Skip to content
CI/CD

maint: update version tag #229

Sign in to view logs

maint: update version tag

maint: update version tag #229

Workflow file for this run

.github/workflows/ci_cd.yml at c425162
name: CI/CD
on:
pull_request:
branches:
- main
push:
branches:
- main
tags:
- 'v*'
env:
MAIN_PYTHON_VERSION: '3.12'
DOCUMENTATION_CNAME: ansys.github.io/aali-flowkit-python
PACKAGE_NAME: aali-flowkit-python
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
permissions:
contents: write
packages: write
jobs:
code-style:
name: "Code style checks"
runs-on: ubuntu-latest
steps:
- name: "Run PyAnsys code style checks"
uses: ansys/actions/code-style@v9
smoke-tests:
name: Build and Smoke tests
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
python-version: ['3.12']
include:
# ── Linux
- os: ubuntu-latest
goos: linux
goarch: amd64
platform: linux_amd64
ext: ""
- os: ubuntu-latest
goos: linux
goarch: arm64
platform: linux_arm64
ext: ""
# ── Windows
- os: windows-latest
goos: windows
goarch: amd64
platform: windows_amd64
ext: ".exe"
- os: windows-latest
goos: windows
goarch: arm64
platform: windows_arm64
ext: ".exe"
# ── macOS
- os: macos-latest
goos: darwin
goarch: amd64
platform: macos_amd64
ext: ""
- os: macos-latest
goos: darwin
goarch: arm64
platform: macos_arm64
ext: ""
steps:
- name: Build wheelhouse and perform smoke test
uses: ansys/actions/build-wheelhouse@v9
with:
library-name: ${{ env.PACKAGE_NAME }}
operating-system: ${{ matrix.os }}
python-version: ${{ matrix.python-version }}
whitelist-license-check: "attrs" # This has MIT license but fails the check
mendscan-sca:
name: Mend Scan
runs-on: ubuntu-latest
steps:
- name: Set up JDK
uses: actions/setup-java@v4
with:
java-version: '11'
distribution: 'adopt'
- name: Mend Unified Agent Scan
env:
WS_APIKEY: '${{secrets.MEND_API_KEY}}'
WS_USERKEY: '${{ secrets.MEND_USER_KEY }}'
WS_WSS_URL: 'https://app.whitesourcesoftware.com/agent'
WS_PRODUCTNAME: 'AnsysAali'
WS_PROJECTNAME: ${{github.event.repository.name}}
WS_GENERATEPROJECTDETAILSJSON: true
WS_GENERATESCANREPORT: true
WS_FILESYSTEMSCAN: true
WS_CHECKPOLICIES: true
WS_FORCECHECKALLDEPENDENCIES: true
WS_SCANREPORTFILENAMEFORMAT: static
WS_FORCEUPDATE_FAILBUILDONPOLICYVIOLATION : true
WS_PYTHON_REQUIREMENTSFILEINCLUDES: "pyproject.toml"
run: |
echo Downloading Mend Unified Agent
curl -LJO https://unified-agent.s3.amazonaws.com/wss-unified-agent.jar
if [[ "$(curl -sL https://unified-agent.s3.amazonaws.com/wss-unified-agent.jar.sha256)" != "$(sha256sum wss-unified-agent.jar)" ]] ; then
echo "Integrity Check Failed"
else
echo "Integrity Check Passed"
echo Starting Unified Agent Scan
java -jar wss-unified-agent.jar -loglevel debug
fi
docs-style:
name: Documentation Style Check
runs-on: ubuntu-latest
steps:
- name: PyAnsys documentation style checks
uses: ansys/actions/doc-style@v9
with:
token: ${{ secrets.GITHUB_TOKEN }}
docs-build:
name: Documentation Build
runs-on: ubuntu-latest
needs: [docs-style]
steps:
- name: "Run Ansys documentation building action"
uses: ansys/actions/doc-build@v9
with:
add-pdf-html-docs-as-assets: true
upload_dev_docs:
name: Upload dev documentation
if: github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
needs: [docs-build]
steps:
- name: Deploy the latest documentation
uses: ansys/actions/doc-deploy-dev@v9
with:
cname: ${{ env.DOCUMENTATION_CNAME }}
token: ${{ secrets.GITHUB_TOKEN }}
tests:
name: "Tests"
runs-on: ${{ matrix.os }}
needs: [smoke-tests]
strategy:
matrix:
os: [ubuntu-latest, windows-latest]
python-version: ['3.12']
fail-fast: false
steps:
- name: Testing
uses: ansys/actions/tests-pytest@v9
timeout-minutes: 12
- name: Upload coverage results (HTML)
uses: actions/upload-artifact@v4
if: (matrix.python-version == env.MAIN_PYTHON_VERSION) && (runner.os == 'Linux')
with:
name: coverage-html
path: .cov/html
retention-days: 7
upload_docs_release:
name: Upload release documentation
