TIED-132 | Snyk improvements #93
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: helerm-ci | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| branches: | |
| - main | |
| # Allows you to run this workflow manually from the Actions tab | |
| workflow_dispatch: | |
| env: | |
| POSTGRES_DB: test_helerm | |
| POSTGRES_USER: root | |
| POSTGRES_PASSWORD: root | |
| DATABASE_URL: "postgres://root:root@localhost:5432/test_helerm" | |
| ELASTICSEARCH_HOST: localhost:9200 | |
| # A workflow run is made up of one or more jobs that can run sequentially or in parallel | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| python: [ 3.9 ] | |
| services: | |
| postgres: | |
| image: postgres:14.7 | |
| env: | |
| # Note: not redundant, parent env is not applied to service | |
| POSTGRES_USER: root | |
| POSTGRES_PASSWORD: root | |
| POSTGRES_DB: test_helerm | |
| ports: | |
| - 5432:5432 | |
| # needed because the postgres container does not provide a healthcheck | |
| options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| # Required by Sonar | |
| fetch-depth: 0 | |
| - name: Spin up ES with Raudikko | |
| run: | | |
| touch .docker/django/.env | |
| docker-compose up -d elasticsearch | |
| - name: psycopg2 prerequisites | |
| run: sudo apt-get install libpq-dev | |
| - name: System requirements for Django | |
| run: sudo apt-get install gettext postgresql-client | |
| - name: Setup Python ${{ matrix.python-version }} | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: ${{ matrix.python }} | |
| cache: pip | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install --use-pep517 -r requirements.txt -r requirements-dev.txt | |
| - name: Configure sysctl limits | |
| run: | | |
| sudo swapoff -a | |
| sudo sysctl -w vm.swappiness=1 | |
| sudo sysctl -w fs.file-max=262144 | |
| sudo sysctl -w vm.max_map_count=262144 | |
| - name: Check migrations | |
| run: | | |
| python manage.py makemigrations --dry-run --check | |
| - name: Apply migrations | |
| run: | | |
| python manage.py migrate | |
| - name: Check black | |
| run: | | |
| black --check . | |
| - name: Check flake8 | |
| uses: liskin/gh-problem-matcher-wrap@v2 | |
| with: | |
| linters: flake8 | |
| run: flake8 | |
| - name: Check isort | |
| uses: liskin/gh-problem-matcher-wrap@v2 | |
| with: | |
| linters: isort | |
| run: isort . --check-only --diff | |
| - name: Run tests | |
| uses: liskin/gh-problem-matcher-wrap@v2 | |
| with: | |
| linters: pytest | |
| run: pytest -ra -vvv --cov=. | |
| - name: Codecov | |
| uses: codecov/codecov-action@v3 | |
| # Without this workaround Sonar reports a warning about an incorrect source path | |
| - name: Override coverage report source path for Sonar | |
| run: sed -i 's@'$GITHUB_WORKSPACE'@/github/workspace/@g' coverage.xml | |
| - name: SonarCloud Scan | |
| uses: SonarSource/sonarcloud-github-action@master | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} |