open-organisatie/.github/workflows/ci.yml at main · maykinmedia/open-organisatie · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
name: Run build pipeline

# Run this workflow every time a new commit pushed to your repository
on:
  push:
    branches:
      - main
    tags:
      - "*"
  pull_request:
  workflow_dispatch:

# least privilege as default, should be overridden per job if necessary
permissions:
  contents: read

env:
  IMAGE_NAME: maykinmedia/open-organisatie
  DJANGO_SETTINGS_MODULE: openorganisatie.conf.ci
  DB_PASSWORD: ''
  DB_USER: postgres

jobs:
  # determine changed files to decide if certain jobs can be skipped or not
  changed-files:
    runs-on: ubuntu-latest  # windows-latest | macos-latest
    name: Determine changed files
    steps:

      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          fetch-depth: 0
          persist-credentials: false

      - name: Get changed PY files
        id: changed-py-files
        run: bin/check_changed_files.sh ^src/.*\.py$

      - name: Get changed requirements files
        id: changed-requirements
        run: bin/check_changed_files.sh ^requirements/.*\.txt$

    outputs:
      changed-py-files: ${{ steps.changed-py-files.outputs.any_changed }}
      changed-requirements: ${{ steps.changed-requirements.outputs.any_changed }}

  tests:
    name: Tests (PG ${{ matrix.postgres }})
    runs-on: ubuntu-latest
    needs:
      - changed-files

    # only run tests if source files have changed (e.g. skip for PRs that only update docs)
    if: ${{ needs.changed-files.outputs.changed-py-files == 'true'|| needs.changed-files.outputs.changed-requirements == 'true'|| github.event_name == 'push' }}

    strategy:
      matrix:
        postgres: [ '14', '15', '16', '17' ]

    services:
      postgres:
        image: postgres:${{ matrix.postgres }}
        env:
          POSTGRES_HOST_AUTH_METHOD: trust
        ports:
          - 5432:5432
        # needed because the postgres container does not provide a healthcheck
        options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5

    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false
      - name: Set up backend environment
        uses: maykinmedia/setup-django-backend@a9abe0987130ed667fa09ce177a5ae0bd153aed1 # v1.3
        with:
          python-version: '3.12'
          setup-node: true

      - name: Run tests
        run: |
          python src/manage.py collectstatic --noinput --link
          coverage run src/manage.py test src
        env:
          SECRET_KEY: dummy

      - name: Publish coverage report
        uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0
        with:
          token: ${{ secrets.CODECOV_TOKEN }}

#  check-envvar-docs:
#    runs-on: ubuntu-latest
#    name: Documentation build
#
#    steps:
#      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
#      - name: Set up backend environment
#        uses: maykinmedia/setup-django-backend@a9abe0987130ed667fa09ce177a5ae0bd153aed1 # v1.3
#        with:
#          python-version: '3.12'
#          setup-node: false
#
#      - name: Generate environment variable documentation using OAf and check if it was updated
#        run: |
#          bin/generate_env_var_docs.sh
#          changes=$(git diff docs/installation/config/env_config.rst)
#          if [ ! -z "$changes" ]; then
#              echo $changes
#              echo "Please update the environment documentation by running \`bin/generate_env_var_docs.sh\`"
#              exit 1
#          fi

  store-reusable-workflow-vars:
    name: create values which can be passed through a reusable workflow
    runs-on: ubuntu-latest
    outputs:
      image-name: ${{ steps.image-name.outputs.image-name }}

    steps:
      - run: echo "image-name=$IMAGE_NAME" >> $GITHUB_OUTPUT
        name: 'Store the docker image name'
        id: image-name

  open-api-ci:
    uses: maykinmedia/open-api-workflows/.github/workflows/ci.yml@79102b911003d75203ca2fed7df01ad79d9b6bba  # v6.4.0
    needs:
      - store-reusable-workflow-vars
    permissions:
      contents: read
      security-events: write  # required for `Scan docker image` step
    with:
      apt-packages: 'graphviz graphviz-dev'
      main-branch: 'main'
      run-docs: true
      python-version: '3.12'
      docker-image-name: ${{ needs.store-reusable-workflow-vars.outputs.image-name }}
      django-settings-module: openorganisatie.conf.ci

  open-api-publish:
    uses: maykinmedia/open-api-workflows/.github/workflows/publish.yml@79102b911003d75203ca2fed7df01ad79d9b6bba  # v6.4.0
    needs:
      - store-reusable-workflow-vars
      - open-api-ci
      - tests
    with:
      docker-image-name: ${{ needs.store-reusable-workflow-vars.outputs.image-name }}
      repository-owner: 'maykinmedia'
    secrets:
      docker-username: ${{ secrets.DOCKER_USERNAME }}
      docker-token: ${{ secrets.DOCKER_TOKEN }}