158 lines
6.1 KiB
YAML
158 lines
6.1 KiB
YAML
name: docker
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
- dev
|
|
pull_request:
|
|
branches:
|
|
- main
|
|
- dev
|
|
pull_request_review:
|
|
types:
|
|
- submitted
|
|
|
|
jobs:
|
|
lint:
|
|
if: ${{ github.event_name != 'pull_request_review' || github.event.review.state == 'approved' }}
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
- name: Set up Python
|
|
uses: actions/setup-python@v5
|
|
with:
|
|
python-version: "3.12"
|
|
- name: Install dependencies
|
|
run: |
|
|
python -m pip install --upgrade pip
|
|
pip install -r requirements-dev.txt
|
|
- name: Run lint
|
|
run: |
|
|
ruff check src tests
|
|
ruff format --check src tests
|
|
black --check src tests
|
|
mypy src
|
|
|
|
test:
|
|
if: ${{ github.event_name != 'pull_request_review' || github.event.review.state == 'approved' }}
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
- name: Set up Python
|
|
uses: actions/setup-python@v5
|
|
with:
|
|
python-version: "3.12"
|
|
- name: Install dependencies
|
|
run: |
|
|
python -m pip install --upgrade pip
|
|
pip install -r requirements-dev.txt
|
|
- name: Run tests
|
|
run: pytest --cov=aegis_gitea_mcp --cov-report=term-missing --cov-fail-under=80
|
|
|
|
docker-test:
|
|
if: ${{ github.event_name != 'pull_request_review' || github.event.review.state == 'approved' }}
|
|
runs-on: ubuntu-latest
|
|
needs: [lint, test]
|
|
env:
|
|
IMAGE_NAME: aegis-gitea-mcp
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Build candidate image
|
|
run: |
|
|
SHA_TAG="${GITHUB_SHA:-${CI_COMMIT_SHA:-local}}"
|
|
docker build -f docker/Dockerfile -t ${IMAGE_NAME}:${SHA_TAG} .
|
|
|
|
- name: Smoke-test image
|
|
run: |
|
|
SHA_TAG="${GITHUB_SHA:-${CI_COMMIT_SHA:-local}}"
|
|
docker run --rm --entrypoint python ${IMAGE_NAME}:${SHA_TAG} -c "import aegis_gitea_mcp"
|
|
|
|
docker-publish:
|
|
runs-on: ubuntu-latest
|
|
needs: [lint, test, docker-test]
|
|
if: >-
|
|
(github.event_name == 'push' && (github.ref_name == 'main' || github.ref_name == 'dev')) ||
|
|
(github.event_name == 'pull_request_review' &&
|
|
github.event.review.state == 'approved' &&
|
|
(github.event.pull_request.base.ref == 'main' || github.event.pull_request.base.ref == 'dev'))
|
|
env:
|
|
IMAGE_NAME: aegis-gitea-mcp
|
|
REGISTRY_IMAGE: ${{ vars.REGISTRY_IMAGE }}
|
|
REGISTRY_HOST: ${{ vars.REGISTRY_HOST }}
|
|
PR_BASE_REF: ${{ github.event.pull_request.base.ref }}
|
|
PR_HEAD_SHA: ${{ github.event.pull_request.head.sha }}
|
|
REGISTRY_USER: ${{ secrets.REGISTRY_USER }}
|
|
REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
with:
|
|
ref: ${{ github.event.pull_request.head.sha || github.sha }}
|
|
|
|
- name: Resolve tags
|
|
id: tags
|
|
run: |
|
|
EVENT_NAME="${GITHUB_EVENT_NAME:-${CI_EVENT_NAME:-}}"
|
|
REF_NAME="${GITHUB_REF_NAME:-${CI_COMMIT_REF_NAME:-}}"
|
|
BASE_REF="${PR_BASE_REF:-${GITHUB_BASE_REF:-${CI_BASE_REF:-}}}"
|
|
SHA_TAG="${GITHUB_SHA:-${CI_COMMIT_SHA:-local}}"
|
|
|
|
if [ "${EVENT_NAME}" = "pull_request_review" ]; then
|
|
TARGET_BRANCH="${BASE_REF}"
|
|
SHA_TAG="${PR_HEAD_SHA:-$SHA_TAG}"
|
|
else
|
|
TARGET_BRANCH="${REF_NAME}"
|
|
fi
|
|
|
|
if [ "${TARGET_BRANCH}" = "main" ]; then
|
|
STABLE_TAG="latest"
|
|
elif [ "${TARGET_BRANCH}" = "dev" ]; then
|
|
STABLE_TAG="dev"
|
|
else
|
|
echo "Unsupported target branch '${TARGET_BRANCH}'"
|
|
exit 1
|
|
fi
|
|
|
|
echo "sha_tag=${SHA_TAG}" >> "${GITHUB_OUTPUT}"
|
|
echo "stable_tag=${STABLE_TAG}" >> "${GITHUB_OUTPUT}"
|
|
|
|
- name: Build releasable image
|
|
id: image
|
|
run: |
|
|
IMAGE_REF="${REGISTRY_IMAGE:-${IMAGE_NAME}}"
|
|
echo "image_ref=${IMAGE_REF}" >> "${GITHUB_OUTPUT}"
|
|
docker build -f docker/Dockerfile -t ${IMAGE_REF}:${{ steps.tags.outputs.sha_tag }} .
|
|
docker tag ${IMAGE_REF}:${{ steps.tags.outputs.sha_tag }} ${IMAGE_REF}:${{ steps.tags.outputs.stable_tag }}
|
|
|
|
- name: Login to registry
|
|
if: ${{ vars.PUSH_IMAGE == 'true' }}
|
|
run: |
|
|
if [ -z "${REGISTRY_USER}" ] || [ -z "${REGISTRY_TOKEN}" ]; then
|
|
echo "REGISTRY_USER and REGISTRY_TOKEN secrets are required when PUSH_IMAGE=true"
|
|
exit 1
|
|
fi
|
|
|
|
IMAGE_REF="${{ steps.image.outputs.image_ref }}"
|
|
LOGIN_HOST="${REGISTRY_HOST}"
|
|
if [ -z "${LOGIN_HOST}" ]; then
|
|
FIRST_PART="${IMAGE_REF%%/*}"
|
|
case "${FIRST_PART}" in
|
|
*.*|*:*|localhost) LOGIN_HOST="${FIRST_PART}" ;;
|
|
*) LOGIN_HOST="docker.io" ;;
|
|
esac
|
|
fi
|
|
|
|
printf "%s" "${REGISTRY_TOKEN}" | docker login "${LOGIN_HOST}" --username "${REGISTRY_USER}" --password-stdin
|
|
|
|
- name: Optional registry push
|
|
if: ${{ vars.PUSH_IMAGE == 'true' }}
|
|
run: |
|
|
IMAGE_REF="${{ steps.image.outputs.image_ref }}"
|
|
docker push ${IMAGE_REF}:${{ steps.tags.outputs.sha_tag }}
|
|
docker push ${IMAGE_REF}:${{ steps.tags.outputs.stable_tag }}
|