From b47297c17630a5fbee714d2fd925f5037779f07d Mon Sep 17 00:00:00 2001 From: Alexandre Teles Date: Fri, 30 Sep 2022 20:56:23 -0300 Subject: [PATCH] Squashed commit of the following: commit c44da582e8987d03937d9477c3c3c47646cd386b Author: Alexandre Teles Date: Fri Sep 30 20:53:36 2022 -0300 fix: remove trivy until we figure it out commit 073dd468c22d55865373f0e6bf40c86c6bdb9f1c Author: Alexandre Teles Date: Fri Sep 30 20:46:58 2022 -0300 chore: remove unused files commit 2d6ec6d5e0c5be4a603f9872c2b7e1ad303080e2 Author: Alexandre Teles Date: Fri Sep 30 20:42:34 2022 -0300 fix: try to fix trivy scanner commit 2c83789cd7c780f036be35469312eee62ebe17f1 Author: Alexandre Teles Date: Fri Sep 30 20:11:59 2022 -0300 feat: add trivy scanner to CI commit 181653ad68d1c22c68f7498299e09b071e108b3c Author: Alexandre Teles Date: Fri Sep 30 19:52:35 2022 -0300 fix: use correct py version for workflows commit 6625718f5ac70df6e866680f429b4d61d7b70e27 Author: Alexandre Teles Date: Fri Sep 30 19:44:17 2022 -0300 fix: inform py version to CodeQL commit 8c9696bf0eb482619a23d2040c705203827e7f95 Author: Alexandre Teles Date: Fri Sep 30 19:23:47 2022 -0300 feature: add new workflows --- .github/workflows/codeql_analysis.yml | 59 ++++++++++++++++ .github/workflows/dev.yml | 69 +++++++++++++++++++ .../{build_features.yml => features.yml} | 21 +++--- .github/workflows/mypy.yml | 26 +++++++ .github/workflows/pull_requests.yml | 65 +++++++++++++++++ README.md | 2 +- 6 files changed, 233 insertions(+), 9 deletions(-) create mode 100644 .github/workflows/codeql_analysis.yml create mode 100644 .github/workflows/dev.yml rename .github/workflows/{build_features.yml => features.yml} (81%) create mode 100644 .github/workflows/mypy.yml create mode 100644 .github/workflows/pull_requests.yml diff --git a/.github/workflows/codeql_analysis.yml b/.github/workflows/codeql_analysis.yml new file mode 100644 index 0000000..ffe8eb7 --- /dev/null +++ b/.github/workflows/codeql_analysis.yml @@ -0,0 +1,59 @@ +name: "CodeQL" + +on: + push: + branches: [ "dev" ] + pull_request: + branches: [ "dev" ] + schedule: + - cron: '21 13 * * 3' + workflow_dispatch: + +env: + default_branch: dev + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: [ 'python' ] + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + with: + ref: ${{ env.default_branch }} + + - name: Set up Python + uses: actions/setup-python@v4 + with: + python-version: '3.10.7' + - name: Install dependencies + run: | + python -m pip install --upgrade pip + if [ -f requirements.txt ]; + then pip install -r requirements.txt; + fi + echo "CODEQL_PYTHON=$(which python)" >> $GITHUB_ENV + + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: ${{ matrix.language }} + setup-python-dependencies: false + + - name: Autobuild + uses: github/codeql-action/autobuild@v2 + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 + with: + category: "/language:${{matrix.language}}" diff --git a/.github/workflows/dev.yml b/.github/workflows/dev.yml new file mode 100644 index 0000000..35d507c --- /dev/null +++ b/.github/workflows/dev.yml @@ -0,0 +1,69 @@ +name: Build dev branch + +on: + push: + branches: [ "dev" ] + schedule: + - cron: '24 9 * * 6' + workflow_dispatch: + +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} + IMAGE_TAG: ${{ github.sha }} + +jobs: + security_checks: + runs-on: ubuntu-latest + name: Security check + steps: + - uses: actions/checkout@v2 + - name: Security Checks (PyCharm Security) + uses: tonybaloney/pycharm-security@master + with: + path: . + + build: + needs: security_checks + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + + steps: + - name: Checkout Dockerfile + id: checkout + uses: actions/checkout@v3 + with: + ref: ${{ inputs.branch }} + + - name: Setup QEMU + id: qemu + uses: docker/setup-qemu-action@v1 + with: + image: tonistiigi/binfmt:latest + platforms: all + + - name: Setup Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v1 + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v3 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + flavor: | + latest=${{ startsWith(github.ref, 