Pin actions by SHA #38
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI Copier | |
| on: | |
| pull_request: | |
| merge_group: | |
| # Automatically stop old builds on the same branch/PR | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| pre-commit: | |
| timeout-minutes: 30 | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout branch | |
| uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 | |
| - name: Set up pixi | |
| uses: prefix-dev/setup-pixi@ba3bb36eb2066252b2363392b7739741bb777659 # v0.8.1 | |
| with: | |
| environments: default lint | |
| - name: pre-commit | |
| run: pixi run pre-commit-run --color=always --show-diff-on-failure | |
| pytest: | |
| timeout-minutes: 30 | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout branch | |
| uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 | |
| - name: Set up pixi | |
| uses: prefix-dev/setup-pixi@ba3bb36eb2066252b2363392b7739741bb777659 # v0.8.1 | |
| - name: Test | |
| run: pixi run test --color=yes | |
| env: | |
| # needed for test_template_update | |
| GH_TOKEN: ${{ github.token }} | |
| test-generated-package-ci: | |
| name: Test CI of generated package (minimal-python = ${{ matrix.minimal-python-version }}) | |
| timeout-minutes: 30 | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| minimal-python-version: [py38, py310] | |
| steps: | |
| - name: Checkout branch | |
| uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 | |
| with: | |
| ssh-key: ${{ secrets.SSH_PRIVATE_KEY }} | |
| - name: Set up pixi | |
| uses: prefix-dev/setup-pixi@ba3bb36eb2066252b2363392b7739741bb777659 # v0.8.1 | |
| with: | |
| activate-environment: true | |
| - name: Generate branch name | |
| id: branch | |
| run: | | |
| echo "name=ci/$GITHUB_SHA-${{ matrix.minimal-python-version }}" >> $GITHUB_OUTPUT | |
| - name: Test generated package CI | |
| run: | | |
| # Name of the generated package. | |
| # Authentication for pushing to $REPO. | |
| AUTH='authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' | |
| eval $(ssh-agent) | |
| ssh-add - <<< "${{ secrets.SSH_PRIVATE_KEY }}" | |
| # Set up local Git so that copier can run "git commit". | |
| git config --global user.email "[email protected]" | |
| git config --global user.name "Lando Calrissian" | |
| # Generate package with default settings + Windows CI. | |
| copier copy \ | |
| --data project_slug="package" \ | |
| --data project_short_description="Example Package" \ | |
| --data github_user="LandoCalrissian" \ | |
| --data author_name="Lando Calrissian" \ | |
| --data author_email="[email protected]" \ | |
| --data project_slug="package" \ | |
| --data minimal_python_version="${{ matrix.minimal-python-version }}" \ | |
| --defaults \ | |
| --trust \ | |
| . out | |
| cd out | |
| # Replace actions trigger with on: [push] | |
| yq eval '.on = ["push"]' -i .github/workflows/ci.yml | |
| yq eval '.on = ["push"]' -i .github/workflows/build.yml | |
| git add .github/workflows/ci.yml .github/workflows/build.yml | |
| git commit -m "Replace actions trigger with on: [push]" | |
| # create pixi.lock | |
| pixi list --manifest-path pixi.toml --color=always | |
| git add pixi.lock | |
| git commit -m "Create pixi.lock" | |
| # Push the generated package's HEAD commit to a `ci/*` branch | |
| cid=$(git rev-parse HEAD) | |
| git push -f "${GITHUB_SERVER_URL/https:\/\//git@}:$GITHUB_REPOSITORY" $cid:refs/heads/${{ steps.branch.outputs.name }} | |
| # Use the GitHub API to wait for the generated package's CI to complete (success or failure). | |
| # We look for a GitHub Actions run for the HEAD commit ID. | |
| WORKFLOW_URL="$GITHUB_API_URL/repos/${GITHUB_REPOSITORY}/actions/runs?branch=${{ steps.branch.outputs.name }}&head_sha=${cid}" | |
| echo "Waiting for inner CI to start" | |
| while (( $(curl -Ls --header "$AUTH" "$WORKFLOW_URL" | jq -r ".workflow_runs | length") < 1 )); do | |
| sleep 10 | |
| done | |
| echo "Waiting for inner CI to complete" | |
| while curl -Ls --header "$AUTH" "$WORKFLOW_URL" | jq -r ".workflow_runs | .[] | .status" | grep --invert-match completed > /dev/null; do | |
| sleep 10 | |
| done | |
| # Fail unless CI was successful. | |
| if curl -Ls --header "$AUTH" "$WORKFLOW_URL" | jq -r ".workflow_runs | .[] | .conclusion" | grep --invert-match success > /dev/null; then | |
| echo "CI pipeline failed" | |
| exit 1 | |
| fi | |
| - name: Clean up CI branch | |
| if: always() | |
| run: | | |
| set -x | |
| AUTH='authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' | |
| eval $(ssh-agent) | |
| ssh-add - <<< "${{ secrets.SSH_PRIVATE_KEY }}" | |
| git push -d "${GITHUB_SERVER_URL/https:\/\//git@}:$GITHUB_REPOSITORY" refs/heads/ci/$GITHUB_SHA-${{ matrix.minimal-python-version }} | |
| cid=$(git rev-parse HEAD) | |
| for line in $(curl -Ls --header "$AUTH" "$GITHUB_API_URL/repos/${GITHUB_REPOSITORY}/actions/runs?branch=ci/${GITHUB_SHA}-${{ matrix.minimal-python-version }}&head_sha=${cid}" | jq -r ".workflow_runs | .[] | select(.status != \"completed\") | .id") | |
| do | |
| curl -Ls --header "$AUTH" --request POST "$GITHUB_API_URL/repos/${GITHUB_REPOSITORY}/actions/runs/$line/cancel" > /dev/null | |
| done |