🧪 Introduce a unified gate/check GHA job #9
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: 🧪 CI/CD | |
on: | |
# This avoids having duplicate builds for a pull request | |
push: | |
branches: | |
- master | |
- "*-maintenance" | |
tags: | |
- "v*" | |
pull_request: | |
branches: | |
- master | |
- "*-maintenance" | |
jobs: | |
############################################################################ | |
# Lint jobs | |
############################################################################ | |
lint: | |
name: lint | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: "lts/*" | |
cache: "npm" | |
cache-dependency-path: "**/package-lock.json" | |
- name: Install node dependencies | |
run: make frontend/node_modules | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: "3.x" | |
cache: "pip" | |
cache-dependency-path: "**/pyproject.toml" | |
- uses: actions/cache@v4 | |
with: | |
path: ~/.cache/pre-commit | |
key: pre-commit|${{ env.pythonLocation }}|${{ hashFiles('.pre-commit-config.yaml') }} | |
- name: Install python dependencies | |
id: pip | |
run: | | |
python -m pip install --upgrade pip | |
python -m pip install tox pre-commit | |
python -m pip freeze --local | |
- name: Run pylint | |
run: tox -e lint | |
- name: Run pre-commit | |
# run pre-commit check even if pylint check fails | |
if: steps.pip.outcome == 'success' | |
run: pre-commit run --show-diff-on-failure --color=always --all-files | |
############################################################################ | |
# Node tests | |
############################################################################ | |
node-tests: | |
name: ${{ matrix.os}} node-${{ matrix.node }} | |
runs-on: ${{ matrix.os }} | |
strategy: | |
fail-fast: false | |
matrix: | |
node: ["lts/*"] | |
os: ["ubuntu-latest", "macos-latest", "windows-latest"] | |
include: | |
- node: "current" | |
os: "ubuntu-latest" | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: ${{ matrix.node }} | |
cache: "npm" | |
cache-dependency-path: "**/package-lock.json" | |
- name: Build frontend | |
run: make | |
- name: Typecheck and run frontend tests | |
run: make test-js | |
############################################################################ | |
# Python tests | |
############################################################################ | |
python-tests: | |
name: ${{ matrix.os }} py${{ matrix.python }} | |
runs-on: ${{ matrix.os }} | |
strategy: | |
fail-fast: false | |
matrix: | |
os: ["ubuntu-latest"] | |
python: ["3.9", "3.10", "3.11", "3.12", "3.13"] | |
include: | |
- { os: "macos-latest", python: "3.9" } | |
- { os: "macos-latest", python: "3.13", install-ffmpeg: true } | |
- { os: "windows-latest", python: "3.9" } | |
- { os: "windows-latest", python: "3.13", install-ffmpeg: true } | |
- { python: "3.13", install-ffmpeg: true } | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ matrix.python }} | |
cache: "pip" | |
cache-dependency-path: "**/pyproject.toml" | |
- name: Install Linux system dependencies | |
if: runner.os == 'Linux' && matrix.install-ffmpeg | |
run: | | |
sudo apt-get update | |
sudo apt-get -y install ffmpeg | |
- name: Install macOS system dependencies | |
if: runner.os == 'macOS' && matrix.install-ffmpeg | |
run: brew install ffmpeg | |
- name: Install Windows system dependencies | |
if: runner.os == 'Windows' && matrix.install-ffmpeg | |
run: choco install --no-progress --timeout 600 ffmpeg | |
continue-on-error: true | |
- name: Workaround for UnicodeDecodeError from tox on Windows | |
# Refs: | |
# https://github.com/lektor/lektor/pull/933#issuecomment-923107580 | |
# https://github.com/tox-dev/tox/issues/1550 | |
if: runner.os == 'Windows' | |
run: Out-File $env:GITHUB_ENV utf8 -Append -InputObject 'PYTHONIOENCODING=utf-8' | |
- name: Install python dependencies | |
run: | | |
python -m pip install --upgrade pip | |
python -m pip install tox tox-gh-actions coverage[toml] | |
- name: Run python tests | |
run: tox | |
env: | |
TOX_SKIP_ENV: ${{ matrix.tox_skip_env }} | |
- name: Publish coverage data to codecov | |
uses: codecov/codecov-action@v4 | |
with: | |
token: ${{ secrets.CODECOV_TOKEN }} | |
############################################################################ | |
# Build distribution packages | |
############################################################################ | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: "3.x" | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: "lts/*" | |
- name: Install dependencies | |
run: python -m pip install build | |
- name: Build release artifacts | |
env: | |
HATCH_BUILD_CLEAN: "true" | |
run: python -m build | |
- name: Store the distribution packages | |
uses: actions/upload-artifact@v4 | |
with: | |
name: python-package-distributions | |
path: dist/ | |
############################################################################ | |
# Branch protection gate | |
############################################################################ | |
check: # This job does nothing and is only used for the branch protection | |
name: All tests passed | |
if: always() | |
needs: | |
- build | |
- lint | |
- node-tests | |
- python-tests | |
runs-on: ubuntu-latest | |
timeout-minutes: 1 | |
steps: | |
- name: Decide whether the needed jobs succeeded or failed | |
uses: re-actors/alls-green@release/v1 | |
with: | |
jobs: ${{ toJSON(needs) }} | |
############################################################################ | |
# (Possibly) Publish to PyPI | |
############################################################################ | |
publish-to-pypi: | |
name: >- | |
Publish Python 🐍 distribution 📦 to PyPI | |
if: >- # only publish to PyPI on tag pushes | |
always() | |
&& github.ref_type == 'tag' | |
&& needs.check.result == 'success' | |
needs: | |
- check | |
runs-on: ubuntu-latest | |
environment: | |
name: pypi | |
url: https://pypi.org/p/Lektor | |
permissions: | |
id-token: write # IMPORTANT: mandatory for trusted publishing | |
steps: | |
- name: Download all the dists | |
uses: actions/download-artifact@v4 | |
with: | |
name: python-package-distributions | |
path: dist/ | |
- name: Publish distribution 📦 to PyPI | |
uses: pypa/gh-action-pypi-publish@release/v1 | |
with: | |
password: ${{ secrets.PYPI_PASSWORD }} |