Skip to content

Bump aquasecurity/trivy-action from 0.10.0 to 0.13.1 #30589

Bump aquasecurity/trivy-action from 0.10.0 to 0.13.1

Bump aquasecurity/trivy-action from 0.10.0 to 0.13.1 #30589

name: Continuous Integration
on:
push:
branches:
- main
tags:
- "*"
pull_request:
concurrency:
group: continous-integration-${{ github.ref }} # branch or tag name
cancel-in-progress: true
# SECRETS
# - GH_RELEASE_NOTES_TOKEN: personal access token of `rasabot` github account
# (login for account in 1pw)
# - SLACK_WEBHOOK_TOKEN: token to post to RasaHQ slack account (in 1password)
# - PYPI_TOKEN: publishing token for amn41 account, needs to be maintainer of
# RasaHQ/rasa on pypi (account credentials in 1password)
# - DOCKERHUB_PASSWORD: password for an account with write access to the rasa
# repo on hub.docker.com. used to pull and upload containers
# - RASA_OSS_TELEMETRY_WRITE_KEY: key to write to segment. Used to report telemetry.
# The key will be added to the distributions
# - RASA_OSS_EXCEPTION_WRITE_KEY: key to write to sentry. Used to report exceptions.
# The key will be added to the distributions.
# Key can be found at https://sentry.io/settings/rasahq/projects/rasa-open-source/install/python/
# - SENTRY_AUTH_TOKEN: authentication used to tell Sentry about any new releases
# created at https://sentry.io/settings/account/api/auth-tokens/
env:
# needed to fix issues with boto during testing:
# https://github.com/travis-ci/travis-ci/issues/7940
BOTO_CONFIG: /dev/null
IS_TAG_BUILD: ${{ startsWith(github.event.ref, 'refs/tags') }}
DOCKERHUB_USERNAME: tmbo
DEFAULT_PYTHON_VERSION: "3.10"
# for wait_for_xx jobs
WAIT_TIMEOUT_SECS: 3000
WAIT_INTERVAL_SECS: 60
jobs:
changes:
name: Check for file changes
runs-on: ubuntu-22.04
outputs:
# Both of the outputs below are strings but only one exists at any given time
backend: ${{ steps.changed-files.outputs.backend || steps.run-all.outputs.backend }}
docker: ${{ steps.changed-files.outputs.docker || steps.run-all.outputs.docker }}
docs: ${{ steps.changed-files.outputs.docs || steps.run-all.outputs.docs }}
is_pre_release_version: ${{ steps.rasa_check_version_type.outputs.is_pre_release_version }}
steps:
- uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c
- uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50
# Run the normal filters if the all-tests-required label is not set
id: changed-files
if: contains(github.event.pull_request.labels.*.name, 'status:all-tests-required') == false && github.event_name == 'pull_request'
with:
token: ${{ secrets.GITHUB_TOKEN }}
filters: .github/change_filters.yml
- name: Set all filters to true if all tests are required
# Set all filters to true if the all-tests-required label is set or if we are not in a PR
# Bypasses all the change filters in change_filters.yml and forces all outputs to true
id: run-all
if: contains(github.event.pull_request.labels.*.name, 'status:all-tests-required') || github.event_name != 'pull_request'
run: |
echo "backend=true" >> $GITHUB_OUTPUT
echo "docker=true" >> $GITHUB_OUTPUT
echo "docs=true" >> $GITHUB_OUTPUT
- name: Check if tag version is a pre release version
id: rasa_check_version_type
if: env.IS_TAG_BUILD == 'true'
run: |
# Get current tagged Rasa version
CURRENT_TAG=${GITHUB_REF#refs/tags/}
if [[ "$CURRENT_TAG" =~ ^[0-9.]+$ ]]; then
echo "is_pre_release_version=false" >> $GITHUB_OUTPUT
else
echo "is_pre_release_version=true" >> $GITHUB_OUTPUT
fi
wait_for_docs_tests:
# Looks for doc test workflows and waits for it to complete successfully
# Runs on pushes to main exclusively
name: Wait for docs tests
if: github.ref_type != 'tag'
runs-on: ubuntu-22.04
needs: [changes]
steps:
- name: Wait for doc tests
uses: fountainhead/action-wait-for-check@297be350cf8393728ea4d4b39435c7d7ae167c93
id: wait-for-doc-tests
with:
token: ${{ secrets.GITHUB_TOKEN }}
checkName: Test Documentation
ref: ${{ github.event.pull_request.head.sha || github.sha }}
timeoutSeconds: ${{ env.WAIT_TIMEOUT_SECS }}
intervalSeconds: ${{ env.WAIT_INTERVAL_SECS }}
- name: Fail the step if the doc tests run could not be found
if: ${{ steps.wait-for-doc-tests.outputs.conclusion == 'timed_out' }}
run: |
echo "Could not find the doc tests run."
exit 1
quality:
name: Code Quality
if: github.ref_type != 'tag'
runs-on: ubuntu-22.04
needs: [changes]
steps:
- name: Checkout git repository 🕝
if: needs.changes.outputs.backend == 'true'
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c
- name: Set up Python ${{ env.DEFAULT_PYTHON_VERSION }} 🐍
if: needs.changes.outputs.backend == 'true'
uses: actions/setup-python@57ded4d7d5e986d7296eab16560982c6dd7c923b
with:
python-version: ${{ env.DEFAULT_PYTHON_VERSION }}
- name: Read Poetry Version 🔢
if: needs.changes.outputs.backend == 'true'
run: |
echo "POETRY_VERSION=$(scripts/poetry-version.sh)" >> $GITHUB_ENV
shell: bash
- name: Install poetry 🦄
if: needs.changes.outputs.backend == 'true'
uses: Gr1N/setup-poetry@15821dc8a61bc630db542ae4baf6a7c19a994844 # v8
with:
poetry-version: ${{ env.POETRY_VERSION }}
- name: Inject setuptools into poetry's runtime environment
if: needs.changes.outputs.backend == 'true'
run: |
poetry self add setuptools
- name: Load Poetry Cached Libraries ⬇
id: cache-poetry
if: needs.changes.outputs.backend == 'true'
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8
with:
path: .venv
key: ${{ runner.os }}-poetry-${{ env.POETRY_VERSION }}-${{ env.DEFAULT_PYTHON_VERSION }}-${{ hashFiles('**/poetry.lock') }}-${{ secrets.POETRY_CACHE_VERSION }}
restore-keys: ${{ runner.os }}-poetry-${{ env.DEFAULT_PYTHON_VERSION }}
- name: Clear Poetry cache
if: steps.cache-poetry.outputs.cache-hit == 'true' && needs.changes.outputs.backend == 'true' && contains(github.event.pull_request.labels.*.name, 'tools:clear-poetry-cache-unit-tests')
run: rm -r .venv
- name: Create virtual environment
if: (steps.cache-poetry.outputs.cache-hit != 'true' || contains(github.event.pull_request.labels.*.name, 'tools:clear-poetry-cache-unit-tests')) && needs.changes.outputs.backend == 'true'
run: python -m venv create .venv
- name: Set up virtual environment
if: needs.changes.outputs.backend == 'true'
run: poetry config virtualenvs.in-project true
- name: Install Dependencies 📦
if: needs.changes.outputs.backend == 'true'
# Poetry intermittently fails to install dependency if it is not PEP 517 compliant
# This is a workaround for that issue
run: |
sudo apt-get -y install libpq-dev
make install-full
- name: Checkout target branch to be able to diff
if: needs.changes.outputs.backend == 'true' && github.event_name == 'pull_request'
run: |
git fetch origin ${{ github.base_ref }}
echo "DOCSTRING_DIFF_BRANCH=origin/${{ github.base_ref }}" >> $GITHUB_ENV
# Fetch entire history for current branch so that `make lint-docstrings`
# can calculate the proper diff between the branches
git fetch --unshallow origin "${{ github.ref }}"
- name: Add github workflow problem matchers
if: needs.changes.outputs.backend == 'true'
run: |
echo "::add-matcher::.github/matchers/flake8-error-matcher.json"
- name: Lint Code 🎎
if: needs.changes.outputs.backend == 'true'
