seung-lab
diff --git a/‎.github/workflows/build.yml‎
Lines changed: 53 additions & 321 deletions b/‎.github/workflows/build.yml‎
Lines changed: 53 additions & 321 deletions
@@ -1,28 +1,17 @@
 name: Build
 
-on:
-  push:
-    branches:
-      - master
-    tags:
-      - v**
-  pull_request:
-  workflow_dispatch:
-    inputs:
-      debug_enabled:
-        type: boolean
-        description: "Run the build with tmate debugging enabled (https://github.com/marketplace/actions/debugging-with-tmate)"
-        required: false
-        default: false
+on: [push, pull_request]
 
 jobs:
-  client:
+  build-and-deploy:
+    permissions:
+      contents: "read"
+      id-token: "write"
+      deployments: "write"
     strategy:
       matrix:
         os:
           - "ubuntu-latest"
-          - "windows-latest"
-          - "macos-latest"
     runs-on: ${{ matrix.os }}
     steps:
       - uses: actions/checkout@v4
@@ -35,313 +24,56 @@ jobs:
           cache: "npm"
           cache-dependency-path: |
             package-lock.json
-      # uv required for javascript tests
-      - uses: astral-sh/setup-uv@v5
-        with:
-          enable-cache: false
-      # go needed for fake_gcs_server used by the javascript tests
-      - name: Setup go
-        uses: actions/setup-go@v5
-        with:
-          go-version: "stable"
-      - run: npm ci
-      - run: npm run format:fix
-      - name: Check for dirty working directory
-        run: git diff --exit-code
-      - run: npm run lint:check
+            examples/**/package-lock.json
+      - run: npm install
       - name: Typecheck with TypeScript
         run: npm run typecheck
-      - name: Build client bundles
-        run: |
-          build_info="{'tag':'$(git describe --always --tags)', 'url':'https://github.com/google/neuroglancer/commit/$(git rev-parse HEAD)', 'timestamp':'$(date)'}"
-          npm run build -- --no-typecheck --no-lint --define NEUROGLANCER_BUILD_INFO="${build_info}"
-          echo $build_info > ./dist/client/version.json
+      - name: Get branch name (merge)
+        if: github.event_name != 'pull_request'
         shell: bash
-      - name: Build Python client bundles
-        run: npm run build-python -- --no-typecheck --no-lint
-      - run: npm run build-package
-      - run: npm publish --dry-run
-        working-directory: dist/package
-      - name: Run JavaScript tests (including WebGL)
-        run: npm test
-        if: ${{ runner.os != 'macOS' }}
-      - name: Run JavaScript tests (excluding WebGL)
-        run: npm test -- --project node
-        if: ${{ runner.os == 'macOS' }}
-      - name: Run JavaScript benchmarks
-        run: npm run benchmark
-      - name: Upload NPM package as artifact
-        uses: actions/upload-artifact@v4
-        with:
-          name: npm-package
-          path: dist/package
-        if: ${{ runner.os == 'Linux' }}
-      - name: Upload client as artifact
-        uses: actions/upload-artifact@v4
-        with:
-          name: client
-          path: dist/client
-        if: ${{ runner.os == 'Linux' }}
-  example-project-test:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - name: Install pnpm
-        uses: pnpm/action-setup@v4
-        with:
-          version: 10
-      - uses: actions/setup-node@v4
-        with:
-          node-version: 22.x
-          cache: "pnpm"
-          cache-dependency-path: |
-            examples/**/pnpm-lock.yaml
-      - uses: actions/setup-node@v4
-        with:
-          node-version: 22.x
-          cache: "npm"
-          cache-dependency-path: |
-            package-lock.json
-      - run: npm ci
-      - run: npm run example-project-test -- --reporter=html
-      - name: Upload report and built clients
-        uses: actions/upload-artifact@v4
-        if: ${{ !cancelled() }}
-        with:
-          name: example-project-test-results
-          path: |
-            playwright-report/
-            examples/*/*/dist/
-
-  # Builds Python package and runs Python tests
-  #
-  # On ubuntu-latest, this also runs browser-based tests.  On Mac OS and
-  # Windows, this only runs tests that do not require a browser, since a working
-  # headless WebGL2 implementation is not available on Github actions.
-  python-tests:
-    strategy:
-      matrix:
-        python-version:
-          - "3.9"
-          - "3.12"
-        os:
-          - "ubuntu-latest"
-          - "windows-latest"
-          - "macos-latest"
-    runs-on: ${{ matrix.os }}
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          # Need full history to determine version number.
