-
Notifications
You must be signed in to change notification settings - Fork 93
123 lines (105 loc) · 3.4 KB
/
build.pipeline.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
name: Building JoyEnergy Api
on:
workflow_dispatch:
pull_request:
push:
paths-ignore:
- 'README.md'
- 'pre-commit-config.yaml'
concurrency:
group: '${{ github.workflow }} @ ${{ github.event.pull_request.head.label || github.head_ref || github.ref }}'
cancel-in-progress: true
env:
docker_image_name: 'joy_energy_api'
docker_registry: 'ghcr.io'
python_version: 3.12
poetry_version: 1.8.1
poetry_home: "/opt/poetry"
jobs:
testing:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v5
with:
python-version: ${{env.python_version}}
- name: Install poetry ${{env.poetry_version}}
shell: bash
run: |
curl -sSL https://install.python-poetry.org | POETRY_HOME=${{env.poetry_home}} python3 - --version ${{env.poetry_version}}
export PATH="${{env.poetry_home}}/bin:$PATH"
poetry --version
- name: Install test dependencies
shell: bash
run: |
export PATH="${{env.poetry_home}}/bin:$PATH"
poetry install --with tests
- name: Run unit tests
shell: bash
run: |
export PATH="${{env.poetry_home}}/bin:$PATH"
poetry run pytest tests/ --cov . --cov-report html
linting:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v5
with:
python-version: ${{env.python_version}}
- name: Install poetry ${{env.poetry_version}}
shell: bash
run: |
curl -sSL https://install.python-poetry.org | POETRY_HOME=${{env.poetry_home}} python3 - --version ${{env.poetry_version}}
export PATH="${{env.poetry_home}}/bin:$PATH"
poetry --version
- name: Install ci dependencies
shell: bash
run: |
export PATH="${{env.poetry_home}}/bin:$PATH"
poetry install --only ci
- name: Run ruff
shell: bash
continue-on-error: true
run: |
export PATH="${{env.poetry_home}}/bin:$PATH"
poetry run ruff check .
- name: Run black
shell: bash
continue-on-error: true
run: |
export PATH="${{env.poetry_home}}/bin:$PATH"
poetry run black . --check
- name: Run hadolint
shell: bash
continue-on-error: true
run: |
docker pull hadolint/hadolint
docker run --rm -i hadolint/hadolint < Dockerfile
containerization:
runs-on: ubuntu-latest
needs:
- testing
- linting
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Building image
shell: bash
run: |
docker build -t ${{ env.docker_image_name }} \
-t ${{ env.docker_registry }}/${{ github.repository }}/${{ env.docker_image_name }}:latest .
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ env.docker_image_name }}
format: 'sarif'
vuln-type: 'library'
severity: 'CRITICAL,HIGH'
output: 'trivy-results.sarif'
- name: Upload Trivy scan results
uses: github/codeql-action/upload-sarif@v3
if: always()
with:
sarif_file: 'trivy-results.sarif'