feat: add ability to require authentication #226
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: "CI" | |
concurrency: # Cancel any existing runs of this workflow for this same PR | |
group: "${{ github.workflow }}-${{ github.ref }}" | |
cancel-in-progress: true | |
on: # yamllint disable-line rule:truthy rule:comments | |
push: | |
branches: | |
- "main" | |
- "develop" | |
tags: | |
- "v*" | |
pull_request: ~ | |
env: | |
APP_NAME: "nautobot-app-capacity-metrics" | |
jobs: | |
black: | |
runs-on: "ubuntu-22.04" | |
env: | |
INVOKE_NAUTOBOT_CAPACITY_METRICS_LOCAL: "True" | |
steps: | |
- name: "Check out repository code" | |
uses: "actions/checkout@v4" | |
- name: "Setup environment" | |
uses: "networktocode/gh-action-setup-poetry-environment@v4" | |
- name: "Linting: black" | |
run: "poetry run invoke black" | |
bandit: | |
runs-on: "ubuntu-22.04" | |
env: | |
INVOKE_NAUTOBOT_CAPACITY_METRICS_LOCAL: "True" | |
steps: | |
- name: "Check out repository code" | |
uses: "actions/checkout@v4" | |
- name: "Setup environment" | |
uses: "networktocode/gh-action-setup-poetry-environment@v4" | |
- name: "Linting: bandit" | |
run: "poetry run invoke bandit" | |
ruff: | |
runs-on: "ubuntu-22.04" | |
env: | |
INVOKE_NAUTOBOT_CAPACITY_METRICS_LOCAL: "True" | |
steps: | |
- name: "Check out repository code" | |
uses: "actions/checkout@v4" | |
- name: "Setup environment" | |
uses: "networktocode/gh-action-setup-poetry-environment@v4" | |
- name: "Linting: ruff" | |
run: "poetry run invoke ruff" | |
check-docs-build: | |
runs-on: "ubuntu-22.04" | |
env: | |
INVOKE_NAUTOBOT_CAPACITY_METRICS_LOCAL: "True" | |
steps: | |
- name: "Check out repository code" | |
uses: "actions/checkout@v4" | |
- name: "Setup environment" | |
uses: "networktocode/gh-action-setup-poetry-environment@v4" | |
- name: "Check Docs Build" | |
run: "poetry run invoke build-and-check-docs" | |
flake8: | |
runs-on: "ubuntu-22.04" | |
env: | |
INVOKE_NAUTOBOT_CAPACITY_METRICS_LOCAL: "True" | |
steps: | |
- name: "Check out repository code" | |
uses: "actions/checkout@v4" | |
- name: "Setup environment" | |
uses: "networktocode/gh-action-setup-poetry-environment@v4" | |
- name: "Linting: flake8" | |
run: "poetry run invoke flake8" | |
poetry: | |
runs-on: "ubuntu-22.04" | |
env: | |
INVOKE_NAUTOBOT_CAPACITY_METRICS_LOCAL: "True" | |
steps: | |
- name: "Check out repository code" | |
uses: "actions/checkout@v4" | |
- name: "Setup environment" | |
uses: "networktocode/gh-action-setup-poetry-environment@v4" | |
- name: "Checking: poetry lock file" | |
run: "poetry run invoke lock --check" | |
yamllint: | |
runs-on: "ubuntu-22.04" | |
env: | |
INVOKE_NAUTOBOT_CAPACITY_METRICS_LOCAL: "True" | |
steps: | |
- name: "Check out repository code" | |
uses: "actions/checkout@v4" | |
- name: "Setup environment" | |
uses: "networktocode/gh-action-setup-poetry-environment@v4" | |
- name: "Linting: yamllint" | |
run: "poetry run invoke yamllint" | |
pylint: | |
needs: | |
- "bandit" | |
- "ruff" | |
- "flake8" | |
- "poetry" | |
- "yamllint" | |
- "black" | |
runs-on: "ubuntu-22.04" | |
strategy: | |
fail-fast: true | |
matrix: | |
python-version: ["3.11"] | |
nautobot-version: ["2.0.0"] | |
env: | |
INVOKE_NAUTOBOT_CAPACITY_METRICS_PYTHON_VER: "${{ matrix.python-version }}" | |
INVOKE_NAUTOBOT_CAPACITY_METRICS_NAUTOBOT_VER: "${{ matrix.nautobot-version }}" | |
steps: | |
- name: "Check out repository code" | |
uses: "actions/checkout@v4" | |
- name: "Setup environment" | |
uses: "networktocode/gh-action-setup-poetry-environment@v4" | |
- name: "Set up Docker Buildx" | |
id: "buildx" | |
uses: "docker/setup-buildx-action@v3" | |
- name: "Build" | |
uses: "docker/build-push-action@v5" | |
with: | |
builder: "${{ steps.buildx.outputs.name }}" | |
context: "./" | |
push: false | |
load: true | |
