From a88967c5dd4dee684bb8b4f840e2078a554247c3 Mon Sep 17 00:00:00 2001 From: Daniel Sanz <13658011+sdn4z@users.noreply.github.com> Date: Fri, 6 Mar 2026 12:49:25 +0100 Subject: [PATCH] ci: require to test python package and docker build before publishing --- .github/actions/docker-build/action.yml | 2 +- .github/workflows/build-test-docker.yml | 40 ++---------- .github/workflows/build-test-python.yml | 62 ++++++++++++++----- .github/workflows/lint.yml | 3 +- .github/workflows/publish.yml | 30 ++++++--- .github/workflows/security.yml | 2 + .github/workflows/test.yml | 4 ++ .../workflows/trigger-test-docker-build.yml | 41 ++++++++++++ .github/workflows/weekly_download.yml | 2 + 9 files changed, 127 insertions(+), 59 deletions(-) create mode 100644 .github/workflows/trigger-test-docker-build.yml diff --git a/.github/actions/docker-build/action.yml b/.github/actions/docker-build/action.yml index b0e86a8..6ae3720 100644 --- a/.github/actions/docker-build/action.yml +++ b/.github/actions/docker-build/action.yml @@ -71,7 +71,7 @@ runs: type=semver,enable=true,pattern={{major}},prefix=v type=ref,event=pr,prefix=pr-,enable=true type=ref,event=branch,branch=main,pattern={{raw}} - type=ref,event=branch,branch=main,pattern={{major}},prefix=v + type=ref,event=branch,branch=main,pattern={{major}} - name: Build Docker image uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 diff --git a/.github/workflows/build-test-docker.yml b/.github/workflows/build-test-docker.yml index 5604f02..b81453d 100644 --- a/.github/workflows/build-test-docker.yml +++ b/.github/workflows/build-test-docker.yml @@ -1,44 +1,16 @@ name: Build and Test Docker Image on: - pull_request: - branches: ["main"] - push: - branches: ["main"] + workflow_call: + inputs: + image-tag: + type: string + required: true jobs: - should-test-docker-build: - permissions: - contents: read - pull-requests: read - name: Check if should `test_docker_build` run - runs-on: ubuntu-latest - steps: - - name: Check out the repo - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - with: - persist-credentials: false - - - name: Check if Dockerfile changed - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 - id: docker-changes - with: - filters: | - docker: - - 'Dockerfile' - - '.dockerignore' - workflow: - - ./.github/actions/docker-build/action.yml - - ./.github/workflows/build-test-docker.yml - outputs: - docker: ${{ steps.docker-changes.outputs.docker }} - workflow: ${{ steps.docker-changes.outputs.workflow }} - test-docker-build: - needs: [should-test-docker-build] name: Test Docker build ${{ matrix.arch }} runs-on: ubuntu-latest - if: (needs.should-test-docker-build.outputs.workflow == 'true' || needs.should-test-docker-build.outputs.docker == 'true') || (github.ref_name == github.event.repository.default_branch) permissions: contents: read packages: read @@ -78,4 +50,4 @@ jobs: - name: Test run: | - docker run --platform ${{ matrix.platform }} --rm ${{ matrix.image-name }}:pr-${{ github.event.pull_request.number }} --version + docker run --platform ${{ matrix.platform }} --rm ${{ matrix.image-name }}:${{ inputs.image-tag }} --version diff --git a/.github/workflows/build-test-python.yml b/.github/workflows/build-test-python.yml index 2f73249..f37ade5 100644 --- a/.github/workflows/build-test-python.yml +++ b/.github/workflows/build-test-python.yml @@ -5,16 +5,37 @@ name: Build and Test Python Package on: pull_request: branches: ["main"] - push: - branches: ["main"] + workflow_call: env: PYTHON_VERSION: "3.10" jobs: + build-package: + name: Build Package + runs-on: ubuntu-latest + steps: + - name: Check out the repo + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + + - name: Build package + uses: ./.github/actions/python-package-build + id: build + with: + uv-version: "0.8.22" + python-version: "$PYTHON_VERSION" + + - name: Upload package artifact + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + with: + name: python-package-${{ github.sha }} + path: dist/ + retention-days: 1 + test-build-package-extras: name: Test package build ${{ matrix.name}} runs-on: ubuntu-latest + needs: build-package permissions: contents: read strategy: @@ -32,35 +53,46 @@ jobs: - name: Check out the repo uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - name: Build package - uses: ./.github/actions/python-package-build - id: build + - name: Download package artifact + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: - uv-version: "0.8.22" - python-version: "$PYTHON_VERSION" + name: python-package-${{ github.sha }} + path: dist/ + + - name: Install uv + uses: astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098 # v7.3.1 + with: + version: "0.8.22" - name: Test package run: | uv venv --python $PYTHON_VERSION - uv pip install "${{ steps.build.outputs.wheel-file }}[${{ matrix.name }}]" + WHEEL_FILE=$(ls dist/*.whl) + uv pip install "$WHEEL_FILE[${{ matrix.name }}]" uv run ${{ matrix.test-args }} - test-build-package: + test-build-package-no-extras: name: Test package build no extras runs-on: ubuntu-latest + needs: build-package permissions: contents: read steps: - name: Check out the