diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml new file mode 100644 index 0000000..12b4d89 --- /dev/null +++ b/.github/workflows/build.yaml @@ -0,0 +1,16 @@ +name: build + + +on: + push: + branches: [ master ] + pull_request: + branches: [ master ] + + +jobs: + + dummy: + runs-on: ubuntu-latest + steps: + - run: echo "hello" diff --git a/.github/workflows/github-actions-ci.yml b/.github/workflows/github-actions-ci.yml deleted file mode 100644 index 531d4d2..0000000 --- a/.github/workflows/github-actions-ci.yml +++ /dev/null @@ -1,120 +0,0 @@ -name: build & test - - -on: - push: - branches: [ master ] - pull_request: - branches: [ master ] - - -env: - ACCOUNT: ${{ github.repository_owner }} - REPOSITORY: ${{ github.event.repository.name }} - - -jobs: - - # ----------- BUILD STAGE ----------- # - - build: - runs-on: ubuntu-latest - container: docker:git - permissions: - contents: read - packages: write - steps: - - uses: actions/checkout@v3 - - name: resolve paths-filter error - run: git config --global --add safe.directory /__w/${REPOSITORY}/${REPOSITORY} - - name: detect build file changes - uses: dorny/paths-filter@v2 - id: filter - with: - filters: | - buildfiles: - - Dockerfile - - requirements.txt - - tests/requirements-test.txt - - name: build & push image to registry - if: steps.filter.outputs.buildfiles == 'true' - run: | - echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u $ACCOUNT --password-stdin - docker build -t ghcr.io/${ACCOUNT}/${REPOSITORY} . - docker push ghcr.io/${ACCOUNT}/${REPOSITORY} - - - # ----------- TESTS ----------- # - - unit-test: - runs-on: ubuntu-latest - needs: [build] - container: - image: ghcr.io/mapattacker/github-workflow-sample - credentials: - username: $ACCOUNT - password: ${{ secrets.GITHUB_TOKEN }} - steps: - - uses: actions/checkout@v3 - - name: run tests - run: pytest --cov=project/ tests/unit_tests/ -v - - - # ----------- SECURITY SCANS ----------- # - - secrets-scan: - runs-on: ubuntu-latest - needs: [build] - steps: - - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - name: run secrets scan - uses: gitleaks/gitleaks-action@v2 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - sast-scan: - runs-on: ubuntu-latest - needs: [build] - steps: - - uses: actions/checkout@v3 - - name: run sast scan - uses: AppThreat/sast-scan-action@master - with: - output: reports - type: python - - dependency-scan: - runs-on: ubuntu-latest - needs: [build] - container: - image: ghcr.io/mapattacker/github-workflow-sample - credentials: - username: $ACCOUNT - password: ${{ secrets.GITHUB_TOKEN }} - steps: - - name: run dependency scan - run: safety check - - license-scan: - runs-on: ubuntu-latest - needs: [build] - container: - image: ghcr.io/mapattacker/github-workflow-sample - credentials: - username: $ACCOUNT - password: ${{ secrets.GITHUB_TOKEN }} - steps: - - name: generate consolidated requirements - run: pip freeze > requirements-all.txt - - name: run license scan - id: license_check_report - uses: pilosus/action-pip-license-checker@v2 - with: - requirements: 'requirements-all.txt' - fail: 'StrongCopyleft,NetworkCopyleft,Other,Error' - - name: Print report - if: ${{ always() }} - run: echo "${{ steps.license_check_report.outputs.report }}" - diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml new file mode 100644 index 0000000..2d13749 --- /dev/null +++ b/.github/workflows/test.yaml @@ -0,0 +1,17 @@ +name: test + +on: + workflow_run: + workflows: [build] + branches: [test] + types: + - completed + + + +jobs: + + dummy: + runs-on: ubuntu-latest + steps: + - run: echo "hello" diff --git a/project/app.py b/project/app.py index 8be88a3..d0af455 100644 --- a/project/app.py +++ b/project/app.py @@ -1 +1,2 @@ + # sample script