Skip to content

ci: update github actions steps #5

ci: update github actions steps

ci: update github actions steps #5

name: Building JoyEnergy Api
on:
workflow_dispatch:
pull_request:
push:
paths-ignore:
- 'README.md'
- 'pre-commit-config.yaml'
concurrency:
group: '${{ github.workflow }} @ ${{ github.event.pull_request.head.label || github.head_ref || github.ref }}'
cancel-in-progress: true
env:
docker_image_name: 'joy_energy_api'
docker_registry: 'ghcr.io'
python_version: 3.12
poetry_version: 1.8.1
poetry_home: "/opt/poetry"
jobs:
testing:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v5
with:
python-version: ${{env.python_version}}
- name: Install poetry ${{env.poetry_version}}
shell: bash
run: |
curl -sSL https://install.python-poetry.org | POETRY_HOME=${{env.poetry_home}} python3 - --version ${{env.poetry_version}}
export PATH="${{env.poetry_home}}/bin:$PATH"
poetry --version
- name: Install test dependencies
shell: bash
run: |
export PATH="${{env.poetry_home}}/bin:$PATH"
poetry install --with tests
- name: Run unit tests
shell: bash
run: |
export PATH="${{env.poetry_home}}/bin:$PATH"
poetry run pytest tests/ --cov . --cov-report html
linting:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v5
with:
python-version: ${{env.python_version}}
- name: Install poetry ${{env.poetry_version}}
shell: bash
run: |
curl -sSL https://install.python-poetry.org | POETRY_HOME=${{env.poetry_home}} python3 - --version ${{env.poetry_version}}
export PATH="${{env.poetry_home}}/bin:$PATH"
poetry --version
- name: Install ci dependencies
shell: bash
run: |
export PATH="${{env.poetry_home}}/bin:$PATH"
poetry install --only ci
- name: Run ruff
shell: bash
continue-on-error: true
run: |
export PATH="${{env.poetry_home}}/bin:$PATH"
poetry run ruff check .
- name: Run black
shell: bash
continue-on-error: true
run: |
export PATH="${{env.poetry_home}}/bin:$PATH"
poetry run black . --check
- name: Run hadolint
shell: bash
continue-on-error: true
run: |
docker pull hadolint/hadolint
docker run --rm -i hadolint/hadolint < Dockerfile
containerization:
runs-on: ubuntu-latest
needs:
- testing
- linting
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Building image
shell: bash
run: |
docker build -t ${{ env.docker_image_name }} \
-t ${{ env.docker_registry }}/${{ github.repository }}/${{ env.docker_image_name }}:latest .
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ env.docker_image_name }}
format: 'sarif'
vuln-type: 'library'
severity: 'CRITICAL,HIGH'
output: 'trivy-results.sarif'
- name: Upload Trivy scan results
uses: github/codeql-action/upload-sarif@v3
if: always()
with:
sarif_file: 'trivy-results.sarif'