Merge pull request #1759 from SURFscz/dependabot/pip/server/mysqlclie… #5685
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: CI | |
on: | |
# Triggers the workflow on push or pull request events | |
push: | |
pull_request: | |
release: | |
tags: | |
- 'v*' | |
types: [published] | |
# Allows you to run this workflow manually from the Actions tab | |
workflow_dispatch: | |
env: | |
REGISTRY: ghcr.io | |
IMAGE_NAME_SBS: surfscz/sram-sbs | |
IMAGE_NAME_SERVER: surfscz/sram-sbs-server | |
IMAGE_NAME_CLIENT: surfscz/sram-sbs-client | |
jobs: | |
Server_tests: | |
name: Server tests | |
runs-on: ubuntu-latest | |
# Test different python versions | |
strategy: | |
fail-fast: false | |
matrix: | |
python-version: [ '3.9', '3.11', '3.12', '3.13' ] | |
services: | |
# How to use MySQL | |
mysql: | |
image: mysql:5.7 | |
env: | |
MYSQL_ROOT_PASSWORD: root | |
ports: | |
- 3306:3306 | |
options: --health-cmd="mysqladmin ping" --health-interval=10s --health-timeout=5s --health-retries=3 | |
redis: | |
# Docker Hub image | |
image: redis | |
# Set health checks to wait until redis has started | |
options: >- | |
--health-cmd "redis-cli ping" | |
--health-interval 10s | |
--health-timeout 5s | |
--health-retries 5 | |
ports: | |
# Maps port 6379 on service container to the host | |
- 6379:6379 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Setup mysql server | |
run: > | |
mysql -uroot -proot -h127.0.0.1 -e " | |
DROP DATABASE IF EXISTS sbs_test; | |
CREATE DATABASE IF NOT EXISTS sbs_test DEFAULT CHARACTER SET utf8mb4 DEFAULT COLLATE utf8mb4_unicode_ci; | |
CREATE DATABASE IF NOT EXISTS sbs_gw0 DEFAULT CHARACTER SET utf8mb4 DEFAULT COLLATE utf8mb4_unicode_ci; | |
CREATE DATABASE IF NOT EXISTS sbs_gw1 DEFAULT CHARACTER SET utf8mb4 DEFAULT COLLATE utf8mb4_unicode_ci; | |
CREATE DATABASE IF NOT EXISTS sbs_gw2 DEFAULT CHARACTER SET utf8mb4 DEFAULT COLLATE utf8mb4_unicode_ci; | |
CREATE DATABASE IF NOT EXISTS sbs_gw3 DEFAULT CHARACTER SET utf8mb4 DEFAULT COLLATE utf8mb4_unicode_ci; | |
CREATE USER 'sbs'@'%' IDENTIFIED BY 'sbs'; | |
GRANT ALL PRIVILEGES ON *.* TO 'sbs'@'%' WITH GRANT OPTION; | |
" | |
- name: Load SBS schema | |
# not strictly necessary, but it avoids running 200+ migrations during tests | |
run: | | |
mysql -uroot -proot -h127.0.0.1 sbs_gw0 < misc/sbs-db.sql; | |
mysql -uroot -proot -h127.0.0.1 sbs_gw1 < misc/sbs-db.sql; | |
mysql -uroot -proot -h127.0.0.1 sbs_gw2 < misc/sbs-db.sql; | |
mysql -uroot -proot -h127.0.0.1 sbs_gw3 < misc/sbs-db.sql; | |
- name: Install SAML2 dependencies | |
run: | | |
sudo apt-get update | |
sudo apt-get install -y libxml2-dev libxmlsec1-dev libxml2 | |
- name: Set up Python ${{ matrix.python-version }} | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ matrix.python-version }} | |
cache: 'pip' | |
cache-dependency-path: 'server/requirements/*.txt' | |
- name: Display Python version | |
run: | | |
python -c "import sys; print(sys.version)" | |
echo coverage: .${{ matrix.coverage }}. | |
- name: Install dependencies | |
run: | | |
python -m pip install pip setuptools wheel | |
pip install --upgrade pip | |
