Add support for AssumeRole in AWS remote handlers (#13) #92
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Test & Linting | |
env: | |
DEFAULT_PYTHON: "3.11" | |
PRE_COMMIT_CACHE: ~/.cache/pre-commit | |
KEY_PREFIX: base-venv | |
CACHE_VERSION: 1 | |
# yamllint disable-line rule:truthy | |
on: | |
push: | |
pull_request: | |
types: [opened, synchronize] | |
branches: main | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
cancel-in-progress: true | |
jobs: | |
prepare-base: | |
name: Prepare base dependencies | |
if: github.event_name == 'push' | |
runs-on: ubuntu-latest | |
timeout-minutes: 10 | |
outputs: | |
python-key: ${{ steps.generate-python-key.outputs.key }} | |
pre-commit-key: ${{ steps.generate-pre-commit-key.outputs.key }} | |
steps: | |
- name: Check out code from GitHub | |
uses: actions/checkout@v3.5.2 | |
- name: Set up Python ${{ env.DEFAULT_PYTHON }} | |
id: python | |
uses: actions/setup-python@v4.6.0 | |
with: | |
python-version: ${{ env.DEFAULT_PYTHON }} | |
check-latest: true | |
- name: Generate partial Python venv restore key | |
id: generate-python-key | |
run: >- | |
echo "key=${{ env.KEY_PREFIX }}-${{ env.CACHE_VERSION }}-${{ hashFiles('pyproject.toml') }}" >> | |
$GITHUB_OUTPUT | |
- name: Restore Python virtual environment | |
id: cache-venv | |
uses: actions/cache@v3.3.1 | |
with: | |
path: venv | |
key: >- | |
${{ runner.os }}-${{ steps.python.outputs.python-version }}-${{ | |
steps.generate-python-key.outputs.key }} | |
- name: Create Python virtual environment | |
if: steps.cache-venv.outputs.cache-hit != 'true' | |
run: | | |
python -m venv venv | |
. venv/bin/activate | |
python -m pip install -U pip setuptools wheel | |
pip install -U ".[dev]" | |
docker pull localstack/localstack | |
- name: Generate pre-commit restore key | |
id: generate-pre-commit-key | |
run: >- | |
echo "key=pre-commit-${{ env.CACHE_VERSION }}-${{ | |
hashFiles('.pre-commit-config.yaml') }}" >> $GITHUB_OUTPUT | |
- name: Restore pre-commit environment | |
id: cache-precommit | |
uses: actions/cache@v3.3.1 | |
with: | |
path: ${{ env.PRE_COMMIT_CACHE }} | |
key: >- | |
${{ runner.os }}-${{ steps.generate-pre-commit-key.outputs.key }} | |
- name: Install pre-commit dependencies | |
if: steps.cache-precommit.outputs.cache-hit != 'true' | |
run: | | |
. venv/bin/activate | |
pre-commit install --install-hooks | |
lint-ruff: | |
name: ruff | |
if: github.event_name == 'push' | |
runs-on: ubuntu-latest | |
timeout-minutes: 10 | |
needs: prepare-base | |
steps: | |
- name: Check out code from GitHub | |
uses: actions/checkout@v3.5.2 | |
- name: Set up Python ${{ env.DEFAULT_PYTHON }} | |
id: python | |
uses: actions/setup-python@v4.6.0 | |
with: | |
python-version: ${{ env.DEFAULT_PYTHON }} | |
check-latest: true | |
- name: Restore Python virtual environment | |
id: cache-venv | |
uses: actions/cache@v3.3.1 | |
with: | |
path: venv | |
fail-on-cache-miss: true | |
key: ${{ runner.os }}-${{ steps.python.outputs.python-version }}-${{ | |
needs.prepare-base.outputs.python-key }} | |
- name: Restore pre-commit environment | |
id: cache-precommit | |
uses: actions/cache@v3.3.1 | |
with: | |
path: ${{ env.PRE_COMMIT_CACHE }} | |
fail-on-cache-miss: true | |
key: ${{ runner.os }}-${{ needs.prepare-base.outputs.pre-commit-key }} | |
- name: Register ruff problem matcher | |
run: | | |
echo "::add-matcher::.github/workflows/matchers/ruff.json" | |
- name: Run ruff | |
run: | | |
. venv/bin/activate | |
pre-commit run --hook-stage manual ruff --all-files --show-diff-on-failure | |
lint-black: | |
name: black | |
if: github.event_name == 'push' | |
runs-on: ubuntu-latest | |
timeout-minutes: 10 | |
needs: prepare-base | |
steps: | |
- name: Check out code from GitHub | |
uses: actions/checkout@v3.5.2 | |
- name: Set up Python ${{ env.DEFAULT_PYTHON }} | |
