yarn: SBOM components #3880
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Gating | |
on: | |
pull_request: | |
push: | |
branches: | |
- main | |
workflow_dispatch: | |
inputs: {} | |
jobs: | |
tests: | |
name: Unit tests | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
python-version: ["3.9", "3.10", "3.11", "3.12"] | |
container: | |
image: python:${{ matrix.python-version }}-slim | |
steps: | |
- name: Install dependencies | |
run: | | |
# We need to install git inside the container otherwise the checkout action will use Git | |
# REST API and the .git directory won't be present which fails due to setuptools-scm | |
apt-get update && apt-get install --no-install-recommends --no-install-suggests -y git | |
python3 -m pip install --upgrade pip | |
pip install nox | |
pip install tomli | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Test with nox | |
run: | | |
# Disable Git's safe.directory mechanism as some unit tests do clone repositories | |
git config --global --add safe.directory '*' | |
nox -s python-${{ matrix.python-version }} | |
- name: Upload coverage reports to Codecov | |
if: matrix.python-version == '3.12' | |
uses: codecov/codecov-action@v4 | |
with: | |
token: ${{ secrets.CODECOV_TOKEN }} | |
linters: | |
name: Linters | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
nox_env: | |
- bandit | |
- black | |
- isort | |
- flake8 | |
- mypy | |
container: | |
image: python:3.9-slim | |
steps: | |
- name: Install dependencies | |
run: | | |
# We need to install git inside the container otherwise the checkout action will use Git | |
# REST API and the .git directory won't be present which fails due to setuptools-scm | |
apt-get update && apt-get install --no-install-recommends --no-install-suggests -y git | |
python3 -m pip install --upgrade pip | |
pip install nox | |
pip install tomli | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Test '${{ matrix.nox_env }}' with nox | |
run: nox -s ${{ matrix.nox_env }} | |
hadolint: | |
name: Hadolint | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: hadolint/[email protected] | |
with: | |
dockerfile: Containerfile | |
# Ignore list: | |
# * DL3041 - Specify version with dnf install -y <package>-<version> | |
ignore: DL3041 | |
failure-threshold: warning | |
build-image: | |
name: Build Cachi2 image and run integration tests on it | |
# TODO: Replace this with ubuntu-latest once GH completes the migration of the VM runners to | |
# ubuntu 24.04 and respect the YAML tag (revert the commit that added this) | |
runs-on: ubuntu-24.04 | |
steps: | |
- name: Install required packages | |
run: | | |
sudo apt-get update | |
sudo apt-get install createrepo-c | |
python3 -m venv /var/tmp/venv | |
/var/tmp/venv/bin/pip3 install --upgrade pip | |
/var/tmp/venv/bin/pip3 install nox | |
/var/tmp/venv/bin/pip3 install tomli | |
- name: add checkout action... | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: PyPI test server start | |
run: | | |
tests/pypiserver/start.sh & | |
# Testing basic HTTP request | |
status=$(curl -sSI \ | |
--output /dev/null \ | |
--write-out %{http_code} \ | |
--retry-delay 1 \ | |
--retry 60 \ | |
--retry-all-errors \ | |
http://127.0.0.1:8080) | |
[[ ${status} == "200" ]] || exit 1 | |
- name: DNF test server start | |
run: | | |
tests/dnfserver/start.sh & | |
# Testing basic HTTP request | |
status=$(curl -sSI \ | |
--output /dev/null \ | |
--write-out %{http_code} \ | |
--retry-delay 1 \ | |
--retry 60 \ | |
--retry-all-errors \ | |
http://127.0.0.1:8081) | |
[[ ${status} == "200" ]] || exit 1 | |
# Testing expected error on unauthenticated TLS access | |
status=$(curl -ssI \ | |
--output /dev/null \ | |
--write-out %{http_code} \ | |
--insecure \ | |
https://127.0.0.1:8443) | |
[[ ${status} == "400" ]] || exit 1 | |
# Testing TLS client authentication | |
status=$(curl -sSI \ | |
--output /dev/null \ | |
--write-out %{http_code} \ | |
--cacert tests/dnfserver/certificates/CA.crt \ | |
--key tests/dnfserver/certificates/client.key \ | |
--cert tests/dnfserver/certificates/client.crt \ | |
https://127.0.0.1:8443/pkg/redhat-release-9.4-0.5.el9.x86_64.rpm) | |
[[ ${status} == "200" ]] || exit 1 | |
- name: Build Cachi2 image | |
run: | | |
podman build -t cachi2:${{ github.sha }} . | |
- name: Check image created and Cachi2 version | |
run: | | |
podman images | grep 'cachi2' | |
podman run -t cachi2:${{ github.sha }} --version | |
- name: Run integration tests on built image | |
env: | |
CACHI2_IMAGE: localhost/cachi2:${{ github.sha }} | |
CACHI2_TEST_LOCAL_PYPISERVER: 'true' | |
CACHI2_TEST_LOCAL_DNF_SERVER: 'true' | |
run: | | |
git config --global --add safe.directory "*" | |
/var/tmp/venv/bin/nox -s integration-tests |