feat: add dry run functionality to autopipeline and add sensitive dicom tags to metadata #1260
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI-CD | |
| # only run on pushes to main or pull requests | |
| on: | |
| pull_request: | |
| branches: | |
| - "development" | |
| - "main" | |
| push: | |
| branches: | |
| - "development" | |
| - "main" | |
| workflow_dispatch: | |
| concurrency: | |
| group: ${{ github.workflow }}_${{ github.event.pull_request.number || github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| ############################################################################################### | |
| # Unit-Tests: Run unit tests using pytest | |
| ################################################################################################ | |
| Unit-Tests: | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest, macos-latest, windows-latest] | |
| env: ["py310", "py311", "py312", "py313"] | |
| TestAccessType: ["public"] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Run Unit Tests | |
| uses: ./.github/actions/pytest/ | |
| with: | |
| os: ${{ matrix.os }} | |
| env: ${{ matrix.env }} | |
| test_access_type: ${{ matrix.TestAccessType }} | |
| github_token: ${{ secrets.MEDIMG_TESTDATA_PAT }} | |
| codecov_token: ${{ secrets.CODECOV_TOKEN }} | |
| test_type: "unittests" | |
| ############################################################################################### | |
| # Integration-Tests: Run integration tests (downloading and running on data) | |
| ################################################################################################ | |
| Integration-Tests: | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest, macos-latest, windows-latest] | |
| # just going to test lowest and latest | |
| env: ["py310", "py313"] | |
| TestAccessType: ["public"] | |
| # this action needs to be able to read contents of other repos | |
| # for the test data (specifically private test data) | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Run Integration Tests | |
| uses: ./.github/actions/pytest/ | |
| with: | |
| os: ${{ matrix.os }} | |
| env: ${{ matrix.env }} | |
| test_access_type: ${{ matrix.TestAccessType }} | |
| github_token: ${{ secrets.MEDIMG_TESTDATA_PAT }} | |
| codecov_token: ${{ secrets.CODECOV_TOKEN }} | |
| test_type: "integration" | |
| ################################################################################################ | |
| # Linting: Run linting using Ruff & Mypy | |
| ################################################################################################ | |
| # Goal here is to run ruff check and mypy, and then upload the results to the PR | |
| # even if one fails, it should still run the other | |
| Linting: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| checks: write | |
| issues: write | |
| pull-requests: write | |
| timeout-minutes: 15 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install Pixi | |
| uses: prefix-dev/[email protected] | |
| with: | |
| environments: "test" | |
| pixi-version: v0.47.0 | |
| cache: true | |
| locked: false | |
| - name: Run ruff check | |
| id: ruff_check | |
| run: | | |
| set -eu pipefail | |
| pixi run -e test ruff-check --fix --unsafe-fixes --exit-non-zero-on-fix | |
| - name: Run ruff format | |
| id: ruff_format | |
| run: | | |
| pixi run -e test ruff-format --diff | |
| - name: Run mypy check | |
| id: mypy | |
| run: | | |
| pixi run -e test type-check | |
| ################################################################################################ | |
| # Build-Docs: Build documentation using mkdocs | |
| ################################################################################################ | |
| Build-Docs: | |
| runs-on: ${{ matrix.os }} | |
| timeout-minutes: 15 # Consider increasing timeout | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest] # , windows-latest removed for now | |
| env: ["docs"] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install Pixi | |
| uses: prefix-dev/[email protected] | |
| with: | |
| environments: ${{ matrix.env }} | |
| pixi-version: v0.46.0 | |
| cache: true | |
| locked: false # wont be the same because of the tag | |
| - name: Test docs build | |
| run: | | |
| pixi run -e ${{ matrix.env }} doc-build | |
| ################################################################################################ | |
| # Publish-Docs: Publish documentation to GitHub Pages using mike only on main branch | |
| ################################################################################################ | |
| Publish-Docs: | |
| needs: [Generate-PNG, Build-Docs] | |
| if: github.ref == 'refs/heads/main' | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| permissions: | |
| # Need to give the action permission to write to the repository to deploy the docs | |
| contents: write | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest] | |
| env: ["docs"] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Configure Git Credentials | |
| run: | | |
| git config user.name github-actions[bot] | |
| git config user.email github-actions[bot]@users.noreply.github.com | |
| - name: Install Pixi | |
| uses: prefix-dev/[email protected] | |
| with: | |
| environments: ${{ matrix.env }} | |
| pixi-version: v0.46.0 | |
| cache: true | |
| locked: false # wont be the same because of the tag | |
| - name: Build API Reference | |
| if: github.actor != 'github-actions[bot]' | |
| run: | | |
| pixi run -e ${{ matrix.env }} api-ref-build | |
| git add docs/reference | |
| if ! git diff --cached --quiet; then | |
| git commit -m "chore: update API Reference" | |
| git push | |
| else | |
| echo "No changes to amend" | |
| fi | |
