcontainer
run: npx -- @devcontainers/cli build --workspace-folder . --cache-from type=gha,scope=devcontainer --cache-to type=gha,mode=max,scope=devcontainer
container:
name: "Build (and push) container image"
needs: [pre-commit, tests]
runs-on: ubuntu-latest
permissions:
attestations: write # For build attestation
contents: read
id-token: write # For build attestation
packages: write # Required to push to GitHub Container Registry
steps:
- name: Checkout repository
# https://github.com/actions/checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up Docker Buildx
# https://github.com/docker/setup-buildx-action
uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0
id: setup-buildx
- name: Login to GitHub Container Registry
# https://github.com/docker/login-action
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
if: github.event_name != 'pull_request'
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set container metadata
# https://github.com/docker/metadata-action
uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1
id: meta
env:
DOCKER_METADATA_ANNOTATIONS_LEVELS: index,manifest
with:
annotations: |
org.opencontainers.image.title=jira-summarizer
org.opencontainers.image.description=A simple bot that uses an AI model to summarize Jira issues
images: ${{ env.CONTAINER_IMAGE }}
labels: |
org.opencontainers.image.title=jira-summarizer
org.opencontainers.image.description=A simple bot that uses an AI model to summarize Jira issues
# semver lines are for mapping git tags to container tags
# v1.2.3 -> 1.2.3, 1.2, 1
# type=raw sets 'latest' to match the most recent commit on main
tags: |
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}},enable=${{ !startsWith(github.ref, 'refs/tags/v0.') }}
type=raw,value=latest,enable={{is_default_branch}}
- name: Build and push Docker image
id: push
# https://github.com/docker/build-push-action
uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0
with:
annotations: ${{ steps.meta.outputs.annotations }}
context: .
labels: ${{ steps.meta.outputs.labels }}
platforms: linux/amd64
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
# https://docs.docker.com/build/cache/backends/gha/
# Effect on build times (B&P step only):
# No caching: 44s
# Max mode, no cache: 79s
# Max mode, changed deps: 61s
# Max mode, changed code:
# Max mode, perfect hit: 8s
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Add image attestation
# Match the push condition above
if: github.event_name != 'pull_request'
# https://github.com/actions/attest-build-provenance
uses: actions/attest-build-provenance@7668571508540a607bdfd90a87a560489fe372eb # v2.1.0
with:
subject-name: ${{ env.CONTAINER_IMAGE }}
subject-digest: ${{ steps.push.outputs.digest }}
push-to-registry: true
# This is a dummy job that can be used to determine success of CI:
# - by Mergify instead of having to list a bunch of other jobs
# - for branch protection rules
ci-success:
name: CI Workflow - Success
needs: [container, devcontainer, pre-commit, tests]
runs-on: ubuntu-latest
steps:
- name: Success
run: echo "Previous steps were successful"