From 804c6e7a6ea167185e6727b59b0463c8116f0a7e Mon Sep 17 00:00:00 2001 From: sebthom Date: Wed, 6 Dec 2023 02:44:55 +0100 Subject: [PATCH] update workflow config --- .github/dependabot.yml | 2 ++ .github/workflows/build.yml | 44 ++++++++++++++++++++++++++++++------- 2 files changed, 38 insertions(+), 8 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index a1e84fd..d66d104 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -12,4 +12,6 @@ updates: prefix-development: chore include: scope labels: + - pinned - dependencies + - gha diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 4694b00..54c60a0 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -2,23 +2,33 @@ # SPDX-License-Identifier: AGPL-3.0-or-later # SPDX-ArtifactOfProjectHomePage: https://github.com/Second-Hand-Friends/kleinanzeigen-bot/ # -# https://docs.github.com/en/free-pro-team@latest/actions/reference/workflow-syntax-for-github-actions +# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions name: Build on: push: - branches-ignore: + branches-ignore: # build all branches except: - 'dependabot/**' # prevent GHA triggered twice (once for commit to the branch and once for opening/syncing the PR) - 'dependencies/pdm' # prevent GHA triggered twice (once for commit to the branch and once for opening/syncing the PR) - tags-ignore: + tags-ignore: # don't build tags - '**' paths-ignore: - '**/*.md' + - '.editorconfig' + - '.git*' - '.github/*.yml' - '.github/ISSUE_TEMPLATE/*' - '.github/workflows/codeql-analysis.yml' - '.github/workflows/update-python-deps.yml' pull_request: + paths-ignore: + - '**/*.md' + - '.editorconfig' + - '.git*' + - '.github/*.yml' + - '.github/ISSUE_TEMPLATE/*' + - '.github/workflows/codeql-analysis.yml' + - '.github/workflows/update-python-deps.yml' workflow_dispatch: # https://github.blog/changelog/2020-07-06-github-actions-manual-triggers-with-workflow_dispatch/ @@ -57,13 +67,14 @@ jobs: runs-on: ${{ matrix.os }} steps: - - name: Git checkout uses: actions/checkout@v4 #https://github.com/actions/checkout + - name: Configure Fast APT Mirror uses: vegardit/fast-apt-mirror.sh@v1 + - name: Install Chromium Browser if: env.ACT == 'true' && startsWith(matrix.os, 'ubuntu') run: | @@ -73,39 +84,44 @@ jobs: sudo apt-get --no-install-recommends -y --fix-broken install fi + - uses: actions/setup-python@v4 with: python-version: "${{ matrix.PYTHON_VERSION }}" + - uses: actions/cache@v3 with: path: __pypackages__ key: ${{ runner.os }}-pypackages-${{ hashFiles('pdm.lock') }} + - name: "Install: Python dependencies" run: | set -eux python --version - python -m pip install --upgrade pip - pip install --upgrade pdm - pdm install -v + - name: Display project metadata run: pdm show + - name: Security scan run: pdm run scan + - name: Check code style run: pdm run lint + - name: Run unit tests run: pdm run utest + - name: Run integration tests run: | set -eux @@ -119,6 +135,7 @@ jobs: ;; esac + - name: Run app from source run: | echo " @@ -133,10 +150,12 @@ jobs: pdm run app version pdm run app verify + - name: "Install: binutils (strip)" if: startsWith(matrix.os, 'ubuntu') run: sudo apt-get install --no-install-recommends -y binutils + - name: "Install: UPX" if: startsWith(matrix.os, 'windows') run: | @@ -161,6 +180,7 @@ jobs: ls -l dist + - name: Run self-contained executable run: | set -eux @@ -169,6 +189,7 @@ jobs: dist/kleinanzeigen-bot version dist/kleinanzeigen-bot verify + - name: Upload self-contained executable uses: actions/upload-artifact@v3 if: ${{ github.ref_name == 'main' && matrix.PUBLISH_RELEASE && !env.ACT }} @@ -176,6 +197,7 @@ jobs: name: artifacts-${{ matrix.os }} path: dist/kleinanzeigen-bot* + - name: Build Docker image if: startsWith(matrix.os, 'ubuntu') run: | @@ -185,6 +207,7 @@ jobs: docker run --rm second-hand-friends/kleinanzeigen-bot help + - name: Publish Docker image if: ${{ github.ref_name == 'main' && matrix.PUBLISH_RELEASE && startsWith(matrix.os, 'ubuntu') && !env.ACT }} run: | @@ -211,6 +234,7 @@ jobs: # only required by "gh release create" to prevent "fatal: Not a git repository" uses: actions/checkout@v4 #https://github.com/actions/checkout + - name: Generate GitHub access token uses: tibdex/github-app-token@v2 #https://github.com/tibdex/github-app-token id: generate_token @@ -220,15 +244,18 @@ jobs: app_id: ${{ secrets.DEPS_UPDATER_APP_ID }} private_key: ${{ secrets.DEPS_UPDATER_PRIVATE_KEY }} + - name: Delete untagged docker image continue-on-error: true uses: camargo/delete-untagged-action@v1 with: github-token: ${{ steps.generate_token.outputs.token }} + - name: Download build artifacts uses: actions/download-artifact@v3 + - name: "Delete previous 'latest' release" env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -251,7 +278,7 @@ jobs: # https://cli.github.com/manual/gh_release_create GH_DEBUG=1 gh release create "$RELEASE_NAME" \ - --prerelease \ + --title "$RELEASE_NAME" \ --latest \ --notes "${{ github.event.head_commit.message }}" \ --target "${{ github.sha }}" \ @@ -259,6 +286,7 @@ jobs: kleinanzeigen-bot-linux-amd64 \ kleinanzeigen-bot-windows-amd64.exe + - name: "Delete intermediate build artifacts" uses: geekyeggo/delete-artifact@v2 # https://github.com/GeekyEggo/delete-artifact/ with: