Skip to content
This repository has been archived by the owner on Sep 13, 2023. It is now read-only.

Migrate from PyPI tokens to Trusted Publishers (#703) #3580

Migrate from PyPI tokens to Trusted Publishers (#703)

Migrate from PyPI tokens to Trusted Publishers (#703) #3580

name: Check, test and release
on:
push:
pull_request_target:
schedule:
- cron: '0 7 * * 1' # M H d m w (Mondays at 7:00)
env:
MLEM_TESTS: "true"
MLEM_DEBUG: "true"
jobs:
authorize:
if: |
startsWith(github.ref, 'refs/tags') ||
github.event_name == 'pull_request_target' ||
github.event_name == 'schedule' ||
github.repository_owner != 'iterative'
environment:
${{ (github.event_name == 'pull_request_target' &&
github.event.pull_request.head.repo.full_name != github.repository) &&
'external' || 'internal' }}
runs-on: ubuntu-latest
steps:
- run: echo ✓
check:
needs: authorize
name: Check
runs-on: ubuntu-latest
steps:
- name: Cancel Previous Runs
uses: styfle/[email protected]
with:
access_token: ${{ github.token }}
- uses: actions/checkout@v3
with:
fetch-depth: 0
ref: ${{ github.event.pull_request.head.sha || github.ref }}
- name: Freeing up disk space
run: "${GITHUB_WORKSPACE}/hack/scripts/ci/free-space.sh"
- uses: actions/setup-python@v4
with:
python-version: '3.x'
- name: set PYSHA
run: echo "PYSHA=$(python -VV | sha256sum | cut -d' ' -f1)" >> $GITHUB_ENV
- uses: actions/cache@v3
with:
path: ~/.cache/pre-commit
key: pre-commit|${{ env.PYSHA }}|${{ hashFiles('.pre-commit-config.yaml') }}
- run: pip install -U pre-commit tox
- run: SKIP=pylint pre-commit run -a --show-diff-on-failure
test:
needs: authorize
name: Test ${{ matrix.os }} with py${{ matrix.python }}
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-latest-8-cores, windows-latest, macos-latest]
python: ["3.8", "3.9", "3.10"]
exclude:
# no HDF5 support installed for tables
- os: windows-latest
python: "3.9"
# catboost building problems
- os: macos-latest
python: "3.8"
fail-fast: false
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
ref: ${{ github.event.pull_request.head.sha || github.ref }}
- uses: actions/setup-python@v4
with:
python-version: ${{ matrix.python }}
cache: 'pip'
cache-dependency-path: 'setup.py'
- uses: conda-incubator/setup-miniconda@v2
with:
python-version: ${{ matrix.python }}
activate-environment: true
- name: Install Mac-specific dependencies
if: matrix.os == 'macos-latest'
run: |
brew install hdf5 wget c-blosc
wget https://raw.githubusercontent.com/Homebrew/homebrew-core/fb8323f2b170bd4ae97e1bac9bf3e2983af3fdb0/Formula/libomp.rb
brew install ./libomp.rb
- name: Install
run: |
pip install --upgrade pip setuptools wheel
pip install pre-commit .[tests]
- if: contains(matrix.os, 'ubuntu') && matrix.python == '3.10'
run: pre-commit run pylint -a -v --show-diff-on-failure
- name: Run Heroku tests
if: |
contains(matrix.os, 'ubuntu') &&
matrix.python == '3.8' &&
(
github.event_name == 'schedule' ||
contains(github.event.pull_request.title, 'heroku')
)
timeout-minutes: 40
run: pytest -k 'heroku'
env:
HEROKU_API_KEY: ${{ secrets.HEROKU_API_KEY }}
HEROKU_TEAM: iterative-sandbox
- name: Setup Flyio
uses: superfly/flyctl-actions/setup-flyctl@master
if: contains(matrix.os, 'ubuntu') && matrix.python == '3.9'
- name: Run Flyio tests
if: contains(matrix.os, 'ubuntu') && matrix.python == '3.9'
run: pytest -k 'flyio'
- name: Start minikube
if: contains(matrix.os, 'ubuntu') && matrix.python == '3.9'
uses: medyagh/setup-minikube@master
- name: Run tests
timeout-minutes: 40
run: pytest -k 'not heroku and not flyio'
env:
GITHUB_USERNAME: ${{ secrets.GH_USERNAME }}
GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
GITHUB_MATRIX_OS: ${{ matrix.os }}
GITHUB_MATRIX_PYTHON: ${{ matrix.python }}
BITBUCKET_USERNAME: ${{ secrets.BITBUCKET_USERNAME }}
BITBUCKET_PASSWORD: ${{ secrets.BITBUCKET_PASSWORD }}
- name: "Upload coverage to Codecov"
uses: codecov/codecov-action@v3
with:
fail_ci_if_error: true
token: ${{ secrets.CODECOV_TOKEN }}
deploy:
name: PyPI Deploy
needs: [check, test]
environment: pypi
permissions:
contents: write
id-token: write
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
ref: ${{ github.event.pull_request.head.sha || github.ref }}
- uses: actions/setup-python@v4
with:
python-version: '3.x'
- id: dist
uses: casperdcl/deploy-pypi@v2
with:
build: true
upload: false
- if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
uses: pypa/gh-action-pypi-publish@release/v1
- if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
name: Release
run: |
changelog=$(git log --pretty='format:%d%n- %s%n%b---' $(git tag --sort=v:refname | tail -n2 | head -n1)..HEAD)
tag="${GITHUB_REF#refs/tags/}"
gh release create --title "mlem $tag beta" --draft --notes "$changelog" "$tag" dist/${{ steps.dist.outputs.whl }} dist/${{ steps.dist.outputs.targz }}
env:
GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}