Compare commits
5 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 59625a53b2 | |||
| afb5bf2bc8 | |||
| a5e252b3b1 | |||
| 011bc1c113 | |||
| e94e04cff3 |
114
.github/workflows/docker-build-publish.yml
vendored
114
.github/workflows/docker-build-publish.yml
vendored
@@ -10,6 +10,35 @@ on:
|
||||
required: true
|
||||
type: string
|
||||
|
||||
checkout_repo:
|
||||
description: >
|
||||
Optional external repo to checkout (owner/name). If set, repo is checked out
|
||||
into checkout_path.
|
||||
required: false
|
||||
type: string
|
||||
default: ""
|
||||
|
||||
checkout_ref:
|
||||
description: >
|
||||
Optional git ref (branch/tag/SHA) for checkout_repo. Defaults to repo default branch.
|
||||
required: false
|
||||
type: string
|
||||
default: ""
|
||||
|
||||
checkout_path:
|
||||
description: >
|
||||
Path to checkout checkout_repo into.
|
||||
required: false
|
||||
type: string
|
||||
default: "external-src"
|
||||
|
||||
checkout_fetch_depth:
|
||||
description: >
|
||||
Fetch depth for checkout_repo (0 = full history).
|
||||
required: false
|
||||
type: string
|
||||
default: "0"
|
||||
|
||||
registry_host:
|
||||
required: true
|
||||
type: string
|
||||
@@ -21,6 +50,21 @@ on:
|
||||
description: >
|
||||
Multiline build args, one per line: KEY=VALUE (values may include spaces)
|
||||
|
||||
extra_tags:
|
||||
description: >
|
||||
Optional extra tags to apply to each image.
|
||||
Accepts JSON array (e.g. ["latest", "main"]) or newline-separated list.
|
||||
required: false
|
||||
type: string
|
||||
default: ""
|
||||
|
||||
skip_if_tag_exists:
|
||||
description: >
|
||||
If true, skip build when all images already have sha-<commit> tags.
|
||||
required: false
|
||||
type: string
|
||||
default: "false"
|
||||
|
||||
env:
|
||||
description: >
|
||||
Multiline env vars, one per line: KEY=VALUE
|
||||
@@ -53,6 +97,17 @@ jobs:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Checkout external repository
|
||||
if: ${{ inputs.checkout_repo != '' }}
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
repository: ${{ inputs.checkout_repo }}
|
||||
ref: ${{ inputs.checkout_ref }}
|
||||
server-url: ${{ github.server_url }}
|
||||
token: ${{ secrets.ci_token }}
|
||||
path: ${{ inputs.checkout_path }}
|
||||
fetch-depth: ${{ inputs.checkout_fetch_depth }}
|
||||
|
||||
- name: Load env vars
|
||||
if: ${{ inputs.env != '' }}
|
||||
run: |
|
||||
@@ -98,6 +153,10 @@ jobs:
|
||||
env:
|
||||
IMAGES: ${{ inputs.images }}
|
||||
BUILD_ARGS: ${{ inputs.build_args }}
|
||||
EXTRA_TAGS_INPUT: ${{ inputs.extra_tags }}
|
||||
CHECKOUT_REPO: ${{ inputs.checkout_repo }}
|
||||
CHECKOUT_PATH: ${{ inputs.checkout_path }}
|
||||
SKIP_IF_TAG_EXISTS: ${{ inputs.skip_if_tag_exists }}
|
||||
CI_TOKEN: ${{ secrets.ci_token }}
|
||||
TRIVY_SEVERITY: ${{ inputs.trivy_severity }}
|
||||
run: |
|
||||
@@ -127,8 +186,38 @@ jobs:
|
||||
|
||||
RAW_REF="${{ github.ref }}"
|
||||
SHA_FULL="${{ github.sha }}"
|
||||
SOURCE_SHA_FULL="$SHA_FULL"
|
||||
if [ -n "$CHECKOUT_REPO" ] && [ -d "$CHECKOUT_PATH/.git" ]; then
|
||||
SOURCE_SHA_FULL=$(git -C "$CHECKOUT_PATH" rev-parse HEAD)
|
||||
fi
|
||||
SHA_FULL="$SOURCE_SHA_FULL"
|
||||
SHA_SHORT="${SHA_FULL:0:12}"
|
||||
|
||||
truthy() {
|
||||
case "${1,,}" in
|
||||
1|true|yes|y|on) return 0;;
|
||||
*) return 1;;
|
||||
esac
|
||||
}
|
||||
|
||||
if truthy "$SKIP_IF_TAG_EXISTS"; then
|
||||
missing=0
|
||||
while read -r img; do
|
||||
IMAGE_NAME=$(echo "$img" | jq -r '.name')
|
||||
FULL_IMAGE="${{ inputs.registry_host }}/$IMAGE_NAME"
|
||||
if docker manifest inspect "$FULL_IMAGE:sha-$SHA_SHORT" >/dev/null 2>&1; then
|
||||
echo "==== Found existing tag $FULL_IMAGE:sha-$SHA_SHORT ===="
|
||||
else
|
||||
echo "==== Missing tag $FULL_IMAGE:sha-$SHA_SHORT (will build) ===="
|
||||
missing=1
|
||||
fi
|
||||
done < <(echo "$IMAGES" | jq -c '.[]')
|
||||
if [ "$missing" -eq 0 ]; then
|
||||
echo "All images already have sha-$SHA_SHORT tag. Skipping build."
