name: CI on: pull_request: types: [opened, synchronize, reopened] paths-ignore: - "README.md" - "LICENSE.md" - ".gitignore" - "renovate.json" - ".gitea/CODEOWNERS" - ".archive" jobs: ci: runs-on: ubuntu-latest steps: - name: Check out repository code uses: actions/checkout@v4.2.2 with: fetch-depth: 0 - uses: hadolint/hadolint-action@v3.1.0 with: dockerfile: Dockerfile output-file: hadolint.out format: sonarqube no-fail: true - name: Setup Python uses: actions/setup-python@v5 with: python-version: "${{ vars.PYTHON_VERSION }}" - name: Setup Poetry uses: abatilo/actions-poetry@v3 # run: curl -sSL https://install.python-poetry.org | python3 - - name: Update PATH run: export PATH="/root/.local/bin:$PATH" - name: Setup virtual environment run: | /root/.local/bin/poetry config virtualenvs.create true --local /root/.local/bin/poetry config virtualenvs.in-project true --local - uses: actions/cache@v3 name: Define cache for dependencies with: path: ./.venv key: venv-${{ hashFiles('poetry.lock') }} - name: Install dependencies run: /root/.local/bin/poetry install - name: Lint run: | /root/.local/bin/poetry run pylint --fail-under=8 --recursive=yes --output-format=parseable --output=lintreport.txt . cat lintreport.txt - name: Unit Test run: | /root/.local/bin/poetry run coverage run -m pytest -v --junitxml=testresults.xml /root/.local/bin/poetry run coverage xml sed -i 's@${{ gitea.workspace }}@/github/workspace@g' coverage.xml # TEMPORARY - DISABLED DUE TO GITHUB > GITEA MIGRATION # SONARQUBE CLOUD IS CURRENTLY TIGHTLY COUPLED TO GITHUB - name: SonarQube Cloud Scan uses: SonarSource/sonarqube-scan-action@v4.2.1 continue-on-error: true env: # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - name: Snyk Vulnerability Scan uses: snyk/actions/python-3.10@master continue-on-error: true # To make sure that SARIF upload gets called env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} with: args: --sarif-file-output=snyk.sarif --all-projects # - name: Upload result to GitHub Code Scanning # uses: github/codeql-action/upload-sarif@v3 # with: # sarif_file: snyk.sarif