build: Use lightweight image for local and ci #1552
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Tests | |
on: | |
push: | |
branches: [main, experimental] | |
pull_request: | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} | |
cancel-in-progress: true | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
# required for google auth | |
permissions: | |
contents: "read" | |
id-token: "write" | |
packages: "write" | |
env: | |
TEST: 1 | |
steps: | |
- uses: actions/checkout@v4 | |
- id: "auth" | |
uses: google-github-actions/auth@v1 | |
with: | |
workload_identity_provider: "projects/868781662168/locations/global/workloadIdentityPools/prod-github/providers/github-oidc-pool" | |
service_account: "[email protected]" | |
token_format: "id_token" | |
id_token_audience: "610575311308-9bsjtgqg4jm01mt058rncpopujgk3627.apps.googleusercontent.com" | |
id_token_include_email: true | |
create_credentials_file: true | |
- name: Set up Cloud SDK | |
uses: google-github-actions/setup-gcloud@v1 | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Fetch models | |
if: github.event_name == 'push' | |
run: | | |
rm -rf ./models | |
gcloud storage cp -r gs://sentry-ml/seer/models ./ | |
- name: Build image | |
run: | | |
make .env | |
docker buildx bake --file docker-compose.yml --file docker-compose-cache.json --load | |
docker compose run app flask db history | |
docker compose run app flask db upgrade | |
- name: Push Docker images | |
run: | | |
docker compose push | |
test: | |
needs: build | |
runs-on: ubuntu-latest | |
permissions: | |
contents: "read" | |
id-token: "write" | |
env: | |
TEST: 1 | |
steps: | |
- uses: actions/checkout@v4 | |
- id: "auth" | |
uses: google-github-actions/auth@v1 | |
with: | |
workload_identity_provider: "projects/868781662168/locations/global/workloadIdentityPools/prod-github/providers/github-oidc-pool" | |
service_account: "[email protected]" | |
token_format: "id_token" | |
id_token_audience: "610575311308-9bsjtgqg4jm01mt058rncpopujgk3627.apps.googleusercontent.com" | |
id_token_include_email: true | |
create_credentials_file: true | |
- name: Set up Cloud SDK | |
uses: google-github-actions/setup-gcloud@v1 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Set EXTRA_COMPOSE_TEST_OPTIONS | |
run: | | |
if [[ "${{ github.event_name }}" == "pull_request" ]]; then | |
echo "EXTRA_COMPOSE_TEST_OPTIONS=-e NO_REAL_MODELS=1 -e NO_SENTRY_INTEGRATION=1 -e CI=1" >> $GITHUB_ENV | |
else | |
echo "EXTRA_COMPOSE_TEST_OPTIONS=-e NO_SENTRY_INTEGRATION=1 -e CI=1" >> $GITHUB_ENV | |
fi | |
- name: Pull Docker images | |
run: | | |
make .env | |
docker compose pull | |
- name: Typecheck with mypy | |
run: | | |
make mypy | |
- name: Validate no pending migrations | |
run: | | |
make check-no-pending-migrations | |
- name: Decrypt VCR cassettes | |
run: | | |
pip install -r scripts/requirements.txt | |
make vcr-decrypt | |
- name: Test with pytest | |
run: | | |
make test | |
- name: Upload to codecov | |
if: ${{ always() }} | |
uses: codecov/codecov-action@e0b68c6749509c5f83f984dd99a76a1c1a231044 # v4.0.1 | |
with: | |
token: ${{ secrets.CODECOV_TOKEN }} | |
files: ".artifacts/coverage.xml" | |
override_commit: ${{ github.event.pull_request.head.sha }} | |
plugin: noop | |
verbose: true |