|
8 | 8 | workflow_dispatch: |
9 | 9 |
|
10 | 10 |
|
| 11 | +# Limit this workflow to a single run at a time per-branch to avoid wasting worker resources |
11 | 12 | concurrency: |
12 | 13 | group: ${{ github.workflow }}-${{ github.ref }} |
13 | 14 | cancel-in-progress: true |
14 | 15 |
|
15 | 16 |
|
16 | 17 | jobs: |
17 | | - nox: |
| 18 | + |
| 19 | + # JOB |
| 20 | + nox-other: |
18 | 21 | runs-on: ubuntu-latest |
19 | 22 |
|
| 23 | + strategy: |
| 24 | + fail-fast: false |
| 25 | + matrix: |
| 26 | + session: [precommit, audit] |
| 27 | + |
20 | 28 | steps: |
21 | | - - name: Checkout Code |
22 | | - uses: actions/checkout@v4 |
| 29 | + - uses: level12/coppy/gh-actions/nox-run@main |
| 30 | + with: |
| 31 | + nox-session: ${{ matrix.session }} |
| 32 | + |
| 33 | + |
| 34 | + # JOB |
| 35 | + nox-pytest: |
| 36 | + runs-on: ubuntu-latest |
| 37 | + |
| 38 | + steps: |
| 39 | + - uses: level12/coppy/gh-actions/uv-prep@main |
| 40 | + with: |
| 41 | + # Copier errors out with a shallow repo clone. This makes it a full clone. |
| 42 | + fetch-depth: 0 |
| 43 | + |
| 44 | + - name: Prep test user |
| 45 | + run: | |
| 46 | + # The script returns early after adding the current user to the new user's group. |
| 47 | + # This is due to the need to "logout" before the user pick's up the group's identity. |
| 48 | + uv run --no-dev tasks/test-user-prep.py |
23 | 49 |
|
24 | | - - name: Add ~/bin to PATH |
25 | | - run: echo "PATH=/home/runner/bin:$PATH" >> $GITHUB_ENV |
26 | 50 |
|
27 | | - - name: Prep |
| 51 | + # Permissions for the test user operate assuming the group sticky bit. Having acls for |
| 52 | + # the runner user results in the sticky bit not working as intended. So clear them. |
| 53 | + sudo setfacl -R -b /home/coppy-tests/ |
| 54 | +
|
| 55 | +
|
| 56 | + # Permissive umask to avoid group write being masked out |
| 57 | + umask 000 |
| 58 | +
|
| 59 | +
|
| 60 | + # Workaround for: https://github.com/actions/runner-images/issues/13049 |
| 61 | + sudo sed -i '/XDG_RUNTIME_DIR\|\(=\/home\/runner\)/d' /etc/environment |
| 62 | +
|
| 63 | +
|
| 64 | + # Run prep again, this time giving the runner user access to the group created above. |
| 65 | + # This is necessary because, as best I can tell, there is no way to logout and then |
| 66 | + # back in to give the runner access to that group. |
| 67 | + sg coppy-tests -c 'uv run --no-dev tasks/test-user-prep.py --systemd-skip' |
| 68 | +
|
| 69 | +
|
| 70 | + - name: Run pytest |
28 | 71 | run: | |
29 | | - # Mise |
30 | | - mkdir ~/bin |
31 | | - curl -LsS https://mise.jdx.dev/mise-latest-linux-x64 > ~/bin/mise |
32 | | - chmod +x ~/bin/mise |
33 | | -
|
34 | | - # build the image used to test |
35 | | - mise docker-build |
36 | | -
|
37 | | - # uv |
38 | | - mise use -g ubi:astral-sh/uv |
39 | | - mkdir -p /home/runner/.local/share/uv/python/ |
40 | | -
|
41 | | - # Prep mise |
42 | | - mise trust |
43 | | - mise install |
44 | | -
|
45 | | - # Uncomment to help troubleshooting |
46 | | - # - name: Debug info |
47 | | - # run: | |
48 | | - # # Python versions |
49 | | - # echo "Python versions:" |
50 | | - # mise exec -- python --version |
51 | | - # mise exec -- uv run python --version |
52 | | - |
53 | | - # # Path |
54 | | - # echo "Path:" |
55 | | - # echo $PATH |
56 | | - |
57 | | - # mise demo --no-bootstrap --no-nox |
58 | | - # mise sandbox --doctor |
59 | | - |
60 | | - - name: nox |
61 | | - run: mise exec -- uv run --frozen --only-group nox nox |
| 72 | + # Permissive umask to avoid group write being masked out |
| 73 | + umask 000 |
| 74 | +
|
| 75 | + sg coppy-tests -c 'uv run --frozen --only-group nox -- nox -s pytest' |
0 commit comments