Skip to content

More details about signature verification in client specs #367

More details about signature verification in client specs

More details about signature verification in client specs #367

Workflow file for this run

name: Run CI checks
on: pull_request
jobs:
run_lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Install poetry
run: pipx install poetry
- uses: actions/cache@v3
# We need to use this caching strategy (rather than setting `cache: poetry` in setup-python)
# because our use of dependency groups. We want separate caches for each dependency group.
# https://github.com/actions/setup-python/issues/505
env:
SEGMENT_DOWNLOAD_TIMEOUT_MIN: "15"
with:
path: |
~/.cache/pypoetry/virtualenvs
~/.cache/pypoetry/cache
~/.cache/pypoetry/artifacts
key: poetry-dev-${{ hashFiles('poetry.lock') }}
- uses: actions/setup-python@v4
with:
python-version: "3.12"
- name: Install dependencies
run: make install
- name: Run linting and formatting checks
run: make lint
docs_test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Install poetry
run: pipx install poetry
- uses: actions/setup-python@v4
with:
python-version: "3.12"
- uses: actions/cache@v3
# We need to use this caching strategy (rather than setting `cache: poetry`` in setup-python)
# because our use of dependency groups. We want separate caches for each dependency group.
# https://github.com/actions/setup-python/issues/505
env:
SEGMENT_DOWNLOAD_TIMEOUT_MIN: "15"
with:
path: |
~/.cache/pypoetry/virtualenvs
~/.cache/pypoetry/cache
~/.cache/pypoetry/artifacts
key: poetry-docs-${{ hashFiles('poetry.lock') }}
- name: Check documentation build
run: make docs
run_test:
runs-on: ubuntu-latest
services:
postgres:
image: postgres:15
env:
POSTGRES_DB: testdb
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres # pragma: allowlist secret
POSTGRES_HOST_AUTH_METHOD: trust
LC_COLLATE: en_US.UTF8
LC_CTYPE: en_US.UTF8
ports:
- 5432:5432
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
steps:
- uses: actions/checkout@v3
- name: Install poetry
run: pipx install poetry
- uses: actions/setup-python@v4
with:
python-version: "3.12"
- uses: actions/cache@v3
# We need to use this caching strategy (rather than setting `cache: poetry`` in setup-python)
# because our use of dependency groups. We want separate caches for each dependency group.
# https://github.com/actions/setup-python/issues/505
env:
SEGMENT_DOWNLOAD_TIMEOUT_MIN: "15"
with:
path: |
~/.cache/pypoetry/virtualenvs
~/.cache/pypoetry/cache
~/.cache/pypoetry/artifacts
key: poetry-dev-${{ hashFiles('poetry.lock') }}
- name: Install dependencies
run: make install
- name: Run tests
run: make test
browser-test:
runs-on: ubuntu-latest
env:
DOCKER_CACHE: /tmp/docker-cache
steps:
- uses: actions/checkout@v3
- name: Compute cache key
# Create hash of hashes of checked in files not in Dockerignore
run: echo "CACHE_KEY=$(git ls-tree --full-tree -r HEAD | grep -v -f RemoteSettings.dockerignore | awk '{print $3}' | git hash-object --stdin)" >> $GITHUB_ENV
- uses: actions/cache@v3
with:
path: ${{ env.DOCKER_CACHE}}
key: docker-build-${{ hashFiles('RemoteSettings.Dockerfile', 'BrowserTests.Dockerfile') }}-${{ env.CACHE_KEY }}
restore-keys: |
docker-build-${{ hashFiles('RemoteSettings.Dockerfile', 'BrowserTests.Dockerfile') }}-${{ env.CACHE_KEY }}
docker-build-${{ hashFiles('RemoteSettings.Dockerfile', 'BrowserTests.Dockerfile') }}-
docker-build-
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
install: true
- name: Build web container
uses: docker/build-push-action@v5
with:
cache-from: type=local,src=${{ env.DOCKER_CACHE}}/web
cache-to: type=local,dest=${{ env.DOCKER_CACHE}}/web,mode=max
file: RemoteSettings.Dockerfile
context: .
- name: Build test container
uses: docker/build-push-action@v5
with:
cache-from: type=local,src=${{ env.DOCKER_CACHE}}/tests
cache-to: type=local,dest=${{ env.DOCKER_CACHE}}/tests,mode=max
file: BrowserTests.Dockerfile
context: .
- name: Run browser tests
run: make browser-test