generated from danstis/gotemplate
-
Notifications
You must be signed in to change notification settings - Fork 0
128 lines (123 loc) · 4.43 KB
/
build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
name: Test and Lint
on:
push:
branches:
- main
pull_request:
branches:
- main
workflow_dispatch:
env:
PYTHON_VERSION: "3.10"
jobs:
version:
name: Generate version
runs-on: ubuntu-latest
permissions:
contents: write
outputs:
FullSemVer: ${{ steps.gitversion.outputs.FullSemVer }}
PreReleaseTag: ${{ steps.gitversion.outputs.PreReleaseTag }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
- name: Install GitVersion
uses: gittools/actions/gitversion/setup@v0.11.0
with:
versionSpec: "5.x"
- name: Use GitVersion
id: gitversion # step id used as reference for output values
uses: gittools/actions/gitversion/execute@v0.11.0
- name: Create annotation for build error
run: |
echo "::notice::FullSemVer ${{ steps.gitversion.outputs.FullSemVer }}"
echo "::notice::PreReleaseTag ${{ steps.gitversion.outputs.PreReleaseTag }}"
test:
name: Test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5 # https://github.com/marketplace/actions/setup-python
id: setup-python
with:
python-version: ${{ env.PYTHON_VERSION }}
- name: Install Poetry
uses: snok/install-poetry@v1
with:
virtualenvs-create: true
virtualenvs-in-project: true
installer-parallel: true
- name: Load cached venv
id: cached-poetry-dependencies
uses: actions/cache@v4
with:
path: .venv
key: venv-${{ runner.os }}-${{ steps.setup-python.outputs.python-version }}-${{ hashFiles('**/poetry.lock') }}
- name: Install dependencies
if: steps.cached-poetry-dependencies.outputs.cache-hit != 'true'
run: poetry install --no-interaction --no-root
- name: Test with pytest
run: poetry run tox
- uses: actions/upload-artifact@v4
with:
name: test-output
path: coverage.xml
sonarcloud:
name: SonarCloud
runs-on: ubuntu-latest
needs: [version, test]
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
- uses: actions/setup-python@v5 # https://github.com/marketplace/actions/setup-python
id: setup-python
with:
python-version: ${{ env.PYTHON_VERSION }}
- name: Install Poetry
uses: snok/install-poetry@v1
with:
virtualenvs-create: true
virtualenvs-in-project: true
installer-parallel: true
- name: Load cached venv
id: cached-poetry-dependencies
uses: actions/cache@v4
with:
path: .venv
key: venv-${{ runner.os }}-${{ steps.setup-python.outputs.python-version }}-${{ hashFiles('**/poetry.lock') }}
- name: Install dependencies
if: steps.cached-poetry-dependencies.outputs.cache-hit != 'true'
run: poetry install --no-interaction --no-root
- name: Lint with flake8
run: |
# exit-zero treats all errors as warnings
poetry run flake8 ado_asana_sync --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics | tee flake8.out
- name: Lint with Pylint
run: |
poetry run pylint --output-format=parseable --recursive=true ado_asana_sync | tee pylint.out
- name: Security lint with bandit
run: |
poetry run bandit --format json --output bandit.out --exit-zero --recursive ado_asana_sync
- name: Static type check with mypy
run: |
poetry run mypy ado_asana_sync | tee mypy.out
- name: Run Hadolint
uses: hadolint/hadolint-action@v3.1.0 # https://github.com/marketplace/actions/hadolint-action
with:
dockerfile: Dockerfile
output-file: hadolint.out
format: json
failure-threshold: ignore
- uses: actions/download-artifact@v4
with:
name: test-output
- name: SonarCloud Scan
uses: SonarSource/sonarcloud-github-action@master
with:
args: >
-Dsonar.projectVersion=${{ needs.version.outputs.FullSemVer }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}