From 8c9696bf0eb482619a23d2040c705203827e7f95 Mon Sep 17 00:00:00 2001 From: Alexandre Teles Date: Fri, 30 Sep 2022 19:23:47 -0300 Subject: [PATCH] feature: add new workflows --- .github/workflows/codeql_analysis.yml | 49 ++++++++++ .github/workflows/dev.yml | 93 +++++++++++++++++++ .../{build_features.yml => features.yml} | 45 +++++++-- .github/workflows/mypy.yml | 26 ++++++ .github/workflows/pull_requests.yml | 89 ++++++++++++++++++ 5 files changed, 294 insertions(+), 8 deletions(-) create mode 100644 .github/workflows/codeql_analysis.yml create mode 100644 .github/workflows/dev.yml rename .github/workflows/{build_features.yml => features.yml} (53%) create mode 100644 .github/workflows/mypy.yml create mode 100644 .github/workflows/pull_requests.yml diff --git a/.github/workflows/codeql_analysis.yml b/.github/workflows/codeql_analysis.yml new file mode 100644 index 0000000..3d77560 --- /dev/null +++ b/.github/workflows/codeql_analysis.yml @@ -0,0 +1,49 @@ +name: "CodeQL" + +on: + push: + branches: [ "main", "dev" ] + pull_request: + branches: [ "main", "dev" ] + schedule: + - cron: '21 13 * * 3' + workflow_dispatch: + inputs: + branch: + description: 'Custom branch' + required: false + default: '' + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: [ 'python' ] + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + if: github.event_name == 'workflow_dispatch' && github.event.inputs.branch != '' + with: + ref: ${{ inputs.branch }} + + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: ${{ matrix.language }} + + - name: Autobuild + uses: github/codeql-action/autobuild@v2 + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 + with: + category: "/language:${{matrix.language}}" diff --git a/.github/workflows/dev.yml b/.github/workflows/dev.yml new file mode 100644 index 0000000..ab4ecc1 --- /dev/null +++ b/.github/workflows/dev.yml @@ -0,0 +1,93 @@ +name: Build dev branch + +on: + push: + branches: [ "dev" ] + schedule: + - cron: '24 9 * * 6' + workflow_dispatch: + +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} + IMAGE_TAG: ${{ github.sha }} + +jobs: + + flake8: + name: Code Quality + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: Set up Python 3.10.6 + uses: actions/setup-python@v1 + with: + python-version: 3.10.6 + - name: Lint with flake8 + run: | + pip install flake8 flake8-html + # stop the build if there are Python syntax errors or undefined names + flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics + # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide + mkdir -p reports/flake8 + flake8 . --count --exit-zero --max-complexity=10 --max-line-length=79 --statistics --format=html --htmldir=reports/flake8 + - name: Archive flake8 coverage results + uses: actions/upload-artifact@v1 + with: + name: flake8-coverage-report + path: reports/flake8/ + + security_checks: + needs: pytest + runs-on: ubuntu-latest + name: Security check + steps: + - uses: actions/checkout@v2 + - name: Security Checks (PyCharm Security) + uses: tonybaloney/pycharm-security@master + with: + path: . + + build: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + + steps: + - name: Checkout Dockerfile + id: checkout + uses: actions/checkout@v3 + with: + ref: ${{ inputs.branch }} + + - name: Setup QEMU + id: qemu + uses: docker/setup-qemu-action@v1 + with: + image: tonistiigi/binfmt:latest + platforms: all + + - name: Setup Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v1 + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v3 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + flavor: | + latest=${{ startsWith(github.ref, 'refs/heads/main') }} + suffix=-${{ github.sha }} + + - name: Build Docker image + id: build + uses: docker/build-push-action@v2 + with: + context: . + file: ./Dockerfile + platforms: linux/amd64,linux/arm64/v8 + push: false + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} diff --git a/.github/workflows/build_features.yml b/.github/workflows/features.yml similarity index 53% rename from .github/workflows/build_features.yml rename to .github/workflows/features.yml index 5634030..5879ec3 100644 --- a/.github/workflows/build_features.yml +++ b/.github/workflows/features.yml @@ -1,10 +1,10 @@ -name: Test build a feature branch +name: