CI #273
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: [ "prod" ] | |
pull_request: | |
branches: [ "prod" ] | |
workflow_dispatch: | |
permissions: | |
id-token: write | |
contents: read | |
jobs: | |
test: | |
runs-on: ${{ matrix.os }} | |
environment: GCAPI-Backend | |
strategy: | |
fail-fast: true | |
matrix: | |
os: ["ubuntu-latest"] | |
python-version: ["3.11"] | |
env: | |
API_MODE: "test" | |
ENVIRONMENT: "pytest" | |
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
SENTRY_DSN: ${{ secrets.SENTRY_DSN }} | |
API_ALLOWED_CORS: ${{ secrets.API_ALLOWED_CORS }} | |
API_RSA_PRIVATE_KEY: ${{ secrets.API_RSA_PRIVATE_KEY }} | |
API_RSA_PUBLIC_KEY: ${{ secrets.API_RSA_PUBLIC_KEY }} | |
API_SECRET_KEY: ${{ secrets.API_SECRET_KEY }} | |
API_CSRF_KEY: ${{ secrets.API_CSRF_KEY }} | |
API_ENCRYPTION_KEY: ${{ secrets.API_ENCRYPTION_KEY }} | |
API_ENCRYPTION_SALT: ${{ secrets.API_ENCRYPTION_SALT }} | |
API_QUERY_LIMIT_OFFSET_DEFAULT: ${{ secrets.API_QUERY_LIMIT_OFFSET_DEFAULT }} | |
API_QUERY_LIMIT_ROWS_DEFAULT: ${{ secrets.API_QUERY_LIMIT_ROWS_DEFAULT }} | |
API_QUERY_LIMIT_ROWS_MAX: ${{ secrets.API_QUERY_LIMIT_ROWS_MAX }} | |
AUTH0_DOMAIN: ${{ secrets.AUTH0_DOMAIN }} | |
AUTH0_API_AUDIENCE: ${{ secrets.AUTH0_API_AUDIENCE }} | |
AUTH0_SPA_CLIENT_ID: ${{ secrets.AUTH0_SPA_CLIENT_ID }} | |
AUTH0_SPA_CLIENT_SECRET: ${{ secrets.AUTH0_SPA_CLIENT_SECRET }} | |
AUTH0_M2M_CLIENT_ID: ${{ secrets.AUTH0_M2M_CLIENT_ID }} | |
AUTH0_M2M_CLIENT_SECRET: ${{ secrets.AUTH0_M2M_CLIENT_SECRET }} | |
AUTH0_FIRST_ADMIN_AUTH_ID: ${{ secrets.AUTH0_FIRST_ADMIN_AUTH_ID }} | |
AUTH0_FIRST_ADMIN: ${{ secrets.AUTH0_FIRST_ADMIN }} | |
AUTH0_FIRST_ADMIN_PASSWORD: ${{ secrets.AUTH0_FIRST_ADMIN_PASSWORD }} | |
AUTH0_FIRST_ADMIN_PICTURE: ${{ secrets.AUTH0_FIRST_ADMIN_PICTURE }} | |
AUTH0_FIRST_MANAGER_AUTH_ID: ${{ secrets.AUTH0_FIRST_MANAGER_AUTH_ID }} | |
AUTH0_FIRST_MANAGER: ${{ secrets.AUTH0_FIRST_MANAGER }} | |
AUTH0_FIRST_MANAGER_PASSWORD: ${{ secrets.AUTH0_FIRST_MANAGER_PASSWORD }} | |
AUTH0_FIRST_MANAGER_PICTURE: ${{ secrets.AUTH0_FIRST_MANAGER_PICTURE }} | |
AUTH0_FIRST_EMPLOYEE_AUTH_ID: ${{ secrets.AUTH0_FIRST_EMPLOYEE_AUTH_ID }} | |
AUTH0_FIRST_EMPLOYEE: ${{ secrets.AUTH0_FIRST_EMPLOYEE }} | |
AUTH0_FIRST_EMPLOYEE_PASSWORD: ${{ secrets.AUTH0_FIRST_EMPLOYEE_PASSWORD }} | |
AUTH0_FIRST_EMPLOYEE_PICTURE: ${{ secrets.AUTH0_FIRST_EMPLOYEE_PICTURE }} | |
AUTH0_FIRST_CLIENT_A_AUTH_ID: ${{ secrets.AUTH0_FIRST_CLIENT_A_AUTH_ID }} | |
AUTH0_FIRST_CLIENT_A: ${{ secrets.AUTH0_FIRST_CLIENT_A }} | |
AUTH0_FIRST_CLIENT_A_PASSWORD: ${{ secrets.AUTH0_FIRST_CLIENT_A_PASSWORD }} | |
AUTH0_FIRST_CLIENT_A_PICTURE: ${{ secrets.AUTH0_FIRST_CLIENT_A_PICTURE }} | |
