fix: use Pyodide GitHub release tarball for cache_pyodide #73
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # DataHub module — full pipeline on push to main: | |
| # 1) Validate: frontend typecheck + backend import smoke test | |
| # 2) Build IIFE bundle → artifact; optional deploy to MinIO (repo secrets) | |
| # 3) Build & push backend Docker image to GHCR | |
| # | |
| # MinIO deploy (optional): set repository secrets (same as JupyterLite workflow): | |
| # MINIO_ENDPOINT_URL, MINIO_ACCESS_KEY, MINIO_SECRET_KEY | |
| # Object path: s3://nekazari-frontend/modules/datahub/nkz-module.js | |
| # | |
| # After backend image push, restart pods so :latest picks up a new digest: | |
| # kubectl rollout restart deployment/datahub-api -n nekazari | |
| name: Build and Push | |
| on: | |
| push: | |
| branches: [main] | |
| tags: ['v*'] | |
| pull_request: | |
| branches: [main] | |
| workflow_dispatch: | |
| env: | |
| REGISTRY: ghcr.io | |
| BACKEND_IMAGE: ghcr.io/${{ github.repository }}/datahub-backend | |
| MINIO_BUCKET: nekazari-frontend | |
| MODULE_PREFIX: modules/datahub | |
| permissions: | |
| contents: read | |
| packages: write | |
| jobs: | |
| validate: | |
| name: Validate | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '22' | |
| - name: Install pnpm | |
| uses: pnpm/action-setup@v4 | |
| with: | |
| version: 9 | |
| - name: Install frontend deps + typecheck | |
| run: | | |
| pnpm install --frozen-lockfile | |
| pnpm run typecheck | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.11' | |
| cache: pip | |
| cache-dependency-path: backend/requirements.txt | |
| - name: Backend smoke test | |
| run: | | |
| pip install -r backend/requirements.txt | |
| cd backend && python -c "from app.main import app; print('app import ok')" | |
| build-iife: | |
| name: Build IIFE bundle | |
| runs-on: ubuntu-latest | |
| needs: [validate] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '22' | |
| - name: Install pnpm | |
| uses: pnpm/action-setup@v4 | |
| with: | |
| version: 9 | |
| - name: Install dependencies | |
| run: pnpm install --frozen-lockfile | |
| - name: Build module bundle | |
| run: pnpm run build:module | |
| - name: Upload bundle artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: nkz-module-datahub | |
| path: | | |
| dist/nkz-module.js | |
| dist/style.css | |
| retention-days: 30 | |
| - name: Deploy bundle to MinIO | |
| if: github.event_name != 'pull_request' && github.ref == 'refs/heads/main' | |
| env: | |
| MINIO_ENDPOINT_URL: ${{ secrets.MINIO_ENDPOINT_URL }} | |
| AWS_ACCESS_KEY_ID: ${{ secrets.MINIO_ACCESS_KEY }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.MINIO_SECRET_KEY }} | |
| AWS_DEFAULT_REGION: us-east-1 | |
| run: | | |
| set -euo pipefail | |
| if [ -z "${MINIO_ENDPOINT_URL:-}" ] || [ -z "${AWS_ACCESS_KEY_ID:-}" ] || [ -z "${AWS_SECRET_ACCESS_KEY:-}" ]; then | |
| echo "::notice::MinIO secrets not set (MINIO_ENDPOINT_URL / MINIO_ACCESS_KEY / MINIO_SECRET_KEY). Skipping bundle upload; download the artifact or upload manually." | |
| exit 0 | |
| fi | |
| pip install -q awscli | |
| EP="${MINIO_ENDPOINT_URL}" | |
| B="s3://${{ env.MINIO_BUCKET }}/${{ env.MODULE_PREFIX }}" | |
| aws --endpoint-url "${EP}" s3 cp dist/nkz-module.js "${B}/nkz-module.js" \ | |
| --content-type "application/javascript" \ | |
| --cache-control "public, max-age=300" | |
| aws --endpoint-url "${EP}" s3 cp dist/style.css "${B}/style.css" \ | |
| --content-type "text/css" \ | |
| --cache-control "public, max-age=300" | |
| build-backend: | |
| name: Build and push backend image | |
| runs-on: ubuntu-latest | |
| needs: [validate] | |
| if: github.event_name != 'pull_request' | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: docker/setup-buildx-action@v3 | |
| - uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Docker metadata | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.BACKEND_IMAGE }} | |
| tags: | | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| type=sha,prefix=,format=short | |
| type=semver,pattern={{version}} | |
| - name: Build and push | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: ./backend | |
| file: ./backend/Dockerfile | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| - name: Summary | |
| run: | | |
| echo "## Backend image" >> "$GITHUB_STEP_SUMMARY" | |
| echo '```' >> "$GITHUB_STEP_SUMMARY" | |
| echo "${{ steps.meta.outputs.tags }}" >> "$GITHUB_STEP_SUMMARY" | |
| echo '```' >> "$GITHUB_STEP_SUMMARY" | |
| echo "" >> "$GITHUB_STEP_SUMMARY" | |
| echo "Roll out so pods pull the new \`:latest\` digest:" >> "$GITHUB_STEP_SUMMARY" | |
| echo "\`kubectl rollout restart deployment/datahub-api -n nekazari\`" >> "$GITHUB_STEP_SUMMARY" |