-
-
Notifications
You must be signed in to change notification settings - Fork 0
184 lines (170 loc) · 6.39 KB
/
cicd.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
name: CI/CD Pipeline
# Triggers for the workflow include any push event that does not affect branches prefixed with 'dependabot/'
# and any pull request to any branch in the repository.
on:
push:
branches-ignore:
- 'dependabot/**'
paths-ignore:
- '**/*.md'
pull_request:
branches:
- '**'
paths-ignore:
- '**/*.md'
# Manage concurrency to prevent multiple instances of the workflow from running simultaneously on the same branch.
# If a new run starts, it cancels any currently running instance.
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# Set default permissions to read-only to enhance security.
permissions: read-all
jobs:
get-python-versions:
name: Get Python Versions
runs-on: ubuntu-latest
outputs:
version-matrix: ${{ steps.get-language-versions.outputs.latest-versions }}
steps:
- uses: ActionsToolbox/get-language-versions-action@446919617fd774095b5dd3ed71c39dd3fd0d8f4f # v0.1.3
id: get-language-versions
with:
language: "python"
max-versions: 3
# Always included to handle check-jobs.sh
shellcheck:
name: ShellCheck
runs-on: ubuntu-latest
steps:
- name: Checkout the repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Run Shellcheck
run: bash <(curl -s https://raw.githubusercontent.com/CICDToolbox/shellcheck/master/pipeline.sh)
json-lint:
name: JSON Lint
runs-on: ubuntu-latest
steps:
- name: Checkout the repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Run JSON Lint
run: bash <(curl -s https://raw.githubusercontent.com/CICDToolbox/json-lint/master/pipeline.sh)
bandit:
name: Bandit
needs: get-python-versions
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
python-versions: ${{ fromJson(needs.get-python-versions.outputs.version-matrix) }}
steps:
- name: Checkout the repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- name: Set up Python ${{ matrix.python-versions }}
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: ${{ matrix.python-versions }}
- name: Run Bandit
run: bash <(curl -s https://raw.githubusercontent.com/CICDToolbox/bandit/master/pipeline.sh)
pur:
name: Pur
needs: get-python-versions
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
python-versions: ${{ fromJson(needs.get-python-versions.outputs.version-matrix) }}
steps:
- name: Checkout the repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up Python ${{ matrix.python-versions }}
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: ${{ matrix.python-versions }}
- name: Run Pur
run: bash <(curl -s https://raw.githubusercontent.com/CICDToolbox/pur/master/pipeline.sh)
pycodestyle:
name: Pycodestyle
needs: get-python-versions
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
python-versions: ${{ fromJson(needs.get-python-versions.outputs.version-matrix) }}
steps:
- name: Checkout the repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up Python ${{ matrix.python-versions }}
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: ${{ matrix.python-versions }}
- name: Run Pycodestyle
run: bash <(curl -s https://raw.githubusercontent.com/CICDToolbox/pycodestyle/master/pipeline.sh)
pydocstyle:
name: Pydocstyle
needs: get-python-versions
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
python-versions: ${{ fromJson(needs.get-python-versions.outputs.version-matrix) }}
steps:
- name: Checkout the repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up Python ${{ matrix.python-versions }}
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: ${{ matrix.python-versions }}
- name: Run Pydocstyle
run: bash <(curl -s https://raw.githubusercontent.com/CICDToolbox/pydocstyle/master/pipeline.sh)
pylama:
name: Pylama
needs: get-python-versions
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
python-versions: ${{ fromJson(needs.get-python-versions.outputs.version-matrix) }}
steps:
- name: Checkout the repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up Python ${{ matrix.python-versions }}
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: ${{ matrix.python-versions }}
- name: Run Pylama
run: bash <(curl -s https://raw.githubusercontent.com/CICDToolbox/pylama/master/pipeline.sh)
pylint:
name: Pylint
needs: get-python-versions
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
python-versions: ${{ fromJson(needs.get-python-versions.outputs.version-matrix) }}
steps:
- name: Checkout the repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up Python ${{ matrix.python-versions }}
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: ${{ matrix.python-versions }}
- name: Run Pylint
run: bash <(curl -s https://raw.githubusercontent.com/CICDToolbox/pylint/master/pipeline.sh)
cicd-pipeline:
if: always() # This ensures the job runs regardless of the results of previous jobs.
name: CI/CD Pipeline
needs:
- shellcheck
- json-lint
- bandit
- pur
- pycodestyle
- pydocstyle
- pylama
- pylint
runs-on: ubuntu-latest
steps:
- name: Checkout the repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Check Job Statuses
run: .github/scripts/check-jobs.sh '${{ toJson(needs) }}'