Skip to content

build(PYTHON): python to 3.11 and ansible to ^11 #799

build(PYTHON): python to 3.11 and ansible to ^11

build(PYTHON): python to 3.11 and ansible to ^11 #799

Workflow file for this run

---
name: mac_maker-push
# Workflow Secrets:
# SLACK_WEBHOOK (Required, for slack notifications...)
on:
push:
schedule:
- cron: "0 6 * * 1"
workflow_dispatch:
env:
PROJECT_NAME: "mac_maker"
USERNAME: "osx-provisioner"
VERBOSE_NOTIFICATIONS: 0
jobs:
_start_notification:
runs-on: ubuntu-latest
steps:
- name: Start -- Checkout Repository
uses: actions/checkout@v3
- name: Start -- Setup Environment
run: |
source ./.github/scripts/setup.sh
env:
WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
- name: Start -- Report Job Status on Success
run: |
./.github/scripts/notifications.sh "${NOTIFICATION}" ":white_check_mark: workflow has started!"
- name: Start -- Report Job Status on Failure
if: failure()
run: |
./.github/scripts/notifications.sh "${NOTIFICATION}" ":x: error reporting job status!"
_success_notification:
needs: [attach_release_binaries]
runs-on: ubuntu-latest
steps:
- name: Success -- Checkout Repository
uses: actions/checkout@v3
- name: Success -- Setup Environment
run: |
source .github/scripts/setup.sh
env:
WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
- name: Success -- Report Job Status on Success
run: |
./.github/scripts/notifications.sh "${NOTIFICATION}" ":white_check_mark: all checks were successful!"
- name: Success -- Report Job Status on Failure
if: failure()
run: |
./.github/scripts/notifications.sh "${NOTIFICATION}" ":x: error reporting job status!"
apply:
needs: [container_build, osx_build]
# Only on tags, main and production branches.
runs-on: macos-${{ matrix.os }}
strategy:
max-parallel: 4
matrix:
os: [12, 13]
platform: [x86_64]
python-version: [3.11.8]
steps:
- name: Apply Test -- Branch Filter
id: branch_filter
run: |
MATCH="FALSE"
[[ "${{ github.event.ref }}" =~ /tags/v\.* ]] && MATCH="TRUE"
[[ "${{ github.event.ref }}" == "refs/heads/main" ]] && MATCH="TRUE"
[[ "${{ github.event.ref }}" == "refs/heads/production" ]] && MATCH="TRUE"
echo "MATCH=${MATCH}" >> $GITHUB_OUTPUT
- name: Apply Test -- Checkout
if: steps.branch_filter.outputs.match == 'TRUE'
uses: actions/checkout@v3
- name: Apply Test -- Setup Environment
if: steps.branch_filter.outputs.match == 'TRUE'
run: |
source .github/scripts/setup.sh
env:
WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
PYTHON_VERSION: ${{ matrix.python-version }}
- name: Apply Test -- Download Built Binary
if: steps.branch_filter.outputs.match == 'TRUE'
uses: actions/download-artifact@v3
with:
name: built_binary_${{ matrix.os }}_${{ matrix.platform }}_${{ env.BRANCH_OR_TAG }}
- name: Apply Test -- Clear Quarantine Attribute
if: steps.branch_filter.outputs.match == 'TRUE'
run: |
tar xvzf mac_maker_${{ matrix.os }}_${{ matrix.platform }}_${BRANCH_OR_TAG}.tar.gz
xattr -d -r com.apple.quarantine mac_maker_${{ matrix.os }}_${{ matrix.platform }}_${BRANCH_OR_TAG}
- name: Apply Test -- Apply a Profile
if: steps.branch_filter.outputs.match == 'TRUE'
run: |
cd mac_maker_${{ matrix.os }}_${{ matrix.platform }}_${BRANCH_OR_TAG}
export ANSIBLE_BECOME_PASSWORD="skip the prompt"
./mac_maker apply github https://github.com/osx-provisioner/profile-example.git
- name: Apply Test -- Report Job Status (Success)
if: steps.branch_filter.outputs.match == 'TRUE' && env.VERBOSE_NOTIFICATIONS == '1'
run: |
./.github/scripts/notifications.sh "${NOTIFICATION}" ":white_check_mark: ${{ matrix.os }} profile application using built binary (${{ matrix.os }} ${{ matrix.platform }}) was successful"
- name: Apply Test -- Report Job Status (Failure)
if: failure()
run: |
./.github/scripts/notifications.sh "${NOTIFICATION}" ":x: ${{ matrix.os }} profile application using built binary (${{ matrix.os }} ${{ matrix.platform }}) failed!"
