Skip to content

Merge pull request #227 from artichoke/lopopolo/mit-0 #640

Merge pull request #227 from artichoke/lopopolo/mit-0

Merge pull request #227 from artichoke/lopopolo/mit-0 #640

Workflow file for this run

---
name: CI
"on":
push:
branches:
- trunk
pull_request:
branches:
- trunk
schedule:
- cron: "0 0 * * TUE"
jobs:
gpg-sign:
name: GPG Signing
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4.1.1
- name: Setup Python
uses: actions/setup-python@v5.0.0
with:
python-version-file: ".python-version"
- name: Install Python dependencies
run: |
python3 -m venv --upgrade-deps venv
venv/bin/python3 -m pip install --upgrade pip wheel
venv/bin/python3 -m pip install --require-hashes -r requirements.txt
- name: Clone Artichoke
uses: actions/checkout@v4.1.1
with:
repository: artichoke/artichoke
path: artichoke
# ```
# $ gpg --fingerprint --with-subkey-fingerprints codesign@artichokeruby.org
# pub ed25519 2021-01-03 [SC]
# C983 8F10 4021 F59E E6F6 BCBE B199 D034 7FDA 14A4
# uid [ultimate] Code signing for Artichoke Ruby <codesign@artichokeruby.org>
# sub cv25519 2021-01-03 [E]
# 7719 1B6D 83B2 F4E8 5197 125B A9A3 F70E 710A 15AA
# sub ed25519 2021-01-03 [S]
# 1C4A 856A CF86 EC1E E841 180F AF57 A37C AC06 1452
# ```
- name: Import GPG key
id: import_gpg
uses: crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4 # v6.1.0
with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.GPG_SIGNING_KEY_PASSPHRASE }}
fingerprint: 1C4A856ACF86EC1EE841180FAF57A37CAC061452
- name: List keys
run: gpg -K
- name: Build release artifacts
working-directory: artichoke
run: cargo build --verbose --release
- name: GPG sign binary
id: gpg_signing
run: venv/bin/python3 gpg_sign.py "nightly-gpg-sign-test" --artifact artichoke/target/release/artichoke
- name: Verify GPG signature
run: gpg --batch --verify "${{ steps.gpg_signing.outputs.signature }}" artichoke/target/release/artichoke
apple-codesign:
name: Apple Codesigning
runs-on: macos-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4.1.1
- name: Setup Python
uses: actions/setup-python@v5.0.0
with:
python-version-file: ".python-version"
- name: Install Python dependencies
run: |
python3 -m venv --upgrade-deps venv
venv/bin/python3 -m pip install --upgrade pip wheel
venv/bin/python3 -m pip install --require-hashes -r requirements.txt
- name: Clone Artichoke
uses: actions/checkout@v4.1.1
with:
repository: artichoke/artichoke
path: artichoke
- name: Build release artifacts
working-directory: artichoke
run: cargo build --verbose --release
# This will codesign binaries in place which means that the tarballed
# binaries will be codesigned as well.
- name: Run Apple Codesigning and Notarization
id: apple_codesigning
if: runner.os == 'macOS'
run: |
venv/bin/python3 macos_sign_and_notarize.py "nightly-apple-codesign-test" \
--binary "artichoke/target/release/artichoke" \
--binary "artichoke/target/release/airb" \
--resource artichoke/LICENSE \
--resource artichoke/README.md \
--dmg-icon-url "https://artichoke.github.io/logo/Artichoke-dmg.icns"
env:
MACOS_NOTARIZE_APP_PASSWORD: ${{ secrets.MACOS_NOTARIZE_APP_PASSWORD }}
MACOS_CERTIFICATE: ${{ secrets.MACOS_CERTIFICATE }}
MACOS_CERTIFICATE_PASSPHRASE: ${{ secrets.MACOS_CERTIFICATE_PASSPHRASE }}
- name: Verify code signature
run: |
codesign --verify --check-notarization --deep --strict=all artichoke/target/release/artichoke
codesign --verify --check-notarization --deep --strict=all artichoke/target/release/airb
- name: Verify DMG code signature
run: spctl -a -t open --context context:primary-signature "${{ steps.apple_codesigning.outputs.asset }}" -v
python:
name: Lint and format Python
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4.1.1
- name: Setup Python
uses: actions/setup-python@v5.0.0
with:
python-version-file: ".python-version"
- name: Install Python dependencies
run: |
python3 -m venv --upgrade-deps venv
venv/bin/python3 -m pip install --upgrade pip wheel
venv/bin/python3 -m pip install --require-hashes -r requirements.txt -r dev-requirements.txt
- name: Run black
run: venv/bin/black --check --diff --verbose .
- name: Run ruff
run: venv/bin/ruff --output-format=github .
- name: Run mypy
run: venv/bin/mypy .
ruby:
name: Lint and format Ruby
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4.1.1
- name: Install Ruby toolchain
uses: ruby/setup-ruby@22fdc77bf4148f810455b226c90fb81b5cbc00a7 # v1.171.0
with:
ruby-version: ".ruby-version"
bundler-cache: true
- name: Lint and check formatting with Rubocop
run: bundle exec rubocop --format github
text:
name: Lint and format text
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4.1.1
- name: Setup Node.js runtime
uses: actions/setup-node@v4.0.1
with:
node-version: "lts/*"
- name: Install toolchain
run: npm ci
- name: Lint and check formatting with prettier
run: npx prettier --check '**/*'
- name: Lint YAML sources with yamllint
run: |
yamllint --version
echo "Linting YAML sources with yamllint ..."
yamllint --strict --format github .
echo "OK"