style(prism): format proxy tests #596
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: | |
| - "**" | |
| tags: | |
| - "v*.*.*" | |
| pull_request: | |
| workflow_dispatch: | |
| inputs: | |
| confirm_publish: | |
| description: "Type true to publish Docker images to GHCR" | |
| required: true | |
| default: "false" | |
| permissions: | |
| contents: read | |
| jobs: | |
| ruff: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.12" | |
| - uses: astral-sh/setup-uv@v5 | |
| - name: Install dependencies | |
| run: uv sync --extra dev --extra master | |
| - name: Ruff | |
| run: uv run ruff check . | |
| format: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.12" | |
| - uses: astral-sh/setup-uv@v5 | |
| - name: Install dependencies | |
| run: uv sync --extra dev --extra master | |
| - name: Format | |
| run: uv run ruff format --check . | |
| mypy: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.12" | |
| - uses: astral-sh/setup-uv@v5 | |
| - name: Install dependencies | |
| run: uv sync --extra dev --extra master | |
| - name: Mypy | |
| run: uv run mypy src tests | |
| coverage: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.12" | |
| - uses: astral-sh/setup-uv@v5 | |
| - name: Install dependencies | |
| run: uv sync --extra dev --extra master | |
| - name: Coverage | |
| run: uv run pytest --cov=platform_network --cov-report=term-missing --cov-fail-under=80 | |
| helm-kubeconform: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.12" | |
| - uses: azure/setup-helm@v4 | |
| - name: Install kubeconform | |
| env: | |
| KUBECONFORM_VERSION: v0.7.0 | |
| run: | | |
| curl -fsSL "https://github.com/yannh/kubeconform/releases/download/${KUBECONFORM_VERSION}/kubeconform-linux-amd64.tar.gz" -o /tmp/kubeconform.tar.gz | |
| tar -xzf /tmp/kubeconform.tar.gz -C /tmp kubeconform | |
| sudo install /tmp/kubeconform /usr/local/bin/kubeconform | |
| - name: Helm lint | |
| run: helm lint deploy/helm/platform | |
| - name: Helm template default values | |
| run: helm template platform deploy/helm/platform > /tmp/platform-default.yaml | |
| - name: kubeconform default values | |
| run: kubeconform -strict -summary /tmp/platform-default.yaml | |
| - name: Helm template production values | |
| run: helm template platform deploy/helm/platform -f deploy/helm/platform/values.production.example.yaml > /tmp/platform-production.yaml | |
| - name: kubeconform production values | |
| run: kubeconform -strict -summary /tmp/platform-production.yaml | |
| - name: Helm template master auto-upgrade values | |
| run: >- | |
| helm template platform-master deploy/helm/platform | |
| --namespace platform-master | |
| --set validator.enabled=false | |
| --set autoUpgrade.enabled=true | |
| > /tmp/platform-master-auto-upgrade.yaml | |
| - name: kubeconform master auto-upgrade values | |
| run: kubeconform -strict -summary /tmp/platform-master-auto-upgrade.yaml | |
| - name: Helm template validator auto-upgrade values | |
| run: >- | |
| helm template platform-validator deploy/helm/platform | |
| --namespace platform-validator | |
| --set master.enabled=false | |
| --set validator.enabled=true | |
| --set autoUpgrade.enabled=true | |
| --set validator.walletSecretName=platform-validator-wallet | |
| > /tmp/platform-validator-auto-upgrade.yaml | |
| - name: kubeconform validator auto-upgrade values | |
| run: kubeconform -strict -summary /tmp/platform-validator-auto-upgrade.yaml | |
| production-policy: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.12" | |
| - uses: astral-sh/setup-uv@v5 | |
| - uses: azure/setup-helm@v4 | |
| - name: Install dependencies | |
| run: uv sync --extra dev --extra master | |
| - name: Helm production policy tests | |
| run: uv run pytest tests/unit/test_helm_chart.py -q | |
| - name: Runtime production policy tests | |
| run: >- | |
| uv run pytest | |
| tests/unit/test_config_template_security.py | |
| tests/unit/test_db_and_models.py | |
| tests/unit/test_registry_extended.py | |
| tests/unit/test_admin_registry_proxy.py | |
| tests/unit/test_kubernetes_resources.py | |
| -q | |
| postgres-orm: | |
| runs-on: ubuntu-latest | |
| services: | |
