gha-workflows/.github/workflows/ci-python-with-docker.yml

58 lines
1.7 KiB
YAML
Raw Normal View History

2024-04-26 18:13:38 +02:00
name: Python + Docker CI
on:
workflow_call:
secrets:
SONAR_TOKEN:
required: true
SNYK_TOKEN:
required: true
jobs:
ci:
runs-on: ubuntu-latest
steps:
- name: Check out repository code
uses: actions/checkout@v4.1.7
2024-04-26 18:13:38 +02:00
with:
fetch-depth: 0
- uses: hadolint/hadolint-action@v3.1.0
with:
dockerfile: Dockerfile
output-file: hadolint.out
format: sonarqube
no-fail: true
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: "3.11"
- name: Update Pip
run: |
pip install -U pip
- name: Install dependencies
run: |
pip install -r requirements.txt
pip install -r requirements-dev.txt
- name: Lint
2024-11-21 23:01:08 +01:00
run: pylint --fail-under=8 --recursive=yes --output-format=parseable --output=lintreport.txt .
2024-04-26 18:13:38 +02:00
- name: Unit Test
run: |
coverage run -m pytest -v --junitxml=testresults.xml
coverage xml
sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml
- name: SonarCloud Scan
uses: SonarSource/sonarcloud-github-action@master
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
- name: Snyk Vulnerability Scan
uses: snyk/actions/python-3.10@master
continue-on-error: true # To make sure that SARIF upload gets called
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
2024-11-21 23:01:08 +01:00
args: --sarif-file-output=snyk.sarif --all-projects
2024-04-26 18:13:38 +02:00
- name: Upload result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: snyk.sarif