do: update READMEs #2
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI Pipeline | |
| on: | |
| push: | |
| branches: | |
| - "**" | |
| env: | |
| ENV_FILE: .env | |
| jobs: | |
| env-vars: | |
| name: Get Environment Variables | |
| runs-on: ubuntu-latest | |
| outputs: | |
| python-version: ${{ steps.load-internal-env.outputs.python-version }} | |
| github-actions: ${{steps.load-external-env.outputs.github-actions}} | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@v3 | |
| - name: Load Project's Internal Environment Variables | |
| id: load-internal-env | |
| run: | | |
| set -x | |
| [ -f ${{ env.ENV_FILE }} ] && source ${{ env.ENV_FILE }} | |
| echo "python-version=$PYTHON_VERSION" >> $GITHUB_OUTPUT | |
| - name: Load External Environment Variables | |
| id: load-external-env | |
| run: | | |
| set -x | |
| if [ "$GITHUB_ACTIONS" = "true" ]; then | |
| echo "github-actions=$GITHUB_ACTIONS" >> $GITHUB_OUTPUT | |
| else | |
| echo "github-actions=false" >> $GITHUB_OUTPUT | |
| fi | |
| env-setup: | |
| name: Setup Python and Install Dependencies | |
| runs-on: ubuntu-latest | |
| needs: env-vars | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@v3 | |
| - name: Set up Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: ${{ needs.env-vars.outputs.python-version }} | |
| - name: Create Non-root User & Install dependencies # This step does not run on github actions | |
| if: ${{ needs.env-vars.outputs.github-actions == 'false' }} | |
| run: | | |
| useradd -ms /bin/bash pyrunner | |
| mkdir -p /home/pyrunner/.cache/pip | |
| chown -R pyrunner:pyrunner /home/pyrunner | |
| chmod -R 700 /home/pyrunner/.cache/pip | |
| sudo -u pyrunner bash -c " | |
| python -m venv ~/venv && | |
| source ~/venv/bin/activate && | |
| pip install --upgrade pip && | |
| pip install -r requirements.txt | |
| " | |
| - name: Install Python Dependencies | |
| if: ${{ needs.env-vars.outputs.github-actions == 'true' }} | |
| run: | | |
| python -m venv ~/venv && | |
| source ~/venv/bin/activate && | |
| pip install --upgrade pip && | |
| pip install -r requirements.txt | |
| - name: Verify Python Version | |
| run: | | |
| source ~/venv/bin/activate | |
| ACTUAL_VERSION=$(python --version 2>&1 | sed 's/Python //') | |
| EXPECTED_VERSION="${{ needs.env-vars.outputs.python-version }}" | |
| echo "Actual: $ACTUAL_VERSION" | |
| echo "Expected: $EXPECTED_VERSION" | |
| if [ "$ACTUAL_VERSION" != "$EXPECTED_VERSION" ]; then | |
| echo "ERROR: Python version mismatch: expected $EXPECTED_VERSION, got $ACTUAL_VERSION" | |
| exit 1 | |
| fi | |
| - name: Save Python Environment Cache | |
| uses: actions/cache@v3 | |
| with: | |
| path: ~/venv | |
| key: ${{ runner.os }}-python-venv-${{ hashFiles('requirements.txt') }} | |
| lint: | |
| name: Flake8 linting | |
| runs-on: ubuntu-latest | |
| needs: env-setup | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@v3 | |
| - name: Restore Python Environment Cache | |
| uses: actions/cache@v3 | |
| with: | |
| path: ~/venv | |
| key: ${{ runner.os }}-python-venv-${{ hashFiles('requirements.txt') }} | |
| - name: Run Flake8 | |
| run: | | |
| source ~/venv/bin/activate | |
| flake8 . | |
| security: | |
| name: Security Check | |
| runs-on: ubuntu-latest | |
| needs: env-setup | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@v3 | |
| - name: Restore Python Environment Cache | |
| uses: actions/cache@v3 | |
| with: | |
| path: ~/venv | |
| key: ${{ runner.os }}-python-venv-${{ hashFiles('requirements.txt') }} | |
| - name: Run Bandit Security Check | |
| run: | | |
| source ~/venv/bin/activate | |
| bandit -r . | |
| quality: | |
| name: Code Quality | |
| runs-on: ubuntu-latest | |
| needs: env-setup | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@v3 | |
| - name: Restore Python Environment Cache | |
| uses: actions/cache@v3 | |
| with: | |
| path: ~/venv | |
| key: ${{ runner.os }}-python-venv-${{ hashFiles('requirements.txt') }} | |
| - name: Run Pylint | |
| run: | | |
| source ~/venv/bin/activate | |
| pylint . | |
| - name: Check Black Formatting | |
| run: | | |
| source ~/venv/bin/activate | |
| black --check . | |
| - name: Check Pydocstyle | |
| run: | | |
| source ~/venv/bin/activate | |
| pydocstyle . | |
| continue-on-error: true # Non-blocking |