Continuos Integration #132
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Continuos Integration | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| branches: | |
| - main | |
| schedule: | |
| - cron: '0 0 * * 1' # Every Monday at 00:00 UTC | |
| jobs: | |
| project-check: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Check if Dockerfiles were generated | |
| run: | | |
| ./scripts/pipeline.py dockerfiles | |
| test -z "$(git status --short)" | |
| generate-docker-jobs: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| matrix: ${{ steps.generate-jobs.outputs.matrix }} | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Generate jobs | |
| id: generate-jobs | |
| run: | | |
| matrix=$(./scripts/pipeline.py ci) | |
| echo "matrix=$matrix" >> "$GITHUB_OUTPUT" | |
| docker-check: | |
| needs: [project-check, generate-docker-jobs] | |
| continue-on-error: true | |
| strategy: | |
| matrix: ${{ fromJson(needs.generate-docker-jobs.outputs.matrix) }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Build Docker image | |
| run: docker build --tag mateusoliveira43/poetry:${{ matrix.version }} - < ${{ matrix.dockerfile }} | |
| - name: Dockerfile linter | |
| uses: hadolint/[email protected] | |
| with: | |
| dockerfile: ${{ matrix.dockerfile }} | |
| - name: Docker image security vulnerability scan | |
| uses: snyk/actions/docker@master | |
| env: | |
| SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
| with: | |
| image: mateusoliveira43/poetry:${{ matrix.version }} | |
| args: --severity-threshold=medium --file=${{ matrix.dockerfile }} | |
| python-check: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: actions/setup-python@v3 | |
| with: | |
| python-version: "3.10" | |
| cache: "pip" | |
| cache-dependency-path: "requirements/*.txt" | |
| - name: Install Python dependencies | |
| run: | | |
| pip install -r requirements/dev.txt | |
| pip install -e . | |
| # - name: Python test and coverage | |
| # run: pytest | |
| # - name: Save html coverage report | |
| # uses: actions/upload-artifact@v2 | |
| # with: | |
| # name: html-coverage-report | |
| # path: tests/coverage-results/htmlcov/ | |
| - name: Python type check | |
| run: mypy . | |
| - name: Python linter | |
| run: dev lint | |
| - name: Python Code format | |
| run: dev format --check | |
| - name: Code format | |
| run: ec -verbose | |
| - name: Security vulnerability scan in Python code | |
| run: dev scan --code | |
| - name: Security vulnerability scan in Python dependencies | |
| run: dev scan --dependencies | |
| # - name: Test documentation | |
| # run: dev doc --check |