name: passbook-ci on: - push env: POSTGRES_DB: passbook POSTGRES_USER: passbook POSTGRES_PASSWORD: "EK-5jnKfjrGRm<77" jobs: # Linting pylint: runs-on: ubuntu-latest steps: - uses: actions/checkout@v1 - uses: actions/setup-python@v1 with: python-version: '3.8' - name: Install dependencies run: sudo pip install -U wheel pipenv && pipenv install --dev - name: Lint with pylint run: pipenv run pylint passbook black: runs-on: ubuntu-latest steps: - uses: actions/checkout@v1 - uses: actions/setup-python@v1 with: python-version: '3.8' - name: Install dependencies run: sudo pip install -U wheel pipenv && pipenv install --dev - name: Lint with black run: pipenv run black --check passbook prospector: runs-on: ubuntu-latest steps: - uses: actions/checkout@v1 - uses: actions/setup-python@v1 with: python-version: '3.8' - name: Install dependencies run: sudo pip install -U wheel pipenv && pipenv install --dev && pipenv install --dev prospector --skip-lock - name: Lint with prospector run: pipenv run prospector bandit: runs-on: ubuntu-latest steps: - uses: actions/checkout@v1 - uses: actions/setup-python@v1 with: python-version: '3.8' - name: Install dependencies run: sudo pip install -U wheel pipenv && pipenv install --dev - name: Lint with bandit run: pipenv run bandit -r passbook snyk: runs-on: ubuntu-latest steps: - uses: actions/checkout@master - name: Run Snyk to check for vulnerabilities uses: snyk/actions/python@master env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} pyright: runs-on: ubuntu-latest steps: - uses: actions/checkout@v1 - uses: actions/setup-node@v1 with: node-version: '12' - uses: actions/setup-python@v1 with: python-version: '3.8' - name: Install pyright run: npm install -g pyright - name: Show pyright version run: pyright --version - name: Install dependencies run: sudo pip install -U wheel pipenv && pipenv install --dev - name: Lint with pyright run: pipenv run pyright # Actual CI tests migrations: needs: - pylint - black - prospector services: postgres: image: postgres:latest env: POSTGRES_DB: passbook POSTGRES_USER: passbook POSTGRES_PASSWORD: "EK-5jnKfjrGRm<77" ports: - 5432:5432 redis: image: redis:latest ports: - 6379:6379 runs-on: ubuntu-latest steps: - uses: actions/checkout@v1 - uses: actions/setup-python@v1 with: python-version: '3.8' - name: Install dependencies run: sudo pip install -U wheel pipenv && pipenv install --dev - name: Run migrations run: pipenv run ./manage.py migrate coverage: needs: - pylint - black - prospector services: postgres: image: postgres:latest env: POSTGRES_DB: passbook POSTGRES_USER: passbook POSTGRES_PASSWORD: "EK-5jnKfjrGRm<77" ports: - 5432:5432 redis: image: redis:latest ports: - 6379:6379 runs-on: ubuntu-latest steps: - uses: actions/checkout@v1 - uses: actions/setup-python@v1 with: python-version: '3.8' - uses: actions/setup-node@v1 with: node-version: '12' - name: Install dependencies run: | sudo pip install -U wheel pipenv pipenv install --dev - name: Prepare Chrome node run: | cd e2e docker-compose pull -q chrome docker-compose up -d chrome - name: Build static files for e2e test run: | cd passbook/static/static yarn - name: Run coverage run: pipenv run coverage run ./manage.py test --failfast - uses: actions/upload-artifact@v2 if: failure() with: path: out/ - name: Create XML Report run: pipenv run coverage xml - uses: codecov/codecov-action@v1 with: token: ${{ secrets.CODECOV_TOKEN }} # Build build-server: needs: - migrations - coverage runs-on: ubuntu-latest steps: - uses: actions/checkout@v1 - name: Docker Login Registry env: DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} run: docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD - name: Building Docker Image run: docker build --no-cache -t beryju/passbook:gh-${GITHUB_REF##*/} -f Dockerfile . - name: Push Docker Container to Registry run: docker push beryju/passbook:gh-${GITHUB_REF##*/} build-gatekeeper: needs: - migrations - coverage runs-on: ubuntu-latest steps: - uses: actions/checkout@v1 - name: Docker Login Registry env: DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} run: docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD - name: Building Docker Image run: | cd gatekeeper docker build \ --no-cache \ -t beryju/passbook-gatekeeper:gh-${GITHUB_REF##*/} \ -f Dockerfile . - name: Push Docker Container to Registry run: docker push beryju/passbook-gatekeeper:gh-${GITHUB_REF##*/} build-static: needs: - migrations - coverage runs-on: ubuntu-latest services: postgres: image: postgres:latest env: POSTGRES_DB: passbook POSTGRES_USER: passbook POSTGRES_PASSWORD: "EK-5jnKfjrGRm<77" redis: image: redis:latest steps: - uses: actions/checkout@v1 - name: Docker Login Registry env: DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} run: docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD - name: Building Docker Image run: docker build --no-cache --network=$(docker network ls | grep github | awk '{print $1}') -t beryju/passbook-static:gh-${GITHUB_REF##*/} -f static.Dockerfile . - name: Push Docker Container to Registry run: docker push beryju/passbook-static:gh-${GITHUB_REF##*/}