Skip to content
CI

Seed CDN cache from matrix job into build jobs #1212

Sign in to view logs

Seed CDN cache from matrix job into build jobs

Seed CDN cache from matrix job into build jobs #1212

Workflow file for this run

.github/workflows/ci.yml at 8b48252
name: CI
on:
merge_group:
pull_request:
push:
tags:
- "v*"
concurrency:
# Only cancel in-progress runs for pull_request events, this prevents cancelling workflows against main or tags
# A pull_request will reuse the same group thus enabling cancelation, all others receive a unique run_id
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }}
cancel-in-progress: true
jobs:
ci:
name: CI
permissions: {}
# This should be the only action checked as required in the repo settings.
#
# This is a meta-job, here to express the conditions we require
# in order to consider a CI run to be successful.
if: always()
runs-on: ubuntu-latest
timeout-minutes: 10
needs:
- lint
- test
- bakery
- bakery-native
- bakery-pr
- release
- pypi-publish
- zizmor
steps:
- uses: re-actors/alls-green@05ac9388f0aebcb5727afa17fcccfecd6f8ec5fe # v1.2.2
with:
allowed-skips: bakery-pr, lint, pypi-publish
jobs: ${{ toJSON(needs) }}
lint:
name: Lint
if: github.event_name == 'pull_request' || github.event_name == 'merge_group'
runs-on: ubuntu-latest
timeout-minutes: 10
permissions:
contents: read
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
with:
python-version-file: posit-bakery/pyproject.toml
- uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1
env:
SKIP: no-commit-to-branch
test:
name: Test
permissions:
contents: read
checks: write
pull-requests: write
runs-on: ubuntu-latest-8x
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0
fetch-tags: true
- name: Setup goss
uses: ./setup-goss
- name: Set up Docker
uses: docker/setup-docker-action@0234bb73ccb40f0c430b795634f9247e2b5c2d23 # v5.2.0
with:
daemon-config: |
{
"features": {
"containerd-snapshotter": true
}
}
- name: Setup QEMU
uses: docker/setup-qemu-action@06116385d9baf250c9f4dcb4858b16962ea869c3 # v4.1.0
with:
platforms: linux/amd64,linux/arm64
- name: Setup docker buildx
uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0
- name: Setup hadolint
uses: ./setup-hadolint
- name: Setup wizcli
uses: ./setup-wizcli
- name: Setup ORAS CLI
uses: oras-project/setup-oras@38de303aac69abb66f3e6255b7198bff35f323e3 # v2.0.0
- name: Add tools/ to path
run: echo "${GITHUB_WORKSPACE}/tools" >> "$GITHUB_PATH"
- name: Setup uv
uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0
with:
enable-cache: false
- name: Install dependencies
working-directory: ./posit-bakery
run: |
uv sync
- name: Run pytest
working-directory: ./posit-bakery
run: |
GOSS_PATH=${GITHUB_WORKSPACE}/tools/goss \
DGOSS_PATH=${GITHUB_WORKSPACE}/tools/dgoss \
uv run pytest -n auto \
--dist loadgroup \
--cov=posit_bakery \
--cov-report=xml \
--junit-xml=results.xml \
test/
- name: Build
working-directory: ./posit-bakery
run: |
uv build
- name: Publish results
# Dependabot and fork PRs get a restricted GITHUB_TOKEN without
# checks:write. Skip rather than switch to pull_request_target.
if: >-
always()
&& github.actor != 'dependabot[bot]'
&& github.event.pull_request.head.repo.fork != true
uses: EnricoMi/publish-unit-test-result-action@c950f6fb443cb5af20a377fd0dfaa78838901040 # v2.23.0
with:
files: ./posit-bakery/results.xml
bakery:
name: Bakery
permissions:
contents: read
packages: write
uses: "./.github/workflows/bakery-build.yml"
with:
version: ${{ github.head_ref || github.ref_name }}
context: "./posit-bakery/test/resources/with-macros/"
dev-versions: include
bakery-native:
name: Bakery Native Build
permissions:
contents: read
packages: write
uses: "./.github/workflows/bakery-build-native.yml"
with:
version: ${{ github.head_ref || github.ref_name }}
context: "./posit-bakery/test/resources/multiplatform/"
dev-versions: include
bakery-pr:
name: Bakery PR Build
if: github.event_name == 'pull_request'
permissions:
contents: read
packages: write
uses: "./.github/workflows/bakery-build-pr.yml"
with:
version: ${{ github.head_ref || github.ref_name }}
context: "./posit-bakery/test/resources/multiplatform/"
dev-versions: include
zizmor:
name: Zizmor
runs-on: ubuntu-latest
permissions:
contents: read
security-events: write
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- uses: zizmorcore/zizmor-action@5f14fd08f7cf1cb1609c1e344975f152c7ee938d # v0.5.6
with-macros-clean-caches:
name: Clean Caches (with-macros suite)
permissions:
contents: read
packages: write
needs:
- bakery
- bakery-native
uses: "./.github/workflows/clean.yml"
with:
version: ${{ github.head_ref || github.ref_name }}
context: "./posit-bakery/test/resources/with-macros/"
remove-dangling-caches: true
remove-caches-older-than: 14
clean-temporary-images: false # TODO: flip to true if this build starts using the native workflow
multiplatform-clean-caches:
name: Clean Caches (multiplatform suite)
permissions:
contents: read
packages: write
needs:
- bakery
- bakery-native
uses: "./.github/workflows/clean.yml"
with:
version: ${{ github.head_ref || github.ref_name }}
context: "./posit-bakery/test/resources/multiplatform/"
remove-dangling-caches: true
remove-caches-older-than: 14
remove-dangling-temporary-images: false
remove-temporary-images-older-than: 3
release:
name: Release/Snapshot
permissions:
contents: write
if: (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') || github.event_name == 'pull_request' || github.event_name == 'merge_group')
needs:
- test
- bakery
- bakery-native
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0
fetch-tags: true
- name: Setup uv
uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0
with:
enable-cache: false
- name: Install dependencies
working-directory: ./posit-bakery
run: |
uv sync
- name: Build
working-directory: ./posit-bakery
run: |
uv build
- name: Upload snapshot artifacts
if: github.event_name == 'pull_request'
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: bakery-snapshot-pr${{ github.event.pull_request.number }}
path: ./posit-bakery/dist
retention-days: 7
overwrite: true
- name: Upload release dist artifact
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: bakery-dist
path: ./posit-bakery/dist
retention-days: 7
- name: Create a GitHub release
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
REF_NAME: ${{ github.ref_name }}
run: |
gh release create "$REF_NAME" \
--generate-notes \
--latest
gh release upload "$REF_NAME" \
./posit-bakery/dist/*
pypi-publish:
name: Publish to PyPI
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
needs: release
runs-on: ubuntu-latest
timeout-minutes: 10
environment:
name: pypi
url: https://pypi.org/p/posit-bakery
permissions:
id-token: write # required for PyPI Trusted Publisher OIDC
steps:
- name: Download release dist artifact
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: bakery-dist
path: dist/
- name: Publish to PyPI
uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # v1.14.0