-
Notifications
You must be signed in to change notification settings - Fork 0
137 lines (112 loc) · 3.49 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
name: Continuos Integration
on:
push:
branches:
- main
# paths:
# - 'docs/changelog.rst'
pull_request:
branches:
- main
schedule:
- cron: '0 0 * * 1' # Every Monday at 00:00 UTC
jobs:
python-check:
runs-on: ubuntu-latest
strategy:
matrix:
python-version: [
"3.7",
"3.8",
"3.9",
"3.10",
"3.11",
"pypy-3.8",
"pypy-3.9"
]
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
with:
python-version: ${{ matrix.python-version }}
cache: "pip"
cache-dependency-path: "requirements/*.txt"
- name: Install Python dependencies
run: |
pip install -r requirements/prod.txt
pip install -r requirements/dev.txt
pip install -e .
- name: Python test and coverage
run: pytest
- name: Save html coverage report
if: ${{ always() && matrix.python-version == '3.11' }}
uses: actions/upload-artifact@v3
with:
name: html-coverage-report
path: tests/coverage-results/htmlcov/
- name: Save xml coverage report
if: ${{ matrix.python-version == '3.11' }}
uses: actions/upload-artifact@v3
with:
name: xml-coverage-report
path: tests/coverage-results/coverage.xml
- name: Python type check
run: mypy .
- name: Python linter
run: dev lint
- name: Code format
run: dev format --check
- name: Security vulnerability scan in Python code
run: dev scan --code
- name: Security vulnerability scan in Python dependencies
run: dev scan --dependencies
- name: Test documentation
run: dev doc --check
docker-check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Build Docker image
run: docker build --tag python-project-template - < docker/Dockerfile
- name: Dockerfile linter
uses: hadolint/[email protected]
with:
dockerfile: docker/Dockerfile
- name: Docker image security vulnerability scan
continue-on-error: true
uses: snyk/actions/docker@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
image: python-project-template
args: --severity-threshold=medium --file=docker/Dockerfile
project-check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
ref: ${{ github.event.pull_request.head.sha }} # Checkout pull request HEAD commit instead of merge commit
fetch-depth: 0
- uses: actions/setup-python@v4
with:
python-version: "3.11"
cache: "pip"
cache-dependency-path: "requirements/*.txt"
- name: Install Python dependencies
run: |
pip install -r requirements/prod.txt
pip install -r requirements/dev.txt
pip install -e .
# TODO study how to check commit messages with emojis
#- name: Check commit messages
# run: gitlint --commits e81c308bf961d35b901575f41e4c353051fed947..
- name: Code format
run: ec -verbose
- name: Shell script linter
run: dev lint --shell
- name: Check if requirements are up to date
run: |
dev requirements
test -z "$(git status --short)"
# - name: Check version information
# run: ./scripts/versioning.py