Skip to content

setup ci

setup ci #377

Workflow file for this run

name: CI
on: [push]
env:
PYTHON_VERSION: 3.11.5
jobs:
honeypot:
runs-on: ubuntu-22.04
defaults:
run:
working-directory: packages/honeypot/
steps:
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
# Adapted from https://github.com/actions/setup-python/blob/main/docs/advanced-usage.md#caching-packages
- name: Check pipx version
# Make sure the version of pipx doesn't unexpectedly change
# If this change looks legitimate (i.e. Github updating the vendored version, or coming after a change to the runner OS version) update the hard-coded version below
run: |
pipx --version
pipx --version | grep "1.6.0"
- name: Install poetry
run: |
pipx install poetry==1.5.1
- uses: actions/setup-python@bd6b4b6205c4dbad673328db7b31b7fab9e241c0 # v4.6.1
with:
python-version: ${{ env.PYTHON_VERSION }}
cache: "poetry"
- run: |
poetry install
- name: Check Formatting
run: |
make check-format
- name: Lint
run: |
make lint
- name: Static Analysis - pyre
run: |
make static-analysis-pyre
- name: Static Analysis - mypy
run: |
make static-analysis-mypy
- name: Unit Tests
run: |
make test-unit
- name: Check Docker Version
# Make sure the version of Docker doesn't unexpectedly change and doesn't drift much from what's used in Codespaces
# If this change looks legitimate (i.e. Github updating the vendored version, or coming after a change to the runner OS version) update the hard-coded version below
run: |
docker --version
docker --version | grep "Docker version 26.1.3"
- name: Smoke Tests - Server Startup
run: |
make start-docker-simple-http
- name: Smoke Tests - Health Check
run: |
sleep 5
curl --fail http://127.0.0.1:8000/healthcheck
- name: Smoke Tests - Server Shutdown
run: |
make stop-docker-simple-http
aws-cloudformation:
runs-on: ubuntu-22.04
env:
CFN_GUARD_VERSION: 3.0.0
defaults:
run:
working-directory: packages/aws-cloudformation/
steps:
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- name: Setup Python and Caching for cfn-lint Install
uses: actions/setup-python@bd6b4b6205c4dbad673328db7b31b7fab9e241c0 # v4.6.1
with:
python-version: ${{ env.PYTHON_VERSION }}
cache: "pip"
- name: Check pip version
# Make sure the version of pip doesn't unexpectedly change (it's unclear if actions/setup-python pins it or not) and doesn't drift much from what's used in Codespaces
# If this change looks legitimate (i.e. actions/setup-python updating the vendored version) update the hard-coded version below
run: |
pip --version
pip --version | grep "24.2"
- name: Install cfn-lint
run: |
pip install cfn-lint=='0.79.5'
- name: Lint
run: |
make lint
- name: Cache cfn-guard
id: cache-cfn-guard
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
with:
path: ~/.local/bin/cfn-guard
key: cfn-guard-v${{ env.CFN_GUARD_VERSION }}
- name: Install cfn-guard
if: steps.cache-cfn-guard.outputs.cache-hit != 'true'
# This is partially duplicated in .devcontainer/Dockerfile, with the copy target being the only difference
run: |
mkdir ./cfn-guard-temp/
wget https://github.com/aws-cloudformation/cloudformation-guard/releases/download/${{ env.CFN_GUARD_VERSION }}/cfn-guard-v3-ubuntu-latest.tar.gz -O - | tar -xzvf - -C ./cfn-guard-temp/
mkdir -p ~/.local/bin/
cp ./cfn-guard-temp/cfn-guard-v3-ubuntu-latest/cfn-guard ~/.local/bin/
rm -rf ./cfn-guard-temp/
- name: Static Analysis - guard
run: |
make static-analysis-guard
aws-terraform:
runs-on: ubuntu-22.04
env:
TERRAFORM_VERSION: 1.9.5
TRIVY_VERSION: 0.54.1
defaults:
run:
working-directory: packages/aws-terraform/
steps:
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- name: Cache terraform
id: cache-terraform
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
with:
path: ~/.local/bin/terraform
key: cfn-terraform-v${{ env.TERRAFORM_VERSION }}
- name: Install terraform
if: steps.cache-terraform.outputs.cache-hit != 'true'
# This is partially duplicated in .devcontainer/Dockerfile, with the copy target being the only difference
run: |
mkdir ./terraform-temp/
wget https://releases.hashicorp.com/terraform/${{ env.TERRAFORM_VERSION }}/terraform_${{ env.TERRAFORM_VERSION }}_linux_amd64.zip -O ./terraform-temp/terraform.zip
unzip ./terraform-temp/terraform.zip -d ./terraform-temp/
mkdir -p ~/.local/bin/
cp ./terraform-temp/terraform ~/.local/bin/
rm -rf ./terraform-temp/
- name: Check Formatting
run: |
make check-format
- name: Lint
run: |
make lint
- name: Cache trivy
id: cache-trivy
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
with:
path: ~/.local/bin/trivy
key: cfn-trivy-v${{ env.TRIVY_VERSION }}
- name: Install trivy
if: steps.cache-trivy.outputs.cache-hit != 'true'
# This is partially duplicated in .devcontainer/Dockerfile, with the copy target being the only difference
run: |

Check failure on line 176 in .github/workflows/ci.yaml

View workflow run for this annotation

GitHub Actions / CI

Invalid workflow file

The workflow is not valid. .github/workflows/ci.yaml (Line: 176, Col: 14): Unrecognized named-value: 'TRIVY_VERSION'. Located at position 1 within expression: TRIVY_VERSION
mkdir ./trivy-temp/
wget https://github.com/aquasecurity/trivy/releases/download/v${{ TRIVY_VERSION }}/trivy_${{ TRIVY_VERSION }}_Linux-64bit.tar.gz -O - | tar -xzvf - -C ./trivy-temp/
mkdir -p ~/.local/bin/
cp ./trivy-temp/trivy /home/vscode/.local/bin/
rm -rf ./trivy-temp/
- name: Static Analysis - trivy
run: |
make static-analysis-trivy