ci(GITHUB): update pib template to latest

osx-provisioner · Jan 14, 2022 · 86a8fac · 86a8fac
1 parent f1fbcc0
commit 86a8fac
Show file tree

Hide file tree

Showing 26 changed files with 304 additions and 142 deletions.
diff --git a/.cookiecutter/cookiecutter.json b/.cookiecutter/cookiecutter.json
@@ -1,14 +1,27 @@
 {
-    "_pib_cli_version": "0.1.2",
-    "_template": "python-in-a-box/",
+    "_GITHUB_ACTION_MARKDOWN_LINK_CHECK": "gaurav-nelson/github-action-markdown-link-check@1.0.12",
+    "_GITHUB_ANCHORE_SCAN_ACTION": "anchore/scan-action@v2",
+    "_GITHUB_CODEQL_ACTION_UPLOAD_SARIF": "github/codeql-action/upload-sarif@v1",
+    "_GITHUB_DOCKER_BUILDX_ACTION": "docker/setup-buildx-action@v1",
+    "_GITHUB_DOCKER_BUILD_PUSH_ACTION": "docker/build-push-action@v2",
+    "_GITHUB_DOCKER_LOGIN_ACTION": "docker/login-action@v1",
+    "_GITHUB_GENERATE_CHANGELOG_ACTION": "scottbrenner/generate-changelog-action@v1.3.3",
+    "_GITHUB_GITLEAKS_ACTION": "zricethezav/gitleaks-action@v1.6.0",
+    "_GITHUB_HADOLINT_ACTION": "hadolint/hadolint-action@v1.6.0",
+    "_GITHUB_PUSH_ACTION": "ad-m/github-push-action@v0.6.0",
+    "_GITHUB_YAMLLINT_ACTION": "ibiqlik/action-yamllint@v3",
+    "_pib_cli_version": "0.1.5",
+    "_template": "https://github.com/niall-byrne/python-in-a-box.git",
     "author": "Niall Byrne",
     "description": "Ansible based provisioner for OSX machines.",
     "email": "niall@niallbyrne.ca",
     "github_username": "osx-provisioner",
     "include_gitconfig": "true",
     "include_gitconfig_global": "true",
+    "include_lock_file": "false",
     "include_ssh_keys": "true",
     "project_name": "Mac Maker",
     "project_slug": "mac_maker",
-    "python_version": "3.8"
+    "python_version": "3.8",
+    "typing_support": "true"
 }
diff --git a/.github/scripts/build_container.sh b/.github/scripts/build_container.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-set -o pipefail
+set -eo pipefail
 
 main() {
 

diff --git a/.github/scripts/patch_pep.sh b/.github/scripts/patch_pep.sh
@@ -1,12 +1,12 @@
 #!/bin/bash
 
-set -o pipefail
+set -eo pipefail
 
 main() {
 
   git apply patches/pep.patch
   dev reinstall-requirements
-  black --check .
+  poetry run black --check .
   dev fmt
   dev lint
 

diff --git a/.github/scripts/release_docker.sh b/.github/scripts/release_docker.sh
@@ -1,12 +1,12 @@
 #!/bin/bash
 
-set -o pipefail
+set -eo pipefail
 
 main() {
 
   if [[ -n "${DOCKER_TOKEN}" ]]; then
 
-    echo "CD_ENABLED=true" >> "$GITHUB_ENV"
+    echo "CD_DOCKER_REPO_ENABLED=true" >> "$GITHUB_ENV"
 
   fi
 

diff --git a/.github/scripts/release_pypi.sh b/.github/scripts/release_pypi.sh
@@ -1,27 +1,41 @@
 #!/bin/bash
 
-set -o pipefail
+set -eo pipefail
 
 main() {
 
-  if [[ -n "${TEST_PYPI_API_TOKEN}" ]]; then
+  RELEASE_TYPE="none"
 
