[CI] Move tests from CircleCI to GitHub (#558)

Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>

.github/workflows/checks-workflows.yml

@@ -0,0 +1,29 @@
+name: Checks for GitHub workflows
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches:
+      - main
+
+env:
+  PYTHONUNBUFFERED: 1
+  FORCE_COLOR: 1
+  PYTHON_VERSION: "3.11"
+
+jobs:
+  checks-workflows:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Python ${{ env.PYTHON_VERSION }}
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ env.PYTHON_VERSION }}
+
+      - name: Checks for GitHub workflows
+        run: |
+          python tools/scan_yaml_for_risky_text.py .github/workflows

.github/workflows/test-integration-vizro-ai.yml

@@ -93,3 +93,16 @@ jobs:
           cd ../vizro-ai
           hatch run ${{ matrix.hatch-env }}:pip install ../vizro-core/dist/vizro*.tar.gz
           hatch run ${{ matrix.hatch-env }}:test-integration
+
+      - name: Send custom JSON data to Slack
+        id: slack
+        uses: slackapi/[email protected]
+        if: failure()
+        with:
+          payload: |
+            {
+              "text": "Vizro-ai ${{ matrix.hatch-env }} integration tests build result: ${{ job.status }}\nBranch: ${{ github.head_ref }}\n${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
+            }
+        env:
+          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+          SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK

.github/workflows/vizro-qa-tests-trigger.yml

@@ -0,0 +1,50 @@
+name: Vizro QA tests trigger
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches:
+      - main
+
+env:
+  PYTHONUNBUFFERED: 1
+  FORCE_COLOR: 1
+
+jobs:
+  vizro-qa-test-trigger-fork:
+    if: ${{ github.event.pull_request.head.repo.fork }}
+    name: Vizro QA ${{ matrix.label }} trigger
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        include:
+          - label: integration tests
+          - label: notebooks tests
+    steps:
+      - name: Passed fork step
+        run: echo "Success!"
+
+  vizro-qa-tests-trigger:
+    if: ${{ ! github.event.pull_request.head.repo.fork }}
+    name: Vizro QA ${{ matrix.label }} trigger
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        include:
+          - label: integration tests
+          - label: notebooks test
+    steps:
+      - uses: actions/checkout@v4
+      - name: Tests trigger
+        run: |
+          export INPUT_OWNER=${{ secrets.VIZRO_QA_ORG }}
+          export INPUT_REPO=${{ secrets.VIZRO_QA_REPO }}
+          if [ "${{ matrix.label }}" == "integration tests" ]; then
+            export INPUT_WORKFLOW_FILE_NAME=${{ secrets.VIZRO_QA_INTEGRATION_TESTS_WORKFLOW }}
+          elif [ "${{ matrix.label }}" == "notebooks test" ]; then
+            export INPUT_WORKFLOW_FILE_NAME=${{ secrets.VIZRO_QA_NOTEBOOKS_TESTS_WORKFLOW }}
+          fi
+          export INPUT_GITHUB_TOKEN=${{ secrets.VIZRO_SVC_PAT }}
+          export INPUT_REF=${{ github.head_ref }}
+          tools/trigger-workflow-and-wait.sh

tools/scan_yaml_for_risky_text.py

@@ -0,0 +1,19 @@
+"""Check for security issues in workflows files."""
+
+import sys
+from pathlib import Path
+
+# according to this article: https://nathandavison.com/blog/github-actions-and-the-threat-of-malicious-pull-requests
+# we should avoid using `pull_request_target` for security reasons
+risky_text = "pull_request_target"
+
+
+def find_risky_files(path: str):
+    """Searching for risky text in yml files for given path."""
+    return {file for file in Path(path).rglob("*.yml") if risky_text in file.read_text()}
+
+
+if __name__ == "__main__":
+    risky_files = find_risky_files(sys.argv[1])
+    if risky_files:
+        sys.exit(f"{risky_text} found in files {risky_files}.")