# Copyright © 2020 Interplanetary Database Association e.V., # Planetmint and IPDB software contributors. # SPDX-License-Identifier: (Apache-2.0 AND CC-BY-4.0) # Code is Apache-2.0 and docs are CC-BY-4.0 --- name: CI on: push: branches: - "*" tags: - "v*.*.*" pull_request: branches: - "main" permissions: packages: write contents: write jobs: lint: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - uses: psf/black@stable with: options: "--check -l 119" src: "." audit: runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@v3 - name: Setup python uses: actions/setup-python@v4 with: python-version: 3.9 - name: Setup poetry uses: Gr1N/setup-poetry@v8 - name: Install dependencies run: poetry install - name: Create requirements.txt run: poetry run pip freeze > requirements.txt - name: Audit dependencies run: | poetry run pip-audit \ --ignore-vuln GHSA-8495-4g3g-x7pr \ --ignore-vuln PYSEC-2024-230 \ --ignore-vuln PYSEC-2024-225 \ --ignore-vuln GHSA-3ww4-gg4f-jr7f \ --ignore-vuln GHSA-9v9h-cgj8-h64p \ --ignore-vuln GHSA-h4gh-qq45-vh27 \ --ignore-vuln PYSEC-2023-62 \ --ignore-vuln PYSEC-2024-71 \ --ignore-vuln GHSA-84pr-m4jr-85g5 \ --ignore-vuln GHSA-w3h3-4rj7-4ph4 \ --ignore-vuln PYSEC-2024-60 \ --ignore-vuln GHSA-h5c8-rqwp-cp95 \ --ignore-vuln GHSA-h75v-3vvj-5mfj \ --ignore-vuln GHSA-q2x7-8rv6-6q7h \ --ignore-vuln GHSA-gmj6-6f8f-6699 \ --ignore-vuln PYSEC-2023-117 \ --ignore-vuln GHSA-m87m-mmvp-v9qm \ --ignore-vuln GHSA-9wx4-h78v-vm56 \ --ignore-vuln GHSA-34jh-p97f-mpxf \ --ignore-vuln PYSEC-2022-203 \ --ignore-vuln PYSEC-2023-58 \ --ignore-vuln PYSEC-2023-57 \ --ignore-vuln PYSEC-2023-221 \ --ignore-vuln GHSA-2g68-c3qc-8985 \ --ignore-vuln GHSA-f9vj-2wh5-fj8j \ --ignore-vuln GHSA-q34m-jh98-gwm2 test: needs: lint runs-on: ubuntu-latest env: PLANETMINT_DATABASE_BACKEND: tarantool_db PLANETMINT_DATABASE_HOST: localhost PLANETMINT_DATABASE_PORT: 3303 PLANETMINT_SERVER_BIND: 0.0.0.0:9984 PLANETMINT_WSSERVER_HOST: 0.0.0.0 PLANETMINT_WSSERVER_ADVERTISED_HOST: localhost PLANETMINT_TENDERMINT_HOST: localhost PLANETMINT_TENDERMINT_PORT: 26657 steps: - name: Check out repository code uses: actions/checkout@v3 - name: Setup python uses: actions/setup-python@v4 with: python-version: 3.9 - name: Prepare OS run: sudo apt-get update && sudo apt-get install -y git zsh curl tarantool-common vim build-essential cmake - name: Get Tendermint run: wget https://github.com/tendermint/tendermint/releases/download/v0.34.24/tendermint_0.34.24_linux_amd64.tar.gz && tar zxf tendermint_0.34.24_linux_amd64.tar.gz - name: Setup poetry uses: Gr1N/setup-poetry@v8 - name: Install Planetmint run: poetry install --with dev - name: Execute Tests run: make test release: needs: test if: startsWith(github.ref, 'refs/tags/') runs-on: ubuntu-latest steps: - name: Check out repository code uses: actions/checkout@v3 - name: Setup python uses: actions/setup-python@v4 with: python-version: 3.9 - name: Setup poetry uses: Gr1N/setup-poetry@v8 - name: Install dependencies run: poetry install --with dev - name: Upload to PyPI run: | poetry build poetry publish -u __token__ -p ${{ secrets.PYPI_TOKEN }} - name: Upload to GitHub uses: softprops/action-gh-release@v1 with: files: dist/* publish-docker: needs: test if: startsWith(github.ref, 'refs/tags/') runs-on: ubuntu-latest steps: # Get the repository's code - name: Checkout uses: actions/checkout@v2 # https://github.com/docker/setup-qemu-action - name: Set up QEMU uses: docker/setup-qemu-action@v1 # https://github.com/docker/setup-buildx-action - name: Set up Docker Buildx id: buildx uses: docker/setup-buildx-action@v1 - name: Login to GHCR if: github.event_name != 'pull_request' uses: docker/login-action@v1 with: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GH_PACKAGE_DEPLOYMENT }} - name: Docker meta id: semver # you'll use this in the next step uses: docker/metadata-action@v3 with: # list of Docker images to use as base name for tags images: | ghcr.io/planetmint/planetmint # Docker tags based on the following events/attributes tags: | type=schedule type=ref,event=branch type=ref,event=pr type=semver,pattern={{version}} type=semver,pattern={{major}}.{{minor}} type=semver,pattern={{major}} type=sha - name: Build and push uses: docker/build-push-action@v2 with: context: . platforms: linux/amd64,linux/arm64 push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.semver.outputs.tags }} labels: ${{ steps.semver.outputs.labels }} env: CRYPTOGRAPHY_DONT_BUILD_RUST: 1 - name: Docker meta AIO id: semver-aio # you'll use this in the next step uses: docker/metadata-action@v3 with: # list of Docker images to use as base name for tags images: | ghcr.io/planetmint/planetmint-aio # Docker tags based on the following events/attributes tags: | type=schedule type=ref,event=branch type=ref,event=pr type=semver,pattern={{version}} type=semver,pattern={{major}}.{{minor}} type=semver,pattern={{major}} type=sha - name: Build and push AIO uses: docker/build-push-action@v2 with: context: . file: Dockerfile-all-in-one platforms: linux/amd64,linux/arm64 push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.semver-aio.outputs.tags }} labels: ${{ steps.semver-aio.outputs.labels }} env: CRYPTOGRAPHY_DONT_BUILD_RUST: 1