gha-workflows/.github/workflows/ci-python.yml

name: Python CI
on:
  workflow_call:
    secrets:
      SONAR_TOKEN:
        required: true
      SNYK_TOKEN:
        required: true

jobs:
  ci:
    runs-on: ubuntu-latest
    steps:
      - name: Check out repository code
        uses: actions/checkout@v4.1.6
        with:
          fetch-depth: 0
      - name: Setup Python
        uses: actions/setup-python@v5
        with:
          python-version: "3.11"
      - name: Update Pip
        run: |
          pip install -U pip
      - name: Install dependencies
        run: |
          pip install -r requirements.txt
          pip install -r requirements-dev.txt
          pip install pylint-exit
      - name: Lint
        run: pylint --recursive=yes --output-format=parseable --output=lintreport.txt . || pylint-exit $?
      - name: Unit Test
        run: |
          coverage run -m pytest -v --junitxml=testresults.xml
          coverage xml
          sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml
      - name: SonarCloud Scan
        uses: SonarSource/sonarcloud-github-action@master
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
      - name: Snyk Vulnerability Scan
        uses: snyk/actions/python-3.10@master
        continue-on-error: true # To make sure that SARIF upload gets called
        env:
          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
        with:
          args: --sarif-file-output=snyk.sarif
      - name: Upload result to GitHub Code Scanning
        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: snyk.sarif
initial commit 2023-02-28 17:07:11 +01:00			`name: Python CI`
			`on:`
			`workflow_call:`
Update ci-python.yml 2023-02-28 17:47:39 +01:00			`secrets:`
			`SONAR_TOKEN:`
Update ci-python.yml 2023-02-28 17:38:12 +01:00			`required: true`
Add SNYK_TOKEN to imported env vars 2023-12-30 14:28:41 +01:00			`SNYK_TOKEN:`
			`required: true`
Update ci-python.yml 2023-02-28 17:42:47 +01:00
initial commit 2023-02-28 17:07:11 +01:00			`jobs:`
			`ci:`
			`runs-on: ubuntu-latest`
			`steps:`
			`- name: Check out repository code`
chore(actions)(deps): bump actions/checkout from 4.1.5 to 4.1.6 Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.5 to 4.1.6. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4.1.5...v4.1.6) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> 2024-05-17 07:14:02 +02:00			`uses: actions/checkout@v4.1.6`
initial commit 2023-02-28 17:07:11 +01:00			`with:`
			`fetch-depth: 0`
			`- name: Setup Python`
Update actions/setup-python action to v5 2023-12-06 14:27:25 +01:00			`uses: actions/setup-python@v5`
initial commit 2023-02-28 17:07:11 +01:00			`with:`
			`python-version: "3.11"`
Update ci-python.yml 2023-04-30 12:48:00 +02:00			`- name: Update Pip`
			`run: \|`
			`pip install -U pip`
initial commit 2023-02-28 17:07:11 +01:00			`- name: Install dependencies`
make Python CI reusable 2023-02-28 17:13:14 +01:00			`run: \|`
			`pip install -r requirements.txt`
			`pip install -r requirements-dev.txt`
			`pip install pylint-exit`
initial commit 2023-02-28 17:07:11 +01:00			`- name: Lint`
			`run: pylint --recursive=yes --output-format=parseable --output=lintreport.txt . \|\| pylint-exit $?`
			`- name: Unit Test`
			`run: \|`
Remove dependency on py 2023-02-28 17:19:09 +01:00			`coverage run -m pytest -v --junitxml=testresults.xml`
initial commit 2023-02-28 17:07:11 +01:00			`coverage xml`
make Python CI reusable 2023-02-28 17:13:14 +01:00			`sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml`
initial commit 2023-02-28 17:07:11 +01:00			`- name: SonarCloud Scan`
			`uses: SonarSource/sonarcloud-github-action@master`
			`env:`
Update ci-python.yml 2023-02-28 17:29:16 +01:00			`GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}`
Update ci-python.yml 2023-02-28 17:47:39 +01:00			`SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}`
Add Snyk scanning 2023-12-29 20:58:04 +01:00			`- name: Snyk Vulnerability Scan`
			`uses: snyk/actions/python-3.10@master`
			`continue-on-error: true # To make sure that SARIF upload gets called`
			`env:`
			`SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}`
			`with:`
			`args: --sarif-file-output=snyk.sarif`
			`- name: Upload result to GitHub Code Scanning`
Update github/codeql-action action to v3 2023-12-30 14:29:02 +01:00			`uses: github/codeql-action/upload-sarif@v3`
Add Snyk scanning 2023-12-29 20:58:04 +01:00			`with:`
			`sarif_file: snyk.sarif`