if: github.event_name == 'push' && contains(github.ref, 'refs/tags')
runs-on: ubuntu-latest
needs: [release]
steps:
- name: Deploy the stable documentation
uses: ansys/actions/doc-deploy-stable@v9
with:
cname: ${{ env.DOCUMENTATION_CNAME }}
token: ${{ secrets.GITHUB_TOKEN }}
release-docker:
name : Generate Docker release
if: github.event_name == 'push' && contains(github.ref, 'refs/tags')
needs: [release]
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Check if tag name contains 'dev'
run: echo "IS_DEV_TAG=$(echo ${{ github.ref_name }} | grep -q 'dev' && echo 'true' || echo 'false')" >> $GITHUB_ENV
- name: Decompose tag into components
if: env.IS_DEV_TAG == 'false'
run: |
if [[ ${{ github.ref_name }} =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
# Split the tag into its components
IFS='.' read -ra PARTS <<< "${{ github.ref_name }}"
echo "X=${PARTS[0]}" >> $GITHUB_ENV
echo "Y=${PARTS[1]}" >> $GITHUB_ENV
echo "Z=${PARTS[2]}" >> $GITHUB_ENV
else
echo "Invalid tag format. Expected vX.Y.Z but got ${{ github.ref_name }}"
exit 1
fi
- name: Build and push Docker image
uses: docker/build-push-action@v6
if: env.IS_DEV_TAG == 'false'
with:
context: .
file: docker/Dockerfile
push: true
platforms: linux/amd64,linux/arm64
tags: |
ghcr.io/${{ github.repository }}:${{ env.X }} ,
ghcr.io/${{ github.repository }}:${{ env.X }}.${{ env.Y }} ,
ghcr.io/${{ github.repository }}:${{ env.X }}.${{ env.Y }}.${{ env.Z }} ,
ghcr.io/${{ github.repository }}:latest
- name: Build and push Docker image dev
if: env.IS_DEV_TAG == 'true'
uses: docker/build-push-action@v6
with:
context: .
file: docker/Dockerfile
push: true
platforms: linux/amd64,linux/arm64
tags: |
ghcr.io/${{ github.repository }}:${{ github.ref_name }}
binaries:
name : Create binaries
if: github.event_name == 'push' && contains(github.ref, 'refs/tags')
needs: [docs-build, tests]
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
include:
# ── Linux
- os: ubuntu-latest
goos: linux
goarch: amd64
platform: linux_amd64
ext: ""
- os: ubuntu-latest
goos: linux
goarch: arm64
platform: linux_arm64
ext: ""
# ── Windows
- os: windows-latest
goos: windows
goarch: amd64
platform: windows_amd64
ext: ".exe"
- os: windows-latest
goos: windows
goarch: arm64
platform: windows_arm64
ext: ".exe"
# ── macOS
- os: macos-latest
goos: darwin
goarch: amd64
platform: macos_amd64
ext: ""
- os: macos-latest
goos: darwin
goarch: arm64
platform: macos_arm64
ext: ""
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: ${{ env.MAIN_PYTHON_VERSION }}
- name: Install dependencies
run: pip install .[all]
- name: Install PyInstaller
run: pip install pyinstaller
- name: Attempt to build executable
id: first-attempt
run: >
pyinstaller src/aali/flowkit/__main__.py --onefile
--name ${{ github.event.repository.name }}_${{ matrix.platform }}_${{ github.ref_name }}${{ matrix.ext }}
--copy-metadata ${{ github.event.repository.name }}
--hidden-import uvicorn --collect-all uvicorn
--distpath build/dist --workpath build/build --specpath build
continue-on-error: true
- name: Modify spec file and retry build
if: steps.first-attempt.outcome == 'failure'
run: |
echo "import sys ; sys.setrecursionlimit(sys.getrecursionlimit() * 5)" >> ${{ github.event.repository.name }}_${{ matrix.platform }}_${{ github.ref_name }}${{ matrix.ext }}.spec
pyinstaller ${{ github.event.repository.name }}_${{ matrix.platform }}_${{ github.ref_name }}${{ matrix.ext }}.spec
- name: Upload artifact
uses: actions/upload-artifact@v4
with:
name: ${{ matrix.platform }}_binaries
path: build/dist/${{ github.event.repository.name }}_${{ matrix.platform }}_*
sign-windows-binaries:
name: Sign Windows binaries
needs: [binaries]
runs-on:
group: ansys-network
labels: [self-hosted, Windows, signtool]
steps:
- name: Checkout SignTool
uses: actions/checkout@v4
with:
repository: ansys-internal/signtool-ansys-apps
token: ${{ secrets.SIGNTOOL_ACCESS_TOKEN }}
