Skip to content

Commit

Permalink
Update
Browse files Browse the repository at this point in the history 
Signed-off-by: cyc60 <[email protected]>
  • Loading branch information
@cyc60
cyc60 committed Sep 19, 2023
1 parent 25816d5 commit 3cd3db5
Show file tree
Hide file tree
Showing 4 changed files with 189 additions and 222 deletions.
248 changes: 124 additions & 124 deletions .github/workflows/ci.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,124 +1,124 @@
name: CI

on: [ push ]

jobs:
pre-commit:
name: Linting
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2

- name: Set up python
uses: actions/setup-python@v2
with:
python-version: 3.10.10

# Install poetry
- name: Load cached Poetry installation
uses: actions/cache@v2
with:
path: ~/.local
key: poetry-0

- name: Install Poetry
uses: snok/install-poetry@v1
with:
version: 1.5.1
virtualenvs-create: true
virtualenvs-in-project: true
installer-parallel: true

# Install dependencies
- name: Install dependencies
run: poetry install --no-interaction --no-root

# Run precommit
- name: Run precommit
run: poetry run pre-commit run --all-files

# Markdown lint
- name: markdownlint-cli
uses: nosborn/[email protected]
with:
config_file: .markdownlint.yaml
files: .
dot: true
ignore_files: .venv/
test:
name: Testing
runs-on: ubuntu-latest
env:
ENVIRONMENT: test
steps:
- name: Checkout code
uses: actions/checkout@v2

- name: Set up python
uses: actions/setup-python@v2
with:
python-version: 3.10.10

# Install poetry
- name: Load cached Poetry installation
uses: actions/cache@v2
with:
path: ~/.local
key: poetry-0
- name: Install Poetry
uses: snok/install-poetry@v1
with:
version: 1.5.1
virtualenvs-create: true
virtualenvs-in-project: true
installer-parallel: true

# Install dependencies
- name: Install dependencies
run: poetry install --no-interaction --no-root

# Run tests
- name: Run tests
run: poetry run coverage run -m pytest src

# Check coverage
- name: Check test coverage
run: poetry run coverage report

security:
name: pip-audit
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2

- name: Set up python
uses: actions/setup-python@v2
with:
python-version: 3.10.10

# Install poetry
- name: Load cached Poetry installation
uses: actions/cache@v2
with:
path: ~/.local
key: poetry-0
- name: Install Poetry
uses: snok/install-poetry@v1
with:
version: 1.5.1
virtualenvs-create: true
virtualenvs-in-project: true
installer-parallel: true

- name: Install dependencies
run: poetry install --no-interaction --no-root

- name: Export requirements
run: poetry export -f requirements.txt --without-hashes > audit_requirements.txt

# Run audit
- uses: pypa/[email protected]
with:
inputs: audit_requirements.txt
#name: CI
#
#on: [ push ]
#
#jobs:
# pre-commit:
# name: Linting
# runs-on: ubuntu-latest
# steps:
# - name: Checkout code
# uses: actions/checkout@v2
#
# - name: Set up python
# uses: actions/setup-python@v2
# with:
# python-version: 3.10.10
#
# # Install poetry
# - name: Load cached Poetry installation
# uses: actions/cache@v2
# with:
# path: ~/.local
# key: poetry-0
#
# - name: Install Poetry
# uses: snok/install-poetry@v1
# with:
# version: 1.5.1
# virtualenvs-create: true
# virtualenvs-in-project: true
# installer-parallel: true
#
# # Install dependencies
# - name: Install dependencies
# run: poetry install --no-interaction --no-root
#
# # Run precommit
# - name: Run precommit
# run: poetry run pre-commit run --all-files
#
# # Markdown lint
# - name: markdownlint-cli
# uses: nosborn/[email protected]
# with:
# config_file: .markdownlint.yaml
# files: .
# dot: true
# ignore_files: .venv/
# test:
# name: Testing
# runs-on: ubuntu-latest
# env:
# ENVIRONMENT: test
# steps:
# - name: Checkout code
# uses: actions/checkout@v2
#
# - name: Set up python
# uses: actions/setup-python@v2
# with:
# python-version: 3.10.10
#
# # Install poetry
# - name: Load cached Poetry installation
# uses: actions/cache@v2
# with:
# path: ~/.local
# key: poetry-0
# - name: Install Poetry
# uses: snok/install-poetry@v1
# with:
# version: 1.5.1
# virtualenvs-create: true
# virtualenvs-in-project: true
# installer-parallel: true
#
# # Install dependencies
# - name: Install dependencies
# run: poetry install --no-interaction --no-root
#
# # Run tests
# - name: Run tests
# run: poetry run coverage run -m pytest src
#
# # Check coverage
# - name: Check test coverage
# run: poetry run coverage report
#
# security:
# name: pip-audit
# runs-on: ubuntu-latest
# steps:
# - name: Checkout code
# uses: actions/checkout@v2
#
# - name: Set up python
# uses: actions/setup-python@v2
# with:
# python-version: 3.10.10
#
# # Install poetry
# - name: Load cached Poetry installation
# uses: actions/cache@v2
# with:
# path: ~/.local
# key: poetry-0
# - name: Install Poetry
# uses: snok/install-poetry@v1
# with:
# version: 1.5.1
# virtualenvs-create: true
# virtualenvs-in-project: true
# installer-parallel: true
#
# - name: Install dependencies
# run: poetry install --no-interaction --no-root
#
# - name: Export requirements
# run: poetry export -f requirements.txt --without-hashes > audit_requirements.txt
#
# # Run audit
# - uses: pypa/[email protected]
# with:
# inputs: audit_requirements.txt
106 changes: 53 additions & 53 deletions .github/workflows/docker.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,53 +1,53 @@
name: Docker

