Skip to content

Add wider window for refreshing token in AWS remote handlers (#36) #219

Add wider window for refreshing token in AWS remote handlers (#36)

Add wider window for refreshing token in AWS remote handlers (#36) #219

Workflow file for this run

name: Test & Linting
env:
DEFAULT_PYTHON: "3.11"
PRE_COMMIT_CACHE: ~/.cache/pre-commit
KEY_PREFIX: base-venv
CACHE_VERSION: 1
# yamllint disable-line rule:truthy
on:
push:
pull_request:
types: [opened, synchronize]
branches: main
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
prepare-base:
name: Prepare base dependencies
if: github.event_name == 'push'
runs-on: ubuntu-latest
timeout-minutes: 10
outputs:
python-key: ${{ steps.generate-python-key.outputs.key }}
pre-commit-key: ${{ steps.generate-pre-commit-key.outputs.key }}
steps:
- name: Check out code from GitHub
uses: actions/checkout@v3.5.2
- name: Set up Python ${{ env.DEFAULT_PYTHON }}
id: python
uses: actions/setup-python@v4.6.0
with:
python-version: ${{ env.DEFAULT_PYTHON }}
check-latest: true
- name: Generate partial Python venv restore key
id: generate-python-key
run: >-
echo "key=${{ env.KEY_PREFIX }}-${{ env.CACHE_VERSION }}-${{ hashFiles('pyproject.toml') }}" >>
$GITHUB_OUTPUT
- name: Restore Python virtual environment
id: cache-venv
uses: actions/cache@v3.3.1
with:
path: venv
key: >-
${{ runner.os }}-${{ steps.python.outputs.python-version }}-${{
steps.generate-python-key.outputs.key }}
- name: Create Python virtual environment
if: steps.cache-venv.outputs.cache-hit != 'true'
run: |
python -m venv venv
. venv/bin/activate
python -m pip install -U pip setuptools wheel
pip install -U ".[dev]"
docker pull localstack/localstack
- name: Generate pre-commit restore key
id: generate-pre-commit-key
run: >-
echo "key=pre-commit-${{ env.CACHE_VERSION }}-${{
hashFiles('.pre-commit-config.yaml') }}" >> $GITHUB_OUTPUT
- name: Restore pre-commit environment
id: cache-precommit
uses: actions/cache@v3.3.1
with:
path: ${{ env.PRE_COMMIT_CACHE }}
key: >-
${{ runner.os }}-${{ steps.generate-pre-commit-key.outputs.key }}
- name: Install pre-commit dependencies
if: steps.cache-precommit.outputs.cache-hit != 'true'
run: |
. venv/bin/activate
pre-commit install --install-hooks
lint-ruff:
name: ruff
if: github.event_name == 'push'
runs-on: ubuntu-latest
timeout-minutes: 10
needs: prepare-base
steps:
- name: Check out code from GitHub
uses: actions/checkout@v3.5.2
- name: Set up Python ${{ env.DEFAULT_PYTHON }}
id: python
uses: actions/setup-python@v4.6.0
with:
python-version: ${{ env.DEFAULT_PYTHON }}
check-latest: true
- name: Restore Python virtual environment
id: cache-venv
uses: actions/cache@v3.3.1
with:
path: venv
fail-on-cache-miss: true
key: ${{ runner.os }}-${{ steps.python.outputs.python-version }}-${{
needs.prepare-base.outputs.python-key }}
- name: Restore pre-commit environment
id: cache-precommit
uses: actions/cache@v3.3.1
with:
path: ${{ env.PRE_COMMIT_CACHE }}
fail-on-cache-miss: true
key: ${{ runner.os }}-${{ needs.prepare-base.outputs.pre-commit-key }}
- name: Register ruff problem matcher
run: |
echo "::add-matcher::.github/workflows/matchers/ruff.json"
- name: Run ruff
run: |
. venv/bin/activate
pre-commit run ruff --all-files --show-diff-on-failure
lint-black:
name: black
if: github.event_name == 'push'
runs-on: ubuntu-latest
timeout-minutes: 10
needs: prepare-base
steps:
- name: Check out code from GitHub
