RHEL OVAL deprecation. New errata workflow #392
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Preflight | |
on: [pull_request] | |
defaults: | |
run: | |
shell: bash | |
jobs: | |
check-commit-message: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out repository | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
- name: Check commit message | |
run: | | |
errors= | |
readarray -t long_lines < \ | |
<(git log -1 --pretty=format:%B ${{ github.event.pull_request.head.sha }} | grep -E '^.{73,}$') | |
if [[ ${#long_lines[@]} -ne 0 ]]; then | |
printf "ERROR: The following lines are longer than 72 characters:\n" | |
printf " > %s\n" "${long_lines[@]}" | |
errors=true | |
fi | |
if [[ $errors == true ]]; then | |
exit 2 | |
fi | |
preflight: | |
runs-on: ubuntu-latest | |
timeout-minutes: 10 | |
env: | |
REPORTS_DIR: .preflight-reports | |
steps: | |
- name: Check out repository | |
uses: actions/checkout@v4 | |
- name: Checkout albs-sign-file repository | |
uses: actions/checkout@v4 | |
with: | |
repository: AlmaLinux/albs-sign-file | |
path: albs-sign-file | |
- name: Set up Docker Buildx | |
# https://github.com/marketplace/actions/docker-setup-buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Build Docker image | |
# https://github.com/marketplace/actions/build-and-push-docker-images | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
target: web-server-tests | |
load: true | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
- name: Get changed .py files | |
# https://github.com/marketplace/actions/paths-changes-filter | |
uses: dorny/paths-filter@v3 | |
id: changed-files | |
with: | |
list-files: shell | |
filters: | | |
py: | |
- added|modified: '**/*.py' | |
src: | |
- added|modified: 'alws/**/*.py' | |
- added|modified: 'scripts/**/*.py' | |
- name: Prepare GPG key | |
run: | | |
mv albs-sign-file ../ | |
bash tests/prepare_gpg_key.sh | |
- name: Prepare working directory | |
run: | | |
mkdir -p $REPORTS_DIR | |
mkdir -p ../{alts,albs-frontend,albs-node,albs-sign-node,alma-tests-cacher} | |
ln -sf tests/test-vars.env vars.env | |
- name: Start services | |
run: docker compose up -d test_db sign_file | |
- name: Run pylint | |
if: ${{ steps.changed-files.outputs.src == 'true' }} | |
run: | | |
docker compose run --rm web_server_tests bash -c " | |
pylint --exit-zero ${{ steps.changed-files.outputs.src_files }} \ | |
| tee $REPORTS_DIR/pylint-report.txt" | |
- name: Run black | |
if: ${{ steps.changed-files.outputs.py == 'true' }} | |
run: | | |
docker compose run --rm web_server_tests bash -c " | |
black --check --diff --color ${{ steps.changed-files.outputs.py_files }} \ | |
| tee >(sed 's/\x1B\[[0-9;]*m//g' > $REPORTS_DIR/black-report.txt)" | |
- name: Run isort | |
if: ${{ steps.changed-files.outputs.py == 'true' }} | |
run: | | |
docker compose run --rm web_server_tests bash -c " | |
isort --check-only --diff --color ${{ steps.changed-files.outputs.py_files }} \ | |
| tee >(sed 's/\x1B\[[0-9;]*m//g' > $REPORTS_DIR/isort-report.txt)" | |
- name: Run bandit | |
if: ${{ steps.changed-files.outputs.src == 'true' }} | |
run: | | |
docker compose run --rm web_server_tests bash -c " | |
bandit -c pyproject.toml ${{ steps.changed-files.outputs.src_files }} \ | |
| tee >(sed 's/\x1B\[[0-9;]*m//g' > $REPORTS_DIR/bandit-report.txt)" | |
- name: Run pytest | |
run: | | |
docker compose run --rm web_server_tests bash -o pipefail -c " | |
pytest -v --cov \ | |
--junit-xml=$REPORTS_DIR/pytest-report.xml \ | |
--cov-report=xml:$REPORTS_DIR/pytest-coverage.xml \ | |
--cov-report=term | tee $REPORTS_DIR/pytest-output.txt" | |
- name: Check migrations | |
run: docker compose run --rm web_server_tests alembic --config tests/test-alembic.ini upgrade head | |
- name: Stop services | |
if: always() | |
run: docker compose down --volumes | |
- name: Generate .md reports | |
if: success() || failure() | |
run: | | |
awk 'NR == 1 {next}; /^-+ coverage:/ {exit}; {print}' $REPORTS_DIR/pytest-output.txt \ | |
> $REPORTS_DIR/pytest-report.txt | |
awk '/^-+ coverage:/, /^TOTAL/' $REPORTS_DIR/pytest-output.txt \ | |
> $REPORTS_DIR/coverage-report.txt | |
for tool in coverage pytest pylint black isort bandit; do | |
if [[ -s $REPORTS_DIR/${tool}-report.txt ]]; then | |
{ | |
printf "<details><summary>${tool^} report</summary>\n" | |
printf '\n```\n' | |
cat $REPORTS_DIR/${tool}-report.txt | |
printf '\n```\n' | |
printf '\n</details>\n\n' | |
} > $REPORTS_DIR/${tool}-report.md | |
fi | |
done | |
- name: Save environment | |
if: success() || failure() | |
run: | | |
{ | |
echo "PR_NUMBER=${{ github.event.number }}" | |
} > $REPORTS_DIR/environment.txt | |
- name: Upload Pytest reports | |
if: success() || failure() | |
# https://github.com/actions/upload-artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: preflight-reports | |
path: ${{ env.REPORTS_DIR }} | |
compression-level: 9 | |
- name: Publish Job Summary | |
if: success() || failure() | |
run: | | |
cat $REPORTS_DIR/{coverage,pytest,pylint,black,isort,bandit}-report.md \ | |
> $GITHUB_STEP_SUMMARY 2>/dev/null || true |