eiffel-community · t-persson · Mar 11, 2024 · Mar 11, 2024 · Mar 11, 2024
@@ -1,89 +1,91 @@
-name: Build and push
+name: Build and publish
 
 on:
-  pull_request_target:
+  push:
     branches: [ "main" ]
-    types:
-      - closed
-  workflow_dispatch:
+    tags: ["*"]
 
 jobs:
-  build_api:
-    if: ${{ github.event_name == 'workflow_dispatch' || github.event.pull_request.merged == true }}
+  build:
+    name: Build distribution
     runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v3
-    - name: Build app image
-      run: docker build . --tag image
 
-    - name: Log into registry
-      run: echo "${{ secrets.REGISTRYPASSWORD }}" | docker login registry.nordix.org -u ${{ secrets.REGISTRYUSERNAME }} --password-stdin
+    steps:
+    - uses: actions/checkout@v4
+    - name: Set up Python
+      uses: actions/setup-python@v4
+      with:
+        python-version: "3.9"
+    - name: Install pypa/build
+      run: >-
+        python3 -m
+        pip install
+        build
+        --user
+    - name: Build a binary wheel and a source tarball
+      run: python3 -m build
+    - name: Store the distribution packages
+      uses: actions/upload-artifact@v3
+      with:
+        name: python-package-distributions
+        path: dist/
 
-    - name: Push app image
-      id: image
-      run: |
-        IMAGE_ID=registry.nordix.org/eiffel/etos-environment-provider
-        # Strip git ref prefix from version
-        VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')
-        # Strip "v" prefix from tag name
-        [[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//')
-        # Use Docker `latest` tag convention
-        [ "$VERSION" == "main" ] && VERSION=$(echo ${{ github.sha }} | cut -c1-8)
-        echo IMAGE_ID=$IMAGE_ID
-        echo VERSION=$VERSION
-        docker tag image $IMAGE_ID:$VERSION
-        docker push $IMAGE_ID:$VERSION
-        echo $IMAGE_ID:$VERSION
-        echo "::set-output name=version::$VERSION"
-    outputs:
-      apiVersion: ${{ steps.image.outputs.version }}
-  build_worker:
-    if: ${{ github.event_name == 'workflow_dispatch' || github.event.pull_request.merged == true }}
+  publish-to-pypi:
+    name: >-
+      Publish Python distribution to PyPI
+    if: startsWith(github.ref, 'refs/tags/')
+    needs:
+    - build
     runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v3
-    - name: Build app image
-      run: docker build . -f Dockerfile.workers --tag image
+    environment:
+      name: pypi
+      url: https://pypi.org/p/etos-environment-provider
+    permissions:
+      id-token: write
 
-    - name: Log into registry
-      run: echo "${{ secrets.REGISTRYPASSWORD }}" | docker login registry.nordix.org -u ${{ secrets.REGISTRYUSERNAME }} --password-stdin
+    steps:
+    - name: Download all the dists
+      uses: actions/download-artifact@v3
+      with:
+        name: python-package-distributions
+        path: dist/
+    - name: Publish distribution to PyPI
+      uses: pypa/gh-action-pypi-publish@release/v1
 
-    - name: Push app image
-      id: image
-      run: |
-        IMAGE_ID=registry.nordix.org/eiffel/etos-environment-provider-worker
-        # Strip git ref prefix from version
-        VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')
-        # Strip "v" prefix from tag name
-        [[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//')
-        # Use Docker `latest` tag convention
-        [ "$VERSION" == "main" ] && VERSION=$(echo ${{ github.sha }} | cut -c1-8)
-        echo IMAGE_ID=$IMAGE_ID
-        echo VERSION=$VERSION
-        docker tag image $IMAGE_ID:$VERSION
-        docker push $IMAGE_ID:$VERSION
-        echo $IMAGE_ID:$VERSION
-        echo "::set-output name=version::$VERSION"
-    outputs:
-      workerVersion: ${{ steps.image.outputs.version }}
-  update_manifests:
-    if: ${{ github.event_name == 'workflow_dispatch' || github.event.pull_request.merged == true }}
+  github-release:
+    name: >-
+      Sign the Python distribution with Sigstore
+      and upload them to GitHub Release
+    needs:
+    - publish-to-pypi
     runs-on: ubuntu-latest
-    needs: [build_api, build_worker]
+    permissions:
+      contents: write
+      id-token: write
     steps:
-    - uses: actions/checkout@v3
-    - name: Update manifests
-      uses: fjogeleit/yaml-update-action@main
+    - name: Download all the dists
+      uses: actions/download-artifact@v3
+      with:
+        name: python-package-distributions
+        path: dist/
+    - name: Sign the dists with Sigstore
+      uses: sigstore/[email protected]
       with:
-        changes: |
-          {
-            "manifests/base/worker/deployment.yaml": {
-              "spec.template.spec.containers[0].image": "registry.nordix.org/eiffel/etos-environment-provider-worker:${{ needs.build_worker.outputs.workerVersion }}"
-            },
-            "manifests/base/api/deployment.yaml": {
-              "spec.template.spec.containers[0].image": "registry.nordix.org/eiffel/etos-environment-provider:${{ needs.build_api.outputs.apiVersion }}"
-            }
-          }
-        branch: main
-        commitChange: true
-        message: Updating worker image to ${{ needs.build_worker.outputs.workerVersion }} and API image to ${{ needs.build_api.outputs.apiVersion }}
+        inputs: >-
+          ./dist/*.tar.gz
+          ./dist/*.whl
+    - name: Create GitHub Release
+      env:
+        GITHUB_TOKEN: ${{ github.token }}
+      run: >-
+        gh release create
+        '${{ github.ref_name }}'
+        --repo '${{ github.repository }}'
+        --generate-notes
+    - name: Upload artifact signatures to GitHub Release
+      env:
+        GITHUB_TOKEN: ${{ github.token }}
+      run: >-
+        gh release upload
+        '${{ github.ref_name }}' dist/**
+        --repo '${{ github.repository }}'
@@ -27,41 +27,3 @@ jobs:
         run: pip install -U setuptools
       - name: Run Tox
         run: tox
-
-  run-hadolint:
-    # The type of runner that the job will run on
-    runs-on: ubuntu-latest
-
-    # Steps represent a sequence of tasks that will be executed as part of the job
-    steps:
-      # Checks-out your repository under , so your job can access it
-      - uses: actions/checkout@v2
-
-      - name: Run hadolint for Environment provider
-        uses: hadolint/hadolint-action@master
-        with:
-          dockerfile: Dockerfile
-      - name: Run hadolint for Workers
-        uses: hadolint/hadolint-action@master
-        with:
-          dockerfile: Dockerfile.workers
-
-  build-docker-images:
-    # The type of runner that the job will run on
-    runs-on: ubuntu-latest
-
-    # Steps represent a sequence of tasks that will be executed as part of the job
-    steps:
-      # Checks-out your repository under , so your job can access it
-      - uses: actions/checkout@v2
-
-      - name: Build Environment provider image
-        uses: docker/build-push-action@v2
-        with:
-          context: .
-          file: ./Dockerfile
-      - name: Build Worker image
-        uses: docker/build-push-action@v2
-        with:
-          context: .
-          file: ./Dockerfile.workers