run: |
# If it's not a pull request, $DOCSTRING_DIFF_BRANCH is unset.
# This will result in an empty diff, which effictively means that
# make lint-docstrings will be skipped for other events than `pull_request`
make lint BRANCH=$DOCSTRING_DIFF_BRANCH
- name: Check Types 📚
if: needs.changes.outputs.backend == 'true'
run: make types
- name: Lint Changelog Filenames 📝
if: needs.changes.outputs.backend == 'true' && github.event_name == 'pull_request'
run: make lint-changelog
- name: Test CLI 🖥
if: needs.changes.outputs.backend == 'true'
# makes sure we catch any dependency error early. they will create strange
# errors during the docs build, so easier to catch them early on by
# trying to run the `rasa` command once before the docs build.
run: poetry run rasa --help
changelog:
name: Check for changelog
runs-on: ubuntu-22.04
steps:
- name: Checkout git repository 🕝
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c
- name: Assert release includes all changelog entries
# check changelog folder only when we create pull request preparing release
if: github.event_name == 'pull_request' && startsWith(github.head_ref, 'prepare-release') && needs.changes.outputs.is_pre_release_version == 'false'
working-directory: changelog
run: |
# List all unexpected files in changelog/
UNEXPECTED_FILES=$(ls -A --ignore={"README.md",".gitignore","_template.md.jinja2"})
# Exit with error if found any unexpected files
[[ "$UNEXPECTED_FILES" ]] && \
echo "Found the following unexpected files in changelogs/" && \
echo "$UNEXPECTED_FILES" && \
exit 1 || \
echo "Release includes all changelog entries."
test:
name: Run Tests
if: github.ref_type != 'tag'
runs-on: ${{ matrix.os }}
timeout-minutes: 60
needs: [changes]
strategy:
fail-fast: false
matrix:
test:
- test-cli
- test-core-featurizers
- test-policies
- test-nlu-featurizers
- test-nlu-predictors
- test-full-model-training
- test-other-unit-tests
- test-performance
os: [ubuntu-22.04, windows-2019]
python-version: [3.8, 3.9, "3.10"]
steps:
- name: Run DataDog Agent
if: needs.changes.outputs.backend == 'true' && (matrix.os != 'windows-2019' || contains(github.event.pull_request.labels.*.name, 'tools:datadog-windows'))
run: |
docker run --name dd_agent -p 8126:8126 -d -e "DD_API_KEY=${{ secrets.DD_API_KEY }}" -e "DD_INSIDE_CI=true" -e "DD_HOSTNAME=none" -e "DD_SITE=datadoghq.eu" -e GITHUB_ACTIONS=true -e CI=true datadog/agent:latest
docker ps --all --filter name=dd_agent --filter status=running --no-trunc --format "{{.ID}} {{.Status}}"
docker port dd_agent
- name: Checkout git repository 🕝
if: needs.changes.outputs.backend == 'true'
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c
- name: Set up Python ${{ matrix.python-version }} 🐍
if: needs.changes.outputs.backend == 'true'
uses: actions/setup-python@57ded4d7d5e986d7296eab16560982c6dd7c923b
with:
python-version: ${{ matrix.python-version }}
- name: Read Poetry Version 🔢
if: needs.changes.outputs.backend == 'true'
run: |
echo "POETRY_VERSION=$(scripts/poetry-version.sh)" >> $GITHUB_ENV
shell: bash
- name: Install poetry 🦄
if: needs.changes.outputs.backend == 'true'
uses: Gr1N/setup-poetry@15821dc8a61bc630db542ae4baf6a7c19a994844 # v8
with:
poetry-version: ${{ env.POETRY_VERSION }}
- name: Inject setuptools into poetry's runtime environment
if: needs.changes.outputs.backend == 'true'
run: |
poetry self add setuptools
- name: Load Poetry Cached Libraries ⬇
id: cache-poetry
if: needs.changes.outputs.backend == 'true'
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8
with:
path: .venv
key: ${{ runner.os }}-poetry-${{ env.POETRY_VERSION }}-${{ matrix.python-version }}-${{ hashFiles('**/poetry.lock') }}-venv-${{ secrets.POETRY_CACHE_VERSION }}-${{ env.pythonLocation }}
- name: Clear Poetry cache
if: steps.cache-poetry.outputs.cache-hit == 'true' && needs.changes.outputs.backend == 'true' && contains(github.event.pull_request.labels.*.name, 'tools:clear-poetry-cache-unit-tests')
run: rm -r .venv
# Poetry >= 1.1.0b uses virtualenv to create a virtual environment.
# The virtualenv simply doesn't work on Windows with our setup,
# that's why we use venv to create virtual environment
- name: Create virtual environment
if: (steps.cache-poetry.outputs.cache-hit != 'true' || contains(github.event.pull_request.labels.*.name, 'tools:clear-poetry-cache-unit-tests')) && needs.changes.outputs.backend == 'true'
run: python -m venv create .venv
- name: Set up virtual environment
if: needs.changes.outputs.backend == 'true'
