ci: use native caching (#2665)
* ci: use native caching * migrate to actions * cleanup * migrate more
This commit is contained in:
parent
964a3276a1
commit
0c2e9234bf
49
.github/actions/docker-setup/action.yml
vendored
Normal file
49
.github/actions/docker-setup/action.yml
vendored
Normal file
|
@ -0,0 +1,49 @@
|
||||||
|
name: 'Prepare docker environment variables'
|
||||||
|
description: 'Prepare docker environment variables'
|
||||||
|
|
||||||
|
outputs:
|
||||||
|
shouldBuild:
|
||||||
|
description: "Whether to build image or not"
|
||||||
|
value: ${{ steps.ev.outputs.shouldBuild }}
|
||||||
|
branchName:
|
||||||
|
description: "Branch name"
|
||||||
|
value: ${{ steps.ev.outputs.branchName }}
|
||||||
|
branchNameContainer:
|
||||||
|
description: "Branch name (for containers)"
|
||||||
|
value: ${{ steps.ev.outputs.branchNameContainer }}
|
||||||
|
timestamp:
|
||||||
|
description: "Timestamp"
|
||||||
|
value: ${{ steps.ev.outputs.timestamp }}
|
||||||
|
sha:
|
||||||
|
description: "sha"
|
||||||
|
value: ${{ steps.ev.outputs.sha }}
|
||||||
|
|
||||||
|
runs:
|
||||||
|
using: "composite"
|
||||||
|
steps:
|
||||||
|
- name: Generate config
|
||||||
|
id: ev
|
||||||
|
shell: python
|
||||||
|
run: |
|
||||||
|
"""Helper script to get the actual branch name, docker safe"""
|
||||||
|
import os
|
||||||
|
from time import time
|
||||||
|
|
||||||
|
env_pr_branch = "GITHUB_HEAD_REF"
|
||||||
|
default_branch = "GITHUB_REF"
|
||||||
|
sha = "GITHUB_SHA"
|
||||||
|
|
||||||
|
branch_name = os.environ[default_branch]
|
||||||
|
if os.environ.get(env_pr_branch, "") != "":
|
||||||
|
branch_name = os.environ[env_pr_branch]
|
||||||
|
|
||||||
|
should_build = str(os.environ.get("DOCKER_USERNAME", "") != "").lower()
|
||||||
|
|
||||||
|
print("##[set-output name=branchName]%s" % branch_name)
|
||||||
|
print(
|
||||||
|
"##[set-output name=branchNameContainer]%s"
|
||||||
|
% branch_name.replace("refs/heads/", "").replace("/", "-")
|
||||||
|
)
|
||||||
|
print("##[set-output name=timestamp]%s" % int(time()))
|
||||||
|
print("##[set-output name=sha]%s" % os.environ[sha])
|
||||||
|
print("##[set-output name=shouldBuild]%s" % should_build)
|
45
.github/actions/setup/action.yml
vendored
Normal file
45
.github/actions/setup/action.yml
vendored
Normal file
|
@ -0,0 +1,45 @@
|
||||||
|
name: 'Setup authentik testing environemnt'
|
||||||
|
description: 'Setup authentik testing environemnt'
|
||||||
|
|
||||||
|
runs:
|
||||||
|
using: "composite"
|
||||||
|
steps:
|
||||||
|
- name: Install poetry
|
||||||
|
shell: bash
|
||||||
|
run: |
|
||||||
|
pipx install poetry || true
|
||||||
|
sudo apt update
|
||||||
|
sudo apt install -y libxmlsec1-dev pkg-config gettext
|
||||||
|
- name: Setup python and restore poetry
|
||||||
|
uses: actions/setup-python@v3
|
||||||
|
with:
|
||||||
|
python-version: '3.10'
|
||||||
|
cache: 'poetry'
|
||||||
|
- name: Setup node
|
||||||
|
uses: actions/setup-node@v3.1.0
|
||||||
|
with:
|
||||||
|
node-version: '16'
|
||||||
|
cache: 'npm'
|
||||||
|
cache-dependency-path: web/package-lock.json
|
||||||
|
- name: Setup dependencies
|
||||||
|
shell: bash
|
||||||
|
run: |
|
||||||
|
docker-compose -f .github/actions/setup/docker-compose.yml up -d
|
||||||
|
poetry env use python3.10
