Skip to content

Set basic project config correctly #16

Set basic project config correctly

Set basic project config correctly #16

Workflow file for this run

name: CI
on:
push:
branches:
- main
tags:
- 'v*'
pull_request:
branches:
- 'main'
env:
REGISTRY: ghcr.io
POETRY_CACHE_DIR: ~/.cache/pypoetry
IMAGE_NAME: ${{ github.repository }}
PYTHON_VERSION: "3.11"
jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install poetry
run: pipx install poetry
- name: Set up Python ${{ env.python-version }}
uses: actions/setup-python@v5
with:
python-version: ${{ env.PYTHON_VERSION }}
cache: "poetry"
- name: Install dependencies
run: poetry install
- name: run ruff
run: poetry run ruff check --output-format=github
- name: run format
run: poetry run ruff format --check
- name: run pyright
run: poetry run pyright
security:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install poetry
run: pipx install poetry
- name: Set up Python ${{ env.PYTHON_VERSION }}
uses: actions/setup-python@v5
with:
python-version: ${{ env.PYTHON_VERSION }}
cache: "poetry"
- name: Install dependencies
run: poetry install
- name: Generate SBOM
run: poetry run cyclonedx-py poetry > sbom.json
- name: Generace licenses file
run: |
poetry run pip-licenses --order=license --format=json --with-description > licenses.txt
- name: Upload SBOM and licenses
uses: actions/upload-artifact@v4
with:
name: sbom-licenses-${{ github.sha }}.json
path: |
sbom.json
licenses.txt
if-no-files-found: error
overwrite: true
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
scan-type: 'fs'
scan-ref: '.'
trivy-config: trivy.yaml
test:
runs-on: ubuntu-latest
strategy:
matrix:
python-version: ["3.10", "3.11", "3.12"]
steps:
- uses: actions/checkout@v4
- name: Install poetry
run: pipx install poetry
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
cache: "poetry"
- name: Install dependencies
run: poetry install
- name: run pytest
run: poetry run coverage run -m pytest
- name: run coverage
run: poetry run coverage report
- name: run coverage
run: poetry run coverage html
- name: Upload code coverage report
if: ${{ matrix.python-version }} == '3.11'
uses: actions/upload-artifact@v4
with:
name: codecoverage-${{ github.sha }}
path: htmlcov/
if-no-files-found: error
overwrite: true
build:
needs: test
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v4
- name: Log in to the Container registry
uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 #todo: set to version
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Extract metadata for Docker
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
- name: Build and push Docker image
uses: docker/build-push-action@v5
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
platforms: linux/amd64,linux/arm64,darwin/amd64
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ steps.meta.outputs.tags }}
trivy-config: trivy.yaml
scan-type: image
github-pat: ${{ secrets.GITHUB_TOKEN }}
# notifyMattermost:
# runs-on: ubuntu-latest
# if: failure()
# steps:
# - uses: mattermost/action-mattermost-notify@master
# with:
# MATTERMOST_WEBHOOK_URL: ${{ secrets.MM_WEBHOOK_URL }}
# MATTERMOST_CHANNEL: the-best-channel
# TEXT: |
# This is a message from ${{ github.repository }}.
# [Pipeline](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) failed :fire:
# MATTERMOST_USERNAME: ${{ github.triggering_actor }}