Use micromamba/v2 as default build template for conda packages #9511
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Wave CI | |
| on: | |
| push: | |
| branches: | |
| - '**' | |
| - '!refs/tags/.*' | |
| tags-ignore: | |
| - '**' | |
| paths-ignore: | |
| - 'docs/**' | |
| - mkdocs.yml | |
| - '*.md' | |
| - .github/workflows/website_preview.yml | |
| - .github/workflows/website_deploy.yml | |
| pull_request: | |
| types: [opened, reopened, synchronize] | |
| paths-ignore: | |
| - 'docs/**' | |
| - mkdocs.yml | |
| - '*.md' | |
| - .github/workflows/website_preview.yml | |
| - .github/workflows/website_deploy.yml | |
| jobs: | |
| build: | |
| name: Build Wave | |
| if: "github.event == 'push' || github.repository != github.event.pull_request.head.repo.full_name" | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 15 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| java_version: [21] | |
| permissions: | |
| contents: write | |
| id-token: write | |
| steps: | |
| - name: Environment | |
| run: env | sort | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # ratchet:actions/checkout@v6.0.2 | |
| with: | |
| fetch-depth: 1 | |
| submodules: true | |
| - name: Detect release commit | |
| id: detect-release | |
| env: | |
| COMMIT_MSG: ${{ github.event.head_commit.message }} | |
| run: | | |
| # Only direct pushes whose first line tags `[release]` should publish. | |
| # Squash merges append "(#NNN)" and merge commits start with "Merge pull request #NNN" — | |
| # both must be excluded so a PR body mentioning [release] does not trigger a release. | |
| first_line=$(printf '%s\n' "$COMMIT_MSG" | head -n1) | |
| if [[ "$first_line" == *"[release]"* ]] \ | |
| && [[ ! "$first_line" =~ \(#[0-9]+\)$ ]] \ | |
| && [[ ! "$first_line" =~ ^Merge\ pull\ request\ #[0-9]+ ]]; then | |
| echo "Detected release commit — release steps will run" | |
| echo "is_release=true" >> "$GITHUB_OUTPUT" | |
| else | |
| echo "Not a release commit — release steps will be skipped" | |
| echo "is_release=false" >> "$GITHUB_OUTPUT" | |
| fi | |
| - name: Setup Java ${{ matrix.java_version }} | |
| uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # ratchet:actions/setup-java@v5.2.0 | |
| with: | |
| java-version: ${{matrix.java_version}} | |
| distribution: 'temurin' | |
| architecture: x64 | |
| cache: gradle | |
| - name: Compile | |
| run: make compile | |
| env: | |
| GRADLE_OPTS: '-Dorg.gradle.daemon=false' | |
| - name: Tests | |
| if: "!contains(github.event.head_commit.message, '[skip test]')" | |
| run: | | |
| make check | |
| env: | |
| GRADLE_OPTS: '-Dorg.gradle.daemon=false' | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| AWS_ACCESS_KEY_ID: ${{secrets.TOWER_CI_AWS_ACCESS}} | |
| AWS_SECRET_ACCESS_KEY: ${{secrets.TOWER_CI_AWS_SECRET}} | |
| DOCKER_USER: ${{ secrets.DOCKER_USER }} | |
| DOCKER_PAT: ${{ secrets.DOCKER_PAT }} | |
| QUAY_USER: "pditommaso+wave_ci_tests" | |
| QUAY_PAT: ${{ secrets.QUAY_PAT }} | |
| AZURECR_USER: ${{ secrets.AZURECR_USER }} | |
| AZURECR_PAT: ${{ secrets.AZURECR_PAT }} | |
| GOOGLECR_KEYS: ${{ secrets.GOOGLECR_KEYS }} | |
| - name: Cleanup build workspace | |
| if: always() | |
| run: | | |
| sudo rm -rf /home/runner/work/wave/wave/build-workspace | |
| - name: Login to legacy ECR | |
| if: "steps.detect-release.outputs.is_release == 'true'" | |
| uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # ratchet:docker/login-action@v4.2.0 | |
| with: | |