|
||||||
|
poetry install
|
||||||
|
npm install -g pyright@1.1.136
|
||||||
|
- name: Generate config
|
||||||
|
shell: poetry run python {0}
|
||||||
|
run: |
|
||||||
|
from authentik.lib.generators import generate_id
|
||||||
|
from yaml import safe_dump
|
||||||
|
|
||||||
|
with open("local.env.yml", "w") as _config:
|
||||||
|
safe_dump(
|
||||||
|
{
|
||||||
|
"log_level": "debug",
|
||||||
|
"secret_key": generate_id(),
|
||||||
|
},
|
||||||
|
_config,
|
||||||
|
default_flow_style=False,
|
||||||
|
)
|
119
.github/workflows/ci-main.yml
vendored
119
.github/workflows/ci-main.yml
vendored
|
@ -32,35 +32,16 @@ jobs:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v3
|
- uses: actions/checkout@v3
|
||||||
- uses: actions/setup-python@v3
|
- name: Setup authentik env
|
||||||
- uses: actions/setup-node@v3.1.0
|
uses: ./.github/actions/setup
|
||||||
with:
|
|
||||||
node-version: '16'
|
|
||||||
- id: cache-poetry
|
|
||||||
uses: actions/cache@v3
|
|
||||||
with:
|
|
||||||
path: ~/.cache/pypoetry/virtualenvs
|
|
||||||
key: ${{ runner.os }}-poetry-cache-v2-${{ hashFiles('**/poetry.lock') }}
|
|
||||||
- name: prepare
|
|
||||||
env:
|
|
||||||
INSTALL: ${{ steps.cache-poetry.outputs.cache-hit }}
|
|
||||||
run: scripts/ci_prepare.sh
|
|
||||||
- name: run job
|
- name: run job
|
||||||
run: poetry run make ci-${{ matrix.job }}
|
run: poetry run make ci-${{ matrix.job }}
|
||||||
test-migrations:
|
test-migrations:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v3
|
- uses: actions/checkout@v3
|
||||||
- uses: actions/setup-python@v3
|
- name: Setup authentik env
|
||||||
- id: cache-poetry
|
uses: ./.github/actions/setup
|
||||||
uses: actions/cache@v3
|
|
||||||
with:
|
|
||||||
path: ~/.cache/pypoetry/virtualenvs
|
|
||||||
key: ${{ runner.os }}-poetry-cache-v2-${{ hashFiles('**/poetry.lock') }}
|
|
||||||
- name: prepare
|
|
||||||
env:
|
|
||||||
INSTALL: ${{ steps.cache-poetry.outputs.cache-hit }}
|
|
||||||
run: scripts/ci_prepare.sh
|
|
||||||
- name: run migrations
|
- name: run migrations
|
||||||
run: poetry run python -m lifecycle.migrate
|
run: poetry run python -m lifecycle.migrate
|
||||||
test-migrations-from-stable:
|
test-migrations-from-stable:
|
||||||
|
@ -69,17 +50,8 @@ jobs:
|
||||||
- uses: actions/checkout@v3
|
- uses: actions/checkout@v3
|
||||||
with:
|
with:
|
||||||
fetch-depth: 0
|
fetch-depth: 0
|
||||||
- uses: actions/setup-python@v3
|
- name: Setup authentik env
|
||||||
- name: prepare variables
|
uses: ./.github/actions/setup
|
||||||
id: ev
|
|
||||||
run: |
|
|
||||||
python ./scripts/gh_env.py
|
|
||||||
sudo pip install -U pipenv
|
|
||||||
- id: cache-poetry
|
|
||||||
uses: actions/cache@v3
|
|
||||||
with:
|
|
||||||
path: ~/.cache/pypoetry/virtualenvs
|
|
||||||
key: ${{ runner.os }}-poetry-cache-v2-${{ hashFiles('**/poetry.lock') }}
|
|
||||||
- name: checkout stable
|
- name: checkout stable
|
||||||
run: |
|
run: |
|
||||||
# Copy current, latest config to local
|
# Copy current, latest config to local
|
||||||
|
@ -89,13 +61,8 @@ jobs:
|
||||||
git checkout $(git describe --abbrev=0 --match 'version/*')
|
git checkout $(git describe --abbrev=0 --match 'version/*')
|
||||||
rm -rf .github/ scripts/
|
rm -rf .github/ scripts/
|
||||||
mv ../.github ../scripts .
