-
Notifications
You must be signed in to change notification settings - Fork 0
114 lines (93 loc) · 2.86 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
name: Continuos Integration
on:
push:
branches:
- main
pull_request:
branches:
- main
schedule:
- cron: '0 0 * * 1' # Every Monday at 00:00 UTC
jobs:
python-check:
runs-on: ubuntu-latest
strategy:
matrix:
python-version: [
"3.7",
"3.8",
"3.9",
"3.10",
"pypy-3.8"
]
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v3
with:
python-version: ${{ matrix.python-version }}
cache: "pip"
cache-dependency-path: "requirements/*.txt"
- name: Install Python dependencies
run: pip install -r requirements/dev.txt
- name: Python test and coverage
run: pytest
- name: Save html coverage report
if: ${{ always() && matrix.python-version == '3.10' }}
uses: actions/upload-artifact@v2
with:
name: html-coverage-report
path: tests/coverage-results/htmlcov/
- name: Python type check
run: mypy .
- name: Python linter
run: |
prospector
prospector --profile tests/.prospector.yaml tests
- name: Code format
run: |
isort --check --diff .
black --check --diff .
- name: Security vulnerability scan
run: |
bandit --recursive scripts/docky_cli
safety check --file requirements/dev.txt --full-report
- name: Test documentation
run: |
sphinx-apidoc --module-first --private --output-dir docs/modules scripts/docky_cli
sphinx-build -W -T -v -n docs public
docker-check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Build Docker image
run: docker build --tag docky --file docker/Dockerfile .
- name: Dockerfile linter
uses: hadolint/[email protected]
with:
dockerfile: docker/Dockerfile
- name: Docker image security vulnerability scan
continue-on-error: true
uses: snyk/actions/docker@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
image: docky
args: --severity-threshold=medium --file=docker/Dockerfile
project-check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
ref: ${{ github.event.pull_request.head.sha }} # Checkout pull request HEAD commit instead of merge commit
fetch-depth: 0
- uses: actions/setup-python@v3
with:
python-version: "3.10"
cache: "pip"
cache-dependency-path: "requirements/*.txt"
- name: Install Python dependencies
run: pip install -r requirements/dev.txt
- name: Check commit messages
run: gitlint --commits 772eaa91b3439a567009a54af61d2962c179dd11..
- name: Code format
run: ec -verbose