id: python | |
uses: actions/setup-python@v4.6.0 | |
with: | |
python-version: ${{ env.DEFAULT_PYTHON }} | |
check-latest: true | |
- name: Restore Python virtual environment | |
id: cache-venv | |
uses: actions/cache@v3.3.1 | |
with: | |
path: venv | |
fail-on-cache-miss: true | |
key: ${{ runner.os }}-${{ steps.python.outputs.python-version }}-${{ | |
needs.prepare-base.outputs.python-key }} | |
- name: Restore pre-commit environment | |
id: cache-precommit | |
uses: actions/cache@v3.3.1 | |
with: | |
path: ${{ env.PRE_COMMIT_CACHE }} | |
fail-on-cache-miss: true | |
key: ${{ runner.os }}-${{ needs.prepare-base.outputs.pre-commit-key }} | |
- name: Run black checks | |
run: | | |
. venv/bin/activate | |
pre-commit run --hook-stage manual black --all-files --show-diff-on-failure | |
pylint: | |
name: Check pylint | |
if: github.event_name == 'push' | |
runs-on: ubuntu-latest | |
timeout-minutes: 10 | |
needs: prepare-base | |
steps: | |
- name: Check out code from GitHub | |
uses: actions/checkout@v3.5.2 | |
- name: Set up Python ${{ env.DEFAULT_PYTHON }} | |
id: python | |
uses: actions/setup-python@v4.6.0 | |
with: | |
python-version: ${{ env.DEFAULT_PYTHON }} | |
check-latest: true | |
- name: Restore Python virtual environment | |
id: cache-venv | |
uses: actions/cache@v3.3.1 | |
with: | |
path: venv | |
fail-on-cache-miss: true | |
key: ${{ runner.os }}-${{ steps.python.outputs.python-version }}-${{ | |
needs.prepare-base.outputs.python-key }} | |
- name: Restore pre-commit environment | |
id: cache-precommit | |
uses: actions/cache@v3.3.1 | |
with: | |
path: ${{ env.PRE_COMMIT_CACHE }} | |
fail-on-cache-miss: true | |
key: ${{ runner.os }}-${{ needs.prepare-base.outputs.pre-commit-key }} | |
- name: Register pylint problem matcher | |
run: | | |
echo "::add-matcher::.github/workflows/matchers/pylint.json" | |
- name: Run pylint checks | |
run: | | |
. venv/bin/activate | |
pip install -U . | |
pre-commit run --hook-stage manual pylint --all-files | |
mypy: | |
name: Check mypy | |
if: github.event_name == 'push' | |
runs-on: ubuntu-latest | |
timeout-minutes: 10 | |
needs: prepare-base | |
steps: | |
- name: Check out code from GitHub | |
uses: actions/checkout@v3.5.2 | |
- name: Set up Python ${{ env.DEFAULT_PYTHON }} | |
id: python | |
uses: actions/setup-python@v4.6.0 | |
with: | |
python-version: ${{ env.DEFAULT_PYTHON }} | |
check-latest: true | |
- name: Restore Python virtual environment | |
id: cache-venv | |
uses: actions/cache@v3.3.1 | |
with: | |
path: venv | |
fail-on-cache-miss: true | |
key: ${{ runner.os }}-${{ steps.python.outputs.python-version }}-${{ | |
needs.prepare-base.outputs.python-key }} | |
- name: Restore pre-commit environment | |
id: cache-precommit | |
uses: actions/cache@v3.3.1 | |
with: | |
path: ${{ env.PRE_COMMIT_CACHE }} | |
fail-on-cache-miss: true | |
key: ${{ runner.os }}-${{ needs.prepare-base.outputs.pre-commit-key }} | |
- name: Register mypy problem matcher | |
run: | | |
echo "::add-matcher::.github/workflows/matchers/mypy.json" | |
- name: Run mypy checks | |
run: | | |
. venv/bin/activate | |
pip install -U . | |
pre-commit run mypy --all-files | |
lint-other: | |
name: Run other linters | |
if: github.event_name == 'push' | |
runs-on: ubuntu-latest | |
timeout-minutes: 10 | |
needs: prepare-base | |
steps: | |
- name: Check out code from GitHub | |
uses: actions/checkout@v3.5.2 | |
- name: Set up Python ${{ env.DEFAULT_PYTHON }} | |
id: python | |
uses: actions/setup-python@v4.6.0 | |
with: | |
python-version: ${{ env.DEFAULT_PYTHON }} | |
check-latest: true | |
- name: Restore Python virtual environment | |
id: cache-venv | |
uses: actions/cache@v3.3.1 | |
with: | |
path: venv | |
fail-on-cache-miss: true | |
key: ${{ runner.os }}-${{ steps.python.outputs.python-version }}-${{ | |