-    echo "CD_TEST=true" >> "$GITHUB_ENV"
-    docker-compose exec -T "${PROJECT_NAME}" bash -c "                                                 \
-      poetry config repositories.testpypi https://test.pypi.org/legacy/                             && \
-      poetry publish --build -r testpypi --username __token__ --password \"${TEST_PYPI_API_TOKEN}\"    \
-    "
+  if [[ -n "${TEST_PYPI_API_TOKEN}" ]] && [[ "${SELECTED_PYPI_REPOSITORY}" == "test" ]]; then
+    # If there is an production pypi token, and test_release is active, use test mode
+    RELEASE_TYPE="test"
   fi
 
-  if [[ -n "${PYPI_API_TOKEN}" ]]; then
-
-    echo "CD_ENABLED=true" >> "$GITHUB_ENV"
-    docker-compose exec -T "${PROJECT_NAME}" bash -c "                                                 \
-      poetry publish --build --username __token__ --password \"${PYPI_API_TOKEN}\"                     \
-    "
-
+  if [[ -n "${PYPI_API_TOKEN}" ]] && [[ "${SELECTED_PYPI_REPOSITORY}" == "production" ]]; then
+    # If there is an production pypi token, and test_release is off, use production mode
+    RELEASE_TYPE="production"
   fi
 
+  case "${RELEASE_TYPE}" in
+    "test")
+      echo "CD_USE_TEST=true" >> "$GITHUB_ENV"
+      docker-compose exec -T "${PROJECT_NAME}" bash -c "                                                 \
+        poetry config repositories.testpypi https://test.pypi.org/legacy/                             && \
+        poetry publish --build -r testpypi --username __token__ --password \"${TEST_PYPI_API_TOKEN}\"    \
+      "
+      ;;
+    "production")
+      echo "CD_USE_PRODUCTION=true" >> "$GITHUB_ENV"
+      docker-compose exec -T "${PROJECT_NAME}" bash -c "                                                 \
+        poetry publish --build --username __token__ --password \"${PYPI_API_TOKEN}\"                     \
+      "
+      ;;
+    *)
+      echo "DEBUG: Cannot perform a test or production release with these credentials and settings."
+      echo "DEBUG: SELECTED_PYPI_REPOSITORY was set to: \"${SELECTED_PYPI_REPOSITORY}\""
+      ;;
+  esac
+
 }
 
 main "$@"
diff --git a/.github/scripts/setup.sh b/.github/scripts/setup.sh
@@ -2,21 +2,18 @@
 
 # shellcheck disable=SC2129
 
-set -o pipefail
+set -eo pipefail
 
 main() {
   BRANCH_OR_TAG="$(echo "${GITHUB_REF}" | sed 's/refs\/heads\///g' | sed 's/refs\/tags\///g')"
-  PROJECT_NAME="mac_maker"
-  USERNAME="osx-provisioner"
+  WORKFLOW_URL="$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID"
   echo "PYTHON_VERSION=${PYTHON_VERSION}" >> "$GITHUB_ENV"
   echo "BRANCH_OR_TAG=${BRANCH_OR_TAG}" >> "$GITHUB_ENV"
   echo "WEBHOOK_URL=${WEBHOOK_URL}" >> "$GITHUB_ENV"
-  echo "PROJECT_NAME=${PROJECT_NAME}" >> "$GITHUB_ENV"
-  echo "NOTIFICATION=${PROJECT_NAME} [${BRANCH_OR_TAG}]" >> "$GITHUB_ENV"
-  echo "USERNAME=${USERNAME}" >> "$GITHUB_ENV"
+  echo "NOTIFICATION=${PROJECT_NAME} [<${WORKFLOW_URL}|${BRANCH_OR_TAG}>]" >> "$GITHUB_ENV"
   echo "DOCKER_USERNAME=${DOCKER_USERNAME}" >> "$GITHUB_ENV"
-  echo "CD_ENABLED=false" >> "$GITHUB_ENV"
-  echo "CD_TEST=false" >> "$GITHUB_ENV"
+  echo "SELECTED_PYPI_REPOSITORY=${SELECTED_PYPI_REPOSITORY}" >> "$GITHUB_ENV"
 }
 
 main "$@"
+
diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml
@@ -10,8 +10,12 @@ on:
     - cron: "0 6 * * 1"
   workflow_dispatch:
 
-jobs:
+env:
+  PROJECT_NAME: "mac_maker"
+  USERNAME: "osx-provisioner"
+  VERBOSE_NOTIFICATIONS: 0
 