|
mv ../.github ../scripts .
|
||||||
- name: prepare
|
- name: Setup authentik env (ensure stable deps are installed)
|
||||||
env:
|
uses: ./.github/actions/setup
|
||||||
INSTALL: ${{ steps.cache-poetry.outputs.cache-hit }}
|
|
||||||
run: |
|
|
||||||
scripts/ci_prepare.sh
|
|
||||||
# install anyways since stable will have different dependencies
|
|
||||||
poetry install
|
|
||||||
- name: run migrations to stable
|
- name: run migrations to stable
|
||||||
run: poetry run python -m lifecycle.migrate
|
run: poetry run python -m lifecycle.migrate
|
||||||
- name: checkout current code
|
- name: checkout current code
|
||||||
|
@ -103,28 +70,19 @@ jobs:
|
||||||
set -x
|
set -x
|
||||||
git fetch
|
git fetch
|
||||||
git reset --hard HEAD
|
git reset --hard HEAD
|
||||||
|
git clean -d -fx .
|
||||||
git checkout $GITHUB_SHA
|
git checkout $GITHUB_SHA
|
||||||
poetry install
|
poetry install
|
||||||
- name: prepare
|
- name: Setup authentik env (ensure latest deps are installed)
|
||||||
env:
|
uses: ./.github/actions/setup
|
||||||
INSTALL: ${{ steps.cache-poetry.outputs.cache-hit }}
|
|
||||||
run: scripts/ci_prepare.sh
|
|
||||||
- name: migrate to latest
|
- name: migrate to latest
|
||||||
run: poetry run python -m lifecycle.migrate
|
run: poetry run python -m lifecycle.migrate
|
||||||
test-unittest:
|
test-unittest:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v3
|
- uses: actions/checkout@v3
|
||||||
- uses: actions/setup-python@v3
|
- name: Setup authentik env
|
||||||
- id: cache-poetry
|
uses: ./.github/actions/setup
|
||||||
uses: actions/cache@v3
|
|
||||||
with:
|
|
||||||
path: ~/.cache/pypoetry/virtualenvs
|
|
||||||
key: ${{ runner.os }}-poetry-cache-v2-${{ hashFiles('**/poetry.lock') }}
|
|
||||||
- name: prepare
|
|
||||||
env:
|
|
||||||
INSTALL: ${{ steps.cache-poetry.outputs.cache-hit }}
|
|
||||||
run: scripts/ci_prepare.sh
|
|
||||||
- uses: testspace-com/setup-testspace@v1
|
- uses: testspace-com/setup-testspace@v1
|
||||||
with:
|
with:
|
||||||
domain: ${{github.repository_owner}}
|
domain: ${{github.repository_owner}}
|
||||||
|
@ -142,16 +100,8 @@ jobs:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v3
|
- uses: actions/checkout@v3
|
||||||
- uses: actions/setup-python@v3
|
- name: Setup authentik env
|
||||||
- id: cache-poetry
|
uses: ./.github/actions/setup
|
||||||
uses: actions/cache@v3
|
|
||||||
with:
|
|
||||||
path: ~/.cache/pypoetry/virtualenvs
|
|
||||||
key: ${{ runner.os }}-poetry-cache-v2-${{ hashFiles('**/poetry.lock') }}
|
|
||||||
- name: prepare
|
|
||||||
env:
|
|
||||||
INSTALL: ${{ steps.cache-poetry.outputs.cache-hit }}
|
|
||||||
run: scripts/ci_prepare.sh
|
|
||||||
- uses: testspace-com/setup-testspace@v1
|
- uses: testspace-com/setup-testspace@v1
|
||||||
with:
|
with:
|
||||||
domain: ${{github.repository_owner}}
|
domain: ${{github.repository_owner}}
|
||||||
|
@ -171,25 +121,13 @@ jobs:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v3
|
- uses: actions/checkout@v3
|
||||||
- uses: actions/setup-python@v3
|
- name: Setup authentik env
|
||||||
- uses: actions/setup-node@v3.1.0
|
uses: ./.github/actions/setup
|
||||||
with:
|
|
||||||
node-version: '16'
|
|
||||||
