-
Notifications
You must be signed in to change notification settings - Fork 0
133 lines (105 loc) · 3.23 KB
/
pull-request.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
name: pull-request
on:
pull_request:
branches:
- develop
jobs:
coverage:
runs-on: ubuntu-latest
if: github.repository == 'NHSDigital/terraform-aws-mesh-client'
steps:
- name: checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: common build setup
uses: ./.github/actions/build-common
- name: ci install
uses: ./.github/actions/install-ci
- name: black
run: make black-check
- name: start localstack
run: make up-ci
- name: coverage and sonar scan
uses: ./.github/actions/coverage-and-sonar
if: github.actor != 'dependabot[bot]' && (success() || failure())
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
sonar-token: ${{ secrets.SONAR_TOKEN }}
- name: archive reports
if: github.actor != 'dependabot[bot]' && (success() || failure())
uses: actions/upload-artifact@v4
with:
name: reports
path: reports/**/*
- name: publish junit reports
if: success() || failure()
uses: mikepenz/action-junit-report@v4
with:
check_name: junit reports
report_paths: reports/junit/*.xml
- name: stop docker containers
if: success() || failure()
run: make down
tox:
strategy:
matrix:
python-version: ["3.11", "3.12"]
runs-on: ubuntu-latest
if: github.repository == 'NHSDigital/terraform-aws-mesh-client'
steps:
- name: checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: common build setup
uses: ./.github/actions/build-common
with:
force-python-version: ${{ matrix.python-version }}
- name: ci install
uses: ./.github/actions/install-ci
- name: install tox-github-ci plugin
run: pip install tox-gh-actions
- name: black
run: make black-check
- name: start localstack
run: make up-ci
- name: run tests in tox
run: make tox
- name: stop docker containers
if: success() || failure()
run: make down
lint:
runs-on: ubuntu-latest
if: github.repository == 'NHSDigital/terraform-aws-mesh-client'
steps:
- name: checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: common build setup
uses: ./.github/actions/build-common
- name: ci install
uses: ./.github/actions/install-ci
- name: black
run: make black-check
- name: tfsec
run: |
TFSEC_VERSION="v$(cat .tool-versions | grep tfsec | sed 's#tfsec ##')"
echo "${TFSEC_VERSION}"
wget -q "https://github.com/aquasecurity/tfsec/releases/download/${TFSEC_VERSION}/tfsec-linux-amd64" -O ./tfsec
chmod +x ./tfsec
./tfsec module --config-file tfsec.yml
- name: tflint
run: make tflint
- name: ruff
run: make ruff-ci
- name: mypy
run: make mypy
- name: shellcheck
uses: ludeeus/action-shellcheck@master
with:
ignore_paths: .venv build
ignore_names: git-secrets
env:
SHELLCHECK_OPTS: -f gcc -e SC1090,SC1091