pip install -r ./server/requirements/test.txt | |
pip install flake8 | |
# Setup tmate session | |
#- name: Setup tmate session | |
# uses: mxschmitt/action-tmate@v3 | |
- name: Run flake8 | |
run: | | |
cd ./server | |
flake8 . | |
- name: Run tests with coverage | |
run: | | |
cd ./server | |
coverage run -m pytest test --cov-report xml --cov=server --numprocesses=4 | |
timeout-minutes: 20 | |
- name: Upload coverage to Codecov | |
uses: codecov/codecov-action@v4 | |
with: | |
token: ${{ secrets.CODECOV_TOKEN }} | |
if: success() | |
Client_build: | |
name: Client build | |
runs-on: ubuntu-latest | |
steps: | |
- name: Run errands | |
run: | | |
sudo apt -y install curl | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Get yarn cache directory path | |
id: yarn-cache-dir-path | |
run: echo "DIR=$(yarn cache dir)" >> $GITHUB_OUTPUT | |
- uses: actions/cache@v4 | |
id: yarn-cache | |
with: | |
path: ${{ steps.yarn-cache-dir-path.outputs.DIR }} | |
key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }} | |
restore-keys: | | |
${{ runner.os }}-yarn- | |
- name: Use Node.js 20 | |
uses: actions/setup-node@v4 | |
with: | |
# node-version: "16.20.0" | |
node-version: "20.8.0" | |
cache: "yarn" | |
cache-dependency-path: '**/yarn.lock' | |
- name: Install dependencies | |
shell: bash | |
run: | | |
source ~/.nvm/nvm.sh | |
rm -rf ~/.yarn | |
curl -o- -L https://yarnpkg.com/install.sh | bash -s -- --version 1.22.19 | |
export PATH="$HOME/.yarn/bin:$HOME/.config/yarn/global/node_modules/.bin:$PATH" | |
yarn -v | |
# nvm install "16.10.0" | |
# nvm use "16.10.0" | |
env: | |
VNM_DIR: ~/.nvm | |
- name: Run tests | |
shell: bash | |
run: | | |
cd client | |
yarn install | |
yarn test | |
yarn build | |
env: | |
CI: true | |
VNM_DIR: ~/.nvm | |
INLINE_RUNTIME_CHUNK: False | |
IMAGE_INLINE_SIZE_LIMIT: 0 | |
timeout-minutes: 15 | |
#- name: Setup tmate session | |
# uses: mxschmitt/action-tmate@v3 | |
- name: Save version info | |
run: | | |
git log -1 > ./server/api/git.info | |
git describe --all --long > ./version.txt | |
- name: Create build file | |
run: | | |
tar -cJ -f /tmp/sbs.tar.xz \ | |
--transform 's,^\./,sbs/,' --sort=name \ | |
--owner=0 --group=0 --mode=u=rwX,go=rX \ | |
--exclude=./client/node_modules --exclude=./.git \ | |
. | |
- name: Show what we are shipping | |
run: | | |
tar tvJf /tmp/sbs.tar.xz | |
- name: Create Artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: "sbs-build" | |
path: "/tmp/sbs.tar.xz" | |
Artifact_upload: | |
name: Create release | |
if: > | |
github.actor!='dependabot[bot]' && | |
github.event_name!='pull_request' && | |
( github.ref_type=='tag' || github.ref_type=='branch' ) | |
needs: | |
- "Client_build" | |
- "Server_tests" | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Fetch build | |
id: fetch_artifact | |
uses: actions/download-artifact@v4 | |
with: | |
name: "sbs-build" | |
path: "artifacts/" | |
- name: Info | |
run: | | |
ls -la ${{steps.fetch_artifact.outputs.download-path}} | |
sha1sum ${{steps.fetch_artifact.outputs.download-path}}/* || true | |
sha256sum ${{steps.fetch_artifact.outputs.download-path}}/* || true | |
