diff --git a/.github/workflows/quality-checks.yml b/.github/workflows/quality-checks.yml index 616a8e3..e748b24 100644 --- a/.github/workflows/quality-checks.yml +++ b/.github/workflows/quality-checks.yml @@ -1,4 +1,4 @@ -name: Quality Checks +name: Quality Checks (Parallelised) on: workflow_call: @@ -18,8 +18,14 @@ on: required: false jobs: - quality_checks: + setup: runs-on: ubuntu-22.04 + outputs: + uses_poetry: ${{ steps.check_poetry.outputs.uses_poetry }} + uses_java: ${{ steps.check_java.outputs.uses_java }} + sam_exists: ${{ steps.check_sam_templates.outputs.sam_exists }} + cf_exists: ${{ steps.check_cf_templates.outputs.cf_exists }} + cdk_exists: ${{ steps.check_cdk.outputs.cdk_exists }} steps: - uses: actions/setup-java@v4 if: ${{ inputs.install_java }} @@ -173,27 +179,87 @@ jobs: echo "cdk_exists=false" >> $GITHUB_OUTPUT fi - - name: Check licenses (Makefile) + lint: + needs: setup + runs-on: ubuntu-22.04 + steps: + - uses: actions/checkout@v4 + - uses: asdf-vm/actions/setup@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 + - uses: actions/cache@v4 + with: + path: ~/.asdf + key: ${{ runner.os }}-asdf-${{ hashFiles('**/.tool-versions') }} + - name: make install + run: make install + - name: Run code lint + run: make lint + + shellcheck: + needs: setup + runs-on: ubuntu-22.04 + steps: + - uses: actions/checkout@v4 + - name: Run ShellCheck + uses: ludeeus/action-shellcheck@master + with: + ignore_paths: >- + *test* + .venv + node_modules + .git + + cfn-lint: + needs: setup + if: needs.setup.outputs.sam_exists == 'true' || needs.setup.outputs.cf_exists == 'true' + runs-on: ubuntu-22.04 + steps: + - uses: actions/checkout@v4 + - name: Run cfn-lint run: | - make check-licenses + pip install cfn-lint + cfn-lint -I "cloudformation/**/*.y*ml" 2>&1 | awk '/Run scan/ { print } /^[EW][0-9]/ { print; getline; print }' + cfn-lint -I "SAMtemplates/**/*.y*ml" 2>&1 | awk '/Run scan/ { print } /^[EW][0-9]/ { print; getline; print }' + + unit-tests: + needs: setup + runs-on: ubuntu-22.04 + steps: + - uses: actions/checkout@v4 + - uses: asdf-vm/actions/setup@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 + - uses: actions/cache@v4 + with: + path: ~/.asdf + key: ${{ runner.os }}-asdf-${{ hashFiles('**/.tool-versions') }} + - name: make install + run: make install + - name: Run unit tests + run: make test + license-checks: + needs: setup + runs-on: ubuntu-22.04 + steps: + - uses: actions/checkout@v4 + - uses: asdf-vm/actions/setup@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 + - uses: actions/cache@v4 + with: + path: ~/.asdf + key: ${{ runner.os }}-asdf-${{ hashFiles('**/.tool-versions') }} + - name: make install + run: make install + - name: Check licenses (Makefile) + run: make check-licenses - name: Check licenses (Python) - if: steps.check_poetry.outputs.uses_poetry == 'true' + if: needs.setup.outputs.uses_poetry == 'true' run: | #!/bin/bash set -euo pipefail - - # Install pip-licenses if not already installed if ! poetry run pip show pip-licenses > /dev/null 2>&1; then - echo "pip-licenses is not detected. Installing..." poetry run pip install pip-licenses fi - - # known packages with dual licensing IGNORE_PACKAGES="PyGithub chardet text-unidecode" LICENSES=$(poetry run pip-licenses --ignore-packages ${IGNORE_PACKAGES}) INCOMPATIBLE_LIBS=$(echo "$LICENSES" | grep 'GPL' || true) - if [[ -z $INCOMPATIBLE_LIBS ]]; then echo "Checked licenses are OK" exit 0 @@ -202,39 +268,21 @@ jobs: echo "$INCOMPATIBLE_LIBS" exit 1 fi - - - name: Run code lint - run: make lint + remaining-checks: + needs: [setup, lint, shellcheck, cfn-lint, unit-tests, license-checks] + runs-on: ubuntu-22.04 + steps: - name: actionlint uses: raven-actions/actionlint@v2 - - name: Run ShellCheck - uses: ludeeus/action-shellcheck@master - with: - ignore_paths: >- - *test* - .venv - node_modules - .git - - - name: Run cfn-lint - if: steps.check_sam_templates.outputs.sam_exists == 'true' || steps.check_cf_templates.outputs.cf_exists == 'true' - run: | - pip install cfn-lint - cfn-lint -I "cloudformation/**/*.y*ml" 2>&1 | awk '/Run scan/ { print } /^[EW][0-9]/ { print; getline; print }' - cfn-lint -I "SAMtemplates/**/*.y*ml" 2>&1 | awk '/Run scan/ { print } /^[EW][0-9]/ { print; getline; print }' - - - name: Run unit tests - run: make test - - name: Run cdk-synth - if: steps.check_cdk.outputs.cdk_exists == 'true' + if: needs.setup.outputs.cdk_exists == 'true' run: | make cdk-synth - name: Install AWS SAM CLI - if: steps.check_sam_templates.outputs.sam_exists == 'true' + if: needs.setup.outputs.sam_exists == 'true' run: | pip install aws-sam-cli @@ -254,7 +302,7 @@ jobs: mkdir -p cfn_guard_output - name: Run cfn-guard script for sam templates - if: steps.check_sam_templates.outputs.sam_exists == 'true' + if: needs.setup.outputs.sam_exists == 'true' run: | #!/usr/bin/env bash set -eou pipefail @@ -279,7 +327,7 @@ jobs: done - name: Run cfn-guard script for cloudformation templates - if: steps.check_cf_templates.outputs.cf_exists == 'true' + if: needs.setup.outputs.cf_exists == 'true' run: | #!/usr/bin/env bash @@ -296,7 +344,7 @@ jobs: done - name: Run cfn-guard script for cdk templates - if: steps.check_cdk.outputs.cdk_exists == 'true' + if: needs.setup.outputs.cf_exists == 'true' run: | #!/usr/bin/env bash @@ -333,12 +381,12 @@ jobs: run: echo "SONAR_TOKEN_EXISTS=true" >> "$GITHUB_ENV" - name: Run SonarQube analysis - if: ${{ steps.check_java.outputs.uses_java == 'true' && env.SONAR_TOKEN_EXISTS == 'true' }} + if: ${{ needs.setup.outputs.uses_java == 'true' && env.SONAR_TOKEN_EXISTS == 'true' }} run: mvn sonar:sonar -Dsonar.login=${{ secrets.SONAR_TOKEN }} - name: SonarCloud Scan uses: SonarSource/sonarqube-scan-action@master - if: ${{ steps.check_java.outputs.uses_java == 'false' && env.SONAR_TOKEN_EXISTS == 'true' }} + if: ${{ needs.setup.outputs.uses_java == 'false' && env.SONAR_TOKEN_EXISTS == 'true' }} env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}