chore: Update CD workflow to include CODECOV_TOKEN secret and bump ve… #83
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI-Continuous-Integration | |
| on: | |
| workflow_dispatch: | |
| workflow_call: | |
| secrets: | |
| CODECOV_TOKEN: | |
| required: true | |
| description: 'Codecov Token' | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| branches: | |
| - main | |
| jobs: | |
| Lint: | |
| runs-on: ubuntu-latest | |
| env: | |
| PYTHON: '3.11' | |
| steps: | |
| - uses: actions/checkout@master | |
| - name: Setup Python | |
| uses: actions/setup-python@master | |
| with: | |
| python-version: 3.11 | |
| - name: Generate lint | |
| run: | | |
| pip install poetry | |
| poetry config virtualenvs.create false | |
| poetry install | |
| poetry run task lint | |
| Test-Docker-Build: | |
| runs-on: ubuntu-latest | |
| env: | |
| PYTHON: '3.11' | |
| steps: | |
| - uses: actions/checkout@master | |
| - name: Setup Python | |
| uses: actions/setup-python@master | |
| with: | |
| python-version: 3.11 | |
| - name: Build | |
| run: | | |
| docker build -t test_img:ci-test . | |
| Test-Code: | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest, macos-latest, windows-latest] | |
| env: | |
| OS: ${{ matrix.os }} | |
| PYTHON: '3.11' | |
| steps: | |
| - uses: actions/checkout@master | |
| - name: Setup Python | |
| uses: actions/setup-python@master | |
| with: | |
| python-version: 3.11 | |
| - name: Generate coverage report | |
| run: | | |
| pip install poetry | |
| poetry config virtualenvs.create false | |
| poetry install | |
| task test | |
| Report-Test-Coverage: | |
| runs-on: ubuntu-latest | |
| needs: Test-Code | |
| steps: | |
| - uses: actions/checkout@master | |
| - name: Setup Python | |
| uses: actions/setup-python@master | |
| with: | |
| python-version: 3.11 | |
| - name: Generate coverage report | |
| run: | | |
| pip install poetry | |
| poetry config virtualenvs.create false | |
| poetry install | |
| pytest --cov=src --cov-report=xml | |
| - name: Upload coverage to Codecov | |
| uses: codecov/codecov-action@v4 | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| directory: ./coverage/reports/ | |
| env_vars: OS,PYTHON | |
| fail_ci_if_error: true | |
| files: ./coverage.xml | |
| flags: unittests | |
| name: codecov-umbrella | |
| verbose: true | |
| Test-Security: | |
| runs-on: ubuntu-latest | |
| env: | |
| PYTHON: '3.11' | |
| steps: | |
| - uses: actions/checkout@master | |
| - name: Setup Python | |
| uses: actions/setup-python@master | |
| with: | |
| python-version: 3.11 | |
| - name: Run Code Security Checks | |
| run: | | |
| curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v0.45.1 | |
| curl -fsSL https://raw.githubusercontent.com/ZupIT/horusec/main/deployments/scripts/install.sh | bash -s latest | |
| pip install poetry | |
| poetry config virtualenvs.create false | |
| poetry install | |
| bandit -c pyproject.toml -r src | |
| horusec start -D -p ./src | |
| trivy fs --exit-code 1 --scanners vuln,config,secret . | |
| - name: Run Container Security Checks | |
| run: | | |
| docker build -t test_img:ci-test . | |
| trivy image --exit-code 1 --severity HIGH,CRITICAL test_img:ci-test |