Bump boto3 from 1.35.63 to 1.35.72 (#1297) #4512
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "CI" | |
# The workflow should be triggered on any push and release events. | |
# Release events can push tags (triggering a push event). | |
# Therefore: | |
# - docker-publish-staging – is only triggered on push events to main branch | |
# - docker-publish-release – is only triggered on release events | |
on: | |
push: | |
pull_request: | |
release: | |
types: [released] | |
jobs: | |
linting: | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
python-version: ["3.12"] | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up Python ${{ matrix.python-version }} | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ matrix.python-version }} | |
- name: Install dependencies | |
run: pip install pre-commit | |
- name: Run pre-commit | |
run: pre-commit run --all-files | |
django-check: | |
runs-on: ubuntu-latest | |
services: | |
postgres: | |
image: postgres:13-alpine | |
env: | |
POSTGRES_USER: postgres | |
POSTGRES_PASSWORD: postgres | |
options: >- | |
--health-cmd pg_isready | |
--health-interval 10s | |
--health-timeout 5s | |
--health-retries 5 | |
ports: | |
- 5432:5432 | |
env: | |
SECRET_KEY: "insecure_key_for_dev" | |
POSTGRES_HOST: localhost | |
POSTGRES_PORT: 5432 | |
AWS_ACCESS_KEY_ID: "example-aws-access-key-id" | |
AWS_SECRET_ACCESS_KEY: "example-aws-secret-access-key" | |
AWS_STORAGE_BUCKET_NAME: "example-aws-storage-bucket-name" | |
steps: | |
- name: Check out repository code | |
uses: actions/checkout@v4 | |
- uses: actions/cache@v4 | |
with: | |
path: ~/.cache/pip | |
key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements-dev.txt') }} | |
restore-keys: | | |
${{ runner.os }}-pip- | |
- name: Set up Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: "3.12.2" | |
- name: Install dependencies | |
run: | | |
pip install -U wheel setuptools | |
pip install -r requirements-dev.txt | |
- name: Run mypy | |
run: mypy --strict src/chains src/safe_apps | |
- name: Check pending migrations | |
run: python src/manage.py makemigrations --check --dry-run | |
- name: Run migrations | |
run: python src/manage.py migrate | |
- name: Django System Check | |
run: python src/manage.py check | |
- name: Run tests with coverage | |
run: coverage run -m pytest src | |
- name: Coveralls | |
uses: coverallsapp/github-action@v2 | |
docker-publish-staging: | |
if: (github.event_name == 'push' && github.ref == 'refs/heads/main') | |
needs: [linting, django-check] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Set up QEMU | |
uses: docker/[email protected] | |
with: | |
platforms: arm64 | |
- name: Set up Docker Buildx | |
uses: docker/[email protected] | |
- name: Cache Docker layers | |
uses: actions/cache@v4 | |
with: | |
path: /tmp/.buildx-cache | |
key: ${{ runner.os }}-buildx-${{ github.sha }} | |
restore-keys: | | |
${{ runner.os }}-buildx- | |
- name: Login to DockerHub | |
uses: docker/[email protected] | |
with: | |
username: ${{ secrets.DOCKER_USER }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
- name: Build and push | |
id: docker_build | |
uses: docker/[email protected] | |
with: | |
context: . | |
platforms: linux/amd64,linux/arm64 | |
push: true | |
build-args: | | |
BUILD_NUMBER=${{ env.BUILD_NUMBER }} | |
VERSION=${{ github.ref_name }} | |
tags: safeglobal/safe-config-service:staging | |
cache-from: type=local,src=/tmp/.buildx-cache | |
cache-to: type=local,dest=/tmp/.buildx-cache-new | |
- # Temp fix | |
# https://github.com/docker/build-push-action/issues/252 | |
# https://github.com/moby/buildkit/issues/1896 | |
name: Move cache | |
run: | | |
rm -rf /tmp/.buildx-cache | |
mv /tmp/.buildx-cache-new /tmp/.buildx-cache | |
- name: Image digest | |
run: echo ${{ steps.docker_build.outputs.digest }} | |
docker-publish-release: | |
if: (github.event_name == 'release' && github.event.action == 'released') | |
needs: [linting, django-check] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Set up QEMU | |
uses: docker/[email protected] | |
with: | |
platforms: arm64 | |
- name: Set up Docker Buildx | |
uses: docker/[email protected] | |
- name: Cache Docker layers | |
uses: actions/cache@v4 | |
with: | |
path: /tmp/.buildx-cache | |
key: ${{ runner.os }}-buildx-${{ github.sha }} | |
restore-keys: | | |
${{ runner.os }}-buildx- | |
- name: Login to DockerHub | |
uses: docker/[email protected] | |
with: | |
username: ${{ secrets.DOCKER_USER }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
- name: Build and push | |
id: docker_build | |
uses: docker/[email protected] | |
with: | |
context: . | |
platforms: linux/amd64,linux/arm64 | |
push: true | |
build-args: | | |
BUILD_NUMBER=${{ env.BUILD_NUMBER }} | |
VERSION=${{ github.ref_name }} | |
tags: | | |
safeglobal/safe-config-service:${{ github.event.release.tag_name }} | |
safeglobal/safe-config-service:latest | |
cache-from: type=local,src=/tmp/.buildx-cache | |
cache-to: type=local,dest=/tmp/.buildx-cache-new | |
- # Temp fix | |
# https://github.com/docker/build-push-action/issues/252 | |
# https://github.com/moby/buildkit/issues/1896 | |
name: Move cache | |
run: | | |
rm -rf /tmp/.buildx-cache | |
mv /tmp/.buildx-cache-new /tmp/.buildx-cache | |
- name: Image digest | |
run: echo ${{ steps.docker_build.outputs.digest }} | |
autodeploy: | |
runs-on: ubuntu-latest | |
needs: [docker-publish-staging] | |
if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Deploy Staging | |
run: bash scripts/autodeploy.sh | |
env: | |
AUTODEPLOY_URL: ${{ secrets.AUTODEPLOY_URL }} | |
AUTODEPLOY_TOKEN: ${{ secrets.AUTODEPLOY_TOKEN }} | |
TARGET_ENV: "staging" |