|
||||
exit 0
|
||||
fi
|
||||
fi
|
||||
|
||||
VERSION_TAGS=()
|
||||
if [[ "$RAW_REF" =~ ^refs/tags/v([0-9]+)\.([0-9]+)\.([0-9]+)$ ]]; then
|
||||
VERSION_TAGS+=("v${BASH_REMATCH[1]}.${BASH_REMATCH[2]}.${BASH_REMATCH[3]}")
|
||||
@@ -137,6 +226,25 @@ jobs:
|
||||
VERSION_TAGS+=("latest")
|
||||
fi
|
||||
|
||||
EXTRA_TAGS=()
|
||||
if [ -n "$EXTRA_TAGS_INPUT" ]; then
|
||||
if echo "$EXTRA_TAGS_INPUT" | jq -e . >/dev/null 2>&1; then
|
||||
if ! echo "$EXTRA_TAGS_INPUT" | jq -e 'type == "array"' >/dev/null 2>&1; then
|
||||
echo "inputs.extra_tags must be a JSON array" >&2
|
||||
exit 1
|
||||
fi
|
||||
mapfile -t EXTRA_TAGS < <(echo "$EXTRA_TAGS_INPUT" | jq -r '.[]')
|
||||
else
|
||||
while IFS= read -r line; do
|
||||
trimmed="${line#"${line%%[![:space:]]*}"}"
|
||||
trimmed="${trimmed%"${trimmed##*[![:space:]]}"}"
|
||||
[ -z "$trimmed" ] && continue
|
||||
case "$trimmed" in \#*) continue;; esac
|
||||
EXTRA_TAGS+=("$trimmed")
|
||||
done <<< "$EXTRA_TAGS_INPUT"
|
||||
fi
|
||||
fi
|
||||
|
||||
BUILD_ARG_FLAGS=()
|
||||
BUILD_ARGS_JSON="{}"
|
||||
if [ -n "$BUILD_ARGS" ]; then
|
||||
@@ -216,6 +324,9 @@ jobs:
|
||||
for ver in "${VERSION_TAGS[@]}"; do
|
||||
TAGS+=("$FULL_IMAGE:$ver")
|
||||
done
|
||||
for extra in "${EXTRA_TAGS[@]}"; do
|
||||
TAGS+=("$FULL_IMAGE:$extra")
|
||||
done
|
||||
TAGS_JSON=$(printf '%s\n' "${TAGS[@]}" | jq -R . | jq -s .)
|
||||
|
||||
TARGET_NAME="img_${IDX}"
|
||||
@@ -275,6 +386,9 @@ jobs:
|
||||
for ver in "${VERSION_TAGS[@]}"; do
|
||||
TAGS+=("$FULL_IMAGE:$ver")
|
||||
done
|
||||
for extra in "${EXTRA_TAGS[@]}"; do
|
||||
TAGS+=("$FULL_IMAGE:$extra")
|
||||
done
|
||||
|
||||
TAG_ARGS=()
|
||||
for tag in "${TAGS[@]}"; do
|
||||
|
||||
97
.github/workflows/python-uv-ci-with-db.yml
vendored
97
.github/workflows/python-uv-ci-with-db.yml
vendored
@@ -21,6 +21,12 @@ on:
|
||||
required: false
|
||||
type: string
|
||||
default: ""
|
||||
test_env:
|
||||
description: >
|
||||
Multiline env vars for tests, one per line: KEY=VALUE
|
||||
required: false
|
||||
type: string
|
||||
default: ""
|
||||
uv_sync_args:
|
||||
type: string
|
||||
default: "--frozen --dev"
|
||||
@@ -36,6 +42,48 @@ on:
|
||||
test_command:
|
||||
type: string
|
||||
default: "uv run pytest"
|
||||
alembic_command:
|
||||
type: string
|
||||
default: ""
|
||||
postgres_image:
|
||||
type: string
|
||||
default: "postgres:16"
|
||||
postgres_user:
|
||||
type: string
|
||||
default: "postgres"
|
||||
postgres_password:
|
||||
type: string
|
||||
default: "postgres"
|
||||
postgres_db:
|
||||
type: string
|
||||
default: "test_db"
|
||||
postgres_health_cmd:
|
||||
type: string
|
||||
default: "pg_isready -U postgres"
|
||||
postgres_health_interval:
|
||||
type: string
|
||||
default: "10s"
|
||||
postgres_health_timeout:
|
||||
type: string
|
||||
default: "5s"
|
||||
postgres_health_retries:
|
||||
type: string
|
||||
default: "5"
|
||||
redis_image:
|
||||
type: string
|
||||
default: "redis:7-alpine"
|
||||
redis_health_cmd:
|
||||
type: string
|
||||
