Skip to content

2024-06-15 20:12 - updates #158

2024-06-15 20:12 - updates

2024-06-15 20:12 - updates #158

Workflow file for this run

name: Test
on:
push:
branches:
- develop
- master
- staging
- release/*
- feature/*
- bugfix/*
- hotfix/*
pull_request:
branches: [develop, master]
types: [synchronize, opened, reopened, ready_for_review]
concurrency:
group: "${{ github.workflow }}-${{ github.ref }}"
cancel-in-progress: true
defaults:
run:
shell: bash
jobs:
setup:
# if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name
name: setup
runs-on: ubuntu-latest
timeout-minutes: 3
defaults:
run:
shell: bash
outputs:
checksum: ${{ steps.checksum.outputs.checksum }}
test_image_name: ${{ steps.image_name.outputs.name }}
test_image_date: ${{ steps.meta.outputs.build_date }}
test_image_build_number: ${{ steps.meta.outputs.build_number }}
test_image_checksum: ${{ steps.meta.outputs.checksum }}
test_image_updated: ${{ steps.meta.outputs.updated }}
version: ${{ steps.meta.outputs.version }}
# last_commit: ${{ steps.env.outputs.last_commit }}
# branch: ${{ steps.env.outputs.branch }}
# date: ${{ steps.env.outputs.date }}
# dist_image: ${{ steps.env.outputs.dist_image }}
# docker: ${{ steps.changes.outputs.docker_base }}
# python_files: ${{ steps.changes.outputs.python }}
# tags: ${{ steps.meta.outputs.tags }}
# tag: ${{ steps.meta.outputs.version }}
# image_name: ${{ steps.image_name.outputs.name }}
steps:
# - run: git config --global --add safe.directory $(realpath .)
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- id: changes
name: Check for file changes
uses: dorny/paths-filter@0bc4621a3135347011ad047f9ecf449bf72ce2bd # v3.0.0
with:
base: ${{ github.ref }}
token: ${{ github.token }}
filters: .github/file-filters.yml
- id: checksum
uses: ./.github/actions/checksum
- id: image_name
run: |
branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}
ver="${branch/\//-}"
echo "name=${{vars.DOCKER_IMAGE}}:test-$ver" >> $GITHUB_OUTPUT
- name: Image meta
id: meta
uses: ./.github/actions/image_meta
with:
image: ${{steps.image_name.outputs.name}}
checksum: ${{steps.checksum.outputs.checksum}}
username: ${{ inputs.username }}
password: ${{ inputs.password }}
echo:
name: Dump Configuration
needs: [setup]
runs-on: ubuntu-latest
steps:
- run: |
echo ""
echo "${{ toJSON(needs.setup.outputs) }}"
build:
# if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name
name: Build Testing Docker Image
needs: [setup]
if: needs.setup.outputs.updated != 'true'
runs-on: ubuntu-latest
defaults:
run:
shell: bash
outputs:
image: ${{ steps.image_name.outputs.name }}
steps:
- name: Checkout code
uses: actions/checkout@v2
- id: doit
uses: ./.github/actions/docker_build
with:
image: ${{needs.setup.outputs.test_image_name}}
checksum: ${{needs.setup.outputs.checksum}}
target: "python_dev_deps"
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
token: ${{ secrets.GITHUB_TOKEN }}
test:
# if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name
name: Run Tests
needs: [build]
runs-on: ubuntu-latest
services:
redis:
image: redis
db:
image: postgres:14
env:
POSTGRES_DATABASE: dedupe
POSTGRES_PASSWORD: postgres
POSTGRES_USERNAME: postgres
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
env:
DOCKER_DEFAULT_PLATFORM: linux/amd64
steps:
- name: Checkout code
uses: actions/checkout@v2
- run: |
echo ""
echo "${{ toJSON(needs.build.outputs) }}"
- name: Run tests
run: |
docker run --rm \
-e DATABASE_URL=postgres://postgres:postgres@db:5432/dedupe \
-e SECRET_KEY=secret_key \
-e CACHE_URL=redis://redis:6379/0 \
-e CELERY_BROKER_URL=redis://redis:6379/0 \
--network host \
-v $PWD:/code/app \
-w /code/app \
-t "${{needs.build.outputs.test_image}}" \
pytest tests -v
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v4
with:
env_vars: OS,PYTHON
fail_ci_if_error: true
files: coverage.xml
token: ${{ secrets.CODECOV_TOKEN }}
verbose: false
name: codecov-${{env.GITHUB_REF_NAME}}
release:
# if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name
name: Release deployment image
needs: [setup, test]
runs-on: ubuntu-latest
defaults:
run:
shell: bash
outputs:
image: ${{steps.image_name.outputs.name}}
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Define target image name
id: image_name
run: |
echo "name=${{vars.DOCKER_IMAGE}}:${{needs.setup.outputs.tag}}" >> $GITHUB_OUTPUT
- id: doit
uses: ./.github/actions/docker_build
with:
image: ${{steps.image_name.outputs.name}}
checksum: ${{needs.setup.outputs.hash}}
target: "dist"
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
token: ${{ secrets.GITHUB_TOKEN }}
- run: |
echo "::notice:: ${{steps.image_name.outputs.name}} pushed to dockerhub"
trivy:
name: Check Image with Trivy
runs-on: ubuntu-latest
needs: [release]
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: DockerHub login
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ needs.release.outputs.image }}
format: 'sarif'
output: 'trivy-results.sarif'
# format: 'table'
# exit-code: '0'
# ignore-unfixed: true
# vuln-type: 'os,library'
# severity: 'CRITICAL,HIGH'
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: 'trivy-results.sarif'