attach_release_binaries:
needs: [create_release]
runs-on: ubuntu-latest
strategy:
max-parallel: 4
matrix:
os: [12, 13]
platform: [x86_64]
python-version: [3.11.8]
steps:
- name: Attach Release Binaries -- Branch Filter
id: branch_filter
run: |
MATCH="FALSE"
[[ "${{ github.event.ref }}" =~ /tags/v\.* ]] && MATCH="TRUE"
echo "MATCH=${MATCH}" >> $GITHUB_OUTPUT
- name: Attach Release Binaries -- Checkout
if: steps.branch_filter.outputs.match == 'TRUE'
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Attach Release Binaries -- Setup Environment
if: steps.branch_filter.outputs.match == 'TRUE'
run: |
source .github/scripts/setup.sh
env:
WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
PYTHON_VERSION: ${{ matrix.python-version }}
- name: Attach Release Binaries -- Download Built Binary
if: steps.branch_filter.outputs.match == 'TRUE'
uses: actions/download-artifact@v3
with:
name: built_binary_${{ matrix.os }}_${{ matrix.platform }}_${{ env.BRANCH_OR_TAG }}
- name: Attach Release Binaries -- Identify Binary
if: steps.branch_filter.outputs.match == 'TRUE'
run: |
ls -la
BINARY_NAME=$(ls *.tar.gz)
echo "BINARY_NAME=${BINARY_NAME}" >> $GITHUB_ENV
- name: Attach Release Binaries -- Upload Release Asset
if: steps.branch_filter.outputs.match == 'TRUE'
run: |
source ./.github/scripts/upload_asset.sh
env:
FILE_PATH: ${{ env.BINARY_NAME }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
UPLOAD_URL: ${{ needs.create_release.outputs.upload_url }}
- name: Attach Release Binaries -- Report Success
if: steps.branch_filter.outputs.match == 'TRUE' && env.VERBOSE_NOTIFICATIONS == '1'
run: |
./.github/scripts/notifications.sh "${NOTIFICATION}" ":white_check_mark: compiled binary has been attached to release: ${BINARY_NAME}"
- name: Attach Release Binaries -- Report Failure
if: failure() && contains(github.ref, '/tags/v')
run: |
./.github/scripts/notifications.sh "${NOTIFICATION}" ":x: compiled binaries could not be attached to release!"
container_build:
runs-on: ubuntu-latest
strategy:
max-parallel: 4
matrix:
include:
- python-version: 3.11
steps:
- name: Container Build -- Checkout
uses: actions/checkout@v3
- name: Container Build -- Setup Environment
run: |
source .github/scripts/setup.sh
env:
WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
PYTHON_VERSION: ${{ matrix.python-version }}
- name: Container Build -- Create Docker Mounted Content
run: |
echo | ssh-keygen
touch ${HOME}/.gitconfig
touch ${HOME}/.gitconfig_global
- name: Container Build -- Build Container
run: |
source .github/scripts/build_container.sh
- name: Container Build -- Ensure GIT is working
run: |
docker compose exec -T "${PROJECT_NAME}" git status
- name: Container Build -- Run TOML Linter
run: |
docker compose exec -T "${PROJECT_NAME}" tomll /app/pyproject.toml
- name: Container Build -- Run Documentation Build
run: |
docker compose exec -T "${PROJECT_NAME}" dev build-docs
- name: Container Build -- Run Linter
run: |
docker compose exec -T "${PROJECT_NAME}" dev lint
- name: Container Build -- Run Sec Test
run: |
docker compose exec -T "${PROJECT_NAME}" dev sectest
- name: Container Build -- Run Unit Tests
run: |
docker compose exec -T "${PROJECT_NAME}" dev coverage
- name: Container Build -- Run MyPy
run: |
docker compose exec -T "${PROJECT_NAME}" dev types
- name: Container Build -- Run Release Validation
run: |
docker compose exec -T "${PROJECT_NAME}" ./scripts/release.sh
- name: Container Build -- Report Job Status (Success)
if: env.VERBOSE_NOTIFICATIONS == '1'
run: |
./.github/scripts/notifications.sh "${NOTIFICATION}" ":white_check_mark: container build for Python ${PYTHON_VERSION} was successful"
- name: Container Build -- Report Job Status (Failure)
if: failure()
run: |
./.github/scripts/notifications.sh "${NOTIFICATION}" ":x: container build for Python ${PYTHON_VERSION} failed!"
