CI #275
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [ "prod" ] | |
| pull_request: | |
| branches: [ "prod" ] | |
| workflow_dispatch: | |
| permissions: | |
| id-token: write | |
| contents: read | |
| jobs: | |
| test: | |
| runs-on: ${{ matrix.os }} | |
| environment: GCAPI-Backend | |
| strategy: | |
| fail-fast: true | |
| matrix: | |
| os: ["ubuntu-latest"] | |
| python-version: ["3.11"] | |
| env: | |
| API_MODE: "test" | |
| ENVIRONMENT: "pytest" | |
| CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
| SENTRY_DSN: ${{ secrets.SENTRY_DSN }} | |
| API_ALLOWED_CORS: ${{ secrets.API_ALLOWED_CORS }} | |
| API_RSA_PRIVATE_KEY: ${{ secrets.API_RSA_PRIVATE_KEY }} | |
| API_RSA_PUBLIC_KEY: ${{ secrets.API_RSA_PUBLIC_KEY }} | |
| API_SECRET_KEY: ${{ secrets.API_SECRET_KEY }} | |
| API_CSRF_KEY: ${{ secrets.API_CSRF_KEY }} | |
| API_ENCRYPTION_KEY: ${{ secrets.API_ENCRYPTION_KEY }} | |
| API_ENCRYPTION_SALT: ${{ secrets.API_ENCRYPTION_SALT }} | |
| API_QUERY_LIMIT_OFFSET_DEFAULT: ${{ secrets.API_QUERY_LIMIT_OFFSET_DEFAULT }} | |
| API_QUERY_LIMIT_ROWS_DEFAULT: ${{ secrets.API_QUERY_LIMIT_ROWS_DEFAULT }} | |
| API_QUERY_LIMIT_ROWS_MAX: ${{ secrets.API_QUERY_LIMIT_ROWS_MAX }} | |
| AUTH0_DOMAIN: ${{ secrets.AUTH0_DOMAIN }} | |
| AUTH0_API_AUDIENCE: ${{ secrets.AUTH0_API_AUDIENCE }} | |
| AUTH0_SPA_CLIENT_ID: ${{ secrets.AUTH0_SPA_CLIENT_ID }} | |
| AUTH0_SPA_CLIENT_SECRET: ${{ secrets.AUTH0_SPA_CLIENT_SECRET }} | |
| AUTH0_M2M_CLIENT_ID: ${{ secrets.AUTH0_M2M_CLIENT_ID }} | |
| AUTH0_M2M_CLIENT_SECRET: ${{ secrets.AUTH0_M2M_CLIENT_SECRET }} | |
| AUTH0_FIRST_ADMIN_AUTH_ID: ${{ secrets.AUTH0_FIRST_ADMIN_AUTH_ID }} | |
| AUTH0_FIRST_ADMIN: ${{ secrets.AUTH0_FIRST_ADMIN }} | |
| AUTH0_FIRST_ADMIN_PASSWORD: ${{ secrets.AUTH0_FIRST_ADMIN_PASSWORD }} | |
| AUTH0_FIRST_ADMIN_PICTURE: ${{ secrets.AUTH0_FIRST_ADMIN_PICTURE }} | |
| AUTH0_FIRST_MANAGER_AUTH_ID: ${{ secrets.AUTH0_FIRST_MANAGER_AUTH_ID }} | |
| AUTH0_FIRST_MANAGER: ${{ secrets.AUTH0_FIRST_MANAGER }} | |
| AUTH0_FIRST_MANAGER_PASSWORD: ${{ secrets.AUTH0_FIRST_MANAGER_PASSWORD }} | |
| AUTH0_FIRST_MANAGER_PICTURE: ${{ secrets.AUTH0_FIRST_MANAGER_PICTURE }} | |
| AUTH0_FIRST_EMPLOYEE_AUTH_ID: ${{ secrets.AUTH0_FIRST_EMPLOYEE_AUTH_ID }} | |
| AUTH0_FIRST_EMPLOYEE: ${{ secrets.AUTH0_FIRST_EMPLOYEE }} | |
| AUTH0_FIRST_EMPLOYEE_PASSWORD: ${{ secrets.AUTH0_FIRST_EMPLOYEE_PASSWORD }} | |
| AUTH0_FIRST_EMPLOYEE_PICTURE: ${{ secrets.AUTH0_FIRST_EMPLOYEE_PICTURE }} | |
| AUTH0_FIRST_CLIENT_A_AUTH_ID: ${{ secrets.AUTH0_FIRST_CLIENT_A_AUTH_ID }} | |
| AUTH0_FIRST_CLIENT_A: ${{ secrets.AUTH0_FIRST_CLIENT_A }} | |
| AUTH0_FIRST_CLIENT_A_PASSWORD: ${{ secrets.AUTH0_FIRST_CLIENT_A_PASSWORD }} | |
| AUTH0_FIRST_CLIENT_A_PICTURE: ${{ secrets.AUTH0_FIRST_CLIENT_A_PICTURE }} | |
