Skip to content
.github/workflows/ci.yml

feat: code scan for python ci #5

Sign in to view logs

feat: code scan for python ci

feat: code scan for python ci #5

Workflow file for this run

.github/workflows/ci.yml at 4a735f5
name: ci
concurrency:
group: ${{ github.head_ref || github.run_id }}
cancel-in-progress: true
on:
workflow_call:
inputs:
registry:
required: false
type: string
default: "ghcr.io"
description: "registry to push and get the image"
image_name:
required: true
type: string
description: "name of the image"
username:
required: true
type: string
description: "username to push the image can use github.actor"
target_branch:
required: false
type: string
default: "master"
description: "Sets the target to build Dockerfile"
git_lfs:
required: false
type: boolean
default: false
description: "git lfs checkout"
coverage_file_path:
required: false
type: string
default: "coverage.xml"
description: "absolute path to coverage file"
test_command:
required: false
type: string
default: "python -m pytest"
description: "test command"
secrets:
registry_token:
required: true
description: "token to have access to registry"
repos_token:
required: true
description: "token to have access to code and infra repository"
jobs:
image_tag:
name: Image tag for docker image pull
runs-on: ubuntu-latest
outputs:
docker_image: ${{ steps.image_name.outputs.lowercase }}
steps:
- id: image_name
uses: ASzc/change-string-case-action@v2
with:
string: ${{ inputs.image_name }}
security-check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Bandit
uses: jpetrucciani/bandit-check@main
test:
name: Run Tests and Coverage
runs-on: ubuntu-latest
needs:
- image_tag
container:
image: ${{ inputs.registry }}/${{ needs.image_tag.outputs.docker_image }}/${{ inputs.target_branch }}:latest
options: --user root
credentials:
username: ${{ inputs.username }}
password: ${{ secrets.registry_token }}
steps:
- uses: actions/checkout@v2
with:
lfs: ${{ inputs.git_lfs }}
- name: Set Permissions
run: |
chmod -R 777 "$(pwd)"
- name: Run Python tests
run: |
mkdir -p ${{ github.workspace }}/coverage_report
${{ inputs.test_command }} --cov --cov-report=xml:coverage.xml
- name: Coverage Report
uses: orgoro/coverage@v3
if: github.event_name == 'pull_request'
with:
coverageFile: coverage.xml
token: ${{ secrets.repos_token }}
static-analysis:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: jpetrucciani/ruff-check@main
with:
flags: '--exclude ./env/'
secrets-scan:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Secret Scanning
uses: trufflesecurity/trufflehog@main
with:
extra_args: --only-verified --allow-verification-overlap
security-check:

Check failure on line 125 in .github/workflows/ci.yml

View workflow run for this annotation

GitHub Actions / .github/workflows/ci.yml

Invalid workflow file 

You have an error in your yaml syntax on line 125
name: "Create bundle"
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: advanced-security/codeql-bundle-action/download-bundle@v2
id: download-bundle
with:
tag: "latest"
- uses: advanced-security/codeql-bundle-action/create-bundle@v2
id: create-bundle
with:
bundle-path: ${{ steps.download-bundle.outputs.bundle-path }}
packs: "octo/cpp-queries,octo/cpp-all,octo/cpp-customizations"
- uses: actions/upload-artifact@v3
with:
name: codeql-bundle.tar.gz
path: ${{ steps.create-bundle.outputs.output-path }}