Skip to content

Bump certifi from 2024.2.2 to 2024.7.4 #46

Bump certifi from 2024.2.2 to 2024.7.4

Bump certifi from 2024.2.2 to 2024.7.4 #46

Workflow file for this run

---
name: CI
"on":
push:
branches:
- "main"
tags:
- "v*.*.*"
pull_request:
branches:
- "main"
permissions:
contents: read
jobs:
meta:
name: Derive Build Metadata
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Derive version string
id: bin_version
run: echo "bin_version=$(./.version.sh)" >> "$GITHUB_OUTPUT"
- name: bin_version
run: "echo bin_version: ${{ steps.bin_version.outputs.bin_version }}"
- name: Check if this is a running version tag update
id: running_version_tag
run: |
if [ -z "${{ github.event.ref }}" ]; then
echo "is_running_version_tag_update=false" >> "$GITHUB_OUTPUT"
elif [[ "${{ github.event.ref }}" =~ ^refs/tags/v[0-9]+\.[0-9]+$ ]]; then
echo "is_running_version_tag_update=true" >> "$GITHUB_OUTPUT"
elif [[ "${{ github.event.ref }}" =~ ^refs/tags/v[0-9]+$ ]]; then
echo "is_running_version_tag_update=true" >> "$GITHUB_OUTPUT"
else
echo "is_running_version_tag_update=false" >> "$GITHUB_OUTPUT"
fi
- name: is_running_version_tag
run: "echo is_running_version_tag_update: ${{ steps.running_version_tag.outputs.is_running_version_tag_update }}"
outputs:
project_name: ${{ github.event.repository.name }}
bin_version: ${{ steps.bin_version.outputs.bin_version }}
dockerhub_owner: ${{ github.repository_owner }}
is_prerelease: >-
${{
steps.running_version_tag.outputs.is_running_version_tag_update != 'true' &&
startsWith(github.ref, 'refs/tags/v') &&
(contains(github.ref, '-alpha.')
|| contains(github.ref, '-beta.')
|| contains(github.ref, '-rc.'))
}}
is_release: >-
${{
steps.running_version_tag.outputs.is_running_version_tag_update != 'true' &&
startsWith(github.ref, 'refs/tags/v') &&
!(contains(github.ref, '-alpha.')
|| contains(github.ref, '-beta.')
|| contains(github.ref, '-rc.'))
}}
is_pull_request: ${{ github.event_name == 'pull_request' }}
is_running_version_tag_update: ${{ steps.running_version_tag.outputs.is_running_version_tag_update }}
lint:
name: Lint & Format
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install Python
uses: actions/setup-python@v5
with:
python-version: "3.12"
cache: "pip"
- name: Install Ruff
run: |
python -m pip install --upgrade pip
pip install ruff
- name: Ruff
run: |
ruff format --check .
ruff check --output-format=github .
- name: Install Prettier
run: npm install -g prettier
- name: Prettier
run: prettier --check .
- name: Actionlint
uses: raven-actions/[email protected]
test:
name: Test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install Python
uses: actions/setup-python@v5
with:
python-version: "3.12"
cache: "pip"
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r tests/requirements.txt
- name: Python tests
run: |
python -m unittest tests/*.py
docker-amd64-cuda:
name: Docker Image (amd64-cuda)
needs: [meta, lint, test]
if: needs.meta.outputs.is_running_version_tag_update != 'true'
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Login to Docker Hub
if: needs.meta.outputs.is_pull_request != 'true'
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v3
- name: Available platforms
run: echo ${{ steps.buildx.outputs.platforms }}
- name: "Meta"
id: docker_meta
uses: docker/metadata-action@v5
with:
images: |
${{ needs.meta.outputs.dockerhub_owner }}/${{ needs.meta.outputs.project_name }}
tags: |
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
flavor: |
latest=false
suffix=-amd64-cuda
- name: "Build & Push"
uses: docker/build-push-action@v5
with:
context: .
file: ./Dockerfile-amd64-cuda
platforms: amd64
builder: ${{ steps.buildx.outputs.name }}
push: ${{ needs.meta.outputs.is_pull_request != 'true' }}
tags: ${{ steps.docker_meta.outputs.tags }}
labels: ${{ steps.docker_meta.outputs.labels }}
build-args: |
BIN_VERSION=${{ needs.meta.outputs.bin_version }}
docker-amd64-cpu:
name: Docker Image (amd64-cpu)
needs: [meta, lint, test]
if: needs.meta.outputs.is_running_version_tag_update != 'true'
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Login to Docker Hub
if: needs.meta.outputs.is_pull_request != 'true'
