-
Notifications
You must be signed in to change notification settings - Fork 20
129 lines (116 loc) · 4.48 KB
/
build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
name: build
on:
push:
branches:
- master # or the name of your main branch
- release-*
- hardening-*
pull_request:
types: [opened, synchronize, reopened]
# schedule:
# - cron: '17 0 * * 4'
jobs:
scan:
runs-on: ubuntu-latest
#strategy:
# matrix:
# python-version: [2.7, 3.5, 3.6, 3.7, 3.8]
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v5
with:
python-version: '3.9'
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install flake8 pylint pytest coverage
if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
#- name: Lint with flake8
# run: |
# stop the build if there are Python syntax errors or undefined names
# flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
# exit-zero treats all errors as warnings.
# flake8 . --count --exit-zero --max-complexity=10 --max-line-length=128 --statistics
# - name: Test with pytest
# run: |
# pytest
- name: Prep tests
working-directory: .
run: |
chmod +x conf/prep_tests.sh
@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning/prep_tests.sh
# - name: Run tests
# working-directory: .
# run: |
# chmod +x conf/run_tests.sh
# conf/run_tests.sh
# echo "--------- UT report ---------"; cat build/xunit*.xml
# echo "---------Coverage report ---------"; cat build/coverage*.xml
- name: Run linters
working-directory: .
run: |
chmod +x conf/run_linters.sh
conf/run_linters.sh
#- name: Cache SonarQube packages
# uses: actions/cache@v4
# with:
# path: ./.sonar
# key: ${{ runner.os }}-sonar-cache
# restore-keys: ${{ runner.os }}-sonar-cache
- name: Patch project version
run: |
version=$(grep PACKAGE_VERSION sonar/version.py | cut -d "=" -f 2 | sed "s/[\'\" ]//g")
echo "sonar.projectVersion=$version" >> sonar-project.properties
- name: SonarCloud scan
uses: SonarSource/sonarcloud-github-action@master
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
with:
# Add: -Dsonar.userHome=./.sonar for local cache
args: >
-Dsonar.verbose=false
# code-ql:
# name: CodeQL
# runs-on: ubuntu-latest
# permissions:
# actions: read
# contents: read
# security-events: write
# strategy:
# fail-fast: false
# matrix:
# language: [ 'python' ]
# # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
# # Learn more:
# # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
# steps:
# - name: Checkout repository
# uses: actions/checkout@v4
# # Initializes the CodeQL tools for scanning.
# - name: Initialize CodeQL
# uses: github/codeql-action/init@v1
# with:
# languages: ${{ matrix.language }}
# # If you wish to specify custom queries, you can do so here or in a config file.
# # By default, queries listed here will override any specified in a config file.
# # Prefix the list here with "+" to use these queries and those in the config file.
# # queries: ./path/to/local/query, your-org/your-repo/queries@main
# # Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# # If this step fails, then you should remove it and run the build manually (see below)
# - name: Autobuild
# uses: github/codeql-action/autobuild@v1
# # ℹ️ Command-line programs to run using the OS shell.
# # 📚 https://git.io/JvXDl
# # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
# # and modify them (or add more) to build your code if your project
# # uses a compiled language
# #- run: |
# # make bootstrap
# # make release
# - name: Perform CodeQL Analysis
# uses: github/codeql-action/analyze@v1