From 44fb54ea9ec7a5fb19cafd78b3a88b2d3b86a01b Mon Sep 17 00:00:00 2001 From: nimrodkor Date: Thu, 6 Jul 2023 12:15:20 +0300 Subject: [PATCH] Revert workflow changes --- .github/workflows/nightly.yml | 149 ++++++------- .github/workflows/pr-test.yml | 395 +++++++++++++++------------------- 2 files changed, 253 insertions(+), 291 deletions(-) diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index 37f29c2737b..a3d03d3fedc 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -10,61 +10,61 @@ permissions: contents: read jobs: -# github-release: -# runs-on: [self-hosted, public, linux, x64] -# environment: release -# permissions: -# contents: write -# steps: -# - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3 -# with: -# fetch-depth: 0 -# token: ${{ secrets.GH_PAT_SECRET }} -# - name: Prepare Release -# id: prepare_release -# run: | -# # grab latest release and tag to compare and decide to create a new one -# create_release=true -# latest_gh_release=$(curl -s "https://api.github.com/repos/${{ github.repository }}/releases/latest" | grep -Po '"tag_name": "\K.*?(?=")') -# latest_tag=$(git describe --abbrev=0 --tags) + github-release: + runs-on: [self-hosted, public, linux, x64] + environment: release + permissions: + contents: write + steps: + - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3 + with: + fetch-depth: 0 + token: ${{ secrets.GH_PAT_SECRET }} + - name: Prepare Release + id: prepare_release + run: | + # grab latest release and tag to compare and decide to create a new one + create_release=true + latest_gh_release=$(curl -s "https://api.github.com/repos/${{ github.repository }}/releases/latest" | grep -Po '"tag_name": "\K.*?(?=")') + latest_tag=$(git describe --abbrev=0 --tags) -# if [ "$latest_gh_release" = "$latest_tag" ] -# then -# create_release=false -# fi + if [ "$latest_gh_release" = "$latest_tag" ] + then + create_release=false + fi -# echo "create_release=$create_release" >> "$GITHUB_OUTPUT" -# echo "latest_release_version=$latest_gh_release" >> "$GITHUB_OUTPUT" -# echo "version=$latest_tag" >> "$GITHUB_OUTPUT" -# - name: Build GitHub Release changelog -# if: steps.prepare_release.outputs.create_release == 'true' -# id: build_github_release -# uses: mikepenz/release-changelog-builder-action@342972d8fda7082778588387394cf150b9f7226f # v3 -# env: -# GITHUB_TOKEN: ${{ secrets.GH_PAT_SECRET }} -# with: -# configuration: ".github/release-changelog-config.json" -# fromTag: ${{ steps.prepare_release.outputs.latest_release_version }} -# toTag: ${{ steps.prepare_release.outputs.version }} -# - name: Create GitHub Release -# if: steps.build_github_release.outputs.changelog != '' -# uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1 -# with: -# tag_name: ${{ steps.prepare_release.outputs.version }} -# name: ${{ steps.prepare_release.outputs.version }} -# body: ${{ steps.build_github_release.outputs.changelog }} -# - name: Update CHANGELOG.md -# if: steps.build_github_release.outputs.changelog != '' -# uses: stefanzweifel/changelog-updater-action@fbed2c00a9444d54ab4b1a4a81dea3559e7a2d7c # v1 -# - name: Commit updated CHANGELOG.md -# if: steps.build_github_release.outputs.changelog != '' -# uses: stefanzweifel/git-auto-commit-action@3ea6ae190baf489ba007f7c92608f33ce20ef04a # v4 -# with: -# commit_message: "chore: update release notes" -# file_pattern: CHANGELOG.md -# outputs: -# upload_url: ${{ steps.create_github_release.outputs.upload_url }} -# version: ${{ steps.prepare_release.outputs.version }} + echo "create_release=$create_release" >> "$GITHUB_OUTPUT" + echo "latest_release_version=$latest_gh_release" >> "$GITHUB_OUTPUT" + echo "version=$latest_tag" >> "$GITHUB_OUTPUT" + - name: Build GitHub Release changelog + if: steps.prepare_release.outputs.create_release == 'true' + id: build_github_release + uses: mikepenz/release-changelog-builder-action@342972d8fda7082778588387394cf150b9f7226f # v3 + env: + GITHUB_TOKEN: ${{ secrets.GH_PAT_SECRET }} + with: + configuration: ".github/release-changelog-config.json" + fromTag: ${{ steps.prepare_release.outputs.latest_release_version }} + toTag: ${{ steps.prepare_release.outputs.version }} + - name: Create GitHub Release + if: steps.build_github_release.outputs.changelog != '' + uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1 + with: + tag_name: ${{ steps.prepare_release.outputs.version }} + name: ${{ steps.prepare_release.outputs.version }} + body: ${{ steps.build_github_release.outputs.changelog }} + - name: Update CHANGELOG.md + if: steps.build_github_release.outputs.changelog != '' + uses: stefanzweifel/changelog-updater-action@fbed2c00a9444d54ab4b1a4a81dea3559e7a2d7c # v1 + - name: Commit updated CHANGELOG.md + if: steps.build_github_release.outputs.changelog != '' + uses: stefanzweifel/git-auto-commit-action@3ea6ae190baf489ba007f7c92608f33ce20ef04a # v4 + with: + commit_message: "chore: update release notes" + file_pattern: CHANGELOG.md + outputs: + upload_url: ${{ steps.create_github_release.outputs.upload_url }} + version: ${{ steps.prepare_release.outputs.version }} build-release-artifacts: strategy: matrix: @@ -74,41 +74,42 @@ jobs: suffix: '' - os: ubuntu-latest name: linux - suffix: '.so' + suffix: '' - os: windows-latest name: windows suffix: '.exe' -# needs: [github-release] + needs: [github-release] runs-on: ${{ matrix.os }} - environment: release permissions: contents: write steps: - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3 with: fetch-depth: 0 - token: ${{ secrets.GH_PAT_SECRET }} + token: ${{ secrets.GITHUB_TOKEN }} - uses: actions/setup-python@bd6b4b6205c4dbad673328db7b31b7fab9e241c0 # v4 with: - python-version: 3.8 + python-version: 3.7 - name: Install pipenv run: | python -m pip install --no-cache-dir --upgrade pipenv - - name: Install deps + - name: Install deps and run pyinstaller run: | pipenv sync - pip install pyinstaller - - name: Build artifact - run: | - pyinstaller checkov.spec - ls -la dist/ -# zip checkov_${{ matrix.name }}.zip checkov${{ matrix.suffix }} -# - name: Upload Release Asset -# uses: actions/upload-release-asset@v1 -# env: -# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} -# with: -# upload_url: ${{ needs.github-release.outputs.upload_url }} -# asset_path: ./checkov_${{ matrix.name }}.zip -# asset_name: checkov_darwin_${{ needs.github-release.outputs.version }}.zip -# asset_content_type: application/zip + pipenv run pip install pyinstaller + - name: Build executable + run: pipenv run pyinstaller checkov.spec + - uses: actions/upload-artifact@v3 + with: + name: checkov_${{ matrix.name }} + path: dist/checkov${{ matrix.suffix }} + if-no-files-found: error + - name: Upload Release Asset + uses: actions/upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + upload_url: ${{ needs.github-release.outputs.upload_url }} + asset_path: ./checkov_${{ matrix.name }}${{ matrix.suffix }} + asset_name: checkov_${{ matrix.name }}_${{ needs.github-release.outputs.version }} + asset_content_type: application/zip diff --git a/.github/workflows/pr-test.yml b/.github/workflows/pr-test.yml index f5af5744516..42cecaba4df 100644 --- a/.github/workflows/pr-test.yml +++ b/.github/workflows/pr-test.yml @@ -6,234 +6,195 @@ permissions: contents: read jobs: -# lint: -# uses: bridgecrewio/gha-reusable-workflows/.github/workflows/pre-commit.yaml@main -# with: -# python-version: "3.9" -# -# cfn-lint: -# runs-on: ubuntu-latest -# steps: -# - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3 -# - uses: actions/setup-python@bd6b4b6205c4dbad673328db7b31b7fab9e241c0 # v4 -# with: -# python-version: 3.7 -# - name: Install cfn-lint -# run: | -# pip install -U cfn-lint -# - name: Lint Cloudformation templates -# run: | -# cfn-lint tests/cloudformation/checks/resource/aws/**/* -i W -# -# mypy: -# uses: bridgecrewio/gha-reusable-workflows/.github/workflows/mypy.yaml@main -# -# unit-tests: -# strategy: -# fail-fast: true -# matrix: -# python: ["3.7", "3.8", "3.9", "3.10", "3.11"] -# runs-on: ubuntu-latest -# timeout-minutes: 30 -# steps: -# - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3 -# - name: Set up Python ${{ matrix.python }} -# uses: actions/setup-python@bd6b4b6205c4dbad673328db7b31b7fab9e241c0 # v4 -# with: -# python-version: ${{ matrix.python }} -# cache: "pipenv" -# cache-dependency-path: "Pipfile.lock" -# - uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3 -# with: -# token: ${{ secrets.GITHUB_TOKEN }} -# - uses: imranismail/setup-kustomize@a76db1c6419124d51470b1e388c4b29476f495f1 # v2 -# with: -# github-token: ${{ secrets.GITHUB_TOKEN }} -# - name: Install pipenv -# run: | -# python -m pip install --no-cache-dir --upgrade pipenv -# - name: Install dependencies -# run: | -# # remove venv, if exists -# pipenv --rm || true -# pipenv --python ${{ matrix.python }} -# pipenv install --dev -v -# - name: Unit tests -# env: -# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} -# run: | -# pipenv run python -m pytest tests -# -# integration-tests: -# strategy: -# fail-fast: true -# matrix: -# python: ["3.7", "3.8", "3.9", "3.10", "3.11"] -# os: [ubuntu-latest, macos-latest, windows-latest] -# runs-on: ${{ matrix.os }} -# steps: -# - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3 -# - uses: actions/setup-python@bd6b4b6205c4dbad673328db7b31b7fab9e241c0 # v4 -# with: -# python-version: ${{ matrix.python }} -# cache: "pipenv" -# cache-dependency-path: "Pipfile.lock" -# - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3 -# - uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3 -# with: -# token: ${{ secrets.GITHUB_TOKEN }} -# - uses: imranismail/setup-kustomize@a76db1c6419124d51470b1e388c4b29476f495f1 # v2 -# if: ${{ runner.os != 'windows' }} -# with: -# github-token: ${{ secrets.GITHUB_TOKEN }} -# - name: Install pipenv -# run: | -# python -m pip install --no-cache-dir --upgrade pipenv -# - name: Build & install checkov package -# run: | -# # remove venv, if exists -# pipenv --rm || true -# pipenv --python ${{ matrix.python }} -# pipenv run pip install pytest pytest-xdist -# pipenv run python setup.py sdist bdist_wheel -# bash -c 'pipenv run pip install dist/checkov-*.whl' -# - name: Clone Terragoat - vulnerable terraform -# run: git clone https://github.com/bridgecrewio/terragoat -# - name: Clone Cfngoat - vulnerable cloudformation -# run: git clone https://github.com/bridgecrewio/cfngoat -# - name: Clone Kubernetes-goat - vulnerable kubernetes -# run: git clone https://github.com/madhuakula/kubernetes-goat -# - name: Clone kustomize-goat - vulnerable kustomize -# run: git clone https://github.com/bridgecrewio/kustomizegoat -# - name: Create checkov reports -# env: -# LOG_LEVEL: INFO -# BC_KEY: ${{ secrets.BC_API_KEY }} -# run: | -# # Just making sure the API key tests don't run on PRs -# bash -c './integration_tests/prepare_data.sh ${{ matrix.os }} 3.8' -# - name: Run integration tests -# run: | -# pipenv run pytest integration_tests -k 'not api_key' -# -# performance-tests: -# strategy: -# fail-fast: false -# matrix: -# python: ["3.7"] -# env: -# working-directory: ./performance_tests -# runs-on: [self-hosted, public, linux, x64] -# steps: -# - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3 -# - uses: actions/setup-python@bd6b4b6205c4dbad673328db7b31b7fab9e241c0 # v4 -# with: -# python-version: ${{ matrix.python }} -# cache: "pipenv" -# cache-dependency-path: "Pipfile.lock" -# - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3 -# - uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3 -# with: -# token: ${{ secrets.GITHUB_TOKEN }} -# - uses: imranismail/setup-kustomize@a76db1c6419124d51470b1e388c4b29476f495f1 # v2 -# with: -# github-token: ${{ secrets.GITHUB_TOKEN }} -# - name: Install pipenv -# run: | -# python -m pip install --no-cache-dir --upgrade pipenv -# - name: Build & install checkov package -# run: | -# # remove venv, if exists -# pipenv --rm || true -# pipenv --python ${{ matrix.python }} -# # 'py' package is used in 'pytest-benchmark', but 'pytest' removed it in their latest version -# pipenv run pip install pytest pytest-benchmark py -# pipenv run python setup.py sdist bdist_wheel -# bash -c 'pipenv run pip install dist/checkov-*.whl' -# - name: Clone terraform-aws-components -# run: git clone --branch 0.182.0 https://github.com/cloudposse/terraform-aws-components.git -# working-directory: ${{ env.working-directory }} -# - name: Clone aws-cloudformation-templates -# run: git clone --branch 0.0.1 https://github.com/awslabs/aws-cloudformation-templates.git -# working-directory: ${{ env.working-directory }} -# - name: Clone kubernetes-yaml-templates -# run: git clone