ci-github-actions/config-pip/action.yml at 8bfb0861dee72bf778ea21612ec2f268056682dc · SonarSource/ci-github-actions · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
---
name: Config Pip
description: GitHub Action to configure pip build environment with build number, authentication, and default settings
inputs:
  working-directory:
    description: Relative path under github.workspace to execute the build in
    default: .
  artifactory-reader-role:
    description:
      Suffix for the Artifactory reader role in Vault. Defaults to `private-reader` for private repositories, and `public-reader`
      for public repositories.
    default: ''
  repox-url:
    description: URL for Repox
    default: https://repox.jfrog.io
  repox-artifactory-url:
    description: URL for Repox Artifactory API (overrides repox-url/artifactory if provided)
    default: ''
  cache-paths:
    description: Cache paths to use (multiline).
    default: ~/.cache/pip
  disable-caching:
    description: Whether to disable pip caching entirely
    default: 'false'
  host-actions-root:
    description: Path to the actions folder on the host (used when called from another local action)
    default: ''

outputs:
  BUILD_NUMBER:
    description: The current build number. Also set as environment variable BUILD_NUMBER
    value: ${{ steps.get-build-number.outputs.BUILD_NUMBER }}

runs:
  using: composite
  steps:
    - name: Set local action paths
      id: set-path
      shell: bash
      run: |
        echo "::group::Fix for using local actions"
        echo "GITHUB_ACTION_PATH=$GITHUB_ACTION_PATH"
        echo "github.action_path=${{ github.action_path }}"
        ACTION_PATH_CONFIG_PIP="${{ github.action_path }}"
        host_actions_root="${{ inputs.host-actions-root }}"
        if [ -z "$host_actions_root" ]; then
          host_actions_root="$(dirname "$ACTION_PATH_CONFIG_PIP")"
        else
          ACTION_PATH_CONFIG_PIP="$host_actions_root/config-pip"
        fi
        echo "ACTION_PATH_CONFIG_PIP=$ACTION_PATH_CONFIG_PIP"
        echo "ACTION_PATH_CONFIG_PIP=$ACTION_PATH_CONFIG_PIP" >> "$GITHUB_ENV"
        echo "host_actions_root=$host_actions_root" >> "$GITHUB_OUTPUT"

        mkdir -p ".actions"
        ln -sf "$host_actions_root/get-build-number" .actions/get-build-number
        ln -sf "$host_actions_root/shared" .actions/shared
        ls -la .actions/*
        echo "::endgroup::"

    - uses: ./.actions/get-build-number
      id: get-build-number
      with:
        host-actions-root: ${{ steps.set-path.outputs.host_actions_root }}

    - name: Set Artifactory reader role
      shell: bash
      env:
        # Use custom role if provided, otherwise auto-detect based on repository visibility
        ARTIFACTORY_READER_ROLE:
          ${{ inputs.artifactory-reader-role != '' && inputs.artifactory-reader-role ||
          (github.event.repository.visibility == 'public' && 'public-reader' || 'private-reader') }}
      run: |
        echo "ARTIFACTORY_READER_ROLE=${ARTIFACTORY_READER_ROLE}" >> "$GITHUB_ENV"

    - uses: SonarSource/vault-action-wrapper@545e7cfbb5528e7009a1edcc83e073898d292627 # 3.2.0
      id: secrets
      with:
        secrets: |
          development/artifactory/token/{REPO_OWNER_NAME_DASH}-${{ env.ARTIFACTORY_READER_ROLE }} username | ARTIFACTORY_USERNAME;
          development/artifactory/token/{REPO_OWNER_NAME_DASH}-${{ env.ARTIFACTORY_READER_ROLE }} access_token | ARTIFACTORY_ACCESS_TOKEN;

    - name: Run pip configuration script
      id: config
      shell: bash
      env:
        # Use custom Artifactory URL if provided, otherwise construct from repox-url
        ARTIFACTORY_URL: ${{ inputs.repox-artifactory-url != '' && inputs.repox-artifactory-url ||
          format('{0}/artifactory', inputs.repox-url) }}
        ARTIFACTORY_USERNAME: ${{ fromJSON(steps.secrets.outputs.vault).ARTIFACTORY_USERNAME }}
        ARTIFACTORY_ACCESS_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).ARTIFACTORY_ACCESS_TOKEN }}
      run: $ACTION_PATH_CONFIG_PIP/config.sh

    - name: Cache pip dependencies
      uses: SonarSource/gh-action_cache@v1.2.1
      if: inputs.disable-caching == 'false'
      with:
        path: ${{ inputs.cache-paths }}
        key: pip-${{ runner.os }}-${{ github.workflow }}-${{ hashFiles(format('{0}/requirements*.txt', inputs.working-directory),
          format('{0}/Pipfile.lock', inputs.working-directory), format('{0}/poetry.lock', inputs.working-directory),
          format('{0}/pyproject.toml', inputs.working-directory)) }}
        restore-keys: pip-${{ runner.os }}-${{ github.workflow }}-