[Backport master] Install Snyk on demand to have a smaller package #5222
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Continuous integration | |
| on: | |
| push: | |
| branches: | |
| - master | |
| - '[0-9]+.[0-9]+' | |
| tags: | |
| - '*' | |
| paths-ignore: | |
| - example-project/** | |
| pull_request: | |
| env: | |
| HAS_SECRETS: ${{ secrets.HAS_SECRETS }} | |
| jobs: | |
| main: | |
| runs-on: ubuntu-22.04 | |
| name: Continuous integration | |
| timeout-minutes: 20 | |
| if: "!startsWith(github.event.head_commit.message, '[skip ci] ')" | |
| steps: | |
| - run: docker system prune --all --force | |
| - run: dpkg -l | |
| - run: pip install pyOpenSSL --upgrade | |
| - run: python3 -m pip freeze | |
| - uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - uses: camptocamp/initialise-gopass-summon-action@v2 | |
| with: | |
| ci-gpg-private-key: ${{secrets.CI_GPG_PRIVATE_KEY}} | |
| github-gopass-ci-token: ${{secrets.GOPASS_CI_GITHUB_TOKEN}} | |
| patterns: pypi docker | |
| if: env.HAS_SECRETS == 'HAS_SECRETS' | |
| - run: echo "${HOME}/.local/bin" >> ${GITHUB_PATH} | |
| - run: python3 -m pip install --user --requirement=requirements.txt | |
| - run: poetry build | |
| env: | |
| POETRY_DYNAMIC_VERSIONING_BYPASS: 0.0.0 | |
| - run: python3 -m pip install --user --force-reinstall dist/c2cciutils-0.0.0-py3-none-any.whl[checks,publish] | |
| - run: rm -rf dist build | |
| - uses: actions/cache@v3 | |
| with: | |
| path: ~/.cache/pre-commit | |
| key: pre-commit-${{ hashFiles('.pre-commit-config.yaml') }} | |
| restore-keys: "pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}\npre-commit-" | |
| - run: pre-commit run --all-files | |
| env: | |
| SKIP: poetry-lock,pipenv-lock,helm-lock | |
| - run: git diff && false | |
| if: failure() | |
| - name: Print the environment | |
| run: c2cciutils-env | |
| env: | |
| GITHUB_EVENT: ${{ toJson(github) }} | |
| - name: Build | |
| run: make build | |
| - name: Checks | |
| run: make checks | |
| - name: Build example | |
| run: | | |
| # Workaround to get the right Makefile | |
| docker builder prune --all --force | |
| cd example-project/ | |
| GITHUB_REPOSITORY=camptocamp/project make build | |
| GITHUB_REPOSITORY=camptocamp/project make checks | |
| # Rebuild the right image | |
| - name: Build | |
| run: make build | |
| - name: Publish | |
| run: c2cciutils-publish | |
| if: | | |
| env.HAS_SECRETS == 'HAS_SECRETS' | |
| k8s: | |
| runs-on: ubuntu-22.04 | |
| name: Kubernetes | |
| timeout-minutes: 20 | |
| if: "!startsWith(github.event.head_commit.message, '[skip ci] ')" | |
| steps: | |
| - run: docker system prune --all --force | |
| - uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - run: echo "${HOME}/.local/bin" >> ${GITHUB_PATH} | |
| - run: python3 -m pip install --user --requirement=requirements.txt | |
| - run: poetry build | |
| env: | |
| POETRY_DYNAMIC_VERSIONING_BYPASS: 0.0.0 | |
| - run: python3 -m pip install --user --force-reinstall dist/c2cciutils-0.0.0-py3-none-any.whl[k8s] | |
| - run: rm -rf dist build | |
| - name: Install | |
| run: c2cciutils-k8s-install | |
| - name: Create DB | |
| run: c2cciutils-k8s-db --script=test/init.sql | |
| - run: kubectl run test-pod --restart=Never --namespace=default --image=busybox --command -- tail -f /dev/null | |
| - name: Wait | |
| run: c2cciutils-k8s-wait | |
| - name: Logs | |
| run: c2cciutils-k8s-logs | |
| if: always() | |
| - name: Clean the database | |
| run: c2cciutils-k8s-db --cleanup | |
| if: always() | |
| audit: | |
| runs-on: ubuntu-22.04 | |
| name: Audit | |
| timeout-minutes: 10 | |
| if: "!startsWith(github.event.head_commit.message, '[skip ci] ')" | |
| steps: | |
| - run: docker system prune --all --force | |
| - uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 1 | |
| - uses: camptocamp/initialise-gopass-summon-action@v2 | |
| with: | |
| ci-gpg-private-key: ${{secrets.CI_GPG_PRIVATE_KEY}} | |
| github-gopass-ci-token: ${{secrets.GOPASS_CI_GITHUB_TOKEN}} | |
| - run: python3 -m pip install --user --requirement=requirements.txt | |
| - run: ~/.local/bin/poetry build | |
| env: | |
| POETRY_DYNAMIC_VERSIONING_BYPASS: 0.0.0 | |
| - run: python3 -m venv ~/.venv | |
| - run: ~/.venv/bin/pip install --force-reinstall dist/c2cciutils-0.0.0-py3-none-any.whl[audit] | |
| - run: python3 -m pip install dist/c2cciutils-0.0.0-py3-none-any.whl[audit] | |
| - name: Check .tool-versions file existence | |
| id: tool-versions | |
| uses: andstor/file-existence-action@v2 | |
| with: | |
| files: .tool-versions | |
| - uses: asdf-vm/actions/install@v2 | |
| if: steps.tool-versions.outputs.files_exists == 'true' | |
| - run: cat /tmp/python-build.*.log | |
| if: failure() | |
| - run: python --version | |
| - name: Audit | |
| run: ~/.venv/bin/c2cciutils-audit --branch=${{ github.ref }} | |
| env: | |
| TEST: 'TRUE' | |
| GITHUB_TOKEN: ${{ github.token }} |