needs.prepare-base.outputs.python-key }} | |
- name: Restore pre-commit environment | |
id: cache-precommit | |
uses: actions/cache@v3.3.1 | |
with: | |
path: ${{ env.PRE_COMMIT_CACHE }} | |
fail-on-cache-miss: true | |
key: ${{ runner.os }}-${{ needs.prepare-base.outputs.pre-commit-key }} | |
- name: Register yamllint problem matcher | |
run: | | |
echo "::add-matcher::.github/workflows/matchers/yamllint.json" | |
- name: Run yamllint | |
run: | | |
. venv/bin/activate | |
pre-commit run --hook-stage manual yamllint --all-files --show-diff-on-failure | |
- name: Register check-json problem matcher | |
run: | | |
echo "::add-matcher::.github/workflows/matchers/check-json5.json" | |
- name: Run check-json5 | |
run: | | |
. venv/bin/activate | |
pre-commit run --hook-stage manual check-json5 --all-files | |
- name: Register check executables problem matcher | |
run: | | |
echo "::add-matcher::.github/workflows/matchers/check-executables-have-shebangs.json" | |
- name: Run executables check | |
run: | | |
. venv/bin/activate | |
pre-commit run --hook-stage manual check-executables-have-shebangs --all-files | |
- name: Register codespell problem matcher | |
run: | | |
echo "::add-matcher::.github/workflows/matchers/codespell.json" | |
- name: Run codespell | |
run: | | |
. venv/bin/activate | |
pre-commit run --show-diff-on-failure --hook-stage manual codespell --all-files | |
- name: Run prettier | |
run: | | |
. venv/bin/activate | |
pre-commit run --hook-stage manual prettier --all-files | |
- name: Run bandit (fully) | |
run: | | |
. venv/bin/activate | |
pre-commit run --hook-stage manual bandit --all-files --show-diff-on-failure | |
test: | |
name: test | |
if: github.event_name == 'push' | |
runs-on: ubuntu-latest | |
timeout-minutes: 10 | |
needs: prepare-base | |
steps: | |
- name: Check out code from GitHub | |
uses: actions/checkout@v3.5.2 | |
- name: Set up Python ${{ env.DEFAULT_PYTHON }} | |
id: python | |
uses: actions/setup-python@v4.6.0 | |
with: | |
python-version: ${{ env.DEFAULT_PYTHON }} | |
check-latest: true | |
- name: Restore Python virtual environment | |
id: cache-venv | |
uses: actions/cache@v3.3.1 | |
with: | |
path: venv | |
fail-on-cache-miss: true | |
key: ${{ runner.os }}-${{ steps.python.outputs.python-version }}-${{ | |
needs.prepare-base.outputs.python-key }} | |
- name: Start LocalStack | |
run: | | |
. venv/bin/activate | |
localstack start -d # Start LocalStack in the background | |
echo "Waiting for LocalStack startup..." # Wait 30 seconds for the LocalStack container | |
localstack wait -t 30 # to become ready before timing out | |
echo "Startup complete" | |
- name: Run tests | |
env: | |
ECS_AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
ECS_AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} | |
ECS_AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
run: | | |
. venv/bin/activate | |
pip install -U . | |
python -m pytest --cov="opentaskpy.addons.aws" --cov="opentaskpy.plugins.aws" --cov-report=xml | |
- name: Debugging with ssh | |
uses: lhotari/action-upterm@v1 | |
if: ${{ failure() }} | |
with: | |
# If no one connects after 5 minutes, shut down server. | |
wait-timeout-minutes: 5 | |
env: | |
ECS_AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
ECS_AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} | |
ECS_AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
- name: Upload coverage reports to Codecov | |
uses: codecov/codecov-action@v3 | |
env: | |
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
changelog: | |
name: Check Changelog | |
if: github.event_name == 'pull_request' | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v1 | |
- name: Changelog check | |
uses: Zomzog/changelog-checker@v1.2.0 | |
with: | |
fileName: CHANGELOG.md | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |