sysdig-sdk-python/.github/workflows/ci-pull-request.yaml at ae52b52651e191a260fce52cf0063eae7cf118a1 · sysdiglabs/sysdig-sdk-python · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
name: CI - Pull Request

on:
  pull_request:
    branches:
    - master

jobs:
  test:
    needs:
      - test-release
    strategy:
      max-parallel: 3
      fail-fast: true
      matrix:
        python_version:
          # https://python-release-cycle.glitch.me/
          - "3.10"
          - "3.11"
          - "3.12"
          - "3.13"
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v4

    - name: Setup python
      uses: actions/setup-python@v5
      with:
        python-version: "${{ matrix.python_version }}"

    - name: Install uv
      uses: astral-sh/setup-uv@v6
      with:
        python-version: "${{ matrix.python_version }}"
        enable-cache: true
        cache-dependency-glob: "uv.lock"
        version: "0.8.7"

    - name: Lint
      run: |
        # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide
        uvx ruff check . --fix --statistics --config ruff.toml --exclude specs

    - name: Test in staging
      env:
        SDC_MONITOR_TOKEN: ${{ secrets.STAGING_MONITOR_API_TOKEN }}
        SDC_SECURE_TOKEN: ${{ secrets.STAGING_SECURE_API_TOKEN }}
        SDC_MONITOR_URL: "https://app-staging.sysdigcloud.com"
        SDC_SECURE_URL: "https://secure-staging.sysdig.com"
      run: uv run mamba -f documentation -t integration

  test-release:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Setup go-chglog
        working-directory: /tmp
        env:
          VERSION: "0.10.0"
        run: |
          wget https://github.com/git-chglog/git-chglog/releases/download/v${VERSION}/git-chglog_${VERSION}_linux_amd64.tar.gz
          gunzip git-chglog_${VERSION}_linux_amd64.tar.gz
          tar -xvf git-chglog_${VERSION}_linux_amd64.tar
          sudo mv git-chglog /usr/local/bin/

      - name: Generate changelog
        run: git-chglog -c .github/git-chglog/config.yml -o RELEASE_CHANGELOG.md $(git describe --tags $(git rev-list --tags --max-count=1))

      - name: Set up Python
        uses: actions/setup-python@v5
        with:
          python-version: "3.10"

      - name: Install uv
        uses: astral-sh/setup-uv@v6
        with:
          python-version: "3.10"
          enable-cache: true
          version: "0.8.7"

      - name: Build
        run: uv build
  check_version:
    name: Check Version
    runs-on: ubuntu-latest
    needs: test
    permissions:
      contents: write # required for creating a tag
    steps:
      - name: Check out repository
        uses: actions/checkout@v4
        with:
          ref: ${{ github.sha }} # required for better experience using pre-releases
          fetch-depth: '0' # Required due to the way Git works, without it this action won't be able to find any or the correct tags

      - name: Extract current version
        id: pyproject_version
        run: |
          TAG=v$(grep 'version =' pyproject.toml | sed -e 's/version = "\(.*\)"/\1/')
          echo "TAG=$TAG" >> "$GITHUB_OUTPUT"

      - name: Get branch ref name
        id: branch_ref
        run: |
          BRANCH_NAME=${{ github.base_ref || github.ref_name }}
          echo "$BRANCH_NAME"
          echo "BRANCH_NAME=$BRANCH_NAME" >> "$GITHUB_OUTPUT"

      - name: Get tag version
        id: semantic_release
        uses: anothrNick/github-tag-action@1.71.0
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          DEFAULT_BUMP: "patch"
          TAG_CONTEXT: 'repo'
          WITH_V: true
          DRY_RUN: true

      - name: Compare versions
        run: |
          echo "Current version: ${{ steps.pyproject_version.outputs.TAG }}"
          echo "New version: ${{ steps.semantic_release.outputs.tag }}"
          if [ "${{ steps.pyproject_version.outputs.TAG }}" != "${{ steps.semantic_release.outputs.tag }}" ]; then
            echo "### Version mismatch detected! :warning:
            Current pyproject version: ${{ steps.pyproject_version.outputs.TAG }}
            New Tag version: **${{ steps.semantic_release.outputs.tag }}**
            Current Tag: ${{ steps.semantic_release.outputs.old_tag }}
            Please update the version in pyproject.toml." >> $GITHUB_STEP_SUMMARY
            exit 1
          else
            echo "### Version match confirmed! :rocket:
            Current pyproject version: ${{ steps.pyproject_version.outputs.TAG }}
            New Tag version: **${{ steps.semantic_release.outputs.tag }}**
            The version is up-to-date." >> $GITHUB_STEP_SUMMARY
          fi