-
Notifications
You must be signed in to change notification settings - Fork 27
177 lines (152 loc) · 5.45 KB
/
gating.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
name: Gating
on:
pull_request:
push:
branches:
- main
workflow_dispatch:
inputs: {}
jobs:
tests:
name: Unit tests
runs-on: ubuntu-latest
strategy:
matrix:
python-version: ["3.9", "3.10", "3.11", "3.12"]
container:
image: python:${{ matrix.python-version }}-slim
steps:
- name: Install dependencies
run: |
# We need to install git inside the container otherwise the checkout action will use Git
# REST API and the .git directory won't be present which fails due to setuptools-scm
apt-get update && apt-get install --no-install-recommends --no-install-suggests -y git
python3 -m pip install --upgrade pip
pip install nox
pip install tomli
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Test with nox
run: |
# Disable Git's safe.directory mechanism as some unit tests do clone repositories
git config --global --add safe.directory '*'
nox -s python-${{ matrix.python-version }}
- name: Upload coverage reports to Codecov
if: matrix.python-version == '3.12'
uses: codecov/codecov-action@v4
with:
token: ${{ secrets.CODECOV_TOKEN }}
linters:
name: Linters
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
nox_env:
- bandit
- black
- isort
- flake8
- mypy
container:
image: python:3.9-slim
steps:
- name: Install dependencies
run: |
# We need to install git inside the container otherwise the checkout action will use Git
# REST API and the .git directory won't be present which fails due to setuptools-scm
apt-get update && apt-get install --no-install-recommends --no-install-suggests -y git
python3 -m pip install --upgrade pip
pip install nox
pip install tomli
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Test '${{ matrix.nox_env }}' with nox
run: nox -s ${{ matrix.nox_env }}
hadolint:
name: Hadolint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: hadolint/[email protected]
with:
dockerfile: Containerfile
# Ignore list:
# * DL3041 - Specify version with dnf install -y <package>-<version>
ignore: DL3041
failure-threshold: warning
build-image:
name: Build Cachi2 image and run integration tests on it
# TODO: Replace this with ubuntu-latest once GH completes the migration of the VM runners to
# ubuntu 24.04 and respect the YAML tag (revert the commit that added this)
runs-on: ubuntu-24.04
steps:
- name: Install required packages
run: |
sudo apt-get update
sudo apt-get install createrepo-c
python3 -m venv /var/tmp/venv
/var/tmp/venv/bin/pip3 install --upgrade pip
/var/tmp/venv/bin/pip3 install nox
/var/tmp/venv/bin/pip3 install tomli
- name: add checkout action...
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: PyPI test server start
run: |
tests/pypiserver/start.sh &
# Testing basic HTTP request
status=$(curl -sSI \
--output /dev/null \
--write-out %{http_code} \
--retry-delay 1 \
--retry 60 \
--retry-all-errors \
http://127.0.0.1:8080)
[[ ${status} == "200" ]] || exit 1
- name: DNF test server start
run: |
tests/dnfserver/start.sh &
# Testing basic HTTP request
status=$(curl -sSI \
--output /dev/null \
--write-out %{http_code} \
--retry-delay 1 \
--retry 60 \
--retry-all-errors \
http://127.0.0.1:8081)
[[ ${status} == "200" ]] || exit 1
# Testing expected error on unauthenticated TLS access
status=$(curl -ssI \
--output /dev/null \
--write-out %{http_code} \
--insecure \
https://127.0.0.1:8443)
[[ ${status} == "400" ]] || exit 1
# Testing TLS client authentication
status=$(curl -sSI \
--output /dev/null \
--write-out %{http_code} \
--cacert tests/dnfserver/certificates/CA.crt \
--key tests/dnfserver/certificates/client.key \
--cert tests/dnfserver/certificates/client.crt \
https://127.0.0.1:8443/pkg/redhat-release-9.4-0.5.el9.x86_64.rpm)
[[ ${status} == "200" ]] || exit 1
- name: Build Cachi2 image
run: |
podman build -t cachi2:${{ github.sha }} .
- name: Check image created and Cachi2 version
run: |
podman images | grep 'cachi2'
podman run -t cachi2:${{ github.sha }} --version
- name: Run integration tests on built image
env:
CACHI2_IMAGE: localhost/cachi2:${{ github.sha }}
CACHI2_TEST_LOCAL_PYPISERVER: 'true'
CACHI2_TEST_LOCAL_DNF_SERVER: 'true'
run: |
git config --global --add safe.directory "*"
/var/tmp/venv/bin/nox -s integration-tests