wipac ci/cd #6630
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: wipac ci/cd | |
on: | |
push: | |
branches: | |
- '**' | |
tags-ignore: | |
- '**' | |
schedule: | |
- cron: "50 2,6,10,14,18,22 * * *" | |
workflow_dispatch: | |
env: | |
PYTHON_VERSION: "3.10" | |
jobs: | |
tests: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ env.PYTHON_VERSION }} | |
- name: Setup env | |
run: | | |
pip install -r requirements.txt | |
- name: Test | |
run: | | |
python -m pytest --tb=short --log-level=debug tests | |
keycloak-update: | |
needs: [tests] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
token: ${{ secrets.PERSONAL_ACCESS_TOKEN }} | |
- name: Git config | |
run: | | |
git config user.name github-actions | |
git config user.email github-actions@github.com | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ env.PYTHON_VERSION }} | |
- name: Setup env | |
run: | | |
pip install -r requirements.txt | |
- name: Import from Keycloak | |
env: | |
KEYCLOAK_URL: "https://keycloak.icecube.wisc.edu" | |
KEYCLOAK_REALM: "IceCube" | |
KEYCLOAK_CLIENT_REALM: "IceCube" | |
KEYCLOAK_CLIENT_ID: "authorlist" | |
KEYCLOAK_CLIENT_SECRET: ${{ secrets.KEYCLOAK_CLIENT_SECRET }} | |
run: | | |
python import_from_keycloak.py output.json output.json --experiment IceCube | |
python import_from_keycloak.py output.json output.json --experiment IceCube-Gen2 | |
git add output.json | |
git commit -m "<bot> update from keycloak" || true | |
- name: Failure Notification | |
if: failure() | |
run: | | |
gh label create actions-failure --description "GitHub Actions failure" --color EE3333 --force | |
numOpenIssues="$(gh api graphql -F owner=$OWNER -F name=$REPO -f query=' | |
query($name: String!, $owner: String!) { | |
repository(owner: $owner, name: $name) { | |
issues(states: OPEN, labels: ["actions-failure"]) { | |
totalCount | |
} | |
} | |
} | |
' --jq '.data.repository.issues.totalCount')" | |
if [ $numOpenIssues = "0" ]; then | |
gh issue create --title "Actions failure" --assignee dsschult --label actions-failure --body "Keycloak sync action has failed. ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" --repo $GITHUB_REPOSITORY | |
fi | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
OWNER: ${{ github.repository_owner }} | |
REPO: ${{ github.event.repository.name }} | |
- name: Push changes | |
run: | | |
status=`git status 2>&1 | tee` | |
ahead=`echo -n "${status}" 2> /dev/null | grep "Your branch is ahead of" &> /dev/null; echo "$?"` | |
if [ "$ahead" -eq "1" ]; then | |
echo "no changes needed" | |
exit 0 | |
fi | |
git push | |
echo "changes pushed (rest of workflow canceled)" | |
exit 1 # prevent dependent job(s) since there's changes to the code | |
shell: bash | |
docker: | |
name: "Docker Image" | |
needs: [tests, keycloak-update] | |
if: ${{ github.event_name != 'schedule' && github.ref == 'refs/heads/master' }} | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout Project | |
uses: actions/checkout@v3 | |
- name: Docker meta | |
id: docker_meta | |
uses: docker/metadata-action@v3 | |
with: | |
images: | | |
ghcr.io/WIPACrepo/authorlist | |
tags: | | |
type=ref,event=branch | |
type=semver,pattern={{major}} | |
type=semver,pattern={{major}}.{{minor}} | |
type=semver,pattern={{major}}.{{minor}}.{{patch}} | |
- name: Login to GitHub Container Registry | |
uses: docker/#-action@v1 | |
if: ${{ github.event_name != 'pull_request' }} | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Push Docker Image | |
uses: docker/build-push-action@v2 | |
with: | |
context: . | |
push: ${{ github.event_name != 'pull_request' }} | |
tags: ${{ steps.docker_meta.outputs.tags }} | |
labels: ${{ steps.docker_meta.outputs.labels }} |