| registry: 195996028523.dkr.ecr.eu-west-1.amazonaws.com | |
| username: ${{ secrets.TOWER_CI_AWS_ACCESS }} | |
| password: ${{ secrets.TOWER_CI_AWS_SECRET }} | |
| env: | |
| AWS_REGION: eu-west-1 | |
| - name: Configure AWS credentials for platform pusher | |
| if: "steps.detect-release.outputs.is_release == 'true'" | |
| uses: aws-actions/configure-aws-credentials@acca2b1b2070338fb9fd1ca27ecee81d687e58e5 # ratchet:aws-actions/configure-aws-credentials@v6.1.2 | |
| with: | |
| aws-region: eu-west-2 | |
| role-to-assume: arn:aws:iam::232933512461:role/wave-ecr-pusher | |
| role-session-name: GitHubActions-${{ github.run_id }} | |
| - name: Login to enterprise Amazon ECR | |
| if: "steps.detect-release.outputs.is_release == 'true'" | |
| uses: aws-actions/amazon-ecr-login@fa648b43de3d4d023bcb3f89ed6940096949c419 # ratchet:aws-actions/amazon-ecr-login@v2.1.5 | |
| - name: Release | |
| id: release | |
| if: "steps.detect-release.outputs.is_release == 'true'" | |
| run: | | |
| set -e | |
| set -x | |
| # Drop the session token injected by configure-aws-credentials so publish.sh / gradle | |
| # sign maven S3 uploads with the static TOWER_CI keys only (mixing static keys with a | |
| # session token from a different role produces SignatureDoesNotMatch). | |
| unset AWS_SESSION_TOKEN | |
| bash publish.sh wave-api | |
| bash publish.sh wave-utils | |
| TAG=v$(cat VERSION) | |
| # Tag repo | |
| REMOTE=https://oauth:$GITHUB_TOKEN@github.com/${GITHUB_REPOSITORY}.git | |
| git tag $TAG | |
| git push $REMOTE $TAG | |
| # Build container image locally with a generic name | |
| ./gradlew -PjibRepo=wave/server:$TAG jibDockerBuild | |
| # Push nf-tower-enterprise/wave to legacy ECR | |
| LEGACY_ECR=195996028523.dkr.ecr.eu-west-1.amazonaws.com | |
| docker tag wave/server:$TAG $LEGACY_ECR/nf-tower-enterprise/wave:$TAG | |
| docker push $LEGACY_ECR/nf-tower-enterprise/wave:$TAG | |
| # Push to enterprise ECR (new central registry) | |
| ENTERPRISE_ECR=232933512461.dkr.ecr.eu-west-2.amazonaws.com | |
| docker tag wave/server:$TAG $ENTERPRISE_ECR/wave/server:$TAG | |
| docker push $ENTERPRISE_ECR/wave/server:$TAG | |
| # Create GitHub release (draft for alpha/beta/RC tags) | |
| grep -Ei '.*-(A[0-9]+|B[0-9]+|RC[0-9]+)$' VERSION &>/dev/null && DRAFT='--draft' || DRAFT='' | |
| gh release create $TAG --generate-notes $DRAFT | |
| echo "version=$TAG" >> $GITHUB_OUTPUT | |
| env: | |
| GRADLE_OPTS: '-Dorg.gradle.daemon=false' | |
| AWS_ACCESS_KEY_ID: ${{secrets.TOWER_CI_AWS_ACCESS}} | |
| AWS_SECRET_ACCESS_KEY: ${{secrets.TOWER_CI_AWS_SECRET}} | |
| AWS_JAVA_V1_DISABLE_DEPRECATION_ANNOUNCEMENT: true | |
| AWS_DEFAULT_REGION: 'eu-west-1' | |
| PUBLISH_REPO_URL: "s3://maven.seqera.io/releases" | |
| DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} | |
| DOCKER_PAT: ${{ secrets.DOCKER_PAT }} | |
| QUAY_PAT: ${{ secrets.QUAY_PAT }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Publish tests report | |
| if: failure() | |
| uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # ratchet:actions/upload-artifact@v7.0.1 | |
| with: | |
| name: test-reports-jdk-${{ matrix.java_version }} | |
| path: | | |
| **/build/reports/tests/test | |
| - name: Publish code coverage report | |
| if: success() | |
| uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # ratchet:actions/upload-artifact@v7.0.1 | |
| with: | |
| name: code-coverage-reports-jdk-${{ matrix.java_version }} | |
| path: | | |
| **/build/reports/jacoco/test |