public/webexmemebot
3
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Releases 42 Activity

fix(ci): fix constantly failing CI #450

Merged
luke merged 27 commits from fix-cicd into main 2025-01-02 18:05:16 +01:00
Conversation 0 Commits 27 Files Changed 3 +102 -60
3 changed files with 102 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

86
.archive/.gitea/workflows/ci.yml Normal file
View File

@ -0,0 +1,86 @@
name: CI
on:
pull_request:
types: [opened, synchronize, reopened]
paths-ignore:
- "README.md"
- "LICENSE.md"
- ".gitignore"
- "renovate.json"
- ".gitea/CODEOWNERS"
- ".archive"
jobs:
ci:
runs-on: ubuntu-latest
steps:
- name: Check out repository code
uses: actions/checkout@v4.2.2
with:
fetch-depth: 0
- uses: hadolint/hadolint-action@v3.1.0
with:
dockerfile: Dockerfile
output-file: hadolint.out
format: sonarqube
no-fail: true
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: "${{ vars.PYTHON_VERSION }}"
- name: Setup Poetry
uses: abatilo/actions-poetry@v3
# run: curl -sSL https://install.python-poetry.org | python3 -
- name: Update PATH
run: export PATH="/root/.local/bin:$PATH"
- name: Setup virtual environment
run: |
/root/.local/bin/poetry config virtualenvs.create true --local
/root/.local/bin/poetry config virtualenvs.in-project true --local
- uses: actions/cache@v3
name: Define cache for dependencies
with:
path: ./.venv
key: venv-${{ hashFiles('poetry.lock') }}
- name: Install dependencies
run: /root/.local/bin/poetry install
- name: Lint
run: |
/root/.local/bin/poetry run pylint --verbose --fail-under=8 --recursive=yes --output-format=parseable --output=lintreport.txt .
cat lintreport.txt
- name: Unit Test
run: |
/root/.local/bin/poetry run coverage run -m pytest -v --junitxml=testresults.xml
/root/.local/bin/poetry run coverage xml
sed -i 's@${{ gitea.workspace }}@/github/workspace@g' coverage.xml
# TEMPORARY - DISABLED DUE TO GITHUB > GITEA MIGRATION
# SONARQUBE CLOUD IS CURRENTLY TIGHTLY COUPLED TO GITHUB
- name: SonarQube Cloud Scan
uses: SonarSource/sonarqube-scan-action@v4.2.1
continue-on-error: true
env:
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
- name: Snyk Vulnerability Scan
uses: snyk/actions/python-3.10@master
continue-on-error: true # To make sure that SARIF upload gets called
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
args: --sarif-file-output=snyk.sarif --all-projects
# - name: Upload result to GitHub Code Scanning
# uses: github/codeql-action/upload-sarif@v3
# with:
# sarif_file: snyk.sarif

50
.gitea/workflows/ci.yml
View File

@ -1,4 +1,4 @@
name: CI
name: CI w/ Poetry and Docker
on:
pull_request:
types: [opened, synchronize, reopened]
@ -12,14 +12,15 @@ on:
jobs:
ci:
runs-on: ubuntu-latest
runs-on: ubuntu-poetry-latest
steps:
- name: Check out repository code
uses: actions/checkout@v4.2.2
with:
fetch-depth: 0
- uses: hadolint/hadolint-action@v3.1.0
- name: Run Hadolint
uses: hadolint/hadolint-action@v3.1.0
with:
dockerfile: Dockerfile
output-file: hadolint.out
@ -30,57 +31,32 @@ jobs:
uses: actions/setup-python@v5
with:
python-version: "${{ vars.PYTHON_VERSION }}"
- name: Setup Poetry
uses: abatilo/actions-poetry@v3
# run: curl -sSL https://install.python-poetry.org | python3 -
- name: Update PATH
run: export PATH="/root/.local/bin:$PATH"
- name: Setup virtual environment
run: |
/root/.local/bin/poetry config virtualenvs.create true --local
/root/.local/bin/poetry config virtualenvs.in-project true --local
- uses: actions/cache@v3
name: Define cache for dependencies
with:
path: ./.venv
key: venv-${{ hashFiles('poetry.lock') }}
cache: 'poetry'
- name: Install dependencies
run: /root/.local/bin/poetry install
run: poetry install
- name: Lint
run: |
/root/.local/bin/poetry run pylint --fail-under=8 --recursive=yes --output-format=parseable --output=lintreport.txt .
poetry run pylint --fail-under=8 --recursive=yes --output-format=parseable --output=lintreport.txt app/ tests/
cat lintreport.txt
- name: Unit Test
run: |
/root/.local/bin/poetry run coverage run -m pytest -v --junitxml=testresults.xml
/root/.local/bin/poetry run coverage xml
poetry run coverage run -m pytest -v --junitxml=testresults.xml
poetry run coverage xml
sed -i 's@${{ gitea.workspace }}@/github/workspace@g' coverage.xml
# TEMPORARY - DISABLED DUE TO GITHUB > GITEA MIGRATION
# SONARQUBE CLOUD IS CURRENTLY TIGHTLY COUPLED TO GITHUB
- name: SonarQube Cloud Scan
uses: SonarSource/sonarqube-scan-action@v4.2.1
continue-on-error: true
env:
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
- name: Snyk Vulnerability Scan
uses: snyk/actions/python-3.10@master
continue-on-error: true # To make sure that SARIF upload gets called
uses: snyk/actions/python@master
continue-on-error: true # Sometimes vulns aren't immediately fixable
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
args: --sarif-file-output=snyk.sarif --all-projects
# - name: Upload result to GitHub Code Scanning
# uses: github/codeql-action/upload-sarif@v3
# with:
# sarif_file: snyk.sarif
command: snyk
args: test --all-projects

26
renovate.json
View File

@ -1,36 +1,16 @@
{
"ignorePaths": [
"**/.archive/**"
],
"assignAutomerge": true,
"assigneesFromCodeOwners": true,
"dependencyDashboardAutoclose": true,
"extends": [
"config:recommended"
],
"ignorePaths": [
"**/.archive/**"
],
"labels": [
"type/dependencies"
],
"packageRules": [
{
"labels": [
"linting"
],
"matchPackageNames": [
"/black/",
"/pylint/"
]
},
{
"labels": [
"unit-tests"
],
"matchPackageNames": [
"/coverage/",
"/pytest/"
]
}
],
"platformCommit": "enabled",
"rebaseWhen": "behind-base-branch",
"rollbackPrs": true,