Skip to content

Latest commit

 

History

History
101 lines (76 loc) · 3 KB

README.md

File metadata and controls

101 lines (76 loc) · 3 KB

Workflows Banner

This repo contains our reusable workflows, used in repositories across the organization.

✒️ Linting

ci-next.js.yaml

Build and test a Next.js application that uses yarn. Uses caching for the yarn downloads and Next.js build artifacts where possible.

If codeceptjs is not in the project dependencies, the test step will be skipped.

ci-python.yaml

Lint and test a Python application that uses poetry, flake8 and pytest. Uses caching for the poetry downloads.

If flake8, black, or pytest are not in the dependencies, their steps will be skipped.

🔐 Security

We'll be adding security workflows soon™️.

⭐ Compliance

For compliance reasons, we have templates that will generate a list of SOUP (Software of Unknown Pedigree). This works as follows:

We have two workflows stored in .github/workflows/.

  • cook-python-soup.yml
  • cook-js-soup.yml

Both will:

  • Accept a branch input to know which branch to push changes to.
  • Check out the target repository (the repo where the workflow is running).
  • Check out the workflows repository to access generate_soup.py.
  • Run the appropriate license scanning commands for pip-license or license-checker to generate a JSON file with dependencies
  • Run the Python script to parse the JSON file and generate a SOUP.md document with this information presented beautifully.
  • Commit and push changes to SOUP.md if any changes are detected.

How do I get SOUP CI/CD working in my repo?

In each target repository, you need to do two things:

  • Add the license dependency this workflow depends on. (That's pip-licenses for Python and license-checker for JavaScript)
  • Create a minimal workflow file that triggers on dependency changes and calls the reusable workflow from the workflows repository. See example below.

Python Repository Example

For a Python repo using Poetry, create .github/workflows/cook-soup-delicious.yml:

name: Cook up some delicious SOUP (Python)

on:
  # Trigger when dependencies change
  push:
    branches: [ main ]
    paths:
      - 'poetry.lock'
      - 'pyproject.toml'

  # Also allow manual triggering
  workflow_dispatch: 
    inputs: 
      branch: 
        type: string 
        default: "main"

jobs:
  call-python-soup:
    # Calls the reusable workflow from the workflows repo
    uses: ion8/workflows/.github/workflows/cook_python_soup.yml@main
    with:
      branch: 'main'

JavaScript Repository Example

For a JS repo using npm, create .github/workflows/cook-soup-delicious.yml:

name: Cook up some delicious SOUP (JavaScript)

on:
  # Trigger when dependencies change (npm lock file)
  push:
    branches: [ main ]
    paths:
      - 'package-lock.json'
      - 'package.json'
      - 'yarn.lock'

  # Also allow manual triggering
  workflow_dispatch: 
    inputs: 
      branch: 
        type: string 
        default: "main"

jobs:
  call-js-soup:
    uses: ion8/workflows/.github/workflows/cook_js_soup.yml@main
    with:
      branch: 'main'