Build a feature branch on: workflow_dispatch: inputs: branch: - description: 'The branch to test build' + description: 'Branch' required: true default: '' @@ -14,6 +14,41 @@ env: IMAGE_TAG: ${{ github.sha }} jobs: + + flake8: + name: Code Quality + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: Set up Python 3.10 + uses: actions/setup-python@v1 + with: + python-version: 3.10 + - name: Lint with flake8 + run: | + pip install flake8 flake8-html + # stop the build if there are Python syntax errors or undefined names + flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics + # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide + mkdir -p reports/flake8 + flake8 . --count --exit-zero --max-complexity=10 --max-line-length=79 --statistics --format=html --htmldir=reports/flake8 + - name: Archive flake8 coverage results + uses: actions/upload-artifact@v1 + with: + name: flake8-coverage-report + path: reports/flake8/ + + security_checks: + needs: pytest + runs-on: ubuntu-latest + name: Security check + steps: + - uses: actions/checkout@v2 + - name: Security Checks (PyCharm Security) + uses: tonybaloney/pycharm-security@master + with: + path: . + build: runs-on: ubuntu-latest permissions: @@ -57,9 +92,3 @@ jobs: push: false tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - - - name: Upload image - uses: ishworkh/docker-image-artifact-upload@v1 - with: - image: ${{ steps.meta.outputs.tags }} - retention_days: "1" \ No newline at end of file diff --git a/.github/workflows/mypy.yml b/.github/workflows/mypy.yml new file mode 100644 index 0000000..922f009 --- /dev/null +++ b/.github/workflows/mypy.yml @@ -0,0 +1,26 @@ +name: MyPy Type Checking + +on: + push: + paths: + - '*.py' + +jobs: + mypy: + runs-on: ubuntu-latest + steps: + - name: Setup Python + uses: actions/setup-python@v1 + with: + python-version: 3.10.6 + architecture: x64 + - name: Checkout + uses: actions/checkout@v1 + - name: Install mypy + run: pip install mypy + - name: Run mypy + uses: sasanquaneuf/mypy-github-action@releases/v1 + with: + checkName: 'mypy' + env: + GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/pull_requests.yml b/.github/workflows/pull_requests.yml new file mode 100644 index 0000000..5dfa49c --- /dev/null +++ b/.github/workflows/pull_requests.yml @@ -0,0 +1,89 @@ +on: + pull_request: + branches: [ "main", "dev" ] + workflow_dispatch: + +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} + IMAGE_TAG: ${{ github.sha }} + +jobs: + + flake8: + name: Code Quality + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: Set up Python 3.10.6 + uses: actions/setup-python@v1 + with: + python-version: 3.10.6 + - name: Lint with flake8 + run: | + pip install flake8 flake8-html + # stop the build if there are Python syntax errors or undefined names + flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics + # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide + mkdir -p reports/flake8 + flake8 . --count --exit-zero --max-complexity=10 --max-line-length=79 --statistics --format=html --htmldir=reports/flake8 + - name: Archive flake8 coverage results + uses: actions/upload-artifact@v1 + with: + name: flake8-coverage-report + path: reports/flake8/ + + security_checks: + needs: pytest + runs-on: ubuntu-latest + name: Security check + steps: + - uses: actions/checkout@v2 + - name: Security Checks (PyCharm Security) + uses: tonybaloney/pycharm-security@master + with: + path: . + + build: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + + steps: + - name: Checkout Dockerfile + id: checkout + uses: actions/checkout@v3 + with: + ref: ${{ inputs.branch }} + + - name: Setup QEMU + id: qemu + uses: docker/setup-qemu-action@v1 + with: + image: tonistiigi/binfmt:latest + platforms: all + + - name: Setup Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v1 + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v3 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + flavor: | + latest=${{ startsWith(github.ref, 'refs/heads/main') }} + suffix=-${{ github.sha }} + + - name: Build Docker image + id: build + uses: docker/build-push-action@v2 + with: + context: . + file: ./Dockerfile + platforms: linux/amd64,linux/arm64/v8 + push: false + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }}