[MISC] CI improvements (#112)

canonical · Jul 5, 2024 · 3116ca7 · 3116ca7
1 parent 7c7e1a7
commit 3116ca7
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 43 deletions.
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -40,20 +40,8 @@ jobs:
       - name: Run tests
         run: tox run -e unit
 
-  security-test:
-    name: Security tests
-    runs-on: ubuntu-22.04
-    timeout-minutes: 5
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-      - name: Install tox
-        # TODO: Consider replacing with custom image on self-hosted runner OR pinning version
-        run: python3 -m pip install tox
-      - name: Run tests
-        run: tox run -e security
-
   sync-docs:
+    if: ${{ github.event_name != 'pull_request' || startsWith(github.event.pull_request.head.repo.full_name, 'canonical/') }}
     uses: ./.github/workflows/sync_docs.yaml
     secrets: inherit
     permissions:

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -8,39 +8,22 @@ on:
       - main
 
 jobs:
-  lib-check:
-    name: Check libraries
-    runs-on: ubuntu-22.04
-    timeout-minutes: 5
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-      - name: Check libs
-        uses: canonical/charming-actions/[email protected]
-        with:
-          credentials: "${{ secrets.CHARMHUB_TOKEN }}" # FIXME: current token will expire in 2023-07-04
-          github-token: "${{ secrets.GITHUB_TOKEN }}"
+
+  build:
+    name: Build charm
+    uses: canonical/data-platform-workflows/.github/workflows/build_charm_without_cache.yaml@v7
 
   ci-tests:
-    needs:
-      - lib-check
     uses: ./.github/workflows/ci.yaml
     secrets: inherit
     permissions:
       contents: write  # Needed to login to Discourse
       pull-requests: write # Need to create PR
       actions: write
 
-  build:
-    name: Build charm
-    uses: canonical/data-platform-workflows/.github/workflows/build_charm_without_cache.yaml@v7
-
   release:
     name: Release to Charmhub
     needs:
-      - lib-check
       - ci-tests
       - build
     uses: canonical/data-platform-workflows/.github/workflows/release_charm.yaml@v7

diff --git a/tox.ini b/tox.ini
@@ -76,15 +76,6 @@ commands =
     poetry run coverage report
     poetry run coverage xml
 
-[testenv:security]
-description = Run security tests
-commands =
-    poetry install --with security
-    poetry run bandit -r {[vars]src_path}
-    # uncomment the following line if this charm owns a lib
-    # bandit -r {[vars]lib_path}
-    poetry run safety check
-
 [testenv:integration-{charm,provider,scaling,password-rotation,tls,upgrade,ha}]
 description = Run integration tests
 pass_env =