Build PR on main repo #6
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Full Build | |
| on: | |
| push: | |
| pull_request: | |
| release: | |
| types: [published] | |
| env: | |
| python_version: '3.11' | |
| mainline_build: ${{ github.ref == 'refs/heads/main' || github.event.label.name == 'translation' || github.event_name == 'release' }} | |
| jobs: | |
| lint: | |
| name: Lint | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| if: "!contains(github.event.head_commit.message, 'skip ci')" | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Set up Python | |
| uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4.7.0 | |
| with: | |
| python-version: ${{ env.python_version }} | |
| - name: Lint with Pre-commit | |
| uses: pre-commit/action@646c83fcd040023954eafda54b4db0192ce70507 # v3.0.0 | |
| - name: Check translations | |
| run: pip install babel && python po/check-babel.py | |
| - name: Check Poetry lock file integrity | |
| run: | | |
| pipx install --python python${{ env.python_version }} --pip-args=--constraint=.github/constraints.txt poetry | |
| poetry config virtualenvs.in-project true | |
| poetry check | |
| linux-wheel: | |
| name: Linux (Wheel) with Python ${{ matrix.python_version }} | |
| needs: lint | |
| runs-on: ubuntu-22.04 | |
| timeout-minutes: 30 | |
| if: "!contains(github.event.head_commit.message, 'skip ci')" | |
| strategy: | |
| matrix: | |
| python_version: ['3.10', '3.11', '3.12'] | |
| outputs: | |
| targz: gaphor-${{ steps.setup_and_test.outputs.version }}.tar.gz | |
| wheel: gaphor-${{ steps.setup_and_test.outputs.version }}-py3-none-any.whl | |
| version: ${{ steps.setup_and_test.outputs.version }} | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Install Linux Dependencies | |
| run: > | |
| sudo apt-get update -qq && sudo apt-get install -qq --no-install-recommends upx | |
| gir1.2-gtk-4.0 libgirepository1.0-dev libgtksourceview-5-dev libadwaita-1-dev | |
| graphviz | |
| - name: Set up Python | |
| uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4.7.0 | |
| with: | |
| python-version: ${{ matrix.python_version }} | |
| allow-prereleases: true | |
| - name: Use Python Dependency Cache | |
| uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 | |
| with: | |
| path: ~/.cache/pip | |
| key: ${{ runner.os }}-${{ hashFiles('**/poetry.lock') }}-22.04 | |
| - name: Install Dependencies and Test | |
| id: setup_and_test | |
| uses: ./.github/actions/setup_and_test | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Upload Code Coverage to Code Climate | |
| if: ${{ matrix.python_version == env.python_version }} | |
| uses: paambaati/codeclimate-action@4cace242c6e0a2dd554bbb3cc12c58047d8af3e5 # v5.0.0 | |
| env: | |
| CC_TEST_REPORTER_ID: 05f6288b94a87daa172d3e96a33ec331a4374be7d01eb9a42b3b21c4c550a8ff | |
| with: | |
| coverageCommand: poetry run coverage xml --omit="/tmp/*" | |
| - name: Create Source Dist and Wheel | |
| if: ${{ matrix.python_version == env.python_version }} | |
| run: poetry build | |
| - name: Upload gaphor-${{ steps.setup_and_test.outputs.version }}.tar.gz | |
| if: ${{ matrix.python_version == env.python_version }} | |
| uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 | |
| with: | |
| name: gaphor-${{ steps.setup_and_test.outputs.version }}.tar.gz | |
| path: dist/gaphor-${{ steps.setup_and_test.outputs.version }}.tar.gz | |
| - name: Upload gaphor-${{ steps.setup_and_test.outputs.version }}-py3-none-any.whl | |
| if: ${{ matrix.python_version == env.python_version }} | |
| uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 | |
| with: | |
