-
Notifications
You must be signed in to change notification settings - Fork 1
160 lines (134 loc) · 4.06 KB
/
ci_lint_and_test.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
name: ci_lint_and_test
on:
pull_request:
branches: [main]
push:
branches: [main]
merge_group:
jobs:
run-pre-commit:
name: Run pre-commit
runs-on: ubuntu-latest
steps:
- name: Checkout Code Repository
uses: actions/checkout@v4
- name: Run pre-commit
uses: pre-commit/[email protected]
env:
SKIP: no-commit-to-branch
run-tests:
name: Run tests
runs-on: ubuntu-latest
steps:
- name: Checkout source code
uses: actions/[email protected]
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Set up Python 3.12
uses: actions/[email protected]
with:
python-version: "3.12"
- name: pip install tests dependencies
run: |
pip3 install -r src/tests/requirements.txt
- name: Run python tests with coverage
env:
SPARQL_USERNAME: ${{ secrets.SPARQL_USERNAME }}
SPARQL_PASSWORD: ${{ secrets.SPARQL_PASSWORD }}
id: run_python_tests
run: coverage run --source . -m pytest
- name: Generate coverage XML
run: coverage xml
- name: Upload coverage to CodeClimate
uses: paambaati/[email protected]
env:
CC_TEST_REPORTER_ID: ${{secrets.CC_TEST_REPORTER_ID}}
terraform_format:
runs-on: ubuntu-latest
steps:
- name: Checkout source code
uses: actions/[email protected]
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Setup Terraform
uses: hashicorp/[email protected]
continue-on-error: false
- name: Run Terraform format
id: run_terraform_validate
run: |
set -e
set -o pipefail
cd terraform
terraform fmt -check -recursive
continue-on-error: false
terraform_lint:
runs-on: ubuntu-latest
steps:
- name: Checkout source code
uses: actions/[email protected]
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Install TFLint
uses: terraform-linters/[email protected]
with:
tflint_version: v0.38.1
continue-on-error: false
- name: Run TFLint
id: run_tflint
run: |
tflint --init
tflint -f compact --loglevel warn
terraform_validate:
runs-on: ubuntu-latest
steps:
- name: Checkout source code
uses: actions/[email protected]
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Get terraform version
id: get-terraform-version
run: |
DOTFILE_VERSION=$(cat terraform/.terraform-version)
echo "version=$DOTFILE_VERSION" >> $GITHUB_OUTPUT
- name: Setup Terraform
uses: hashicorp/[email protected]
continue-on-error: false
with:
terraform_version: ${{ steps.get-terraform-version.outputs.version }}
- name: Run Terraform Validate
id: run_terraform_validate
run: |
set -e
set -o pipefail
cd terraform
terraform init -backend=false
terraform validate -no-color
continue-on-error: false
tfsec-pr-commenter:
name: tfsec PR commenter
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
steps:
- name: Clone repo
uses: actions/checkout@v4
- name: tfsec
uses: aquasecurity/[email protected]
with:
github_token: ${{ github.token }}
working_directory: "terraform"
terraform_plan-staging:
uses: ./.github/workflows/terraform_plan.yml
secrets:
aws_oidc_role_arn: ${{ secrets.AWS_OIDC_ROLE_ARN }}
account_id: ${{ secrets.STAGING_ACCOUNT_ID }}
workspace: tna-staging
app_env: staging
terraform_plan-production:
uses: ./.github/workflows/terraform_plan.yml
secrets:
aws_oidc_role_arn: ${{ secrets.AWS_OIDC_ROLE_ARN_PROD }}
account_id: ${{ secrets.PROD_ACCOUNT_ID }}
workspace: tna-prod
app_env: production