Add env variables AUTH_LDAP_GROUP_SEARCH_ROOT for LDAP group mirroring and AUTH_LDAP_CHRIS_ADMIN_GROUP to define a ChRIS admin group #540
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: [ master ] | |
tags: | |
- 'v[0-9]+.[0-9]+.[0-9]+*' | |
pull_request: | |
branches: [ master ] | |
jobs: | |
test: | |
if: github.ref_type == 'branch' || github.ref_name == 'pull_request' | |
runs-on: ubuntu-24.04 | |
strategy: | |
fail-fast: false | |
matrix: | |
engine: [ 'docker', 'podman' ] | |
test-kind: [ 'unit', 'integration' ] | |
steps: | |
- name: Start podman daemon | |
if: matrix.engine == 'podman' | |
run: systemctl --user start podman.service | |
- uses: taiki-e/install-action@just | |
- uses: actions/checkout@v4 | |
- name: Run ${{ matrix.test-kind }} tests on ${{ matrix.engine }} | |
uses: ./ | |
with: | |
engine: ${{ matrix.engine }} | |
command: test-${{ matrix.test-kind }} | |
build: | |
name: Build | |
if: github.event_name == 'push' | |
runs-on: ubuntu-24.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Update __version__.py | |
if: startsWith(github.ref, 'refs/tags/v') | |
run: echo '__version__ = "${GITHUB_REF_NAME:1}"' > chris_backend/__version__.py | |
- name: Docker meta | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: | | |
docker.io/fnndsc/cube | |
ghcr.io/fnndsc/cube | |
tags: | | |
type=ref,event=branch | |
type=ref,event=pr | |
type=semver,pattern={{version}} | |
type=semver,pattern={{major}}.{{minor}} | |
type=raw,value=latest,enable={{is_default_branch}} | |
- uses: docker/setup-qemu-action@v3 | |
- uses: docker/setup-buildx-action@v3 | |
- name: Login to DockerHub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build and push | |
uses: docker/build-push-action@v6 | |
with: | |
push: true | |
context: . | |
file: ./Dockerfile | |
platforms: linux/amd64,linux/arm64 | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
- name: Update Docker Hub description | |
uses: peter-evans/dockerhub-description@v4 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
short-description: ChRIS backend | |
readme-filepath: ./README.md | |
repository: fnndsc/cube | |
openapi: | |
name: Generate OpenAPI Schema | |
runs-on: ubuntu-24.04 | |
steps: | |
- uses: taiki-e/install-action@just | |
- uses: actions/checkout@v4 | |
- name: Update __version__.py | |
if: startsWith(github.ref, 'refs/tags/v') | |
run: echo '__version__ = "${GITHUB_REF_NAME:1}"' > chris_backend/__version__.py | |
- run: just prefer docker | |
- run: just build | |
- name: Generate OpenAPI schema (correct) | |
run: just openapi 2> spectacular.log > schema.yaml || (cat spectacular.log; exit 1) | |
- name: Generate OpenAPI schema (split) | |
run: just openapi-split 2> spectacular_split.log > schema_split.yaml || (cat spectacular_split.log; exit 1) | |
- name: Upload schema YAML files | |
uses: actions/upload-artifact@v4 | |
with: | |
name: openapi_schema | |
path: schema*.yaml | |
if-no-files-found: error | |
- name: Assert no drf-spectacular errors nor warnings | |
run: | | |
for f in spectacular*.log; do | |
if grep -qi '(warning|error)' $f; then | |
cat $f | |
exit 1 | |
fi | |
done | |
- name: Stop services | |
run: just down | |
build-docs: | |
name: Generate OpenAPI Documentation | |
if: startsWith(github.ref, 'refs/tags/v') | |
needs: openapi | |
runs-on: ubuntu-24.04 | |
steps: | |
- uses: actions/download-artifact@v4 | |
with: | |
name: openapi_schema | |
- name: Install the OpenAPI Generator | |
run: npm install @openapitools/openapi-generator-cli -g | |
- name: Generate html2 | |
run: | | |
openapi-generator-cli generate -i schema_split.yaml -g html2 -o dist \ | |
-p [email protected],infoUrl=https://chrisproject.org \ | |
-p licenseInfo=MIT \ | |
-p licenseUrl=${{ github.server_url }}/${{ github.repository }}/blob/${{ github.sha }}/LICENSE \ | |
-p pythonPackageName=chris_oag | |
- name: Upload pages artifact | |
uses: actions/upload-pages-artifact@v3 | |
with: | |
path: ./dist | |
deploy-docs: | |
name: Update GitHub Pages | |
needs: build-docs | |
runs-on: ubuntu-24.04 | |
# Grant GITHUB_TOKEN the permissions required to make a Pages deployment | |
permissions: | |
pages: write # to deploy to Pages | |
id-token: write # to verify the deployment originates from an appropriate source | |
# Deploy to the github-pages environment | |
environment: | |
name: github-pages | |
url: ${{ steps.deployment.outputs.page_url }} | |
steps: | |
- name: Deploy to GitHub Pages | |
id: deployment | |
uses: actions/deploy-pages@v4 | |
draft-release: | |
name: Draft GitHub Release | |
runs-on: ubuntu-24.04 | |
if: startsWith(github.ref, 'refs/tags/v') | |
needs: | |
- build | |
- openapi | |
steps: | |
- id: version | |
run: echo "version=${GITHUB_REF_NAME:1}" >> "$GITHUB_OUTPUT" | |
- uses: actions/download-artifact@v4 | |
with: | |
name: openapi_schema | |
- uses: softprops/action-gh-release@v2 | |
with: | |
draft: true | |
prerelease: ${{ contains( github.ref_name, '-' ) }} | |
files: '*.yaml' | |
fail_on_unmatched_files: true | |
name: CUBE - version ${{ steps.version.outputs.version }} | |
generate_release_notes: true | |
body: | | |
## Getting the Image | |
Using [Podman](https://podman.io): | |
```shell | |
podman pull ghcr.io/fnndsc/cube:${{ steps.version.outputs.version }} | |
``` | |
Using [Docker](https://docker.com): | |
```shell | |
docker pull ghcr.io/fnndsc/cube:${{ steps.version.outputs.version }} | |
``` |