| name: gaphor-${{ steps.setup_and_test.outputs.version }}-py3-none-any.whl | |
| path: dist/gaphor-${{ steps.setup_and_test.outputs.version }}-py3-none-any.whl | |
| linux-flatpak-devel: | |
| name: Linux (Devel Flatpak) | |
| needs: lint | |
| runs-on: ubuntu-22.04 | |
| container: | |
| image: bilelmoussaoui/flatpak-github-actions:gnome-44 | |
| options: --privileged | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Use Python Dependency Cache | |
| uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 | |
| with: | |
| path: ~/.cache/pip | |
| key: ${{ runner.os }}-${{ hashFiles('**/poetry.lock') }}-22.04 | |
| - uses: flatpak/flatpak-github-actions/flatpak-builder@0c1e6013638a1773c475ccf010b455c9f6a873cf # v6.1 | |
| with: | |
| bundle: gaphor.flatpak | |
| manifest-path: org.gaphor.Gaphor.json | |
| run-tests: true | |
| cache-key: flatpak-builder-${{ github.sha }} | |
| macos: | |
| name: macOS | |
| needs: lint | |
| runs-on: macos-11 | |
| permissions: | |
| contents: write | |
| timeout-minutes: 45 | |
| if: "!contains(github.event.head_commit.message, 'skip ci')" | |
| outputs: | |
| artifact: ${{ steps.create.outputs.artifact }} | |
| env: | |
| LDFLAGS: -L/usr/local/opt/python@${python_version}/lib | |
| PKG_CONFIG_PATH: /usr/local/opt/libffi/lib/pkgconfig:/usr/local/opt/python@${python_version}/lib/pkgconfig:${PKG_CONFIG_PATH:-} | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Install macOS Dependencies | |
| run: > | |
| brew install gtk4 gtksourceview5 libadwaita adwaita-icon-theme | |
| gobject-introspection graphviz create-dmg upx | |
| - name: Set up Python | |
| uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4.7.0 | |
| with: | |
| python-version: ${{ env.python_version }} | |
| - name: Use Python Dependency Cache | |
| uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 | |
| with: | |
| path: ~/Library/Caches/pip | |
| key: ${{ runner.os }}-poetry-${{ hashFiles('**/poetry.lock') }} | |
| restore-keys: ${{ runner.os }}-poetry- | |
| - name: Install Dependencies and Test | |
| id: setup_and_test | |
| uses: ./.github/actions/setup_and_test | |
| - name: Create macOS Application | |
| id: create | |
| if: ${{ github.actor != 'dependabot[bot]' }} | |
| uses: ./.github/actions/macos_dmg | |
| with: | |
| sign_app: ${{ env.mainline_build }} | |
| version: ${{ steps.setup_and_test.outputs.version }} | |
| base64_encoded_p12: ${{ secrets.BASE64_ENCODED_P12 }} | |
| certpassword_p12: ${{ secrets.CERTPASSWORD_P12 }} | |
| ac_username: ${{ secrets.APPLE_NOTARY_USER }} | |
| ac_password: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }} | |
| check-macos-app: | |
| name: Check macOS App | |
| needs: macos | |
| runs-on: macos-latest | |
| if: ${{ github.actor != 'dependabot[bot]' }} | |
| timeout-minutes: 10 | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 | |
| id: download | |
| with: | |
| name: ${{ needs.macos.outputs.artifact }} | |
| path: . | |
| - name: Perform self-test (dmg) | |
| run: | | |
| hdiutil attach ${{ needs.macos.outputs.artifact }} | |
| cd /Volumes/Gaphor* | |
| # Retry if first test fails | |
| Gaphor.app/Contents/MacOS/gaphor-exe --self-test || Gaphor.app/Contents/MacOS/gaphor-exe --self-test | |
| windows-build-gtk: | |
| name: Windows (Build GTK) | |
| runs-on: windows-latest | |
| timeout-minutes: 60 | |
| env: | |
| gvsbuild_version: 2023.5.0 | |
| # Bump this number if you want to force a rebuild of gvsbuild with the same version | |
| gvsbuild_update: 0 | |
| outputs: | |
| cachekey: ${{ steps.output.outputs.cachekey }} | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1 | |
| with: | |
