FT-876: Added OSV
vulnerability-scan job to the CI
#751
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Pyatlan Pull Request Build | |
on: | |
pull_request: | |
workflow_dispatch: | |
jobs: | |
vulnerability-scan: | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
python-version: [3.8, 3.9] | |
steps: | |
- name: Set up Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ matrix.python-version }} | |
- uses: pypa/[email protected] | |
with: | |
# Used pytest (library is in maintenance mode) | |
# We can ignore this vulnerability here | |
# Reference: https://github.com/pytest-dev/py | |
ignore-vulns: | | |
PYSEC-2022-42969 | |
summary: true | |
vulnerability-service: osv | |
inputs: requirements.txt requirements-dev.txt | |
qa-checks-and-unit-tests: | |
needs: [vulnerability-scan] | |
runs-on: ubuntu-latest | |
outputs: | |
files: ${{ steps.distribute-integration-test-files.outputs.files }} | |
strategy: | |
matrix: | |
python-version: [3.8, 3.9] | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Set up Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ matrix.python-version }} | |
- name: Install dependencies | |
run: | | |
python -m pip install --upgrade pip | |
if [ -f requirements.txt ]; then pip install -r requirements.txt; fi | |
if [ -f requirements-dev.txt ]; then pip install -r requirements-dev.txt; fi | |
- name: QA checks (black, flake8, mypy) | |
run: | | |
./qa-checks | |
- name: Run unit tests | |
env: # Test tenant environment variables | |
ATLAN_API_KEY: ${{ secrets.ATLAN_API_KEY }} | |
ATLAN_BASE_URL: ${{ secrets.ATLAN_BASE_URL }} | |
MARK_API_KEY: ${{ secrets.MARK_ATLAN_API_KEY }} | |
MARK_BASE_URL: https://mark.atlan.com | |
# Run with `pytest-sugar` for enhancing the overall test report output | |
run: pytest tests/unit --force-sugar | |
- name: Prepare integration tests distribution | |
id: distribute-integration-test-files | |
run: | | |
test_ignore_file=tests/integration/.testignore.txt | |
files=$(ls tests/integration/test_*.py tests/integration/*_test.py | grep -v -f $test_ignore_file | tr '\n' ' ') | |
json_files=$(echo "${files[@]}" | jq -R -c 'split(" ")[:-1]') | |
echo "files=$json_files" >> $GITHUB_OUTPUT | |
integration-tests: | |
needs: [vulnerability-scan, qa-checks-and-unit-tests] | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
test_file: ${{fromJson(needs.qa-checks-and-unit-tests.outputs.files)}} | |
concurrency: | |
group: ${{ matrix.test_file }} | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Set up Python 3.9 | |
uses: actions/setup-python@v5 | |
with: | |
python-version: 3.9 | |
- name: Install dependencies | |
run: | | |
python -m pip install --upgrade pip | |
if [ -f requirements.txt ]; then pip install -r requirements.txt; fi | |
if [ -f requirements-dev.txt ]; then pip install -r requirements-dev.txt; fi | |
- name: Run integration tests | |
env: # Test tenant environment variables | |
ATLAN_API_KEY: ${{ secrets.ATLAN_API_KEY }} | |
ATLAN_BASE_URL: ${{ secrets.ATLAN_BASE_URL }} | |
MARK_API_KEY: ${{ secrets.MARK_ATLAN_API_KEY }} | |
MARK_BASE_URL: https://mark.atlan.com | |
uses: nick-fields/retry@v3 | |
with: | |
max_attempts: 3 | |
timeout_minutes: 10 # Maximum time per test job; otherwise, the job will fail | |
# Run the integration test file using `pytest-timer` plugin | |
# to display only the durations of the 10 slowest tests with `pytest-sugar` | |
command: pytest ${{ matrix.test_file }} -p name_of_plugin --timer-top-n 10 --force-sugar |