generated from br3ndonland/template-python
-
Notifications
You must be signed in to change notification settings - Fork 17
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
GitHub Actions In GitHub Actions, the following steps will be taken to install Poetry and verify that the correct version is installed: 1. Set the `PIPX_VERSION` and `POETRY_VERSION` environment variables, which will be used to install specific versions of each package 2. Install `pipx` with `pip`, for the appropriate version of Python (`pipx` is included by default in the GitHub Actions environment, but only for the default Python version, not necessarily the version installed by actions/setup-python) 3. Install Poetry with `pipx` instead of get-poetry.py/install-poetry.py 4. Test that the output of `poetry -V` matches `$POETRY_VERSION` --- Docker There are conflicting conventions when working with Poetry in Docker: 1. Docker's convention is to not use virtualenvs, because containers themselves provide sufficient isolation. 2. Poetry's convention is to always use virtualenvs. This project has previously preferred the Docker convention: - Poetry itself was installed with the get-poetry.py script, with the environment variable `POETRY_HOME=/opt/poetry` used to specify a consistent location for Poetry. - `poetry install` was used with `POETRY_VIRTUALENVS_CREATE=false` to install the project's packages into the system Python directory. The conventional Docker approach no longer works because: - The old install script get-poetry.py is deprecated and not compatible with Python 3.10. - The new install script install-poetry.py has been problematic so far, and Poetry doesn't really test it, so problems will likely continue. In the updated approach: - `ENV PATH=/opt/pipx/bin:/app/.venv/bin:$PATH` will prepare `$PATH`. - `pip` will be used to install a pinned version of `pipx`. - `pipx` will be used to install a pinned version of Poetry, with `PIPX_BIN_DIR=/opt/pipx/bin` used to specify the location where `pipx` installs the Poetry command-line application, and `PIPX_HOME=/opt/pipx/home` used as the location for `pipx` itself. - `poetry install` will be used with `POETRY_VIRTUALENVS_CREATE=true`, `POETRY_VIRTUALENVS_IN_PROJECT=true` and `WORKDIR /app` to install the project's packages into a virtualenv at `/app/.venv`. Subsequent `python` commands will use `app/.venv/bin/python`. As long as `POETRY_VIRTUALENVS_IN_PROJECT=true` and `WORKDIR /app` are retained, subsequent Poetry commands will use the same virtualenv at `/app/.venv`.
- Loading branch information
1 parent
48ae350
commit af7bedd
Showing
5 changed files
with
139 additions
and
34 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,17 +1,71 @@ | ||
name: codeql | ||
|
||
on: | ||
push: | ||
branches: [develop, main] | ||
pull_request: | ||
branches: [develop, main] | ||
schedule: | ||
- cron: "0 13 * * 1" | ||
workflow_dispatch: | ||
|
||
env: | ||
PIPX_VERSION: "0.16.4" | ||
POETRY_VERSION: "1.1.11" | ||
POETRY_VIRTUALENVS_IN_PROJECT: true | ||
|
||
jobs: | ||
analyze: | ||
runs-on: ubuntu-latest | ||
strategy: | ||
matrix: | ||
python-version: [3.8, 3.9] | ||
permissions: | ||
actions: read | ||
contents: read | ||
security-events: write | ||
steps: | ||
- uses: actions/checkout@v2 | ||
- uses: actions/setup-python@v2 | ||
with: | ||
python-version: ${{ matrix.python-version }} | ||
- name: Set up Poetry cache for Python dependencies | ||
uses: actions/cache@v2 | ||
with: | ||
path: ~/.cache/pypoetry | ||
key: ${{ runner.os }}-poetry-${{ hashFiles('**/poetry.lock') }} | ||
restore-keys: ${{ runner.os }}-poetry- | ||
- name: Install pipx for Python ${{ matrix.python-version }} | ||
run: python -m pip install "pipx==$PIPX_VERSION" | ||
- name: Install Poetry | ||
run: pipx install "poetry==$POETRY_VERSION" | ||
- name: Test Poetry version | ||
run: | | ||
POETRY_VERSION_INSTALLED=$(poetry -V) | ||
echo "The POETRY_VERSION environment variable is set to $POETRY_VERSION." | ||
echo "The installed Poetry version is $POETRY_VERSION_INSTALLED." | ||
case $POETRY_VERSION_INSTALLED in | ||
*$POETRY_VERSION*) echo "Poetry version correct." ;; | ||
*) echo "Poetry version incorrect." && exit 1 ;; | ||
esac | ||
- name: Install dependencies | ||
run: poetry install --no-interaction -E fastapi | ||
- name: Test Poetry virtualenv location | ||
run: | | ||
EXPECTED_VIRTUALENV_PATH=${{ github.workspace }}/.venv | ||
INSTALLED_VIRTUALENV_PATH=$(poetry env info --path) | ||
echo "The virtualenv should be at $EXPECTED_VIRTUALENV_PATH." | ||
echo "Poetry is using a virtualenv at $INSTALLED_VIRTUALENV_PATH." | ||
case "$INSTALLED_VIRTUALENV_PATH" in | ||
"$EXPECTED_VIRTUALENV_PATH") echo "Correct Poetry virtualenv." ;; | ||
*) echo "Incorrect Poetry virtualenv." && exit 1 ;; | ||
esac | ||
echo "INSTALLED_VIRTUALENV_PATH=$INSTALLED_VIRTUALENV_PATH" >> $GITHUB_ENV | ||
- name: Set the `CODEQL_PYTHON` environment variable so CodeQL can find dependencies | ||
run: echo "CODEQL_PYTHON=$INSTALLED_VIRTUALENV_PATH/bin/python" >> $GITHUB_ENV | ||
- uses: github/codeql-action/init@v1 | ||
with: | ||
languages: python | ||
setup-python-dependencies: false | ||
- uses: github/codeql-action/autobuild@v1 | ||
- uses: github/codeql-action/analyze@v1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters