Migrate CI Pipeline to GitHub Actions#1284
Merged
Merged
Conversation
I've migrated our Azure CI Pipeline to GitHub Actions. While the general workflow is the same, there are a few changes: - `flake8` is no longer run by `pre-commit`, but rather by a separate action that adds annotations to the GH Action results page. - As we no longer have need for xml-formatted coverage files, the xmlrunner for unittest has been removed as a dependency. Instead, we now publish our coverage results to coveralls.io. - We use version 2 of docker's GitHub Action build-and-push flow, which is split over multiple steps instead of one. - I have changed the badges to GitHub Actions and coveralls.io badges. Note: Because we accept PRs from forks, we need to be a bit careful with our secrets. While we do use the `pull_request_target` event, we should not expose secrets in steps that run code from the repository. Signed-off-by: Sebastiaan Zeeff <sebastiaan.zeeff@gmail.com>
SebastiaanZ
added
a: CI
MarkKoz
requested changes
Nov 14, 2020
ghost
added
s: waiting for author
The dependency `coveralls` was installed directly in GitHub Actions, as it's not required for local dev environments. However, it's a small package and there's value in keeping all our dependency specifications in one place. That's why I've moved it to the [dev] section of our Pipfile. Signed-off-by: Sebastiaan Zeeff <sebastiaan.zeeff@gmail.com>
By default, the Checkout Actions persists the credentials in the environment. As our Actions will also run for PRs made from a fork, we don't want to persist credentials in such a way. I've also: - Ported a comment on PIP_USER and pre-commit from the azure configs - Removed unnecessary id for the pre-commit caching step Signed-off-by: Sebastiaan Zeeff <sebastiaan.zeeff@gmail.com>
ghost
added
needs 2 approvals
and removed
s: waiting for author
jb3
previously requested changes
Nov 14, 2020
Comment on lines
+24
to
+30
| PIP_NO_CACHE_DIR: false | ||
| PIP_USER: 1 | ||
| PIPENV_HIDE_EMOJIS: 1 | ||
| PIPENV_IGNORE_VIRTUALENVS: 1 | ||
| PIPENV_NOSPIN: 1 | ||
| PRE_COMMIT_HOME: ${{ github.workspace }}/.cache/pre-commit-cache | ||
| PYTHONUSERBASE: ${{ github.workspace }}/.cache/py-user-base |
Member
There was a problem hiding this comment.
Some brief documentation on these variables would be nice
ghost
added
s: waiting for author
MarkKoz
approved these changes
Nov 14, 2020
The `checkName` value of this action needs to have the same value as the name of the job. Co-authored-by: Joe Banks <joseph@josephbanks.me>
ghost
added
needs 1 approval
and removed
s: waiting for author
The codeql analysis action we had proved to add little value to our test suite and has been removed. Signed-off-by: Sebastiaan Zeeff <sebastiaan.zeeff@gmail.com>
Signed-off-by: Sebastiaan Zeeff <sebastiaan.zeeff@gmail.com>
To make the transition easier, we push the Docker container to both DockerHub and the GitHub Container Registry. I've also added a secondary tag by short commit SHA. Signed-off-by: Sebastiaan Zeeff <sebastiaan.zeeff@gmail.com>
We don't use DockerHub anymore; let's remove it! Signed-off-by: Sebastiaan Zeeff <sebastiaan.zeeff@gmail.com>
lemonsaurus
approved these changes
Nov 15, 2020
Contributor
lemonsaurus
left a comment
lemonsaurus
left a comment
There was a problem hiding this comment.
Looks great! Let's do it!
The docker-compose file should pull the site container from the GitHub Container Registry instead of DockerHub, as the latter will not receive new container images. Snekbox currently still pulls from DockerHub as it's not yet migrated to GHCR. Signed-off-by: Sebastiaan Zeeff <sebastiaan.zeeff@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
I've migrated our Azure CI Pipeline to GitHub Actions. While the general workflow is the same, there are a few changes:
flake8is no longer run bypre-commit, but rather by a separate action that adds annotations to the GH Action results page.As we no longer have need for xml-formatted coverage files, the xmlrunner for unittest has been removed as a dependency. Instead, we now publish our coverage results to coveralls.io. Each Actions run will echo a unique jobs link to the output and our README.md has a badge that points to coveralls as well.
We use version 2 of docker's GitHub Action build-and-push flow, which is split over multiple steps instead of one.
I have changed the badges to GitHub Actions and coveralls.io badges.
Note: Because we accept PRs from forks, we need to be a bit careful with our secrets. While we do use the
pull_request_targetevent, we should not expose secrets in steps that run code from the repository.