do: enhance ci by adding user & applying pip through it #8
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI Pipeline | |
| on: | |
| push: | |
| branches: | |
| - "**" | |
| pull_request: | |
| branches: | |
| - master | |
| env: | |
| ENV_FILE: .env | |
| jobs: | |
| env-vars: | |
| name: Get Environment Variables | |
| runs-on: ubuntu-latest | |
| outputs: | |
| python-version: ${{ steps.load-env.outputs.python-version }} | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@v3 | |
| - name: Load Environment Variables | |
| id: load-env | |
| run: | | |
| set -a | |
| [ -f ${{ env.ENV_FILE }} ] && source ${{ env.ENV_FILE }} | |
| echo "::set-output name=python-version::$PYTHON_VERSION" | |
| env-setup: | |
| name: Setup Python and Install Dependencies | |
| runs-on: ubuntu-latest | |
| needs: env-vars | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@v3 | |
| - name: Set up Python | |
| id: setup-python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: ${{ needs.env-vars.outputs.python-version }} | |
| - name: Create Non-root User | |
| run: | | |
| useradd -ms /bin/bash pyrunner | |
| mkdir -p /home/pyrunner/.cache/pip | |
| chown -R pyrunner:pyrunner /home/pyrunner | |
| chmod -R 700 /home/pyrunner/.cache/pip | |
| - name: Install Python Dependencies | |
| run: | | |
| sudo -u pyrunner bash -c " | |
| python -m venv /home/pyrunner/venv && | |
| source /home/pyrunner/venv/bin/activate && | |
| pip install --upgrade pip && | |
| pip install -r requirements.txt | |
| " | |
| - name: Save Python Environment Cache | |
| uses: actions/cache@v3 | |
| with: | |
| path: /home/pyrunner/venv | |
| key: ${{ runner.os }}-python-venv-${{ hashFiles('requirements.txt') }} | |
| lint: | |
| name: Flake8 linting | |
| runs-on: ubuntu-latest | |
| needs: env-setup | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@v3 | |
| - name: Restore Python Environment Cache | |
| uses: actions/cache@v3 | |
| with: | |
| path: /home/pyrunner/venv | |
| key: ${{ runner.os }}-python-venv-${{ hashFiles('requirements.txt') }} | |
| - name: Run Flake8 | |
| run: | | |
| source /home/pyrunner/venv/bin/activate | |
| flake8 . | |
| security: | |
| name: Security Check | |
| runs-on: ubuntu-latest | |
| needs: env-setup | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@v3 | |
| - name: Restore Python Environment Cache | |
| uses: actions/cache@v3 | |
| with: | |
| path: /home/pyrunner/venv | |
| key: ${{ runner.os }}-python-venv-${{ hashFiles('requirements.txt') }} | |
| - name: Run Bandit Security Check | |
| run: | | |
| source /home/pyrunner/venv/bin/activate | |
| bandit -r . | |
| quality: | |
| name: Code Quality | |
| runs-on: ubuntu-latest | |
| needs: env-setup | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@v3 | |
| - name: Restore Python Environment Cache | |
| uses: actions/cache@v3 | |
| with: | |
| path: /home/pyrunner/venv | |
| key: ${{ runner.os }}-python-venv-${{ hashFiles('requirements.txt') }} | |
| - name: Run Pylint | |
| run: | | |
| source /home/pyrunner/venv/bin/activate | |
| pylint . | |
| - name: Check Black Formatting | |
| run: | | |
| source /home/pyrunner/venv/bin/activate | |
| black --check . | |
| - name: Check Pydocstyle | |
| run: | | |
| source /home/pyrunner/venv/bin/activate | |
| pydocstyle . | |
| continue-on-error: true # Non-blocking |