| AUTH0_FIRST_CLIENT_B_AUTH_ID: ${{ secrets.AUTH0_FIRST_CLIENT_B_AUTH_ID }} | |
| AUTH0_FIRST_CLIENT_B: ${{ secrets.AUTH0_FIRST_CLIENT_B }} | |
| AUTH0_FIRST_CLIENT_B_PASSWORD: ${{ secrets.AUTH0_FIRST_CLIENT_B_PASSWORD }} | |
| AUTH0_FIRST_CLIENT_B_PICTURE: ${{ secrets.AUTH0_FIRST_CLIENT_B_PICTURE }} | |
| AUTH0_FIRST_USER_VERIFIED_AUTH_ID: ${{ secrets.AUTH0_FIRST_USER_VERIFIED_AUTH_ID }} | |
| AUTH0_FIRST_USER_VERIFIED: ${{ secrets.AUTH0_FIRST_USER_VERIFIED }} | |
| AUTH0_FIRST_USER_VERIFIED_PASSWORD: ${{ secrets.AUTH0_FIRST_USER_VERIFIED_PASSWORD }} | |
| AUTH0_FIRST_USER_UNVERIFIED_AUTH_ID: ${{ secrets.AUTH0_FIRST_USER_UNVERIFIED_AUTH_ID }} | |
| AUTH0_FIRST_USER_UNVERIFIED: ${{ secrets.AUTH0_FIRST_USER_UNVERIFIED }} | |
| AUTH0_FIRST_USER_UNVERIFIED_PASSWORD: ${{ secrets.AUTH0_FIRST_USER_UNVERIFIED_PASSWORD }} | |
| EMAIL_ENABLED: ${{ secrets.EMAIL_ENABLED }} | |
| EMAIL_FROM_EMAIL: ${{ secrets.EMAIL_FROM_EMAIL }} | |
| EMAIL_FROM_NAME: ${{ secrets.EMAIL_FROM_NAME }} | |
| EMAIL_PROVIDER_RESTRICTION: ${{ secrets.EMAIL_PROVIDER_RESTRICTION }} | |
| EMAIL_ALLOWED_PROVIDERS: ${{ secrets.EMAIL_ALLOWED_PROVIDERS }} | |
| EMAIL_ALLOWED_FROM_EMAILS: ${{ secrets.EMAIL_ALLOWED_FROM_EMAILS }} | |
| EMAIL_TEST_USER: ${{ secrets.EMAIL_TEST_USER }} | |
| CLOUDKEY_IPINFO: ${{ secrets.CLOUDKEY_IPINFO }} | |
| CLOUDKEY_GOOGLE_API: ${{ secrets.CLOUDKEY_GOOGLE_API }} | |
| CLOUDKEY_AWS_ACCESS_KEY_ID: ${{ secrets.CLOUDKEY_AWS_ACCESS_KEY_ID }} | |
| CLOUDKEY_AWS_SECRET_ACCESS_KEY: ${{ secrets.CLOUDKEY_AWS_SECRET_ACCESS_KEY }} | |
| CLOUDKEY_AWS_DEFAULT_REGION: ${{ secrets.CLOUDKEY_AWS_DEFAULT_REGION }} | |
| CLOUDKEY_AWS_S3_DEFAULT_BUCKET: ${{ secrets.CLOUDKEY_AWS_S3_DEFAULT_BUCKET }} | |
| AWS_GITHUB_OIDC_ROLE_ARN: ${{ secrets.AWS_GITHUB_OIDC_ROLE_ARN }} | |
| steps: | |
| - name: Checkout Source | |
| uses: actions/checkout@v4 | |
| - name: Setup Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| cache: "pip" | |
| - name: Install Dependencies | |
| run: | | |
| python -m pip install --upgrade pip \ | |
| && python -m pip install poetry \ | |
| && poetry config virtualenvs.create false \ | |
| && poetry install --no-root | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-region: ${{ secrets.CLOUDKEY_AWS_DEFAULT_REGION }} | |
| role-to-assume: ${{ secrets.AWS_GITHUB_OIDC_ROLE_ARN }} | |
| - name: Load AWS Account | |
| run: aws sts get-caller-identity | |
| - name: Run Python Tests | |
| run: | | |
| bash ./scripts/test-cov.sh | |
| - name: Upload Coverage | |
| uses: codecov/codecov-action@v4 | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| env_vars: OS,PYTHON | |
| files: ./coverage.xml | |
| flags: unittests | |
| name: codecov-umbrella | |
| fail_ci_if_error: false | |
| verbose: false |