- name: Create Release | |
if: "github.ref_type=='tag'" | |
uses: softprops/action-gh-release@v2 | |
with: | |
files: "${{steps.fetch_artifact.outputs.download-path}}/*" | |
- name: Advance latest tag | |
if: "github.ref_type=='branch'" | |
uses: EndBug/latest-tag@v1 | |
with: | |
ref: "branch+${{github.ref_name}}" | |
description: "Latest commit in branch ${{github.ref_name}}" | |
- name: remove all previous "latest" releases | |
if: "github.ref_type=='branch'" | |
uses: dev-drprasad/[email protected] | |
with: | |
keep_latest: 0 | |
delete_tag_pattern: "branch+${{github.ref_name}}" | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Create Release for main/latest | |
if: "github.ref_type=='branch'" | |
uses: softprops/action-gh-release@v2 | |
with: | |
name: "Latest from branch ${{github.ref_name}}" | |
tag_name: "branch+${{github.ref_name}}" | |
prerelease: true | |
files: "${{steps.fetch_artifact.outputs.download-path}}/sbs.tar.xz" | |
- name: Get token | |
id: get_token | |
uses: machine-learning-apps/actions-app-token@master | |
with: | |
APP_PEM: ${{ secrets.SRAM_ACTIONAPP_PEM }} | |
APP_ID: ${{ secrets.SRAM_ACTIONAPP_APPID }} | |
- name: Test new SBS build in SCZ-deploy's CI-runner | |
if: "github.ref_name=='main'" | |
uses: actions/github-script@v7 | |
with: | |
github-token: ${{ steps.get_token.outputs.app_token }} | |
script: | | |
await github.rest.actions.createWorkflowDispatch({ | |
owner: 'SURFscz', | |
repo: 'SRAM-deploy', | |
workflow_id: 'ci-runner.yml', | |
ref: 'main' | |
}) | |
Docker_image: | |
name: Create image | |
if: > | |
github.actor!='dependabot[bot]' && | |
github.event_name!='pull_request' && | |
( github.ref_type=='tag' || github.ref_type=='branch' ) | |
needs: | |
- "Client_build" | |
- "Server_tests" | |
runs-on: ubuntu-latest | |
steps: | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Fetch build | |
uses: actions/download-artifact@v4 | |
with: | |
name: "sbs-build" | |
- name: Log in to the Container registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
# The SBS (apache) image | |
- name: Extract metadata (tags, labels) for SBS-server image | |
id: meta-sbs | |
uses: docker/metadata-action@v5 | |
with: | |
images: | | |
${{ env.REGISTRY }}/${{ env.IMAGE_NAME_SBS }} | |
- name: Build and push Docker SBS image | |
uses: docker/build-push-action@v5 | |
with: | |
context: "." | |
file: "Dockerfile.sbs" | |
pull: true | |
push: true | |
tags: ${{ steps.meta-sbs.outputs.tags }} | |
labels: ${{ steps.meta-sbs.outputs.labels }} | |
platforms: linux/amd64,linux/arm64 | |
cache-from: "type=gha" | |
cache-to: "type=gha,mode=max" | |
# The SBS server image | |
- name: Extract metadata (tags, labels) for SBS image | |
id: meta-sbs-server | |
uses: docker/metadata-action@v5 | |
with: | |
images: | | |
${{ env.REGISTRY }}/${{ env.IMAGE_NAME_SERVER }} | |
- name: Build and push Docker SBS-server image | |
uses: docker/build-push-action@v5 | |
with: | |
context: "." | |
file: "Dockerfile.sbs-server" | |
pull: true | |
push: true | |
tags: ${{ steps.meta-sbs-server.outputs.tags }} | |
labels: ${{ steps.meta-sbs-server.outputs.labels }} | |
