policyengine-api/.github/workflows/pr.yml at master · PolicyEngine/policyengine-api · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
name: Pull request

on: pull_request

env:
  ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true

jobs:
  lint:
    name: Lint
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repo
        uses: actions/checkout@v4
      - name: Setup Python
        uses: actions/setup-python@v5
      - name: Install ruff
        run: pip install ruff>=0.9.0
      - name: Format check with ruff
        run: ruff format --check .
  quality-guards:
    name: Quality guards
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repo
        uses: actions/checkout@v4
      - name: Setup Python
        uses: actions/setup-python@v5
        with:
          python-version: "3.12"
      - name: Run quality guards
        run: python scripts/run_quality_guards.py
  check-changelog:
    name: Check changelog fragment
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Check for changelog fragment
        run: |
          FRAGMENTS=$(find changelog.d -type f ! -name '.gitkeep' | wc -l)
          if [ "$FRAGMENTS" -eq 0 ]; then
            echo "::error::No changelog fragment found in changelog.d/"
            echo "Add one with: echo 'Description.' > changelog.d/\$(git branch --show-current).<type>.md"
            echo "Types: added, changed, fixed, removed, breaking"
            exit 1
          fi
  test_container_builds:
    name: Docker
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write
    steps:
      - name: Checkout repo
        uses: actions/checkout@v4
      - name: Log in to the Container registry
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Build container
        run: docker build -t ghcr.io/policyengine/policyengine docker
  test_env_vars:
    name: Test environment variables
    runs-on: ubuntu-latest
    permissions:
      contents: read
      id-token: write
    steps:
      - name: Checkout repo
        uses: actions/checkout@v4
      - name: Set up Python
        uses: actions/setup-python@v5
        with:
          python-version: "3.12"
      - name: Auth
        uses: google-github-actions/auth@v2
        with:
          workload_identity_provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }}
          service_account: ${{ secrets.GCP_DEPLOY_SERVICE_ACCOUNT }}
      - name: Wait until policyengine_us version is available on PyPI
        run: .github/wait-for-pypi.sh
      - name: Install dependencies
        run: make install
      - name: Run environment variable tests
        run: pytest tests/env_variables/test_environment_variables.py
        env:
          POLICYENGINE_GITHUB_MICRODATA_AUTH_TOKEN: ${{ secrets.POLICYENGINE_GITHUB_MICRODATA_AUTH_TOKEN }}
          HUGGING_FACE_TOKEN: ${{ secrets.HUGGING_FACE_TOKEN }}
          POLICYENGINE_DB_PASSWORD: ${{ secrets.POLICYENGINE_DB_PASSWORD }}
  test:
    name: Test
    runs-on: ubuntu-latest
    needs: test_env_vars
    permissions:
      contents: read
      id-token: write
    steps:
      - name: Checkout repo
        uses: actions/checkout@v4
      - name: Set up Python
        uses: actions/setup-python@v5
        with:
          python-version: "3.12"
      - name: Install system dependencies
        run: sudo apt-get update && sudo apt-get install -y redis-server
      - name: Start Redis
        run: sudo systemctl start redis-server
      - name: Auth
        uses: google-github-actions/auth@v2
        with:
          workload_identity_provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }}
          service_account: ${{ secrets.GCP_DEPLOY_SERVICE_ACCOUNT }}
      - name: Set up Cloud SDK
        uses: google-github-actions/setup-gcloud@v2
        with:
          project_id: policyengine-api
      - name: Install dependencies
        run: make install
      - name: Test the API
        run: make test
        env:
          POLICYENGINE_DB_PASSWORD: ${{ secrets.POLICYENGINE_DB_PASSWORD }}
          POLICYENGINE_GITHUB_MICRODATA_AUTH_TOKEN: ${{ secrets.POLICYENGINE_GITHUB_MICRODATA_AUTH_TOKEN }}
          ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
          OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
          HUGGING_FACE_TOKEN: ${{ secrets.HUGGING_FACE_TOKEN }}
      - name: Upload coverage to Codecov
        uses: codecov/codecov-action@v5
        with:
          token: ${{ secrets.CODECOV_TOKEN }}
          slug: PolicyEngine/policyengine-api