Skip to content

CI

CI #278

Workflow file for this run

name: CI
on:
push:
branches: [ "prod" ]
pull_request:
branches: [ "prod" ]
workflow_dispatch:
jobs:
test:
runs-on: ${{ matrix.os }}
permissions:
id-token: write
contents: read
environment: GCAPI-Backend
strategy:
fail-fast: true
matrix:
os: ["ubuntu-latest"]
python-version: ["3.11"]
env:
API_MODE: "test"
ENVIRONMENT: "pytest"
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
API_ALLOWED_CORS: ${{ secrets.API_ALLOWED_CORS }}
API_RSA_PRIVATE_KEY: ${{ secrets.API_RSA_PRIVATE_KEY }}
API_RSA_PUBLIC_KEY: ${{ secrets.API_RSA_PUBLIC_KEY }}
API_SECRET_KEY: ${{ secrets.API_SECRET_KEY }}
API_CSRF_KEY: ${{ secrets.API_CSRF_KEY }}
API_ENCRYPTION_KEY: ${{ secrets.API_ENCRYPTION_KEY }}
API_ENCRYPTION_SALT: ${{ secrets.API_ENCRYPTION_SALT }}
API_QUERY_LIMIT_OFFSET_DEFAULT: ${{ secrets.API_QUERY_LIMIT_OFFSET_DEFAULT }}
API_QUERY_LIMIT_ROWS_DEFAULT: ${{ secrets.API_QUERY_LIMIT_ROWS_DEFAULT }}
API_QUERY_LIMIT_ROWS_MAX: ${{ secrets.API_QUERY_LIMIT_ROWS_MAX }}
AUTH0_DOMAIN: ${{ secrets.AUTH0_DOMAIN }}
AUTH0_API_AUDIENCE: ${{ secrets.AUTH0_API_AUDIENCE }}
AUTH0_SPA_CLIENT_ID: ${{ secrets.AUTH0_SPA_CLIENT_ID }}
AUTH0_SPA_CLIENT_SECRET: ${{ secrets.AUTH0_SPA_CLIENT_SECRET }}
AUTH0_M2M_CLIENT_ID: ${{ secrets.AUTH0_M2M_CLIENT_ID }}
AUTH0_M2M_CLIENT_SECRET: ${{ secrets.AUTH0_M2M_CLIENT_SECRET }}
AUTH0_FIRST_ADMIN_AUTH_ID: ${{ secrets.AUTH0_FIRST_ADMIN_AUTH_ID }}
AUTH0_FIRST_ADMIN: ${{ secrets.AUTH0_FIRST_ADMIN }}
AUTH0_FIRST_ADMIN_PASSWORD: ${{ secrets.AUTH0_FIRST_ADMIN_PASSWORD }}
AUTH0_FIRST_ADMIN_PICTURE: ${{ secrets.AUTH0_FIRST_ADMIN_PICTURE }}
AUTH0_FIRST_MANAGER_AUTH_ID: ${{ secrets.AUTH0_FIRST_MANAGER_AUTH_ID }}
AUTH0_FIRST_MANAGER: ${{ secrets.AUTH0_FIRST_MANAGER }}
AUTH0_FIRST_MANAGER_PASSWORD: ${{ secrets.AUTH0_FIRST_MANAGER_PASSWORD }}
AUTH0_FIRST_MANAGER_PICTURE: ${{ secrets.AUTH0_FIRST_MANAGER_PICTURE }}
AUTH0_FIRST_EMPLOYEE_AUTH_ID: ${{ secrets.AUTH0_FIRST_EMPLOYEE_AUTH_ID }}
AUTH0_FIRST_EMPLOYEE: ${{ secrets.AUTH0_FIRST_EMPLOYEE }}
AUTH0_FIRST_EMPLOYEE_PASSWORD: ${{ secrets.AUTH0_FIRST_EMPLOYEE_PASSWORD }}
AUTH0_FIRST_EMPLOYEE_PICTURE: ${{ secrets.AUTH0_FIRST_EMPLOYEE_PICTURE }}
AUTH0_FIRST_CLIENT_A_AUTH_ID: ${{ secrets.AUTH0_FIRST_CLIENT_A_AUTH_ID }}
AUTH0_FIRST_CLIENT_A: ${{ secrets.AUTH0_FIRST_CLIENT_A }}
AUTH0_FIRST_CLIENT_A_PASSWORD: ${{ secrets.AUTH0_FIRST_CLIENT_A_PASSWORD }}
AUTH0_FIRST_CLIENT_A_PICTURE: ${{ secrets.AUTH0_FIRST_CLIENT_A_PICTURE }}
AUTH0_FIRST_CLIENT_B_AUTH_ID: ${{ secrets.AUTH0_FIRST_CLIENT_B_AUTH_ID }}
