python-discord
diff --git a/‎.github/workflows/build.yaml‎
Lines changed: 15 additions & 32 deletions b/‎.github/workflows/build.yaml‎
Lines changed: 15 additions & 32 deletions
diff --git a/‎.github/workflows/lint-test.yaml‎
Lines changed: 6 additions & 13 deletions b/‎.github/workflows/lint-test.yaml‎
Lines changed: 6 additions & 13 deletions
diff --git a/‎.github/workflows/main.yaml‎
Lines changed: 38 additions & 0 deletions b/‎.github/workflows/main.yaml‎
Lines changed: 38 additions & 0 deletions
diff --git a/‎.pre-commit-config.yaml‎
Lines changed: 36 additions & 2 deletions b/‎.pre-commit-config.yaml‎
Lines changed: 36 additions & 2 deletions
diff --git a/‎Dockerfile‎
Lines changed: 16 additions & 47 deletions b/‎Dockerfile‎
Lines changed: 16 additions & 47 deletions
@@ -1,44 +1,32 @@
 name: Build
 
 on:
-  workflow_run:
-    workflows: ["Lint & Test"]
-    branches:
-      - main
-    types:
-      - completed
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
+  workflow_call:
+    inputs:
+      sha-tag:
+        description: "A short-form SHA tag for the commit that triggered this flow"
+        required: true
+        type: string
 
 jobs:
   build:
-    if: github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.event == 'push'
     name: Build & Push
     runs-on: ubuntu-latest
 
     steps:
-      # Create a commit SHA-based tag for the container repositories
-      - name: Create SHA Container Tag
-        id: sha_tag
-        run: |
-          tag=$(cut -c 1-7 <<< $GITHUB_SHA)
-          echo "::set-output name=tag::$tag"
       - name: Checkout code
         uses: actions/checkout@v3
-
       # The current version (v2) of Docker's build-push action uses
       # buildx, which comes with BuildKit features that help us speed
       # up our builds using additional cache features. Buildx also
       # has a lot of other features that are not as relevant to us.
       #
       # See https://github.com/docker/build-push-action
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
 
       - name: Login to Github Container Registry
-        uses: docker/login-action@v1
+        uses: docker/login-action@v2
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
@@ -48,7 +36,7 @@ jobs:
       # Repository. The container will be tagged as "latest"
       # and with the short SHA of the commit.
       - name: Build and push
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v3
         with:
           context: .
           file: ./Dockerfile
@@ -57,7 +45,7 @@ jobs:
           cache-to: type=inline
           tags: |
             ghcr.io/python-discord/code-jam-management:latest
-            ghcr.io/python-discord/code-jam-management:${{ steps.sha_tag.outputs.tag }}
+            ghcr.io/python-discord/code-jam-management:${{ inputs.sha-tag }}
           build-args: |
             git_sha=${{ github.sha }}
 
@@ -67,12 +55,6 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      # Create a commit SHA-based tag for the container repositories
-      - name: Create SHA Container Tag
-        id: sha_tag
-        run: |
-          tag=$(cut -c 1-7 <<< $GITHUB_SHA)
-          echo "::set-output name=tag::$tag"
 
       # Check out the private "kubernetes" repository in the `kubernetes`
       # subdirectory using a GitHub Personal Access Token
@@ -82,16 +64,17 @@ jobs:
           repository: python-discord/kubernetes
           path: kubernetes
 
+      - uses: azure/setup-kubectl@v3
+
       - name: Authenticate with Kubernetes
-        uses: azure/k8s-set-context@v1
+        uses: azure/k8s-set-context@v3
         with:
           method: kubeconfig
           kubeconfig: ${{ secrets.KUBECONFIG }}
 
