231 lines
6.6 KiB
YAML
231 lines
6.6 KiB
YAML
name: passbook-ci
|
|
on:
|
|
- push
|
|
env:
|
|
POSTGRES_DB: passbook
|
|
POSTGRES_USER: passbook
|
|
POSTGRES_PASSWORD: "EK-5jnKfjrGRm<77"
|
|
|
|
jobs:
|
|
# Linting
|
|
pylint:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v1
|
|
- uses: actions/setup-python@v1
|
|
with:
|
|
python-version: '3.8'
|
|
- name: Install dependencies
|
|
run: sudo pip install -U wheel pipenv && pipenv install --dev
|
|
- name: Lint with pylint
|
|
run: pipenv run pylint passbook
|
|
black:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v1
|
|
- uses: actions/setup-python@v1
|
|
with:
|
|
python-version: '3.8'
|
|
- name: Install dependencies
|
|
run: sudo pip install -U wheel pipenv && pipenv install --dev
|
|
- name: Lint with black
|
|
run: pipenv run black --check passbook
|
|
prospector:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v1
|
|
- uses: actions/setup-python@v1
|
|
with:
|
|
python-version: '3.8'
|
|
- name: Install dependencies
|
|
run: sudo pip install -U wheel pipenv && pipenv install --dev && pipenv install --dev prospector --skip-lock
|
|
- name: Lint with prospector
|
|
run: pipenv run prospector
|
|
bandit:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v1
|
|
- uses: actions/setup-python@v1
|
|
with:
|
|
python-version: '3.8'
|
|
- name: Install dependencies
|
|
run: sudo pip install -U wheel pipenv && pipenv install --dev
|
|
- name: Lint with bandit
|
|
run: pipenv run bandit -r passbook
|
|
snyk:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@master
|
|
- name: Run Snyk to check for vulnerabilities
|
|
uses: snyk/actions/python@master
|
|
env:
|
|
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
|
|
pyright:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v1
|
|
- uses: actions/setup-node@v1
|
|
with:
|
|
node-version: '12'
|
|
- uses: actions/setup-python@v1
|
|
with:
|
|
python-version: '3.8'
|
|
- name: Install pyright
|
|
run: npm install -g pyright
|
|
- name: Show pyright version
|
|
run: pyright --version
|
|
- name: Install dependencies
|
|
run: sudo pip install -U wheel pipenv && pipenv install --dev
|
|
- name: Lint with pyright
|
|
run: pipenv run pyright
|
|
# Actual CI tests
|
|
migrations:
|
|
needs:
|
|
- pylint
|
|
- black
|
|
- prospector
|
|
services:
|
|
postgres:
|
|
image: postgres:latest
|
|
env:
|
|
POSTGRES_DB: passbook
|
|
POSTGRES_USER: passbook
|
|
POSTGRES_PASSWORD: "EK-5jnKfjrGRm<77"
|
|
ports:
|
|
- 5432:5432
|
|
redis:
|
|
image: redis:latest
|
|
ports:
|
|
- 6379:6379
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v1
|
|
- uses: actions/setup-python@v1
|
|
with:
|
|
python-version: '3.8'
|
|
- name: Install dependencies
|
|
run: sudo pip install -U wheel pipenv && pipenv install --dev
|
|
- name: Run migrations
|
|
run: pipenv run ./manage.py migrate
|
|
coverage:
|
|
needs:
|
|
- pylint
|
|
- black
|
|
- prospector
|
|
services:
|
|
postgres:
|
|
image: postgres:latest
|
|
env:
|
|
POSTGRES_DB: passbook
|
|
POSTGRES_USER: passbook
|
|
POSTGRES_PASSWORD: "EK-5jnKfjrGRm<77"
|
|
ports:
|
|
- 5432:5432
|
|
redis:
|
|
image: redis:latest
|
|
ports:
|
|
- 6379:6379
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v1
|
|
- uses: actions/setup-python@v1
|
|
with:
|
|
python-version: '3.8'
|
|
- uses: actions/setup-node@v1
|
|
with:
|
|
node-version: '12'
|
|
- name: Install dependencies
|
|
run: |
|
|
sudo pip install -U wheel pipenv
|
|
pipenv install --dev
|
|
- name: Prepare Chrome node
|
|
run: |
|
|
cd e2e
|
|
docker-compose pull -q chrome
|
|
docker-compose up -d chrome
|
|
- name: Build static files for e2e test
|
|
run: |
|
|
cd passbook/static/static
|
|
yarn
|
|
- name: Run coverage
|
|
run: pipenv run coverage run ./manage.py test --failfast
|
|
- uses: actions/upload-artifact@v2
|
|
if: failure()
|
|
with:
|
|
path: selenium_screenshots/
|
|
- name: Create XML Report
|
|
run: pipenv run coverage xml
|
|
- uses: codecov/codecov-action@v1
|
|
with:
|
|
token: ${{ secrets.CODECOV_TOKEN }}
|
|
# Build
|
|
build-server:
|
|
needs:
|
|
- migrations
|
|
- coverage
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v1
|
|
- name: Docker Login Registry
|
|
env:
|
|
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
|
|
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
|
|
run: docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD
|
|
- name: Building Docker Image
|
|
run: docker build
|
|
--no-cache
|
|
-t beryju/passbook:gh-${GITHUB_REF##*/}
|
|
-f Dockerfile .
|
|
- name: Push Docker Container to Registry
|
|
run: docker push beryju/passbook:gh-${GITHUB_REF##*/}
|
|
build-gatekeeper:
|
|
needs:
|
|
- migrations
|
|
- coverage
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v1
|
|
- name: Docker Login Registry
|
|
env:
|
|
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
|
|
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
|
|
run: docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD
|
|
- name: Building Docker Image
|
|
run: |
|
|
cd gatekeeper
|
|
docker build \
|
|
--no-cache \
|
|
-t beryju/passbook-gatekeeper:gh-${GITHUB_REF##*/} \
|
|
-f Dockerfile .
|
|
- name: Push Docker Container to Registry
|
|
run: docker push beryju/passbook-gatekeeper:gh-${GITHUB_REF##*/}
|
|
build-static:
|
|
needs:
|
|
- migrations
|
|
- coverage
|
|
runs-on: ubuntu-latest
|
|
services:
|
|
postgres:
|
|
image: postgres:latest
|
|
env:
|
|
POSTGRES_DB: passbook
|
|
POSTGRES_USER: passbook
|
|
POSTGRES_PASSWORD: "EK-5jnKfjrGRm<77"
|
|
redis:
|
|
image: redis:latest
|
|
steps:
|
|
- uses: actions/checkout@v1
|
|
- name: Docker Login Registry
|
|
env:
|
|
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
|
|
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
|
|
run: docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD
|
|
- name: Building Docker Image
|
|
run: docker build
|
|
--no-cache
|
|
--network=$(docker network ls | grep github | awk '{print $1}')
|
|
-t beryju/passbook-static:gh-${GITHUB_REF##*/}
|
|
-f static.Dockerfile .
|
|
- name: Push Docker Container to Registry
|
|
run: docker push beryju/passbook-static:gh-${GITHUB_REF##*/}
|