setup ci #377
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | ||
on: [push] | ||
env: | ||
PYTHON_VERSION: 3.11.5 | ||
jobs: | ||
honeypot: | ||
runs-on: ubuntu-22.04 | ||
defaults: | ||
run: | ||
working-directory: packages/honeypot/ | ||
steps: | ||
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | ||
# Adapted from https://github.com/actions/setup-python/blob/main/docs/advanced-usage.md#caching-packages | ||
- name: Check pipx version | ||
# Make sure the version of pipx doesn't unexpectedly change | ||
# If this change looks legitimate (i.e. Github updating the vendored version, or coming after a change to the runner OS version) update the hard-coded version below | ||
run: | | ||
pipx --version | ||
pipx --version | grep "1.6.0" | ||
- name: Install poetry | ||
run: | | ||
pipx install poetry==1.5.1 | ||
- uses: actions/setup-python@bd6b4b6205c4dbad673328db7b31b7fab9e241c0 # v4.6.1 | ||
with: | ||
python-version: ${{ env.PYTHON_VERSION }} | ||
cache: "poetry" | ||
- run: | | ||
poetry install | ||
- name: Check Formatting | ||
run: | | ||
make check-format | ||
- name: Lint | ||
run: | | ||
make lint | ||
- name: Static Analysis - pyre | ||
run: | | ||
make static-analysis-pyre | ||
- name: Static Analysis - mypy | ||
run: | | ||
make static-analysis-mypy | ||
- name: Unit Tests | ||
run: | | ||
make test-unit | ||
- name: Check Docker Version | ||
# Make sure the version of Docker doesn't unexpectedly change and doesn't drift much from what's used in Codespaces | ||
# If this change looks legitimate (i.e. Github updating the vendored version, or coming after a change to the runner OS version) update the hard-coded version below | ||
run: | | ||
docker --version | ||
docker --version | grep "Docker version 26.1.3" | ||
- name: Smoke Tests - Server Startup | ||
run: | | ||
make start-docker-simple-http | ||
- name: Smoke Tests - Health Check | ||
run: | | ||
sleep 5 | ||
curl --fail http://127.0.0.1:8000/healthcheck | ||
- name: Smoke Tests - Server Shutdown | ||
run: | | ||
make stop-docker-simple-http | ||
aws-cloudformation: | ||
runs-on: ubuntu-22.04 | ||
env: | ||
CFN_GUARD_VERSION: 3.0.0 | ||
defaults: | ||
run: | ||
working-directory: packages/aws-cloudformation/ | ||
steps: | ||
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | ||
- name: Setup Python and Caching for cfn-lint Install | ||
uses: actions/setup-python@bd6b4b6205c4dbad673328db7b31b7fab9e241c0 # v4.6.1 | ||
with: | ||
python-version: ${{ env.PYTHON_VERSION }} | ||
cache: "pip" | ||
- name: Check pip version | ||
# Make sure the version of pip doesn't unexpectedly change (it's unclear if actions/setup-python pins it or not) and doesn't drift much from what's used in Codespaces | ||
# If this change looks legitimate (i.e. actions/setup-python updating the vendored version) update the hard-coded version below | ||
run: | | ||
pip --version | ||
pip --version | grep "24.2" | ||
- name: Install cfn-lint | ||
run: | | ||
pip install cfn-lint=='0.79.5' | ||
- name: Lint | ||
run: | | ||
make lint | ||
- name: Cache cfn-guard | ||
id: cache-cfn-guard | ||
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 | ||
with: | ||
path: ~/.local/bin/cfn-guard | ||
key: cfn-guard-v${{ env.CFN_GUARD_VERSION }} | ||
- name: Install cfn-guard | ||
if: steps.cache-cfn-guard.outputs.cache-hit != 'true' | ||
# This is partially duplicated in .devcontainer/Dockerfile, with the copy target being the only difference | ||
run: | | ||
mkdir ./cfn-guard-temp/ | ||
wget https://github.com/aws-cloudformation/cloudformation-guard/releases/download/${{ env.CFN_GUARD_VERSION }}/cfn-guard-v3-ubuntu-latest.tar.gz -O - | tar -xzvf - -C ./cfn-guard-temp/ | ||
mkdir -p ~/.local/bin/ | ||
cp ./cfn-guard-temp/cfn-guard-v3-ubuntu-latest/cfn-guard ~/.local/bin/ | ||
rm -rf ./cfn-guard-temp/ | ||
- name: Static Analysis - guard | ||
run: | | ||
make static-analysis-guard | ||
aws-terraform: | ||
runs-on: ubuntu-22.04 | ||
env: | ||
TERRAFORM_VERSION: 1.9.5 | ||
TRIVY_VERSION: 0.54.1 | ||
defaults: | ||
run: | ||
working-directory: packages/aws-terraform/ | ||
steps: | ||
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | ||
- name: Cache terraform | ||
id: cache-terraform | ||
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 | ||
with: | ||
path: ~/.local/bin/terraform | ||
key: cfn-terraform-v${{ env.TERRAFORM_VERSION }} | ||
- name: Install terraform | ||
if: steps.cache-terraform.outputs.cache-hit != 'true' | ||
# This is partially duplicated in .devcontainer/Dockerfile, with the copy target being the only difference | ||
run: | | ||
mkdir ./terraform-temp/ | ||
wget https://releases.hashicorp.com/terraform/${{ env.TERRAFORM_VERSION }}/terraform_${{ env.TERRAFORM_VERSION }}_linux_amd64.zip -O ./terraform-temp/terraform.zip | ||
unzip ./terraform-temp/terraform.zip -d ./terraform-temp/ | ||
mkdir -p ~/.local/bin/ | ||
cp ./terraform-temp/terraform ~/.local/bin/ | ||
rm -rf ./terraform-temp/ | ||
- name: Check Formatting | ||
run: | | ||
make check-format | ||
- name: Lint | ||
run: | | ||
make lint | ||
- name: Cache trivy | ||
id: cache-trivy | ||
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 | ||
with: | ||
path: ~/.local/bin/trivy | ||
key: cfn-trivy-v${{ env.TRIVY_VERSION }} | ||
- name: Install trivy | ||
if: steps.cache-trivy.outputs.cache-hit != 'true' | ||
# This is partially duplicated in .devcontainer/Dockerfile, with the copy target being the only difference | ||
run: | | ||
Check failure on line 176 in .github/workflows/ci.yaml GitHub Actions / CIInvalid workflow file
|
||
mkdir ./trivy-temp/ | ||
wget https://github.com/aquasecurity/trivy/releases/download/v${{ TRIVY_VERSION }}/trivy_${{ TRIVY_VERSION }}_Linux-64bit.tar.gz -O - | tar -xzvf - -C ./trivy-temp/ | ||
mkdir -p ~/.local/bin/ | ||
cp ./trivy-temp/trivy /home/vscode/.local/bin/ | ||
rm -rf ./trivy-temp/ | ||
- name: Static Analysis - trivy | ||
run: | | ||
make static-analysis-trivy |