SecureML CI/CD #246
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: SecureML CI/CD | |
| on: | |
| # Run on pull requests | |
| pull_request: | |
| branches: [ master ] | |
| # Run on pushes to main branch | |
| push: | |
| branches: [ master ] | |
| # Run on release creation | |
| release: | |
| types: [ created, published ] | |
| # Run every night at midnight UTC | |
| schedule: | |
| - cron: '0 0 * * *' | |
| jobs: | |
| test: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| python-version: [ '3.11', '3.12', '3.13' ] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python ${{ matrix.python-version }} | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| cache: 'pip' | |
| - name: Install Poetry | |
| uses: snok/install-poetry@v1 # A more robust way to install poetry | |
| with: | |
| virtualenvs-in-project: true | |
| - name: Cache Poetry dependencies | |
| uses: actions/cache@v4 # Use the latest version of the cache action | |
| with: | |
| # This caches the downloaded packages, not the installed venv | |
| path: ~/.cache/pypoetry/virtualenvs | |
| key: ${{ runner.os }}-poetry-${{ matrix.python-version }}-${{ hashFiles('**/poetry.lock') }} | |
| restore-keys: | | |
| ${{ runner.os }}-poetry-${{ matrix.python-version }}- | |
| - name: Install dependencies | |
| run: | | |
| poetry install --with dev | |
| - name: Install PyTorch CPU (after poetry) | |
| run: | | |
| poetry run pip install torch==2.7.1+cpu torchvision torchaudio --index-url https://download.pytorch.org/whl/cpu | |
| - name: Run tests | |
| run: | | |
| poetry run pytest tests -v | |
| build: | |
| needs: test | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python 3.11 | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.11' | |
| cache: 'pip' | |
| - name: Install Poetry | |
| uses: snok/install-poetry@v1 | |
| with: | |
| virtualenvs-in-project: true | |
| - name: Cache Poetry dependencies | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.cache/pypoetry/virtualenvs | |
| key: ${{ runner.os }}-poetry-3.11-${{ hashFiles('**/poetry.lock') }} | |
| restore-keys: | | |
| ${{ runner.os }}-poetry-3.11- | |
| - name: Install and Build | |
| run: | | |
| poetry install | |
| poetry build | |
| - name: Upload artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: dist | |
| path: dist/ | |
| - name: Test documentation build | |
| run: | | |
| poetry install --with dev | |
| poetry run sphinx-build -b html source build/html | |
| # Only run deployment job on release creation | |
| deploy: | |
| if: github.event_name == 'release' | |
| needs: [test, build] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python 3.11 | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.11' | |
| - name: Install Poetry | |
| run: | | |
| curl -sSL https://install.python-poetry.org | python3 - | |
| echo "$HOME/.local/bin" >> $GITHUB_PATH | |
| - name: Download built package | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: dist | |
| path: dist/ | |
| - name: Publish to PyPI | |
| if: startsWith(github.ref, 'refs/tags') | |
| run: | | |
| poetry config pypi-token.pypi ${{ secrets.PYPI_API_TOKEN }} | |
| poetry publish | |
| env: | |
| POETRY_PYPI_TOKEN_PYPI: ${{ secrets.PYPI_API_TOKEN }} |