Skip to content

Adds dSTS authority (as if it were an oidc_authority) #1433

Adds dSTS authority (as if it were an oidc_authority)

Adds dSTS authority (as if it were an oidc_authority) #1433

# This workflow will install Python dependencies, run tests and lint with a variety of Python versions
# For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions
name: CI/CD
on:
push:
pull_request:
branches: [ dev ]
# This guards against unknown PR until a community member vet it and label it.
types: [ labeled ]
jobs:
ci:
env:
# Fake a TRAVIS env so that the pre-existing test cases would behave like before
TRAVIS: true
LAB_APP_CLIENT_ID: ${{ secrets.LAB_APP_CLIENT_ID }}
LAB_APP_CLIENT_SECRET: ${{ secrets.LAB_APP_CLIENT_SECRET }}
LAB_APP_CLIENT_CERT_BASE64: ${{ secrets.LAB_APP_CLIENT_CERT_BASE64 }}
LAB_APP_CLIENT_CERT_PFX_PATH: lab_cert.pfx
LAB_OBO_CLIENT_SECRET: ${{ secrets.LAB_OBO_CLIENT_SECRET }}
LAB_OBO_CONFIDENTIAL_CLIENT_ID: ${{ secrets.LAB_OBO_CONFIDENTIAL_CLIENT_ID }}
LAB_OBO_PUBLIC_CLIENT_ID: ${{ secrets.LAB_OBO_PUBLIC_CLIENT_ID }}
# Derived from https://docs.github.com/en/actions/guides/building-and-testing-python#starting-with-the-python-workflow-template
runs-on: ubuntu-latest # It switched to 22.04 shortly after 2022-Nov-8
strategy:
matrix:
python-version: [3.7, 3.8, 3.9, "3.10", "3.11", "3.12"]
steps:
- uses: actions/checkout@v4
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v5
# It automatically takes care of pip cache, according to
# https://docs.github.com/en/actions/using-workflows/caching-dependencies-to-speed-up-workflows#about-caching-workflow-dependencies
with:
python-version: ${{ matrix.python-version }}
cache: 'pip'
- name: Install dependencies
run: |
python -m pip install --upgrade pip
python -m pip install flake8 pytest
if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
- name: Populate lab cert.pfx
# https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions#storing-base64-binary-blobs-as-secrets
run: echo $LAB_APP_CLIENT_CERT_BASE64 | base64 -d > $LAB_APP_CLIENT_CERT_PFX_PATH
- name: Test with pytest
run: pytest --benchmark-skip
- name: Lint with flake8
run: |
# stop the build if there are Python syntax errors or undefined names
#flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
# exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide
#flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics
cb:
# Benchmark only after the correctness has been tested by CI,
# and then run benchmark only once (sampling with only one Python version).
needs: ci
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- uses: actions/checkout@v4
- name: Set up Python 3.9
uses: actions/setup-python@v5
with:
python-version: 3.9
cache: 'pip'
- name: Install dependencies
run: |
python -m pip install --upgrade pip
if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
- name: Setup an updatable cache for Performance Baselines
uses: actions/cache@v4
with:
path: .perf.baseline
key: ${{ runner.os }}-performance-${{ hashFiles('tests/test_benchmark.py') }}
restore-keys: ${{ runner.os }}-performance-
- name: Run benchmark
run: pytest --benchmark-only --benchmark-json benchmark.json --log-cli-level INFO tests/test_benchmark.py
- name: Render benchmark result
uses: benchmark-action/github-action-benchmark@v1
with:
tool: 'pytest'
output-file-path: benchmark.json
fail-on-alert: true
- name: Publish Gibhub Pages
run: git push origin gh-pages
cd:
needs: ci
# Note: github.event.pull_request.draft == false WON'T WORK in "if" statement,
# because the triggered event is a push, not a pull_request.
# This means each commit will trigger a release on TestPyPI.
# Those releases will only succeed when each push has a new version number: a1, a2, a3, etc.
if: |
github.event_name == 'push' &&
(
startsWith(github.ref, 'refs/tags') ||
startsWith(github.ref, 'refs/heads/release-')
)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python 3.9
uses: actions/setup-python@v5
with:
python-version: 3.9
cache: 'pip'
- name: Build a package for release
run: |
python -m pip install build --user
python -m build --sdist --wheel --outdir dist/ .
- name: |
Publish to TestPyPI when pushing to release-* branch.
You better test with a1, a2, b1, b2 releases first.
uses: pypa/[email protected]
if: startsWith(github.ref, 'refs/heads/release-')
with:
user: __token__
password: ${{ secrets.TEST_PYPI_API_TOKEN }}
repository_url: https://test.pypi.org/legacy/
- name: Publish to PyPI when tagged
if: startsWith(github.ref, 'refs/tags')
uses: pypa/[email protected]
with:
user: __token__
password: ${{ secrets.PYPI_API_TOKEN }}