build: setup automatic PyPI publishing using Github Actions #542
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: HrFlow.ai Connectors CI/CD | ||
on: | ||
pull_request_target: | ||
types: [labeled, opened, synchronize, reopened] | ||
branches: | ||
- "master" | ||
push: | ||
branches: | ||
- "master" | ||
env: | ||
POETRY_VERSION: 1.3.1 | ||
BASELINE_PYTHON_VERSION: 3.10.10 | ||
NOX_ENV_DIR: ./.nox | ||
PYTHONPATH: ./src/ | ||
jobs: | ||
commitlint: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v3 | ||
with: | ||
fetch-depth: 0 | ||
- uses: actions/setup-node@v3 | ||
with: | ||
node-version: 18 | ||
- name: Install commitlint | ||
run: | | ||
npm install conventional-changelog-conventionalcommits | ||
npm install commitlint@v17.7.1 | ||
- name: Validate current commit (last commit) with commitlint | ||
if: github.event_name == 'push' | ||
run: npx commitlint --from HEAD~1 --to HEAD --verbose | ||
- name: Validate PR commits with commitlint | ||
if: github.event_name == 'pull_request' | ||
run: npx commitlint --from ${{ github.event.pull_request.head.sha }}~${{ github.event.pull_request.commits }} --to ${{ github.event.pull_request.head.sha }} --verbose | ||
core-tests: | ||
runs-on: ubuntu-latest | ||
needs: [commitlint] | ||
steps: | ||
- name: Check permissions for job | ||
if: ${{ !(contains(fromJSON('["OWNER", "COLLABORATOR", "MEMBER"]'), github.event.pull_request.author_association) || contains(github.event.pull_request.labels.*.name, 'run tests for fork'))}} | ||
uses: actions/github-script@v3 | ||
with: | ||
script: | | ||
core.setFailed("Not enough permissions to run Core Tests") | ||
- uses: actions/checkout@v3 | ||
with: | ||
ref: ${{ github.event.pull_request.head.sha }} | ||
lfs: true | ||
- uses: actions/setup-python@v2 | ||
with: | ||
python-version: ${{ env.BASELINE_PYTHON_VERSION }} | ||
- name: Load cached Poetry installation | ||
id: cached-poetry-install | ||
uses: actions/cache@v2 | ||
with: | ||
path: ~/.local | ||
key: poetry-${{ env.POETRY_VERSION }} | ||
- name: Install poetry | ||
if: steps.cached-poetry-install.outputs.cache-hit != 'true' | ||
run: curl -sSL https://install.python-poetry.org | POETRY_VERSION=$POETRY_VERSION python3 - | ||
- name: Add poetry to PATH | ||
run: export PATH="$HOME/.local/bin:$PATH" | ||
- name: Load cached venv | ||
id: cached-poetry-dependencies | ||
uses: actions/cache@v2 | ||
with: | ||
path: .venv | ||
key: venv-${{ runner.os }}-${{ env.BASELINE_PYTHON_VERSION }}-${{ hashFiles('**/poetry.lock') }} | ||
- name: Install python dependencies | ||
if: steps.cached-poetry-dependencies.outputs.cache-hit != 'true' | ||
run: POETRY_INSTALLER_PARALLEL=1 POETRY_VIRTUALENVS_IN_PROJECT=1 poetry install -E s3 | ||
- name: Run commit hooks | ||
run: poetry run pre-commit run --hook-stage commit --all-files | ||
- name: Run push hooks | ||
run: poetry run pre-commit run --hook-stage push --all-files | ||
# This action sets up a Python environment with Nox by: | ||
# - Activating every version of Python that GitHub Actions supports. | ||
# - Installing Nox. | ||
# ==> https://github.com/marketplace/actions/setup-nox | ||
- uses: excitedleigh/setup-nox@v2.0.0 | ||
- name: Load cached nox venvs | ||
id: cached-nox-venvs | ||
uses: actions/cache@v2 | ||
with: | ||
path: ${{ env.NOX_ENV_DIR }} | ||
key: nox-venvs-${{ runner.os }}-${{ hashFiles('**/poetry.lock') }} | ||
- name: Configure AWS Credentials | ||
uses: aws-actions/configure-aws-credentials@v2 | ||
with: | ||
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | ||
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||
aws-region: eu-west-1 | ||
- name: Get Connector Secrets | ||
uses: aws-actions/aws-secretsmanager-get-secrets@v1 | ||
with: | ||
secret-ids: | | ||
S3_STORE_TEST | ||
parse-json-secrets: true | ||
- name: Check manifest | ||
run: poetry run nox --envdir ${{ env.NOX_ENV_DIR }} -s manifest | ||
- name: Check docs | ||
run: poetry run nox --envdir ${{ env.NOX_ENV_DIR }} -s docs | ||
- name: Run Core tests | ||