platforms: linux/amd64,linux/arm64 | |
cache-from: "type=gha" | |
cache-to: "type=gha,mode=max" | |
# The SBS client image | |
- name: Extract metadata (tags, labels) for SBS-client image | |
id: meta-sbs-client | |
uses: docker/metadata-action@v5 | |
with: | |
images: | | |
${{ env.REGISTRY }}/${{ env.IMAGE_NAME_CLIENT }} | |
- name: Build and push Docker SBS-client image | |
uses: docker/build-push-action@v5 | |
with: | |
context: "." | |
file: "Dockerfile.sbs-client" | |
pull: true | |
push: true | |
tags: ${{ steps.meta-sbs-client.outputs.tags }} | |
labels: ${{ steps.meta-sbs-client.outputs.labels }} | |
platforms: linux/amd64,linux/arm64 | |
cache-from: "type=gha" | |
cache-to: "type=gha,mode=max" | |
# Setup tmate session | |
- name: Setup tmate session | |
env: | |
ACTIONS_STEP_DEBUG: ${{ secrets.ACTIONS_STEP_DEBUG}} | |
if: ${{ failure() && env.ACTIONS_STEP_DEBUG == 'true' }} | |
uses: mxschmitt/action-tmate@v3 | |
with: | |
limit-access-to-actor: true | |
timeout-minutes: 60 | |
Schema_pr: | |
name: Update schema cache | |
runs-on: ubuntu-latest | |
if: "github.ref == 'refs/heads/main'" | |
services: | |
mysql: | |
image: mysql:5.7 | |
env: | |
MYSQL_ROOT_PASSWORD: root | |
ports: | |
- 3306:3306 | |
options: --health-cmd="mysqladmin ping" --health-interval=10s --health-timeout=5s --health-retries=3 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Setup mysql server | |
run: > | |
mysql -uroot -proot -h127.0.0.1 -e " | |
DROP DATABASE IF EXISTS sbs; | |
CREATE DATABASE IF NOT EXISTS sbs DEFAULT CHARACTER SET utf8mb4 DEFAULT COLLATE utf8mb4_unicode_ci; | |
CREATE USER 'sbs'@'%' IDENTIFIED BY 'sbs'; | |
GRANT ALL PRIVILEGES ON *.* TO 'sbs'@'%' WITH GRANT OPTION; | |
" | |
- name: Load SBS schema | |
# not strictly necessary, but it avoids running 200+ migrations during tests | |
run: | | |
mysql -uroot -proot -h127.0.0.1 sbs < misc/sbs-db.sql | |
- name: Set up Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: "3.12" | |
cache: 'pip' | |
cache-dependency-path: 'server/requirements/*.txt' | |
- name: Install dependencies | |
run: | | |
python -m pip install pip setuptools wheel | |
pip install --upgrade pip | |
pip install -r ./server/requirements/test.txt | |
- name: Run alembic migrations | |
run: | | |
cd server | |
alembic --config migrations/alembic.ini upgrade head | |
echo alembic_current=$(alembic --config migrations/alembic.ini current) >> "$GITHUB_ENV" | |
env: | |
CONFIG: "config/test_config.yml" | |
- name: Dump latest database schema | |
run: | | |
echo "-- Dump of empty SBS database, alembic revision $alembic_current" > misc/sbs-db.sql | |
mysqldump -h 127.0.0.1 -u sbs --password=sbs --skip-comments sbs >> misc/sbs-db.sql | |
- name: Create Pull Request | |
uses: "peter-evans/create-pull-request@v6" | |
with: | |
add-paths: | | |
misc/sbs-db.sql | |
commit-message: "Update schema cache for Alembic revision ${{ env.alembic_current }}" | |
branch: "update-schema-cache" | |
title: "Update schema cache" | |
body: | | |
This PR updates the schema cache to the latest version. | |
It was created by a GitHub Actions workflow. |