-
Notifications
You must be signed in to change notification settings - Fork 3
129 lines (114 loc) · 4.39 KB
/
build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
name: Build
on:
push:
branches:
- trunk
- feature/*
paths-ignore:
- 'ide_extension/**'
- '.github/workflows/intellij-build.yml'
- '.github/workflows/intellij-release.yml'
- '.github/workflows/intellij-updater.yml'
pull_request:
branches:
- trunk
paths-ignore:
- 'ide_extension/**'
- '.github/workflows/intellij-build.yml'
- '.github/workflows/intellij-release.yml'
- '.github/workflows/intellij-updater.yml'
jobs:
build:
if: ${{ !contains(github.event.head_commit.message, '[skip ci]') }}
runs-on: ubuntu-latest
environment: release
permissions:
id-token: write
pull-requests: write
issues: write
steps:
- uses: actions/checkout@v4
- name: Verify Conventional Commits
uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017 # v5.5.3
if: github.event_name == 'pull_request' || github.event_name == 'pull_request_target'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.12"
- name: Install dependencies
run: |
python -m pip install --upgrade pip
python -m pip install virtualenv
sudo apt-get update
sudo apt-get install openssh-client -y
- name: Run Unit Test
run: |
cd tools/
python -m virtualenv _venv
source _venv/bin/activate
python -m pip install --upgrade pip
python -m pip install -r requirements_test.txt
python -m pip install -r requirements.txt
python -m pytest -x --cov=devsecops_engine_tools --cov-config=.coveragerc
python -m coverage report -m
python -m coverage xml
- name: Run analysis on SonarQube
if: ${{ github.event.pull_request.head.repo.fork == false }}
uses: SonarSource/sonarqube-scan-action@v2
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
with:
projectBaseDir: tools
args: >
-Dsonar.organization=grupo-bancolombia
-Dsonar.projectKey=bancolombia_devsecops-engine-tools
-Dsonar.python.coverage.reportPaths=coverage.xml
-Dsonar.language=py
-Dsonar.verbose=true
-Dsonar.exclusions=**test_integrations_defect_dojo.py**,**/test/**,**/example/**,**setup.py**,**hello_world**,**Dockerfile**,**/coverage/**
-Dsonar.coverage.exclusions=**test_integrations_defect_dojo.py**,**/test/**,**/example/**,**setup.py**,**hello_world**,**Dockerfile/**,**/coverage/**
- name: Build
if: contains(github.event.head_commit.message, 'deploy dev')
run: |
cd tools/
source _venv/bin/activate
python -m pip install setuptools virtualenv wheel
python setup.py sdist bdist_wheel
- name: Publish a Python distribution to PyPI Test
if: contains(github.event.head_commit.message, 'deploy dev')
uses: pypa/gh-action-pypi-publish@release/v1
with:
packages-dir: tools/dist/
repository-url: https://test.pypi.org/legacy/
releaseDraft:
name: Release draft
if: github.event_name != 'pull_request' && github.ref == 'refs/heads/trunk'
needs: build
runs-on: ubuntu-latest
permissions:
contents: write
steps:
# Generate a token of Github APP only for the truk branch
- name: Generate a token of Github APP
id: generate_token
uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
with:
app_id: ${{ secrets.APP_ID_ADMIN_GITHUB }}
private_key: ${{ secrets.APP_PRIVATE_KEY_ADMIN_GITHUB }}
# Check out the current repository
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
token: ${{ steps.generate_token.outputs.token }}
- name: Set up NodeJS
uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
with:
node-version: "lts/*"
- name: Set up Semantic Release
run: npm -g install @semantic-release/git [email protected]
- name: Semantic Release
run: npx [email protected]
env:
GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}