feat: Share runs via Python SDK #4546

Workflow file for this run

	name: "+ CI/CD"

	on:
	push:
	branches:
	- "main"
	- "release/v*"
	tags:
	- "v..*"
	pull_request:
	branches:
	- "main"
	- "release/v*"
	types: [opened, synchronize, reopened]
	release:
	types: [created]
	workflow_dispatch:
	inputs:
	platform_environment:
	description: 'Environment to test against'
	required: false
	default: 'staging'
	type: choice
	options:
	- staging
	- production

	concurrency:
	group: ${{ github.workflow }}-${{ github.ref_name }}-${{ github.event.pull_request.number \|\| github.sha }}
	cancel-in-progress: true

	jobs:

	get-commit-message:
	runs-on: ubuntu-latest
	permissions:
	contents: read
	outputs:
	commit_message: ${{ steps.get-commit-message.outputs.commit_message }}
	release_version: ${{ steps.get-release-version.outputs.release_version }}
	steps:
	- name: Checkout
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	with:
	fetch-depth: 0

	- name: Get release version from branch name
	id: get-release-version
	shell: bash
	env:
	GITHUB_REF_NAME: ${{ github.ref_name }}
	run: \|
	if [[ "$GITHUB_REF_NAME" =~ ^release/v(.+)$ ]]; then
	# Ketryx version names start with "v", so we must preserve the prefix.
	echo "release_version=v${BASH_REMATCH[1]}" >> "$GITHUB_OUTPUT"
	else
	echo "release_version=" >> "$GITHUB_OUTPUT"
	fi

	- name: Get commit message
	id: get-commit-message
	shell: bash
	env:
	GITHUB_EVENT_NAME: ${{ github.event_name }}
	PR_HEAD_SHA: ${{ github.event.pull_request.head.sha }}
	HEAD_COMMIT_MESSAGE: ${{ github.event.head_commit.message }}
	run: \|
	if [ "$GITHUB_EVENT_NAME" == "pull_request" ]; then
	# For PR events, get the commit message from the PR head SHA
	COMMIT_MESSAGE=$(git log -1 --format=%B $PR_HEAD_SHA)
	else
	# For push events, use the head commit message
	COMMIT_MESSAGE="$HEAD_COMMIT_MESSAGE"
	fi
	# Export for use in other steps (multiline-safe)
	# Use printf with %s to avoid interpreting special characters
	{
	echo "commit_message<<EOF"
	printf "%s\n" "$COMMIT_MESSAGE"
	echo "EOF"
	} >> $GITHUB_OUTPUT

	lint:
	needs: [get-commit-message]
	if: \|
	(!contains(needs.get-commit-message.outputs.commit_message, 'skip:ci')) &&
	(!contains(needs.get-commit-message.outputs.commit_message, 'build:native:only')) &&
	(!contains(github.event.pull_request.labels.*.name, 'skip:ci')) &&
	(!contains(github.event.pull_request.labels.*.name, 'build:native:only'))
	uses: ./.github/workflows/_lint.yml
	permissions:
	contents: read
	id-token: write
	packages: read

	docs:
	needs: [get-commit-message]
	if: \|
	(!contains(needs.get-commit-message.outputs.commit_message, 'skip:ci')) &&
	(!contains(needs.get-commit-message.outputs.commit_message, 'build:native:only')) &&
	(!contains(github.event.pull_request.labels.*.name, 'skip:ci')) &&
	(!contains(github.event.pull_request.labels.*.name, 'build:native:only'))
	uses: ./.github/workflows/_docs.yml
	permissions:
	contents: read
	id-token: write
	packages: read

	audit:
	needs: [get-commit-message]
	if: \|
	(!contains(needs.get-commit-message.outputs.commit_message, 'skip:ci')) &&
	(!contains(needs.get-commit-message.outputs.commit_message, 'build:native:only')) &&
	(!contains(github.event.pull_request.labels.*.name, 'skip:ci')) &&
	(!contains(github.event.pull_request.labels.*.name, 'build:native:only'))
	uses: ./.github/workflows/_audit.yml
	permissions:
	contents: read
	id-token: write
	packages: read

	test:
	needs: [get-commit-message]
	if: \|
	(!contains(needs.get-commit-message.outputs.commit_message, 'skip:ci')) &&
	(!contains(needs.get-commit-message.outputs.commit_message, 'build:native:only')) &&
	(!contains(github.event.pull_request.labels.*.name, 'skip:ci')) &&
	(!contains(github.event.pull_request.labels.*.name, 'build:native:only'))
	uses: ./.github/workflows/_test.yml
	with:
	platform_environment: ${{ inputs.platform_environment \|\| 'staging' }}
	commit_message: ${{ needs.get-commit-message.outputs.commit_message }}
	permissions:
	attestations: write
	contents: read
	id-token: write
	packages: write
	secrets:
	AIGNOSTICS_CLIENT_ID_DEVICE_STAGING: ${{ secrets.AIGNOSTICS_CLIENT_ID_DEVICE_STAGING }}
	AIGNOSTICS_REFRESH_TOKEN_STAGING: ${{ secrets.AIGNOSTICS_REFRESH_TOKEN_STAGING }}
	GCP_CREDENTIALS_STAGING: ${{ secrets.GCP_CREDENTIALS_STAGING }}
	AIGNOSTICS_CLIENT_ID_DEVICE_PRODUCTION: ${{ secrets.AIGNOSTICS_CLIENT_ID_DEVICE_PRODUCTION }}
	AIGNOSTICS_REFRESH_TOKEN_PRODUCTION: ${{ secrets.AIGNOSTICS_REFRESH_TOKEN_PRODUCTION }}
	GCP_CREDENTIALS_PRODUCTION: ${{ secrets.GCP_CREDENTIALS_PRODUCTION }}
	SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
Check failure on line 145 in .github/workflows/ci-cd.yml View workflow run for this annotation GitHub Actions / + CI/CD Invalid workflow file `The workflow is not valid. .github/workflows/ci-cd.yml (Line: 145, Col: 20): Invalid secret, SONAR_TOKEN is not defined in the referenced workflow.`
	CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
	SENTRY_DSN: ${{ secrets.SENTRY_DSN }} # For metrics