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v3
- name: Available platforms
run: echo ${{ steps.buildx.outputs.platforms }}
- name: "Meta"
id: docker_meta
uses: docker/metadata-action@v5
with:
images: |
${{ needs.meta.outputs.dockerhub_owner }}/${{ needs.meta.outputs.project_name }}
tags: |
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
flavor: |
latest=false
suffix=-amd64-cpu
- name: "Build & Push"
uses: docker/build-push-action@v5
with:
context: .
file: ./Dockerfile-amd64-cpu
platforms: amd64
builder: ${{ steps.buildx.outputs.name }}
push: ${{ needs.meta.outputs.is_pull_request != 'true' }}
tags: ${{ steps.docker_meta.outputs.tags }}
labels: ${{ steps.docker_meta.outputs.labels }}
build-args: |
BIN_VERSION=${{ needs.meta.outputs.bin_version }}
docker-arm64:
name: Docker Image (arm64)
needs: [meta, lint, test]
if: needs.meta.outputs.is_running_version_tag_update != 'true'
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Login to Docker Hub
if: needs.meta.outputs.is_pull_request != 'true'
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v3
- name: Available platforms
run: echo ${{ steps.buildx.outputs.platforms }}
- name: "Meta"
id: docker_meta
uses: docker/metadata-action@v5
with:
images: |
${{ needs.meta.outputs.dockerhub_owner }}/${{ needs.meta.outputs.project_name }}
tags: |
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
flavor: |
latest=false
suffix=-arm64
- name: "Build & Push"
uses: docker/build-push-action@v5
with:
context: .
file: ./Dockerfile-arm64
platforms: arm64
builder: ${{ steps.buildx.outputs.name }}
push: ${{ needs.meta.outputs.is_pull_request != 'true' }}
tags: ${{ steps.docker_meta.outputs.tags }}
labels: ${{ steps.docker_meta.outputs.labels }}
build-args: |
BIN_VERSION=${{ needs.meta.outputs.bin_version }}
release:
name: (Pre)Release
needs: [meta, lint, test, docker-amd64-cuda, docker-amd64-cpu, docker-arm64]
if: >-
needs.meta.outputs.is_release == 'true' ||
needs.meta.outputs.is_prerelease == 'true'
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Create GitHub release
uses: softprops/action-gh-release@v1
with:
prerelease: ${{ needs.meta.outputs.is_prerelease == 'true' }}
generate_release_notes: true
- name: Update Docker Hub description
if: needs.meta.outputs.is_release == 'true'
uses: peter-evans/dockerhub-description@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
repository: ${{ needs.meta.outputs.dockerhub_owner }}/${{ needs.meta.outputs.project_name }}
readme-filepath: ./README.md
short-description: ${{ github.event.repository.description }}
tags:
name: Update Release Tags
needs: [meta, release]
if: needs.meta.outputs.is_release == 'true'
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Update running major/minor version tags
uses: sersoft-gmbh/running-release-tags-action@v3
with:
fail-on-non-semver-tag: true
create-release: false
update-full-release: false
ntfy:
name: Ntfy
if: ${{ !cancelled() }}
runs-on: ubuntu-latest
needs:
[
meta,
lint,
test,
docker-amd64-cuda,
docker-amd64-cpu,
docker-arm64,
release,
tags,
]
steps:
- name: Send success notification
uses: niniyas/ntfy-action@master
if: ${{ !contains(needs.*.result, 'failure') && (needs.meta.outputs.is_release == 'true' || needs.meta.outputs.is_prerelease == 'true') }}
with:
url: "https://ntfy.cdzombak.net"
topic: "gha-builds"
priority: 3
headers: '{"authorization": "Bearer ${{ secrets.NTFY_TOKEN }}"}'
tags: white_check_mark
title: ${{ github.event.repository.name }} ${{ needs.meta.outputs.bin_version }} available
details: ${{ github.event.repository.name }} version ${{ needs.meta.outputs.bin_version }} is now available.
- name: Send failure notification
uses: niniyas/ntfy-action@master
if: ${{ contains(needs.*.result, 'failure') }}
with:
url: "https://ntfy.cdzombak.net"
topic: "gha-builds"
priority: 3
headers: '{"authorization": "Bearer ${{ secrets.NTFY_TOKEN }}"}'
tags: no_entry
title: ${{ github.event.repository.name }} ${{ needs.meta.outputs.bin_version }} build failed
details: Build failed for ${{ github.event.repository.name }} version ${{ needs.meta.outputs.bin_version }}.