       - name: Deploy to Kubernetes
-        uses: Azure/k8s-deploy@v1
+        uses: Azure/k8s-deploy@v4
         with:
           manifests: |
             kubernetes/namespaces/default/code-jam-management/deployment.yaml
-          images: 'ghcr.io/python-discord/code-jam-management:${{ steps.sha_tag.outputs.tag }}'
-          kubectl-version: 'latest'
+          images: 'ghcr.io/python-discord/code-jam-management:${{ inputs.sha-tag }}'
@@ -1,14 +1,8 @@
 name: Lint & Test
 
 on:
-  push:
-    branches:
-      - main
-  pull_request:
+  workflow_call
 
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
 
 jobs:
   lint:
@@ -35,17 +29,15 @@ jobs:
         uses: actions/checkout@v3
 
       - name: Install Python Dependencies
-        uses: HassanAbouelela/actions/setup-python@setup-python_v1.3.2
+        uses: HassanAbouelela/actions/setup-python@setup-python_v1.4.0
         with:
-          # Set dev=true to install flake8 extensions, which are dev dependencies
-          dev: true
-          python_version: '3.9'
+          python_version: "3.11"
 
       # We will not run `flake8` here, as we will use a separate flake8
       # action. As pre-commit does not support user installs, we set
       # PIP_USER=0 to not do a user install.
       - name: Run pre-commit hooks
-        run: export PIP_USER=0; SKIP=flake8 pre-commit run --all-files
+        run: SKIP=flake8 pre-commit run --all-files
 
       # Run flake8 and have it format the linting errors in the format of
       # the GitHub Workflow command to register error annotations. This
@@ -58,6 +50,7 @@ jobs:
       - name: Run flake8
         run: "flake8 \
         --format='::error file=%(path)s,line=%(row)d,col=%(col)d::[flake8] %(code)s: %(text)s'"
+
       # We run `coverage` using the `python` command so we can suppress
       # irrelevant warnings in our CI output.
       - name: Run tests and generate coverage report
@@ -73,7 +66,7 @@ jobs:
       # print a "job" link in the output of the GitHub Action
       - name: Publish coverage report to coveralls.io
         env:
-            GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ github.token }}
         run: coveralls --service=github
 
       # Prepare the Pull Request Payload artifact. If this fails, we
 
@@ -0,0 +1,38 @@
+name: CI
+
+on:
+  pull_request:
+  push:
+    branches: main
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+
+  lint-test:
+    uses: ./.github/workflows/lint-test.yaml
+    secrets: inherit
+
+  generate-inputs:
+    if: github.ref == 'refs/heads/main'
+    runs-on: ubuntu-latest
+    outputs:
+      sha-tag: ${{ steps.sha-tag.outputs.sha-tag }}
+    steps:
+      - name: Create SHA Container Tag
+        id: sha-tag
+        run: |
+          tag=$(cut -c 1-7 <<< $GITHUB_SHA)
+          echo "sha-tag=$tag" >> $GITHUB_OUTPUT
+
+  build-deploy:
+    if: github.ref == 'refs/heads/main'
+    uses: ./.github/workflows/build.yaml
+    needs:
+      - lint-test
+      - generate-inputs
+    with:
+      sha-tag: ${{ needs.generate-inputs.outputs.sha-tag }}
+    secrets: inherit
@@ -1,17 +1,33 @@
 repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v2.5.0
+    rev: v4.3.0
     hooks:
       - id: check-merge-conflict
       - id: check-toml
       - id: check-yaml
+        args: [--unsafe]  # Needed for << lines in docker-compose.yml
       - id: end-of-file-fixer
       - id: trailing-whitespace
         args: [--markdown-linebreak-ext=md]
+
   - repo: https://github.com/pre-commit/pygrep-hooks
-    rev: v1.5.1
+    rev: v1.9.0
     hooks:
       - id: python-check-blanket-noqa
+
+  - repo: https://github.com/pycqa/isort
+    rev: 5.10.1
+    hooks:
+      - id: isort
+        name: isort (python)
+
+  - repo: https://github.com/python-poetry/poetry
+    rev: '1.2.2'
+    hooks:
+      - id: poetry-check
+      - id: poetry-export
+        args: ["-f", "requirements.txt", "-o", "main-requirements.txt"]
+
   - repo: local
     hooks:
       - id: flake8
@@ -21,3 +37,21 @@ repos:
         language: system
         types: [python]
         require_serial: true
+      - id: black
+        name: black
+        description: This hook runs black within our project's environment.
+        entry: poetry run task black
+        language: system
+        types: [python]
+        require_serial: true
+
+ci:
+  autofix_commit_msg: |
+    [pre-commit.ci] auto fixes from pre-commit.com hooks
+    for more information, see https://pre-commit.ci
+  autofix_prs: true
+  autoupdate_branch: ''
+  autoupdate_commit_msg: '[pre-commit.ci] pre-commit autoupdate'
+  autoupdate_schedule: daily
+  skip: [flake8, black]  # pre-commit.ci doesn't support running under poetry right now.
+  submodules: false
@@ -1,54 +1,23 @@
-FROM --platform=linux/amd64 python:3.9-slim as base
+FROM --platform=linux/amd64 python:3.11-slim as base
 
