Skip to content

Updates

Updates #304

Workflow file for this run

name: PR Checks
on:
pull_request:
branches: [ main ]
env:
REQUIRED_COVERAGE: 30
PYTHON_KEYRING_BACKEND: keyring.backends.null.Keyring
jobs:
python:
name: python checks
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v2
with:
python-version: '3.10'
- name: Install Poetry
run: pip install poetry
- name: Install requirements
run: poetry install
- name: Check formatting
run: poetry run black --check .
- name: Check pylint
run: poetry run pylint --rcfile pyproject.toml vault_monitor
- name: Check typing
run: poetry run mypy --config-file pyproject.toml .
- name: Execute tests
run: poetry run pytest --cov-fail-under $REQUIRED_COVERAGE
docker:
name: docker checks
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: hadolint/[email protected]
with:
dockerfile: Dockerfile
- name: Build PR Check
id: containers
run: |
if [[ "${{ secrets.BUILD_PR }}" != "" && \
"${{ secrets.PR_CONTAINERS_USER }}" != "" && \
"${{ secrets.PR_CONTAINERS }}" != "" ]]
then
echo "PR Builds configured"
echo "::set-output name=BUILD_PR::true"
else
echo "PR Builds not configured"
echo "::set-output name=BUILD_PR::false"
fi
- name: Get PR ID
id: pr
run: echo "::set-output name=id::$(echo ${{ github.ref_name }} | cut -d"/" -f1)"
if: ${{ fromJSON(steps.containers.outputs.BUILD_PR) }}
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Login to ghcr.io
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ secrets.PR_CONTAINERS_USER }}
password: ${{ secrets.PR_CONTAINERS }}
if: ${{ fromJSON(steps.containers.outputs.BUILD_PR) }}
- name: PR Cross Platform Build and Push
uses: docker/build-push-action@v2
with:
context: .
push: true
tags: ghcr.io/${{ github.repository }}:pr-${{ steps.pr.outputs.id }}
platforms: linux/amd64,linux/arm64,linux/arm/v7
if: ${{ fromJSON(steps.containers.outputs.BUILD_PR) }}
- name: PR Cross Platform Build
uses: docker/build-push-action@v2
with:
context: .
tags: ghcr.io/${{ github.repository }}:pr-${{ steps.pr.outputs.id }}
platforms: linux/amd64,linux/arm64,linux/arm/v7
if: ${{ !fromJSON(steps.containers.outputs.BUILD_PR) }}
security:
name: security checks
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: '0'
- uses: actions/setup-python@v2
with:
python-version: '3.11'
- name: Install Poetry
run: pip install poetry
- name: Install requirements
run: poetry install
- name: Execute Bandit Security Checks
run: poetry run bandit -r vault_monitor
- name: Test Image Build
run: docker build . -t build-exporter:test
- name: Scan Image
uses: Azure/[email protected]
with:
image-name: build-exporter:test
run-quality-checks: false # Disabled for now due to bug https://github.com/Azure/container-scan/issues/133 (and partially duplicating linting anyway)
version:
name: version check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Install Poetry
run: pip install poetry
- name: Install requirements
run: poetry install
- name: Get current version
id: current_version
run: echo "::set-output name=version::$(poetry version | cut -d" " -f2)"
- name: Checkout ${{ github.base_ref }}
uses: actions/checkout@v3
with:
ref: ${{ github.base_ref }}
- name: Get ${{ github.base_ref }} version
id: old_version
run: |
echo "::set-output name=version::$(poetry version | cut -d" " -f2)"
- name: Checkout current branch
uses: actions/checkout@v3
- name: Check version has been bumped
run: "python .github/workflows/version_check.py --current-branch ${{ steps.current_version.outputs.version }} --target-branch ${{ steps.old_version.outputs.version }}"