From be882078fe2e6bb4817a70498c20be59d1a38e50 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Ricks?= Date: Thu, 30 Mar 2023 09:44:45 +0200 Subject: [PATCH] Add: Setup GitHub Actions workflows for CI/CD --- .github/workflows/ci-python.yml | 76 ++++++++++++++++++++ .github/workflows/codeql-analysis-python.yml | 38 ++++++++++ .github/workflows/deploy-pypi.yml | 27 +++++++ .github/workflows/release-pontos.yml | 33 +++++++++ 4 files changed, 174 insertions(+) create mode 100644 .github/workflows/ci-python.yml create mode 100644 .github/workflows/codeql-analysis-python.yml create mode 100644 .github/workflows/deploy-pypi.yml create mode 100644 .github/workflows/release-pontos.yml diff --git a/.github/workflows/ci-python.yml b/.github/workflows/ci-python.yml new file mode 100644 index 0000000..7621b4c --- /dev/null +++ b/.github/workflows/ci-python.yml @@ -0,0 +1,76 @@ +name: Build and test Python package + +on: + push: + branches: [main] + pull_request: + branches: [main] + +jobs: + linting: + name: Linting + runs-on: "ubuntu-latest" + strategy: + matrix: + python-version: + - 3.7 + - 3.8 + - 3.9 + - "3.10" + - "3.11" + steps: + - uses: actions/checkout@v3 + - name: Set up Python ${{ matrix.python-version }} + uses: greenbone/actions/lint-python@v2 + with: + packages: autohooks tests + version: ${{ matrix.python-version }} + + type-checking: + name: Type-checker + runs-on: 'ubuntu-latest' + strategy: + matrix: + python-version: + - 3.7 + - 3.8 + - 3.9 + - "3.10" + steps: + - uses: actions/checkout@v3 + - name: Set up Python ${{ matrix.python-version }} + uses: greenbone/actions/mypy-python@v2 + with: + packages: autohooks + version: ${{ matrix.python-version }} + + test: + name: Run all tests + runs-on: "ubuntu-latest" + strategy: + matrix: + python-version: + - 3.7 + - 3.8 + - 3.9 + - "3.10" + - "3.11" + steps: + - uses: actions/checkout@v3 + - name: Install poetry and dependencies + uses: greenbone/actions/poetry@v2 + with: + version: ${{ matrix.python-version }} + - name: Run unit tests + run: poetry run python -m unittest + + codecov: + name: Upload coverage to codecov.io + needs: test + runs-on: "ubuntu-latest" + steps: + - uses: actions/checkout@v3 + - name: Calculate and upload coverage to codecov.io + uses: greenbone/actions/coverage-python@v2 + with: + version: "3.10" diff --git a/.github/workflows/codeql-analysis-python.yml b/.github/workflows/codeql-analysis-python.yml new file mode 100644 index 0000000..6f64afe --- /dev/null +++ b/.github/workflows/codeql-analysis-python.yml @@ -0,0 +1,38 @@ +name: "CodeQL" + +on: + push: + branches: [ main ] + pull_request: + branches: [ main ] + paths-ignore: + - '**/*.md' + - '**/*.txt' + schedule: + - cron: '30 5 * * 0' # 5:30h on Sundays + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: [ 'python' ] + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: ${{ matrix.language }} + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 diff --git a/.github/workflows/deploy-pypi.yml b/.github/workflows/deploy-pypi.yml new file mode 100644 index 0000000..8a31d63 --- /dev/null +++ b/.github/workflows/deploy-pypi.yml @@ -0,0 +1,27 @@ +name: Deploy on PyPI + +on: + release: + types: [created] + +jobs: + deploy: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - name: Set up Python + uses: actions/setup-python@v4 + with: + python-version: "3.10" + - name: Install dependencies + run: | + python -m pip install --upgrade pip + python -m pip install --upgrade poetry + python -m pip install --upgrade twine + - name: Build and publish + env: + TWINE_USERNAME: __token__ + TWINE_PASSWORD: ${{ secrets.PYPI_TOKEN }} + run: | + poetry build + twine upload dist/* diff --git a/.github/workflows/release-pontos.yml b/.github/workflows/release-pontos.yml new file mode 100644 index 0000000..b13bde5 --- /dev/null +++ b/.github/workflows/release-pontos.yml @@ -0,0 +1,33 @@ +name: Release Python package with pontos + +on: + pull_request: + types: [closed] + workflow_dispatch: + +jobs: + build-and-release: + name: Create a new release with pontos + # If the event is a workflow_dispatch or the label 'make release' is set and PR is closed because of a merge + if: (github.event_name == 'workflow_dispatch') || (contains( github.event.pull_request.labels.*.name, 'make release') && github.event.pull_request.merged == true) + runs-on: "ubuntu-latest" + steps: + - name: Setting the Reference + run: | + if [[ "${{ github.event_name }}" = "workflow_dispatch" ]]; then + echo "RELEASE_REF=${{ github.ref_name }}" >> $GITHUB_ENV + else + echo "RELEASE_REF=${{ github.base_ref }}" >> $GITHUB_ENV + fi + - name: Release with release action + uses: greenbone/actions/release@v2 + with: + conventional-commits: true + github-user: ${{ secrets.GREENBONE_BOT }} + github-user-mail: ${{ secrets.GREENBONE_BOT_MAIL }} + github-user-token: ${{ secrets.GREENBONE_BOT_TOKEN }} + gpg-key: ${{ secrets.GPG_KEY }} + gpg-fingerprint: ${{ secrets.GPG_FINGERPRINT }} + gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }} + strategy: calendar + ref: ${{ env.RELEASE_REF }}