| - name: Test docs build | |
| run: | | |
| pixi run -e ${{ matrix.env }} doc-build | |
| - name: Publish docs using mike | |
| run: | | |
| pixi run -e ${{ matrix.env }} mike deploy --push dev devel | |
| ################################################################################################ | |
| # CD: Continuous Deployment | |
| ################################################################################################ | |
| Continuous-Deployment: | |
| concurrency: release | |
| permissions: | |
| id-token: write | |
| actions: read | |
| contents: write | |
| packages: write | |
| issues: write | |
| pull-requests: write | |
| needs: [Unit-Tests, Integration-Tests, Linting, Build-Docs] | |
| if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/development' | |
| # Set up operating system | |
| runs-on: ubuntu-latest | |
| outputs: | |
| released: ${{ steps.release.outputs.released }} | |
| version: ${{ steps.release.outputs.version }} | |
| tag: ${{ steps.release.outputs.tag }} | |
| # Define job steps | |
| steps: | |
| - uses: actions/create-github-app-token@v1 | |
| id: app-token | |
| with: | |
| app-id: ${{ vars.SEMVERPOLICE_ID }} | |
| private-key: ${{ secrets.SEMVER_APP_KEY }} | |
| - name: Set up Python 3.12 | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: 3.12 | |
| - name: Check-out repository | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - name: Python Semantic Release | |
| uses: python-semantic-release/python-semantic-release@master | |
| id: release | |
| with: | |
| root_options: -v | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| git_committer_name: "gh-actions-semver" | |
| ################################################################################################ | |
| # Generate-PNG: Generate PNG images of CLI help output | |
| ################################################################################################ | |
| Generate-PNG: | |
| needs: Continuous-Deployment | |
| if: github.ref == 'refs/heads/development' || github.ref == 'refs/heads/main' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.ref }} | |
| - name: Download and install termshot | |
| run: | | |
| curl -L "https://github.com/homeport/termshot/releases/download/v0.5.0/termshot_0.5.0_linux_amd64.tar.gz" -o termshot.tar.gz | |
| tar -xzf termshot.tar.gz | |
| chmod +x termshot | |
| sudo mv termshot /usr/local/bin/termshot | |
| rm termshot.tar.gz | |
| termshot --version | |
| - name: Install Pixi | |
| uses: prefix-dev/[email protected] | |
| with: | |
| environments: "py313" | |
| pixi-version: v0.46.0 | |
| cache: true | |
| locked: false | |
| activate-environment: true | |
| - name: Install the project | |
| run: imgtools --help | |
| - name: Generate PNG using termshot | |
| run: | | |
| mkdir -p assets | |
| termshot --show-cmd --filename assets/imgtools_cli.png -- imgtools --help | |
| - name: Commit and push changes | |
| run: | | |
| git config --local user.email "github-actions[bot]@users.noreply.github.com" | |
| git config --local user.name "github-actions[bot]" | |
| git add assets/imgtools_cli.png | |
| if git diff --cached --quiet; then | |
| echo "No changes to commit" | |
| else | |
| git commit -m "chore: update cli help image" | |
| git push | |
| fi | |
| ################################################################################################ | |
| # Publish-PyPI: Publish to PyPI when Continuous-Deployment is successful | |
| ################################################################################################ | |
| Publish-PyPI: | |
| needs: Continuous-Deployment | |
| if: needs.Continuous-Deployment.outputs.released == 'true' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout the code with tag ${{ needs.Continuous-Deployment.outputs.tag }} | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ needs.Continuous-Deployment.outputs.tag }} | |
| - name: Set up Python 3.12 | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: 3.12 | |
| - name: Install Package Builder | |
| run: python3 -m pip install build | |
| - name: Build package | |
| run: python3 -m build --sdist --wheel --outdir dist/ | |
| - name: Publish to PyPI | |
| uses: pypa/gh-action-pypi-publish@release/v1 | |
| with: | |
| verbose: true | |
| user: ${{ secrets.pypi_token }} | |
| password: ${{ secrets.pypi_api }} | |
| ################################################################################################ | |
| # Docker: Build and publish Docker image when Continuous-Deployment is successful | |
| ################################################################################################ | |
| Docker-Publish: | |
| needs: [Continuous-Deployment, Publish-PyPI] | |
| if: needs.Continuous-Deployment.outputs.released == 'true' | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| python_version: ["3.13"] | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to DockerHub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.BHKLAB_DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.BHKLAB_DOCKERHUB_ACCESS_KEY }} | |
| - name: Set build metadata | |
| id: meta | |
| run: echo "build_date=$(date --utc +%Y-%m-%dT%H:%M:%SZ)" >> $GITHUB_OUTPUT | |
| - name: Build and Push Docker image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| platforms: linux/amd64,linux/arm64 | |
| push: true | |
| tags: | | |
| bhklab/med-imagetools:${{ needs.Continuous-Deployment.outputs.tag}} | |
| bhklab/med-imagetools:latest | |
| build-args: | | |
| PYTHON_VERSION=${{ matrix.python_version }} | |
| VERSION=${{ needs.Continuous-Deployment.outputs.tag}} | |
| GIT_COMMIT=${{ github.sha }} | |
| BUILD_DATE=${{ steps.meta.outputs.build_date }} | |
| provenance: false |