forked from venetoarpa/arpav-cline-backend
-
Notifications
You must be signed in to change notification settings - Fork 1
69 lines (56 loc) · 2.02 KB
/
ci.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
name: CI
run-name: ${{ github.event.schedule && 'Routine vulnerability scan' || 'Continuous Integration' }}
on:
push:
pull_request:
schedule:
- cron: "30 12 * * *" # runs everyday at 12h30
env:
PUBLISH_IMAGE: ${{ (github.ref_name == 'main' || github.ref_type == 'tag') && 'TRUE' || 'FALSE'}}
IMAGE_TAG: ${{ github.ref_name == 'main' && 'latest' || github.ref_name }}
IMAGE_NAME: ghcr.io/${{ github.repository }}/arpav-ppcv-backend
jobs:
run-dagger-ci:
runs-on: ubuntu-22.04
steps:
- name: grab code
uses: actions/checkout@v4
- name: setup Python
uses: actions/setup-python@v5
with:
python-version: "3.10"
cache: pip
cache-dependency-path: docker/backend/project_requirements.txt
- name: setup poetry
uses: Gr1N/setup-poetry@v9
with:
poetry-version: "1.7.1"
- name: install code with dev dependencies
run: poetry install --with dev
- name: login to container registry
if: ${{ env.PUBLISH_IMAGE == 'TRUE' }}
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: run ci
uses: dagger/dagger-for-github@v5
with:
verb: run
# not including the `--with-linter` and `--with-formatter` flags yet,
# in order to not break CI - we will fix linting and formatting errors
# shortly
args: >-
poetry run python tests/ci/main.py
--with-tests
${{ env.PUBLISH_IMAGE == 'TRUE' && format('--publish-docker-image {0}:{1}', env.IMAGE_NAME, env.IMAGE_TAG) || ''}}
version: 0.9.9
# Periodically scan built image for vulnerabilities
- name: run security scanning
if: ${{ github.event.schedule }}
uses: dagger/dagger-for-github@v5
with:
verb: run
args: poetry run python tests/ci/main.py --with-security-scan
version: 0.9.9