+jobs:
   apply:
     needs: [osx_build]
 
@@ -28,7 +32,7 @@ jobs:
     steps:
       - name: Apply Test -- Checkout
         if: contains(github.ref, '/tags/v') || github.ref == 'refs/heads/master' || github.ref == 'refs/heads/production'
-        uses: actions/checkout@v1
+        uses: actions/checkout@v2
 
       - name: Apply Test -- Download Built Binary
         if: contains(github.ref, '/tags/v') || github.ref == 'refs/heads/master' || github.ref == 'refs/heads/production'
@@ -55,7 +59,7 @@ jobs:
           ./.github/scripts/notifications.sh "${NOTIFICATION}" ":white_check_mark: ${{ matrix.os }} profile application using built binary (${{ matrix.os }} ${{ matrix.platform }}) was successful"
 
       - name: Apply Test -- Report Job Status (Failure)
-        if: failure() && (contains(github.ref, '/tags/v') || github.ref == 'refs/heads/master' || github.ref == 'refs/heads/production')
+        if: failure()
         run: |
           ./.github/scripts/notifications.sh "${NOTIFICATION}" ":x: ${{ matrix.os }} profile application using built binary (${{ matrix.os }} ${{ matrix.platform }}) failed!"
 
@@ -74,7 +78,7 @@ jobs:
     steps:
       - name: OSX Build -- Checkout
         if: contains(github.ref, '/tags/v') || github.ref == 'refs/heads/master' || github.ref == 'refs/heads/production'
-        uses: actions/checkout@v1
+        uses: actions/checkout@v2
 
       - name: OSX Build -- Setup Environment
         if: contains(github.ref, '/tags/v') || github.ref == 'refs/heads/master' || github.ref == 'refs/heads/production'
@@ -133,7 +137,7 @@ jobs:
           ./.github/scripts/notifications.sh "${NOTIFICATION}" ":white_check_mark: ${{ matrix.os }} binary build for Python ${PYTHON_VERSION} was successful"
 
       - name: OSX Build -- Report Job Status (Failure)
-        if: failure() && (contains(github.ref, '/tags/v') || github.ref == 'refs/heads/master' || github.ref == 'refs/heads/production')
+        if: failure()
         run: |
           ./.github/scripts/notifications.sh "${NOTIFICATION}" ":x: ${{ matrix.os }} binary build for Python ${PYTHON_VERSION} failed!"
 
@@ -148,7 +152,7 @@ jobs:
 
     steps:
       - name: Container Build -- Checkout
-        uses: actions/checkout@v1
+        uses: actions/checkout@v2
 
       - name: Container Build -- Setup Environment
         run: |
@@ -189,13 +193,14 @@ jobs:
 
       - name: Container Build -- Run MyPy
         run: |
-          docker-compose exec -T "${PROJECT_NAME}" mypy "${PROJECT_NAME}"
+          docker-compose exec -T "${PROJECT_NAME}" dev types
 
       - name: Container Build -- Run Release Validation
         run: |
           docker-compose exec -T "${PROJECT_NAME}" ./scripts/release.sh
 
       - name: Container Build -- Report Job Status (Success)
+        if: ${{ env.VERBOSE_NOTIFICATIONS  == '1' }}
         run: |
           ./.github/scripts/notifications.sh "${NOTIFICATION}" ":white_check_mark: container build for Python ${PYTHON_VERSION} was successful"
 
@@ -218,7 +223,9 @@ jobs:
     steps:
       - name: Create Release -- Checkout
         if: contains(github.ref, '/tags/v')
-        uses: actions/checkout@v1
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
 
       - name: Download Built Binary
         if: contains(github.ref, '/tags/v')
@@ -296,7 +303,7 @@ jobs:
 
     steps:
       - name: Documentation Test -- Checkout Repository
-        uses: actions/checkout@v1
+        uses: actions/checkout@v2
 
       - name: Documentation Test -- Setup Environment
         run: |
@@ -311,6 +318,7 @@ jobs:
           use-verbose-mode: 'yes'
 
       - name: Documentation Test -- Report Success
+        if: ${{ env.VERBOSE_NOTIFICATIONS  == '1' }}
         run: |
           ./.github/scripts/notifications.sh "${NOTIFICATION}" ":white_check_mark: documentation checks were successful!"
 
