Add CSP protection via django-csp #756
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Continuous integration | |
on: | |
push: | |
branches: [develop, master] | |
pull_request: | |
env: | |
SECRET_KEY: topsecret123 | |
FIELD_ENCRYPTION_KEYS: f164ec6bd6fbc4aef5647abc15199da0f9badcc1d2127bde2087ae0d794a9a0b | |
jobs: | |
test: | |
name: Tests | |
runs-on: ubuntu-latest | |
services: | |
postgres: | |
image: postgis/postgis:13-3.2 | |
ports: | |
- 5432:5432 | |
options: >- | |
--health-cmd pg_isready | |
--health-interval 10s | |
--health-timeout 5s | |
--health-retries 5 | |
env: | |
POSTGRES_USER: open_city_profile | |
POSTGRES_PASSWORD: open_city_profile | |
POSTGRES_DB: open_city_profile | |
steps: | |
- name: Check out repository | |
uses: actions/checkout@v4 | |
- name: Set up Python 3.11 | |
uses: actions/setup-python@v5 | |
with: | |
python-version: '3.11' | |
- name: Cache pip packages | |
uses: actions/cache@v4 | |
env: | |
cache-name: cache-pip-modules | |
with: | |
path: ~/.pip-cache | |
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/requirements.txt') }}-${{ hashFiles('**/requirements-dev.txt') }} | |
restore-keys: | | |
${{ runner.os }}-build-${{ env.cache-name }}- | |
${{ runner.os }}-build- | |
${{ runner.os }}- | |
- name: Install system packages | |
run: sudo apt-get install -y gdal-bin | |
- name: Install Python dependencies | |
run: | | |
pip install -r requirements.txt -r requirements-dev.txt codecov | |
- name: Run tests | |
run: pytest -ra -vv --doctest-modules --cov=. | |
env: | |
DATABASE_URL: postgres://open_city_profile:open_city_profile@localhost:5432/open_city_profile | |
- name: Coverage | |
run: codecov | |
- name: Database sanitizer config | |
run: ./manage.py check_sanitizerconfig | |
coding-style: | |
name: Coding style | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out repository | |
uses: actions/checkout@v4 | |
- name: Set up Python 3.11 | |
uses: actions/setup-python@v5 | |
with: | |
python-version: '3.11' | |
- name: Cache pip packages | |
uses: actions/cache@v4 | |
env: | |
cache-name: cache-pip-modules | |
with: | |
path: ~/.pip-cache | |
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/requirements.txt') }}-${{ hashFiles('**/requirements-dev.txt') }} | |
restore-keys: | | |
${{ runner.os }}-build-${{ env.cache-name }}- | |
${{ runner.os }}-build- | |
${{ runner.os }}- | |
- name: Install dependencies | |
run: pip install -r requirements.txt -r requirements-dev.txt | |
- name: Linting | |
run: flake8 | |
- name: Import sorting | |
run: isort . --check --diff | |
- name: Formatting | |
run: black --check . |