chore: Update Python dependencies #820
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # SPDX-FileCopyrightText: © Sebastian Thomschke and contributors | |
| # SPDX-License-Identifier: AGPL-3.0-or-later | |
| # SPDX-ArtifactOfProjectHomePage: https://github.com/Second-Hand-Friends/kleinanzeigen-bot/ | |
| # | |
| # https://docs.github.com/en/free-pro-team@latest/actions/reference/workflow-syntax-for-github-actions | |
| name: Build | |
| on: | |
| push: | |
| branches-ignore: | |
| - 'dependabot/**' # prevent GHA triggered twice (once for commit to the branch and once for opening/syncing the PR) | |
| - 'dependencies/pdm' # prevent GHA triggered twice (once for commit to the branch and once for opening/syncing the PR) | |
| tags-ignore: | |
| - '**' | |
| paths-ignore: | |
| - '**/*.md' | |
| - '.github/*.yml' | |
| - '.github/ISSUE_TEMPLATE/*' | |
| - '.github/workflows/codeql-analysis.yml' | |
| - '.github/workflows/update-python-deps.yml' | |
| pull_request: | |
| workflow_dispatch: | |
| # https://github.blog/changelog/2020-07-06-github-actions-manual-triggers-with-workflow_dispatch/ | |
| defaults: | |
| run: | |
| shell: bash | |
| jobs: | |
| ########################################################### | |
| build: | |
| ########################################################### | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - os: macos-latest | |
| PYTHON_VERSION: "3.10" | |
| PUBLISH_RELEASE: false | |
| - os: ubuntu-latest | |
| PYTHON_VERSION: "3.10" | |
| PUBLISH_RELEASE: false | |
| - os: windows-latest | |
| PYTHON_VERSION: "3.10" | |
| PUBLISH_RELEASE: false | |
| - os: macos-latest | |
| PYTHON_VERSION: "3.12" | |
| PUBLISH_RELEASE: true | |
| - os: ubuntu-latest | |
| PYTHON_VERSION: "3.12" | |
| PUBLISH_RELEASE: true | |
| - os: windows-latest | |
| PYTHON_VERSION: "3.12" | |
| PUBLISH_RELEASE: true | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - name: Git checkout | |
| uses: actions/checkout@v4 #https://github.com/actions/checkout | |
| - name: Configure Fast APT Mirror | |
| uses: vegardit/fast-apt-mirror.sh@v1 | |
| - name: Install Chromium Browser | |
| if: env.ACT == 'true' && startsWith(matrix.os, 'ubuntu') | |
| run: | | |
| if ! hash google-chrome &>/dev/null; then | |
| curl -sSfL https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb -o /tmp/chrome.deb | |
| sudo dpkg -i /tmp/chrome.deb || true | |
| sudo apt-get --no-install-recommends -y --fix-broken install | |
| fi | |
| - uses: actions/setup-python@v4 | |
| with: | |
| python-version: "${{ matrix.PYTHON_VERSION }}" | |
| - uses: actions/cache@v3 | |
| with: | |
| path: __pypackages__ | |
| key: ${{ runner.os }}-pypackages-${{ hashFiles('pdm.lock') }} | |
| - name: "Install: Python dependencies" | |
| run: | | |
| set -eux | |
| python --version | |
| python -m pip install --upgrade pip | |
| pip install --upgrade pdm | |
| pdm install -v | |
| - name: Display project metadata | |
| run: pdm show | |
| - name: Security scan | |
| run: pdm run scan | |
| - name: Check code style | |
| run: pdm run lint | |
| - name: Run unit tests | |
| run: pdm run utest | |
| - name: Run integration tests | |
| run: | | |
| set -eux | |
| case "${{ matrix.os }}" in | |
| ubuntu-*) | |
| sudo apt-get install --no-install-recommends -y xvfb | |
| xvfb-run pdm run itest | |
| ;; | |
| *) pdm run itest | |
| ;; | |
| esac | |
| - name: Run app from source | |
| run: | | |
| echo " | |
| login: | |
| username: '[email protected]' | |
| password: 'such_a_secret' | |
| " > config.yaml | |
| set -eux | |
| pdm run app help | |
| pdm run app version | |
| pdm run app verify | |
| - name: "Install: binutils (strip)" | |
| if: startsWith(matrix.os, 'ubuntu') | |
| run: sudo apt-get install --no-install-recommends -y binutils | |
| - name: "Install: UPX" | |
| if: startsWith(matrix.os, 'windows') | |
| run: | | |
| set -eu | |
| upx_download_url=$(curl -fsSL -H "Authorization: token ${{ github.token }}" https://api.github.com/repos/upx/upx/releases/latest | grep browser_download_url | grep win64.zip | cut "-d\"" -f4) | |
