Skip to content

Merge pull request #57 from release-engineering/deps/pip-compile #307

Merge pull request #57 from release-engineering/deps/pip-compile

Merge pull request #57 from release-engineering/deps/pip-compile #307

Workflow file for this run

name: Tox tests
on: [push, pull_request]
jobs:
linting:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install OS packages
run: |
sudo apt-get -y update
sudo apt-get install -y rpm
sudo apt-get install -y libkrb5-dev
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: 3.9
- name: Install Tox
run: pip install tox 'virtualenv<20.21.1'
- name: Run Linting
run: tox -e lint
mypy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install OS packages
run: |
sudo apt-get -y update
sudo apt-get install -y rpm
sudo apt-get install -y libkrb5-dev
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: 3.9
- name: Install Tox
run: pip install tox 'virtualenv<20.21.1'
- name: Run MyPy
run: tox -e mypy
unit-tests:
runs-on: ubuntu-latest
strategy:
matrix:
# https://raw.githubusercontent.com/actions/python-versions/main/versions-manifest.json
python-version: ["3.9", "3.10", "3.11", "3.12", "3.13"]
steps:
- uses: actions/checkout@v4
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
- name: Install OS packages
run: |
sudo apt-get -y update
sudo apt-get install -y rpm
sudo apt-get install -y libkrb5-dev
- name: Install Tox
run: pip install tox
- name: Test on ${{ matrix.python-version }}
run: tox -e "py${{ matrix.python-version }}"
coverage:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install OS packages
run: |
sudo apt-get -y update
sudo apt-get install -y rpm
sudo apt-get install -y libkrb5-dev
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: 3.9
- name: Install Tox
run: pip install tox 'virtualenv<20.21.1'
- name: Install pytest cov
run: pip install pytest-cov
- name: Run Tox
run: tox -e coverage
security:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install OS packages
run: |
sudo apt-get -y update
sudo apt-get install -y rpm
sudo apt-get install -y libkrb5-dev
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: 3.9
- name: Install Tox
run: pip install tox
- name: Run Tox
run: tox -e security
- name: Install project
run: python -m pip install .
- name: Run pip-audit
uses: pypa/gh-action-pip-audit@v1.1.0
with:
inputs: requirements.txt requirements-test.txt
- name: Cache OWASP
uses: actions/cache@v4
with:
path: .code_scanning/dependency-check
key: ${{ runner.os }}-build-owasp-${{ hashFiles('**/requirements.txt') }}
restore-keys: ${{ runner.os }}-build-owasp-
- name: OWASP check
run: |
VERSION=$(curl -s https://jeremylong.github.io/DependencyCheck/current.txt)
curl -L "https://github.com/jeremylong/DependencyCheck/releases/download/v$VERSION/dependency-check-$VERSION-release.zip" --output dependency-check.zip
unzip -o dependency-check.zip
rm -f dependency-check.zip
./dependency-check/bin/dependency-check.sh \
--project "starmap-client" \
--out "dependency-check" \
--format "ALL" \
--nvdApiKey ${{ secrets.OWASP_API_KEY }} \
--enableExperimental \
--scan . \
--data .code_scanning/dependency-check/data \
--exclude '**/dependency-check/**' \
--exclude '**/build/**' \
--exclude '**/.tox/**' \
--exclude '**/.git/**' \
--failOnCVSS ${{ vars.OWASP_CVSS_LEVEL}} \
--disableMSBuild \
--disableNodeJS \
--disableYarnAudit \
--disablePnpmAudit \
--disableNodeAudit \
--disableRubygems \
--disableBundleAudit \
--disableCocoapodsAnalyzer \
--disableSwiftPackageManagerAnalyzer \
--disableSwiftPackageResolvedAnalyzer \
--disableAutoconf \
--disableJar \
--disableCpan \
--disableDart \
--disableNugetconf \
--disableAssembly \
--disableGolangDep \
--disableGolangMod \
--disableMixAudit \
--disableRetireJS \
-log "${OUTPUT_PATH}/dependency-check/dependency-check.log" \
|| exit_code=$?
exit $exit_code
- name: Store OWASP report
uses: actions/upload-artifact@v4
if: always()
with:
name: owasp-report
path: |
dependency-check/dependency-check-report.html
dependency-check/dependency-check-report.xml
dependency-check/dependency-check-report.json
dependency-check/dependency-check-report.csv
dependency-check/dependency-check-report.sarif
docs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install OS packages
run: |
sudo apt-get -y update
sudo apt-get install -y rpm
sudo apt-get install -y libkrb5-dev
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: 3.9
- name: Install Tox
run: pip install tox 'virtualenv<20.21.1'
- name: Run Tox
run: tox -e docs