AUTH0_FIRST_CLIENT_B: ${{ secrets.AUTH0_FIRST_CLIENT_B }}
AUTH0_FIRST_CLIENT_B_PASSWORD: ${{ secrets.AUTH0_FIRST_CLIENT_B_PASSWORD }}
AUTH0_FIRST_CLIENT_B_PICTURE: ${{ secrets.AUTH0_FIRST_CLIENT_B_PICTURE }}
AUTH0_FIRST_USER_VERIFIED_AUTH_ID: ${{ secrets.AUTH0_FIRST_USER_VERIFIED_AUTH_ID }}
AUTH0_FIRST_USER_VERIFIED: ${{ secrets.AUTH0_FIRST_USER_VERIFIED }}
AUTH0_FIRST_USER_VERIFIED_PASSWORD: ${{ secrets.AUTH0_FIRST_USER_VERIFIED_PASSWORD }}
AUTH0_FIRST_USER_UNVERIFIED_AUTH_ID: ${{ secrets.AUTH0_FIRST_USER_UNVERIFIED_AUTH_ID }}
AUTH0_FIRST_USER_UNVERIFIED: ${{ secrets.AUTH0_FIRST_USER_UNVERIFIED }}
AUTH0_FIRST_USER_UNVERIFIED_PASSWORD: ${{ secrets.AUTH0_FIRST_USER_UNVERIFIED_PASSWORD }}
EMAIL_ENABLED: ${{ secrets.EMAIL_ENABLED }}
EMAIL_FROM_EMAIL: ${{ secrets.EMAIL_FROM_EMAIL }}
EMAIL_FROM_NAME: ${{ secrets.EMAIL_FROM_NAME }}
EMAIL_PROVIDER_RESTRICTION: ${{ secrets.EMAIL_PROVIDER_RESTRICTION }}
EMAIL_ALLOWED_PROVIDERS: ${{ secrets.EMAIL_ALLOWED_PROVIDERS }}
EMAIL_ALLOWED_FROM_EMAILS: ${{ secrets.EMAIL_ALLOWED_FROM_EMAILS }}
EMAIL_TEST_USER: ${{ secrets.EMAIL_TEST_USER }}
CLOUDKEY_IPINFO: ${{ secrets.CLOUDKEY_IPINFO }}
CLOUDKEY_GOOGLE_API: ${{ secrets.CLOUDKEY_GOOGLE_API }}
CLOUDKEY_AWS_ACCESS_KEY_ID: ${{ secrets.CLOUDKEY_AWS_ACCESS_KEY_ID }}
CLOUDKEY_AWS_SECRET_ACCESS_KEY: ${{ secrets.CLOUDKEY_AWS_SECRET_ACCESS_KEY }}
CLOUDKEY_AWS_DEFAULT_REGION: ${{ secrets.CLOUDKEY_AWS_DEFAULT_REGION }}
CLOUDKEY_AWS_S3_DEFAULT_BUCKET: ${{ secrets.CLOUDKEY_AWS_S3_DEFAULT_BUCKET }}
AWS_GITHUB_OIDC_ROLE_ARN: ${{ secrets.AWS_GITHUB_OIDC_ROLE_ARN }}
steps:
- name: Checkout Source
uses: actions/checkout@v4
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.CLOUDKEY_AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.CLOUDKEY_AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.CLOUDKEY_AWS_DEFAULT_REGION }}
role-to-assume: ${{ secrets.AWS_GITHUB_OIDC_ROLE_ARN }}
role-duration-seconds: 1200
role-session-name: GithubCiActionSession
- name: Load AWS Account
run: aws sts get-caller-identity
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
cache: "pip"
- name: Install Dependencies
run: |
python -m pip install --upgrade pip \
&& python -m pip install poetry \
&& poetry config virtualenvs.create false \
&& poetry install --no-root
- name: Run Python Tests
run: |
bash ./scripts/test-cov.sh
- name: Upload Coverage
uses: codecov/codecov-action@v4
with:
token: ${{ secrets.CODECOV_TOKEN }}
env_vars: OS,PYTHON
files: ./coverage.xml
flags: unittests
name: codecov-umbrella
fail_ci_if_error: false
verbose: false