@@ -326,7 +334,9 @@ jobs:
     steps:
 
       - name: Security Test -- Checkout Repository
-        uses: actions/checkout@v1
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
 
       - name: Documentation Test -- Setup Environment
         run: |
@@ -338,8 +348,10 @@ jobs:
         uses: zricethezav/gitleaks-action@v1.6.0
 
       - name: Security Test -- Report Success
+        if: ${{ env.VERBOSE_NOTIFICATIONS  == '1' }}
         run: |
           ./.github/scripts/notifications.sh "${NOTIFICATION}" ":white_check_mark: security checks were successful!"
+
       - name: Security Test -- Report Failure
         if: failure()
         run: |
@@ -351,7 +363,7 @@ jobs:
 
     steps:
       - name: Shellcheck -- Checkout Repository
-        uses: actions/checkout@v1
+        uses: actions/checkout@v2
 
       - name: Shellcheck -- Setup Environment
         run: |
@@ -364,6 +376,7 @@ jobs:
           source .github/scripts/shellcheck.sh
 
       - name: Shellcheck -- Report Job Status on Success
+        if: ${{ env.VERBOSE_NOTIFICATIONS  == '1' }}
         run: |
           ./.github/scripts/notifications.sh "${NOTIFICATION}" ":white_check_mark: shellcheck checks were successful!"
 
@@ -372,6 +385,52 @@ jobs:
         run: |
           ./.github/scripts/notifications.sh "${NOTIFICATION}" ":x: shellcheck checks failed!"
 
+  start_notification:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Start -- Checkout Repository
+        uses: actions/checkout@v1
+
+      - name: Start -- Setup Environment
+        run: |
+          source ./.github/scripts/setup.sh
+        env:
+          WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
+
+      - name: Start -- Report Job Status on Success
+        run: |
+          ./.github/scripts/notifications.sh "${NOTIFICATION}" ":white_check_mark: workflow has started!"
+
+      - name: Start -- Report Job Status on Failure
+        if: failure()
+        run: |
+          ./.github/scripts/notifications.sh "${NOTIFICATION}" ":x: error reporting job status!"
+
+  success_notification:
+    needs: [create_release]
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Success -- Checkout Repository
+        uses: actions/checkout@v1
+
+      - name: Success -- Setup Environment
+        run: |
+          source .github/scripts/setup.sh
+        env:
+          WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
+
+      - name: Success -- Report Job Status on Success
+        run: |
+          ./.github/scripts/notifications.sh "${NOTIFICATION}" ":white_check_mark: all checks were successful!"
+
+      - name: Success -- Report Job Status on Failure
+        if: failure()
+        run: |
+          ./.github/scripts/notifications.sh "${NOTIFICATION}" ":x: error reporting job status!"
+
   workflow_lint_test:
 
     runs-on: ubuntu-latest
@@ -387,7 +446,7 @@ jobs:
           python-version: ${{ matrix.python-version }}
 
       - name: Workflow Lint -- Checkout Repository
-        uses: actions/checkout@v1
+        uses: actions/checkout@v2
 
       - name: Workflow Lint -- Setup Environment
         run: |
@@ -401,6 +460,7 @@ jobs:
           yamllint ./.github/workflows -c .yamllint.yml -f standard
 
       - name: Workflow Lint -- Report Job Status on Success
+        if: ${{ env.VERBOSE_NOTIFICATIONS  == '1' }}
         run: |
           ./.github/scripts/notifications.sh "${NOTIFICATION}" ":white_check_mark: workflow linting was successful!"
 

diff --git a/.readthedocs.yml b/.readthedocs.yml
@@ -6,9 +6,10 @@ sphinx:
   configuration: documentation/source/conf.py
 formats: []
 python:
-  version: 3.8
+  version: "3.8"
   install:
     - method: pip
       path: .
-    - requirements: documentation/requirements.txt
+      extra_requirements:
+        - docs
   system_packages: false