fix(qupath): annotate input slide once #3086
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "+ CI/CD" | |
| on: | |
| push: | |
| branches: | |
| - "main" | |
| tags: | |
| - "v*.*.*" | |
| pull_request: | |
| branches: [main] | |
| types: [opened, synchronize, reopened] | |
| release: | |
| types: [created] | |
| workflow_dispatch: | |
| inputs: | |
| platform_environment: | |
| description: 'Environment to test against' | |
| required: false | |
| default: 'staging' | |
| type: choice | |
| options: | |
| - staging | |
| - production | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref_name }}-${{ github.event.pull_request.number || github.sha }} | |
| cancel-in-progress: true | |
| jobs: | |
| get-commit-message: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| outputs: | |
| commit_message: ${{ steps.get-commit-message.outputs.commit_message }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| fetch-depth: 0 | |
| - name: Get commit message | |
| id: get-commit-message | |
| shell: bash | |
| run: | | |
| if [ "${{ github.event_name }}" == "pull_request" ]; then | |
| # For PR events, get the commit message from the PR head SHA | |
| COMMIT_MESSAGE=$(git log -1 --format=%B ${{ github.event.pull_request.head.sha }}) | |
| else | |
| # For push events, use the head commit message | |
| COMMIT_MESSAGE='${{ github.event.head_commit.message }}' | |
| fi | |
| # Export for use in other steps (multiline-safe) | |
| # Use printf with %s to avoid interpreting special characters | |
| { | |
| echo "commit_message<<EOF" | |
| printf "%s\n" "$COMMIT_MESSAGE" | |
| echo "EOF" | |
| } >> $GITHUB_OUTPUT | |
| lint: | |
| needs: [get-commit-message] | |
| if: | | |
| (!contains(needs.get-commit-message.outputs.commit_message, 'skip:ci')) && | |
| (!contains(needs.get-commit-message.outputs.commit_message, 'build:native:only')) && | |
| !(github.ref_type == 'branch' && startsWith(needs.get-commit-message.outputs.commit_message, 'Bump version')) && | |
| (!contains(github.event.pull_request.labels.*.name, 'skip:ci')) && | |
| (!contains(github.event.pull_request.labels.*.name, 'build:native:only')) | |
| uses: ./.github/workflows/_lint.yml | |
| permissions: | |
| contents: read | |
| id-token: write | |
| packages: read | |
| audit: | |
| needs: [get-commit-message] | |
| if: | | |
| (!contains(needs.get-commit-message.outputs.commit_message, 'skip:ci')) && | |
| (!contains(needs.get-commit-message.outputs.commit_message, 'build:native:only')) && | |
| !(github.ref_type == 'branch' && startsWith(needs.get-commit-message.outputs.commit_message, 'Bump version')) && | |
| (!contains(github.event.pull_request.labels.*.name, 'skip:ci')) && | |
| (!contains(github.event.pull_request.labels.*.name, 'build:native:only')) | |
| uses: ./.github/workflows/_audit.yml | |
| permissions: | |
| contents: read | |
| id-token: write | |
| packages: read | |
| test: | |
| needs: [get-commit-message] | |
| if: | | |
| (!contains(needs.get-commit-message.outputs.commit_message, 'skip:ci')) && | |
| (!contains(needs.get-commit-message.outputs.commit_message, 'build:native:only')) && | |
| !(github.ref_type == 'branch' && startsWith(needs.get-commit-message.outputs.commit_message, 'Bump version:')) && | |
| (!contains(github.event.pull_request.labels.*.name, 'skip:ci')) && | |
| (!contains(github.event.pull_request.labels.*.name, 'build:native:only')) | |
| uses: ./.github/workflows/_test.yml | |
| with: | |
| platform_environment: ${{ inputs.platform_environment || 'staging' }} | |
| commit_message: ${{ needs.get-commit-message.outputs.commit_message }} | |
| permissions: | |
| attestations: write | |
| contents: read | |
| id-token: write | |
| packages: write | |
| secrets: | |
| AIGNOSTICS_CLIENT_ID_DEVICE_STAGING: ${{ secrets.AIGNOSTICS_CLIENT_ID_DEVICE_STAGING }} | |
| AIGNOSTICS_REFRESH_TOKEN_STAGING: ${{ secrets.AIGNOSTICS_REFRESH_TOKEN_STAGING }} | |
