Hermetic build of cachi2 image using Docker multi-stage building #2699
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Gating | |
on: | |
pull_request: | |
push: | |
branches: | |
- main | |
workflow_dispatch: | |
inputs: {} | |
jobs: | |
tests: | |
name: Unit tests | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
python-version: ["3.9", "3.10", "3.11"] | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Set up Python ${{ matrix.python-version }} | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ matrix.python-version }} | |
- name: Install dependencies | |
run: | | |
python -m pip install --upgrade pip | |
pip install tox tox-gh-actions | |
- name: Test with tox | |
run: tox | |
- name: Run coveralls-python | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
COVERALLS_FLAG_NAME: python-${{ matrix.python-version }} | |
COVERALLS_PARALLEL: true | |
run: | | |
pip3 install --upgrade pip | |
pip3 install --upgrade setuptools | |
pip3 install --upgrade coverage[toml] | |
pip3 install --upgrade coveralls | |
coveralls --service=github | |
coveralls-finish: | |
name: Finish coveralls-python | |
needs: tests | |
runs-on: ubuntu-latest | |
steps: | |
- name: Finished | |
run: | | |
pip3 install --upgrade pip | |
pip3 install --upgrade setuptools | |
pip3 install --upgrade coveralls | |
coveralls --finish --service=github | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
linters: | |
name: Linters | |
strategy: | |
fail-fast: false | |
matrix: | |
tox_env: | |
- bandit | |
- black | |
- isort | |
- flake8 | |
- mypy | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: "3.9" | |
- name: Install dependencies | |
run: | | |
python -m pip install --upgrade pip | |
pip install tox | |
- name: Test '${{ matrix.tox_env }}' with tox | |
run: tox -e ${{ matrix.tox_env }} | |
hadolint: | |
name: Hadolint | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: hadolint/[email protected] | |
with: | |
dockerfile: Containerfile | |
# Ignore list: | |
# * DL3041 - Specify version with dnf install -y <package>-<version> | |
ignore: DL3041 | |
failure-threshold: warning | |
build-image: | |
name: Build Cachi2 image and run integration tests on it | |
runs-on: ubuntu-latest | |
container: | |
image: registry.fedoraproject.org/fedora:37 | |
options: --privileged | |
steps: | |
- name: Install required packages | |
run: | | |
dnf install -y python python-pip git podman | |
python -m pip install --upgrade pip | |
pip install tox tox-gh-actions | |
- name: add checkout action... | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Build Cachi2 image | |
run: | | |
podman build -t cachi2:${{ github.sha }} . | |
- name: Check image created and Cachi2 version | |
run: | | |
podman images | grep 'cachi2' | |
podman run -t cachi2:${{ github.sha }} --version | |
- name: Run integration tests on built image | |
env: | |
CACHI2_IMAGE: localhost/cachi2:${{ github.sha }} | |
run: | | |
tox -e integration |