ci(GITHUB): add dependency tests to rendered workflows, fix notificat…

…ions
niall-byrne · May 19, 2021 · 100e040 · 100e040
1 parent 9a5cd06
commit 100e040
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 13 deletions.
diff --git a/.github/workflows/self-test.yml b/.github/workflows/self-test.yml
@@ -109,33 +109,44 @@ jobs:
     strategy:
       max-parallel: 4
       matrix:
-        python-version: [ 3.7 ]
+        python-version: [3.7]
 
     steps:
       - name: Security Test -- Set up Python ${{ matrix.python-version }}
         uses: actions/setup-python@v1
         with:
           python-version: ${{ matrix.python-version }}
 
-      - name: Security Test -- Checkout Repository
-        uses: actions/checkout@v1
+      - name: Shellcheck -- Checkout Repository
+        uses: actions/checkout@v2
+        with:
+          path: 'template'
 
-      - name: Security Test -- Check Dependencies
+      - name: Security Test -- Setup Environment
         run: |
-          pip install safety
-          pip install --upgrade pip
-          safety check
+          source ./template/.github/scripts/setup.sh
+          source ./template/.github/scripts/template.sh
+        env:
+          WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
 
       - name: Security Test -- Run Gitleaks
         uses: zricethezav/gitleaks-action@master
 
+      - name: Security Test -- Check Dependencies
+        run: |
+          pip install --upgrade pip safety
+          cd "${TEMPLATED_NAME}"
+            poetry install
+            safety check
+          cd ..
+
       - name: Shellcheck -- Report Job Status on Success
         run: |
-          ./{{cookiecutter.project_slug}}/.github/scripts/notifications.sh "${NOTIFICATION}" "security checks succeeded!"
+          ./template/{{cookiecutter.project_slug}}/.github/scripts/notifications.sh "${NOTIFICATION}" "security checks succeeded!"
       - name: Shellcheck -- Report Job Status on Failure
         if: failure()
         run: |
-          ./{{cookiecutter.project_slug}}/.github/scripts/notifications.sh "${NOTIFICATION}" "security checks failed!"
+          ./template/{{cookiecutter.project_slug}}/.github/scripts/notifications.sh "${NOTIFICATION}" "security checks failed!"
 
   shellcheck_test:
 

diff --git a/{{cookiecutter.project_slug}}/.github/workflows/push.yml b/{{cookiecutter.project_slug}}/.github/workflows/push.yml
@@ -75,19 +75,37 @@ jobs:
   security_test:
 
     runs-on: ubuntu-latest
+    strategy:
+      max-parallel: 4
+      matrix:
+        python-version: [3.7]
 
     steps:
+      - name: Security Test -- Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v1
+        with:
+          python-version: ${{ matrix.python-version }}
+
       - name: Security Test -- Checkout Repository
         uses: actions/checkout@v1
+
       - name: Security Test -- Run Gitleaks
         uses: zricethezav/gitleaks-action@master
 
-      - name: Security Test -- Report Success
+      - name: Security Test -- Check Dependencies
+        run: |
+          pip install safety poetry
+          pip install --upgrade pip
+          poetry install
+          safety check
+
+      - name: Shellcheck -- Report Job Status on Success
         run: |
-          ./.github/scripts/notifications.sh "${NOTIFICATION}" "security test has passed!"
-      - name: Security Test -- Report Failure
+          ./.github/scripts/notifications.sh "${NOTIFICATION}" "security checks succeeded!"
+      - name: Shellcheck -- Report Job Status on Failure
+        if: failure()
         run: |
-          ./.github/scripts/notifications.sh "${NOTIFICATION}" "security test has failed!"
+          ./.github/scripts/notifications.sh "${NOTIFICATION}" "security checks failed!"
   
   release:
     needs: [build, documentation_test, security_test]