Implement VaultPkiManager #239
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build, test, and Release | |
on: | |
push: | |
permissions: | |
contents: read | |
env: | |
core_dependencies: python3-requests python3-yaml python3-mako python3-sh python3-lmdb python3-setuptools git | |
run_tests: --carthage-config=build_test/authorized.yml -k "not no_rootless and not test_pki and not requires_podman_pod" | |
jobs: | |
build_python_dist: | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
- name: Set up Python | |
uses: actions/setup-python@v2 | |
with: | |
python-version: 3.11 | |
- name: Install dependencies | |
run: | | |
python -m pip install --upgrade pip | |
pip install build toml | |
- name: Build | |
run: | | |
make dist | |
- name: upload_artifact | |
uses: actions/upload-artifact@v3 | |
with: | |
name: Python Distributions | |
path: dist/* | |
- name: Check Version consistency | |
if: github.ref_type == 'tag' | |
shell: python | |
run: | | |
import toml | |
with open('pyproject.toml', 'rt') as f: | |
result = toml.load(f) | |
assert 'v'+result['project']['version'] == '${{github.ref_name}}' | |
test_python_dist: | |
runs-on: ubuntu-22.04 | |
needs: build_python_dist | |
container: | |
image: ${{matrix.image}} | |
options: --privileged | |
strategy: | |
matrix: | |
image: ['debian:bookworm', 'debian:unstable'] | |
prefer_pip: [false, true] | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
- name: download_dist | |
uses: actions/download-artifact@v3 | |
with: | |
name: Python Distributions | |
path: dist | |
- name: install_dependencies_and_carthage | |
run: | | |
apt update | |
apt -y install python3 python3-pip python3-pytest python3-setuptools | |
test ${{matrix.prefer_pip}} = true && pip3 install --break-system-packages dist/*whl | |
if [ ${{matrix.prefer_pip}} = false ]; then | |
apt -y install $core_dependencies | |
PYTHONPATH=. ./bin/carthage --plugin carthage.podman install_dependencies | |
pip3 install --break-system-packages dist/*whl | |
fi | |
carthage --plugin carthage.podman generate_requirements >requirements.txt | |
pip3 install --break-system-packages -r requirements.txt | |
carthage --plugin carthage.podman install_dependencies | |
- name: Test Carthage | |
run: | | |
# It looks like podman create fails the first time with a resource busy | |
podman run --rm debian:latest sleep 1 || true | |
pytest-3 ${{env.run_tests}} tests | |
test_remote_podman: | |
runs-on: ubuntu-22.04 | |
concurrency: only_one_remote_podman | |
needs: build_python_dist | |
container: | |
image: 'debian:bookworm' | |
options: --privileged | |
env: | |
AWS_ACCESS_KEY: ${{secrets.AWS_ACCESS_KEY}} | |
AWS_SECRET_KEY: ${{secrets.AWS_SECRET_KEY}} | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
- name: download_dist | |
uses: actions/download-artifact@v3 | |
with: | |
name: Python Distributions | |
path: dist | |
- name: install_dependencies_and_carthage | |
run: | | |
apt update | |
apt -y install python3 python3-pip python3-pytest git sshfs podman | |
pip3 install --break-system-packages dist/*whl | |
carthage --plugin carthage.podman --plugin https://github.com/hadron/carthage-aws generate_requirements >requirements.txt | |
pip3 install --break-system-packages -r requirements.txt | |
carthage --plugin carthage.podman --plugin https://github.com/hadron/carthage-aws install_dependencies | |
# - uses: mxschmitt/action-tmate@v3 | |
# with: | |
# detached: true | |
- name: Test Carthage | |
run: | | |
# It looks like podman create fails the first time with a resource busy | |
podman run --rm debian:latest sleep 1 || true | |
pytest-3 -k 'not no_rootless' tests/test_podman.py --carthage-config=.github/aws.yml --remote-container-host -v -s --log-cli-level=info | |
github_release: | |
runs-on: ubuntu-22.04 | |
permissions: | |
contents: write | |
if: startsWith(github.ref, 'refs/tags/v') | |
needs: [build_python_dist, test_python_dist, test_remote_podman] | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
- name: download_dist | |
uses: actions/download-artifact@v3 | |
with: | |
name: Python Distributions | |
path: dist | |
- name: generate release | |
uses: softprops/action-gh-release@v1 | |
if: startsWith(github.ref, 'refs/tags/v') | |
with: | |
files: dist/* | |
fail_on_unmatched_files: true | |
generate_release_notes: true | |
test_pypi_release: | |
runs-on: ubuntu-22.04 | |
permissions: | |
id-token: write | |
environment: pypi_test | |
if: startsWith(github.ref, 'refs/tags/v') | |
needs: [build_python_dist] | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
- name: download_dist | |
uses: actions/download-artifact@v3 | |
with: | |
name: Python Distributions | |
path: dist | |
- name: Upload Distribution | |
uses: pypa/gh-action-pypi-publish@release/v1 | |
with: | |
repository-url: https://test.pypi.org/legacy/ | |
pypi_release: | |
runs-on: ubuntu-22.04 | |
permissions: | |
id-token: write | |
environment: pypi | |
if: startsWith(github.ref, 'refs/tags/v') | |
needs: [build_python_dist, github_release] | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
- name: download_dist | |
uses: actions/download-artifact@v3 | |
with: | |
name: Python Distributions | |
path: dist | |
- name: Upload Distribution | |
uses: pypa/gh-action-pypi-publish@release/v1 |