| egress-policy: audit | |
| - name: GTK binaries create dir | |
| run: mkdir C:\gtk-build\gtk\x64\release | |
| - name: GTK binaries get from cache | |
| uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 | |
| id: cache | |
| with: | |
| path: C:\gtk-build\gtk\x64\release\** | |
| key: ${{ runner.os }}-gvsbuild-${{ env.gvsbuild_update }}-${{ env.gvsbuild_version }} | |
| - name: Set up Python | |
| if: steps.cache.outputs.cache-hit != 'true' | |
| uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4.7.0 | |
| with: | |
| python-version: ${{ env.python_version }} | |
| - name: GTK binaries move git binary | |
| if: steps.cache.outputs.cache-hit != 'true' | |
| run: | | |
| move "C:\Program Files\Git\usr\bin" "C:\Program Files\Git\usr\notbin" | |
| move "C:\Program Files\Git\bin" "C:\Program Files\Git\notbin" | |
| - name: Install gvsbuild | |
| if: steps.cache.outputs.cache-hit != 'true' | |
| run: python -m pip install gvsbuild==${{ env.gvsbuild_version }} | |
| # j2 option resolves out of memory issues while linking on GitHub Actions runners | |
| - name: GTK binaries run gvsbuild | |
| if: steps.cache.outputs.cache-hit != 'true' | |
| run: > | |
| gvsbuild build --ninja-opts -j2 --enable-gi --py-wheel gobject-introspection | |
| gtk4 libadwaita gtksourceview5 pycairo pygobject adwaita-icon-theme hicolor-icon-theme | |
| - name: Copy wheels to cached directory | |
| if: steps.cache.outputs.cache-hit != 'true' | |
| run: > | |
| Get-ChildItem C:\gtk-build\build\x64\release\*\dist\*.whl | | |
| ForEach-Object -process { cp $_ C:\gtk-build\gtk\x64\release\ } | |
| - name: GTK binaries restore git binary | |
| if: steps.cache.outputs.cache-hit != 'true' | |
| run: | | |
| move "C:\Program Files\Git\usr\notbin" "C:\Program Files\Git\usr\bin" | |
| move "C:\Program Files\Git\notbin" "C:\Program Files\Git\bin" | |
| - name: GTK binaries output cache key | |
| id: output | |
| run: Write-Output "cachekey=${{ runner.os }}-gvsbuild-${{ env.gvsbuild_update }}-${{ env.gvsbuild_version }}" >> $env:GITHUB_OUTPUT | |
| windows: | |
| name: Windows | |
| needs: [lint, windows-build-gtk] | |
| runs-on: windows-latest | |
| env: | |
| INCLUDE: C:\gtk-build\gtk\x64\release\include;C:\gtk-build\gtk\x64\release\include\cairo;C:\gtk-build\gtk\x64\release\include\glib-2.0;C:\gtk-build\gtk\x64\release\include\gobject-introspection-1.0;C:\gtk-build\gtk\x64\release\lib\glib-2.0\include; | |
| LIB: C:\gtk-build\gtk\x64\release\lib | |
| permissions: | |
| contents: write | |
| timeout-minutes: 45 | |
| outputs: | |
| installer: gaphor-${{ steps.setup_and_test.outputs.version }}-installer.exe | |
| if: "!contains(github.event.head_commit.message, 'skip ci')" | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1 | |
| with: | |
| egress-policy: audit | |
| - name: Create GTK binaries dir | |
| run: mkdir C:\gtk-build\gtk\x64\release | |
| - name: Get GTK binaries from cache | |
| uses: actions/cache/restore@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 | |
| id: cache | |
| with: | |
| path: C:\gtk-build\gtk\x64\release\** | |
| key: ${{ needs.windows-build-gtk.outputs.cachekey }} | |
| - name: Check cache hit | |
| if: steps.cache.outputs.cache-hit != 'true' | |
| run: | | |
| echo "No GTK binaries cache" | |
| exit 1 | |
| - name: Set up env | |
| run: | | |
| Write-Output "PKG_CONFIG=C:\gtk-build\gtk\x64\release\bin\pkgconf.exe" >> $env:GITHUB_ENV | |
| Write-Output "C:\gtk-build\gtk\x64\release\bin" >> $env:GITHUB_PATH | |
| choco install graphviz -y | |
| - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Set up Python | |
| uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 # v4.7.0 | |
