[PPANTT-137] feat: updated modules and workload identity for aks-leon… #4311
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Static Analysis PR | |
on: | |
push: | |
branches-ignore: | |
- main | |
jobs: | |
static_analysis: | |
runs-on: ubuntu-latest | |
steps: | |
- run: | | |
rm -rf * | |
- name: ⏬ Checkout Repository | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Set up Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: '3.x' | |
- name: Install necessary packages | |
run: python -m pip install --upgrade pip | |
- name: 🔨 Get Modified Paths | |
id: get-paths | |
run: | | |
import os | |
import subprocess | |
IGNORED_PATHS = ["domains", "scripts", "github", ".devops"] | |
def get_current_branch(): | |
result = subprocess.run(["git", "rev-parse", "--abbrev-ref", "HEAD"], capture_output=True, text=True) | |
return result.stdout.strip() | |
def get_git_diff(current_branch): | |
subprocess.run(["git", "fetch", "origin"]) | |
result = subprocess.run(["git", "diff", "--name-only", current_branch, "origin/main"], capture_output=True, text=True) | |
with open('/tmp/diff.txt', 'w') as f: | |
f.write(result.stdout) | |
def get_required_path(path): | |
# Split the path into its components | |
parts = path.split(os.sep) | |
# Find the index of "src" and "domains" | |
try: | |
start_index = parts.index("src") # Find "src" | |
# Check if "domains" is present and get up one higher level | |
if "domains" in parts[start_index:]: | |
domains_index = parts.index("domains", start_index) | |
if len(parts) > domains_index + 2: # Ensure there is a level after "domains" | |
end_index = 3 # Exclude the last part | |
# Include the parent of "domains" and all up to the second last part | |
return os.sep.join(parts[start_index:end_index]) | |
else: | |
return "" | |
else: # Handle paths not containing 'domains' | |
if len(parts) > start_index + 2: # Ensure there is enough depth | |
end_index = 2 # Exclude the last part | |
return os.sep.join(parts[start_index:end_index]) | |
else: | |
return "" | |
except (ValueError, IndexError) as e: | |
return "" | |
def get_modified_paths(pattern, exclude_ignored=True): | |
with open('/tmp/diff.txt') as f: | |
lines = f.readlines() | |
if exclude_ignored: | |
paths = [ | |
line.strip() | |
for line in lines | |
if not any(ignored in line for ignored in IGNORED_PATHS) | |
] | |
else: | |
paths = [line.strip() for line in lines if pattern in line] | |
# Removing duplicates and sorting | |
unique_paths = sorted(set([ | |
get_required_path(path) | |
for path in paths if path | |
])) | |
return unique_paths | |
def write_to_file(content, filepath): | |
with open(filepath, 'w') as f: | |
f.write(content) | |
def main(): | |
current_branch = get_current_branch() | |
print(f"Current branch: {current_branch}") | |
get_git_diff(current_branch) | |
modified_paths_source = get_modified_paths('src/', exclude_ignored=True) | |
print(f"Modified paths in source: {modified_paths_source}") | |
modified_paths_domains = get_modified_paths('domains', exclude_ignored=False) | |
print(f"Modified paths in domains: {modified_paths_domains}") | |
modified_paths = "\n".join(modified_paths_source + modified_paths_domains) | |
print(f"📌 Modified paths: {modified_paths}") | |
write_to_file(modified_paths, "/tmp/paths.txt") | |
if any("src/" in path for path in modified_paths.split()): | |
print("src folder modified.") | |
with open(os.getenv('GITHUB_ENV'), 'a') as f: | |
f.write('run_static_analysis=true\n') | |
else: | |
print("src folder not modified.") | |
with open(os.getenv('GITHUB_ENV'), 'a') as f: | |
f.write('run_static_analysis=false\n') | |
if __name__ == "__main__": | |
main() | |
shell: python | |
- name: Read modified paths | |
if: env.run_static_analysis == 'true' | |
id: read_paths | |
run: | | |
modified_paths=$(cat /tmp/paths.txt) | |
echo "Modified paths: $modified_paths" | |
echo "::set-output name=modified_paths::$modified_paths" | |
- name: ⏬ Download Modified Folders Only | |
if: env.run_static_analysis == 'true' | |
id: download_changed_folders | |
shell: bash | |
run: | | |
# Read all paths and download only the modified folders | |
MODIFIED_FOLDERS=($(cat /tmp/paths.txt)) | |
# Include 'scripts' in the list of directories to checkout | |
MODIFIED_FOLDERS+=("scripts") | |
# Initialize git sparse-checkout | |
git sparse-checkout init --cone | |
# Set each path in MODIFIED_FOLDERS for sparse-checkout | |
git sparse-checkout set "${MODIFIED_FOLDERS[@]}" | |
# Checkout the latest changes | |
git checkout | |
- name: 👀 See folders downloaded | |
if: env.run_static_analysis == 'true' | |
id: see | |
shell: bash | |
run: | | |
ls -la | |
du -h -d 3 . | |
- name: Static Analysis | |
if: env.run_static_analysis == 'true' | |
uses: pagopa/eng-github-actions-iac-template/azure/[email protected] | |
with: | |
precommit_version: 'v1.89.1@sha256:1ea921bc4fe87651d41677218e537afdcdb8202e757e554b9866668eaba144c5' |