create_release:
needs: [_start_notification, apply, container_build, documentation_test, security_test, shellcheck_test, workflow_lint_test]
runs-on: ubuntu-latest
outputs:
upload_url: ${{ fromJSON(steps.create_release.outputs.result).data.upload_url }}
steps:
- name: Create Release -- Branch Filter
id: branch_filter
run: |
MATCH="FALSE"
[[ "${{ github.event.ref }}" =~ /tags/v\.* ]] && MATCH="TRUE"
echo "MATCH=${MATCH}" >> $GITHUB_OUTPUT
- name: Create Release -- Checkout
if: steps.branch_filter.outputs.match == 'TRUE'
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Create Release -- Setup Environment
if: steps.branch_filter.outputs.match == 'TRUE'
run: |
source .github/scripts/setup.sh
env:
WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
- name: Create Release -- Prepare Content
if: steps.branch_filter.outputs.match == 'TRUE'
run: |
echo "{}" > package.json
- name: Create Release -- Generate Changelog
if: steps.branch_filter.outputs.match == 'TRUE'
run:
source ./.github/scripts/changelog.sh
- name: Create Release -- Generate Github Release Draft
id: create_release
uses: actions/github-script@v6
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
try {
if (process.env.RELEASE_BRANCH !== 'TRUE') {
return { data: { upload_url: null }}
}
const result = await github.rest.repos.createRelease({
body: process.env.CHANGE_LOG_CONTENT,
draft: true,
name: "Release " + process.env.BRANCH_OR_TAG,
owner: context.repo.owner,
prerelease: false,
repo: context.repo.repo,
tag_name: process.env.BRANCH_OR_TAG,
});
return result
} catch (error) {
core.setFailed(error.message);
}
env:
RELEASE_BRANCH: ${{ steps.branch_filter.outputs.match }}
- name: Create Release -- Report Success
if: steps.branch_filter.outputs.match == 'TRUE' && env.VERBOSE_NOTIFICATIONS == '1'
run: |
./.github/scripts/notifications.sh "${NOTIFICATION}" ":white_check_mark: automated release has been created:\nhttps://github.com/${USERNAME}/${PROJECT_NAME}/releases"
- name: Create Release -- Report Failure
if: failure()
run: |
./.github/scripts/notifications.sh "${NOTIFICATION}" ":x: automated release generation failed!"
documentation_test:
runs-on: ubuntu-latest
steps:
- name: Documentation Test -- Checkout Repository
uses: actions/checkout@v3
- name: Documentation Test -- Setup Environment
run: |
source .github/scripts/setup.sh
env:
WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
- name: Documentation Test -- Documentation Validation
uses: gaurav-nelson/github-action-markdown-link-check@1.0.13
with:
config-file: '.github/config/actions/gaurav-nelson-github-action-markdown-link-check.json'
use-quiet-mode: 'no'
use-verbose-mode: 'yes'
- name: Documentation Test -- Report Success
if: env.VERBOSE_NOTIFICATIONS == '1'
run: |
./.github/scripts/notifications.sh "${NOTIFICATION}" ":white_check_mark: documentation checks were successful!"
- name: Documentation Test -- Report Failure
if: failure()
run: |
./.github/scripts/notifications.sh "${NOTIFICATION}" ":x: documentation checks failed!"
security_test:
runs-on: ubuntu-latest
steps:
- name: Security Test -- Checkout Repository
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Security Test -- Setup Environment
run: |
source .github/scripts/setup.sh
source .github/scripts/pushed_commit_range.sh
env:
WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
GITHUB_CONTEXT: ${{ toJson(github) }}
- name: Security Test -- Run Trufflehog
uses: trufflesecurity/trufflehog@v3.54.4
with:
path: .
base: ${{ env.PUSHED_COMMIT_RANGE }}
head: ${{ env.BRANCH_OR_TAG }}
extra_args: --only-verified
- name: Security Test -- Report Success
if: env.VERBOSE_NOTIFICATIONS == '1'
run: |
./.github/scripts/notifications.sh "${NOTIFICATION}" ":white_check_mark: security checks were successful!"
- name: Security Test -- Report Failure
if: failure()
run: |
./.github/scripts/notifications.sh "${NOTIFICATION}" ":x: security checks failed!"
shellcheck_test:
runs-on: ubuntu-latest
steps:
- name: Shellcheck -- Checkout Repository
uses: actions/checkout@v3
- name: Shellcheck -- Setup Environment
run: |
source .github/scripts/setup.sh
env:
WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
- name: Shellcheck -- Check Scripts
run: |
source .github/scripts/shellcheck.sh
- name: Shellcheck -- Report Job Status on Success
if: env.VERBOSE_NOTIFICATIONS == '1'
run: |
./.github/scripts/notifications.sh "${NOTIFICATION}" ":white_check_mark: shellcheck checks were successful!"