'refs/heads/main') }} + suffix=-${{ github.sha }} + + - name: Build Docker image + id: build + uses: docker/build-push-action@v2 + with: + context: . + file: ./Dockerfile + platforms: linux/amd64,linux/arm64/v8 + push: false + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} diff --git a/.github/workflows/build_features.yml b/.github/workflows/features.yml similarity index 81% rename from .github/workflows/build_features.yml rename to .github/workflows/features.yml index 5634030..cc6cb90 100644 --- a/.github/workflows/build_features.yml +++ b/.github/workflows/features.yml @@ -1,10 +1,10 @@ -name: Test build a feature branch +name: Build a feature branch on: workflow_dispatch: inputs: branch: - description: 'The branch to test build' + description: 'Branch' required: true default: '' @@ -14,7 +14,18 @@ env: IMAGE_TAG: ${{ github.sha }} jobs: + security_checks: + runs-on: ubuntu-latest + name: Security check + steps: + - uses: actions/checkout@v2 + - name: Security Checks (PyCharm Security) + uses: tonybaloney/pycharm-security@master + with: + path: . + build: + needs: security_checks runs-on: ubuntu-latest permissions: contents: read @@ -57,9 +68,3 @@ jobs: push: false tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - - - name: Upload image - uses: ishworkh/docker-image-artifact-upload@v1 - with: - image: ${{ steps.meta.outputs.tags }} - retention_days: "1" \ No newline at end of file diff --git a/.github/workflows/mypy.yml b/.github/workflows/mypy.yml new file mode 100644 index 0000000..a2eede7 --- /dev/null +++ b/.github/workflows/mypy.yml @@ -0,0 +1,26 @@ +name: MyPy Type Checking + +on: + push: + paths: + - '*.py' + +jobs: + mypy: + runs-on: ubuntu-latest + steps: + - name: Setup Python + uses: actions/setup-python@v1 + with: + python-version: 3.10.7 + architecture: x64 + - name: Checkout + uses: actions/checkout@v1 + - name: Install mypy + run: pip install mypy + - name: Run mypy + uses: sasanquaneuf/mypy-github-action@releases/v1 + with: + checkName: 'mypy' + env: + GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/pull_requests.yml b/.github/workflows/pull_requests.yml new file mode 100644 index 0000000..c00b953 --- /dev/null +++ b/.github/workflows/pull_requests.yml @@ -0,0 +1,65 @@ +on: + pull_request: + branches: [ "main", "dev" ] + workflow_dispatch: + +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} + IMAGE_TAG: ${{ github.sha }} + +jobs: + security_checks: + runs-on: ubuntu-latest + name: Security check + steps: + - uses: actions/checkout@v2 + - name: Security Checks (PyCharm Security) + uses: tonybaloney/pycharm-security@master + with: + path: . + + build: + needs: security_checks + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + + steps: + - name: Checkout Dockerfile + id: checkout + uses: actions/checkout@v3 + with: + ref: ${{ inputs.branch }} + + - name: Setup QEMU + id: qemu + uses: docker/setup-qemu-action@v1 + with: + image: tonistiigi/binfmt:latest + platforms: all + + - name: Setup Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v1 + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v3 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + flavor: | + latest=${{ startsWith(github.ref, 'refs/heads/main') }} + suffix=-${{ github.sha }} + + - name: Build Docker image + id: build + uses: docker/build-push-action@v2 + with: + context: . + file: ./Dockerfile + platforms: linux/amd64,linux/arm64/v8 + push: false + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} diff --git a/README.md b/README.md index 32b80c7..97d597a 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ ![License: AGPLv3](https://img.shields.io/github/license/revanced/revanced-releases-api) ![GitHub last commit](https://img.shields.io/github/last-commit/revanced/revanced-releases-api) -![GitHub Workflow Status](https://img.shields.io/github/workflow/status/revanced/revanced-releases-api/Main%20build) +![GitHub Workflow Status](https://img.shields.io/github/workflow/status/revanced/revanced-releases-api/Build%20dev%20branch) This is a simple API that returns the latest ReVanced releases, patches and contributors.