-# Set pip to have no saved cache
-ENV PIP_NO_CACHE_DIR=false \
-    POETRY_VIRTUALENVS_IN_PROJECT=true \
-    PYTHONUNBUFFERED=1 \
-    PIP_DISABLE_PIP_VERSION_CHECK=on \
-    POETRY_HOME="/opt/poetry" \
-    INSTALL_DIR="/opt/dependencies" \
-    APP_DIR="/app" \
-    POETRY_NO_INTERACTION=1
-
-ENV PATH="$POETRY_HOME/bin:$INSTALL_DIR/.venv/bin:$PATH"
+# Define Git SHA build argument for sentry
+ARG git_sha="development"
+ENV GIT_SHA=$git_sha
 
 RUN groupadd -g 61000 codejam_management \
-    && useradd -g 61000 -l -r -u 61000 codejam_management
-
-FROM base as builder
-RUN apt-get update \
-  && apt-get -y upgrade \
-  && apt-get install --no-install-recommends -y \
-  curl \
-  && apt-get clean && rm -rf /var/lib/apt/lists/*
-
-RUN curl -sSL https://install.python-poetry.org | python -
-
-WORKDIR $INSTALL_DIR
-COPY "pyproject.toml" "poetry.lock" ./
-RUN poetry install --no-dev
-
+  && useradd -g 61000 -l -r -u 61000 codejam_management
 
-FROM base as development
-
-# Create the working directory
-WORKDIR $APP_DIR
-COPY --from=builder $INSTALL_DIR $INSTALL_DIR
-
-# Copy the source code in last to optimize rebuilding the image
-COPY . .
+# Install project dependencies
+WORKDIR /app
+COPY main-requirements.txt ./
+RUN pip install -r main-requirements.txt
 
+EXPOSE 8000
 USER codejam_management
-# Run a single uvicorn worker
-# Multiple workers are managed by kubernetes, rather than something like gunicorn
-CMD ["sh", "-c", "alembic upgrade head && uvicorn api.main:app --host 0.0.0.0 --port 8000 --reload"]
-
+# Pull the uvicorn_extra build arg and ave it as an env var.
+# The CMD instruction is ran at execution time, so it also needs to be an env var, so that it is available at that time.
+ARG uvicorn_extras=""
+ENV uvicorn_extras=$uvicorn_extras
 
-FROM base as production
-COPY --from=builder $INSTALL_DIR $INSTALL_DIR
-WORKDIR $APP_DIR
-COPY . .
-RUN python -m compileall api/
-
-USER codejam_management
-CMD ["sh", "-c", "alembic upgrade head && uvicorn api.main:app --host 0.0.0.0 --port 8000"]
+ENTRYPOINT ["/bin/bash", "-c"]
+CMD ["alembic upgrade head && uvicorn api.main:app --host 0.0.0.0 --port 80 $uvicorn_extras"]