on: [ push ]

jobs:
docker:
name: Build Docker Image
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Docker meta
id: meta
uses: docker/metadata-action@v3
with:
images: |
europe-west4-docker.pkg.dev/stakewiselabs/public/v3-operator
tags: |
type=ref,event=branch
type=ref,event=tag
type=sha
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- name: Login to GAR
uses: docker/login-action@v1
with:
registry: europe-west4-docker.pkg.dev
username: _json_key
password: ${{ secrets.GAR_JSON_KEY }}
- name: Build and push
uses: docker/build-push-action@v2
with:
context: .
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
scanner:
name: Trivy scanner
runs-on: ubuntu-latest
needs: docker
steps:
- id: commit-hash
uses: pr-mpt/actions-commit-hash@v2

- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: 'europe-west4-docker.pkg.dev/stakewiselabs/public/v3-operator:sha-${{ steps.commit-hash.outputs.short }}'
format: 'table'
exit-code: '1'
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'
ignore-unfixed: true
#name: Docker
#
#on: [ push ]
#
#jobs:
# docker:
# name: Build Docker Image
# runs-on: ubuntu-latest
# steps:
# - name: Checkout code
# uses: actions/checkout@v2
# - name: Docker meta
# id: meta
# uses: docker/metadata-action@v3
# with:
# images: |
# europe-west4-docker.pkg.dev/stakewiselabs/public/v3-operator
# tags: |
# type=ref,event=branch
# type=ref,event=tag
# type=sha
# - name: Set up Docker Buildx
# uses: docker/setup-buildx-action@v1
# - name: Login to GAR
# uses: docker/login-action@v1
# with:
# registry: europe-west4-docker.pkg.dev
# username: _json_key
# password: ${{ secrets.GAR_JSON_KEY }}
# - name: Build and push
# uses: docker/build-push-action@v2
# with:
# context: .
# push: ${{ github.event_name != 'pull_request' }}
# tags: ${{ steps.meta.outputs.tags }}
# labels: ${{ steps.meta.outputs.labels }}
# scanner:
# name: Trivy scanner
# runs-on: ubuntu-latest
# needs: docker
# steps:
# - id: commit-hash
# uses: pr-mpt/actions-commit-hash@v2
#
# - name: Run Trivy vulnerability scanner
# uses: aquasecurity/trivy-action@master
# with:
# image-ref: 'europe-west4-docker.pkg.dev/stakewiselabs/public/v3-operator:sha-${{ steps.commit-hash.outputs.short }}'
# format: 'table'
# exit-code: '1'
# vuln-type: 'os,library'
# severity: 'CRITICAL,HIGH'
# ignore-unfixed: true
Loading

0 comments on commit 3cd3db5

Please sign in to comment.