From 100e04009474a1f269b5965a010b71c75d27cca8 Mon Sep 17 00:00:00 2001 From: Niall Byrne Date: Fri, 14 May 2021 19:07:00 -0400 Subject: [PATCH] ci(GITHUB): add dependency tests to rendered workflows, fix notifications --- .github/workflows/self-test.yml | 29 +++++++++++++------ .../.github/workflows/push.yml | 26 ++++++++++++++--- 2 files changed, 42 insertions(+), 13 deletions(-) diff --git a/.github/workflows/self-test.yml b/.github/workflows/self-test.yml index e5f78c44..a474c570 100644 --- a/.github/workflows/self-test.yml +++ b/.github/workflows/self-test.yml @@ -109,7 +109,7 @@ jobs: strategy: max-parallel: 4 matrix: - python-version: [ 3.7 ] + python-version: [3.7] steps: - name: Security Test -- Set up Python ${{ matrix.python-version }} @@ -117,25 +117,36 @@ jobs: with: python-version: ${{ matrix.python-version }} - - name: Security Test -- Checkout Repository - uses: actions/checkout@v1 + - name: Shellcheck -- Checkout Repository + uses: actions/checkout@v2 + with: + path: 'template' - - name: Security Test -- Check Dependencies + - name: Security Test -- Setup Environment run: | - pip install safety - pip install --upgrade pip - safety check + source ./template/.github/scripts/setup.sh + source ./template/.github/scripts/template.sh + env: + WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }} - name: Security Test -- Run Gitleaks uses: zricethezav/gitleaks-action@master + - name: Security Test -- Check Dependencies + run: | + pip install --upgrade pip safety + cd "${TEMPLATED_NAME}" + poetry install + safety check + cd .. + - name: Shellcheck -- Report Job Status on Success run: | - ./{{cookiecutter.project_slug}}/.github/scripts/notifications.sh "${NOTIFICATION}" "security checks succeeded!" + ./template/{{cookiecutter.project_slug}}/.github/scripts/notifications.sh "${NOTIFICATION}" "security checks succeeded!" - name: Shellcheck -- Report Job Status on Failure if: failure() run: | - ./{{cookiecutter.project_slug}}/.github/scripts/notifications.sh "${NOTIFICATION}" "security checks failed!" + ./template/{{cookiecutter.project_slug}}/.github/scripts/notifications.sh "${NOTIFICATION}" "security checks failed!" shellcheck_test: diff --git a/{{cookiecutter.project_slug}}/.github/workflows/push.yml b/{{cookiecutter.project_slug}}/.github/workflows/push.yml index 7c39a37f..08843b11 100644 --- a/{{cookiecutter.project_slug}}/.github/workflows/push.yml +++ b/{{cookiecutter.project_slug}}/.github/workflows/push.yml @@ -75,19 +75,37 @@ jobs: security_test: runs-on: ubuntu-latest + strategy: + max-parallel: 4 + matrix: + python-version: [3.7] steps: + - name: Security Test -- Set up Python ${{ matrix.python-version }} + uses: actions/setup-python@v1 + with: + python-version: ${{ matrix.python-version }} + - name: Security Test -- Checkout Repository uses: actions/checkout@v1 + - name: Security Test -- Run Gitleaks uses: zricethezav/gitleaks-action@master - - name: Security Test -- Report Success + - name: Security Test -- Check Dependencies + run: | + pip install safety poetry + pip install --upgrade pip + poetry install + safety check + + - name: Shellcheck -- Report Job Status on Success run: | - ./.github/scripts/notifications.sh "${NOTIFICATION}" "security test has passed!" - - name: Security Test -- Report Failure + ./.github/scripts/notifications.sh "${NOTIFICATION}" "security checks succeeded!" + - name: Shellcheck -- Report Job Status on Failure + if: failure() run: | - ./.github/scripts/notifications.sh "${NOTIFICATION}" "security test has failed!" + ./.github/scripts/notifications.sh "${NOTIFICATION}" "security checks failed!" release: needs: [build, documentation_test, security_test]