Introduce GitHub Actions and Workflows #20
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,56 @@ | ||
| name: Build and Push Container Image | ||
|
|
||
| on: | ||
| push: | ||
| branches: | ||
| - main | ||
| paths: | ||
| - 'Containerfile' | ||
| - 'pyproject.toml' | ||
| - 'uv.lock' | ||
| workflow_dispatch: | ||
|
|
||
| env: | ||
| REGISTRY: ghcr.io | ||
| IMAGE_NAME: ${{ github.repository }} | ||
|
|
||
| jobs: | ||
| build-and-push: | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| contents: read | ||
| packages: write | ||
|
|
||
| steps: | ||
| - name: Checkout repository | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Set up Docker Buildx | ||
| uses: docker/setup-buildx-action@v3 | ||
|
|
||
| - name: Log in to Container Registry | ||
| uses: docker/login-action@v3 | ||
| with: | ||
| registry: ${{ env.REGISTRY }} | ||
| username: ${{ github.actor }} | ||
| password: ${{ secrets.GITHUB_TOKEN }} | ||
|
|
||
| - name: Extract metadata (tags, labels) | ||
| id: meta | ||
| uses: docker/metadata-action@v5 | ||
| with: | ||
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | ||
| tags: | | ||
| type=raw,value=latest,enable={{is_default_branch}} | ||
| type=sha,prefix= | ||
|
|
||
| - name: Build and push container image | ||
| uses: docker/build-push-action@v6 | ||
| with: | ||
| context: . | ||
| file: ./Containerfile | ||
| push: true | ||
| tags: ${{ steps.meta.outputs.tags }} | ||
| labels: ${{ steps.meta.outputs.labels }} | ||
| cache-from: type=gha | ||
| cache-to: type=gha,mode=max |
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| name: GitHub Copilot Dev Environment | ||
|
|
||
| on: | ||
| workflow_dispatch: | ||
|
|
||
| jobs: | ||
| copilot: | ||
| runs-on: ubuntu-latest | ||
| container: | ||
| image: ghcr.io/${{ github.repository }}:latest | ||
| credentials: | ||
| username: ${{ github.actor }} | ||
| password: ${{ secrets.GITHUB_TOKEN }} | ||
|
|
||
| steps: | ||
| - name: Checkout repository | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Sync dependencies | ||
| run: uv sync --frozen | ||
|
|
||
| - name: Setup Copilot environment | ||
| run: | | ||
| echo "Development environment ready for GitHub Copilot" | ||
| echo "Python version: $(python --version)" | ||
| echo "uv version: $(uv --version)" | ||
| uv pip list | ||
|
Comment on lines
+19
to
+27
There was a problem hiding this comment. If this workflow is meant to mirror the devcontainer setup for the “AI agent”, it currently only runs
Member
Author
There was a problem hiding this comment. @copilot open a new pull request to apply changes based on this feedback |
||
| Original file line number | Diff line number | Diff line change | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| @@ -0,0 +1,28 @@ | ||||||||||||
| name: PR Tests | ||||||||||||
|
|
||||||||||||
| on: | ||||||||||||
| pull_request: | ||||||||||||
| branches: [main] | ||||||||||||
|
|
||||||||||||
| env: | ||||||||||||
| REGISTRY: ghcr.io | ||||||||||||
| IMAGE_NAME: ${{ github.repository }} | ||||||||||||
|
|
||||||||||||
| jobs: | ||||||||||||
| test: | ||||||||||||
| runs-on: ubuntu-latest | ||||||||||||
| container: | ||||||||||||
| image: ghcr.io/${{ github.repository }}:latest | ||||||||||||
| credentials: | ||||||||||||
| username: ${{ github.actor }} | ||||||||||||
| password: ${{ secrets.GITHUB_TOKEN }} | ||||||||||||
|
Comment on lines
+14
to
+18
There was a problem hiding this comment. This workflow runs tests inside
Suggested change
Member
Author
There was a problem hiding this comment. Are you sure this is an okay tradeoff, @gvegayon? Do you have experience in how long it usually takes to build similar images on GHA?
Member
There was a problem hiding this comment. Generally, it should be fast. But I think, overall, having a production environment makes things more robust. Sure, the CI will fail the first time, but it will only be once. Having an image to run on becomes more important as the project starts increasing in complexity (which I've seen in the past).
Member
Author
There was a problem hiding this comment. Great, thanks. I'll resolve this conversation. |
||||||||||||
|
|
||||||||||||
|
Comment on lines
+12
to
+19
There was a problem hiding this comment. Pulling from GHCR in a PR workflow often requires explicit token permissions (
Member
Author
There was a problem hiding this comment. @copilot open a new pull request to apply changes based on this feedback |
||||||||||||
| steps: | ||||||||||||
| - name: Checkout repository | ||||||||||||
| uses: actions/checkout@v4 | ||||||||||||
|
|
||||||||||||
| - name: Install dependencies with uv | ||||||||||||
| run: uv sync --frozen | ||||||||||||
|
|
||||||||||||
| - name: Run tests with pytest | ||||||||||||
| run: uv run pytest | ||||||||||||
olivia-banks marked this conversation as resolved.
Show resolved
Hide resolved
|
||||||||||||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Like
on_pr.yml, this job pulls a GHCR image but does not declarepermissions: packages: read. In orgs that defaultGITHUB_TOKENto read-only or restrict package access, the image pull can fail. Add explicit job/workflow permissions forcontents: readandpackages: readto make execution more predictable.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@copilot open a new pull request to apply changes based on this feedback