https://github.com/dennyzhang/kubernetes-yaml-templates.git -# working-directory: ${{ env.working-directory }} -# - name: Run performance tests -# run: | -# pipenv run pytest -# working-directory: ${{ env.working-directory }} -# -# dogfood-tests: -# runs-on: ubuntu-latest -# env: -# PYTHON_VERSION: "3.7" -# WORKING_DIRECTORY: ./dogfood_tests -# steps: -# - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3 -# - uses: actions/setup-python@bd6b4b6205c4dbad673328db7b31b7fab9e241c0 # v4 -# with: -# python-version: ${{ env.PYTHON_VERSION }} -# cache: "pipenv" -# cache-dependency-path: "Pipfile.lock" -# - uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3 -# with: -# token: ${{ secrets.GITHUB_TOKEN }} -# - uses: imranismail/setup-kustomize@a76db1c6419124d51470b1e388c4b29476f495f1 # v2 -# with: -# github-token: ${{ secrets.GITHUB_TOKEN }} -# - name: Install pipenv -# run: | -# python -m pip install --no-cache-dir --upgrade pipenv -# -# - name: Build & install checkov package -# run: | -# # remove venv, if exists -# pipenv --rm || true -# pipenv --python ${{ env.PYTHON_VERSION }} -# pipenv run pip install pytest pytest-xdist -# pipenv run python setup.py sdist bdist_wheel -# bash -c 'pipenv run pip install dist/checkov-*.whl' -# - name: Run dogfood tests -# run: | -# pipenv run pytest -# working-directory: ${{ env.WORKING_DIRECTORY }} - build-release-artifacts: + lint: + uses: bridgecrewio/gha-reusable-workflows/.github/workflows/pre-commit.yaml@main + with: + python-version: "3.9" + + cfn-lint: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3 + - uses: actions/setup-python@bd6b4b6205c4dbad673328db7b31b7fab9e241c0 # v4 + with: + python-version: 3.7 + - name: Install cfn-lint + run: | + pip install -U cfn-lint + - name: Lint Cloudformation templates + run: | + cfn-lint tests/cloudformation/checks/resource/aws/**/* -i W + + mypy: + uses: bridgecrewio/gha-reusable-workflows/.github/workflows/mypy.yaml@main + + unit-tests: + strategy: + fail-fast: true + matrix: + python: ["3.7", "3.8", "3.9", "3.10", "3.11"] + runs-on: ubuntu-latest + timeout-minutes: 30 + steps: + - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3 + - name: Set up Python ${{ matrix.python }} + uses: actions/setup-python@bd6b4b6205c4dbad673328db7b31b7fab9e241c0 # v4 + with: + python-version: ${{ matrix.python }} + cache: "pipenv" + cache-dependency-path: "Pipfile.lock" + - uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3 + with: + token: ${{ secrets.GITHUB_TOKEN }} + - uses: imranismail/setup-kustomize@a76db1c6419124d51470b1e388c4b29476f495f1 # v2 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + - name: Install pipenv + run: | + python -m pip install --no-cache-dir --upgrade pipenv + - name: Install dependencies + run: | + # remove venv, if exists + pipenv --rm || true + pipenv --python ${{ matrix.python }} + pipenv install --dev -v + - name: Unit tests + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + pipenv run python -m pytest tests + + integration-tests: strategy: + fail-fast: true matrix: - include: - - os: macos-latest - name: darwin - suffix: '' - - os: ubuntu-latest - name: linux - suffix: '' - - os: windows-latest - name: windows - suffix: '.exe' - # needs: [github-release] + python: ["3.7", "3.8", "3.9", "3.10", "3.11"] + os: [ubuntu-latest, macos-latest, windows-latest] runs-on: ${{ matrix.os }} - permissions: - contents: write steps: - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3 + - uses: actions/setup-python@bd6b4b6205c4dbad673328db7b31b7fab9e241c0 # v4 + with: + python-version: ${{ matrix.python }} + cache: "pipenv" + cache-dependency-path: "Pipfile.lock" + - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3 + - uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3 with: - fetch-depth: 0 token: ${{ secrets.GITHUB_TOKEN }} + - uses: imranismail/setup-kustomize@a76db1c6419124d51470b1e388c4b29476f495f1 # v2 + if: ${{ runner.os != 'windows' }} + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + - name: Install pipenv + run: | + python -m pip install --no-cache-dir --upgrade pipenv + - name: Build & install checkov package + run: | + # remove venv, if exists + pipenv --rm || true + pipenv --python ${{ matrix.python }} + pipenv run pip install pytest pytest-xdist + pipenv run python setup.py sdist bdist_wheel + bash -c 'pipenv run pip install dist/checkov-*.whl' + - name: Clone Terragoat - vulnerable terraform + run: git clone https://github.com/bridgecrewio/terragoat + - name: Clone Cfngoat - vulnerable cloudformation + run: git clone https://github.com/bridgecrewio/cfngoat + - name: Clone Kubernetes-goat - vulnerable kubernetes + run: git clone https://github.com/madhuakula/kubernetes-goat + - name: Clone kustomize-goat - vulnerable kustomize + run: git clone https://github.com/bridgecrewio/kustomizegoat + - name: Create checkov reports + env: + LOG_LEVEL: INFO + BC_KEY: ${{ secrets.BC_API_KEY }} + run: | + # Just making sure the API key tests don't run on PRs + bash -c './integration_tests/prepare_data.sh ${{ matrix.os }} 3.8' + - name: Run integration tests + run: | + pipenv run pytest integration_tests -k 'not api_key' + + performance-tests: + strategy: + fail-fast: false + matrix: + python: ["3.7"] + env: + working-directory: ./performance_tests + runs-on: [self-hosted, public, linux, x64] + steps: + - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3 - uses: actions/setup-python@bd6b4b6205c4dbad673328db7b31b7fab9e241c0 # v4 with: - python-version: 3.7 + python-version: ${{ matrix.python }} + cache: "pipenv" + cache-dependency-path: "Pipfile.lock" + - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3 + - uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3 + with: + token: ${{ secrets.GITHUB_TOKEN }} + - uses: imranismail/setup-kustomize@a76db1c6419124d51470b1e388c4b29476f495f1 # v2 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} - name: Install pipenv run: | python -m pip install --no-cache-dir --upgrade pipenv - - name: Install deps and run pyinstaller + - name: Build & install checkov package run: | - pipenv sync - pipenv run pip install pyinstaller - - name: Build executable - run: pipenv run pyinstaller checkov.spec - - uses: actions/upload-artifact@v3 + # remove venv, if exists + pipenv --rm || true + pipenv --python ${{ matrix.python }} + # 'py' package is used in 'pytest-benchmark', but 'pytest' removed it in their latest version + pipenv run pip install pytest pytest-benchmark py + pipenv run python setup.py sdist bdist_wheel + bash -c 'pipenv run pip install dist/checkov-*.whl' + - name: Clone terraform-aws-components + run: git clone --branch 0.182.0 https://github.com/cloudposse/terraform-aws-components.git + working-directory: ${{ env.working-directory }} + - name: Clone aws-cloudformation-templates + run: git clone --branch 0.0.1 https://github.com/awslabs/aws-cloudformation-templates.git + working-directory: ${{ env.working-directory }} + - name: Clone kubernetes-yaml-templates + run: git clone https://github.com/dennyzhang/kubernetes-yaml-templates.git + working-directory: ${{ env.working-directory }} + - name: Run performance tests + run: | + pipenv run pytest + working-directory: ${{ env.working-directory }} + + dogfood-tests: + runs-on: ubuntu-latest + env: + PYTHON_VERSION: "3.7" + WORKING_DIRECTORY: ./dogfood_tests + steps: + - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3 + - uses: actions/setup-python@bd6b4b6205c4dbad673328db7b31b7fab9e241c0 # v4 + with: + python-version: ${{ env.PYTHON_VERSION }} + cache: "pipenv" + cache-dependency-path: "Pipfile.lock" + - uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3 + with: + token: ${{ secrets.GITHUB_TOKEN }} + - uses: imranismail/setup-kustomize@a76db1c6419124d51470b1e388c4b29476f495f1 # v2 with: - name: checkov_${{ matrix.name }} - path: dist/checkov${{ matrix.suffix }} - if-no-files-found: error + github-token: ${{ secrets.GITHUB_TOKEN }} + - name: Install pipenv + run: | + python -m pip install --no-cache-dir --upgrade pipenv + + - name: Build & install checkov package + run: | + # remove venv, if exists + pipenv --rm || true + pipenv --python ${{ env.PYTHON_VERSION }} + pipenv run pip install pytest pytest-xdist + pipenv run python setup.py sdist bdist_wheel + bash -c 'pipenv run pip install dist/checkov-*.whl' + - name: Run dogfood tests + run: | + pipenv run pytest + working-directory: ${{ env.WORKING_DIRECTORY }}