-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add better reporitng of code coverage and trivy report comment
- Loading branch information
1 parent
0a1bffb
commit 38f70e6
Showing
6 changed files
with
301 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,199 @@ | ||
name: Continuous Integration | ||
|
||
on: | ||
push: | ||
branches: [main, master] | ||
pull_request: | ||
|
||
jobs: | ||
lints: | ||
name: Run linters | ||
runs-on: ubuntu-latest | ||
timeout-minutes: 15 | ||
permissions: | ||
checks: write | ||
pull-requests: write | ||
steps: | ||
- uses: actions/checkout@v4 | ||
- uses: actions/setup-python@v4 | ||
with: | ||
python-version: "3.11" | ||
|
||
- name: Cache pre-commit | ||
uses: actions/cache@v3 | ||
with: | ||
path: ~/.cache/pre-commit | ||
key: pre-commit-3|${{ env.pythonLocation }}|${{ hashFiles('.pre-commit-config.yaml') }} | ||
|
||
- name: Install pre-commit | ||
run: pip3 install pre-commit | ||
|
||
- name: Run pre-commit checks | ||
run: pre-commit run --all-files --show-diff-on-failure --color always | ||
|
||
- name: Run Trivy vulnerability scanner | ||
uses: aquasecurity/trivy-action@master | ||
with: | ||
scan-type: "fs" | ||
ignore-unfixed: true | ||
exit-code: 0 # change if you want to fail build on vulnerabilities | ||
severity: "CRITICAL,HIGH,MEDIUM" | ||
format: "table" | ||
output: "trivy-scanning-results.txt" | ||
|
||
- name: Format trivy message | ||
run: | | ||
echo "Trivy scanning results." >> trivy.txt | ||
cat trivy-scanning-results.txt >> trivy.txt | ||
- name: Add trivy report to PR | ||
uses: thollander/actions-comment-pull-request@v2 | ||
continue-on-error: true | ||
if: ${{ github.event_name == 'pull_request' }} | ||
with: | ||
filePath: trivy.txt | ||
reactions: "" | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
comment_tag: trivy | ||
|
||
- name: Create venv | ||
run: . ./setup_dev_env.sh | ||
|
||
- name: Check licenses | ||
run: ./check_licenses.sh | ||
|
||
- name: Generate pip freeze | ||
run: | | ||
source venv/bin/activate | ||
pip freeze > requirements-freeze.txt | ||
- name: Publish Artefacts | ||
uses: actions/upload-artifact@v3 | ||
if: always() | ||
continue-on-error: true | ||
with: | ||
name: results | ||
path: | | ||
requirements-freeze.txt | ||
licenses.txt | ||
trivy-scanning-results.txt | ||
retention-days: 30 | ||
|
||
- name: Publish Test Report | ||
uses: actions/upload-artifact@v3 | ||
if: always() | ||
continue-on-error: true | ||
with: | ||
name: test-report | ||
path: report.xml | ||
retention-days: 10 | ||
|
||
- name: Validate package build | ||
run: | | ||
source venv/bin/activate | ||
python -m pip install -U build | ||
python -m build | ||
- name: Publish Package | ||
uses: actions/upload-artifact@v3 | ||
continue-on-error: true | ||
if: success() | ||
with: | ||
name: packages | ||
path: dist/** | ||
retention-days: 3 | ||
|
||
tests: | ||
name: Run tests | ||
runs-on: ubuntu-latest | ||
timeout-minutes: 15 | ||
permissions: | ||
checks: write | ||
pull-requests: write | ||
contents: write # required for advanced coverage reporting (to keep branch) | ||
strategy: | ||
fail-fast: false # do not stop all jobs if one fails | ||
matrix: | ||
include: | ||
- python-version: "3.11" | ||
steps: | ||
- uses: actions/checkout@v4 | ||
- name: Set up Python ${{ matrix.python-version }} | ||
uses: actions/setup-python@v4 | ||
with: | ||
python-version: ${{ matrix.python-version }} | ||
|
||
- name: Cache Dependencies | ||
uses: actions/cache@v3 | ||
