Upgrade direct Python dependencies (#6511) #16377
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: 'CI' | |
on: | |
pull_request: | |
push: | |
branches: [ 'develop', 'prod' ] | |
jobs: | |
test: | |
runs-on: 'ubuntu-22.04' | |
timeout-minutes: 45 | |
steps: | |
- uses: 'actions/checkout@v3' | |
- run: 'cat environment.boot >> "$GITHUB_ENV"' | |
- uses: 'actions/[email protected]' | |
with: | |
python-version: '${{ env.azul_python_version }}' | |
cache: 'pip' | |
cache-dependency-path: 'requirements.dev.txt' | |
- name: 'Run unit tests and other checks' | |
run: | | |
source environment | |
_link dev | |
_refresh | |
make virtualenv | |
source .venv/bin/activate | |
make requirements | |
make environment.boot | |
# FIXME: The default Azul registry is hosted privately on ECR, so we'd | |
# have to provide credentials to use it. For now, it's | |
# sufficient to pull 3rd party images directly from their | |
# upstream registry, accepting the risk that a 3rd party image | |
# is compromised. GitHub Actions have limited access to our | |
# infrastructure (the token scope is limited). The worst that | |
# could happen is that the token itself is revealed or that the | |
# action falsely reports a passing build. | |
# https://github.com/DataBiosphere/azul/issues/5188 | |
# | |
export azul_docker_registry="" | |
# Hack: The use of chrgp compensates for a quirk of Docker. The | |
# PyCharm image used by make format sets up a user called `developer` | |
# and assigns it UID 1000. Actions is running as UID 1001. An | |
# alternative would be to pass --user to `docker run` and bind-mount | |
# an /etc/passwd that maps that to `developer`. We also need write | |
# permissions for the group | |
# | |
chmod -R g+w . && sudo chgrp -R 1000 . && make format && sudo chgrp -R $(id -g) . | |
make -C lambdas openapi | |
make -C .github | |
make anvil_schema | |
make check_clean | |
make pep8 | |
AZUL_DEBUG=0 GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} make test | |
make check_clean | |
coverage xml | |
- uses: 'actions/upload-artifact@v3' | |
with: | |
name: 'coverage-file' | |
path: 'coverage.xml' | |
codecov: | |
needs: 'test' | |
runs-on: 'ubuntu-22.04' | |
steps: | |
- uses: 'actions/checkout@v3' | |
- run: 'cat environment.boot >> "$GITHUB_ENV"' | |
- uses: 'actions/[email protected]' | |
with: | |
python-version: '${{ env.azul_python_version }}' | |
cache: 'pip' | |
cache-dependency-path: 'requirements.dev.txt' | |
- uses: 'actions/download-artifact@v3' | |
with: | |
name: 'coverage-file' | |
- uses: 'codecov/codecov-action@v3' | |
with: | |
token: ${{ secrets.CODECOV_TOKEN }} | |
files: 'coverage.xml' | |
fail_ci_if_error: true | |
coveralls: | |
needs: 'test' | |
runs-on: 'ubuntu-22.04' | |
steps: | |
- uses: 'actions/checkout@v3' | |
- run: 'cat environment.boot >> "$GITHUB_ENV"' | |
- uses: 'actions/[email protected]' | |
with: | |
python-version: '${{ env.azul_python_version }}' | |
cache: 'pip' | |
cache-dependency-path: 'requirements.dev.txt' | |
- uses: 'actions/download-artifact@v3' | |
with: | |
name: 'coverage-file' | |
- uses: 'coverallsapp/github-action@v2' | |
with: | |
github-token: ${{ secrets.COVERALLS_REPO_TOKEN }} | |
codeql: | |
runs-on: 'ubuntu-22.04' | |
permissions: | |
actions: 'read' | |
contents: 'read' | |
security-events: 'write' | |
strategy: | |
fail-fast: false | |
matrix: | |
language: [ 'python', 'javascript' ] | |
steps: | |
- uses: 'actions/checkout@v3' | |
- run: 'cat environment.boot >> "$GITHUB_ENV"' | |
- uses: 'actions/[email protected]' | |
with: | |
python-version: '${{ env.azul_python_version }}' | |
cache: 'pip' | |
cache-dependency-path: 'requirements.dev.txt' | |
- uses: 'github/codeql-action/init@v2' | |
with: | |
languages: '${{ matrix.language }}' | |
setup-python-dependencies: false | |
config-file: './.github/codeql/codeql-config.yml' | |
queries: 'security-and-quality' | |
- uses: 'github/codeql-action/analyze@v2' | |
with: | |
category: '/language:${{matrix.language}}' |