-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathTaskfile.yml
More file actions
174 lines (155 loc) · 5.85 KB
/
Taskfile.yml
File metadata and controls
174 lines (155 loc) · 5.85 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
---
# https://taskfile.dev
version: '3'
set:
- nounset
- errexit
- pipefail
vars:
PROJECT_SLUG: ai_native_python
INPUT_EXCLUDE: .*\{\{.*\}\}.*
PYTHON_VERSION: 3.13
VERSION:
sh: uv run python -c 'from {{.PROJECT_SLUG}} import __version__; print(__version__)'
RUN_SCRIPT: 'uv run --frozen'
silent: true
tasks:
init-uv:
desc: Initializes the uv virtual environment
internal: true
sources:
- pyproject.toml
- uv.lock
cmds:
- uv sync --frozen
init-pre-commit:
desc: Setup pre-commit
internal: true
sources:
- .pre-commit-config.yaml
status:
# Don't do any of this if you aren't in a git repository; quote to avoid yaml intrepretering the ! as a node tag
# https://yaml.org/spec/1.2.2/#691-node-tags
- '! test -d .git'
cmds:
- uv tool install pre-commit
# Don't run this in pipelines
- '{{if ne .GITHUB_ACTIONS "true"}}{{.RUN_SCRIPT}} pre-commit install{{else}}echo "Detected a github actions pipeline; skipping the pre-commit install"{{end}}'
init-docker-multiplatform:
desc: Setup docker for multiplatform builds
internal: true
cmds:
# This fixes an "ERROR: Multiple platforms feature is currently not supported for docker driver" pipeline error
# Only create our multiplatform builder if it doesn't already exist; otherwise list information about the one that exists
# It suppresses the inspect output when it's not running in a GitHub Action
- docker buildx inspect multiplatform {{if ne .GITHUB_ACTIONS "true"}}>/dev/null{{end}} || docker buildx create --name multiplatform --driver docker-container --use
init:
desc: Initialize the repo for local use; intended to be run after git clone
cmds:
- task: init-uv
- task: init-pre-commit
- task: init-docker-multiplatform
lint:
desc: Run the linter(s)
cmds:
- '{{.RUN_SCRIPT}} pre-commit run --all-files'
validate:
desc: Validate the pre-commit config
cmds:
- '{{.RUN_SCRIPT}} pre-commit validate-config'
test:
desc: Run the project tests
cmds:
- task: unit-test
- task: integration-test
unit-test:
desc: Run the unit tests
vars:
# If CLI_ARGS are set, append them as an "and" after the -m unit
MARK_EXPR: unit{{if .CLI_ARGS}} and {{.CLI_ARGS}}{{end}}
cmds:
- '{{.RUN_SCRIPT}} pytest --keep-baked-projects -m "{{.MARK_EXPR}}" tests/'
integration-test:
desc: Run the integration tests
vars:
# If CLI_ARGS are set, append them as an "and" after the -m integration
MARK_EXPR: integration{{if .CLI_ARGS}} and {{.CLI_ARGS}}{{end}}
cmds:
- '{{.RUN_SCRIPT}} pytest --keep-baked-projects -m "{{.MARK_EXPR}}" tests/'
update:
desc: Update the project dev and runtime dependencies
cmds:
# This currently assumes uv was installed via uv (locally); we will want to make it more flexible in the future
- '{{if ne .GITHUB_ACTIONS "true"}}brew upgrade uv{{end}}'
- uv tool upgrade --all
- pre-commit autoupdate --freeze --jobs 4
# Copy the newly updated config into the project template, excluding the exclude line
- cat .pre-commit-config.yaml | grep -v ^exclude > '{{`{{cookiecutter.project_name|replace(" ", "")}}`}}/.pre-commit-config.yaml'
- uv lock --upgrade
# This can take a while but it's required for the following step to update BuildKit in the docker driver
- '{{if eq .CLI_ARGS "all"}}docker buildx rm multiplatform || true{{end}}'
# If we just destroyed the "multiplatform" builder instance, this will configure a new one. The next time the host runs a `docker buildx build` it will
# rebuild the builder instance, updating its BuildKit. There's no harm in running this even if we didn't do the `docker buildx rm` previously
- task: init-docker-multiplatform
clean:
desc: Clean up build artifacts, cache files/directories, temp files, etc.
cmds:
- rm -rf .pytest_cache
- rm -rf htmlcov
- rm -rf .coverage
- rm -rf dist
- rm -rf build
- rm -rf *.egg-info
- rm -f sbom.*.json
- rm -f vulns.*.json
- rm -f license-check.json
- find . -type d -name __pycache__ -exec rm -rf {} + || true
- find . -type d -name .mypy_cache -exec rm -rf {} + || true
- find . -type d -name .ruff_cache -exec rm -rf {} + || true
- find . -type f -name '*.pyc' -delete || true
release:
desc: Cut a project release
env:
GH_TOKEN:
sh: |
if [[ -n "${GH_TOKEN:-}" ]]; then
echo "${GH_TOKEN}"
elif command -v gh &> /dev/null && gh auth token &> /dev/null; then
gh auth token
fi
cmds:
# Phase 1: Update version in files without any VCS operations
- '{{.RUN_SCRIPT}} semantic-release version --no-changelog --skip-build --no-commit --no-tag --no-push --no-vcs-release'
# Re-lock dependencies to update version in uv.lock
- uv lock
# Stage the updated lock file
- git add uv.lock
# Phase 2: Run full release with commits, tags, and push
- '{{.RUN_SCRIPT}} semantic-release version --no-changelog --skip-build {{.CLI_ARGS}}'
sbom:
desc: Generate project SBOMs
cmds:
- |
docker run --rm \
-v "${PWD}:/src" \
-w /src \
anchore/syft:latest \
/src \
-o syft-json=sbom.syft.json \
-o spdx-json=sbom.spdx.json \
-o cyclonedx-json=sbom.cyclonedx.json
vulnscan:
desc: Vuln scan the SBOM
cmds:
- |
docker run --rm \
-v "${PWD}:/src" \
-w /src \
anchore/grype:latest \
sbom:sbom.syft.json \
-o json \
| tee vulns.json
license-check:
desc: Check license compliance using grant
cmds:
- grant check sbom.spdx.json --config .github/.grant.yml -o json | tee license-check.json