- name: Download Windows artifacts
uses: actions/download-artifact@v4
with:
pattern: windows_*_binaries
path: signtool/installer
- name: List contents
run: ls -R signtool/installer
- name: Create dist directory
shell: pwsh
run: mkdir -p signtool/installer/dist
- name: Sign Windows executables
working-directory: signtool
shell: pwsh
run: |
# collect every .exe that came from the download‑artifact step
$files = Get-ChildItem installer -Recurse -Filter "*.exe"
if ($files.Count -eq 0) {
Write-Error "❌ No Windows executables found in signtool/installer — signing aborted."
exit 1 # → step fails → job fails → workflow fails
}
# Create dist directory if it doesn't exist
if (!(Test-Path installer/dist)) {
New-Item -ItemType Directory -Path installer/dist
}
foreach ($file in $files) {
$jobname = $file.BaseName
$destFile = "installer/dist/$($file.Name)"
.\Ansys.SignClient.exe sign --signUrl https://csign.ansys.com -r gh_signtool_account -s '${{ secrets.SIGNTOOL_PWD }}' -n $jobname -i $file.FullName -o $file.FullName
# Copy the signed file to the dist directory
Copy-Item -Path $file.FullName -Destination $destFile
}
- name: Upload signed Windows artifacts
uses: actions/upload-artifact@v4
with:
name: windows-binaries-signed
path: signtool/installer/dist/*
if-no-files-found: error
check-tag:
runs-on: ubuntu-latest
if: github.event_name == 'push' && contains(github.ref, 'refs/tags')
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: actions/setup-python@v5
with:
python-version: ${{ env.MAIN_PYTHON_VERSION }}
cache: pip
- id: get-tag-version
run: echo "TAG_VERSION=$(echo ${{ github.ref_name }} | cut -dv -f2 -)" | tee "$GITHUB_OUTPUT"
- name: check package versions match tag
run: |
pip install '.[ci]'
python .ci/check_version_match.py --semver ${{ steps.get-tag-version.outputs.TAG_VERSION }} --pypi-metadata ${{ env.PACKAGE_NAME }}
- name: Check if tag is on main branch
run: git branch -r --contains ${{ github.ref_name }} | grep origin/main
release:
needs: [check-tag, sign-windows-binaries]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
# Create a directory to collect all binaries
- name: Create release directory
run: mkdir -p release_files
# Download all artifacts to the release directory
- uses: actions/download-artifact@v4
with:
pattern: "*_binaries*"
path: release_files
merge-multiple: true
- uses: actions/download-artifact@v4
with:
name: windows-binaries-signed
path: release_files
# Delete unsigned Windows binaries
- name: Drop unsigned Windows binaries
run: rm -rf release_files/windows_*_binaries
# List all files for verification
- name: Verify collected binaries
run: |
echo "▼ release_files contains:"
find release_files -type f | sort
# Create GitHub release with all files
- name: Create GitHub release
uses: softprops/action-gh-release@v2
with:
generate_release_notes: true
fail_on_unmatched_files: false
files: |
release_files/**/${{ github.event.repository.name }}_*_${{ github.ref_name }}*
main-repo-release:
name: Update main aali repo and create release
needs: [release, release-docker]
runs-on: ubuntu-latest
steps:
- name: Checkout aali repository
run: |
git clone --branch main https://${{ secrets.PYANSYS_CI_BOT_TOKEN }}@github.com/ansys/aali.git
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version-file: 'aali/scripts/releasehelper/go.mod'
- name: Run tag script
run: |
cd aali/scripts/releasehelper
go run main.go "tag" ${{ github.ref_name }} ${{ secrets.PYANSYS_CI_BOT_TOKEN }}
- name: Commit and push to aali
run: |
cd aali
git config --global user.email '${{ github.actor }}@users.noreply.github.com'
git config --global user.name '${{ github.actor }}'
git commit -a -m 'New release triggered by ${{ github.event.repository.name }}'
git push origin main
- name: Run release script
run: |
cd aali/scripts/releasehelper
go run main.go "release" ${{ github.ref_name }} ${{ secrets.PYANSYS_CI_BOT_TOKEN }}