with: | ||
path: ~/.cache/pip | ||
key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements-dev.txt') }}-${{ hashFiles('**/setup.cfg') }}-${{ hashFiles('**/pyproject.toml') }} | ||
restore-keys: | | ||
${{ runner.os }}-pip- | ||
- name: Install Dependencies | ||
run: pip install -r requirements-dev.txt | ||
|
||
- name: Run Tests With Coverage | ||
run: | | ||
# run with coverage to not execute tests twice | ||
coverage run -m pytest -v -p no:warnings --junitxml=report.xml tests/ | ||
coverage report | ||
coverage xml | ||
- name: Test Report | ||
uses: mikepenz/action-junit-report@v4 | ||
continue-on-error: true | ||
if: always() | ||
with: | ||
report_paths: 'report.xml' | ||
|
||
- name: Publish Test Report | ||
uses: actions/upload-artifact@v3 | ||
continue-on-error: true | ||
if: always() | ||
with: | ||
name: test-report | ||
path: report.xml | ||
retention-days: 10 | ||
|
||
# simpler version for code coverage reporting | ||
# - name: Produce Coverage report | ||
# uses: 5monkeys/cobertura-action@v13 | ||
# continue-on-error: true | ||
# with: | ||
# path: coverage.xml | ||
# minimum_coverage: 70 | ||
# fail_below_threshold: false | ||
|
||
# more complex version for better coverage reporting | ||
- name: Produce the coverage report | ||
uses: insightsengineering/coverage-action@v2 | ||
continue-on-error: true | ||
with: | ||
# Path to the Cobertura XML report. | ||
path: coverage.xml | ||
# Minimum total coverage, if you want to the | ||
# workflow to enforce it as a standard. | ||
# This has no effect if the `fail` arg is set to `false`. | ||
threshold: 60 | ||
# Fail the workflow if the minimum code coverage | ||
# reuqirements are not satisfied. | ||
fail: false | ||
# Publish the rendered output as a PR comment | ||
publish: true | ||
# Create a coverage diff report. | ||
diff: true | ||
# Branch to diff against. | ||
# Compare the current coverage to the coverage | ||
# determined on this branch. | ||
diff-branch: ${{ github.event.repository.default_branch }} | ||
# make report togglable | ||
togglable-report: true | ||
# This is where the coverage reports for the | ||
# `diff-branch` are stored. | ||
# Branch is created if it doesn't already exist'. | ||
diff-storage: _xml_coverage_reports | ||
# A custom title that can be added to the code | ||
# coverage summary in the PR comment. | ||
coverage-summary-title: "Code Coverage Summary" |
36 changes: 36 additions & 0 deletions
36
{{ cookiecutter.repo_name }}/.github/workflows/documentation.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
name: Build documentation | ||
|
||
on: | ||
push: | ||
branches: [main, master] | ||
|
||
jobs: | ||
pages: | ||
runs-on: ubuntu-latest | ||
container: python:3.11 | ||
|
||
steps: | ||
- uses: actions/checkout@v4 | ||
|
||
- name: Cache Dependencies | ||
uses: actions/cache@v3 | ||
with: | ||
path: ~/.cache/pip | ||
key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements-dev.txt') }} | ||
restore-keys: | | ||
${{ runner.os }}-pip- | ||
# for best results, it is better to generate | ||
# documentation within development environment | ||
- name: Create venv | ||
run: . ./setup_dev_env.sh | ||
|
||
- name: Build docs | ||
run: ./build_docs.sh | ||
|
||
# Uncomment below to deploy to GitHub Pages | ||
# - name: Deploy | ||
# uses: peaceiris/actions-gh-pages@v3 | ||
# with: | ||
# github_token: ${{ secrets.GITHUB_TOKEN }} | ||
# publish_dir: ./public |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters