Better External DB Provider Support #19
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # PR / branch checks without cloud credentials. Deploy workflows stay in deploy-*.yml. | |
| name: CI | |
| on: | |
| pull_request: | |
| push: | |
| branches: [main, test, prod] | |
| concurrency: | |
| group: ci-${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| requirements-sync: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| steps: | |
| - uses: actions/checkout@v6 | |
| with: | |
| ref: ${{ github.head_ref || github.ref_name }} | |
| repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} | |
| fetch-depth: 0 | |
| - uses: actions/setup-python@v6 | |
| with: | |
| python-version: "3.12" | |
| - name: Install Poetry and export plugin | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install poetry | |
| poetry self add poetry-plugin-export | |
| - name: Sync requirements.txt with poetry.lock | |
| env: | |
| PR_HEAD_REPO: ${{ github.event.pull_request.head.repo.full_name }} | |
| run: | | |
| poetry export -f requirements.txt --without-hashes -o syncbot/requirements.txt | |
| echo "# Required for MySQL 8+ caching_sha2_password; pin for reproducible CI (sam build)." > infra/aws/db_setup/requirements.txt | |
| grep -E "^(pymysql|psycopg2-binary|cryptography)==" syncbot/requirements.txt >> infra/aws/db_setup/requirements.txt | |
| if git diff --quiet syncbot/requirements.txt infra/aws/db_setup/requirements.txt; then | |
| echo "requirements.txt files are already in sync." | |
| elif [[ -n "${PR_HEAD_REPO}" && "${PR_HEAD_REPO}" != "${GITHUB_REPOSITORY}" ]]; then | |
| echo "::error::Requirements files are out of sync with poetry.lock. Commit with pre-commit installed (sync-requirements hook) or follow docs/DEVELOPMENT.md." | |
| exit 1 | |
| else | |
| git config user.name "github-actions[bot]" | |
| git config user.email "github-actions[bot]@users.noreply.github.com" | |
| git add syncbot/requirements.txt infra/aws/db_setup/requirements.txt | |
| git commit -m "chore: sync requirements.txt files with poetry.lock" | |
| git push | |
| echo "::notice::requirements.txt files were out of sync and have been auto-fixed." | |
| fi | |
| sam-lint: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: aws-actions/setup-sam@v2 | |
| with: | |
| use-installer: true | |
| - name: sam validate --lint | |
| run: | | |
| sam validate -t infra/aws/template.yaml --lint | |
| sam validate -t infra/aws/template.bootstrap.yaml --lint | |
| test: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: actions/setup-python@v6 | |
| with: | |
| python-version: "3.12" | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install poetry | |
| poetry install --with dev | |
| # Infra + deploy-script smoke tests (fast). Use `poetry run pytest` locally for the full suite. | |
| - name: pytest (infra & deploy scripts) | |
| run: poetry run pytest -q tests/test_deploy_script_syntax.py infra/aws/tests infra/gcp/tests |