Update GitHub Actions workflow configuration to use Poetry

Additionally alters the Makefile to force commands--when applicable--to run within the Poetry venv via `poetry run`.
Backblaze · Mar 20, 2024 · ca8561a · ca8561a
1 parent 8471543
commit ca8561a
Show file tree

Hide file tree

Showing 2 changed files with 68 additions and 12 deletions.
diff --git a/.github/workflows/make-test.yml b/.github/workflows/make-test.yml
@@ -12,9 +12,56 @@ permissions:
 jobs:
   make-test:
     runs-on: ubuntu-latest
+
     steps:
-    - uses: actions/checkout@v3
-    - uses: actions/setup-python@v4
-      with:
-        python-version: '3.10'
-    - run: make test
+      #----------------------------------------------
+      #       check-out repo and set-up python
+      #----------------------------------------------
+      - name: Check out repository
+        uses: actions/checkout@v4
+
+      - name: Set up python
+        id: setup-python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.10'
+
+      #----------------------------------------------
+      #  -----  install & configure poetry  -----
+      #----------------------------------------------
+      - name: Install Poetry
+        uses: snok/install-poetry@v1
+        with:
+          virtualenvs-create: true
+          virtualenvs-in-project: true
+          installer-parallel: true
+
+      #----------------------------------------------
+      #       load cached venv if cache exists
+      #----------------------------------------------
+      - name: Load cached venv
+        id: cached-poetry-dependencies
+        uses: actions/cache@v3
+        with:
+          path: .venv
+          key: venv-${{ runner.os }}-${{ steps.setup-python.outputs.python-version }}-${{ hashFiles('**/poetry.lock') }}
+
+      #----------------------------------------------
+      # install dependencies if cache does not exist
+      #----------------------------------------------
+      - name: Install dependencies
+        if: steps.cached-poetry-dependencies.outputs.cache-hit != 'true'
+        run: poetry install --no-interaction --no-root
+
+      #----------------------------------------------
+      # install your root project, if required
+      #----------------------------------------------
+      - name: Install project
+        run: poetry install --no-interaction
+
+      #----------------------------------------------
+      #              run test suite
+      #----------------------------------------------
+      # Semgrep has issues running in Actions CI/CD within `poetry shell`; install it on the runner
+      - run: pip3 install semgrep
+      - run: make test
diff --git a/Makefile b/Makefile
@@ -27,14 +27,14 @@ develop:
 .PHONY: develop-server
 develop-server: develop
 ifdef BOARDWALKD_SLACK_WEBHOOK_URL
-	boardwalkd serve \
+	poetry run boardwalkd serve \
 		--develop \
 		--host-header-pattern="(localhost|127\.0\.0\.1)" \
 		--port=8888 \
 		--slack-webhook-url="$(BOARDWALKD_SLACK_WEBHOOK_URL)" \
 		--url='http://localhost:8888'
 else
-	boardwalkd serve \
+	poetry run boardwalkd serve \
 		--develop \
 		--host-header-pattern="(localhost|127\.0\.0\.1)" \
 		--port=8888 \
@@ -47,9 +47,9 @@ dist: clean
 # Applys project's required code style
 .PHONY: format
 format:
-	black .
+	poetry run black .
 	@# This is a workaround for https://github.com/facebook/usort/issues/216
-	LIBCST_PARSER_TYPE=native usort format .
+	LIBCST_PARSER_TYPE=native poetry run usort format .
 
 # Installs modules to the local system (via pipx; will need Ansible injected)
 .PHONY: install
@@ -74,25 +74,34 @@ test: test-black test-pyright test-semgrep test-usort
 # Test that code is formatted with black
 .PHONY: test-black
 test-black: develop
-	black . --check
+	poetry run black . --check
 
 # Perform type analysis
 .PHONY: test-pyright
 test-pyright: develop
-	PYRIGHT_PYTHON_FORCE_VERSION=latest pyright
+	PYRIGHT_PYTHON_FORCE_VERSION=latest poetry run pyright
 
 # Perform security static analysis
 .PHONY: test-semgrep
 test-semgrep: develop
+ifndef GITHUB_ACTIONS
+	poetry run semgrep \
+		--config test/semgrep-rules.yml \
+		--config "p/r2c-security-audit" \
+		--config "p/r2c-bug-scan" \
+		--config "p/secrets" \
+		--config "p/dockerfile"
+else
 	semgrep \
 		--config test/semgrep-rules.yml \
 		--config "p/r2c-security-audit" \
 		--config "p/r2c-bug-scan" \
 		--config "p/secrets" \
 		--config "p/dockerfile"
+endif
 
 # Ensure imports are formatted in a uniform way
 .PHONY: test-usort
 test-usort: develop
 	@# This is a workaround for https://github.com/facebook/usort/issues/216
-	LIBCST_PARSER_TYPE=native usort check .
+	LIBCST_PARSER_TYPE=native poetry run usort check .