tags: "${{ env.APP_NAME }}/nautobot:${{ matrix.nautobot-version }}-py${{ matrix.python-version }}" | |
file: "./development/Dockerfile" | |
cache-from: "type=gha,scope=${{ matrix.nautobot-version }}-py${{ matrix.python-version }}" | |
cache-to: "type=gha,scope=${{ matrix.nautobot-version }}-py${{ matrix.python-version }}" | |
build-args: | | |
NAUTOBOT_VER=${{ matrix.nautobot-version }} | |
PYTHON_VER=${{ matrix.python-version }} | |
- name: "Copy credentials" | |
run: "cp development/creds.example.env development/creds.env" | |
- name: "Linting: pylint" | |
run: "poetry run invoke pylint" | |
check-migrations: | |
needs: | |
- "bandit" | |
- "ruff" | |
- "flake8" | |
- "poetry" | |
- "yamllint" | |
- "black" | |
runs-on: "ubuntu-22.04" | |
strategy: | |
fail-fast: true | |
matrix: | |
python-version: ["3.11"] | |
nautobot-version: ["2.0.0"] | |
env: | |
INVOKE_NAUTOBOT_CAPACITY_METRICS_PYTHON_VER: "${{ matrix.python-version }}" | |
INVOKE_NAUTOBOT_CAPACITY_METRICS_NAUTOBOT_VER: "${{ matrix.nautobot-version }}" | |
steps: | |
- name: "Check out repository code" | |
uses: "actions/checkout@v4" | |
- name: "Setup environment" | |
uses: "networktocode/gh-action-setup-poetry-environment@v4" | |
- name: "Set up Docker Buildx" | |
id: "buildx" | |
uses: "docker/setup-buildx-action@v3" | |
- name: "Build" | |
uses: "docker/build-push-action@v5" | |
with: | |
builder: "${{ steps.buildx.outputs.name }}" | |
context: "./" | |
push: false | |
load: true | |
tags: "${{ env.APP_NAME }}/nautobot:${{ matrix.nautobot-version }}-py${{ matrix.python-version }}" | |
file: "./development/Dockerfile" | |
cache-from: "type=gha,scope=${{ matrix.nautobot-version }}-py${{ matrix.python-version }}" | |
cache-to: "type=gha,scope=${{ matrix.nautobot-version }}-py${{ matrix.python-version }}" | |
build-args: | | |
NAUTOBOT_VER=${{ matrix.nautobot-version }} | |
PYTHON_VER=${{ matrix.python-version }} | |
- name: "Copy credentials" | |
run: "cp development/creds.example.env development/creds.env" | |
- name: "Checking: migrations" | |
run: "poetry run invoke check-migrations" | |
unittest: | |
needs: | |
- "pylint" | |
- "check-migrations" | |
strategy: | |
fail-fast: true | |
matrix: | |
python-version: ["3.8", "3.11"] | |
db-backend: ["postgresql"] | |
nautobot-version: ["stable"] | |
include: | |
- python-version: "3.11" | |
db-backend: "postgresql" | |
nautobot-version: "2.0.0" | |
# - python-version: "3.11" | |
# db-backend: "mysql" | |
# nautobot-version: "stable" | |
runs-on: "ubuntu-22.04" | |
env: | |
INVOKE_NAUTOBOT_CAPACITY_METRICS_PYTHON_VER: "${{ matrix.python-version }}" | |
INVOKE_NAUTOBOT_CAPACITY_METRICS_NAUTOBOT_VER: "${{ matrix.nautobot-version }}" | |
steps: | |
- name: "Check out repository code" | |
uses: "actions/checkout@v4" | |
- name: "Setup environment" | |
uses: "networktocode/gh-action-setup-poetry-environment@v4" | |
- name: "Set up Docker Buildx" | |
id: "buildx" | |
uses: "docker/setup-buildx-action@v3" | |
- name: "Build" | |
uses: "docker/build-push-action@v5" | |
with: | |
builder: "${{ steps.buildx.outputs.name }}" | |
context: "./" | |
push: false | |
load: true | |
tags: "${{ env.APP_NAME }}/nautobot:${{ matrix.nautobot-version }}-py${{ matrix.python-version }}" | |
file: "./development/Dockerfile" | |
cache-from: "type=gha,scope=${{ matrix.nautobot-version }}-py${{ matrix.python-version }}" | |
cache-to: "type=gha,scope=${{ matrix.nautobot-version }}-py${{ matrix.python-version }}" | |
build-args: | | |
NAUTOBOT_VER=${{ matrix.nautobot-version }} | |
PYTHON_VER=${{ matrix.python-version }} | |
- name: "Copy credentials" | |
run: "cp development/creds.example.env development/creds.env" | |
- name: "Use Mysql invoke settings when needed" | |
run: "cp invoke.mysql.yml invoke.yml" | |
if: "matrix.db-backend == 'mysql'" | |
- name: "Run Tests" | |
run: "poetry run invoke unittest" | |
