Skip to content

Merge pull request #3035 from OWASP-BLT/dependabot/pip/django-import-… #4894

Merge pull request #3035 from OWASP-BLT/dependabot/pip/django-import-…

Merge pull request #3035 from OWASP-BLT/dependabot/pip/django-import-… #4894

Workflow file for this run

name: CI/CD Optimized
on:
merge_group:
pull_request:
push:
workflow_dispatch:
workflow_run:
workflows: ["Pre-commit fix"]
types:
- completed
env:
FORCE_COLOR: 1
concurrency:
cancel-in-progress: true
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
jobs:
setup:
name: Setup and Cache Dependencies
runs-on: ubuntu-latest
permissions:
contents: read # Minimal permission for checking out code
outputs:
python-cache-dir: ${{ steps.poetry-cache.outputs.dir }}
steps:
- uses: actions/checkout@v4
- name: Cache pre-commit hooks
uses: actions/cache@v3
with:
path: ~/.cache/pre-commit
key: ${{ runner.os }}-pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}
restore-keys: |
${{ runner.os }}-pre-commit-
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: 3.11.2
- name: Get Poetry cache directory
id: poetry-cache
run: echo "POETRY_CACHE_DIR=$(poetry config cache-dir)" >> $GITHUB_ENV
- name: Cache Poetry dependencies
uses: actions/cache@v3
with:
path: ${{ env.POETRY_CACHE_DIR }}
key: ${{ runner.os }}-poetry-${{ hashFiles('**/poetry.lock') }}
restore-keys: |
${{ runner.os }}-poetry-
pre-commit:
name: Run pre-commit
needs: setup
runs-on: ubuntu-latest
permissions:
issues: write
pull-requests: write
contents: write
actions: write
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: 3.11.2
- name: Run pre-commit
uses: pre-commit/[email protected]
code-ql:
name: Run CodeQL
needs: pre-commit
runs-on: ubuntu-latest
permissions:
security-events: write
actions: read
contents: read
strategy:
fail-fast: true
matrix:
language: ['none'] # Default to none, will be updated based on changes
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 2
- name: Detect file changes
id: changes
uses: dorny/paths-filter@v2
with:
filters: |
python:
- '**/*.py'
- 'requirements.txt'
- 'poetry.lock'
- 'pyproject.toml'
javascript:
- '**/*.js'
- '**/*.jsx'
- '**/*.ts'
- '**/*.tsx'
- 'package.json'
- 'yarn.lock'
- name: Set languages matrix
id: set-matrix
run: |
languages=()
if [[ "${{ steps.changes.outputs.python }}" == 'true' ]]; then
languages+=("python")
fi
if [[ "${{ steps.changes.outputs.javascript }}" == 'true' ]]; then
languages+=("javascript")
fi
if [ ${#languages[@]} -eq 0 ]; then
echo "No relevant file changes detected, skipping CodeQL"
exit 0
fi
echo "languages=${languages[@]}" >> $GITHUB_OUTPUT
- uses: github/codeql-action/init@v2
if: steps.set-matrix.outputs.languages
with:
languages: ${{ steps.set-matrix.outputs.languages }}
- uses: github/codeql-action/autobuild@v2
if: steps.set-matrix.outputs.languages
- uses: github/codeql-action/analyze@v2
if: steps.set-matrix.outputs.languages
test:
name: Run Tests
needs: code-ql
runs-on: ubuntu-latest
permissions:
issues: write
pull-requests: write
contents: write
actions: write
steps:
- uses: actions/checkout@v2
- uses: actions/setup-python@v4
with:
python-version: 3.11.2
- run: pip install poetry
- run: poetry install
- run: poetry run python manage.py collectstatic --noinput
- name: Run tests
run: poetry run xvfb-run --auto-servernum python manage.py test -v 3 --failfast