cache: 'npm'
|
|
||||||
cache-dependency-path: web/package-lock.json
|
|
||||||
- uses: testspace-com/setup-testspace@v1
|
- uses: testspace-com/setup-testspace@v1
|
||||||
with:
|
with:
|
||||||
domain: ${{github.repository_owner}}
|
domain: ${{github.repository_owner}}
|
||||||
- id: cache-poetry
|
- name: Setup authentik env
|
||||||
uses: actions/cache@v3
|
|
||||||
with:
|
|
||||||
path: ~/.cache/pypoetry/virtualenvs
|
|
||||||
key: ${{ runner.os }}-poetry-cache-v2-${{ hashFiles('**/poetry.lock') }}
|
|
||||||
- name: prepare
|
|
||||||
env:
|
|
||||||
INSTALL: ${{ steps.cache-poetry.outputs.cache-hit }}
|
|
||||||
run: |
|
run: |
|
||||||
scripts/ci_prepare.sh
|
|
||||||
docker-compose -f tests/e2e/docker-compose.yml up -d
|
docker-compose -f tests/e2e/docker-compose.yml up -d
|
||||||
- id: cache-web
|
- id: cache-web
|
||||||
uses: actions/cache@v3
|
uses: actions/cache@v3
|
||||||
|
@ -216,25 +154,13 @@ jobs:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v3
|
- uses: actions/checkout@v3
|
||||||
- uses: actions/setup-python@v3
|
- name: Setup authentik env
|
||||||
- uses: actions/setup-node@v3.1.0
|
uses: ./.github/actions/setup
|
||||||
with:
|
|
||||||
node-version: '16'
|
|
||||||
cache: 'npm'
|
|
||||||
cache-dependency-path: web/package-lock.json
|
|
||||||
- uses: testspace-com/setup-testspace@v1
|
- uses: testspace-com/setup-testspace@v1
|
||||||
with:
|
with:
|
||||||
domain: ${{github.repository_owner}}
|
domain: ${{github.repository_owner}}
|
||||||
- id: cache-poetry
|
- name: Setup authentik env
|
||||||
uses: actions/cache@v3
|
|
||||||
with:
|
|
||||||
path: ~/.cache/pypoetry/virtualenvs
|
|
||||||
key: ${{ runner.os }}-poetry-cache-v2-${{ hashFiles('**/poetry.lock') }}
|
|
||||||
- name: prepare
|
|
||||||
env:
|
|
||||||
INSTALL: ${{ steps.cache-poetry.outputs.cache-hit }}
|
|
||||||
run: |
|
run: |
|
||||||
scripts/ci_prepare.sh
|
|
||||||
docker-compose -f tests/e2e/docker-compose.yml up -d
|
docker-compose -f tests/e2e/docker-compose.yml up -d
|
||||||
- id: cache-web
|
- id: cache-web
|
||||||
uses: actions/cache@v3
|
uses: actions/cache@v3
|
||||||
|
@ -288,8 +214,7 @@ jobs:
|
||||||
id: ev
|
id: ev
|
||||||
env:
|
env:
|
||||||
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
|
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
|
||||||
run: |
|
uses: ./.github/actions/docker-setup
|
||||||
python ./scripts/gh_env.py
|
|
||||||
- name: Login to Container Registry
|
- name: Login to Container Registry
|
||||||
uses: docker/login-action@v1
|
uses: docker/login-action@v1
|
||||||
if: ${{ steps.ev.outputs.shouldBuild == 'true' }}
|
if: ${{ steps.ev.outputs.shouldBuild == 'true' }}
|
||||||
|
|
3
.github/workflows/ci-outpost.yml
vendored
3
.github/workflows/ci-outpost.yml
vendored
|
@ -68,10 +68,9 @@ jobs:
|
||||||
uses: docker/setup-buildx-action@v1
|
uses: docker/setup-buildx-action@v1
|
||||||
- name: prepare variables
|
- name: prepare variables
|
||||||
id: ev
|
id: ev
|
||||||
|
uses: ./.github/actions/docker-setup
|
||||||
env:
|
env:
|
||||||
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
|
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
|
||||||
run: |
|
|
||||||
python ./scripts/gh_env.py
