Test and Lint #495
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Test and Lint | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
branches: | |
- main | |
schedule: | |
- cron: "20 7 * * 6" | |
workflow_dispatch: | |
env: | |
PYTHON_VERSION: "3.10" | |
jobs: | |
version: | |
name: Generate version | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write | |
outputs: | |
FullSemVer: ${{ steps.gitversion.outputs.FullSemVer }} | |
PreReleaseTag: ${{ steps.gitversion.outputs.PreReleaseTag }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis | |
- name: Install GitVersion | |
uses: gittools/actions/gitversion/setup@v1.1.1 | |
with: | |
versionSpec: "5.x" | |
- name: Use GitVersion | |
id: gitversion # step id used as reference for output values | |
uses: gittools/actions/gitversion/execute@v1.1.1 | |
- name: Create annotation for build error | |
run: | | |
echo "::notice::FullSemVer ${{ steps.gitversion.outputs.FullSemVer }}" | |
echo "::notice::PreReleaseTag ${{ steps.gitversion.outputs.PreReleaseTag }}" | |
test: | |
name: Test | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-python@v5 # https://github.com/marketplace/actions/setup-python | |
id: setup-python | |
with: | |
python-version: ${{ env.PYTHON_VERSION }} | |
- name: Install Poetry | |
uses: snok/install-poetry@v1 | |
with: | |
virtualenvs-create: true | |
virtualenvs-in-project: true | |
installer-parallel: true | |
- name: Load cached venv | |
id: cached-poetry-dependencies | |
uses: actions/cache@v4 | |
with: | |
path: .venv | |
key: venv-${{ runner.os }}-${{ steps.setup-python.outputs.python-version }}-${{ hashFiles('**/poetry.lock') }} | |
- name: Install dependencies | |
if: steps.cached-poetry-dependencies.outputs.cache-hit != 'true' | |
run: poetry install --no-interaction --no-root | |
- name: Test with pytest | |
run: poetry run tox | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: test-output | |
path: coverage.xml | |
sonarcloud: | |
name: SonarCloud | |
runs-on: ubuntu-latest | |
needs: [version, test] | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis | |
- uses: actions/setup-python@v5 # https://github.com/marketplace/actions/setup-python | |
id: setup-python | |
with: | |
python-version: ${{ env.PYTHON_VERSION }} | |
- name: Install Poetry | |
uses: snok/install-poetry@v1 | |
with: | |
virtualenvs-create: true | |
virtualenvs-in-project: true | |
installer-parallel: true | |
- name: Load cached venv | |
id: cached-poetry-dependencies | |
uses: actions/cache@v4 | |
with: | |
path: .venv | |
key: venv-${{ runner.os }}-${{ steps.setup-python.outputs.python-version }}-${{ hashFiles('**/poetry.lock') }} | |
- name: Install dependencies | |
if: steps.cached-poetry-dependencies.outputs.cache-hit != 'true' | |
run: poetry install --no-interaction --no-root | |
- name: Lint with flake8 | |
run: | | |
# exit-zero treats all errors as warnings | |
poetry run flake8 ado_asana_sync --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics | tee flake8.out | |
- name: Lint with Pylint | |
run: | | |
poetry run pylint --output-format=parseable --recursive=true ado_asana_sync | tee pylint.out | |
- name: Security lint with bandit | |
run: | | |
poetry run bandit --format json --output bandit.out --exit-zero --recursive ado_asana_sync | |
- name: Static type check with mypy | |
run: | | |
poetry run mypy ado_asana_sync | tee mypy.out | |
- name: Run Hadolint | |
uses: hadolint/hadolint-action@v3.1.0 # https://github.com/marketplace/actions/hadolint-action | |
with: | |
dockerfile: Dockerfile | |
output-file: hadolint.out | |
format: json | |
failure-threshold: ignore | |
- uses: actions/download-artifact@v4 | |
with: | |
name: test-output | |
- name: SonarCloud Scan | |
uses: SonarSource/sonarcloud-github-action@master | |
with: | |
args: > | |
-Dsonar.projectVersion=${{ needs.version.outputs.FullSemVer }} | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} |