| with: | |
| python-version: ${{ env.python_version }} | |
| - name: Install pipx | |
| run: | | |
| python -m pip install pipx | |
| pipx ensurepath | |
| - name: Use Python Dependency Cache | |
| uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 | |
| with: | |
| path: ~\AppData\Local\pip\Cache | |
| key: ${{ runner.os }}-poetry-${{ hashFiles('**/poetry.lock') }} | |
| restore-keys: ${{ runner.os }}-poetry- | |
| - name: Install Dependencies and Test | |
| id: setup_and_test | |
| uses: ./.github/actions/setup_and_test | |
| - name: Create Windows Executables | |
| uses: ./.github/actions/windows_executables | |
| if: ${{ github.actor != 'dependabot[bot]' }} | |
| with: | |
| mainline_build: ${{ env.mainline_build }} | |
| version: ${{ steps.setup_and_test.outputs.version }} | |
| cert_password: ${{ secrets.CERTPASSWORD }} | |
| base64_encoded_pfx: ${{ secrets.BASE64_ENCODED_PFX }} | |
| check-windows-installer: | |
| name: Check Windows Installer | |
| needs: windows | |
| runs-on: windows-latest | |
| timeout-minutes: 15 | |
| if: ${{ github.actor != 'dependabot[bot]' }} | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 | |
| with: | |
| name: ${{ needs.windows.outputs.installer }} | |
| path: . | |
| - name: Install Gaphor | |
| timeout-minutes: 5 | |
| run: start "" /WAIT "${{ needs.windows.outputs.installer }}" /S | |
| shell: cmd | |
| - name: Perform self-test | |
| timeout-minutes: 5 | |
| run: start "" /WAIT "C:\Program Files\Gaphor\gaphor-exe.exe" --self-test | |
| shell: cmd | |
| - name: Test output | |
| if: always() | |
| run: type gaphor-self-test.txt | |
| shell: cmd | |
| publish-to-pypi: | |
| name: Publish to PyPI (release only) | |
| needs: [ linux-wheel, linux-flatpak-devel, check-macos-app, check-windows-installer ] | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| id-token: write | |
| if: github.event_name == 'release' | |
| outputs: | |
| version: ${{ needs.linux-wheel.outputs.version }} | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 | |
| with: | |
| name: ${{ needs.linux-wheel.outputs.targz }} | |
| path: dist | |
| - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 | |
| with: | |
| name: ${{ needs.linux-wheel.outputs.wheel }} | |
| path: dist | |
| - name: Publish package distributions to PyPI | |
| uses: pypa/gh-action-pypi-publish@f8c70e705ffc13c3b4d1221169b84f12a75d6ca8 # release/v1 | |
| trigger-website-version-update: | |
| name: Trigger version update on gaphor/gaphor.github.io | |
| needs: [ publish-to-pypi ] | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1 | |
| with: | |
| egress-policy: audit | |
| - name: Repository Dispatch | |
| uses: peter-evans/repository-dispatch@26b39ed245ab8f31526069329e112ab2fb224588 # v2.1.1 | |
| with: | |
| token: ${{ secrets.WEBSITE_DISPATCH_TOKEN }} # Expires 2024-07-08 | |
| repository: gaphor/gaphor.github.io | |
| event-type: version-update | |
| client-payload: '{ "version": "${{ needs.publish-to-pypi.outputs.version }}" }' | |
| trigger-flatpak-version-update: | |
| name: Trigger version update on flathub/org.gaphor.Gaphor | |
| needs: [ publish-to-pypi ] | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1 | |
| with: | |
| egress-policy: audit | |
| - name: Repository Dispatch | |
| uses: peter-evans/repository-dispatch@26b39ed245ab8f31526069329e112ab2fb224588 # v2.1.1 | |
| with: | |
| token: ${{ secrets.FLATHUB_DISPATCH_TOKEN }} # Expires 2024-07-08 | |
| repository: flathub/org.gaphor.Gaphor | |
| event-type: version-update | |
| client-payload: '{ "version": "${{ needs.publish-to-pypi.outputs.version }}" }' |