# Poetry on Windows cannot pick up the virtual environments directory properly,
# and it creates a new one every time the pipeline runs.
# This step solves this problem — it tells poetry to always use `.venv` directory inside
# the project itself, which also makes it easier for us to determine the correct directory
# that needs to be cached.
run: poetry config virtualenvs.in-project true
- name: Install Dependencies (Linux) 📦
if: needs.changes.outputs.backend == 'true' && matrix.os == 'ubuntu-22.04'
# Poetry intermittently fails to install dependency if it is not PEP 517 compliant
# This is a workaround for that issue
run: |
sudo apt-get -y install libpq-dev
make install-full | tee .output
if grep 'The lock file is not up to date' .output; then exit 1; fi
make prepare-tests-ubuntu
- name: Install Dependencies (Windows) 📦
if: needs.changes.outputs.backend == 'true' && matrix.os == 'windows-2019'
# Restoring cache doesn't work properly on Windows due to symlinks.
# We create symlinks for spacy models, that's why we need to clean them up
# before caching the dependencies directory.
# More information: https://github.com/actions/cache/issues/120
# Poetry intermittently fails to install dependency if it is not PEP 517 compliant
# This is a workaround for that issue
run: |
$spacy_data_dir = ".venv\lib\site-packages\spacy\data"
if (Test-Path $spacy_data_dir) {
Get-ChildItem -Force -ErrorAction Stop $spacy_data_dir | Where-Object { if($_.Attributes -match "ReparsePoint"){$_.Delete()} }
Remove-Item -Force -Recurse $spacy_data_dir
New-Item -Path $spacy_data_dir -Type Directory
}
make install-full
make prepare-tests-windows-gha
- name: Add github workflow problem matchers
if: needs.changes.outputs.backend == 'true' && matrix.python-version == 3.7 && matrix.os == 'ubuntu-22.04'
# only annotate based on test runs on ubuntu: otherwise
# all errors will be duplicated for each python / os combination
# therefore, we only enable for the one where most tests are run
# (tests will still run in other envs, they will just not create annotations)
run: pip install pytest-github-actions-annotate-failures
- name: Disable "LongPathsEnabled" option on Windows
if: matrix.os == 'windows-2019'
# On Windows laptops, a default preset prevents path names from being longer than
# 260 characters. Some of our users can't enable this setting due to company policies.
# We implemented a fix for model storage. The Windows container in GitHub
# comes with the setting enabled, so we disable it here in order to ensure our tests
# are running in an environment where long path names are prevented.
run: |
(Get-ItemProperty "HKLM:System\CurrentControlSet\Control\FileSystem").LongPathsEnabled
Set-ItemProperty 'HKLM:\System\CurrentControlSet\Control\FileSystem' -Name 'LongPathsEnabled' -value 0
- name: Install ddtrace on Linux
if: needs.changes.outputs.backend == 'true' && matrix.os == 'ubuntu-22.04'
run: poetry run pip install -U 'ddtrace<2.0.0'
- name: Install ddtrace on Windows
if: needs.changes.outputs.backend == 'true' && matrix.os == 'windows-2019'
run: |
.\.venv\Scripts\activate
py -m pip install -U 'ddtrace<2.0.0'
- name: Test Code 🔍 (multi-process)
if: needs.changes.outputs.backend == 'true'
env:
JOBS: 2
PYTHONIOENCODING: "utf-8"
DD_ENV: ${{ matrix.test }}
DD_SERVICE: rasa
DD_ARGS: --ddtrace --ddtrace-patch-all
run: |
make ${{ matrix.test }}
if [[ "${{ matrix.os }}" != "windows-2019" ]]; then
mv .coverage ${{ github.workspace }}/${{ matrix.test }}-coverage
fi
shell: bash # bash shell is a way to make code run for both Linux and Windows
- name: Store coverage reports
if: needs.changes.outputs.backend == 'true' && matrix.os == 'ubuntu-22.04'
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce
with:
name: ${{ matrix.test }}-coverage
path: |
${{ github.workspace }}/${{ matrix.test }}-coverage
test-flaky:
name: Run Flaky Tests
if: github.ref_type != 'tag'
runs-on: ${{ matrix.os }}
timeout-minutes: 60
needs: [changes]
strategy:
fail-fast: false
matrix:
os: [ubuntu-22.04, windows-2019]
python-version: [3.8, 3.9, "3.10"]
steps:
- name: Run DataDog Agent
if: needs.changes.outputs.backend == 'true' && (matrix.os != 'windows-2019' || contains(github.event.pull_request.labels.*.name, 'tools:datadog-windows'))
run: |
docker run --name dd_agent -p 8126:8126 -d -e "DD_API_KEY=${{ secrets.DD_API_KEY }}" -e "DD_INSIDE_CI=true" -e "DD_HOSTNAME=none" -e "DD_SITE=datadoghq.eu" -e GITHUB_ACTIONS=true -e CI=true datadog/agent:latest
docker ps --all --filter name=dd_agent --filter status=running --no-trunc --format "{{.ID}} {{.Status}}"
docker port dd_agent
- name: Checkout git repository 🕝
if: needs.changes.outputs.backend == 'true'
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c
- name: Set up Python ${{ matrix.python-version }} 🐍
if: needs.changes.outputs.backend == 'true'
uses: actions/setup-python@57ded4d7d5e986d7296eab16560982c6dd7c923b
with:
python-version: ${{ matrix.python-version }}
- name: Read Poetry Version 🔢
if: needs.changes.outputs.backend == 'true'
run: |
echo "POETRY_VERSION=$(scripts/poetry-version.sh)" >> $GITHUB_ENV
shell: bash
- name: Install poetry 🦄
if: needs.changes.outputs.backend == 'true'
uses: Gr1N/setup-poetry@15821dc8a61bc630db542ae4baf6a7c19a994844 # v8
with:
poetry-version: ${{ env.POETRY_VERSION }}
- name: Inject setuptools into poetry's runtime environment
if: needs.changes.outputs.backend == 'true'
run: |
poetry self add setuptools
- name: Load Poetry Cached Libraries ⬇
id: cache-poetry
if: needs.changes.outputs.backend == 'true'
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8
with:
path: .venv
key: ${{ runner.os }}-poetry-${{ env.POETRY_VERSION }}-${{ matrix.python-version }}-${{ hashFiles('**/poetry.lock') }}-venv-${{ secrets.POETRY_CACHE_VERSION }}-${{ env.pythonLocation }}
- name: Clear Poetry cache
if: steps.cache-poetry.outputs.cache-hit == 'true' && needs.changes.outputs.backend == 'true' && contains(github.event.pull_request.labels.*.name, 'tools:clear-poetry-cache-unit-tests')