uses: actions/checkout@v3.5.2
- name: Set up Python ${{ env.DEFAULT_PYTHON }}
id: python
uses: actions/setup-python@v4.6.0
with:
python-version: ${{ env.DEFAULT_PYTHON }}
check-latest: true
- name: Restore Python virtual environment
id: cache-venv
uses: actions/cache@v3.3.1
with:
path: venv
fail-on-cache-miss: true
key: ${{ runner.os }}-${{ steps.python.outputs.python-version }}-${{
needs.prepare-base.outputs.python-key }}
- name: Restore pre-commit environment
id: cache-precommit
uses: actions/cache@v3.3.1
with:
path: ${{ env.PRE_COMMIT_CACHE }}
fail-on-cache-miss: true
key: ${{ runner.os }}-${{ needs.prepare-base.outputs.pre-commit-key }}
- name: Run black checks
run: |
. venv/bin/activate
pre-commit run black --all-files --show-diff-on-failure
pylint:
name: Check pylint
if: github.event_name == 'push'
runs-on: ubuntu-latest
timeout-minutes: 10
needs: prepare-base
steps:
- name: Check out code from GitHub
uses: actions/checkout@v3.5.2
- name: Set up Python ${{ env.DEFAULT_PYTHON }}
id: python
uses: actions/setup-python@v4.6.0
with:
python-version: ${{ env.DEFAULT_PYTHON }}
check-latest: true
- name: Restore Python virtual environment
id: cache-venv
uses: actions/cache@v3.3.1
with:
path: venv
fail-on-cache-miss: true
key: ${{ runner.os }}-${{ steps.python.outputs.python-version }}-${{
needs.prepare-base.outputs.python-key }}
- name: Restore pre-commit environment
id: cache-precommit
uses: actions/cache@v3.3.1
with:
path: ${{ env.PRE_COMMIT_CACHE }}
fail-on-cache-miss: true
key: ${{ runner.os }}-${{ needs.prepare-base.outputs.pre-commit-key }}
- name: Register pylint problem matcher
run: |
echo "::add-matcher::.github/workflows/matchers/pylint.json"
- name: Run pylint checks
run: |
. venv/bin/activate
pip install -U .
pre-commit run --hook-stage manual pylint --all-files
mypy:
name: Check mypy
if: github.event_name == 'push'
runs-on: ubuntu-latest
timeout-minutes: 10
needs: prepare-base
steps:
- name: Check out code from GitHub
uses: actions/checkout@v3.5.2
- name: Set up Python ${{ env.DEFAULT_PYTHON }}
id: python
uses: actions/setup-python@v4.6.0
with:
python-version: ${{ env.DEFAULT_PYTHON }}
check-latest: true
- name: Restore Python virtual environment
id: cache-venv
uses: actions/cache@v3.3.1
with:
path: venv
fail-on-cache-miss: true
key: ${{ runner.os }}-${{ steps.python.outputs.python-version }}-${{
needs.prepare-base.outputs.python-key }}
- name: Restore pre-commit environment
id: cache-precommit
uses: actions/cache@v3.3.1
with:
path: ${{ env.PRE_COMMIT_CACHE }}
fail-on-cache-miss: true
key: ${{ runner.os }}-${{ needs.prepare-base.outputs.pre-commit-key }}
- name: Register mypy problem matcher
run: |
echo "::add-matcher::.github/workflows/matchers/mypy.json"
- name: Run mypy checks
run: |
. venv/bin/activate
pip install -U .
pre-commit run mypy --all-files
lint-other:
name: Run other linters
if: github.event_name == 'push'
runs-on: ubuntu-latest
timeout-minutes: 10
needs: prepare-base
steps:
- name: Check out code from GitHub
uses: actions/checkout@v3.5.2
- name: Set up Python ${{ env.DEFAULT_PYTHON }}
id: python
uses: actions/setup-python@v4.6.0
with:
python-version: ${{ env.DEFAULT_PYTHON }}
check-latest: true
- name: Restore Python virtual environment
id: cache-venv
uses: actions/cache@v3.3.1
with:
path: venv
fail-on-cache-miss: true
key: ${{ runner.os }}-${{ steps.python.outputs.python-version }}-${{
