From a126b99e69096ea3c8e3eeace6e2cebf1dfd3d91 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Tue, 17 Sep 2024 16:55:04 +0200 Subject: [PATCH] [#13] reuse open-api-workflows workflows --- .github/workflows/ci.yml | 153 ++++-------------- .github/workflows/code-quality.yml | 94 +++-------- .github/workflows/codeql-analysis.yml | 51 +----- .../workflows/generate-postman-collection.yml | 26 +-- .github/workflows/generate-sdks.yml | 39 +---- .github/workflows/lint-oas.yml | 24 +-- .github/workflows/oas-check.yml | 25 +++ 7 files changed, 100 insertions(+), 312 deletions(-) create mode 100644 .github/workflows/oas-check.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9f8a0ef0..c0a7bce3 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -29,26 +29,12 @@ jobs: steps: - uses: actions/checkout@v4 - - uses: actions/setup-python@v5 + - name: Set up backend environment + uses: maykinmedia/setup-django-backend@v1.3 with: + apt-packages: 'libgdal-dev gdal-bin' python-version: '3.11' - - uses: actions/setup-node@v4 - with: - node-version: '18' - - - name: Install system packages - run: | - sudo apt-get update \ - && sudo apt-get install -y --no-install-recommends \ - libgdal-dev \ - gdal-bin - - - name: Install dependencies - run: pip install -r requirements/ci.txt codecov - - name: Build frontend - run: | - npm ci - npm run build + setup-node: true - name: Run tests run: | @@ -61,7 +47,7 @@ jobs: DB_PASSWORD: '' - name: Publish coverage report - uses: codecov/codecov-action@v3 + uses: codecov/codecov-action@v4 docs: runs-on: ubuntu-latest @@ -69,19 +55,13 @@ jobs: steps: - uses: actions/checkout@v4 - - uses: actions/setup-python@v5 + - name: Set up backend environment + uses: maykinmedia/setup-django-backend@v1.3 with: + apt-packages: 'libgdal-dev gdal-bin' python-version: '3.11' - cache: 'pip' - cache-dependency-path: 'requirements/*.txt' - - name: Install system packages - run: | - sudo apt-get update \ - && sudo apt-get install -y --no-install-recommends \ - libgdal-dev \ - gdal-bin - - name: Install dependencies - run: pip install -r requirements/ci.txt pytest + setup-node: false + - name: Generate environment variable documentation using OAf and check if it was updated run: | bin/generate_envvar_docs.sh @@ -94,104 +74,27 @@ jobs: env: DJANGO_SETTINGS_MODULE: objects.conf.ci - docker: - needs: tests - - name: Build (and push) Docker image + store-reusable-workflow-vars: + name: create values which can be passed through a reusable workflow runs-on: ubuntu-latest + outputs: + image-name: ${{ steps.image-name.outputs.image-name }} steps: - - uses: actions/checkout@v4 - - - name: Set tag - id: vars - run: | - # Strip git ref prefix from version - VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,') + - run: echo "image-name=$IMAGE_NAME" >> $GITHUB_OUTPUT + name: 'Store the docker image name' + id: image-name - # Strip "v" prefix from tag name (if present at all) - [[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//') - - # Use Docker `latest` tag convention - [ "$VERSION" == "master" ] && VERSION=latest - - echo ::set-output name=tag::${VERSION} - - - name: Build the Docker image - env: - RELEASE_VERSION: ${{ steps.vars.outputs.tag }} - run: docker build . --tag $IMAGE_NAME:$RELEASE_VERSION - - - run: docker image save -o image.tar $IMAGE_NAME:${{ steps.vars.outputs.tag }} - - - name: Store image artifact - uses: actions/upload-artifact@v3 - with: - name: docker-image - path: image.tar - retention-days: 1 - - image_scan: - runs-on: ubuntu-latest - name: Scan docker image - needs: - - docker - - steps: - - name: Download built image - uses: actions/download-artifact@v3 - with: - name: docker-image - - name: Scan image with Trivy - uses: aquasecurity/trivy-action@master - with: - input: /github/workspace/image.tar # from download-artifact - format: 'sarif' - output: 'trivy-results-docker.sarif' - ignore-unfixed: true - - name: Upload results to GH Security tab - uses: github/codeql-action/upload-sarif@v3 - with: - sarif_file: 'trivy-results-docker.sarif' - - publish: + open-api-ci: + uses: maykinmedia/open-api-workflows/.github/workflows/ci.yml@initial-setup needs: - tests - - docker - - name: Push Docker image - runs-on: ubuntu-latest - if: github.event_name == 'push' # exclude PRs - - steps: - - uses: actions/checkout@v4 - - name: Download built image - uses: actions/download-artifact@v3 - with: - name: docker-image - - - name: Determine tag - id: vars - run: | - # Strip git ref prefix from version - VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,') - - # Strip "v" prefix from tag name (if present at all) - [[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//') - - # Use Docker `latest` tag convention - [ "$VERSION" == "master" ] && VERSION=latest - - echo ::set-output name=tag::${VERSION} - - - name: Load image - run: | - docker image load -i image.tar - - - name: Log into registry - run: echo "${{ secrets.DOCKER_TOKEN }}" | docker login -u ${{ secrets.DOCKER_USERNAME }} --password-stdin - - - name: Push the Docker image - env: - RELEASE_VERSION: ${{ steps.vars.outputs.tag }} - run: docker push $IMAGE_NAME:$RELEASE_VERSION + - store-reusable-workflow-vars + with: + main-branch: 'master' + python-version: '3.11' + docker-image-name: ${{ needs.store-reusable-workflow-vars.outputs.image-name }} + repository-owner: 'maykinmedia' + secrets: + docker-username: ${{ secrets.DOCKER_USERNAME }} + docker-token: ${{ secrets.DOCKER_TOKEN }} diff --git a/.github/workflows/code-quality.yml b/.github/workflows/code-quality.yml index 1ed6cc55..34d20360 100644 --- a/.github/workflows/code-quality.yml +++ b/.github/workflows/code-quality.yml @@ -1,77 +1,25 @@ name: code-quality -on: [push] +on: + push: + branches: + - master + paths: + - '**.py' + - '**.yml' + pull_request: + paths: + - '**.py' + - '**.yml' + workflow_dispatch: jobs: - isort: - name: Check import sorting - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v4 - - uses: actions/setup-python@v5 - with: - python-version: '3.11' - - uses: isort/isort-action@v1 - with: - requirementsFiles: requirements/dev.txt - sortPaths: "src docs" - configuration: '--check-only --diff' - - black: - name: Check code formatting with black - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v4 - - uses: actions/setup-python@v5 - with: - python-version: '3.11' - - name: Install dependencies - run: | - pip install -r requirements/dev.txt - - name: Run black - run: | - black --check src docs - - oas-up-to-date: - name: Check for unexepected OAS changes - runs-on: ubuntu-latest - strategy: - matrix: - version: ['v1', 'v2'] - steps: - - uses: actions/checkout@v4 - - uses: actions/setup-python@v5 - with: - python-version: '3.11' - - uses: actions/setup-node@v4 - with: - node-version: '18' - - - name: Install system packages - run: | - sudo apt-get update \ - && sudo apt-get install -y --no-install-recommends \ - libgdal-dev \ - gdal-bin - - - name: Install dependencies - run: pip install -r requirements/ci.txt - - - name: Generate OAS files - run: ./bin/generate_schema.sh ${{ matrix.version }} openapi-${{ matrix.version }}.yaml - env: - DJANGO_SETTINGS_MODULE: objects.conf.ci - - - name: Check for OAS changes - run: | - diff openapi-${{ matrix.version }}.yaml src/objects/api/${{ matrix.version }}/openapi.yaml - - name: Write failure markdown - if: ${{ failure() }} - run: | - echo 'Run the following command locally and commit the changes' >> $GITHUB_STEP_SUMMARY - echo '' >> $GITHUB_STEP_SUMMARY - echo '```bash' >> $GITHUB_STEP_SUMMARY - echo './bin/generate_schema.sh ${{ matrix.version }}' >> $GITHUB_STEP_SUMMARY - echo '```' >> $GITHUB_STEP_SUMMARY + open-api-workflow-code-quality: + uses: maykinmedia/open-api-workflows/.github/workflows/code-quality.yml@initial-setup + with: + apt-packages: 'libgdal-dev gdal-bin' + python-version: '3.11' + node-version: '18' + postgres-image: 'postgis/postgis:12-2.5' + + django-settings-module: 'objects.conf.ci' diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 9d965905..9ed2d5c7 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -21,52 +21,5 @@ on: - cron: '36 0 * * 0' jobs: - analyze: - name: Analyze - runs-on: ubuntu-latest - permissions: - actions: read - contents: read - security-events: write - - strategy: - fail-fast: false - matrix: - language: [ 'javascript', 'python' ] - # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] - # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support - - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v2 - with: - languages: ${{ matrix.language }} - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. - - # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs - # queries: security-extended,security-and-quality - - - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - # If this step fails, then you should remove it and run the build manually (see below) - - name: Autobuild - uses: github/codeql-action/autobuild@v2 - - # ℹī¸ Command-line programs to run using the OS shell. - # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun - - # If the Autobuild fails above, remove it and uncomment the following three lines. - # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. - - # - run: | - # echo "Run, Build Application using script" - # ./location_of_script_within_repo/buildscript.sh - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + open-api-workflow-code-analysis: + uses: maykinmedia/open-api-workflows/.github/workflows/code-analysis.yml@initial-setup diff --git a/.github/workflows/generate-postman-collection.yml b/.github/workflows/generate-postman-collection.yml index 6d4e844f..b6bcca2c 100644 --- a/.github/workflows/generate-postman-collection.yml +++ b/.github/workflows/generate-postman-collection.yml @@ -10,23 +10,13 @@ on: workflow_dispatch: jobs: - run: - runs-on: ubuntu-latest + open-api-workflow-generate-postman-collection: + uses: maykinmedia/open-api-workflows/.github/workflows/generate-postman-collection.yml@initial-setup strategy: matrix: - version: ['v1', 'v2'] - - name: Run with version ${{ matrix.version }} - - steps: - - uses: actions/checkout@v4 - - name: Use Node.js - uses: actions/setup-node@v4 - with: - node-version: '18' - - name: Install dependencies - run: npm install -g openapi-to-postmanv2 - - name: Create tests folder - run: mkdir -p ./tests/postman - - name: Generate Postman collection - run: openapi2postmanv2 -s ./src/objects/api/${{ matrix.version }}/openapi.yaml -o ./tests/postman/collection.json --pretty + version: + - v1 + - v2 + with: + node-version: '18' + schema-path: 'src/objects/api/${{ matrix.version }}/openapi.yaml' diff --git a/.github/workflows/generate-sdks.yml b/.github/workflows/generate-sdks.yml index 2fcd7988..161ed054 100644 --- a/.github/workflows/generate-sdks.yml +++ b/.github/workflows/generate-sdks.yml @@ -10,36 +10,13 @@ on: workflow_dispatch: jobs: - run: - runs-on: ubuntu-latest + open-api-workflow-generate-sdks: + uses: maykinmedia/open-api-workflows/.github/workflows/generate-sdks.yml@initial-setup strategy: matrix: - version: [ 'v1', 'v2' ] - - name: Run with version ${{ matrix.version }} - - steps: - - uses: actions/checkout@v4 - - name: Use Node.js - uses: actions/setup-node@v4 - with: - node-version: '18' - - name: Install dependencies - run: npm install -g @openapitools/openapi-generator-cli - - name: Determing oas path - id: vars - run: echo ::set-output name=oas::./src/objects/api/${{ matrix.version }}/openapi.yaml - - name: Validate schema - run: openapi-generator-cli validate -i ${{ steps.vars.outputs.oas }} - - name: Generate Java client - run: openapi-generator-cli generate -i ${{ steps.vars.outputs.oas }} --global-property=modelTests=false,apiTests=false,modelDocs=false,apiDocs=false \ - -o ./sdks/java -g java --additional-properties=dateLibrary=java8,java8=true,optionalProjectFile=false,optionalAssemblyInfo=false -# - name: Generate .NET Core client -# run: openapi-generator-cli generate -i ${{ steps.vars.outputs.oas }} --global-property=modelTests=false,apiTests=false,modelDocs=false,apiDocs=false \ -# -o ./sdks/netcore -g csharp-netcore --additional-properties=optionalProjectFile=false,optionalAssemblyInfo=false -# - name: Generate .NET Full Framework client -# run: openapi-generator-cli generate -i ${{ steps.vars.outputs.oas }} --global-property=modelTests=false,apiTests=false,modelDocs=false,apiDocs=false \ -# -o ./sdks/net -g csharp --additional-properties=optionalProjectFile=false,optionalAssemblyInfo=false - - name: Generate Python client - run: openapi-generator-cli generate -i ${{ steps.vars.outputs.oas }} --global-property=modelTests=false,apiTests=false,modelDocs=false,apiDocs=false \ - -o ./sdks/python -g python --additional-properties=optionalProjectFile=false,optionalAssemblyInfo=false+ + version: + - v1 + - v2 + with: + node-version: '18' + schema-path: 'src/objects/api/${{ matrix.version }}/openapi.yaml' diff --git a/.github/workflows/lint-oas.yml b/.github/workflows/lint-oas.yml index 8767511b..9c26a18a 100644 --- a/.github/workflows/lint-oas.yml +++ b/.github/workflows/lint-oas.yml @@ -10,21 +10,13 @@ on: workflow_dispatch: jobs: - run: - runs-on: ubuntu-latest + open-api-workflow-lint-oas: + uses: maykinmedia/open-api-workflows/.github/workflows/lint-oas.yml@initial-setup strategy: matrix: - version: [ 'v1', 'v2' ] - - name: Run with version ${{ matrix.version }} - - steps: - - uses: actions/checkout@v4 - - name: Use Node.js - uses: actions/setup-node@v4 - with: - node-version: '18' - - name: Install spectral - run: npm install -g @stoplight/spectral@5 - - name: Run OAS linter - run: spectral lint ./src/objects/api/${{ matrix.version }}/openapi.yaml + version: + - v1 + - v2 + with: + node-version: '18' + schema-path: 'src/objects/api/${{ matrix.version }}/openapi.yaml' diff --git a/.github/workflows/oas-check.yml b/.github/workflows/oas-check.yml new file mode 100644 index 00000000..ec1680e6 --- /dev/null +++ b/.github/workflows/oas-check.yml @@ -0,0 +1,25 @@ +name: check-oas + +on: + push: + paths: + - "src/objects/api/*/openapi.yaml" + - .github/workflows/oas-check.yml + branches: + - '**' + workflow_dispatch: + +jobs: + open-api-workflow-check-oas: + uses: maykinmedia/open-api-workflows/.github/workflows/oas-check.yml@initial-setup + strategy: + matrix: + version: + - v1 + - v2 + with: + schema-path: 'src/objects/api/${{ matrix.version }}/openapi.yaml' + schema-options: "--api-version ${{ matrix.version }}" + python-version: '3.11' + django-settings-module: 'objecttypes.conf.ci' + apt-packages: 'libgdal-dev gdal-bin'