diff --git a/.github/workflows/python-docker.yaml b/.github/workflows/python-docker.yaml index 4ab9e95c..8ca5e9c5 100644 --- a/.github/workflows/python-docker.yaml +++ b/.github/workflows/python-docker.yaml @@ -3,7 +3,7 @@ on: jobs: python: - uses: 'rios0rios0/pipelines/.github/workflows/python.yaml@main' + uses: 'rios0rios0/pipelines/.github/workflows/python.yaml@ci/github-python' # fourth stage delivery-docker: diff --git a/.github/workflows/python.yaml b/.github/workflows/python.yaml index d0f9782b..0b5f1071 100644 --- a/.github/workflows/python.yaml +++ b/.github/workflows/python.yaml @@ -4,52 +4,85 @@ on: workflow_call: jobs: + setup: + name: 'setup-dependencies' + runs-on: 'ubuntu-latest' + container: + image: 'ghcr.io/fnk0c/pipelines/python:3.10-pdm-bullseye' + steps: + - uses: 'actions/checkout@v3' + - name: 'Cache PDM packages' + uses: 'actions/cache@v3' + with: + path: .venv/ + key: ${{ runner.os }}-pdm-${{ hashFiles('pdm.lock') }} + run: | + ls -la + pwd + # restore-keys: | + # ${{ runner.os }}-pdm- + - name: 'install-dependencies' + run: | + ls -la + pdm install -v + ls -la .venv + # first stage code_check-style_isort: name: 'code-check > style:isort' + needs: 'setup' runs-on: 'ubuntu-latest' container: image: 'ghcr.io/fnk0c/pipelines/python:3.10-pdm-bullseye' steps: + - name: 'Cache PDM packages' + uses: 'actions/cache@v3' + with: + path: .venv/ + key: ${{ runner.os }}-pdm-${{ hashFiles('pdm.lock') }} + run: | + ls -la + pwd - uses: actions/checkout@v3 - run: | - pdm install -v + ls -la + ls -la .venv pdm run isort --check-only . if: "!startsWith(github.ref, 'refs/tags/')" code_check-style_black: name: 'code-check > style:black' + needs: 'setup' runs-on: 'ubuntu-latest' container: image: 'ghcr.io/fnk0c/pipelines/python:3.10-pdm-bullseye' steps: - uses: actions/checkout@v3 - run: | - pdm install -v pdm run black --check . if: "!startsWith(github.ref, 'refs/tags/')" code_check-quality_flake8: name: 'code-check > style:flake8' + needs: 'setup' runs-on: 'ubuntu-latest' container: image: 'ghcr.io/fnk0c/pipelines/python:3.10-pdm-bullseye' steps: - uses: actions/checkout@v3 - run: | - pdm install -v pdm run flake8 . if: "!startsWith(github.ref, 'refs/tags/')" code_check-quality_mypy: name: 'code-check > style:mypy' + needs: 'setup' runs-on: 'ubuntu-latest' container: image: 'ghcr.io/fnk0c/pipelines/python:3.10-pdm-bullseye' steps: - uses: actions/checkout@v3 - run: | - pdm install -v pdm run type-check if: "!startsWith(github.ref, 'refs/tags/')" @@ -59,7 +92,7 @@ jobs: name: 'security > sast:horusec' runs-on: 'ubuntu-latest' steps: - - uses: 'rios0rios0/pipelines/github/global/stages/20-security/docker-horusec@main' + - uses: 'rios0rios0/pipelines/github/global/stages/20-security/docker-horusec@ci/github-python' needs: [ 'code_check-style_isort', 'code_check-style_black', 'code_check-quality_flake8', 'code_check-quality_mypy' ] continue-on-error: true # TODO: this is a temporary fix, remove it after the issue is fixed if: "!startsWith(github.ref, 'refs/tags/')" @@ -68,7 +101,7 @@ jobs: name: 'security > sast:semgrep' runs-on: 'ubuntu-latest' steps: - - uses: 'rios0rios0/pipelines/github/global/stages/20-security/docker-semgrep@main' + - uses: 'rios0rios0/pipelines/github/global/stages/20-security/docker-semgrep@ci/github-python' with: semgrep_lang: 'golang' needs: [ 'code_check-style_isort', 'code_check-style_black', 'code_check-quality_flake8', 'code_check-quality_mypy' ] @@ -78,7 +111,7 @@ jobs: name: 'security > sast:gitleaks' runs-on: 'ubuntu-latest' steps: - - uses: 'rios0rios0/pipelines/github/global/stages/20-security/docker-gitleaks@main' + - uses: 'rios0rios0/pipelines/github/global/stages/20-security/docker-gitleaks@ci/github-python' needs: [ 'code_check-style_isort', 'code_check-style_black', 'code_check-quality_flake8', 'code_check-quality_mypy' ] if: "!startsWith(github.ref, 'refs/tags/')" @@ -116,7 +149,7 @@ jobs: name: 'delivery > release' runs-on: 'ubuntu-latest' steps: - - uses: 'rios0rios0/pipelines/github/global/stages/40-delivery/release@main' + - uses: 'rios0rios0/pipelines/github/global/stages/40-delivery/release@ci/github-python' needs: [ 'tests-test_all' ] if: "github.event_name == 'push' && github.ref == 'refs/heads/main' && contains(github.event.head_commit.message, 'chore/bump-')"