- name: Shellcheck -- Report Job Status on Failure
if: failure()
run: |
./.github/scripts/notifications.sh "${NOTIFICATION}" ":x: shellcheck checks failed!"
workflow_lint_test:
runs-on: ubuntu-latest
strategy:
max-parallel: 4
matrix:
python-version: [3.11]
steps:
- name: Workflow Lint -- Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v4
with:
python-version: ${{ matrix.python-version }}
- name: Workflow Lint -- Checkout Repository
uses: actions/checkout@v3
- name: Workflow Lint -- Setup Environment
run: |
source ./.github/scripts/setup.sh
pip install yamllint
env:
WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
- name: Workflow Lint -- Run Linter
run: |
yamllint ./.github/workflows -c .yamllint.yml -f standard
- name: Workflow Lint -- Report Job Status on Success
if: env.VERBOSE_NOTIFICATIONS == '1'
run: |
./.github/scripts/notifications.sh "${NOTIFICATION}" ":white_check_mark: workflow linting was successful!"
- name: Workflow Lint -- Report Job Status on Failure
if: failure()
run: |
./.github/scripts/notifications.sh "${NOTIFICATION}" ":x: workflow linting has failed!"
osx_build:
# Only on tags, main and production branches.
runs-on: macos-${{ matrix.os }}
strategy:
max-parallel: 4
matrix:
os: [12, 13]
platform: [x86_64]
python-version: [3.11.8]
steps:
- name: OSX Build -- Branch Filter
id: branch_filter
run: |
MATCH="FALSE"
[[ "${{ github.event.ref }}" =~ /tags/v\.* ]] && MATCH="TRUE"
[[ "${{ github.event.ref }}" == "refs/heads/main" ]] && MATCH="TRUE"
[[ "${{ github.event.ref }}" == "refs/heads/production" ]] && MATCH="TRUE"
echo "MATCH=${MATCH}" >> $GITHUB_OUTPUT
- name: OSX Build -- Checkout
if: steps.branch_filter.outputs.match == 'TRUE'
uses: actions/checkout@v3
- name: OSX Build -- Setup Environment
if: steps.branch_filter.outputs.match == 'TRUE'
run: |
source .github/scripts/setup.sh
env:
WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
PYTHON_VERSION: ${{ matrix.python-version }}
- name: OSX Build -- Setup Python ${{ matrix.python-version }}
if: steps.branch_filter.outputs.match == 'TRUE'
run: |
./scripts/build.sh pyenv "${PYTHON_VERSION}"
env:
HOMEBREW_NO_INSTALLED_DEPENDENTS_CHECK: 1
- name: OSX Build -- Setup Build Environment
if: steps.branch_filter.outputs.match == 'TRUE'
shell: bash -l {0}
run: |
eval $(~/.pyenv/bin/pyenv init --path)
pip install poetry wheel
env:
PYENV_VERSION: ${{ matrix.python-version }}
- name: OSX Build -- Build Mac Maker Binary
if: steps.branch_filter.outputs.match == 'TRUE'
shell: bash -l {0}
run: |
eval $(~/.pyenv/bin/pyenv init --path)
./scripts/build.sh binary "${OS_VERSION}" "${BRANCH_OR_TAG}"
env:
PYENV_VERSION: ${{ matrix.python-version }}
OS_VERSION: ${{ matrix.os }}
PLATFORM: ${{ matrix.platform }}
- name: OSX Build -- Test the version command
if: steps.branch_filter.outputs.match == 'TRUE'
shell: bash -l {0}
run: |
./dist/mac_maker version
env:
PYENV_VERSION: ${{ matrix.python-version }}
- name: OSX Build -- Upload Build Artifact
if: steps.branch_filter.outputs.match == 'TRUE'
uses: actions/upload-artifact@v3
with:
name: built_binary_${{ matrix.os }}_${{ matrix.platform }}_${{ env.BRANCH_OR_TAG }}
path: ./dist/mac_maker_${{ matrix.os }}_${{ matrix.platform }}_${{ env.BRANCH_OR_TAG }}.tar.gz
retention-days: 1
if-no-files-found: error
- name: OSX Build -- Report Job Status (Success)
if: steps.branch_filter.outputs.match == 'TRUE' && env.VERBOSE_NOTIFICATIONS == '1'
run: |
./.github/scripts/notifications.sh "${NOTIFICATION}" ":white_check_mark: ${{ matrix.os }} binary build for Python ${PYTHON_VERSION} was successful"
- name: OSX Build -- Report Job Status (Failure)
if: failure()
run: |
./.github/scripts/notifications.sh "${NOTIFICATION}" ":x: ${{ matrix.os }} binary build for Python ${PYTHON_VERSION} failed!"