Run lint #640

Workflow file for this run

.github/workflows/pipeline.yml at 7a3a429

	name: Pipeline
	on: [push, workflow_dispatch]

	env:
	REGISTRY: ghcr.io
	IMAGE_NAME: ${{ github.repository }}

	jobs:
	static_analysis:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	- uses: actions/setup-python@v5
	with:
	python-version: '3.10'
	- name: Install Dependencies and library
	shell: bash
	run: \|
	set -ux
	python -m pip install --upgrade pip
	pip install -e ".[dev]"
	- name: Run mypy
	shell: bash
	run: mypy captn google_ads openai_agent application.py

	- name: Run bandit
	shell: bash
	run: bandit -c pyproject.toml -r captn

	- name: Run Semgrep
	shell: bash
	run: semgrep scan --config auto --error

	test:
	runs-on: ubuntu-latest
	services:
	postgres:
	image: postgres:13
	env:
	POSTGRES_USER: postgres
	POSTGRES_PASSWORD: postgres
	POSTGRES_DB: gads
	ports:
	- 5432:5432
	options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
	env:
	INFOBIP_API_KEY: "dummy_key"
	INFOBIP_BASE_URL: "dummy_url"
	DATABASE_URL: "postgresql://postgres:postgres@localhost:5432/gads"
	steps:
	- uses: actions/checkout@v4
	- name: Set up Python
	uses: actions/setup-python@v5
	with:
	python-version: "3.10"
	cache: "pip"
	cache-dependency-path: pyproject.toml
	- name: Install Dependencies
	run: pip install -e ".[dev]"
	- name: Prisma generate
	run: prisma generate
	- name: Create client secrets file
	run: echo '{"web":{"client_id":"dummy.apps.googleusercontent.com","project_id":"dummy-id","auth_uri":"https://accounts.google.com/o/oauth2/auth","token_uri":"https://oauth2.googleapis.com/token","auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs","client_secret":"dummy-secret","redirect_uris":["http://localhost:9000/login/callback"]}}' > client_secret.json
	- name: Test
	run: pytest tests/ci/

	docker_build_push:
	runs-on: ubuntu-22.04
	permissions:
	contents: read
	packages: write
	env:
	PORT: ${{ vars.PORT }}
	steps:
	- name: Checkout repository
	uses: actions/checkout@v4
	- uses: actions/setup-node@v4
	with:
	node-version: 18

	- name: Install wasp
	run: curl -sSL https://get.wasp-lang.dev/installer.sh \| sh

	- name: Log in to the Container registry
	uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d
	with:
	registry: ${{ env.REGISTRY }}
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- run: docker pull ghcr.io/$GITHUB_REPOSITORY:$GITHUB_REF_NAME \|\| docker pull ghcr.io/$GITHUB_REPOSITORY:dev \|\| true
	- run: docker build --build-arg PORT=$PORT -t ghcr.io/$GITHUB_REPOSITORY:$GITHUB_REF_NAME .
	- name: Add tag latest if branch is main
	if: github.ref_name == 'main'
	run: docker tag ghcr.io/$GITHUB_REPOSITORY:$GITHUB_REF_NAME ghcr.io/$GITHUB_REPOSITORY:latest
	- name: Push only if branch name is main or dev
	if: github.ref_name == 'main' \|\| github.ref_name == 'dev'
	run: docker push ghcr.io/$GITHUB_REPOSITORY --all-tags

	deploy:
	runs-on: ubuntu-22.04
	defaults:
	run:
	shell: bash
	needs: [static_analysis, test, docker_build_push]
	if: github.ref_name == 'main' \|\| github.ref_name == 'dev'
	env:
	GITHUB_USERNAME: ${{ github.actor }}
	GITHUB_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
	DEVELOPER_TOKEN: ${{ secrets.DEVELOPER_TOKEN }}
	OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
	INFOBIP_API_KEY: ${{ secrets.INFOBIP_API_KEY }}
	INFOBIP_BASE_URL: ${{ secrets.INFOBIP_BASE_URL }}
	PORT: ${{ vars.PORT }}

	DOMAIN: ${{ github.ref_name == 'main' && vars.PROD_DOMAIN \|\| vars.STAGING_DOMAIN }}
	REDIRECT_DOMAIN: ${{ github.ref_name == 'main' && vars.PROD_REDIRECT_DOMAIN \|\| vars.STAGING_REDIRECT_DOMAIN }}
	CLIENT_SECRET: ${{ github.ref_name == 'main' && secrets.PROD_CLIENT_SECRET \|\| secrets.STAGING_CLIENT_SECRET }}
	DATABASE_URL: ${{ github.ref_name == 'main' && secrets.PROD_DATABASE_URL \|\| secrets.STAGING_DATABASE_URL }}
	REACT_APP_API_URL: ${{ github.ref_name == 'main' && secrets.PROD_REACT_APP_API_URL \|\| secrets.STAGING_REACT_APP_API_URL }}
	AZURE_API_VERSION: ${{ github.ref_name == 'main' && secrets.PROD_AZURE_API_VERSION \|\| secrets.STAGING_AZURE_API_VERSION }}
	AZURE_API_ENDPOINT: ${{ github.ref_name == 'main' && secrets.PROD_AZURE_API_ENDPOINT \|\| secrets.STAGING_AZURE_API_ENDPOINT }}
	AZURE_MODEL: ${{ github.ref_name == 'main' && secrets.PROD_AZURE_MODEL \|\| secrets.STAGING_AZURE_MODEL }}
	AZURE_OPENAI_API_KEY_SWEDEN: ${{ github.ref_name == 'main' && secrets.PROD_AZURE_OPENAI_API_KEY_SWEDEN \|\| secrets.STAGING_AZURE_OPENAI_API_KEY_SWEDEN }}
	AZURE_OPENAI_API_KEY_CANADA: ${{ github.ref_name == 'main' && secrets.PROD_AZURE_OPENAI_API_KEY_CANADA \|\| secrets.STAGING_AZURE_OPENAI_API_KEY_CANADA }}
	SSH_KEY: ${{ github.ref_name == 'main' && secrets.PROD_SSH_KEY \|\| secrets.STAGING_SSH_KEY }}
	steps:
	- uses: actions/checkout@v3 # Don't change it to cheackout@v4. V4 is not working with container image.
	# This is to fix GIT not liking owner of the checkout dir - https://github.com/actions/runner/issues/2033#issuecomment-1204205989
	- run: chown -R $(id -u):$(id -g) $PWD

	- run: if [[ $GITHUB_REF_NAME == "main" ]]; then echo "TAG=latest" >> $GITHUB_ENV ; else echo "TAG=dev" >> $GITHUB_ENV ; fi;

	- run: echo "PATH=$PATH:/github/home/.local/bin" >> $GITHUB_ENV
	- run: 'which ssh-agent \|\| ( apt-get update -y && apt-get install openssh-client git -y )'
	- run: eval $(ssh-agent -s)
	- run: mkdir -p ~/.ssh
	- run: chmod 700 ~/.ssh
	- run: ssh-keyscan "$DOMAIN" >> ~/.ssh/known_hosts
	- run: chmod 644 ~/.ssh/known_hosts
	- run: echo "$SSH_KEY" \| base64 --decode > key.pem
	- run: chmod 600 key.pem

	- run: ssh -o StrictHostKeyChecking=no -i key.pem azureuser@"$DOMAIN" "docker images"
	- run: bash scripts/deploy.sh

	- run: rm key.pem

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Run lint #640

Workflow file

Run lint #640

Jobs

Run details

Workflow file for this run