Skip to content

wipac ci/cd #6634

wipac ci/cd

wipac ci/cd #6634

Workflow file for this run

name: wipac ci/cd
on:
push:
branches:
- '**'
tags-ignore:
- '**'
schedule:
- cron: "50 2,6,10,14,18,22 * * *"
workflow_dispatch:
env:
PYTHON_VERSION: "3.10"
jobs:
tests:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: ${{ env.PYTHON_VERSION }}
- name: Setup env
run: |
pip install -r requirements.txt
- name: Test
run: |
python -m pytest --tb=short --log-level=debug tests
keycloak-update:
needs: [tests]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
- name: Git config
run: |
git config user.name github-actions
git config user.email github-actions@github.com
- uses: actions/setup-python@v5
with:
python-version: ${{ env.PYTHON_VERSION }}
- name: Setup env
run: |
pip install -r requirements.txt
- name: Import from Keycloak
env:
KEYCLOAK_URL: "https://keycloak.icecube.wisc.edu"
KEYCLOAK_REALM: "IceCube"
KEYCLOAK_CLIENT_REALM: "IceCube"
KEYCLOAK_CLIENT_ID: "authorlist"
KEYCLOAK_CLIENT_SECRET: ${{ secrets.KEYCLOAK_CLIENT_SECRET }}
run: |
python import_from_keycloak.py output.json output.json --experiment IceCube
python import_from_keycloak.py output.json output.json --experiment IceCube-Gen2
git add output.json
git commit -m "<bot> update from keycloak" || true
- name: Failure Notification
if: failure()
run: |
gh label create actions-failure --description "GitHub Actions failure" --color EE3333 --force
numOpenIssues="$(gh api graphql -F owner=$OWNER -F name=$REPO -f query='
query($name: String!, $owner: String!) {
repository(owner: $owner, name: $name) {
issues(states: OPEN, labels: ["actions-failure"]) {
totalCount
}
}
}
' --jq '.data.repository.issues.totalCount')"
if [ $numOpenIssues = "0" ]; then
gh issue create --title "Actions failure" --assignee dsschult --label actions-failure --body "Keycloak sync action has failed. ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" --repo $GITHUB_REPOSITORY
fi
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
OWNER: ${{ github.repository_owner }}
REPO: ${{ github.event.repository.name }}
- name: Push changes
run: |
status=`git status 2>&1 | tee`
ahead=`echo -n "${status}" 2> /dev/null | grep "Your branch is ahead of" &> /dev/null; echo "$?"`
if [ "$ahead" -eq "1" ]; then
echo "no changes needed"
exit 0
fi
git push
echo "changes pushed (rest of workflow canceled)"
exit 1 # prevent dependent job(s) since there's changes to the code
shell: bash
docker:
name: "Docker Image"
needs: [tests, keycloak-update]
if: ${{ github.event_name != 'schedule' && github.ref == 'refs/heads/master' }}
runs-on: ubuntu-latest
steps:
- name: Checkout Project
uses: actions/checkout@v3
- name: Docker meta
id: docker_meta
uses: docker/metadata-action@v3
with:
images: |
ghcr.io/WIPACrepo/authorlist
tags: |
type=ref,event=branch
type=semver,pattern={{major}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}.{{minor}}.{{patch}}
- name: Login to GitHub Container Registry
uses: docker/#-action@v1
if: ${{ github.event_name != 'pull_request' }}
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Push Docker Image
uses: docker/build-push-action@v2
with:
context: .
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.docker_meta.outputs.tags }}
labels: ${{ steps.docker_meta.outputs.labels }}