-          fetch-depth: 0
-      - uses: actions/setup-node@v4
-        with:
-          node-version: 22.x
-      - uses: astral-sh/setup-uv@v5
-        with:
-          enable-cache: false
-      - name: Set up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@v5
-        with:
-          python-version: ${{ matrix.python-version }}
-      - uses: ./.github/actions/setup-firefox
-      - name: Setup tmate session
-        uses: mxschmitt/action-tmate@v3
-        if: ${{ github.event_name == 'workflow_dispatch' && inputs.debug_enabled }}
-      - run: uvx nox -s lint format mypy
-      - name: Check for dirty working directory
-        run: git diff --exit-code
-      - name: Run python tests (skip browser tests)
-        run: uvx nox -s test -- --skip-browser-tests
-        if: ${{ runner.os != 'Linux' }}
-      - name: Run python tests (include browser tests)
-        run: uvx nox -s test_xvfb -- --browser firefox
-        if: ${{ runner.os == 'Linux' }}
-      # Verify that editable install works
-      - name: Test in editable form
-        run: uvx nox -s test_editable
-
-  python-build-package:
-    strategy:
-      matrix:
-        include:
-          - os: "ubuntu-latest"
-            cibw_build: "*"
-            wheel_identifier: "linux"
-          - os: "windows-latest"
-            cibw_build: "*"
-            wheel_identifier: "windows"
-          - os: "macos-14"
-            cibw_build: "*_x86_64"
-            wheel_identifier: "macos_x86_64"
-          - os: "macos-14"
-            cibw_build: "*_arm64"
-            wheel_identifier: "macos_arm64"
-    runs-on: ${{ matrix.os }}
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          # Need full history to determine version number.
-          fetch-depth: 0
-      - uses: actions/setup-node@v4
-        with:
-          node-version: 22.x
-          cache: "npm"
-      - uses: astral-sh/setup-uv@v5
-        with:
-          enable-cache: false
-      - name: Set up Python
-        uses: actions/setup-python@v5
-        with:
-          python-version: 3.x
-      - name: Get uv cache dir
-        id: uv-cache
-        run: |
-          echo "dir=$(uv cache dir)" >> "$GITHUB_OUTPUT"
-      - run: npm ci
-      - run: |
-          build_info="{'tag':'$(git describe --always --tags)', 'url':'https://github.com/google/neuroglancer/commit/$(git rev-parse HEAD)', 'timestamp':'$(date)'}"
-          npm run build-python -- --no-typecheck --no-lint --define NEUROGLANCER_BUILD_INFO="${build_info}"
+        run: echo "BRANCH_NAME=$(echo ${GITHUB_REF#refs/heads/} | tr / -)" >> $GITHUB_ENV
+      - name: Get branch name (pull request)
+        if: github.event_name == 'pull_request'
+        shell: bash
+        run: echo "BRANCH_NAME=$(echo ${GITHUB_HEAD_REF} | tr / -)" >> $GITHUB_ENV
+      - run: echo "BRANCH_NAME_URL=$(echo ${{ env.BRANCH_NAME }} | tr / - | tr _ -)" >> $GITHUB_ENV
+      - name: Get build info
+        run: echo "BUILD_INFO={\"tag\":\"$(git describe --always --tags)\", \"url\":\"https://github.com/${{github.repository}}/commit/$(git rev-parse HEAD)\", \"timestamp\":\"$(date)\", \"branch\":\"${{github.repository}}/${{env.BRANCH_NAME}}\"}" >> $GITHUB_ENV
         shell: bash
       - name: Check for dirty working directory
         run: git diff --exit-code
-      - name: Build Python source distribution (sdist)
-        run: uv build --sdist
-        if: ${{ runner.os == 'Linux' }}
-      - name: Build Python wheels
-        run: uvx nox -s cibuildwheel
-        env:
-          # On Linux, share uv cache with manylinux docker containers
-          CIBW_ENVIRONMENT_LINUX: UV_CACHE_DIR=/host${{ steps.uv-cache.outputs.dir }}
-          CIBW_BEFORE_ALL_LINUX: /project/python/build_tools/cibuildwheel_linux_cache_setup.sh /host${{ steps.uv-cache.outputs.dir }}
-          CIBW_BUILD: ${{ matrix.cibw_build }}
-      - name: Upload wheels as artifacts
-        uses: actions/upload-artifact@v4
-        with:
-          name: python-wheels-${{ matrix.wheel_identifier }}
-          path: |
-            dist/*.whl
-            dist/*.tar.gz
-
-  docs:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: astral-sh/setup-uv@v5
-        with:
-          enable-cache: false
-      - name: Set up Python
-        uses: actions/setup-python@v5
-        with:
-          python-version: 3.12
-      - name: Setup Graphviz
-        uses: ts-graphviz/setup-graphviz@b1de5da23ed0a6d14e0aeee8ed52fdd87af2363c # v2.0.2
-        with:
-          macos-skip-brew-update: "true"
-      - name: Build docs
-        run: uvx nox -s docs
-      - name: Upload docs as artifact
-        uses: actions/upload-artifact@v4
-        with:
-          name: docs
-          path: |
-            dist/docs
-
-  publish-package:
-    # Only publish package on push to tag or default branch.
