Continuos Integration #164
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Continuos Integration | |
on: | |
push: | |
branches: | |
- main | |
# paths: | |
# - 'docs/changelog.rst' | |
pull_request: | |
branches: | |
- main | |
schedule: | |
- cron: '0 0 * * 1' # Every Monday at 00:00 UTC | |
jobs: | |
python-check: | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
python-version: [ | |
"3.7", | |
"3.8", | |
"3.9", | |
"3.10", | |
"3.11", | |
"pypy-3.8", | |
"pypy-3.9" | |
] | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: ${{ matrix.python-version }} | |
cache: "pip" | |
cache-dependency-path: "requirements/*.txt" | |
- name: Install Python dependencies | |
run: | | |
pip install -r requirements/prod.txt | |
pip install -r requirements/dev.txt | |
pip install -e . | |
- name: Python test and coverage | |
run: pytest | |
- name: Save html coverage report | |
if: ${{ always() && matrix.python-version == '3.11' }} | |
uses: actions/upload-artifact@v3 | |
with: | |
name: html-coverage-report | |
path: tests/coverage-results/htmlcov/ | |
- name: Save xml coverage report | |
if: ${{ matrix.python-version == '3.11' }} | |
uses: actions/upload-artifact@v3 | |
with: | |
name: xml-coverage-report | |
path: tests/coverage-results/coverage.xml | |
- name: Python type check | |
run: mypy . | |
- name: Python linter | |
run: dev lint | |
- name: Code format | |
run: dev format --check | |
- name: Security vulnerability scan in Python code | |
run: dev scan --code | |
- name: Security vulnerability scan in Python dependencies | |
run: dev scan --dependencies | |
- name: Test documentation | |
run: dev doc --check | |
docker-check: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Build Docker image | |
run: docker build --tag python-project-template - < docker/Dockerfile | |
- name: Dockerfile linter | |
uses: hadolint/hadolint-action@v3.1.0 | |
with: | |
dockerfile: docker/Dockerfile | |
- name: Docker image security vulnerability scan | |
continue-on-error: true | |
uses: snyk/actions/docker@master | |
env: | |
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
with: | |
image: python-project-template | |
args: --severity-threshold=medium --file=docker/Dockerfile | |
project-check: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} # Checkout pull request HEAD commit instead of merge commit | |
fetch-depth: 0 | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: "3.11" | |
cache: "pip" | |
cache-dependency-path: "requirements/*.txt" | |
- name: Install Python dependencies | |
run: | | |
pip install -r requirements/prod.txt | |
pip install -r requirements/dev.txt | |
pip install -e . | |
# TODO study how to check commit messages with emojis | |
#- name: Check commit messages | |
# run: gitlint --commits e81c308bf961d35b901575f41e4c353051fed947.. | |
- name: Code format | |
run: ec -verbose | |
- name: Shell script linter | |
run: dev lint --shell | |
- name: Check if requirements are up to date | |
run: | | |
dev requirements | |
test -z "$(git status --short)" | |
# - name: Check version information | |
# run: ./scripts/versioning.py |