run: rm -r .venv
# Poetry >= 1.1.0b uses virtualenv to create a virtual environment.
# The virtualenv simply doesn't work on Windows with our setup,
# that's why we use venv to create virtual environment
- name: Create virtual environment
if: (steps.cache-poetry.outputs.cache-hit != 'true' || contains(github.event.pull_request.labels.*.name, 'tools:clear-poetry-cache-unit-tests')) && needs.changes.outputs.backend == 'true'
run: python -m venv create .venv
- name: Set up virtual environment
if: needs.changes.outputs.backend == 'true'
# Poetry on Windows cannot pick up the virtual environments directory properly,
# and it creates a new one every time the pipeline runs.
# This step solves this problem — it tells poetry to always use `.venv` directory inside
# the project itself, which also makes it easier for us to determine the correct directory
# that needs to be cached.
run: poetry config virtualenvs.in-project true
- name: Install Dependencies (Linux) 📦
if: needs.changes.outputs.backend == 'true' && matrix.os == 'ubuntu-22.04'
run: |
sudo apt-get -y install libpq-dev
make install-full | tee .output
if grep 'The lock file is not up to date' .output; then exit 1; fi
make prepare-tests-ubuntu
- name: Install Dependencies (Windows) 📦
if: needs.changes.outputs.backend == 'true' && matrix.os == 'windows-2019'
# Restoring cache doesn't work properly on Windows due to symlinks.
# We create symlinks for spacy models, that's why we need to clean them up
# before caching the dependencies' directory.
# More information: https://github.com/actions/cache/issues/120
run: |
$spacy_data_dir = ".venv\lib\site-packages\spacy\data"
if (Test-Path $spacy_data_dir) {
Get-ChildItem -Force -ErrorAction Stop $spacy_data_dir | Where-Object { if($_.Attributes -match "ReparsePoint"){$_.Delete()} }
Remove-Item -Force -Recurse $spacy_data_dir
New-Item -Path $spacy_data_dir -Type Directory
}
make install-full
make prepare-tests-windows-gha
- name: Add github workflow problem matchers
if: needs.changes.outputs.backend == 'true' && matrix.python-version == 3.7 && matrix.os == 'ubuntu-22.04'
# only annotate based on test runs on ubuntu: otherwise
# all errors will be duplicated for each python / os combination
# therefore, we only enable for the one where most tests are run
# (tests will still run in other envs, they will just not create annotations)
run: pip install pytest-github-actions-annotate-failures
- name: Disable "LongPathsEnabled" option on Windows
if: matrix.os == 'windows-2019'
# On Windows laptops, a default preset prevents path names from being longer than
# 260 characters. Some of our users can't enable this setting due to company policies.
# We implemented a fix for model storage. The Windows container in GitHub
# comes with the setting enabled, so we disable it here in order to ensure our tests
# are running in an environment where long path names are prevented.
run: |
(Get-ItemProperty "HKLM:System\CurrentControlSet\Control\FileSystem").LongPathsEnabled
Set-ItemProperty 'HKLM:\System\CurrentControlSet\Control\FileSystem' -Name 'LongPathsEnabled' -value 0
- name: Install ddtrace on Linux
if: needs.changes.outputs.backend == 'true' && matrix.os == 'ubuntu-22.04'
run: poetry run pip install -U 'ddtrace<2.0.0'
- name: Install ddtrace on Windows
if: needs.changes.outputs.backend == 'true' && matrix.os == 'windows-2019'
run: |
.\.venv\Scripts\activate
py -m pip install -U 'ddtrace<2.0.0'
- name: Test Code 🔍 (multi-process)
if: needs.changes.outputs.backend == 'true'
env:
JOBS: 2
PYTHONIOENCODING: "utf-8"
DD_ENV: test-flaky
DD_SERVICE: rasa
DD_ARGS: --ddtrace --ddtrace-patch-all
run: |
make test-flaky
if [[ "${{ matrix.os }}" != "windows-2019" ]]; then
mv .coverage ${{ github.workspace }}/test-flaky-coverage
fi
shell: bash # bash shell is a way to make code run for both Linux and Windows
- name: Store coverage reports
if: needs.changes.outputs.backend == 'true' && matrix.os == 'ubuntu-22.04'
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce
with:
name: ${{ matrix.test }}-coverage
path: |
${{ github.workspace }}/${{ matrix.test }}-coverage
prepare_coverage_reports_analyse_with_sonarcloud:
name: Prepare coverage reports and Analyse coverage with Sonarcloud
if: github.ref_type != 'tag'
runs-on: ubuntu-22.04
# Always upload results even if tests failed
needs:
- test
- changes
steps:
- name: Checkout git repository 🕝
if: needs.changes.outputs.backend == 'true'
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c
- name: Set up Python 3.10 🐍
uses: actions/setup-python@57ded4d7d5e986d7296eab16560982c6dd7c923b
with:
python-version: "3.10"
- name: Get backend coverage reports
if: needs.changes.outputs.backend == 'true'
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
with:
path: ${{ github.workspace }}/tests_coverage
- name: Merge all reports
if: needs.changes.outputs.backend == 'true'
run: |
subs=`ls ${{ github.workspace }}/tests_coverage`
download_dir="${{ github.workspace }}/tests_coverage"
final_dir="${{ github.workspace }}/tests_coverage/final"
# Downloaded artifacts go into folders, gotta extract them all into one folder for upload
mkdir "${final_dir}/"
for i in $subs; do
mv "${download_dir}/$i"/* "${final_dir}/"
done
pip install coverage
coverage combine "${final_dir}/"*
coverage xml
- name: Analyse code with SonarCloud
uses: sonarsource/sonarcloud-github-action@5875562561d22a34be0c657405578705a169af6c
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
with:
args: >
-Dsonar.organization=rasahq
-Dsonar.projectKey=RasaHQ_rasa
-Dsonar.sources=.
