fix program query #341
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Workflow responsible for core acceptance testing. | |
# Tests Currently Run: | |
# - flake8-linter | |
# - PYTest | |
# - Bandit | |
# For PR Vulnerability Scanning a separate workflow will run. | |
# The build-push-dev-image and build-push-release workflows | |
# handle the develop and release image storage respectively. | |
# | |
# | |
name: Code-Checks | |
on: | |
# push: | |
# branches-ignore: | |
# - master | |
# - main | |
# - develop | |
pull_request: | |
branches: | |
- develop | |
- master | |
- main | |
types: [ opened, synchronize ] | |
paths-ignore: | |
- README.md | |
- .old_cicd/* | |
# - .github/* | |
# - .github/workflows/* | |
- LICENSE | |
- .gitignore | |
- .dockerignore | |
- .githooks | |
jobs: | |
############################## flake8-linter ############################## | |
flake8-linter: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Set up Python | |
uses: actions/setup-python@v4 | |
with: | |
python-version: '3.12' | |
# Currently actions/setup-python supports caching | |
# but the cache is not as robust as cache action. | |
# Here we cache the entire python env which speeds subsequent builds up alot. (alot being scientific term) | |
# Ref: https://blog.allenai.org/python-caching-in-github-actions-e9452698e98d | |
- uses: actions/cache@v3 | |
name: Cache Python | |
with: | |
path: ${{ env.pythonLocation }} | |
key: ${{ env.pythonLocation }}-${{ hashFiles('setup.py') }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('pyproject.toml') }} | |
- name: Install Requirements | |
run: | | |
pip install -r requirements.txt | |
- name: Lint with flake8 | |
run: | | |
pip install flake8 | |
flake8 --ignore=E,W src | |
# We continue on error here until the code is clean | |
# flake8 --ignore=E,W --exit-zero . | |
continue-on-error: true | |
################################### PYTEST ################################### | |
pytest: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Set up Python | |
uses: actions/setup-python@v4 | |
with: | |
python-version: '3.12' | |
- name: Install Requirements | |
run: | | |
pip install -r requirements.txt | |
pip install coverage | |
pip install . | |
- name: Test with pytest | |
run: | | |
make test | |
############################ Bandit ################################ | |
bandit: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Set up Python | |
uses: actions/setup-python@v4 | |
with: | |
python-version: '3.12' | |
- name: Install Requirements | |
run: | | |
pip install -r requirements.txt | |
pip install bandit | |
pip install . | |
# Only report high security issues | |
- name: Test with Bandit | |
run: | | |
bandit -r src -n3 -lll | |
############################## test-image-build ############################## | |
test-image-build: | |
runs-on: ubuntu-latest | |
# if: ${{ github.actor == 'dependabot[bot]' }} | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Set short git commit SHA | |
id: vars | |
run: | | |
echo "short_sha=$(git rev-parse --short ${{ github.sha }})" >> $GITHUB_OUTPUT | |
# https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/ | |
- name: Confirm git commit SHA output | |
run: echo ${{ steps.vars.outputs.short_sha }} | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Login to DockerHub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
logout: true | |
- name: Parse Github Reference Name | |
id: branch | |
run: | | |
REF=${{ github.ref_name }} | |
echo "GHR=${REF%/*}" >> $GITHUB_OUTPUT | |
# Notes on Cache: | |
# https://docs.docker.com/build/ci/github-actions/examples/#inline-cache | |
- name: Build Container | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
push: true | |
tags: | | |
${{ github.repository }}:test_${{ steps.branch.outputs.GHR }} | |
cache-from: type=registry,ref=${{ github.repository }}:buildcache | |
cache-to: type=registry,ref=${{ github.repository }}:buildcache,mode=max |