Skip to content

ci(docker): Build Docker images once, scan them for vulnerabilities during CI #5863

ci(docker): Build Docker images once, scan them for vulnerabilities during CI

ci(docker): Build Docker images once, scan them for vulnerabilities during CI #5863

name: API Pull Request
on:
pull_request:
paths:
- api/**
- .github/**
types: [opened, synchronize, reopened, ready_for_review]
push:
paths:
- api/**
- .github/**
branches:
- main
defaults:
run:
working-directory: api
jobs:
test:
runs-on: General-Purpose-8c-Runner
name: API Unit Tests
services:
postgres:
image: postgres:15.5-alpine
env:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
POSTGRES_DB: postgres
ports: ['5432:5432']
options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
steps:
- name: Cloning repo
uses: actions/checkout@v4
- name: Install poetry
run: pipx install poetry
- uses: actions/setup-python@v5
with:
python-version: 3.12
cache: 'poetry'
- name: Install Dependencies
if: steps.cached-poetry-dependencies.outputs.cache-hit != 'true'
run: make install-packages
- name: Run Linters
run: make lint
- name: Create analytics database
env:
PGPASSWORD: postgres
run: createdb -h localhost -U postgres -p 5432 analytics
- name: Check for missing migrations
env:
DOTENV_OVERRIDE_FILE: .env-ci
opts: --no-input --dry-run --check
run: make django-make-migrations
- name: Run Tests
env:
DOTENV_OVERRIDE_FILE: .env-ci
run: make test
- name: Upload Coverage
uses: codecov/codecov-action@v4
env:
PYTHON: 3.12
with:
token: ${{ secrets.CODECOV_TOKEN }}
env_vars: PYTHON