Skip to content

Audit Snyk check/fix master #1735

Audit Snyk check/fix master

Audit Snyk check/fix master #1735

Workflow file for this run

name: Continuous integration
on:
push:
branches:
- master
- '[0-9]+.[0-9]+'
tags:
- '*'
pull_request:
env:
HAS_SECRETS: ${{ secrets.HAS_SECRETS }}
PYTHON_KEYRING_BACKEND: keyring.backends.null.Keyring
jobs:
main:
name: Continuous integration
runs-on: ubuntu-22.04
timeout-minutes: 45
if: "!startsWith(github.event.head_commit.message, '[skip ci] ')"
steps:
- run: docker system prune --all --force
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: camptocamp/initialise-gopass-summon-action@v2
with:
ci-gpg-private-key: ${{secrets.CI_GPG_PRIVATE_KEY}}
github-gopass-ci-token: ${{secrets.GOPASS_CI_GITHUB_TOKEN}}
patterns: pypi docker
- run: echo "${HOME}/.local/bin" >> ${GITHUB_PATH}
- run: python3 -m pip install --user --requirement=ci/requirements.txt
- uses: actions/cache@v4
with:
path: ~/.cache/pre-commit
key: pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}
restore-keys: "pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}\npre-commit-"
- run: pre-commit run --all-files
- run: git diff --exit-code --patch > /tmp/pre-commit.patch || true
if: failure()
- run: git diff --patch > /tmp/pre-commit.patch || true
if: failure()
- uses: actions/upload-artifact@v4
with:
name: Apply pre-commit fix.patch
path: /tmp/pre-commit.patch
retention-days: 1
if: failure()
# Use Python 3.11
- uses: actions/setup-python@v5
with:
python-version: 3.11
- name: Environment
run: c2cciutils-env
- run: pip install --requirement=requirements.txt
- run: poetry install
- run: poetry run prospector --output-format=pylint
- run: |
echo GHCI_TEST_GITHUB_APP_ID=1234 > .env
echo GHCI_TEST_GITHUB_APP_PRIVATE_KEY=5678 >> .env
- run: make build
- run: make tests
- run: make acceptance-tests
- uses: actions/upload-artifact@v4
with:
name: Acceptance tests
path: results
if: failure()
- run: c2cciutils-docker-logs
if: always()
- name: Publish
run: c2cciutils-publish
if: env.HAS_SECRETS == 'HAS_SECRETS'
- run: git diff --exit-code --patch > /tmp/dpkg-versions.patch || true
if: failure()
- uses: actions/upload-artifact@v4
with:
name: Update dpkg versions list.patch
path: /tmp/dpkg-versions.patch
retention-days: 1
if: failure()
- uses: actions/upload-artifact@v4
with:
name: Update dpkg packages list.patch
path: /tmp/dpkg.patch
retention-days: 1
if: failure()