mirror of
https://github.com/enpaul/vault2vault.git
synced 2024-11-25 03:26:57 +00:00
Add github actions ci
Update toxfile with latest best practices
This commit is contained in:
parent
80819c472e
commit
c3d5733751
35
.github/scripts/setup-env.sh
vendored
Executable file
35
.github/scripts/setup-env.sh
vendored
Executable file
@ -0,0 +1,35 @@
|
|||||||
|
#!/usr/bin/env bash
|
||||||
|
#
|
||||||
|
# Environment setup script for the local project. Intended to be used with automation
|
||||||
|
# to create a repeatable local environment for tests to be run in. The python env
|
||||||
|
# this script creates can be accessed at the location defined by the CI_VENV variable
|
||||||
|
# below.
|
||||||
|
|
||||||
|
set -e;
|
||||||
|
|
||||||
|
CI_CACHE=$HOME/.cache;
|
||||||
|
POETRY_VERSION=1.1.12;
|
||||||
|
|
||||||
|
mkdir --parents "$CI_CACHE";
|
||||||
|
|
||||||
|
command -v python;
|
||||||
|
python --version;
|
||||||
|
|
||||||
|
curl --location https://install.python-poetry.org \
|
||||||
|
--output "$CI_CACHE/install-poetry.py" \
|
||||||
|
--silent \
|
||||||
|
--show-error;
|
||||||
|
python "$CI_CACHE/install-poetry.py" \
|
||||||
|
--version "$POETRY_VERSION" \
|
||||||
|
--yes;
|
||||||
|
poetry --version --no-ansi;
|
||||||
|
poetry run pip --version;
|
||||||
|
|
||||||
|
poetry install \
|
||||||
|
--extras poetry \
|
||||||
|
--quiet \
|
||||||
|
--remove-untracked \
|
||||||
|
--no-ansi;
|
||||||
|
|
||||||
|
poetry env info;
|
||||||
|
poetry run tox --version;
|
76
.github/workflows/ci.yaml
vendored
Normal file
76
.github/workflows/ci.yaml
vendored
Normal file
@ -0,0 +1,76 @@
|
|||||||
|
---
|
||||||
|
name: CI
|
||||||
|
on:
|
||||||
|
pull_request:
|
||||||
|
types: ["opened", "synchronize"]
|
||||||
|
push:
|
||||||
|
branches: ["devel"]
|
||||||
|
jobs:
|
||||||
|
Test:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
strategy:
|
||||||
|
matrix:
|
||||||
|
python:
|
||||||
|
- version: "3.6"
|
||||||
|
toxenv: py36
|
||||||
|
- version: "3.7"
|
||||||
|
toxenv: py37
|
||||||
|
- version: "3.8"
|
||||||
|
toxenv: py38
|
||||||
|
- version: "3.9"
|
||||||
|
toxenv: py39
|
||||||
|
- version: "3.10"
|
||||||
|
toxenv: py310
|
||||||
|
steps:
|
||||||
|
- name: Checkout
|
||||||
|
uses: actions/checkout@v2
|
||||||
|
- name: Install Python ${{ matrix.python.version }}
|
||||||
|
uses: actions/setup-python@v1
|
||||||
|
with:
|
||||||
|
python-version: ${{ matrix.python.version }}
|
||||||
|
- name: Configure Job Cache
|
||||||
|
uses: actions/cache@v2
|
||||||
|
with:
|
||||||
|
path: |
|
||||||
|
~/.cache/pip
|
||||||
|
~/.cache/pypoetry/cache
|
||||||
|
~/.poetry
|
||||||
|
# Including the hashed poetry.lock in the cache slug ensures that the cache
|
||||||
|
# will be invalidated, and thus all packages will be redownloaded, if the
|
||||||
|
# lockfile is updated
|
||||||
|
key: ${{ runner.os }}-${{ matrix.python.toxenv }}-${{ hashFiles('**/poetry.lock') }}
|
||||||
|
- name: Configure Path
|
||||||
|
run: echo "$HOME/.local/bin" >> $GITHUB_PATH
|
||||||
|
- name: Configure Environment
|
||||||
|
run: .github/scripts/setup-env.sh
|
||||||
|
- name: Run Toxenv ${{ matrix.python.toxenv }}
|
||||||
|
run: poetry run tox -e ${{ matrix.python.toxenv }}
|
||||||
|
Check:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- name: Checkout
|
||||||
|
uses: actions/checkout@v2
|
||||||
|
- name: Install Python 3.8
|
||||||
|
uses: actions/setup-python@v1
|
||||||
|
with:
|
||||||
|
python-version: 3.8
|
||||||
|
- name: Configure Job Cache
|
||||||
|
uses: actions/cache@v2
|
||||||
|
with:
|
||||||
|
path: |
|
||||||
|
~/.cache/pip
|
||||||
|
~/.cache/pypoetry/cache
|
||||||
|
~/.poetry
|
||||||
|
# Hardcoded 'py38' slug here lets this cache piggyback on the 'py38' cache
|
