From ded520e374535b86013ca3a1de5c5eb1d3444bcb Mon Sep 17 00:00:00 2001 From: Sebastiaan Zeeff Date: Wed, 18 Nov 2020 18:55:36 +0100 Subject: [PATCH 1/5] Pull snekbox image from GHCR in docker-compose We're in the process of migrating snekbox to the GitHub Container Repository, which will replace DockerHub. I've changed docker-compose to reflect that change. Signed-off-by: Sebastiaan Zeeff --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index dc89e88859..0002d1d56f 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -18,7 +18,7 @@ services: - "127.0.0.1:6379:6379" snekbox: - image: pythondiscord/snekbox:latest + image: ghcr.io/python-discord/snekbox:latest init: true ipc: none ports: From ccd0e150d34693ff0d459e7b2d0300b30192e987 Mon Sep 17 00:00:00 2001 From: Sebastiaan Zeeff Date: Wed, 18 Nov 2020 21:15:29 +0100 Subject: [PATCH 2/5] Make sure we lint the actual pull request Unfortunately, our old setup did not actually lint the PR, as it was running in the context of the target repository. To sidestep the issue of using `pull_request_target` altogether, I've now changed our run of flake8 to using it directly and having it output its errors in teh format of Workflow Commands. This means that our flake8 output will not be translated automatically in annotations for the run. In addition, I've split up the workflow into two separate files: one for linting & testing and one for building (& deploying). Signed-off-by: Sebastiaan Zeeff --- .github/workflows/build.yml | 51 ++++++++++++++ .../{lint-test-build.yml => lint-test.yml} | 68 ++++--------------- 2 files changed, 64 insertions(+), 55 deletions(-) create mode 100644 .github/workflows/build.yml rename .github/workflows/{lint-test-build.yml => lint-test.yml} (65%) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000000..fa1449c853 --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,51 @@ +name: Build + +on: + workflow_run: + workflows: ["Lint & Test"] + branches: + - master + types: + - completed + +jobs: + build: + if: github.event.workflow_run.conclusion == 'success' + name: Build & Push + runs-on: ubuntu-latest + + steps: + # Create a commit SHA-based tag for the container repositories + - name: Create SHA Container Tag + id: sha_tag + run: | + tag=$(cut -c 1-7 <<< $GITHUB_SHA) + echo "::set-output name=tag::$tag" + + - name: Checkout code + uses: actions/checkout@v2 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + + - name: Login to Github Container Registry + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GHCR_TOKEN }} + + # Build and push the container to the GitHub Container + # Repository. The container will be tagged as "latest" + # and with the short SHA of the commit. + - name: Build and push + uses: docker/build-push-action@v2 + with: + context: . + file: ./Dockerfile + push: true + cache-from: type=registry,ref=ghcr.io/python-discord/bot:latest + cache-to: type=inline + tags: | + ghcr.io/python-discord/bot:latest + ghcr.io/python-discord/bot:${{ steps.sha_tag.outputs.tag }} diff --git a/.github/workflows/lint-test-build.yml b/.github/workflows/lint-test.yml similarity index 65% rename from .github/workflows/lint-test-build.yml rename to .github/workflows/lint-test.yml index c63f78ff6e..5444fc3de7 100644 --- a/.github/workflows/lint-test-build.yml +++ b/.github/workflows/lint-test.yml @@ -1,13 +1,10 @@ -name: Lint, Test, Build +name: Lint & Test on: push: branches: - master - # We use pull_request_target as we get PRs from - # forks, but need to be able to add annotations - # for our flake8 step. - pull_request_target: + pull_request: jobs: @@ -42,12 +39,8 @@ jobs: - name: Add custom PYTHONUSERBASE to PATH run: echo '${{ env.PYTHONUSERBASE }}/bin/' >> $GITHUB_PATH - # We don't want to persist credentials, as our GitHub Action - # may be run when a PR is made from a fork. - name: Checkout repository uses: actions/checkout@v2 - with: - persist-credentials: false - name: Setup python id: python @@ -94,14 +87,18 @@ jobs: - name: Run pre-commit hooks run: export PIP_USER=0; SKIP=flake8 pre-commit run --all-files - # This step requires `pull_request_target`, as adding annotations - # requires "write" permissions to the repo. + # Run flake8 and have it format the linting errors in the format of + # the GitHub Workflow command to register error annotations. This + # means that our flake8 output is automatically added as an error + # annotation to both the run result and in the "Files" tab of a + # pull request. + # + # Format used: + # ::error file={filename},line={line},col={col}::{message} - name: Run flake8 - uses: julianwachholz/flake8-action@v1 - with: - checkName: lint-test - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: "flake8 \ + --format='::error