-Dsonar.python.coverage.reportPaths=${{ github.workspace }}/tests_coverage
-Dsonar.host.url=https://sonarcloud.io
-Dsonar.verbose=true
integration_test:
name: Run Non-Sequential Integration Tests
if: github.ref_type != 'tag'
runs-on: ubuntu-22.04
timeout-minutes: 60
needs: [changes]
env:
REDIS_HOST: localhost
REDIS_PORT: 6379
POSTGRES_HOST: localhost
POSTGRES_PORT: 5432
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
RABBITMQ_HOST: localhost
RABBITMQ_PORT: 5672
RABBITMQ_USER: guest
RABBITMQ_PASSWORD: guest
services:
redis:
image: redis:6
# Set health checks to wait until redis has started
options: >-
--health-cmd "redis-cli ping"
--health-interval 10s
--health-timeout 5s
--health-retries 5
ports:
# FIXME: cannot use ${{ env.REDIS_PORT }} here
# mapping container ports to the host
- 6379:6379
postgres:
image: postgres:13
# Set health checks to wait until postgres has started
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
env:
# postgres image requires password to be set
POSTGRES_PASSWORD: ${{ env.POSTGRES_PASSWORD }}
ports:
# FIXME: cannot use ${{ env.POSTGRES_PORT }} here
# mapping container ports to the host
- 5432:5432
rabbitmq:
# see https://github.com/docker-library/healthcheck/blob/master/rabbitmq/docker-healthcheck
image: healthcheck/rabbitmq
ports:
- 5672:5672
mongodb:
image: mongodb/mongodb-community-server:6.0.4-ubuntu2204
options: >-
--health-cmd "echo 'db.runCommand("ping").ok' | mongosh --quiet"
--health-interval 10s
--health-timeout 5s
--health-retries 5
ports:
- 27017:27017
steps:
- name: Checkout git repository 🕝
if: needs.changes.outputs.backend == 'true'
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c
- name: Set up Python ${{ env.DEFAULT_PYTHON_VERSION }} 🐍
if: needs.changes.outputs.backend == 'true'
uses: actions/setup-python@57ded4d7d5e986d7296eab16560982c6dd7c923b
with:
python-version: ${{ env.DEFAULT_PYTHON_VERSION }}
- name: Read Poetry Version 🔢
if: needs.changes.outputs.backend == 'true'
run: |
echo "POETRY_VERSION=$(scripts/poetry-version.sh)" >> $GITHUB_ENV
shell: bash
- name: Install poetry 🦄
if: needs.changes.outputs.backend == 'true'
uses: Gr1N/setup-poetry@15821dc8a61bc630db542ae4baf6a7c19a994844 # v8
with:
poetry-version: ${{ env.POETRY_VERSION }}
- name: Load Poetry Cached Libraries ⬇
id: cache-poetry
if: needs.changes.outputs.backend == 'true'
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8
with:
path: .venv
key: ${{ runner.os }}-poetry-${{ env.POETRY_VERSION }}-${{ env.DEFAULT_PYTHON_VERSION }}-${{ hashFiles('**/poetry.lock') }}-venv-${{ secrets.POETRY_CACHE_VERSION }}-${{ env.pythonLocation }}
- name: Clear Poetry cache
if: steps.cache-poetry.outputs.cache-hit == 'true' && needs.changes.outputs.backend == 'true' && contains(github.event.pull_request.labels.*.name, 'tools:clear-poetry-cache-unit-tests')
run: rm -r .venv
# Poetry >= 1.1.0b uses virtualenv to create a virtual environment.
# The virtualenv simply doesn't work on Windows with our setup,
# that's why we use venv to create virtual environment
- name: Create virtual environment
if: (steps.cache-poetry.outputs.cache-hit != 'true' || contains(github.event.pull_request.labels.*.name, 'tools:clear-poetry-cache-unit-tests')) && needs.changes.outputs.backend == 'true'
run: python -m venv create .venv
- name: Set up virtual environment
if: needs.changes.outputs.backend == 'true'
# Poetry on Windows cannot pick up the virtual environments directory properly,
# and it creates a new one every time the pipeline runs.
# This step solves this problem — it tells poetry to always use `.venv` directory inside
# the project itself, which also makes it easier for us to determine the correct directory
# that needs to be cached.
run: poetry config virtualenvs.in-project true
- name: Install Dependencies (Linux) 📦
if: needs.changes.outputs.backend == 'true'
run: |
sudo apt-get -y install libpq-dev
make install-full | tee .output
if grep 'The lock file is not up to date' .output; then exit 1; fi
make prepare-tests-ubuntu
- name: Run kafka and zookeeper containers for integration testing
if: needs.changes.outputs.backend == 'true'
run: |
docker-compose -f tests_deployment/docker-compose.kafka.yml up -d
- name: Test Code with Services 🩺
if: needs.changes.outputs.backend == 'true'
env:
JOBS: 2
INTEGRATION_TEST_PYTEST_MARKERS: '"not sequential"'
PYTHONIOENCODING: "utf-8"
run: |
make test-integration
sequential_integration_test:
name: Run Sequential Integration Tests
if: github.ref_type != 'tag'
runs-on: ubuntu-20.04
timeout-minutes: 60
needs: [changes]
env:
POSTGRES_HOST: localhost
POSTGRES_PORT: 5432
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
services:
postgres:
image: postgres:13
# Set health checks to wait until postgres has started
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
env:
# postgres image requires password to be set
POSTGRES_PASSWORD: ${{ env.POSTGRES_PASSWORD }}
ports:
# FIXME: cannot use ${{ env.POSTGRES_PORT }} here
# mapping container ports to the host
- 5432:5432
steps:
- name: Checkout git repository 🕝
if: needs.changes.outputs.backend == 'true'
uses: actions/checkout@v3
- name: Set up Python ${{ env.DEFAULT_PYTHON_VERSION }} 🐍
if: needs.changes.outputs.backend == 'true'
uses: actions/setup-python@57ded4d7d5e986d7296eab16560982c6dd7c923b
with:
python-version: ${{ env.DEFAULT_PYTHON_VERSION }}
- name: Read Poetry Version 🔢
if: needs.changes.outputs.backend == 'true'
run: |
echo "POETRY_VERSION=$(scripts/poetry-version.sh)" >> $GITHUB_ENV
shell: bash
- name: Install poetry 🦄
if: needs.changes.outputs.backend == 'true'
uses: Gr1N/setup-poetry@15821dc8a61bc630db542ae4baf6a7c19a994844 # v8
with:
poetry-version: ${{ env.POETRY_VERSION }}
- name: Load Poetry Cached Libraries ⬇
id: cache-poetry
if: needs.changes.outputs.backend == 'true'
uses: actions/cache@v3
with:
path: .venv
key: ${{ runner.os }}-poetry-${{ env.POETRY_VERSION }}-${{ env.DEFAULT_PYTHON_VERSION }}-${{ hashFiles('**/poetry.lock') }}-venv-${{ secrets.POETRY_CACHE_VERSION }}-${{ env.pythonLocation }}
- name: Clear Poetry cache
if: steps.cache-poetry.outputs.cache-hit == 'true' && needs.changes.outputs.backend == 'true' && contains(github.event.pull_request.labels.*.name, 'tools:clear-poetry-cache-unit-tests')