changelog: | |
if: | | |
contains(fromJson('["develop","ltm-1.6"]'), github.base_ref) && | |
(github.head_ref != 'main') | |
runs-on: "ubuntu-22.04" | |
steps: | |
- name: "Check out repository code" | |
uses: "actions/checkout@v4" | |
with: | |
fetch-depth: "0" | |
- name: "Setup environment" | |
uses: "networktocode/gh-action-setup-poetry-environment@v4" | |
- name: "Check for changelog entry" | |
run: | | |
git fetch --no-tags origin +refs/heads/${{ github.base_ref }}:refs/remotes/origin/${{ github.base_ref }} | |
poetry run towncrier check --compare-with origin/${{ github.base_ref }} | |
publish_gh: | |
needs: | |
- "unittest" | |
name: "Publish to GitHub" | |
runs-on: "ubuntu-22.04" | |
if: "startsWith(github.ref, 'refs/tags/v')" | |
env: | |
INVOKE_NAUTOBOT_CAPACITY_METRICS_LOCAL: "True" | |
steps: | |
- name: "Check out repository code" | |
uses: "actions/checkout@v4" | |
- name: "Set up Python" | |
uses: "actions/setup-python@v4" | |
with: | |
python-version: "3.11" | |
- name: "Install Python Packages" | |
run: "pip install poetry" | |
- name: "Set env" | |
run: "echo RELEASE_VERSION=${GITHUB_REF:10} >> $GITHUB_ENV" | |
- name: "Run Poetry Version" | |
run: "poetry version $RELEASE_VERSION" | |
- name: "Install Dependencies (needed for mkdocs)" | |
run: "poetry install --no-root" | |
- name: "Build Documentation" | |
run: "poetry run invoke build-and-check-docs" | |
- name: "Run Poetry Build" | |
run: "poetry build" | |
- name: "Upload binaries to release" | |
uses: "svenstaro/upload-release-action@v2" | |
with: | |
repo_token: "${{ secrets.GH_NAUTOBOT_BOT_TOKEN }}" | |
file: "dist/*" | |
tag: "${{ github.ref }}" | |
overwrite: true | |
file_glob: true | |
publish_pypi: | |
needs: | |
- "unittest" | |
name: "Push Package to PyPI" | |
runs-on: "ubuntu-22.04" | |
if: "startsWith(github.ref, 'refs/tags/v')" | |
env: | |
INVOKE_NAUTOBOT_CAPACITY_METRICS_LOCAL: "True" | |
steps: | |
- name: "Check out repository code" | |
uses: "actions/checkout@v4" | |
- name: "Set up Python" | |
uses: "actions/setup-python@v4" | |
with: | |
python-version: "3.11" | |
- name: "Install Python Packages" | |
run: "pip install poetry" | |
- name: "Set env" | |
run: "echo RELEASE_VERSION=${GITHUB_REF:10} >> $GITHUB_ENV" | |
- name: "Run Poetry Version" | |
run: "poetry version $RELEASE_VERSION" | |
- name: "Install Dependencies (needed for mkdocs)" | |
run: "poetry install --no-root" | |
- name: "Build Documentation" | |
run: "poetry run invoke build-and-check-docs" | |
- name: "Run Poetry Build" | |
run: "poetry build" | |
- name: "Push to PyPI" | |
uses: "pypa/gh-action-pypi-publish@release/v1" | |
with: | |
user: "__token__" | |
password: "${{ secrets.PYPI_API_TOKEN }}" | |
slack-notify: | |
needs: | |
- "publish_gh" | |
- "publish_pypi" | |
runs-on: "ubuntu-22.04" | |
env: | |
SLACK_WEBHOOK_URL: "${{ secrets.SLACK_WEBHOOK_URL }}" | |
SLACK_MESSAGE: >- | |
*NOTIFICATION: NEW-RELEASE-PUBLISHED*\n | |
Repository: <${{ github.server_url }}/${{ github.repository }}|${{ github.repository }}>\n | |
Release: <${{ github.server_url }}/${{ github.repository }}/releases/tag/${{ github.ref_name }}|${{ github.ref_name }}>\n | |
Published by: <${{ github.server_url }}/${{ github.actor }}|${{ github.actor }}> | |
steps: | |
- name: "Send a notification to Slack" | |
# ENVs cannot be used directly in job.if. This is a workaround to check | |
# if SLACK_WEBHOOK_URL is present. | |
if: "env.SLACK_WEBHOOK_URL != ''" | |
uses: "slackapi/slack-github-action@v1" | |
with: | |
payload: | | |
{ | |
"text": "${{ env.SLACK_MESSAGE }}", | |
"blocks": [ | |
{ | |
"type": "section", | |
"text": { | |
"type": "mrkdwn", | |
"text": "${{ env.SLACK_MESSAGE }}" | |
} | |
} | |
] | |
} | |
env: | |
SLACK_WEBHOOK_URL: "${{ secrets.SLACK_WEBHOOK_URL }}" | |
SLACK_WEBHOOK_TYPE: "INCOMING_WEBHOOK" |