| postgres: | |
| image: postgres:16-alpine | |
| env: | |
| POSTGRES_USER: platform | |
| POSTGRES_PASSWORD: platform | |
| POSTGRES_DB: platform_network_test | |
| ports: | |
| - 5432:5432 | |
| options: >- | |
| --health-cmd "pg_isready -U platform -d platform_network_test" | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| env: | |
| PLATFORM_TEST_DATABASE_URL: postgresql+asyncpg://platform:platform@localhost:5432/platform_network_test | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.12" | |
| - uses: astral-sh/setup-uv@v5 | |
| - name: Install dependencies | |
| run: uv sync --extra dev --extra master | |
| - name: PostgreSQL ORM integration tests | |
| run: uv run pytest tests/integration -m postgres -q | |
| docker-build: | |
| needs: | |
| - ruff | |
| - format | |
| - mypy | |
| - coverage | |
| - helm-kubeconform | |
| - production-policy | |
| - postgres-orm | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| include: | |
| - image: platform | |
| dockerfile: docker/Dockerfile.validator | |
| - image: platform-master | |
| dockerfile: docker/Dockerfile.master | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: docker/setup-buildx-action@v3 | |
| - name: Build ${{ matrix.image }} image | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| file: ${{ matrix.dockerfile }} | |
| push: false | |
| tags: ghcr.io/platformnetwork/${{ matrix.image }}:ci-${{ github.sha }} | |
| docker-publish: | |
| if: >- | |
| github.event_name != 'pull_request' && | |
| (github.ref == 'refs/heads/main' || | |
| startsWith(github.ref, 'refs/tags/v') || | |
| (github.event_name == 'workflow_dispatch' && inputs.confirm_publish == 'true')) | |
| needs: | |
| - docker-build | |
| - postgres-orm | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| strategy: | |
| matrix: | |
| include: | |
| - image: platform | |
| dockerfile: docker/Dockerfile.validator | |
| - image: platform-master | |
| dockerfile: docker/Dockerfile.master | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: docker/setup-buildx-action@v3 | |
| - name: Log in to GHCR | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Generate Docker metadata | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ghcr.io/platformnetwork/${{ matrix.image }} | |
| tags: | | |
| type=ref,event=branch | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{raw}} | |
| type=sha,prefix=sha- | |
| type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }} | |
| - name: Build and publish ${{ matrix.image }} image | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| file: ${{ matrix.dockerfile }} | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| github-release: | |
| if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') | |
| needs: | |
| - docker-publish | |
| - postgres-orm | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| steps: | |
| - name: Prepare release metadata | |
| id: release | |
| run: echo "version=${GITHUB_REF_NAME#v}" >> "$GITHUB_OUTPUT" | |
| - name: Create GitHub release | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| tag_name: ${{ github.ref_name }} | |
| name: Platform ${{ steps.release.outputs.version }} | |
| generate_release_notes: true | |
| append_body: true | |
| draft: false | |
| prerelease: ${{ contains(github.ref_name, '-') }} | |
| make_latest: ${{ !contains(github.ref_name, '-') }} | |
| body: | | |
| ## Container Images | |
| - `ghcr.io/platformnetwork/platform:${{ steps.release.outputs.version }}` | |
| - `ghcr.io/platformnetwork/platform:${{ github.ref_name }}` | |
| - `ghcr.io/platformnetwork/platform:sha-${{ github.sha }}` | |
| - `ghcr.io/platformnetwork/platform-master:${{ steps.release.outputs.version }}` | |
| - `ghcr.io/platformnetwork/platform-master:${{ github.ref_name }}` | |
| - `ghcr.io/platformnetwork/platform-master:sha-${{ github.sha }}` | |
| ## Deployment Notes | |
| Production deployments should pin the SemVer image tag plus the immutable digest. The `latest` tag is published only from `main`, not from release tags. | |
| ## Documentation | |
| See `docs/versioning.md` for the SemVer, Git tag, GHCR tag, GitHub Release, and production image policy. |