Skip to content

Update actions/checkout action to v4.1.7 #217

Update actions/checkout action to v4.1.7

Update actions/checkout action to v4.1.7 #217

Workflow file for this run

---
# yamllint disable rule:line-length
name: "CI Workflow"
on: # yamllint disable-line rule:truthy
push:
branches:
- main
tags: ["*"]
pull_request:
# The branches below must be a subset of the branches above
branches:
- main
workflow_dispatch:
env:
CONTAINER_IMAGE: ghcr.io/johnstrunk/jira-summarizer
jobs:
pre-commit:
name: "Pre-commit checks"
runs-on: ubuntu-latest
steps:
- name: Checkout repository
# https://github.com/actions/checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Set up Python
# https://github.com/actions/setup-python
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
id: setup-py
with:
python-version: "3.12"
- name: Enable cache for pre-commit hooks
# https://github.com/actions/cache
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
with:
path: ~/.cache/pre-commit
key: pre-commit|${{ steps.setup-py.outputs.python-version}}|${{ hashFiles('.pre-commit-config.yaml') }}
restore-keys: |
pre-commit|${{ steps.setup-py.outputs.python-version}}|
pre-commit|
- name: Run pre-commit checks
run: pipx run --python ${{ steps.setup-py.outputs.python-version}} pre-commit run -a
- name: Run pre-commit gc
run: pipx run --python ${{ steps.setup-py.outputs.python-version}} pre-commit gc
tests:
name: "Tests"
runs-on: ubuntu-latest
steps:
- name: Checkout repository
# https://github.com/actions/checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Set up Python
# https://github.com/actions/setup-python
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
id: setup-py
with:
cache: 'pipenv'
python-version: "3.12"
- name: Install pipenv
run: pipx install --python ${{ steps.setup-py.outputs.python-version}} pipenv
- name: Install dependencies
run: pipenv install --dev
- name: Run tests
run: pipenv run pytest -v
devcontainer:
name: "Build devcontainer image"
runs-on: ubuntu-latest
steps:
- name: Checkout repository
# https://github.com/actions/checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Set up Docker Buildx
# https://github.com/docker/setup-buildx-action
uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0
id: setup-buildx
- name: Expose variables required for actions cache
# https://github.com/crazy-max/ghaction-github-runtime
uses: crazy-max/ghaction-github-runtime@b3a9207c0e1ef41f4cf215303c976869d0c2c1c4 # v3.0.0
- name: Build devcontainer
run: npx -- @devcontainers/cli build --workspace-folder . --cache-from type=gha,scope=devcontainer --cache-to type=gha,mode=max,scope=devcontainer
container:
name: "Build (and push) container image"
needs: [pre-commit, tests]
runs-on: ubuntu-latest
permissions:
attestations: write # For build attestation
contents: read
id-token: write # For build attestation
packages: write # Required to push to GitHub Container Registry
steps:
- name: Checkout repository
# https://github.com/actions/checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Set up Docker Buildx
# https://github.com/docker/setup-buildx-action
uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0
id: setup-buildx
- name: Login to GitHub Container Registry
# https://github.com/docker/login-action
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
if: github.event_name != 'pull_request'
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set container metadata
# https://github.com/docker/metadata-action
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
id: meta
env:
DOCKER_METADATA_ANNOTATIONS_LEVELS: index,manifest
with:
annotations: |
org.opencontainers.image.title=jira-summarizer
org.opencontainers.image.description=A simple bot that uses an AI model to summarize Jira issues
images: ${{ env.CONTAINER_IMAGE }}
labels: |
org.opencontainers.image.title=jira-summarizer
org.opencontainers.image.description=A simple bot that uses an AI model to summarize Jira issues
# semver lines are for mapping git tags to container tags
# v1.2.3 -> 1.2.3, 1.2, 1
# type=raw sets 'latest' to match the most recent commit on main
tags: |
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}},enable=${{ !startsWith(github.ref, 'refs/tags/v0.') }}
type=raw,value=latest,enable={{is_default_branch}}
- name: Build and push Docker image
id: push
# https://github.com/docker/build-push-action
uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5.4.0
with:
annotations: ${{ steps.meta.outputs.annotations }}
context: .
labels: ${{ steps.meta.outputs.labels }}
platforms: linux/amd64
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
# https://docs.docker.com/build/cache/backends/gha/
# Effect on build times (B&P step only):
# No caching: 44s
# Max mode, no cache: 79s
# Max mode, changed deps: 61s
# Max mode, changed code:
# Max mode, perfect hit: 8s
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Add image attestation
# Match the push condition above
if: github.event_name != 'pull_request'
# https://github.com/actions/attest-build-provenance
uses: actions/attest-build-provenance@49df96e17e918a15956db358890b08e61c704919 # v1.2.0
with:
subject-name: ${{ env.CONTAINER_IMAGE }}
subject-digest: ${{ steps.push.outputs.digest }}
push-to-registry: true
# This is a dummy job that can be used to determine success of CI:
# - by Mergify instead of having to list a bunch of other jobs
# - for branch protection rules
ci-success:
name: CI Workflow - Success
needs: [container, devcontainer, pre-commit, tests]
runs-on: ubuntu-latest
steps:
- name: Success
run: echo "Previous steps were successful"