file=%(path)s,line=%(row)d,col=%(col)d::\ + [flake8] %(code)s: %(text)s'" # We run `coverage` using the `python` command so we can suppress # irrelevant warnings in our CI output. @@ -116,42 +113,3 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: coveralls - - build-and-push: - needs: lint-test - if: github.event_name != 'pull_request_target' && github.ref == 'refs/heads/master' - runs-on: ubuntu-latest - - steps: - # Create a commit SHA-based tag for the container repositories - - name: Create SHA Container Tag - id: sha_tag - run: | - tag=$(cut -c 1-7 <<< $GITHUB_SHA) - echo "::set-output name=tag::$tag" - - name: Checkout code - uses: actions/checkout@v2 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 - - - name: Login to Github Container Registry - uses: docker/login-action@v1 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GHCR_TOKEN }} - - # This step builds and pushed the container to the - # Github Container Registry tagged with "latest" and - # the short SHA of the commit. - - name: Build and push - uses: docker/build-push-action@v2 - with: - context: . - file: ./Dockerfile - push: true - cache-from: type=registry,ref=ghcr.io/python-discord/bot:latest - tags: | - ghcr.io/python-discord/bot:latest - ghcr.io/python-discord/bot:${{ steps.sha_tag.outputs.tag }} From 5fe041d1e67ee767788d02f0428250213c43acce Mon Sep 17 00:00:00 2001 From: Sebastiaan Zeeff Date: Wed, 18 Nov 2020 21:35:27 +0100 Subject: [PATCH 3/5] Update badges in README to new workflows Signed-off-by: Sebastiaan Zeeff --- README.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 482ada08c8..210b3e047e 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,8 @@ # Python Utility Bot [![Discord](https://img.shields.io/static/v1?label=Python%20Discord&logo=discord&message=%3E100k%20members&color=%237289DA&logoColor=white)](https://discord.gg/2B963hn) -![Lint, Test, Build](https://github.com/python-discord/bot/workflows/Lint,%20Test,%20Build/badge.svg?branch=master) +[![Lint & Test][1]][2] +[![Build][3]][4] [![Coverage Status](https://coveralls.io/repos/github/python-discord/bot/badge.svg)](https://coveralls.io/github/python-discord/bot) [![License](https://img.shields.io/github/license/python-discord/bot)](LICENSE) [![Website](https://img.shields.io/badge/website-visit-brightgreen)](https://pythondiscord.com) @@ -10,3 +11,8 @@ This project is a Discord bot specifically for use with the Python Discord serve and other tools to help keep the server running like a well-oiled machine. Read the [Contributing Guide](https://pythondiscord.com/pages/contributing/bot/) on our website if you're interested in helping out. + +[1]: https://github.com/python-discord/bot/workflows/Lint%20&%20Test/badge.svg?branch=master +[2]: https://github.com/python-discord/bot/actions?query=workflow%3A%22Lint+%26+Test%22+branch%3Amaster +[3]: https://github.com/python-discord/bot/workflows/Build/badge.svg?branch=master +[4]: https://github.com/python-discord/bot/actions?query=workflow%3ABuild+branch%3Amaster From 6b07eb115a5db91579a35f8ce899c6ea5943ef1d Mon Sep 17 00:00:00 2001 From: Sebastiaan Zeeff Date: Wed, 18 Nov 2020 21:39:46 +0100 Subject: [PATCH 4/5] Use GHCR image tags in Pipfile Signed-off-by: Sebastiaan Zeeff --- Pipfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Pipfile b/Pipfile index 0730b91509..103ce84cf8 100644 --- a/Pipfile +++ b/Pipfile @@ -48,8 +48,8 @@ python_version = "3.8" start = "python -m bot" lint = "pre-commit run --all-files" precommit = "pre-commit install" -build = "docker build -t pythondiscord/bot:latest -f Dockerfile ." -push = "docker push pythondiscord/bot:latest" +build = "docker build -t ghcr.io/python-discord/bot:latest -f Dockerfile ." +push = "docker push ghcr.io/python-discord/bot:latest" test = "coverage run -m unittest" html = "coverage html" report = "coverage report" From 79404ca86434382c297a8247fed06d820323cdc5 Mon Sep 17 00:00:00 2001 From: Sebastiaan Zeeff Date: Thu, 19 Nov 2020 00:17:15 +0100 Subject: [PATCH 5/5] Add comment explaining buildx to workflow It's better to document these steps. Signed-off-by: Sebastiaan Zeeff --- .github/workflows/build.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index fa1449c853..706ab462f4 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -25,6 +25,12 @@ jobs: - name: Checkout code uses: actions/checkout@v2 + # The current version (v2) of Docker's build-push action uses + # buildx, which comes with BuildKit features that help us speed + # up our builds using additional cache features. Buildx also + # has a lot of other features that are not as relevant to us. + # + # See https://github.com/docker/build-push-action - name: Set up Docker Buildx uses: docker/setup-buildx-action@v1