default: "redis-cli ping"
|
||||
redis_health_interval:
|
||||
type: string
|
||||
default: "5s"
|
||||
redis_health_timeout:
|
||||
type: string
|
||||
default: "5s"
|
||||
redis_health_retries:
|
||||
type: string
|
||||
default: "20"
|
||||
secrets:
|
||||
ssh_private_key:
|
||||
required: false
|
||||
@@ -47,18 +95,32 @@ jobs:
|
||||
runs-on: ubuntu-latest
|
||||
services:
|
||||
postgres:
|
||||
image: postgres:16
|
||||
image: ${{ inputs.postgres_image }}
|
||||
env:
|
||||
POSTGRES_USER: postgres
|
||||
POSTGRES_PASSWORD: postgres
|
||||
POSTGRES_DB: test_db
|
||||
POSTGRES_USER: ${{ inputs.postgres_user }}
|
||||
POSTGRES_PASSWORD: ${{ inputs.postgres_password }}
|
||||
POSTGRES_DB: ${{ inputs.postgres_db }}
|
||||
ports:
|
||||
- 5432:5432
|
||||
- 5432
|
||||
options: >-
|
||||
--health-cmd="pg_isready -U postgres"
|
||||
--health-interval=10s
|
||||
--health-timeout=5s
|
||||
--health-retries=5
|
||||
--health-cmd="${{ inputs.postgres_health_cmd }}"
|
||||
--health-interval=${{ inputs.postgres_health_interval }}
|
||||
--health-timeout=${{ inputs.postgres_health_timeout }}
|
||||
--health-retries=${{ inputs.postgres_health_retries }}
|
||||
redis:
|
||||
image: ${{ inputs.redis_image }}
|
||||
options: >-
|
||||
--health-cmd="${{ inputs.redis_health_cmd }}"
|
||||
--health-interval=${{ inputs.redis_health_interval }}
|
||||
--health-timeout=${{ inputs.redis_health_timeout }}
|
||||
--health-retries=${{ inputs.redis_health_retries }}
|
||||
env:
|
||||
POSTGRES_HOST: 127.0.0.1
|
||||
POSTGRES_PORT: ${{ job.services.postgres.ports['5432'] }}
|
||||
POSTGRES_USER: ${{ inputs.postgres_user }}
|
||||
POSTGRES_PASSWORD: ${{ inputs.postgres_password }}
|
||||
POSTGRES_DB: ${{ inputs.postgres_db }}
|
||||
DATABASE_URL: postgres://${{ inputs.postgres_user }}:${{ inputs.postgres_password }}@127.0.0.1:${{ job.services.postgres.ports['5432'] }}/${{ inputs.postgres_db }}
|
||||
permissions:
|
||||
contents: read
|
||||
defaults:
|
||||
@@ -121,6 +183,19 @@ jobs:
|
||||
- name: Sync dependencies
|
||||
run: uv sync ${{ inputs.uv_sync_args }}
|
||||
|
||||
- name: Load test env vars
|
||||
if: ${{ inputs.test_env != '' }}
|
||||
run: |
|
||||
while IFS= read -r line; do
|
||||
[ -z "$line" ] && continue
|
||||
case "$line" in \#*) continue;; esac
|
||||
if [[ "$line" != *=* ]]; then
|
||||
echo "Invalid env line: $line" >&2
|
||||
exit 1
|
||||
fi
|
||||
echo "$line" >> "$GITHUB_ENV"
|
||||
done <<< "${{ inputs.test_env }}"
|
||||
|
||||
- name: Run format check
|
||||
if: ${{ inputs.format_command != '' }}
|
||||
run: ${{ inputs.format_command }}
|
||||
@@ -133,6 +208,10 @@ jobs:
|
||||
if: ${{ inputs.typecheck_command != '' }}
|
||||
run: ${{ inputs.typecheck_command }}
|
||||
|
||||
- name: Alembic upgrade head (smoke test)
|
||||
if: ${{ inputs.alembic_command != '' }}
|
||||
run: ${{ inputs.alembic_command }}
|
||||
|
||||
- name: Run tests
|
||||
if: ${{ inputs.test_command != '' }}
|
||||
run: ${{ inputs.test_command }}
|
||||
|
||||
Reference in New Issue
Block a user