-
-
Notifications
You must be signed in to change notification settings - Fork 5
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Also added the Bandit linter to run on the pull_request event. Resolves: AlmaLinux/build-system/issues/222
- Loading branch information
Showing
10 changed files
with
362 additions
and
139 deletions.
There are no files selected for viewing
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
name: Pull Request Checks | ||
on: | ||
pull_request: | ||
types: | ||
- opened | ||
- edited | ||
- reopened | ||
|
||
defaults: | ||
run: | ||
shell: bash | ||
|
||
jobs: | ||
check-pr-message: | ||
runs-on: ubuntu-latest | ||
steps: | ||
|
||
- name: Check the PR title and description | ||
run: | | ||
errors= | ||
if grep -qE '^.{73,}$' <<< "${{ github.event.pull_request.title }}"; then | ||
printf "ERROR: The PR title is longer than 72 characters:\n" | ||
printf " > ${{ github.event.pull_request.title }}\n" | ||
errors=true | ||
fi | ||
issue_regex='(Resolves|Fixes):? +(https:\/\/github.com\/)?AlmaLinux\/build-system(\/issues\/|#)[0-9]+' | ||
if ! grep -qE "$issue_regex" <<< "${{ github.event.pull_request.body }}"; then | ||
printf "ERROR: You need at least one \"Resolves|Fixes: <issue link>\" line.\n" | ||
errors=true | ||
fi | ||
if [[ $errors == true ]]; then | ||
exit 2 | ||
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,71 @@ | ||
name: Preflight Summary | ||
on: | ||
workflow_run: | ||
workflows: [Preflight] | ||
types: [completed] | ||
|
||
defaults: | ||
run: | ||
shell: bash | ||
|
||
jobs: | ||
|
||
submit-summary: | ||
runs-on: ubuntu-latest | ||
permissions: | ||
pull-requests: write | ||
steps: | ||
|
||
- name: Download Preflight artifacts | ||
# https://github.com/marketplace/actions/download-workflow-artifact | ||
uses: dawidd6/action-download-artifact@v3 | ||
with: | ||
name: preflight-reports | ||
run_id: ${{ github.event.workflow_run.id }} | ||
|
||
- name: Load Environment | ||
run: cat environment.txt | tee -a $GITHUB_ENV | ||
|
||
- name: Generate Test Summary | ||
# https://github.com/marketplace/actions/junit-test-dashboard | ||
uses: test-summary/action@v2 | ||
with: | ||
paths: pytest-report.xml | ||
output: test-summary.md | ||
|
||
- name: Generate Coverage Summary | ||
# https://github.com/marketplace/actions/code-coverage-summary | ||
# Generates code-coverage-results.md | ||
uses: irongut/[email protected] | ||
with: | ||
filename: pytest-coverage.xml | ||
badge: false | ||
hide_branch_rate: true | ||
hide_complexity: true | ||
indicators: false | ||
format: markdown | ||
output: file | ||
|
||
- name: Generate Preflight Summary | ||
run: | | ||
{ | ||
JOB_URL="$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/${{github.event.workflow_run.id }}" | ||
printf "[%s]($JOB_URL \"Go to Job Summary\")\n\n" "$(< test-summary.md)" | ||
printf "### Code Coverage Summary\n" | ||
cat code-coverage-results.md | ||
printf "\nView full reports on the [Job Summary]($JOB_URL \"Go to Job Summary\") page\n\n" | ||
cat {pylint,black,isort,bandit}-report.md > linter-reports.md 2>/dev/null || true | ||
if [[ -s linter-reports.md ]]; then | ||
printf "### Linter reports\n" | ||
cat linter-reports.md | ||
fi | ||
} > preflight-report.md | ||
- name: Comment PR | ||
# https://github.com/marketplace/actions/comment-pull-request | ||
uses: thollander/actions-comment-pull-request@v2 | ||
with: | ||
filePath: preflight-report.md | ||
comment_tag: preflight_summary | ||
pr_number: ${{ env.PR_NUMBER }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,146 @@ | ||
name: Preflight | ||
on: [pull_request] | ||
|
||
defaults: | ||
run: | ||
shell: bash | ||
|
||
jobs: | ||
|
||
check-commit-message: | ||
runs-on: ubuntu-latest | ||
steps: | ||
|
||
- name: Check out repository | ||
uses: actions/checkout@v4 | ||
with: | ||
ref: ${{ github.event.pull_request.head.sha }} | ||
|
||
- name: Check commit message | ||
run: | | ||
errors= | ||
readarray -t long_lines < \ | ||