| echo "Downloading [$upx_download_url]..." | |
| curl -fL -o /tmp/upx.zip $upx_download_url | |
| echo "Extracting upx zip..." | |
| mkdir /tmp/upx | |
| 7z e /tmp/upx.zip -o/tmp/upx *.exe -r | |
| echo "$(cygpath -wa /tmp/upx)" >> $GITHUB_PATH | |
| /tmp/upx/upx.exe --version | |
| - name: Build self-contained executable | |
| run: | | |
| set -eux | |
| pdm run compile | |
| ls -l dist | |
| - name: Run self-contained executable | |
| run: | | |
| set -eux | |
| dist/kleinanzeigen-bot help | |
| dist/kleinanzeigen-bot version | |
| dist/kleinanzeigen-bot verify | |
| - name: Upload self-contained executable | |
| uses: actions/upload-artifact@v3 | |
| if: ${{ github.ref_name == 'main' && matrix.PUBLISH_RELEASE && !env.ACT }} | |
| with: | |
| name: artifacts-${{ matrix.os }} | |
| path: dist/kleinanzeigen-bot* | |
| - name: Build Docker image | |
| if: startsWith(matrix.os, 'ubuntu') | |
| run: | | |
| set -eux | |
| bash docker/build-image.sh | |
| docker run --rm second-hand-friends/kleinanzeigen-bot help | |
| - name: Publish Docker image | |
| if: ${{ github.ref_name == 'main' && matrix.PUBLISH_RELEASE && startsWith(matrix.os, 'ubuntu') && !env.ACT }} | |
| run: | | |
| set -eux | |
| echo "${{ github.token }}" | docker login https://ghcr.io -u ${{ github.actor }} --password-stdin | |
| image_name="second-hand-friends/kleinanzeigen-bot" | |
| docker image tag $image_name ghcr.io/$image_name | |
| docker push ghcr.io/$image_name | |
| ########################################################### | |
| publish-release: | |
| ########################################################### | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| if: ${{ github.ref_name == 'main' && !github.event.act }} | |
| concurrency: publish-latest-release # https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#jobsjob_idconcurrency | |
| steps: | |
| - name: Git checkout | |
| # only required by "gh release create" to prevent "fatal: Not a git repository" | |
| uses: actions/checkout@v4 #https://github.com/actions/checkout | |
| - name: Generate GitHub access token | |
| uses: tibdex/github-app-token@v2 #https://github.com/tibdex/github-app-token | |
| id: generate_token | |
| # see https://github.com/peter-evans/create-pull-request/blob/main/docs/concepts-guidelines.md#authenticating-with-github-app-generated-tokens | |
| with: | |
| # see https://github.com/organizations/Second-Hand-Friends/settings/apps/kleinanzeigen-bot-tu | |
| app_id: ${{ secrets.DEPS_UPDATER_APP_ID }} | |
| private_key: ${{ secrets.DEPS_UPDATER_PRIVATE_KEY }} | |
| - name: Delete untagged docker image | |
| continue-on-error: true | |
| uses: camargo/delete-untagged-action@v1 | |
| with: | |
| github-token: ${{ steps.generate_token.outputs.token }} | |
| - name: Download build artifacts | |
| uses: actions/download-artifact@v3 | |
| - name: "Delete previous 'latest' release" | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| RELEASE_NAME: latest | |
| # https://cli.github.com/manual/gh_release_delete | |
| run: | | |
| GH_DEBUG=1 gh release delete "$RELEASE_NAME" --yes --cleanup-tag || true | |
| - name: "Create 'latest' release" | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| RELEASE_NAME: latest | |
| run: | | |
| set -eux | |
| mv artifacts-macos-latest/kleinanzeigen-bot kleinanzeigen-bot-darwin-amd64 | |
| mv artifacts-ubuntu-latest/kleinanzeigen-bot kleinanzeigen-bot-linux-amd64 | |
| mv artifacts-windows-latest/kleinanzeigen-bot.exe kleinanzeigen-bot-windows-amd64.exe | |
| # https://cli.github.com/manual/gh_release_create | |
| GH_DEBUG=1 gh release create "$RELEASE_NAME" \ | |
| --prerelease \ | |
| --latest \ | |
| --notes "${{ github.event.head_commit.message }}" \ | |
| --target "${{ github.sha }}" \ | |
| kleinanzeigen-bot-darwin-amd64 \ | |
| kleinanzeigen-bot-linux-amd64 \ | |
| kleinanzeigen-bot-windows-amd64.exe | |
| - name: "Delete intermediate build artifacts" | |
| uses: geekyeggo/delete-artifact@v2 # https://github.com/GeekyEggo/delete-artifact/ | |
| with: | |
| name: "*" | |
| failOnError: false |