feat: Add security headers #1256
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: PR checks | |
on: pull_request | |
env: | |
SECRET_KEY: insecure_test_key | |
jobs: | |
run-image: | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Build image | |
run: DOCKER_BUILDKIT=1 docker build --tag jaas-ai . | |
- name: Run image | |
run: | | |
docker run --detach --network host --env SECRET_KEY=insecure_secret_key jaas-ai | |
sleep 1 | |
curl --head --fail --retry-delay 1 --retry 30 --retry-connrefused http://localhost | |
run-dotrun: | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Install dotrun | |
run: sudo pip3 install dotrun requests==2.31.0 # requests version is pinned to avoid breaking changes, can be removed once issue is resolved: https://github.com/docker/docker-py/issues/3256 | |
- name: Install dependencies | |
run: | | |
sudo chmod -R 777 . | |
dotrun install | |
- name: Build assets | |
run: dotrun build | |
- name: Test site | |
run: dotrun serve & curl --head --fail --retry-delay 1 --retry 30 --retry-connrefused http://localhost:8029 | |
lint-scss: | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Install dependencies | |
run: yarn install --immutable | |
- name: Lint scss | |
run: yarn lint-scss | |
lint-python: | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Install node dependencies | |
run: yarn install --immutable | |
- name: Install python dependencies | |
run: | | |
python3 -m pip install --upgrade pip | |
sudo pip3 install flake8 black | |
- name: Lint python | |
run: yarn lint-python | |
test-python: | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Install requirements | |
run: | | |
sudo apt-get update && sudo apt-get install --yes python3-setuptools | |
sudo pip3 install -r requirements.txt | |
- name: Install dependencies | |
run: sudo pip3 install coverage | |
- name: Run tests with coverage | |
run: yarn run test-python | |
- name: Upload coverage to Codecov | |
uses: codecov/codecov-action@v3 | |
with: | |
flags: python | |
check-build: | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Install dependencies | |
run: yarn | |
- name: Check the project builds | |
run: yarn run build | |
check-prettier: | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Install dependencies | |
run: yarn | |
- name: Run tests | |
run: yarn run check-prettier | |
js-lint: | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Install dependencies | |
run: yarn | |
- name: Lint js with eslint | |
run: yarn run lint-js | |
test-js: | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Install dependencies | |
run: yarn install --immutable | |
- name: Test JS | |
run: yarn test-js | |
- name: Upload coverage to Codecov | |
uses: codecov/codecov-action@v3 | |
with: | |
flags: javascript | |
check-inclusive-naming: | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v2 | |
- name: Check inclusive naming | |
uses: canonical-web-and-design/inclusive-naming@main | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
reporter: github-pr-review | |
fail-on-error: true |