| GCP_CREDENTIALS_STAGING: ${{ secrets.GCP_CREDENTIALS_STAGING }} | |
| AIGNOSTICS_CLIENT_ID_DEVICE_PRODUCTION: ${{ secrets.AIGNOSTICS_CLIENT_ID_DEVICE_PRODUCTION }} | |
| AIGNOSTICS_REFRESH_TOKEN_PRODUCTION: ${{ secrets.AIGNOSTICS_REFRESH_TOKEN_PRODUCTION }} | |
| GCP_CREDENTIALS_PRODUCTION: ${{ secrets.GCP_CREDENTIALS_PRODUCTION }} | |
| CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| SENTRY_DSN: ${{ secrets.SENTRY_DSN }} # For metrics | |
| codeql: | |
| needs: [get-commit-message] | |
| if: | | |
| (!contains(needs.get-commit-message.outputs.commit_message, 'skip:ci')) && | |
| (!contains(needs.get-commit-message.outputs.commit_message, 'build:native:only')) && | |
| !(github.ref_type == 'branch' && startsWith(needs.get-commit-message.outputs.commit_message, 'Bump version:')) && | |
| (!contains(github.event.pull_request.labels.*.name, 'skip:ci')) && | |
| (!contains(github.event.pull_request.labels.*.name, 'build:native:only')) | |
| uses: ./.github/workflows/_codeql.yml | |
| permissions: | |
| actions: read | |
| contents: read | |
| packages: read | |
| security-events: write | |
| ketryx_report_and_check: | |
| needs: [get-commit-message, lint, audit, test, codeql] | |
| if: | | |
| (!contains(needs.get-commit-message.outputs.commit_message, 'skip:ci')) && | |
| (!contains(needs.get-commit-message.outputs.commit_message, 'build:native:only')) && | |
| !(github.ref_type == 'branch' && startsWith(needs.get-commit-message.outputs.commit_message, 'Bump version:')) && | |
| (!contains(github.event.pull_request.labels.*.name, 'skip:ci')) && | |
| (!contains(github.event.pull_request.labels.*.name, 'build:native:only')) | |
| uses: ./.github/workflows/_ketryx_report_and_check.yml | |
| with: | |
| commit-sha: ${{ github.event.pull_request.head.sha || github.sha }} | |
| commit_message: ${{ needs.get-commit-message.outputs.commit_message }} | |
| permissions: | |
| attestations: write | |
| contents: write | |
| id-token: write | |
| packages: write | |
| secrets: | |
| KETRYX_PROJECT: ${{ secrets.KETRYX_PROJECT }} | |
| KETRYX_API_KEY: ${{ secrets.KETRYX_API_KEY }} | |
| package_publish: | |
| needs: [get-commit-message, ketryx_report_and_check] | |
| uses: ./.github/workflows/_package-publish.yml | |
| if: | | |
| (startsWith(github.ref, 'refs/tags/v') && (!contains(needs.get-commit-message.outputs.commit_message, 'skip:ci'))) && | |
| (!contains(needs.get-commit-message.outputs.commit_message, 'build:native:only')) && | |
| (!contains(github.event.pull_request.labels.*.name, 'skip:ci')) && | |
| (!contains(github.event.pull_request.labels.*.name, 'build:native:only')) | |
| with: | |
| commit_message: ${{ needs.get-commit-message.outputs.commit_message }} | |
| permissions: | |
| attestations: write | |
| contents: write | |
| id-token: write | |
| packages: write | |
| secrets: | |
| UV_PUBLISH_TOKEN: ${{ secrets.UV_PUBLISH_TOKEN }} | |
| SLACK_WEBHOOK_URL_RELEASE_ANNOUNCEMENT: ${{ secrets.SLACK_WEBHOOK_URL_RELEASE_ANNOUNCEMENT }} | |
| SLACK_CHANNEL_ID_RELEASE_ANNOUNCEMENT: ${{ secrets.SLACK_CHANNEL_ID_RELEASE_ANNOUNCEMENT }} | |
| SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
| docker_publish: | |
| needs: [get-commit-message, ketryx_report_and_check] | |
| if: | | |
| (startsWith(github.ref, 'refs/tags/v') && (!contains(needs.get-commit-message.outputs.commit_message, 'skip:ci'))) && | |
| (!contains(needs.get-commit-message.outputs.commit_message, 'build:native:only')) && | |
| (!contains(github.event.pull_request.labels.*.name, 'skip:ci')) && | |
| (!contains(github.event.pull_request.labels.*.name, 'build:native:only')) | |
| uses: ./.github/workflows/_docker-publish.yml | |
| permissions: | |
| attestations: write | |
| contents: read | |
| id-token: write | |
| packages: write | |
| secrets: | |
| DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} | |
| DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} |