generated from danstis/gotemplate
-
Notifications
You must be signed in to change notification settings - Fork 0
130 lines (125 loc) · 4.46 KB
/
build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
name: Test and Lint
on:
push:
branches:
- main
pull_request:
branches:
- main
schedule:
- cron: "20 7 * * 6"
workflow_dispatch:
env:
PYTHON_VERSION: "3.10"
jobs:
version:
name: Generate version
runs-on: ubuntu-latest
permissions:
contents: write
outputs:
FullSemVer: ${{ steps.gitversion.outputs.FullSemVer }}
PreReleaseTag: ${{ steps.gitversion.outputs.PreReleaseTag }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
- name: Install GitVersion
uses: gittools/actions/gitversion/setup@v1.1.1
with:
versionSpec: "5.x"
- name: Use GitVersion
id: gitversion # step id used as reference for output values
uses: gittools/actions/gitversion/execute@v1.1.1
- name: Create annotation for build error
run: |
echo "::notice::FullSemVer ${{ steps.gitversion.outputs.FullSemVer }}"
echo "::notice::PreReleaseTag ${{ steps.gitversion.outputs.PreReleaseTag }}"
test:
name: Test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5 # https://github.com/marketplace/actions/setup-python
id: setup-python
with:
python-version: ${{ env.PYTHON_VERSION }}
- name: Install Poetry
uses: snok/install-poetry@v1
with:
virtualenvs-create: true
virtualenvs-in-project: true
installer-parallel: true
- name: Load cached venv
id: cached-poetry-dependencies
uses: actions/cache@v4
with:
path: .venv
key: venv-${{ runner.os }}-${{ steps.setup-python.outputs.python-version }}-${{ hashFiles('**/poetry.lock') }}
- name: Install dependencies
if: steps.cached-poetry-dependencies.outputs.cache-hit != 'true'
run: poetry install --no-interaction --no-root
- name: Test with pytest
run: poetry run tox
- uses: actions/upload-artifact@v4
with:
name: test-output
path: coverage.xml
sonarcloud:
name: SonarCloud
runs-on: ubuntu-latest
needs: [version, test]
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
- uses: actions/setup-python@v5 # https://github.com/marketplace/actions/setup-python
id: setup-python
with:
python-version: ${{ env.PYTHON_VERSION }}
- name: Install Poetry
uses: snok/install-poetry@v1
with:
virtualenvs-create: true
virtualenvs-in-project: true
installer-parallel: true
- name: Load cached venv
id: cached-poetry-dependencies
uses: actions/cache@v4
with:
path: .venv
key: venv-${{ runner.os }}-${{ steps.setup-python.outputs.python-version }}-${{ hashFiles('**/poetry.lock') }}
- name: Install dependencies
if: steps.cached-poetry-dependencies.outputs.cache-hit != 'true'
run: poetry install --no-interaction --no-root
- name: Lint with flake8
run: |
# exit-zero treats all errors as warnings
poetry run flake8 ado_asana_sync --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics | tee flake8.out
- name: Lint with Pylint
run: |
poetry run pylint --output-format=parseable --recursive=true ado_asana_sync | tee pylint.out
- name: Security lint with bandit
run: |
poetry run bandit --format json --output bandit.out --exit-zero --recursive ado_asana_sync
- name: Static type check with mypy
run: |
poetry run mypy ado_asana_sync | tee mypy.out
- name: Run Hadolint
uses: hadolint/hadolint-action@v3.1.0 # https://github.com/marketplace/actions/hadolint-action
with:
dockerfile: Dockerfile
output-file: hadolint.out
format: json
failure-threshold: ignore
- uses: actions/download-artifact@v4
with:
name: test-output
- name: SonarCloud Scan
uses: SonarSource/sonarcloud-github-action@master
with:
args: >
-Dsonar.projectVersion=${{ needs.version.outputs.FullSemVer }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}