actions/gha-workflows
2
1
Fork 0
Code Issues Pull Requests Actions Packages Releases Activity
09b3a46136
gha-workflows/.github/workflows/ci-python-poetry-with-docker.yml
dependabot[bot] 104d8c5eea chore(actions)(deps): bump SonarSource/sonarqube-scan-action 
Bumps [SonarSource/sonarqube-scan-action](https://github.com/sonarsource/sonarqube-scan-action) from 4.1.0 to 4.2.1.
- [Release notes](https://github.com/sonarsource/sonarqube-scan-action/releases)
- [Commits](https://github.com/sonarsource/sonarqube-scan-action/compare/v4.1.0...v4.2.1)

---
updated-dependencies:
- dependency-name: SonarSource/sonarqube-scan-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-12-18 07:03:14 +00:00

67 lines
2.1 KiB
YAML
Raw Blame History

name: Python w/ Poetry + Docker CI
on:
workflow_call:
inputs:
python-version:
type: string
default: "3.11"
description: "Version of Python to use for testing environment"
secrets:
SONAR_TOKEN:
required: true
SNYK_TOKEN:
required: true
jobs:
ci:
runs-on: ubuntu-latest
steps:
- name: Set python-version
id: python-version
run: |
PYTHON_VERSION=${{ inputs.python-version }}
echo "value=${PYTHON_VERSION:-"3.11"}" >> $GITHUB_OUTPUT
- name: Check out repository code
uses: actions/checkout@v4.1.7
with:
fetch-depth: 0
- uses: hadolint/hadolint-action@v3.1.0
with:
dockerfile: Dockerfile
output-file: hadolint.out
format: sonarqube
no-fail: true
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: "${{ steps.python-version.outputs.value }}"
- name: Setup Poetry
uses: abatilo/actions-poetry@v3
- name: Install dependencies
run: poetry install
- name: Lint
run: |
poetry run pylint --fail-under=8 --recursive=yes --output-format=parseable --output=lintreport.txt .
cat lintreport.txt
- name: Unit Test
run: |
poetry run coverage run -m pytest -v --junitxml=testresults.xml
poetry run coverage xml
sed -i 's@${{ github.workspace }}@/github/workspace@g' coverage.xml
- name: SonarQube Cloud Scan
uses: SonarSource/sonarqube-scan-action@v4.2.1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
- name: Snyk Vulnerability Scan
uses: snyk/actions/python-3.10@master
continue-on-error: true # To make sure that SARIF upload gets called
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
args: --sarif-file-output=snyk.sarif --all-projects
- name: Upload result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: snyk.sarif
Reference in New Issue View Git Blame Copy Permalink