Skip to content

yarn: SBOM components #3887

yarn: SBOM components

yarn: SBOM components #3887

Workflow file for this run

name: Gating
on:
pull_request:
push:
branches:
- main
workflow_dispatch:
inputs: {}
jobs:
tests:
name: Unit tests
runs-on: ubuntu-latest
strategy:
matrix:
python-version: ["3.9", "3.10", "3.11", "3.12"]
container:
image: python:${{ matrix.python-version }}-slim
steps:
- name: Install dependencies
run: |
# We need to install git inside the container otherwise the checkout action will use Git
# REST API and the .git directory won't be present which fails due to setuptools-scm
apt-get update && apt-get install --no-install-recommends --no-install-suggests -y git
python3 -m pip install --upgrade pip
pip install nox
pip install tomli
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Test with nox
run: |
# Disable Git's safe.directory mechanism as some unit tests do clone repositories
git config --global --add safe.directory '*'
nox -s python-${{ matrix.python-version }}
- name: Upload coverage reports to Codecov
if: matrix.python-version == '3.12'
uses: codecov/codecov-action@v4
with:
token: ${{ secrets.CODECOV_TOKEN }}
linters:
name: Linters
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
nox_env:
- bandit
- black
- isort
- flake8
- mypy
container:
image: python:3.9-slim
steps:
- name: Install dependencies
run: |
# We need to install git inside the container otherwise the checkout action will use Git
# REST API and the .git directory won't be present which fails due to setuptools-scm
apt-get update && apt-get install --no-install-recommends --no-install-suggests -y git
python3 -m pip install --upgrade pip
pip install nox
pip install tomli
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Test '${{ matrix.nox_env }}' with nox
run: nox -s ${{ matrix.nox_env }}
hadolint:
name: Hadolint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: hadolint/[email protected]
with:
dockerfile: Containerfile
# Ignore list:
# * DL3041 - Specify version with dnf install -y <package>-<version>
ignore: DL3041
failure-threshold: warning
build-image:
name: Build Cachi2 image and run integration tests on it
# TODO: Replace this with ubuntu-latest once GH completes the migration of the VM runners to
# ubuntu 24.04 and respect the YAML tag (revert the commit that added this)
runs-on: ubuntu-24.04
steps:
- name: Install required packages
run: |
sudo apt-get update
sudo apt-get install createrepo-c
python3 -m venv /var/tmp/venv
/var/tmp/venv/bin/pip3 install --upgrade pip
/var/tmp/venv/bin/pip3 install nox
/var/tmp/venv/bin/pip3 install tomli
- name: add checkout action...
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: PyPI test server start
run: |
tests/pypiserver/start.sh &
# Testing basic HTTP request
status=$(curl -sSI \
--output /dev/null \
--write-out %{http_code} \
--retry-delay 1 \
--retry 60 \
--retry-all-errors \
http://127.0.0.1:8080)
[[ ${status} == "200" ]] || exit 1
- name: DNF test server start
run: |
tests/dnfserver/start.sh &
# Testing basic HTTP request
status=$(curl -sSI \
--output /dev/null \
--write-out %{http_code} \
--retry-delay 1 \
--retry 60 \
--retry-all-errors \
http://127.0.0.1:8081)
[[ ${status} == "200" ]] || exit 1
# Testing expected error on unauthenticated TLS access
status=$(curl -ssI \
--output /dev/null \
--write-out %{http_code} \
--insecure \
https://127.0.0.1:8443)
[[ ${status} == "400" ]] || exit 1
# Testing TLS client authentication
status=$(curl -sSI \
--output /dev/null \
--write-out %{http_code} \
--cacert tests/dnfserver/certificates/CA.crt \
--key tests/dnfserver/certificates/client.key \
--cert tests/dnfserver/certificates/client.crt \
https://127.0.0.1:8443/pkg/redhat-release-9.4-0.5.el9.x86_64.rpm)
[[ ${status} == "200" ]] || exit 1
- name: Build Cachi2 image
run: |
podman build -t cachi2:${{ github.sha }} .
- name: Check image created and Cachi2 version
run: |
podman images | grep 'cachi2'
podman run -t cachi2:${{ github.sha }} --version
- name: Run integration tests on built image
env:
CACHI2_IMAGE: localhost/cachi2:${{ github.sha }}
CACHI2_TEST_LOCAL_PYPISERVER: 'true'
CACHI2_TEST_LOCAL_DNF_SERVER: 'true'
run: |
git config --global --add safe.directory "*"
/var/tmp/venv/bin/nox -s integration-tests