lib_zar and lib_he unification eval for pverify #191
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| pull_request: | |
| branches: [main] # ← tests always run on every PR to main | |
| push: | |
| branches: [main] # ← publish :latest only when Dockerfile changes | |
| paths: | |
| - ".github/ci/Dockerfile" | |
| jobs: | |
| # 1) Detect if the Dockerfile changed (on PRs) | |
| changes: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| dockerfile: ${{ steps.filter.outputs.dockerfile }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dorny/paths-filter@v3 | |
| id: filter | |
| with: | |
| filters: | | |
| dockerfile: | |
| - ".github/ci/Dockerfile" | |
| # 2) Build & (optionally) push a PR image only if Dockerfile changed | |
| build-image: | |
| needs: changes | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| outputs: | |
| pushed: ${{ steps.push-flag.outputs.push }} | |
| image: ${{ steps.compute.outputs.image }} | |
| tag: ${{ steps.compute.outputs.tag }} | |
| steps: | |
| - name: Determine whether to build | |
| id: should-build | |
| env: | |
| EVENT_NAME: ${{ github.event_name }} | |
| DOCKERFILE_CHANGED: ${{ needs.changes.outputs.dockerfile }} | |
| IS_FORK: ${{ github.event.pull_request.head.repo.fork || 'false' }} | |
| run: | | |
| if [ "$EVENT_NAME" = "pull_request" ] && [ "$DOCKERFILE_CHANGED" = "true" ] && [ "$IS_FORK" = "false" ]; then | |
| echo "build=true" >> $GITHUB_OUTPUT | |
| else | |
| echo "build=false" >> $GITHUB_OUTPUT | |
| fi | |
| - uses: actions/checkout@v4 | |
| if: steps.should-build.outputs.build == 'true' | |
| - name: Compute image ref | |
| id: compute | |
| run: | | |
| echo "image=ghcr.io/patham9/petta-ci" >> $GITHUB_OUTPUT | |
| echo "tag=pr-${{ github.event.number || github.run_id }}" >> $GITHUB_OUTPUT | |
| - name: Login to GHCR | |
| if: steps.should-build.outputs.build == 'true' | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Setup Buildx | |
| if: steps.should-build.outputs.build == 'true' | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build (and push if allowed) | |
| if: steps.should-build.outputs.build == 'true' | |
| id: build-and-push | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| file: .github/ci/Dockerfile | |
| tags: ${{ steps.compute.outputs.image }}:${{ steps.compute.outputs.tag }} | |
| push: true | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| - name: Record push result | |
| if: ${{ always() }} | |
| id: push-flag | |
| env: | |
| SHOULD_BUILD: ${{ steps.should-build.outputs.build }} | |
| BUILD_OUTCOME: ${{ steps.build-and-push.outcome }} | |
| run: | | |
| if [ "$SHOULD_BUILD" = "true" ] && [ "$BUILD_OUTCOME" = "success" ]; then | |
| echo "push=true" >> $GITHUB_OUTPUT | |
| else | |
| echo "push=false" >> $GITHUB_OUTPUT | |
| fi | |
| # 3) Resolve which image to use for tests: | |
| # - If we built & pushed a PR image, use that | |
| # - Otherwise, use the published :latest | |
| resolve-image: | |
| needs: [changes, build-image] | |
| runs-on: ubuntu-latest | |
| outputs: | |
| image: ${{ steps.resolve.outputs.image }} | |
| steps: | |
| - name: Resolve image | |
| id: resolve | |
| run: | | |
| DEFAULT="ghcr.io/patham9/petta-ci:latest" | |
| if [ "${{ needs.build-image.outputs.pushed }}" = "true" ]; then | |
| echo "image=${{ needs.build-image.outputs.image }}:${{ needs.build-image.outputs.tag }}" >> $GITHUB_OUTPUT | |
| else | |
| echo "image=$DEFAULT" >> $GITHUB_OUTPUT | |
| fi | |
| # 4) Always run tests on PRs using the resolved image | |
| test: | |
| needs: resolve-image | |
| runs-on: ubuntu-latest | |
| container: | |
| image: ${{ needs.resolve-image.outputs.image }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version-file: "python/pyproject.toml" | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v7 | |
| with: | |
| enable-cache: true | |
| - name: Install PyPeTTa | |
| run: uv sync --locked --all-extras --dev | |
| working-directory: python | |
| - name: Run Python tests | |
| run: uv run pytest tests | |
| working-directory: python | |
| - name: Run shell tests | |
| run: sh test.sh | |
| # 5) On push to main, rebuild & publish :latest only when Dockerfile changed | |
| publish-latest: | |
| if: github.event_name == 'push' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - uses: docker/setup-buildx-action@v3 | |
| - uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| file: .github/ci/Dockerfile | |
| tags: ghcr.io/patham9/petta-ci:latest | |
| push: true | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max |