Skip to content

Update pixi conda-build task #255

Update pixi conda-build task

Update pixi conda-build task #255

name: Tests, Package, and Deployment
on:
workflow_dispatch:
pull_request:
push:
branches: [next, qa, main]
tags: ["v*"]
env:
PKG_NAME: examplepyapp
MODULE_NAME: packagenamepy
# cancel previous job if new commit is pushed
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
tests:
name: Unit tests
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v7
with:
fetch-depth: 0
fetch-tags: true
- name: Setup pixi
uses: prefix-dev/setup-pixi@a09b6247153796b190642a2b53fac4241043cf6f # v0.10.0
with:
manifest-path: pyproject.toml
# Workaround: Dynamic versioning (versioningit) causes lock file version mismatch.
# We skip the editable package install and do it separately with pip.
# See: https://github.com/prefix-dev/pixi/pull/3092
run-install: false
- name: Install dependencies (skip local package)
run: pixi install --frozen --skip ${{ env.PKG_NAME }}
- name: Install local package
run: pixi run pip install --no-deps -e .
- name: Run unit tests
run: pixi run test
- name: Upload coverage to codecov
uses: codecov/codecov-action@fb8b3582c8e4def4969c97caa2f19720cb33a72f # v7
if: github.actor != 'dependabot[bot]'
with:
token: ${{ secrets.CODECOV_TOKEN }}
- name: Dependency check
run: |
pixi run audit-deps
conda-build:
name: Build conda package
runs-on: ubuntu-latest
permissions:
contents: read # for actions/checkout
security-events: write # for github/codeql-action/upload-sarif to upload results
actions: read # for upload-sarif to read run status (private repos)
steps:
- name: Checkout
uses: actions/checkout@v7
with:
fetch-depth: 0
fetch-tags: true
- name: Setup pixi
uses: prefix-dev/setup-pixi@a09b6247153796b190642a2b53fac4241043cf6f # v0.10.0
with:
manifest-path: pyproject.toml
# Workaround: Dynamic versioning (versioningit) causes lock file version mismatch.
# We skip the editable package install and do it separately with pip.
# See: https://github.com/prefix-dev/pixi/pull/3092
run-install: false
- name: Install dependencies (skip local package)
run: pixi install --frozen --skip ${{ env.PKG_NAME }}
- name: Install local package
run: pixi run pip install --no-deps -e .
- name: Build conda package
run: |
pixi run conda-build
# pkg-verify requires a conda env that already has the package
# installed (and micromamba on PATH); pkg-install sets both up.
- name: Install built conda package
id: install
uses: neutrons/conda-actions/pkg-install@bba9ca89d48d9ae846db9650cc63fde736340b3d # v2
with:
package-name: ${{ env.PKG_NAME }}
local-channel: ./local-channel
- name: Verify conda package
uses: neutrons/conda-actions/pkg-verify@bba9ca89d48d9ae846db9650cc63fde736340b3d # v2
with:
package-name: ${{ env.PKG_NAME }}
module-name: ${{ env.MODULE_NAME }}
conda-env-name: ${{ steps.install.outputs.conda_env }}
# Audit the dependencies of the conda package we just installed. SARIF
# results are uploaded to GitHub code scanning by the grype action.
- name: Scan installed environment with Grype
uses: neutrons/conda-actions/grype@bba9ca89d48d9ae846db9650cc63fde736340b3d # v2
with:
path: ${{ steps.install.outputs.conda_install_dir }}
- name: Upload conda package as artifact
uses: actions/upload-artifact@v7
with:
name: artifact-conda-package
path: ${{ env.PKG_NAME }}-*.conda
publish:
name: Upload package to anaconda
runs-on: ubuntu-latest
needs: [tests, conda-build]
if: startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/next'
steps:
- name: Checkout
uses: actions/checkout@v7
with:
fetch-depth: 0
fetch-tags: true
- name: Setup Pixi
uses: prefix-dev/setup-pixi@a09b6247153796b190642a2b53fac4241043cf6f # v0.10.0
with:
manifest-path: pyproject.toml
# Workaround: Dynamic versioning (versioningit) causes lock file version mismatch.
# We skip the editable package install and do it separately with pip.
# See: https://github.com/prefix-dev/pixi/pull/3092
run-install: false
- name: Install dependencies (skip local package)
run: pixi install --frozen --skip ${{ env.PKG_NAME }}
- name: Download conda package artifact
uses: actions/download-artifact@v8
with:
name: artifact-conda-package
- name: Upload package to anaconda
uses: neutrons/conda-actions/publish@bba9ca89d48d9ae846db9650cc63fde736340b3d # v2
with:
anaconda-token: ${{ secrets.ANACONDA_TOKEN }}
organization: neutrons
package-path: ${{ env.PKG_NAME }}-*.conda
- name: Remove old packages
if: github.ref == 'refs/heads/next'
uses: neutrons/conda-actions/pkg-remove@bba9ca89d48d9ae846db9650cc63fde736340b3d # v2
with:
anaconda_token: ${{ secrets.ANACONDA_TOKEN }}
organization: neutrons
package_name: ${{ env.PKG_NAME }}
label: ${{ env.CONDA_LABEL }}
keep: 5
pypi-publish:
name: Upload release to PyPI
runs-on: ubuntu-latest
needs: tests
permissions:
# IMPORTANT: this permission is mandatory for trusted publishing
id-token: write
steps:
- name: Checkout
uses: actions/checkout@v7
with:
fetch-depth: 0
fetch-tags: true
- name: Setup pixi
uses: prefix-dev/setup-pixi@a09b6247153796b190642a2b53fac4241043cf6f # v0.10.0
with:
manifest-path: pyproject.toml
# Workaround: Dynamic versioning (versioningit) causes lock file version mismatch.
# We skip the editable package install and do it separately with pip.
# See: https://github.com/prefix-dev/pixi/pull/3092
run-install: false
- name: Install dependencies (skip local package)
run: pixi install --frozen --skip ${{ env.PKG_NAME }}
- name: Install local package
run: pixi run pip install --no-deps -e .
- name: Build pypi package
run: |
# build the package
VERSION=$(pixi run -- versioningit .)
pixi run pypi-build
# publish your distributions here (need to setup on PyPI first)
- name: Publish package distributions to PyPI
if: startsWith(github.ref, 'refs/tags/v')
uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # v1.14.0