Merge pull request #2955 from ACCESS-Cloud-Based-InSAR/add-models #9246
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Static code analysis | |
| permissions: | |
| contents: read | |
| on: push | |
| env: | |
| SETUPTOOLS_SCM_PRETEND_VERSION_FOR_HYP3: v0.0.0 | |
| jobs: | |
| call-ruff-workflow: | |
| # Docs: https://github.com/ASFHyP3/actions | |
| uses: ASFHyP3/actions/.github/workflows/[email protected] | |
| call-mypy-workflow: | |
| uses: ASFHyP3/actions/.github/workflows/[email protected] | |
| cfn-lint: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| security_environment: [ASF, EDC, JPL, JPL-public] | |
| steps: | |
| - uses: actions/[email protected] | |
| - uses: actions/setup-python@v6 | |
| with: | |
| python-version: 3.13 | |
| - run: | | |
| python -m pip install --upgrade pip | |
| make install | |
| - run: | | |
| make security_environment=${{ matrix.security_environment }} cfn-lint | |
| openapi-spec-validator: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/[email protected] | |
| - uses: actions/setup-python@v6 | |
| with: | |
| python-version: 3.13 | |
| - run: | | |
| python -m pip install --upgrade pip | |
| make install | |
| - run: make openapi-validate | |
| statelint: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/[email protected] | |
| - uses: ruby/setup-ruby@v1 | |
| with: | |
| ruby-version: 2.7 | |
| - run: gem install statelint | |
| - uses: actions/setup-python@v6 | |
| with: | |
| python-version: 3.13 | |
| - run: | | |
| python -m pip install --upgrade pip | |
| make install | |
| - run: | | |
| make render | |
| sed -i 's/"Resource": "${.*}"/"Resource": "foo:bar"/' apps/step-function.json | |
| statelint apps/step-function.json | |
| snyk: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/[email protected] | |
| - uses: snyk/actions/[email protected] | |
| - uses: actions/setup-python@v6 | |
| with: | |
| python-version: 3.13 | |
| - run: | | |
| python -m pip install --upgrade pip | |
| make install | |
| make render security_environment=EDC | |
| - name: Run Snyk to check for vulnerabilities | |
| env: | |
| SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
| run: | | |
| snyk test --package-manager=pip --file=requirements-all.txt --severity-threshold=high | |
| snyk iac test --severity-threshold=high | |
| call-secrets-analysis-workflow: | |
| uses: ASFHyP3/actions/.github/workflows/[email protected] |