|
|
||||||
- name: Login to Container Registry
|
- name: Login to Container Registry
|
||||||
uses: docker/login-action@v1
|
uses: docker/login-action@v1
|
||||||
if: ${{ steps.ev.outputs.shouldBuild == 'true' }}
|
if: ${{ steps.ev.outputs.shouldBuild == 'true' }}
|
||||||
|
|
15
.github/workflows/translation-compile.yml
vendored
15
.github/workflows/translation-compile.yml
vendored
|
@ -21,19 +21,8 @@ jobs:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v3
|
- uses: actions/checkout@v3
|
||||||
- uses: actions/setup-python@v3
|
- name: Setup authentik env
|
||||||
- id: cache-poetry
|
uses: ./.github/actions/setup
|
||||||
uses: actions/cache@v3
|
|
||||||
with:
|
|
||||||
path: ~/.cache/pypoetry/virtualenvs
|
|
||||||
key: ${{ runner.os }}-poetry-cache-v2-${{ hashFiles('**/poetry.lock') }}
|
|
||||||
- name: prepare
|
|
||||||
env:
|
|
||||||
INSTALL: ${{ steps.cache-poetry.outputs.cache-hit }}
|
|
||||||
run: |
|
|
||||||
sudo apt-get update
|
|
||||||
sudo apt-get install -y gettext
|
|
||||||
scripts/ci_prepare.sh
|
|
||||||
- name: run compile
|
- name: run compile
|
||||||
run: poetry run ./manage.py compilemessages
|
run: poetry run ./manage.py compilemessages
|
||||||
- name: Create Pull Request
|
- name: Create Pull Request
|
||||||
|
|
|
@ -1,12 +0,0 @@
|
||||||
#!/bin/bash -xe
|
|
||||||
docker-compose -f scripts/ci.docker-compose.yml up -d
|
|
||||||
|
|
||||||
sudo apt update
|
|
||||||
sudo apt install -y libxmlsec1-dev pkg-config
|
|
||||||
python3 -m pip install -U wheel poetry
|
|
||||||
poetry env use python3.10
|
|
||||||
if [[ "$INSTALL" != "true" ]]; then
|
|
||||||
poetry install
|
|
||||||
fi
|
|
||||||
poetry run python -m scripts.generate_ci_config
|
|
||||||
npm install -g pyright@1.1.136
|
|
|
@ -1,13 +0,0 @@
|
||||||
"""Utility script to generate a config for CI runs"""
|
|
||||||
from authentik.lib.generators import generate_id
|
|
||||||
from yaml import safe_dump
|
|
||||||
|
|
||||||
with open("local.env.yml", "w") as _config:
|
|
||||||
safe_dump(
|
|
||||||
{
|
|
||||||
"log_level": "debug",
|
|
||||||
"secret_key": generate_id(),
|
|
||||||
},
|
|
||||||
_config,
|
|
||||||
default_flow_style=False,
|
|
||||||
)
|
|
|
@ -1,22 +0,0 @@
|
||||||
"""Helper script to get the actual branch name, docker safe"""
|
|
||||||
import os
|
|
||||||
from time import time
|
|
||||||
|
|
||||||
env_pr_branch = "GITHUB_HEAD_REF"
|
|
||||||
default_branch = "GITHUB_REF"
|
|
||||||
sha = "GITHUB_SHA"
|
|
||||||
|
|
||||||
branch_name = os.environ[default_branch]
|
|
||||||
if os.environ.get(env_pr_branch, "") != "":
|
|
||||||
branch_name = os.environ[env_pr_branch]
|
|
||||||
|
|
||||||
should_build = str(os.environ.get("DOCKER_USERNAME", "") != "").lower()
|
|
||||||
|
|
||||||
print("##[set-output name=branchName]%s" % branch_name)
|
|
||||||
print(
|
|
||||||
"##[set-output name=branchNameContainer]%s"
|
|
||||||
% branch_name.replace("refs/heads/", "").replace("/", "-")
|
|
||||||
)
|
|
||||||
print("##[set-output name=timestamp]%s" % int(time()))
|
|
||||||
print("##[set-output name=sha]%s" % os.environ[sha])
|
|
||||||
print("##[set-output name=shouldBuild]%s" % should_build)
|
|
Reference in a new issue