<(git log -1 --pretty=format:%B ${{ github.event.pull_request.head.sha }} | grep -E '^.{73,}$') | ||
if [[ ${#long_lines[@]} -ne 0 ]]; then | ||
printf "ERROR: The following lines are longer than 72 characters:\n" | ||
printf " > %s\n" "${long_lines[@]}" | ||
errors=true | ||
fi | ||
if [[ $errors == true ]]; then | ||
exit 2 | ||
fi | ||
preflight: | ||
runs-on: ubuntu-latest | ||
timeout-minutes: 10 | ||
env: | ||
REPORTS_DIR: .preflight-reports | ||
steps: | ||
|
||
- name: Check out repository | ||
uses: actions/checkout@v4 | ||
|
||
- name: Set up Docker Buildx | ||
# https://github.com/marketplace/actions/docker-setup-buildx | ||
uses: docker/setup-buildx-action@v3 | ||
|
||
- name: Build Docker image | ||
# https://github.com/marketplace/actions/build-and-push-docker-images | ||
uses: docker/build-push-action@v5 | ||
with: | ||
context: . | ||
load: true | ||
cache-from: type=gha | ||
cache-to: type=gha,mode=max | ||
|
||
- name: Prepare working directory | ||
run: mkdir -p $REPORTS_DIR | ||
|
||
- name: Get changed .py files | ||
# https://github.com/marketplace/actions/paths-changes-filter | ||
uses: dorny/paths-filter@v3 | ||
id: changed-files | ||
with: | ||
list-files: shell | ||
filters: | | ||
py: | ||
- added|modified: '**/*.py' | ||
cacher: | ||
- added|modified: 'alma_tests_cacher/**/*.py' | ||
- added|modified: '*.py' | ||
- name: Run pytest | ||
run: | | ||
docker compose run --rm cacher bash -c " | ||
pytest -v --cov \ | ||
--junit-xml=$REPORTS_DIR/pytest-report.xml \ | ||
--cov-report=xml:$REPORTS_DIR/pytest-coverage.xml \ | ||
--cov-report=term | tee $REPORTS_DIR/pytest-output.txt" | ||
- name: Run pylint | ||
if: ${{ steps.changed-files.outputs.cacher == 'true' }} | ||
run: | | ||
docker compose run --rm cacher bash -c " | ||
pylint --exit-zero ${{ steps.changed-files.outputs.cacher_files }} \ | ||
| tee $REPORTS_DIR/pylint-report.txt" | ||
- name: Run black | ||
if: ${{ steps.changed-files.outputs.py == 'true' }} | ||
run: | | ||
docker compose run --rm cacher bash -c " | ||
black --check --diff --color ${{ steps.changed-files.outputs.py_files }} \ | ||
| tee >(sed 's/\x1B\[[0-9;]*m//g' > $REPORTS_DIR/black-report.txt)" | ||
- name: Run isort | ||
if: ${{ steps.changed-files.outputs.py == 'true' }} | ||
run: | | ||
docker compose run --rm cacher bash -c " | ||
isort --check-only --diff --color ${{ steps.changed-files.outputs.py_files }} \ | ||
| tee >(sed 's/\x1B\[[0-9;]*m//g' > $REPORTS_DIR/isort-report.txt)" | ||
- name: Run bandit | ||
if: ${{ steps.changed-files.outputs.cacher == 'true' }} | ||
run: | | ||
docker compose run --rm cacher bash -c " | ||
bandit -c pyproject.toml ${{ steps.changed-files.outputs.cacher_files }} \ | ||
| tee >(sed 's/\x1B\[[0-9;]*m//g' > $REPORTS_DIR/bandit-report.txt)" | ||
- name: Generate .md reports | ||
run: | | ||
awk 'NR == 1 {next}; /^-+ coverage:/ {exit}; {print}' $REPORTS_DIR/pytest-output.txt \ | ||
> $REPORTS_DIR/pytest-report.txt | ||
awk '/^-+ coverage:/, /^TOTAL/' $REPORTS_DIR/pytest-output.txt \ | ||
> $REPORTS_DIR/coverage-report.txt | ||
for tool in coverage pytest pylint black isort bandit; do | ||
if [[ -s $REPORTS_DIR/${tool}-report.txt ]]; then | ||
{ | ||
printf "<details><summary>${tool^} report</summary>\n" | ||
printf '\n```\n' | ||
cat $REPORTS_DIR/${tool}-report.txt | ||
printf '\n```\n' | ||
printf '\n</details>\n\n' | ||
} > $REPORTS_DIR/${tool}-report.md | ||
fi | ||
done | ||
- name: Save environment | ||
run: | | ||
{ | ||
echo "PR_NUMBER=${{ github.event.number }}" | ||
} > $REPORTS_DIR/environment.txt | ||
- name: Upload Pytest reports | ||
# https://github.com/actions/upload-artifact | ||
uses: actions/upload-artifact@v4 | ||
with: | ||
name: preflight-reports | ||
path: ${{ env.REPORTS_DIR }} | ||
compression-level: 9 | ||
|
||
- name: Publish Job Summary | ||
run: | | ||
cat $REPORTS_DIR/{coverage,pytest,pylint,black,isort,bandit}-report.md \ | ||
> $GITHUB_STEP_SUMMARY 2>/dev/null || true |
This file was deleted.
Oops, something went wrong.
Oops, something went wrong.