Skip to content

Add security headers #1202

Add security headers

Add security headers #1202

Workflow file for this run

name: PR checks
on: pull_request
jobs:
run-image:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Build image
run: DOCKER_BUILDKIT=1 docker build --tag juju-is .
- name: Run image
run: |
docker run --detach --env SECRET_KEY=insecure_secret_key --network host juju-is
sleep 1
curl --head --fail --retry-delay 1 --retry 30 --retry-connrefused http://localhost
run-dotrun:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install Dotrun
run: sudo pip3 install dotrun requests==2.31.0 # requests version is pinned to avoid breaking changes, can be removed once issue is resolved: https://github.com/docker/docker-py/issues/3256
- name: Install dependencies
run: |
sudo chmod -R 777 .
dotrun install
- name: Build assets
run: dotrun build
- name: Test site
run: dotrun & curl --head --fail --retry-delay 1 --retry 30 --retry-connrefused http://localhost:8041
lint-scss:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install dependencies
run: yarn install --immutable
- name: Lint scss
run: yarn lint-scss
lint-python:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install node dependencies
run: yarn install --immutable
- name: Install python dependencies
run: |
python3 -m pip install --upgrade pip
sudo pip3 install flake8 black
- name: Lint python
run: yarn lint-python
test-python:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- name: Install requirements
run: |
sudo apt-get update && sudo apt-get install --yes python3-setuptools
sudo pip3 install -r requirements.txt
- name: Install dependencies
run: sudo pip3 install coverage
- name: Install node dependencies
run: yarn install --immutable
- name: Build resources
run: yarn build
- name: Run tests with coverage
run: |
SECRET_KEY=insecure_secret_key coverage run --source=. -m unittest discover tests
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v3
with:
flags: python
check-inclusive-naming:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Check inclusive naming
uses: canonical-web-and-design/inclusive-naming@main
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
reporter: github-pr-review
fail-on-error: true