forked from cloud-custodian/cloud-custodian
-
Notifications
You must be signed in to change notification settings - Fork 4
162 lines (149 loc) · 4.84 KB
/
ci-main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
name: "CI"
env:
POETRY_VERSION: "1.3.1"
on:
push:
branches:
- master
- main
pull_request:
branches:
- master
- main
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
Lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-python@v2
with:
python-version: 3.8
- name: Install Linter
run: |
python -m pip install --upgrade pip
pip install flake8 black
- name: Lint Check
run: |
make lint
- name: Format Check
run: |
black --check tools/c7n_left
Analyzer:
runs-on: ubuntu-latest
needs: Lint
steps:
- uses: actions/checkout@v2
- uses: actions/setup-python@v1
with:
python-version: 3.9
- name: Run Bandit
run: |
python -m pip install bandit
make analyzer-bandit
- name: Run Semgrep
run: |
python -m pip install semgrep
make analyzer-semgrep
Tests:
runs-on: "${{ matrix.os }}"
needs: Lint
strategy:
matrix:
# os: [ubuntu-latest, macos-latest, windows-latest]
os: [ubuntu-latest]
python-version: ["3.10"]
include:
- os: ubuntu-latest
python-version: 3.9
# - os: ubuntu-latest
# python-version: 3.8
# - os: ubuntu-latest
# python-version: 3.7
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 2
- name: Set up Terraform
uses: hashicorp/setup-terraform@v1
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v2
with:
python-version: ${{ matrix.python-version }}
- name: Bootstrap poetry
shell: bash
run: |
curl -sSL https://raw.githubusercontent.com/python-poetry/install.python-poetry.org/6161821b1d39fa30f92a677bba51abfc471f8aee/install-poetry.py | python3 - --version $POETRY_VERSION -y
- name: Set up cache
uses: actions/cache@v2
id: cache
with:
path: .venv
key: venv-${{ runner.os }}-${{ matrix.python-version }}-${{ hashFiles('**/poetry.lock') }}
- name: Update PATH
shell: bash
run: |
if [[ "$OSTYPE" == "msys" ]]
then
echo "$APPDATA\Python\Scripts" >> $GITHUB_PATH
echo "$PWD\.venv\Scripts" >> $GITHUB_PATH
echo "VIRTUAL_ENV=$PWD\.venv" >> $GITHUB_ENV
else
echo "$HOME/.local/bin" >> $GITHUB_PATH
echo "$PWD/.venv/bin" >> $GITHUB_PATH
echo "VIRTUAL_ENV=$PWD/.venv" >> $GITHUB_ENV
fi
- name: Ensure cache is healthy
if: steps.cache.outputs.cache-hit == 'true'
id: cache_check
shell: bash
run: |
(poetry run custodian version && echo "::set-output name=venv::success") || (rm -rf .venv && echo "::set-output name=venv::recreate")
- name: Virtualenv
if: steps.cache.outputs.cache-hit != 'true' || steps.cache_check.outputs.venv != 'success'
shell: bash
env:
CHECK_VENV: ${{ steps.cache_check.outputs.venv }}
CACHE_HIT: ${{ steps.cache.outputs.cache-hit }}
run: |
echo "check venv $CHECK_VENV"
echo "cache hit $CACHE_HIT"
python -m venv .venv
- name: Install Deps
if: steps.cache.outputs.cache-hit != 'true' || steps.cache_check.outputs.venv != 'success'
shell: bash
run: |
python -m pip install --upgrade pip
pip install -U wheel
make install-poetry
- name: Test
shell: bash
env:
COV_RUN: ${{ contains(matrix.python-version, '3.10') && contains(matrix.os, 'ubuntu') }}
run: |
if [[ "$COV_RUN" == "true" ]]
then
echo "Running Coverage Test"
. test.env && poetry run pytest -n auto tests tools \
--cov c7n --cov tools/c7n_azure/c7n_azure \
--cov tools/c7n_gcp/c7n_gcp --cov tools/c7n_kube/c7n_kube \
--cov tools/c7n_tencentcloud/c7n_tencentcloud \
--cov tools/c7n_left/c7n_left \
--cov tools/c7n_mailer/c7n_mailer
poetry run coverage xml
else
. test.env && poetry run pytest -n auto tests tools
fi
- name: Upload Code Coverage
uses: codecov/codecov-action@v3
if: contains(matrix.python-version, '3.10') && contains(matrix.os, 'ubuntu')
with:
files: ./coverage.xml
name: codecov
verbose: true
- name: License Check
if: contains(matrix.python-version, '3.9') && contains(matrix.os, 'ubuntu')
run: |
poetry run python tools/dev/license-check.py