-    if: ${{ github.event_name == 'push' && (startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/master') }}
-    runs-on: ubuntu-latest
-    needs:
-      - "client"
-      - "python-build-package"
-      - "docs"
-    steps:
-      - uses: actions/checkout@v4
-      - name: Use Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: 22.x
-          registry-url: "https://registry.npmjs.org"
-      - uses: actions/download-artifact@v4
-        with:
-          pattern: python-wheels-*
-          path: dist
-          merge-multiple: true
-      - uses: actions/download-artifact@v4
-        with:
-          name: npm-package
-          path: npm-package
-      # - name: Publish to PyPI (test server)
-      #   uses: pypa/gh-action-pypi-publish@54b39fb9371c0b3a6f9f14bb8a67394defc7a806 # 2020-09-25
-      #   with:
-      #     user: __token__
-      #     password: ${{ secrets.pypi_test_token }}
-      - name: Publish to PyPI (main server)
-        uses: pypa/gh-action-pypi-publish@54b39fb9371c0b3a6f9f14bb8a67394defc7a806 # 2020-09-25
-        with:
-          user: __token__
-          password: ${{ secrets.pypi_token }}
-        if: ${{ startsWith(github.ref, 'refs/tags/v') }}
-      - name: Publish to NPM registry
-        if: ${{ startsWith(github.ref, 'refs/tags/v') }}
-        run: npm publish
-        working-directory: npm-package
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
-      # Download dist/client after publishing to PyPI, because PyPI publish
-      # action fails if dist/client directory is present.
-      - uses: actions/download-artifact@v4
-        with:
-          name: client
-          path: dist/client
-      - name: Publish client to Firebase hosting
-        uses: FirebaseExtended/action-hosting-deploy@v0
-        with:
-          firebaseServiceAccount: "${{ secrets.FIREBASE_HOSTING_SERVICE_ACCOUNT_KEY }}"
-          projectId: neuroglancer-demo
-          channelId: live
-          target: app
-      # Download dist/docs after publishing to PyPI, because PyPI publish
-      # action fails if dist/docs directory is present.
-      - uses: actions/download-artifact@v4
-        with:
-          name: docs
-          path: dist/docs
-      - name: Publish docs to Firebase hosting
-        uses: FirebaseExtended/action-hosting-deploy@v0
-        with:
-          firebaseServiceAccount: "${{ secrets.FIREBASE_HOSTING_SERVICE_ACCOUNT_KEY }}"
-          projectId: neuroglancer-demo
-          channelId: live
-          target: docs
-
-  ngauth:
-    strategy:
-      matrix:
-        os:
-          - ubuntu-latest
-    runs-on: ${{ matrix.os }}
-    steps:
-      - uses: actions/checkout@v4
-      - name: Setup go
-        uses: actions/setup-go@v5
-        with:
-          go-version-file: ngauth_server/go.mod
-          cache-dependency-path: ngauth_server/go.sum
-      - run: go build .
-        working-directory: ngauth_server
-  wasm:
-    # Ensures that .wasm files are reproducible.
-    strategy:
-      matrix:
-        os:
-          - ubuntu-latest
-    runs-on: ${{ matrix.os }}
-    steps:
-      - uses: actions/checkout@v4
-      - run: ./src/mesh/draco/build.sh
-      - run: ./src/sliceview/compresso/build.sh
-      - run: ./src/sliceview/png/build.sh
-      - run: ./src/sliceview/jxl/build.sh
-      # Check that there are no differences.
-      - run: git diff --exit-code
+      - name: Build client bundles
+        run: npm run build -- --no-typecheck --no-lint --define STATE_SERVERS=$(cat config/state_servers.json | tr -d " \t\n\r") --define NEUROGLANCER_BUILD_INFO='${{ env.BUILD_INFO }}' --define NEUROGLANCER_CUSTOM_INPUT_BINDINGS=$(cat config/custom-keybinds.json | tr -d " \t\n\r")
+      - name: Write build info
+        run: echo $BUILD_INFO > ./dist/client/version.json
+        shell: bash
+      - run: cp -r ./dist/client appengine/frontend/static/
+      - name: start deployment
+        uses: bobheadxi/deployments@v1
+        id: deployment
+        with:
+          step: start
+          token: ${{ secrets.GITHUB_TOKEN }}
+          env: ${{ env.BRANCH_NAME }}
+          desc: Setting up staging deployment for ${{ env.BRANCH_NAME }}
+      - id: "auth"
+        uses: "google-github-actions/auth@v1"
+        with:
+          workload_identity_provider: "projects/483670036293/locations/global/workloadIdentityPools/neuroglancer-github/providers/github"
+          service_account: "[email protected]"
+      - id: deploy
+        uses: google-github-actions/deploy-appengine@main
+        with:
+          version: ${{ env.BRANCH_NAME_URL }}
+          deliverables: appengine/frontend/app.yaml
+          promote: false
+      - name: update deployment status
+        uses: bobheadxi/deployments@v1
+        if: always()
+        with:
+          step: finish
+          token: ${{ secrets.GITHUB_TOKEN }}
+          env: ${{ steps.deployment.outputs.env }}
+          env_url: ${{ steps.deploy.outputs.url }}
+          status: ${{ job.status }}
+          deployment_id: ${{ steps.deployment.outputs.deployment_id }}