run: rm -r .venv
# Poetry >= 1.1.0b uses virtualenv to create a virtual environment.
# The virtualenv simply doesn't work on Windows with our setup,
# that's why we use venv to create virtual environment
- name: Create virtual environment
if: (steps.cache-poetry.outputs.cache-hit != 'true' || contains(github.event.pull_request.labels.*.name, 'tools:clear-poetry-cache-unit-tests')) && needs.changes.outputs.backend == 'true'
run: python -m venv create .venv
- name: Set up virtual environment
if: needs.changes.outputs.backend == 'true'
# Poetry on Windows cannot pick up the virtual environments directory properly,
# and it creates a new one every time the pipeline runs.
# This step solves this problem — it tells poetry to always use `.venv` directory inside
# the project itself, which also makes it easier for us to determine the correct directory
# that needs to be cached.
run: poetry config virtualenvs.in-project true
- name: Install Dependencies (Linux) 📦
if: needs.changes.outputs.backend == 'true'
run: |
sudo apt-get -y install libpq-dev
make install-full | tee .output
if grep 'The lock file is not up to date' .output; then exit 1; fi
make prepare-tests-ubuntu
# these integration tests need to be ran in a sequential fashion,
# due to environment constraints, so we're running them in a single process.
- name: Test Code with Services 🩺 (sequential)
if: needs.changes.outputs.backend == 'true'
env:
JOBS: 1
INTEGRATION_TEST_PYTEST_MARKERS: "sequential"
PYTHONIOENCODING: "utf-8"
run: |
make test-integration
- name: Stop kafka and zookeeper containers for integration testing
if: needs.changes.outputs.backend == 'true'
run: |
docker-compose -f tests_deployment/docker-compose.kafka.yml down
build_docker_base_images_and_set_env:
name: Build Docker base images and setup environment
runs-on: ubuntu-22.04
outputs:
base_image_hash: ${{ steps.check_image.outputs.base_image_hash }}
base_mitie_image_hash: ${{ steps.check_image.outputs.base_mitie_image_hash }}
base_builder_image_hash: ${{ steps.check_image.outputs.base_builder_image_hash }}
# Tag name used for images created during Docker image builds, e.g. 3886 - a PR number
image_tag: ${{ steps.set_output.outputs.image_tag }}
# Return 'true' if tag version is equal or higher than the latest tagged Rasa version
is_newest_version: ${{ steps.rasa_get_version.outputs.is_newest_version }}
steps:
# Due to an issue with checking out a wrong commit, we make sure
# to checkout HEAD commit for a pull request.
# More details: https://github.com/actions/checkout/issues/299
- name: Checkout pull request HEAD commit instead of merge commit 🕝
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c
if: github.event_name == 'pull_request'
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Checkout git repository 🕝
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c
if: github.event_name != 'pull_request'
- name: Set up QEMU
uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2.2.0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@885d1462b80bc1c1c7f0b00334ad271f09369c55 # v2.7.0
- name: Read Poetry Version 🔢
run: |
echo "POETRY_VERSION=$(scripts/poetry-version.sh)" >> $GITHUB_ENV
shell: bash
- name: Login to DockerHub Registry 🔢
run: echo ${{ secrets.DOCKERHUB_PASSWORD }} | docker login -u ${{ env.DOCKERHUB_USERNAME }} --password-stdin || true
- name: Check if tag version is equal or higher than the latest tagged Rasa version
id: rasa_get_version
if: env.IS_TAG_BUILD == 'true'
run: |
# Get latest tagged Rasa version
git fetch --depth=1 origin "+refs/tags/*:refs/tags/*"
# Fetch branch history
git fetch --prune --unshallow
LATEST_TAGGED_NON_ALPHA_RASA_VERSION=$(git tag | sort -r -V | grep -E "^[0-9.]+$" | head -n1)
CURRENT_TAG=${GITHUB_REF#refs/tags/}
# Return 'true' if tag version is equal or higher than the latest tagged Rasa version
IS_NEWEST_VERSION=$((printf '%s\n%s\n' "${LATEST_TAGGED_NON_ALPHA_RASA_VERSION}" "$CURRENT_TAG" \
| sort -V -C && echo true || echo false) || true)
# Avoid that the script gets released for alphas or release candidates
if [[ "${IS_NEWEST_VERSION}" == "true" && "$CURRENT_TAG" =~ ^[0-9.]+$ ]]; then
echo "is_newest_version=true" >> $GITHUB_OUTPUT
else
echo "is_newest_version=false" >> $GITHUB_OUTPUT
fi
- name: Check if a base image exists
id: check_image
env:
DOCKER_CLI_EXPERIMENTAL: enabled
run: |
# Base image
BASE_IMAGE_HASH=${{ hashFiles('docker/Dockerfile.base') }}
echo "base_image_hash=${BASE_IMAGE_HASH}" >> $GITHUB_OUTPUT
BASE_IMAGE_EXISTS=$((docker manifest inspect rasa/rasa:base-${BASE_IMAGE_HASH} &> /dev/null && echo true || echo false) || true)
echo "base_exists=${BASE_IMAGE_EXISTS}" >> $GITHUB_OUTPUT
# Base MITIE image
BASE_MITIE_IMAGE_HASH=${{ hashFiles('docker/Dockerfile.base-mitie') }}
MAKEFILE_MITIE_HASH=${{ hashFiles('Makefile') }}
echo "base_mitie_image_hash=${BASE_MITIE_IMAGE_HASH:0:50}-${MAKEFILE_MITIE_HASH:0:50}" >> $GITHUB_OUTPUT
BASE_IMAGE_MITIE_EXISTS=$((docker manifest inspect rasa/rasa:base-mitie-${BASE_MITIE_IMAGE_HASH:0:50}-${MAKEFILE_MITIE_HASH:0:50} &> /dev/null && echo true || echo false) || true)
echo "base_mitie_exists=${BASE_IMAGE_MITIE_EXISTS}" >> $GITHUB_OUTPUT
# Base poetry image
BASE_IMAGE_POETRY_EXISTS=$((docker manifest inspect rasa/rasa:base-poetry-${{ env.POETRY_VERSION }} &> /dev/null && echo true || echo false) || true)