||||||
|
# that is generated for the tests above
|
||||||
|
key: ${{ runner.os }}-py38-${{ hashFiles('**/poetry.lock') }}
|
||||||
|
- name: Configure Path
|
||||||
|
run: echo "$HOME/.local/bin" >> $GITHUB_PATH
|
||||||
|
- name: Configure Environment
|
||||||
|
run: .github/scripts/setup-env.sh
|
||||||
|
- name: Run Static Analysis Checks
|
||||||
|
run: poetry run tox -e static
|
||||||
|
- name: Run Static Analysis Checks (Tests)
|
||||||
|
run: poetry run tox -e static-tests
|
||||||
|
- name: Run Security Checks
|
||||||
|
run: poetry run tox -e security
|
44
tox.ini
44
tox.ini
@ -12,7 +12,10 @@ locked_deps =
|
|||||||
pytest-cov
|
pytest-cov
|
||||||
toml
|
toml
|
||||||
commands =
|
commands =
|
||||||
pytest --cov vault2vault --cov-config {toxinidir}/.coveragerc --cov-report term-missing {toxinidir}/tests/
|
pytest {toxinidir}/tests/ \
|
||||||
|
--cov vault2vault \
|
||||||
|
--cov-config {toxinidir}/.coveragerc \
|
||||||
|
--cov-report term-missing
|
||||||
|
|
||||||
[testenv:static]
|
[testenv:static]
|
||||||
description = Static formatting and quality enforcement
|
description = Static formatting and quality enforcement
|
||||||
@ -29,10 +32,15 @@ locked_deps =
|
|||||||
pre-commit
|
pre-commit
|
||||||
pre-commit-hooks
|
pre-commit-hooks
|
||||||
pylint
|
pylint
|
||||||
|
types-toml
|
||||||
commands =
|
commands =
|
||||||
pre-commit run --all-files
|
pre-commit run \
|
||||||
pylint --rcfile {toxinidir}/.pylintrc {toxinidir}/vault2vault.py
|
--all-files
|
||||||
mypy --ignore-missing-imports --no-strict-optional {toxinidir}/vault2vault.py
|
pylint {toxinidir}/vault2vault.py \
|
||||||
|
--rcfile {toxinidir}/.pylintrc
|
||||||
|
mypy {toxinidir}/vault2vault.py \
|
||||||
|
--ignore-missing-imports \
|
||||||
|
--no-strict-optional
|
||||||
|
|
||||||
[testenv:static-tests]
|
[testenv:static-tests]
|
||||||
description = Static formatting and quality enforcement for the tests
|
description = Static formatting and quality enforcement for the tests
|
||||||
@ -43,21 +51,37 @@ locked_deps =
|
|||||||
pylint
|
pylint
|
||||||
pytest
|
pytest
|
||||||
mypy
|
mypy
|
||||||
|
types-toml
|
||||||
commands =
|
commands =
|
||||||
pylint --rcfile {toxinidir}/.pylintrc {toxinidir}/tests/
|
pylint {toxinidir}/tests/ \
|
||||||
mypy --ignore-missing-imports --no-strict-optional {toxinidir}/tests/
|
--rcfile {toxinidir}/.pylintrc
|
||||||
|
mypy {toxinidir}/tests/ \
|
||||||
|
--ignore-missing-imports \
|
||||||
|
--no-strict-optional
|
||||||
|
|
||||||
[testenv:security]
|
[testenv:security]
|
||||||
description = Security checks
|
description = Security checks
|
||||||
basepython = python3.8
|
basepython = python3.8
|
||||||
platform = linux
|
platform = linux
|
||||||
ignore_errors = true
|
ignore_errors = true
|
||||||
|
skip_install = true
|
||||||
locked_deps =
|
locked_deps =
|
||||||
bandit
|
bandit
|
||||||
safety
|
safety
|
||||||
poetry
|
poetry
|
||||||
commands =
|
commands =
|
||||||
bandit --recursive --quiet {toxinidir}/vault2vault.py
|
bandit {toxinidir}/vault2vault.py \
|
||||||
bandit --recursive --quiet --skip B101 {toxinidir}/tests/
|
--recursive \
|
||||||
poetry export --format requirements.txt --output {envtmpdir}/requirements.txt --without-hashes --dev
|
--quiet
|
||||||
safety check --bare --file {envtmpdir}/requirements.txt
|
bandit {toxinidir}/tests/ \
|
||||||
|
--recursive \
|
||||||
|
--quiet \
|
||||||
|
--skip B101
|
||||||
|
poetry export \
|
||||||
|
--format requirements.txt \
|
||||||
|
--output {envtmpdir}/requirements.txt \
|
||||||
|
--without-hashes \
|
||||||
|
--dev
|
||||||
|
safety check \
|
||||||
|
--file {envtmpdir}/requirements.txt \
|
||||||
|
--json
|
||||||
|
Loading…
Reference in New Issue
Block a user