Add: Setup GitHub Actions workflows for CI/CD

greenbone · Mar 30, 2023 · be88207 · be88207
1 parent 45186c7
commit be88207
Show file tree

Hide file tree

Showing 4 changed files with 174 additions and 0 deletions.
diff --git a/.github/workflows/ci-python.yml b/.github/workflows/ci-python.yml
@@ -0,0 +1,76 @@
+name: Build and test Python package
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  linting:
+    name: Linting
+    runs-on: "ubuntu-latest"
+    strategy:
+      matrix:
+        python-version:
+          - 3.7
+          - 3.8
+          - 3.9
+          - "3.10"
+          - "3.11"
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: greenbone/actions/lint-python@v2
+        with:
+          packages: autohooks tests
+          version: ${{ matrix.python-version }}
+
+  type-checking:
+    name: Type-checker
+    runs-on: 'ubuntu-latest'
+    strategy:
+        matrix:
+          python-version:
+            - 3.7
+            - 3.8
+            - 3.9
+            - "3.10"
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: greenbone/actions/mypy-python@v2
+        with:
+          packages: autohooks
+          version: ${{ matrix.python-version }}
+
+  test:
+    name: Run all tests
+    runs-on: "ubuntu-latest"
+    strategy:
+      matrix:
+        python-version:
+          - 3.7
+          - 3.8
+          - 3.9
+          - "3.10"
+          - "3.11"
+    steps:
+      - uses: actions/checkout@v3
+      - name: Install poetry and dependencies
+        uses: greenbone/actions/poetry@v2
+        with:
+          version: ${{ matrix.python-version }}
+      - name: Run unit tests
+        run: poetry run python -m unittest
+
+  codecov:
+    name: Upload coverage to codecov.io
+    needs: test
+    runs-on: "ubuntu-latest"
+    steps:
+      - uses: actions/checkout@v3
+      - name: Calculate and upload coverage to codecov.io
+        uses: greenbone/actions/coverage-python@v2
+        with:
+          version: "3.10"
diff --git a/.github/workflows/codeql-analysis-python.yml b/.github/workflows/codeql-analysis-python.yml
@@ -0,0 +1,38 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+    paths-ignore:
+      - '**/*.md'
+      - '**/*.txt'
+  schedule:
+    - cron: '30 5 * * 0' # 5:30h on Sundays
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'python' ]
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v2
+      with:
+        languages: ${{ matrix.language }}
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v2
diff --git a/.github/workflows/deploy-pypi.yml b/.github/workflows/deploy-pypi.yml
@@ -0,0 +1,27 @@
+name: Deploy on PyPI
+
+on:
+  release:
+    types: [created]
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: "3.10"
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          python -m pip install --upgrade poetry
+          python -m pip install --upgrade twine
+      - name: Build and publish
+        env:
+          TWINE_USERNAME: __token__
+          TWINE_PASSWORD: ${{ secrets.PYPI_TOKEN }}
+        run: |
+          poetry build
+          twine upload dist/*
diff --git a/.github/workflows/release-pontos.yml b/.github/workflows/release-pontos.yml
@@ -0,0 +1,33 @@
+name: Release Python package with pontos
+
+on:
+  pull_request:
+    types: [closed]
+  workflow_dispatch:
+
+jobs:
+  build-and-release:
+    name: Create a new release with pontos
+    # If the event is a workflow_dispatch or the label 'make release' is set and PR is closed because of a merge
+    if: (github.event_name == 'workflow_dispatch') || (contains( github.event.pull_request.labels.*.name, 'make release') && github.event.pull_request.merged == true)
+    runs-on: "ubuntu-latest"
+    steps:
+      - name: Setting the Reference
+        run: |
+          if [[ "${{ github.event_name }}" = "workflow_dispatch" ]]; then
+            echo "RELEASE_REF=${{ github.ref_name }}" >> $GITHUB_ENV
+          else
+            echo "RELEASE_REF=${{ github.base_ref }}" >> $GITHUB_ENV
+          fi
+      - name: Release with release action
+        uses: greenbone/actions/release@v2
+        with:
+          conventional-commits: true
+          github-user: ${{ secrets.GREENBONE_BOT }}
+          github-user-mail: ${{ secrets.GREENBONE_BOT_MAIL }}
+          github-user-token: ${{ secrets.GREENBONE_BOT_TOKEN }}
+          gpg-key: ${{ secrets.GPG_KEY }}
+          gpg-fingerprint: ${{ secrets.GPG_FINGERPRINT }}
+          gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }}
+          strategy: calendar
+          ref: ${{ env.RELEASE_REF }}