echo "base_poetry_exists=${BASE_IMAGE_POETRY_EXISTS}" >> $GITHUB_OUTPUT
# Base builder image
BASE_IMAGE_BUILDER_HASH=${{ hashFiles('docker/Dockerfile.base-builder') }}-poetry-${{ env.POETRY_VERSION }}
echo "base_builder_image_hash=${BASE_IMAGE_BUILDER_HASH}" >> $GITHUB_OUTPUT
BASE_IMAGE_BUILDER_EXISTS=$((docker manifest inspect rasa/rasa:base-builder-${BASE_IMAGE_BUILDER_HASH} &> /dev/null && echo true || echo false) || true)
echo "base_builder_exists=${BASE_IMAGE_BUILDER_EXISTS}" >> $GITHUB_OUTPUT
- name: Build Docker base image 🛠
if: steps.check_image.outputs.base_exists == 'false' || env.IS_TAG_BUILD == 'true'
run: |
export IMAGE_TAG=${{ steps.check_image.outputs.base_image_hash }}
docker buildx bake --set *.platform=linux/amd64,linux/arm64 -f docker/docker-bake.hcl base
- name: Push Docker base image if it's not building from a fork ⬆
if: (steps.check_image.outputs.base_exists == 'false' || env.IS_TAG_BUILD == 'true') && github.event.pull_request.head.repo.owner.login == 'RasaHQ'
run: |
export IMAGE_TAG=${{ steps.check_image.outputs.base_image_hash }}
docker buildx bake --set *.platform=linux/amd64,linux/arm64 -f docker/docker-bake.hcl base --push
- name: Build Docker mitie base image 🛠
if: steps.check_image.outputs.base_mitie_exists == 'false' || steps.check_image.outputs.base_exists == 'false'
run: |
export IMAGE_TAG=${{ steps.check_image.outputs.base_mitie_image_hash }}
docker buildx bake --set *.platform=linux/amd64,linux/arm64 -f docker/docker-bake.hcl base-mitie
- name: Push Docker mitie base image if it's not building from a fork ⬆
if: (steps.check_image.outputs.base_mitie_exists == 'false' || steps.check_image.outputs.base_exists == 'false') && github.event.pull_request.head.repo.owner.login == 'RasaHQ'
run: |
export IMAGE_TAG=${{ steps.check_image.outputs.base_mitie_image_hash }}
docker buildx bake --set *.platform=linux/amd64,linux/arm64 -f docker/docker-bake.hcl base-mitie --push
- name: Build Docker poetry base image 🛠
if: steps.check_image.outputs.base_poetry_exists == 'false' || steps.check_image.outputs.base_exists == 'false'
run: |
export IMAGE_TAG=${{ env.POETRY_VERSION }}
export BASE_IMAGE_HASH=${{ steps.check_image.outputs.base_image_hash }}
docker buildx bake --set *.platform=linux/amd64,linux/arm64 -f docker/docker-bake.hcl base-poetry
- name: Push Docker poetry base image if it's not building from a fork ⬆
if: (steps.check_image.outputs.base_poetry_exists == 'false' || steps.check_image.outputs.base_exists == 'false') && github.event.pull_request.head.repo.owner.login == 'RasaHQ'
run: |
export IMAGE_TAG=${{ env.POETRY_VERSION }}
export BASE_IMAGE_HASH=${{ steps.check_image.outputs.base_image_hash }}
docker buildx bake --set *.platform=linux/amd64,linux/arm64 -f docker/docker-bake.hcl base-poetry --push
- name: Build Docker builder base image 🛠
if: steps.check_image.outputs.base_builder_exists == 'false' || steps.check_image.outputs.base_exists == 'false'
run: |
export IMAGE_TAG=${{ steps.check_image.outputs.base_builder_image_hash }}
docker buildx bake --set *.platform=linux/amd64,linux/arm64 -f docker/docker-bake.hcl base-builder
- name: Push Docker builder base image if it's not building from a fork ⬆
if: (steps.check_image.outputs.base_builder_exists == 'false' || steps.check_image.outputs.base_exists == 'false') && github.event.pull_request.head.repo.owner.login == 'RasaHQ'
run: |
export IMAGE_TAG=${{ steps.check_image.outputs.base_builder_image_hash }}
docker buildx bake --set *.platform=linux/amd64,linux/arm64 -f docker/docker-bake.hcl base-builder --push
# Set environment variables for a pull request
#
# In this scenario, we've created a PR #1234
#
# Example output:
# IMAGE_TAG=1234
- name: Set environment variables - pull_request
if: github.event_name == 'pull_request' && env.IS_TAG_BUILD == 'false'
run: |
echo "IMAGE_TAG=${{ github.event.number }}" >> $GITHUB_ENV
# Set environment variables for a tag
#
# In this scenario, we've pushed the '2.0.6' tag
#
# Example output:
# TAG_NAME=2.0.6
# IMAGE_TAG=2.0.6
- name: Set environment variables - push - tag
if: github.event_name == 'push' && env.IS_TAG_BUILD == 'true'
run: |
TAG_NAME=${GITHUB_REF#refs/tags/}
echo "IMAGE_TAG=${TAG_NAME}" >> $GITHUB_ENV
# Set environment variables for a branch
#
# In this scenario, we've pushed changes into the main branch
#
# Example output:
# IMAGE_TAG=main
- name: Set environment variables - push - branch
if: github.event_name == 'push' && env.IS_TAG_BUILD == 'false'
run: |
BRANCH_NAME=${GITHUB_REF#refs/heads/}
SAFE_BRANCH_NAME="$(echo ${GITHUB_REF#refs/heads/} | sed 's/[\\*+.$\#\-\/]/-/g')"
echo "IMAGE_TAG=${SAFE_BRANCH_NAME}" >> $GITHUB_ENV
- name: Set output
id: set_output
run: |
echo "image_tag=${{ env.IMAGE_TAG }}" >> $GITHUB_OUTPUT
docker:
name: Build Docker
runs-on: ubuntu-22.04
needs: [changes, build_docker_base_images_and_set_env]
env:
IMAGE_TAG: ${{ needs.build_docker_base_images_and_set_env.outputs.image_tag }}
BASE_IMAGE_HASH: ${{ needs.build_docker_base_images_and_set_env.outputs.base_image_hash }}
BASE_MITIE_IMAGE_HASH: ${{ needs.build_docker_base_images_and_set_env.outputs.base_mitie_image_hash }}
BASE_BUILDER_IMAGE_HASH: ${{ needs.build_docker_base_images_and_set_env.outputs.base_builder_image_hash }}
strategy:
matrix:
image: [default, full, mitie-en, spacy-de, spacy-it, spacy-en]
steps:
# Due to an issue with checking out a wrong commit, we make sure
# to checkout HEAD commit for a pull request.
# More details: https://github.com/actions/checkout/issues/299
- name: Checkout pull request HEAD commit instead of merge commit 🕝
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c
if: github.event_name == 'pull_request'
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Checkout git repository 🕝
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c
if: github.event_name != 'pull_request'
- name: Set up QEMU
uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2.2.0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@885d1462b80bc1c1c7f0b00334ad271f09369c55 # v2.7.0
- name: Free disk space
if: needs.changes.outputs.docker == 'true'
# tries to make sure we do not run out of disk space, see
# https://github.community/t5/GitHub-Actions/BUG-Strange-quot-No-space-left-on-device-quot-IOExceptions-on/td-p/46101
run: |
sudo swapoff -a
sudo rm -f /swapfile
sudo rm -rf "$AGENT_TOOLSDIRECTORY"
sudo apt clean
docker image prune -a -f
docker volume prune -f
docker container prune -f
df -h
- name: Read Poetry Version 🔢
run: |
echo "POETRY_VERSION=$(scripts/poetry-version.sh)" >> $GITHUB_ENV
shell: bash
- name: Echo Available platforms
run: echo ${{ steps.buildx.outputs.platforms }}
- name: Login to DockerHub Registry 🔢
if: needs.changes.outputs.docker == 'true'
run: echo ${{ secrets.DOCKERHUB_PASSWORD }} | docker login -u ${{ env.DOCKERHUB_USERNAME }} --password-stdin || true
- name: Copy Segment write key to the package
if: needs.changes.outputs.docker == 'true' && github.event_name == 'push' && startsWith(github.ref, 'refs/tags') && github.repository == 'RasaHQ/rasa'
env:
RASA_TELEMETRY_WRITE_KEY: ${{ secrets.RASA_OSS_TELEMETRY_WRITE_KEY }}
RASA_EXCEPTION_WRITE_KEY: ${{ secrets.RASA_OSS_EXCEPTION_WRITE_KEY }}
run: |
./scripts/write_keys_file.sh
- name: Build Docker image
if: needs.changes.outputs.docker == 'true'
run: |
docker buildx bake --set *.platform=linux/amd64,linux/arm64 -f docker/docker-bake.hcl ${{ matrix.image }}
- name: Check how much space is left after Docker build
run: df -h
- name: Push image with main tag 📦
if: needs.changes.outputs.docker == 'true' && github.event_name == 'push' && github.ref == 'refs/heads/main' && github.repository == 'RasaHQ/rasa'
run: |
docker buildx bake --set *.platform=linux/amd64,linux/arm64 -f docker/docker-bake.hcl ${{ matrix.image }} --push
- name: Push image with ${{github.ref}} tag 📦
if: needs.changes.outputs.docker == 'true' && github.event_name == 'push' && env.IS_TAG_BUILD == 'true' && github.repository == 'RasaHQ/rasa'
run: |
IS_NEWEST_VERSION=${{ needs.build_docker_base_images_and_set_env.outputs.is_newest_version }}
docker buildx bake --set *.platform=linux/amd64,linux/arm64 -f docker/docker-bake.hcl ${{ matrix.image }} --push
# Tag the image as latest
if [[ "${IS_NEWEST_VERSION}" == "true" ]]; then
if [[ "${{ matrix.image }}" == "default" ]]; then
RELEASE_TAG="${IMAGE_TAG}"
else
RELEASE_TAG="${IMAGE_TAG}-${{ matrix.image }}"
fi
LATEST_TAG=$(echo $RELEASE_TAG | sed 's/'$IMAGE_TAG'/latest/g')
# This will not build the image from ground up, but will only tag the existing image with LATEST_TAG
IMAGE_TAG=${LATEST_TAG} docker buildx bake --set *.platform=linux/amd64,linux/arm64 -f docker/docker-bake.hcl ${{ matrix.image }}
# Push tagged image
IMAGE_TAG=${LATEST_TAG} docker buildx bake --set *.platform=linux/amd64,linux/arm64 -f docker/docker-bake.hcl ${{ matrix.image }} --push
fi
deploy:
name: Deploy to PyPI
runs-on: ubuntu-22.04
# deploy will only be run when there is a tag available
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags') && github.repository == 'RasaHQ/rasa'
needs: [docker] # only run after the docker build stage succeeds
steps:
- name: Checkout git repository 🕝
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c
- name: Set up Python 3.9 🐍
uses: actions/setup-python@57ded4d7d5e986d7296eab16560982c6dd7c923b
with:
python-version: 3.9
- name: Read Poetry Version 🔢
run: |
echo "POETRY_VERSION=$(scripts/poetry-version.sh)" >> $GITHUB_ENV
shell: bash
- name: Install poetry 🦄
uses: Gr1N/setup-poetry@15821dc8a61bc630db542ae4baf6a7c19a994844 # v8
with:
poetry-version: ${{ env.POETRY_VERSION }}
- name: Copy Segment write key to the package
env:
RASA_TELEMETRY_WRITE_KEY: ${{ secrets.RASA_OSS_TELEMETRY_WRITE_KEY }}
RASA_EXCEPTION_WRITE_KEY: ${{ secrets.RASA_OSS_EXCEPTION_WRITE_KEY }}
run: |
./scripts/write_keys_file.sh
- name: Build ⚒️ Distributions
run: poetry build
- name: Publish to PyPI 📦
uses: pypa/gh-action-pypi-publish@c7f29f7adef1a245bd91520e94867e5c6eedddcc
with:
user: __token__
password: ${{ secrets.PYPI_TOKEN }}
- name: Notify Sentry about the release
env:
GITHUB_TAG: ${{ github.ref }}
SENTRY_ORG: rasahq
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
run: |
curl -sL https://sentry.io/get-cli/ | bash
GITHUB_TAG=${GITHUB_TAG/refs\/tags\//}
sentry-cli releases new -p rasa-open-source "rasa-$GITHUB_TAG"
sentry-cli releases set-commits --auto "rasa-$GITHUB_TAG"
sentry-cli releases finalize "rasa-$GITHUB_TAG"
- name: Notify Slack & Publish Release Notes 🗞
env:
GH_RELEASE_NOTES_TOKEN: ${{ secrets.GH_RELEASE_NOTES_TOKEN }}
SLACK_WEBHOOK_TOKEN: ${{ secrets.SLACK_WEBHOOK_TOKEN }}
GITHUB_TAG: ${{ github.ref }}
GITHUB_REPO_SLUG: ${{ github.repository }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
GITHUB_TAG=${GITHUB_TAG/refs\/tags\//}
pip install -U github3.py pep440-version-utils
python3 scripts/publish_gh_release_notes.py
./scripts/ping_slack_about_package_release.sh
send_slack_notification_for_release_on_failure:
name: Notify Slack & Publish Release Notes
runs-on: ubuntu-22.04
# run this job when the workflow is triggered by a tag push
if: always() && github.repository == 'RasaHQ/rasa' && github.ref_type == 'tag'
needs:
- deploy
steps:
- name: Notify Slack of failure ⛔️
# send notification if 'deploy' is skipped (previous needed job failed) or failed
if: needs.deploy.result != 'success'
env:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_TOKEN }}
uses: Ilshidur/action-slack@689ad44a9c9092315abd286d0e3a9a74d31ab78a
with:
args: "⛔️ *Rasa Open Source* version `${{ github.ref_name }}` could not be released 😱! Please check out GitHub Actions: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"