needs.prepare-base.outputs.python-key }}
- name: Restore pre-commit environment
id: cache-precommit
uses: actions/cache@v3.3.1
with:
path: ${{ env.PRE_COMMIT_CACHE }}
fail-on-cache-miss: true
key: ${{ runner.os }}-${{ needs.prepare-base.outputs.pre-commit-key }}
- name: Register yamllint problem matcher
run: |
echo "::add-matcher::.github/workflows/matchers/yamllint.json"
- name: Run yamllint
run: |
. venv/bin/activate
pre-commit run --hook-stage manual yamllint --all-files --show-diff-on-failure
- name: Register check-json problem matcher
run: |
echo "::add-matcher::.github/workflows/matchers/check-json5.json"
- name: Run check-json5
run: |
. venv/bin/activate
pre-commit run --hook-stage manual check-json5 --all-files
- name: Register check executables problem matcher
run: |
echo "::add-matcher::.github/workflows/matchers/check-executables-have-shebangs.json"
- name: Run executables check
run: |
. venv/bin/activate
pre-commit run --hook-stage manual check-executables-have-shebangs --all-files
- name: Register codespell problem matcher
run: |
echo "::add-matcher::.github/workflows/matchers/codespell.json"
- name: Run codespell
run: |
. venv/bin/activate
pre-commit run --show-diff-on-failure --hook-stage manual codespell --all-files
- name: Run prettier
run: |
. venv/bin/activate
pre-commit run --hook-stage manual prettier --all-files
- name: Run bandit (fully)
run: |
. venv/bin/activate
pre-commit run --hook-stage manual bandit --all-files --show-diff-on-failure
test:
name: test
if: github.event_name == 'push'
runs-on: ubuntu-latest
timeout-minutes: 10
needs: prepare-base
steps:
- name: Check out code from GitHub
uses: actions/checkout@v3.5.2
- name: Set up Python ${{ env.DEFAULT_PYTHON }}
id: python
uses: actions/setup-python@v4.6.0
with:
python-version: ${{ env.DEFAULT_PYTHON }}
check-latest: true
- name: Restore Python virtual environment
id: cache-venv
uses: actions/cache@v3.3.1
with:
path: venv
fail-on-cache-miss: true
key: ${{ runner.os }}-${{ steps.python.outputs.python-version }}-${{
needs.prepare-base.outputs.python-key }}
- name: Start LocalStack
run: |
. venv/bin/activate
localstack start -d # Start LocalStack in the background
echo "Waiting for LocalStack startup..." # Wait 30 seconds for the LocalStack container
localstack wait -t 30 # to become ready before timing out
echo "Startup complete"
- name: Run tests
env:
ECS_AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
ECS_AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
ECS_AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
S3_AWS_ACCESS_KEY_ID: ${{ secrets.S3_AWS_ACCESS_KEY_ID }}
S3_AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
S3_AWS_SECRET_ACCESS_KEY: ${{ secrets.S3_AWS_SECRET_ACCESS_KEY }}
S3_AWS_BUCKET_NAME: ${{ secrets.S3_AWS_BUCKET_NAME }}
S3_AWS_ASSUME_ROLE_ARN: ${{ secrets.S3_AWS_ASSUME_ROLE_ARN }}
run: |
. venv/bin/activate
pip install -U .
python -m pytest --cov="opentaskpy.addons.aws" --cov="opentaskpy.plugins.aws" --cov-report=xml
- name: Upload coverage reports to Codecov
uses: codecov/codecov-action@v3
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
changelog:
name: Check Changelog
if: github.event_name == 'pull_request'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- name: Changelog check
uses: Zomzog/changelog-checker@v1.2.0
with:
fileName: CHANGELOG.md
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}