AUTH0_FIRST_CLIENT_B_AUTH_ID: ${{ secrets.AUTH0_FIRST_CLIENT_B_AUTH_ID }} | |
AUTH0_FIRST_CLIENT_B: ${{ secrets.AUTH0_FIRST_CLIENT_B }} | |
AUTH0_FIRST_CLIENT_B_PASSWORD: ${{ secrets.AUTH0_FIRST_CLIENT_B_PASSWORD }} | |
AUTH0_FIRST_CLIENT_B_PICTURE: ${{ secrets.AUTH0_FIRST_CLIENT_B_PICTURE }} | |
AUTH0_FIRST_USER_VERIFIED_AUTH_ID: ${{ secrets.AUTH0_FIRST_USER_VERIFIED_AUTH_ID }} | |
AUTH0_FIRST_USER_VERIFIED: ${{ secrets.AUTH0_FIRST_USER_VERIFIED }} | |
AUTH0_FIRST_USER_VERIFIED_PASSWORD: ${{ secrets.AUTH0_FIRST_USER_VERIFIED_PASSWORD }} | |
AUTH0_FIRST_USER_UNVERIFIED_AUTH_ID: ${{ secrets.AUTH0_FIRST_USER_UNVERIFIED_AUTH_ID }} | |
AUTH0_FIRST_USER_UNVERIFIED: ${{ secrets.AUTH0_FIRST_USER_UNVERIFIED }} | |
AUTH0_FIRST_USER_UNVERIFIED_PASSWORD: ${{ secrets.AUTH0_FIRST_USER_UNVERIFIED_PASSWORD }} | |
EMAIL_ENABLED: ${{ secrets.EMAIL_ENABLED }} | |
EMAIL_FROM_EMAIL: ${{ secrets.EMAIL_FROM_EMAIL }} | |
EMAIL_FROM_NAME: ${{ secrets.EMAIL_FROM_NAME }} | |
EMAIL_PROVIDER_RESTRICTION: ${{ secrets.EMAIL_PROVIDER_RESTRICTION }} | |
EMAIL_ALLOWED_PROVIDERS: ${{ secrets.EMAIL_ALLOWED_PROVIDERS }} | |
EMAIL_ALLOWED_FROM_EMAILS: ${{ secrets.EMAIL_ALLOWED_FROM_EMAILS }} | |
EMAIL_TEST_USER: ${{ secrets.EMAIL_TEST_USER }} | |
CLOUDKEY_IPINFO: ${{ secrets.CLOUDKEY_IPINFO }} | |
CLOUDKEY_GOOGLE_API: ${{ secrets.CLOUDKEY_GOOGLE_API }} | |
CLOUDKEY_AWS_ACCESS_KEY_ID: ${{ secrets.CLOUDKEY_AWS_ACCESS_KEY_ID }} | |
CLOUDKEY_AWS_SECRET_ACCESS_KEY: ${{ secrets.CLOUDKEY_AWS_SECRET_ACCESS_KEY }} | |
CLOUDKEY_AWS_DEFAULT_REGION: ${{ secrets.CLOUDKEY_AWS_DEFAULT_REGION }} | |
CLOUDKEY_AWS_S3_DEFAULT_BUCKET: ${{ secrets.CLOUDKEY_AWS_S3_DEFAULT_BUCKET }} | |
AWS_GITHUB_OIDC_ROLE_ARN: ${{ secrets.AWS_GITHUB_OIDC_ROLE_ARN }} | |
steps: | |
- name: Checkout Source | |
uses: actions/checkout@v4 | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v3 | |
with: | |
role-to-assume: ${{ secrets.AWS_GITHUB_OIDC_ROLE_ARN }} | |
aws-region: ${{ secrets.CLOUDKEY_AWS_DEFAULT_REGION }} | |
audience: "sts.amazonaws.com" | |
- name: Setup Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ matrix.python-version }} | |
cache: "pip" | |
- name: Install Dependencies | |
run: | | |
python -m pip install --upgrade pip \ | |
&& python -m pip install poetry \ | |
&& poetry config virtualenvs.create false \ | |
&& poetry install --no-root | |
- name: Run Python Tests | |
run: | | |
bash ./scripts/test-cov.sh | |
- name: Upload Coverage | |
uses: codecov/codecov-action@v4 | |
with: | |
token: ${{ secrets.CODECOV_TOKEN }} | |
env_vars: OS,PYTHON | |
files: ./coverage.xml | |
flags: unittests | |
name: codecov-umbrella | |
fail_ci_if_error: false | |
verbose: false |