	codeql:
	needs: [get-commit-message]
	if: \|
	(!contains(needs.get-commit-message.outputs.commit_message, 'skip:ci')) &&
	(!contains(needs.get-commit-message.outputs.commit_message, 'build:native:only')) &&
	(!contains(github.event.pull_request.labels.*.name, 'skip:ci')) &&
	(!contains(github.event.pull_request.labels.*.name, 'build:native:only'))
	uses: ./.github/workflows/_codeql.yml
	permissions:
	actions: read
	contents: read
	packages: read
	security-events: write

	sonarcloud:
	needs: [get-commit-message, test]
	if: \|
	(!contains(needs.get-commit-message.outputs.commit_message, 'skip:ci')) &&
	(!contains(needs.get-commit-message.outputs.commit_message, 'build:native:only')) &&
	(!contains(github.event.pull_request.labels.*.name, 'skip:ci')) &&
	(!contains(github.event.pull_request.labels.*.name, 'build:native:only'))
	runs-on: ubuntu-latest
	permissions:
	contents: read
	pull-requests: write
	statuses: write
	steps:
	- name: Checkout
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	with:
	fetch-depth: 0

	- name: SonarQube Scan
	if: ${{ env.GITHUB_WORKFLOW_RUNTIME != 'ACT' }}
	uses: SonarSource/sonarqube-scan-action@299e4b793aaa83bf2aba7c9c14bedbb485688ec4 # v7.1.0
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	SONAR_TOKEN:

	ketryx_report_and_check:
	needs: [get-commit-message, lint, audit, test, codeql, sonarcloud, docs]
	if: \|
	github.actor != 'dependabot[bot]' &&
	(!contains(needs.get-commit-message.outputs.commit_message, 'skip:ci')) &&
	(!contains(needs.get-commit-message.outputs.commit_message, 'build:native:only')) &&
	(!contains(github.event.pull_request.labels.*.name, 'skip:ci')) &&
	(!contains(github.event.pull_request.labels.*.name, 'build:native:only'))
	uses: ./.github/workflows/_ketryx_report_and_check.yml
	with:
	commit-sha: ${{ github.event.pull_request.head.sha \|\| github.sha }}
	version: ${{ needs.get-commit-message.outputs.release_version }}
	commit_message: ${{ needs.get-commit-message.outputs.commit_message }}
	permissions:
	attestations: write
	contents: write
	id-token: write
	packages: write
	secrets:
	KETRYX_PROJECT: ${{ secrets.KETRYX_PROJECT }}
	KETRYX_API_KEY: ${{ secrets.KETRYX_API_KEY }}

	package_publish:
	needs: [get-commit-message, ketryx_report_and_check]
	uses: ./.github/workflows/_package-publish.yml
	if: \|
	(startsWith(github.ref, 'refs/tags/v') && (!contains(needs.get-commit-message.outputs.commit_message, 'skip:ci'))) &&
	(!contains(needs.get-commit-message.outputs.commit_message, 'build:native:only')) &&
	(!contains(github.event.pull_request.labels.*.name, 'skip:ci')) &&
	(!contains(github.event.pull_request.labels.*.name, 'build:native:only'))
	with:
	commit_message: ${{ needs.get-commit-message.outputs.commit_message }}
	permissions:
	attestations: write
	contents: write
	id-token: write
	packages: write
	secrets:
	UV_PUBLISH_TOKEN: ${{ secrets.UV_PUBLISH_TOKEN }}
	SLACK_WEBHOOK_URL_RELEASE_ANNOUNCEMENT: ${{ secrets.SLACK_WEBHOOK_URL_RELEASE_ANNOUNCEMENT }}
	SLACK_CHANNEL_ID_RELEASE_ANNOUNCEMENT: ${{ secrets.SLACK_CHANNEL_ID_RELEASE_ANNOUNCEMENT }}
	SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}

	docker_publish:
	needs: [get-commit-message, ketryx_report_and_check]
	if: \|
	(startsWith(github.ref, 'refs/tags/v') && (!contains(needs.get-commit-message.outputs.commit_message, 'skip:ci'))) &&
	(!contains(needs.get-commit-message.outputs.commit_message, 'build:native:only')) &&
	(!contains(github.event.pull_request.labels.*.name, 'skip:ci')) &&
	(!contains(github.event.pull_request.labels.*.name, 'build:native:only'))
	uses: ./.github/workflows/_docker-publish.yml
	permissions:
	attestations: write
	contents: read
	id-token: write
	packages: write
	secrets:
	DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
	DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

feat: Share runs via Python SDK #4546

Workflow file

feat: Share runs via Python SDK #4546

Uh oh!

Workflow file for this run

GitHub Actions / + CI/CD