ci_lint_and_test #4068
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: ci_lint_and_test | |
on: | |
pull_request: | |
branches: [main] | |
push: | |
branches: [main] | |
merge_group: | |
jobs: | |
run-pre-commit: | |
name: Run pre-commit | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout Code Repository | |
uses: actions/checkout@v4 | |
- name: Run pre-commit | |
uses: pre-commit/[email protected] | |
env: | |
SKIP: no-commit-to-branch | |
run-tests: | |
name: Run tests | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout source code | |
uses: actions/[email protected] | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
- name: Set up Python 3.12 | |
uses: actions/[email protected] | |
with: | |
python-version: "3.12" | |
- name: pip install tests dependencies | |
run: | | |
pip3 install -r src/tests/requirements.txt | |
- name: Run python tests with coverage | |
env: | |
SPARQL_USERNAME: ${{ secrets.SPARQL_USERNAME }} | |
SPARQL_PASSWORD: ${{ secrets.SPARQL_PASSWORD }} | |
id: run_python_tests | |
run: coverage run --source . -m pytest | |
- name: Generate coverage XML | |
run: coverage xml | |
- name: Upload coverage to CodeClimate | |
uses: paambaati/[email protected] | |
env: | |
CC_TEST_REPORTER_ID: ${{secrets.CC_TEST_REPORTER_ID}} | |
terraform_format: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout source code | |
uses: actions/[email protected] | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
- name: Setup Terraform | |
uses: hashicorp/[email protected] | |
continue-on-error: false | |
- name: Run Terraform format | |
id: run_terraform_validate | |
run: | | |
set -e | |
set -o pipefail | |
cd terraform | |
terraform fmt -check -recursive | |
continue-on-error: false | |
terraform_lint: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout source code | |
uses: actions/[email protected] | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
- name: Install TFLint | |
uses: terraform-linters/[email protected] | |
with: | |
tflint_version: v0.38.1 | |
continue-on-error: false | |
- name: Run TFLint | |
id: run_tflint | |
run: | | |
tflint --init | |
tflint -f compact --loglevel warn | |
terraform_validate: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout source code | |
uses: actions/[email protected] | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
- name: Get terraform version | |
id: get-terraform-version | |
run: | | |
DOTFILE_VERSION=$(cat terraform/.terraform-version) | |
echo "version=$DOTFILE_VERSION" >> $GITHUB_OUTPUT | |
- name: Setup Terraform | |
uses: hashicorp/[email protected] | |
continue-on-error: false | |
with: | |
terraform_version: ${{ steps.get-terraform-version.outputs.version }} | |
- name: Run Terraform Validate | |
id: run_terraform_validate | |
run: | | |
set -e | |
set -o pipefail | |
cd terraform | |
terraform init -backend=false | |
terraform validate -no-color | |
continue-on-error: false | |
tfsec-pr-commenter: | |
name: tfsec PR commenter | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
pull-requests: write | |
steps: | |
- name: Clone repo | |
uses: actions/checkout@v4 | |
- name: tfsec | |
uses: aquasecurity/[email protected] | |
with: | |
github_token: ${{ github.token }} | |
working_directory: "terraform" | |
terraform_plan-staging: | |
uses: ./.github/workflows/terraform_plan.yml | |
secrets: | |
aws_oidc_role_arn: ${{ secrets.AWS_OIDC_ROLE_ARN }} | |
account_id: ${{ secrets.STAGING_ACCOUNT_ID }} | |
workspace: tna-staging | |
app_env: staging | |
terraform_plan-production: | |
uses: ./.github/workflows/terraform_plan.yml | |
secrets: | |
aws_oidc_role_arn: ${{ secrets.AWS_OIDC_ROLE_ARN_PROD }} | |
account_id: ${{ secrets.PROD_ACCOUNT_ID }} | |
workspace: tna-prod | |
app_env: production |