mirror of
https://github.com/enpaul/vault2vault.git
synced 2024-12-22 07:43:34 +00:00
Add github actions ci
Update toxfile with latest best practices
This commit is contained in:
parent
80819c472e
commit
c3d5733751
35
.github/scripts/setup-env.sh
vendored
Executable file
35
.github/scripts/setup-env.sh
vendored
Executable file
@ -0,0 +1,35 @@
|
||||
#!/usr/bin/env bash
|
||||
#
|
||||
# Environment setup script for the local project. Intended to be used with automation
|
||||
# to create a repeatable local environment for tests to be run in. The python env
|
||||
# this script creates can be accessed at the location defined by the CI_VENV variable
|
||||
# below.
|
||||
|
||||
set -e;
|
||||
|
||||
CI_CACHE=$HOME/.cache;
|
||||
POETRY_VERSION=1.1.12;
|
||||
|
||||
mkdir --parents "$CI_CACHE";
|
||||
|
||||
command -v python;
|
||||
python --version;
|
||||
|
||||
curl --location https://install.python-poetry.org \
|
||||
--output "$CI_CACHE/install-poetry.py" \
|
||||
--silent \
|
||||
--show-error;
|
||||
python "$CI_CACHE/install-poetry.py" \
|
||||
--version "$POETRY_VERSION" \
|
||||
--yes;
|
||||
poetry --version --no-ansi;
|
||||
poetry run pip --version;
|
||||
|
||||
poetry install \
|
||||
--extras poetry \
|
||||
--quiet \
|
||||
--remove-untracked \
|
||||
--no-ansi;
|
||||
|
||||
poetry env info;
|
||||
poetry run tox --version;
|
76
.github/workflows/ci.yaml
vendored
Normal file
76
.github/workflows/ci.yaml
vendored
Normal file
@ -0,0 +1,76 @@
|
||||
---
|
||||
name: CI
|
||||
on:
|
||||
pull_request:
|
||||
types: ["opened", "synchronize"]
|
||||
push:
|
||||
branches: ["devel"]
|
||||
jobs:
|
||||
Test:
|
||||
runs-on: ubuntu-latest
|
||||
strategy:
|
||||
matrix:
|
||||
python:
|
||||
- version: "3.6"
|
||||
toxenv: py36
|
||||
- version: "3.7"
|
||||
toxenv: py37
|
||||
- version: "3.8"
|
||||
toxenv: py38
|
||||
- version: "3.9"
|
||||
toxenv: py39
|
||||
- version: "3.10"
|
||||
toxenv: py310
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v2
|
||||
- name: Install Python ${{ matrix.python.version }}
|
||||
uses: actions/setup-python@v1
|
||||
with:
|
||||
python-version: ${{ matrix.python.version }}
|
||||
- name: Configure Job Cache
|
||||
uses: actions/cache@v2
|
||||
with:
|
||||
path: |
|
||||
~/.cache/pip
|
||||
~/.cache/pypoetry/cache
|
||||
~/.poetry
|
||||
# Including the hashed poetry.lock in the cache slug ensures that the cache
|
||||
# will be invalidated, and thus all packages will be redownloaded, if the
|
||||
# lockfile is updated
|
||||
key: ${{ runner.os }}-${{ matrix.python.toxenv }}-${{ hashFiles('**/poetry.lock') }}
|
||||
- name: Configure Path
|
||||
run: echo "$HOME/.local/bin" >> $GITHUB_PATH
|
||||
- name: Configure Environment
|
||||
run: .github/scripts/setup-env.sh
|
||||
- name: Run Toxenv ${{ matrix.python.toxenv }}
|
||||
run: poetry run tox -e ${{ matrix.python.toxenv }}
|
||||
Check:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v2
|
||||
- name: Install Python 3.8
|
||||
uses: actions/setup-python@v1
|
||||
with:
|
||||
python-version: 3.8
|
||||
- name: Configure Job Cache
|
||||
uses: actions/cache@v2
|
||||
with:
|
||||
path: |
|
||||
~/.cache/pip
|
||||
~/.cache/pypoetry/cache
|
||||
~/.poetry
|
||||
# Hardcoded 'py38' slug here lets this cache piggyback on the 'py38' cache
|
||||
# that is generated for the tests above
|
||||
key: ${{ runner.os }}-py38-${{ hashFiles('**/poetry.lock') }}
|
||||
- name: Configure Path
|
||||
run: echo "$HOME/.local/bin" >> $GITHUB_PATH
|
||||
- name: Configure Environment
|
||||
run: .github/scripts/setup-env.sh
|
||||
- name: Run Static Analysis Checks
|
||||
run: poetry run tox -e static
|
||||
- name: Run Static Analysis Checks (Tests)
|
||||
run: poetry run tox -e static-tests
|
||||
- name: Run Security Checks
|
||||
run: poetry run tox -e security
|
44
tox.ini
44
tox.ini
@ -12,7 +12,10 @@ locked_deps =
|
||||
pytest-cov
|
||||
toml
|
||||
commands =
|
||||
pytest --cov vault2vault --cov-config {toxinidir}/.coveragerc --cov-report term-missing {toxinidir}/tests/
|
||||
pytest {toxinidir}/tests/ \
|
||||
--cov vault2vault \
|
||||
--cov-config {toxinidir}/.coveragerc \
|
||||
--cov-report term-missing
|
||||
|
||||
[testenv:static]
|
||||
description = Static formatting and quality enforcement
|
||||
@ -29,10 +32,15 @@ locked_deps =
|
||||
pre-commit
|
||||
pre-commit-hooks
|
||||
pylint
|
||||
types-toml
|
||||
commands =
|
||||
pre-commit run --all-files
|
||||
pylint --rcfile {toxinidir}/.pylintrc {toxinidir}/vault2vault.py
|
||||
mypy --ignore-missing-imports --no-strict-optional {toxinidir}/vault2vault.py
|
||||
pre-commit run \
|
||||
--all-files
|
||||
pylint {toxinidir}/vault2vault.py \
|
||||
--rcfile {toxinidir}/.pylintrc
|
||||
mypy {toxinidir}/vault2vault.py \
|
||||
--ignore-missing-imports \
|
||||
--no-strict-optional
|
||||
|
||||
[testenv:static-tests]
|
||||
description = Static formatting and quality enforcement for the tests
|
||||
@ -43,21 +51,37 @@ locked_deps =
|
||||
pylint
|
||||
pytest
|
||||
mypy
|
||||
types-toml
|
||||
commands =
|
||||
pylint --rcfile {toxinidir}/.pylintrc {toxinidir}/tests/
|
||||
mypy --ignore-missing-imports --no-strict-optional {toxinidir}/tests/
|
||||
pylint {toxinidir}/tests/ \
|
||||
--rcfile {toxinidir}/.pylintrc
|
||||
mypy {toxinidir}/tests/ \
|
||||
--ignore-missing-imports \
|
||||
--no-strict-optional
|
||||
|
||||
[testenv:security]
|
||||
description = Security checks
|
||||
basepython = python3.8
|
||||
platform = linux
|
||||
ignore_errors = true
|
||||
skip_install = true
|
||||
locked_deps =
|
||||
bandit
|
||||
safety
|
||||
poetry
|
||||
commands =
|
||||
bandit --recursive --quiet {toxinidir}/vault2vault.py
|
||||
bandit --recursive --quiet --skip B101 {toxinidir}/tests/
|
||||
poetry export --format requirements.txt --output {envtmpdir}/requirements.txt --without-hashes --dev
|
||||
safety check --bare --file {envtmpdir}/requirements.txt
|
||||
bandit {toxinidir}/vault2vault.py \
|
||||
--recursive \
|
||||
--quiet
|
||||
bandit {toxinidir}/tests/ \
|
||||
--recursive \
|
||||
--quiet \
|
||||
--skip B101
|
||||
poetry export \
|
||||
--format requirements.txt \
|
||||
--output {envtmpdir}/requirements.txt \
|
||||
--without-hashes \
|
||||
--dev
|
||||
safety check \
|
||||
--file {envtmpdir}/requirements.txt \
|
||||
--json
|
||||
|
Loading…
Reference in New Issue
Block a user