Skip to content

🧪 Introduce a unified gate/check GHA job #9

🧪 Introduce a unified gate/check GHA job

🧪 Introduce a unified gate/check GHA job #9

Workflow file for this run

---
name: 🧪 CI/CD
on:
# This avoids having duplicate builds for a pull request
push:
branches:
- master
- "*-maintenance"
tags:
- "v*"
pull_request:
branches:
- master
- "*-maintenance"
jobs:
############################################################################
# Lint jobs
############################################################################
lint:
name: lint
runs-on: ubuntu-latest
strategy:
fail-fast: false
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: "lts/*"
cache: "npm"
cache-dependency-path: "**/package-lock.json"
- name: Install node dependencies
run: make frontend/node_modules
- uses: actions/setup-python@v5
with:
python-version: "3.x"
cache: "pip"
cache-dependency-path: "**/pyproject.toml"
- uses: actions/cache@v4
with:
path: ~/.cache/pre-commit
key: pre-commit|${{ env.pythonLocation }}|${{ hashFiles('.pre-commit-config.yaml') }}
- name: Install python dependencies
id: pip
run: |
python -m pip install --upgrade pip
python -m pip install tox pre-commit
python -m pip freeze --local
- name: Run pylint
run: tox -e lint
- name: Run pre-commit
# run pre-commit check even if pylint check fails
if: steps.pip.outcome == 'success'
run: pre-commit run --show-diff-on-failure --color=always --all-files
############################################################################
# Node tests
############################################################################
node-tests:
name: ${{ matrix.os}} node-${{ matrix.node }}
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
node: ["lts/*"]
os: ["ubuntu-latest", "macos-latest", "windows-latest"]
include:
- node: "current"
os: "ubuntu-latest"
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node }}
cache: "npm"
cache-dependency-path: "**/package-lock.json"
- name: Build frontend
run: make
- name: Typecheck and run frontend tests
run: make test-js
############################################################################
# Python tests
############################################################################
python-tests:
name: ${{ matrix.os }} py${{ matrix.python }}
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os: ["ubuntu-latest"]
python: ["3.9", "3.10", "3.11", "3.12", "3.13"]
include:
- { os: "macos-latest", python: "3.9" }
- { os: "macos-latest", python: "3.13", install-ffmpeg: true }
- { os: "windows-latest", python: "3.9" }
- { os: "windows-latest", python: "3.13", install-ffmpeg: true }
- { python: "3.13", install-ffmpeg: true }
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python }}
cache: "pip"
cache-dependency-path: "**/pyproject.toml"
- name: Install Linux system dependencies
if: runner.os == 'Linux' && matrix.install-ffmpeg
run: |
sudo apt-get update
sudo apt-get -y install ffmpeg
- name: Install macOS system dependencies
if: runner.os == 'macOS' && matrix.install-ffmpeg
run: brew install ffmpeg
- name: Install Windows system dependencies
if: runner.os == 'Windows' && matrix.install-ffmpeg
run: choco install --no-progress --timeout 600 ffmpeg
continue-on-error: true
- name: Workaround for UnicodeDecodeError from tox on Windows
# Refs:
# https://github.com/lektor/lektor/pull/933#issuecomment-923107580
# https://github.com/tox-dev/tox/issues/1550
if: runner.os == 'Windows'
run: Out-File $env:GITHUB_ENV utf8 -Append -InputObject 'PYTHONIOENCODING=utf-8'
- name: Install python dependencies
run: |
python -m pip install --upgrade pip
python -m pip install tox tox-gh-actions coverage[toml]
- name: Run python tests
run: tox
env:
TOX_SKIP_ENV: ${{ matrix.tox_skip_env }}
- name: Publish coverage data to codecov
uses: codecov/codecov-action@v4
with:
token: ${{ secrets.CODECOV_TOKEN }}
############################################################################
# Build distribution packages
############################################################################
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: actions/setup-python@v5
with:
python-version: "3.x"
- uses: actions/setup-node@v4
with:
node-version: "lts/*"
- name: Install dependencies
run: python -m pip install build
- name: Build release artifacts
env:
HATCH_BUILD_CLEAN: "true"
run: python -m build
- name: Store the distribution packages
uses: actions/upload-artifact@v4
with:
name: python-package-distributions
path: dist/
############################################################################
# Branch protection gate
############################################################################
check: # This job does nothing and is only used for the branch protection
name: All tests passed
if: always()
needs:
- build
- lint
- node-tests
- python-tests
runs-on: ubuntu-latest
timeout-minutes: 1
steps:
- name: Decide whether the needed jobs succeeded or failed
uses: re-actors/alls-green@release/v1
with:
jobs: ${{ toJSON(needs) }}
############################################################################
# (Possibly) Publish to PyPI
############################################################################
publish-to-pypi:
name: >-
Publish Python 🐍 distribution 📦 to PyPI
if: >- # only publish to PyPI on tag pushes
always()
&& github.ref_type == 'tag'
&& needs.check.result == 'success'
needs:
- check
runs-on: ubuntu-latest
environment:
name: pypi
url: https://pypi.org/p/Lektor
permissions:
id-token: write # IMPORTANT: mandatory for trusted publishing
steps:
- name: Download all the dists
uses: actions/download-artifact@v4
with:
name: python-package-distributions
path: dist/
- name: Publish distribution 📦 to PyPI
uses: pypa/gh-action-pypi-publish@release/v1
with:
password: ${{ secrets.PYPI_PASSWORD }}