repo uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - name: Build package - uses: ./.github/actions/python-package-build - id: build + - name: Download package artifact + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: - uv-version: "0.8.22" - python-version: "$PYTHON_VERSION" + name: python-package-${{ github.sha }} + path: dist/ + - name: Install uv + uses: astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098 # v7.3.1 + with: + version: "0.8.22" + - name: Test package run: | uv venv --python $PYTHON_VERSION - uv pip install "${{ steps.build.outputs.wheel-file }}" + WHEEL_FILE=$(ls dist/*.whl) + uv pip install "$WHEEL_FILE" uv run python -c 'import twyn; twyn.check_dependencies()' diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index ca08a15..6882aee 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -17,7 +17,8 @@ jobs: - name: Install uv uses: astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098 # v7.3.1 - + with: + version: "0.8.22" - name: Install the project run: uv sync --locked --group dev --python 3.10 diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index de514e3..d05d6ab 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -5,24 +5,37 @@ on: tags: - "v*.*.*" +env: + PYTHON_VERSION: "3.10" + jobs: + build_and_test_package: + uses: ./.github/workflows/build-test-python.yml + + build_and_test_docker: + uses: ./.github/workflows/build-test-docker.yml + with: + image-tag: latest + publish_to_pypi: name: Publish to PyPI runs-on: ubuntu-latest - + needs: [build_and_test_package, build_and_test_docker] permissions: id-token: write - contents: read - steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - name: Build package - uses: ./.github/actions/python-package-build - id: build + - name: Download package artifacts + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + with: + name: python-package-${{ github.sha }} + path: dist + + - name: Install uv + uses: astral-sh/setup-uv@eac588ad8def6316056a12d4907a9d4d84ff7a3b # v7.3.0 with: - uv-version: "0.8.22" - python-version: "3.10" + version: "0.8.22" - name: Publish package run: | @@ -31,6 +44,7 @@ jobs: publish_to_dockerhub: name: Push Docker images to registries runs-on: ubuntu-latest + needs: [build_and_test_docker, build_and_test_package] permissions: contents: read packages: write diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index 343fdc6..dc83981 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -39,6 +39,8 @@ jobs: - name: Install uv uses: astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098 # v7.3.1 + with: + version: "0.8.22" - name: Install the project run: uv sync --locked --extra cli diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index b212cdf..5c70cd8 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -21,6 +21,8 @@ jobs: - name: Install uv uses: astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098 # v7.3.1 + with: + version: "0.8.22" - name: Install the dependencies run: uv sync --locked --group dev --all-extras --python ${{ matrix.python-version }} @@ -36,6 +38,8 @@ jobs: - name: Install uv uses: astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098 # v7.3.1 + with: + version: "0.8.22" - name: Install the dependencies run: uv sync --locked --group download --group dev --python 3.14 diff --git a/.github/workflows/trigger-test-docker-build.yml b/.github/workflows/trigger-test-docker-build.yml new file mode 100644 index 0000000..571e324 --- /dev/null +++ b/.github/workflows/trigger-test-docker-build.yml @@ -0,0 +1,41 @@ +name: Build and Test Docker Image + +on: + pull_request: + branches: ["main"] + +jobs: + should-test-docker-build: + permissions: + contents: read + pull-requests: read + name: Check if `test_docker_build` should run + runs-on: ubuntu-latest + steps: + - name: Check out the repo + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + + - name: Check if Dockerfile or docker-build action have changed + uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 + id: docker-changes + with: + filters: | + docker: + - 'Dockerfile' + - '.dockerignore' + workflow: + - ./.github/actions/docker-build/action.yml + - ./.github/workflows/build-test-docker.yml + outputs: + docker: ${{ steps.docker-changes.outputs.docker }} + workflow: ${{ steps.docker-changes.outputs.workflow }} + + trigger-test-docker-build: + needs: [should-test-docker-build] + name: Trigger test Docker build + if: (needs.should-test-docker-build.outputs.workflow == 'true' || needs.should-test-docker-build.outputs.docker == 'true') + uses: ./.github/workflows/build-test-docker.yml + with: + image-tag: "pr-${{ github.event.pull_request.number }}" diff --git a/.github/workflows/weekly_download.yml b/.github/workflows/weekly_download.yml index 8c137b6..a0bf6b9 100644 --- a/.github/workflows/weekly_download.yml +++ b/.github/workflows/weekly_download.yml @@ -27,6 +27,8 @@ jobs: ref: ${{ github.head_ref }} - name: Install uv uses: astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098 # v7.3.1 + with: + version: "0.8.22" - name: Install the project run: uv sync --locked --only-group download --python 3.14