run: poetry run nox --envdir ${{ env.NOX_ENV_DIR }} -s tests_s3 | ||
env: | ||
HRFLOW_CONNECTORS_STORE_ENABLED: "1" | ||
HRFLOW_CONNECTORS_LOCALJSON_DIR: "/tmp/" | ||
connectors-integration-tests: | ||
runs-on: ubuntu-latest | ||
needs: core-tests | ||
steps: | ||
- name: Check permissions for job | ||
if: ${{ !(contains(fromJSON('["OWNER", "COLLABORATOR", "MEMBER"]'), github.event.pull_request.author_association) || contains(github.event.pull_request.labels.*.name, 'run tests for fork'))}} | ||
uses: actions/github-script@v3 | ||
with: | ||
script: | | ||
core.setFailed("Not enough permissions to run Integration Tests") | ||
- uses: actions/checkout@v3 | ||
with: | ||
ref: ${{ github.event.pull_request.head.sha }} | ||
lfs: true | ||
# This action sets up a Python environment with Nox by: | ||
# - Activating every version of Python that GitHub Actions supports. | ||
# - Installing Nox. | ||
# ==> https://github.com/marketplace/actions/setup-nox | ||
- uses: excitedleigh/setup-nox@v2.0.0 | ||
- name: Load cached Poetry installation | ||
id: cached-poetry-install | ||
uses: actions/cache@v2 | ||
with: | ||
path: ~/.local | ||
key: poetry-${{ env.POETRY_VERSION }} | ||
- name: Load cached nox venvs | ||
id: cached-nox-venvs | ||
uses: actions/cache@v2 | ||
with: | ||
path: ${{ env.NOX_ENV_DIR }} | ||
key: nox-venvs-${{ runner.os }}-${{ hashFiles('**/poetry.lock') }} | ||
- name: Add poetry to PATH | ||
run: export PATH="$HOME/.local/bin:$PATH" | ||
- name: Configure AWS Credentials | ||
uses: aws-actions/configure-aws-credentials@v2 | ||
with: | ||
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | ||
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||
aws-region: eu-west-1 | ||
- name: Get Connector Secrets | ||
uses: aws-actions/aws-secretsmanager-get-secrets@v1 | ||
with: | ||
secret-ids: | | ||
S3_STORE_TEST | ||
HRFLOW_CONNECTORS_* | ||
parse-json-secrets: true | ||
- name: Run Connector tests | ||
run: | | ||
poetry run nox -- -s tests -- --no-cov --ignore tests/core --connector=SmartRecruiters --connector=PoleEmploi --connector=Adzuna --connector=Hubspot --connector=Waalaxy | ||
env: | ||
HRFLOW_CONNECTORS_STORE_ENABLED: "1" | ||
HRFLOW_CONNECTORS_LOCALJSON_DIR: "/tmp/" | ||
reset-labels: | ||
runs-on: ubuntu-latest | ||
if: ${{ always() }} | ||
needs: [core-tests, connectors-integration-tests] | ||
permissions: | ||
issues: write | ||
pull-requests: write | ||
steps: | ||
- name: Remove run tests for fork label | ||
run: | | ||
curl \ | ||
-X DELETE \ | ||
-H 'Accept: application/vnd.github.v3+json' \ | ||
-H 'Authorization: token ${{ github.token }}' \ | ||
'https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.number }}/labels/run%20tests%20for%20fork' | ||
cd: | ||
runs-on: ubuntu-latest | ||
if: github.event_name == 'push' && github.ref == 'refs/heads/master' | ||
needs: [core-tests, connectors-integration-tests, commitlint] | ||
permissions: | ||
id-token: write | ||
contents: write | ||
steps: | ||
- uses: actions/checkout@v3 | ||
with: | ||
fetch-depth: 0 | ||
lfs: true | ||
- name: Load cached Poetry installation | ||
id: cached-poetry-install | ||
uses: actions/cache@v2 | ||
with: | ||
path: ~/.local | ||
key: poetry-${{ env.POETRY_VERSION }} | ||
- name: Prepare new release | ||
env: | ||
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
run: | | ||
git config user.name hrflow-cicd | ||
git config user.email hrflow-cicd@hrflow.ai | ||
poetry run semantic-release publish | ||
- name: Publish to TestPyPI | ||
uses: pypa/gh-action-pypi-publish@release/v1 | ||
with: | ||
user: __token__ | ||
password: ${{ secrets.TEST_PYPI_API_TOKEN }} | ||
repository_url: https://test.pypi.org/legacy/ | ||
- name: Test install from TestPyPI | ||
run: | | ||
pip install \ | ||
--index-url https://test.pypi.org/simple/ \ | ||
--extra-index-url https://pypi.org/simple \ | ||
hrflow-hrflow-connectors==${{ }} | ||
- name: Publish to PyPI | ||
uses: pypa/gh-action-pypi-publish@release/v1 | ||
with: | ||
user: __token__ | ||
password: ${{ secrets.PYPI_API_TOKEN }} |