ianhirschfeld/workflow.yml Secret

## workflow.yml
# Based on https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-python

name: Assistant

on:
  push:
    branches: ["main"]
  pull_request:
    branches: ["main"]

jobs:
  build:
    runs-on: ubuntu-latest
    services:
      # Label used to access the service container
      redis:
        # Docker Hub image
        image: redis
        # Set health checks to wait until redis has started
        options: >-
          --health-cmd "redis-cli ping"
          --health-interval 10s
          --health-timeout 5s
          --health-retries 5
        ports:
          # Maps port 6379 on service container to the host
          - 6379:6379

      # Adding as a holdover until we extract interacting with the SDK into a class of its own
      faktory:
        image: contribsys/faktory:latest
        ports:
          - 7419:7419
          - 7420:7420
    steps:
      - uses: actions/checkout@v4
      - name: Set up Python 3.11
        uses: actions/setup-python@v5
        with:
          python-version: 3.11
      # https://jacobian.org/til/github-actions-poetry/
      - name: cache poetry install
        uses: actions/cache@v4
        with:
          path: ~/.local
          key: poetry-1.4.2-0
      - uses: snok/install-poetry@v1
        with:
          version: 1.4.2
          virtualenvs-create: true
          virtualenvs-in-project: true
      - name: cache deps
        id: cache-deps
        uses: actions/cache@v4
        with:
          path: .venv
          key: pydeps-${{ hashFiles('**/poetry.lock') }}
      - run: poetry install --no-interaction --no-root
        if: steps.cache-deps.outputs.cache-hit != 'true'
      - run: poetry install --no-interaction
      - name: Test with pytest
        run: |
          poetry run pytest
  build_assistant_docker:
    # only run this job on push to main or hotfix branches.
    if: ${{ github.event_name == 'push' }}

    runs-on: ubuntu-latest

    # For AWS authentication
    permissions:
      id-token: write
      contents: read

    needs: build
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
        with:
          platforms: linux/amd64
          install: true
      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v4
        with:
          role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
          aws-region: ${{ secrets.AWS_REGION }}
      - name: Login to Amazon ECR
        id: login-ecr
        uses: aws-actions/amazon-ecr-login@v2
      - name: Docker meta
        id: meta
        uses: docker/metadata-action@v5
        env:
          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
        with:
          images: |
            ${{ env.ECR_REGISTRY }}/${{ secrets.ECR_REPO_NAME }}
          tags: |
            type=ref,event=branch
            type=raw,value=latest,enable=${{ github.ref_name == 'main' }}
            type=sha
            type=sha,format=long
      - name: Docker build
        timeout-minutes: 15
        uses: docker/build-push-action@v5
        with:
          push: true
          context: .
          tags: ${{ steps.meta.outputs.tags }}
          # platforms: linux/amd64
          provenance: false
          cache-from: type=gha
          cache-to: type=gha,mode=max
	# Based on https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-python

	name: Assistant

	on:
	push:
	branches: ["main"]
	pull_request:
	branches: ["main"]

	jobs:
	build:
	runs-on: ubuntu-latest
	services:
	# Label used to access the service container
	redis:
	# Docker Hub image
	image: redis
	# Set health checks to wait until redis has started
	options: >-
	--health-cmd "redis-cli ping"
	--health-interval 10s
	--health-timeout 5s
	--health-retries 5
	ports:
	# Maps port 6379 on service container to the host
	- 6379:6379

	# Adding as a holdover until we extract interacting with the SDK into a class of its own
	faktory:
	image: contribsys/faktory:latest
	ports:
	- 7419:7419
	- 7420:7420
	steps:
	- uses: actions/checkout@v4
	- name: Set up Python 3.11
	uses: actions/setup-python@v5
	with:
	python-version: 3.11
	# https://jacobian.org/til/github-actions-poetry/
	- name: cache poetry install
	uses: actions/cache@v4
	with:
	path: ~/.local
	key: poetry-1.4.2-0
	- uses: snok/install-poetry@v1
	with:
	version: 1.4.2
	virtualenvs-create: true
	virtualenvs-in-project: true
	- name: cache deps
	id: cache-deps
	uses: actions/cache@v4
	with:
	path: .venv
	key: pydeps-${{ hashFiles('**/poetry.lock') }}
	- run: poetry install --no-interaction --no-root
	if: steps.cache-deps.outputs.cache-hit != 'true'
	- run: poetry install --no-interaction
	- name: Test with pytest
	run: \|
	poetry run pytest
	build_assistant_docker:
	# only run this job on push to main or hotfix branches.
	if: ${{ github.event_name == 'push' }}

	runs-on: ubuntu-latest

	# For AWS authentication
	permissions:
	id-token: write
	contents: read

	needs: build
	steps:
	- name: Checkout code
	uses: actions/checkout@v4
	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3
	with:
	platforms: linux/amd64
	install: true
	- name: Configure AWS credentials
	uses: aws-actions/configure-aws-credentials@v4
	with:
	role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
	aws-region: ${{ secrets.AWS_REGION }}
	- name: Login to Amazon ECR
	id: login-ecr
	uses: aws-actions/amazon-ecr-login@v2
	- name: Docker meta
	id: meta
	uses: docker/metadata-action@v5
	env:
	ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
	with:
	images: \|
	${{ env.ECR_REGISTRY }}/${{ secrets.ECR_REPO_NAME }}
	tags: \|
	type=ref,event=branch
	type=raw,value=latest,enable=${{ github.ref_name == 'main' }}
	type=sha
	type=sha,format=long
	- name: Docker build
	timeout-minutes: 15
	uses: docker/build-push-action@v5
	with:
	push: true
	context: .
	tags: ${{ steps.meta.outputs.tags }}
	# platforms: linux/amd64
	provenance: false
	cache-from: type=gha
	cache-to: type=gha,mode=max