Skip to content

Bump actions/setup-python from 4 to 5 #83

Bump actions/setup-python from 4 to 5

Bump actions/setup-python from 4 to 5 #83

Workflow file for this run

name: Check code on pull requests & subsequent pushes
on:
pull_request:
branches:
- staging
- production
jobs:
tests:
name: run tests
runs-on: ubuntu-20.04
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version-file: ".python-version"
cache: "pip"
cache-dependency-path: "pyproject.toml"
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -e .[pdf,picture]
- name: Start LocalStack
env:
LOCALSTACK_S3_ENDPOINT_URL: http://localhost:4566
AWS_ACCESS_KEY_ID: test
AWS_SECRET_ACCESS_KEY: test
run: |
# install LocalStack cli and awslocal
pip install localstack awscli-local
# Make sure to pull the latest version of the image
docker pull localstack/localstack
# Start LocalStack in the background
localstack start -d
# Wait 30 seconds for the LocalStack container to become ready before timing out
echo "Waiting for LocalStack startup..."
localstack wait -t 30
echo "Startup complete"
- name: Test
env:
LOCALSTACK_S3_ENDPOINT_URL: http://localhost:4566
AWS_ACCESS_KEY_ID: test
AWS_SECRET_ACCESS_KEY: test
run: python -m unittest discover -s tests 2>&1 | tee test-report.txt
- name: Archive test results
uses: actions/upload-artifact@v3
if: always()
with:
name: test-results
path: test-report.txt
retention-days: 5
lint_and_scan:
name: run linting and sonarqube scan
runs-on: ubuntu-20.04
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: "0"
- uses: actions/setup-python@v5
with:
python-version-file: ".python-version"
cache: "pip"
cache-dependency-path: "pyproject.toml"
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -e .[pdf,picture]
pip install pylint coverage
- name: lint
run: pylint --output=lint-report.txt --output-format=parseable ./src
- name: Start LocalStack
env:
LOCALSTACK_S3_ENDPOINT_URL: http://localhost:4566
AWS_ACCESS_KEY_ID: test
AWS_SECRET_ACCESS_KEY: test
run: |
# install LocalStack cli and awslocal
pip install localstack awscli-local
# Make sure to pull the latest version of the image
docker pull localstack/localstack
# Start LocalStack in the background
localstack start -d
# Wait 30 seconds for the LocalStack container to become ready before timing out
echo "Waiting for LocalStack startup..."
localstack wait -t 30
echo "Startup complete"
- name: Run tests with coverage
env:
LOCALSTACK_S3_ENDPOINT_URL: http://localhost:4566
AWS_ACCESS_KEY_ID: test
AWS_SECRET_ACCESS_KEY: test
run: python -m coverage run -m unittest discover -s tests
- name: Create coverage report
run: python -m coverage xml
- name: SonarQube Scan
if: ${{ github.actor != 'dependabot[bot]' }}
uses: kitabisa/sonarqube-action@v1.2.1
with:
host: ${{ secrets.SONAR_HOST }}
login: ${{ secrets.SONAR_TOKEN }}
projectKey: ${{ secrets.SONAR_PROJECTKEY }}
- name: Archive lint results
uses: actions/upload-artifact@v3
if: always()
with:
name: lint-results
path: lint-report.txt
retention-days: 5
dependency-check:
name: run owasp dependency check
runs-on: ubuntu-20.04
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version-file: '.python-version'
cache: 'pip'
cache-dependency-path: "pyproject.toml"
- name: Install pypa/build
run: >-
python -m
pip install
build
--user
- name: Run owasp dependency check
uses: dependency-check/Dependency-Check_Action@main
with:
project: 's3-metadata-tagger'
path: '.'
format: 'HTML'
args: >
--failOnCVSS 6
--exclude **/examples/**
- name: Upload Test results
uses: actions/upload-artifact@master
if: always()
with:
name: dependency-check-results
path: ${{github.workspace}}/reports
retention-days: 5
trivy-check:
name: run trivy vulnerability scanner
runs-on: ubuntu-20.04
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Run Trivy vulnerability scanner in fs mode
uses: aquasecurity/trivy-action@master
with:
scan-type: 'fs'
scan-ref: '.'
format: template
template: '@/contrib/html.tpl'
exit-code: 1
severity: CRITICAL,HIGH
skip-dirs: /github/workspace/examples
- name: Archive trivy results
uses: actions/upload-artifact@v3
if: always()
with:
name: trivy-results
path: trivy-results.html
retention-days: 5