Merge pull request #64 from release-engineering/deps/pip-compile #333
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Tox tests | |
on: [push, pull_request] | |
jobs: | |
linting: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install OS packages | |
run: | | |
sudo apt-get -y update | |
sudo apt-get install -y rpm | |
sudo apt-get install -y libkrb5-dev | |
- name: Setup Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: 3.9 | |
- name: Install Tox | |
run: pip install tox 'virtualenv<20.21.1' | |
- name: Run Linting | |
run: tox -e lint | |
mypy: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install OS packages | |
run: | | |
sudo apt-get -y update | |
sudo apt-get install -y rpm | |
sudo apt-get install -y libkrb5-dev | |
- name: Setup Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: 3.9 | |
- name: Install Tox | |
run: pip install tox 'virtualenv<20.21.1' | |
- name: Run MyPy | |
run: tox -e mypy | |
unit-tests: | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
# https://raw.githubusercontent.com/actions/python-versions/main/versions-manifest.json | |
python-version: ["3.9", "3.10", "3.11", "3.12", "3.13"] | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up Python ${{ matrix.python-version }} | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ matrix.python-version }} | |
- name: Install OS packages | |
run: | | |
sudo apt-get -y update | |
sudo apt-get install -y rpm | |
sudo apt-get install -y libkrb5-dev | |
- name: Install Tox | |
run: pip install tox | |
- name: Test on ${{ matrix.python-version }} | |
run: tox -e "py${{ matrix.python-version }}" | |
coverage: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install OS packages | |
run: | | |
sudo apt-get -y update | |
sudo apt-get install -y rpm | |
sudo apt-get install -y libkrb5-dev | |
- name: Setup Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: 3.9 | |
- name: Install Tox | |
run: pip install tox 'virtualenv<20.21.1' | |
- name: Install pytest cov | |
run: pip install pytest-cov | |
- name: Run Tox | |
run: tox -e coverage | |
security: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install OS packages | |
run: | | |
sudo apt-get -y update | |
sudo apt-get install -y rpm | |
sudo apt-get install -y libkrb5-dev | |
- name: Setup Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: 3.9 | |
- name: Install Tox | |
run: pip install tox | |
- name: Run Tox | |
run: tox -e security | |
- name: Install project | |
run: python -m pip install . | |
- name: Run pip-audit | |
uses: pypa/[email protected] | |
with: | |
inputs: requirements.txt requirements-test.txt | |
- name: Cache OWASP | |
uses: actions/cache@v4 | |
with: | |
path: .code_scanning/dependency-check | |
key: ${{ runner.os }}-build-owasp-${{ hashFiles('**/requirements.txt') }} | |
restore-keys: ${{ runner.os }}-build-owasp- | |
- name: OWASP check | |
run: | | |
VERSION=$(curl -s https://jeremylong.github.io/DependencyCheck/current.txt) | |
curl -L "https://github.com/jeremylong/DependencyCheck/releases/download/v$VERSION/dependency-check-$VERSION-release.zip" --output dependency-check.zip | |
unzip -o dependency-check.zip | |
rm -f dependency-check.zip | |
./dependency-check/bin/dependency-check.sh \ | |
--project "starmap-client" \ | |
--out "dependency-check" \ | |
--format "ALL" \ | |
--nvdApiKey ${{ secrets.OWASP_API_KEY }} \ | |
--enableExperimental \ | |
--scan . \ | |
--data .code_scanning/dependency-check/data \ | |
--exclude '**/dependency-check/**' \ | |
--exclude '**/build/**' \ | |
--exclude '**/.tox/**' \ | |
--exclude '**/.git/**' \ | |
--failOnCVSS ${{ vars.OWASP_CVSS_LEVEL}} \ | |
--disableMSBuild \ | |
--disableNodeJS \ | |
--disableYarnAudit \ | |
--disablePnpmAudit \ | |
--disableNodeAudit \ | |
--disableRubygems \ | |
--disableBundleAudit \ | |
--disableCocoapodsAnalyzer \ | |
--disableSwiftPackageManagerAnalyzer \ | |
--disableSwiftPackageResolvedAnalyzer \ | |
--disableAutoconf \ | |
--disableJar \ | |
--disableCpan \ | |
--disableDart \ | |
--disableNugetconf \ | |
--disableAssembly \ | |
--disableGolangDep \ | |
--disableGolangMod \ | |
--disableMixAudit \ | |
--disableRetireJS \ | |
-log "${OUTPUT_PATH}/dependency-check/dependency-check.log" \ | |
|| exit_code=$? | |
exit $exit_code | |
- name: Store OWASP report | |
uses: actions/upload-artifact@v4 | |
if: always() | |
with: | |
name: owasp-report | |
path: | | |
dependency-check/dependency-check-report.html | |
dependency-check/dependency-check-report.xml | |
dependency-check/dependency-check-report.json | |
dependency-check/dependency-check-report.csv | |
dependency-check/dependency-check-report.sarif | |
docs: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install OS packages | |
run: | | |
sudo apt-get -y update | |
sudo apt-get install -y rpm | |
sudo apt-get install -y libkrb5-dev | |
- name: Setup Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: 3.9 | |
- name: Install Tox | |
run: pip install tox 'virtualenv<20.21.1' | |
- name: Run Tox | |
run: tox -e docs | |