python-netfoundry/.github/workflows/main.yml at 8dba3fbf28d5991c5c0b7a84ede97af9beb409e7 · netfoundry/python-netfoundry · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
# This workflow will upload a Python Package using Twine when a release is created
# For more information see: https://help.github.com/en/actions/language-and-framework-guides/using-python-with-github-actions#publishing-to-package-registries

# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.

name: Publish Python Package and Docker Image

on:
  push:
    branches:
      - release-v*
  release:
    types: [published]

jobs:
  build_pypi_and_docker:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v2
      with:
        fetch-depth: 0 # unshallow checkout enables setuptools_scm to infer PyPi version from Git

    - name: Set up Python
      uses: actions/setup-python@v2
      with:
        python-version: '3.7'

    - name: Install dependencies
      run: |
        python -m pip install --upgrade pip
        pip install build

    - name: Build Package
      run: python -m build

    - name: Upload Wheel Artifact
      uses: actions/upload-artifact@v3
      with:
        name: netfoundry-wheel-${{ github.run_id }}
        path: dist/netfoundry-*.whl
        if-no-files-found: error

    - name: Install Wheel
      run: pip install dist/netfoundry-*.whl

    - name: Read version string
      id: read_version
      run: |
        PYPI_VERSION=$(python setup.py --version)
        [[ ${PYPI_VERSION} =~ ^[0-9]+\.[0-9]+\.[0-9]+.* ]] || {
          echo "ERROR: unexpected version string '${PYPI_VERSION}'" >&2
          exit 1
        }
        echo ::set-output name=pypi_version::${PYPI_VERSION}

    - name: Compare installed version to PyPi version
      env:
        PYPI_VERSION: ${{ steps.read_version.outputs.pypi_version }}
      run: |
        INSTALLED_VERSION="$(python3 -m netfoundry.version)"
        echo "PYPI_VERSION=${PYPI_VERSION}, INSTALLED_VERSION=${INSTALLED_VERSION#v}"
        if ! [[ ${PYPI_VERSION} == ${INSTALLED_VERSION#v} ]]; then
          echo "ERROR: PyPi and installed version do not match." >&2
          exit 1
        fi

    - name: Test shell autocomplete
      run: |
        register-python-argcomplete nfctl

    - name: Run the NF CLI demo to  test installed version
      env:
        NETFOUNDRY_CLIENT_ID: ${{ secrets.NETFOUNDRY_CLIENT_ID }}
        NETFOUNDRY_PASSWORD: ${{ secrets.NETFOUNDRY_PASSWORD }}
        NETFOUNDRY_OAUTH_URL: ${{ secrets.NETFOUNDRY_OAUTH_URL }}
      run: |
        set -x
        nfctl config \
          general.network=$(nfctl demo --echo-name --prefix 'gh-${{ github.run_id }}') \
          general.yes=True \
          general.verbose=yes || true # FIXME: sometimes config command exits with an error
        nfctl demo \
          --size medium \
          --regions us-ashburn-1 us-phoenix-1 \
          --provider OCI
        nfctl \
          list services
        nfctl \
          get service name=echo% > /tmp/echo.yml
        nfctl \
          delete service name=echo%
        nfctl \
          create service --file /tmp/echo.yml
        nfctl \
          delete network

    - name: Publish Test Package
      uses: pypa/gh-action-pypi-publish@27b31702a0e7fc50959f5ad993c78deac1bdfc29
      with:
        user: __token__
        password: ${{ secrets.TEST_PYPI_API_TOKEN }}
        repository_url: https://test.pypi.org/legacy/

    - name: Append 'latest' tag if release
      env:
        GITHUB_EVENT_ACTION: ${{ github.event.action }}
        PYPI_VERSION: ${{ steps.read_version.outputs.pypi_version }}
      id: compose_tags
      run: |
        CONTAINER_TAGS="netfoundry/python:${PYPI_VERSION}"
        if [[ ${GITHUB_EVENT_ACTION} == published ]]; then
          CONTAINER_TAGS+=",netfoundry/python:latest"
        fi
        echo GITHUB_EVENT_ACTION="${GITHUB_EVENT_ACTION}"
        echo CONTAINER_TAGS="${CONTAINER_TAGS}"
        echo ::set-output name=container_tags::${CONTAINER_TAGS}

    - name: Publish Release to PyPi
      if: github.event.action == 'published'
      uses: pypa/gh-action-pypi-publish@27b31702a0e7fc50959f5ad993c78deac1bdfc29
      with:
        user: __token__
        password: ${{ secrets.PYPI_API_TOKEN }}

    - name: Attach Wheel Artifact to GH Release
      if: ${{ github.event.action == 'published' }}
      uses: softprops/action-gh-release@v1
      with:
        files: dist/netfoundry-*.whl
        fail_on_unmatched_files: true
        generate_release_notes: true

    - name: Set up QEMU
      uses: docker/setup-qemu-action@master
      with:
        platforms: amd64,arm64
        # ignore arm/v7 (32bit) because unsupported by "cryptography" dep of
        # Ansible and demand seems unlikely

    - name: Set up Docker BuildKit
      id: buildx
      uses: docker/setup-buildx-action@master

    - name: Login to Docker Hub
      uses: docker/login-action@v1
      with:
        username: ${{ secrets.DOCKER_HUB_API_USER }}
        password: ${{ secrets.DOCKER_HUB_API_TOKEN }}

    - name: Build & Push Multi-Platform Container
      uses: docker/build-push-action@v2
      with:
        context: ${{ github.workspace }} # build context is workspace so we can copy artifacts from ./dist/
        file: ${{ github.workspace }}/docker/Dockerfile
        builder: ${{ steps.buildx.outputs.name }}
        platforms: linux/amd64,linux/arm64
        push: true
        tags: ${{ steps.compose_tags.outputs.container_tags }}