redis-om-python/.github/workflows/ci.yml
Chayim 1221efd2c3
Adding dependency vulnerability scanning to the CI process (#345)
Adding dependency scanning for CI

Co-authored-by: dvora-h <67596500+dvora-h@users.noreply.github.com>
2022-10-18 14:55:58 +03:00

172 lines
5.6 KiB
YAML

name: CI
on:
push:
branches:
- main
- '[0-9].[0-9]+' # matches to backport branches, e.g. 3.6
tags: [ 'v*' ]
pull_request:
branches:
- main
- '[0-9].[0-9]+'
- 'update/pre-commit-autoupdate'
schedule:
- cron: '0 6 * * *' # Daily 6AM UTC build
env:
pythonversion: 3.9
jobs:
dependency-audit:
name: Dependency audit
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: install python
uses: actions/setup-python@v3.1.2
with:
python-version: ${{env.pythonversion}}
- name: create local poetry install
run: |
python -m venv .venv
source .venv/bin/activate
python -m pip install poetry
poetry install
- uses: trailofbits/gh-action-pip-audit@v1.0.0
with:
virtual-environment: .venv
lint:
name: Linter
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Setup Python 3.9
uses: actions/setup-python@v4.3.0
with:
python-version: ${{env.pythonversion}}
#----------------------------------------------
# ----- install & configure poetry -----
#----------------------------------------------
- name: Install Poetry
uses: snok/install-poetry@v1
with:
virtualenvs-create: true
virtualenvs-in-project: true
installer-parallel: true
#----------------------------------------------
# load cached venv if cache exists
#----------------------------------------------
- name: Load cached venv
id: cached-poetry-dependencies
uses: actions/cache@v3.0.11
with:
path: .venv
key: venv-${{ runner.os }}-${{ hashFiles('**/poetry.lock') }}
- name: Make sync version of library (redis_om)
run: make sync
#----------------------------------------------
# install dependencies if cache does not exist
#----------------------------------------------
- name: Install dependencies
if: steps.cached-poetry-dependencies.outputs.cache-hit != 'true'
run: poetry install --no-interaction --no-root
#----------------------------------------------
# install your root project, if required
#----------------------------------------------
- name: Install library
run: poetry install --no-interaction
#----------------------------------------------
# run test suite
#----------------------------------------------
- name: Run linter
run: |
make dist
make lint
test-unix:
name: Test Unix
needs: lint
strategy:
matrix:
os: [ ubuntu-latest ]
pyver: ["3.7", "3.8", "3.9", "3.10", "pypy-3.8", "pypy-3.7" ]
redisstack: [ "latest" ]
fail-fast: false
services:
redis:
image: redis/redis-stack:${{ matrix.redisstack }}
ports:
# Maps port 6379 on service container to the host
- 6379:6379
# Set health checks to wait until redis has started
options: >-
--health-cmd "redis-cli ping"
--health-interval 10s
--health-timeout 5s
--health-retries 5
runs-on: ${{ matrix.os }}
timeout-minutes: 15
env:
OS: ${{ matrix.os }}
INSTALL_DIR: ${{ github.workspace }}/redis
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Setup Python ${{ matrix.pyver }}
uses: actions/setup-python@v4.3.0
with:
python-version: ${{ matrix.pyver }}
#----------------------------------------------
# ----- install & configure poetry -----
#----------------------------------------------
- name: Install Poetry
uses: snok/install-poetry@v1
with:
virtualenvs-create: true
virtualenvs-in-project: true
installer-parallel: true
#----------------------------------------------
# load cached venv if cache exists
#----------------------------------------------
- name: Load cached venv
id: cached-poetry-dependencies
uses: actions/cache@v3.0.11
with:
path: .venv
key: venv-${{ runner.os }}-${{ hashFiles('**/poetry.lock') }}
#----------------------------------------------
# Make sync version of library (redis_om)
#----------------------------------------------
- name: Make sync version of library (redis_om)
run: make sync
#----------------------------------------------
# install dependencies if cache does not exist
#----------------------------------------------
- name: Install dependencies
if: steps.cached-poetry-dependencies.outputs.cache-hit != 'true'
run: poetry install --no-interaction --no-root
#----------------------------------------------
# install your root project, if required
#----------------------------------------------
- name: Install library
run: poetry install --no-interaction
- name: Run unittests (redisstack:${{ matrix.redisstack }}, ${{ matrix.os }})
env:
REDIS_OM_URL: "redis://localhost:6379?decode_responses=True"
run: |
make test
poetry run coverage xml
- name: Upload coverage
uses: codecov/codecov-action@v3
with:
file: ./coverage.xml
flags: unit
env_vars: OS
fail_ci_if_error: false