-
-
Notifications
You must be signed in to change notification settings - Fork 144
153 lines (137 loc) · 4.01 KB
/
ci-cd.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
name: CI/CD Optimized
on:
merge_group:
pull_request:
push:
workflow_dispatch:
workflow_run:
workflows: ["Pre-commit fix"]
types:
- completed
env:
FORCE_COLOR: 1
concurrency:
cancel-in-progress: true
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
jobs:
setup:
name: Setup and Cache Dependencies
runs-on: ubuntu-latest
permissions:
contents: read # Minimal permission for checking out code
outputs:
python-cache-dir: ${{ steps.poetry-cache.outputs.dir }}
steps:
- uses: actions/checkout@v4
- name: Cache pre-commit hooks
uses: actions/cache@v3
with:
path: ~/.cache/pre-commit
key: ${{ runner.os }}-pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}
restore-keys: |
${{ runner.os }}-pre-commit-
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: 3.11.2
- name: Get Poetry cache directory
id: poetry-cache
run: echo "POETRY_CACHE_DIR=$(poetry config cache-dir)" >> $GITHUB_ENV
- name: Cache Poetry dependencies
uses: actions/cache@v3
with:
path: ${{ env.POETRY_CACHE_DIR }}
key: ${{ runner.os }}-poetry-${{ hashFiles('**/poetry.lock') }}
restore-keys: |
${{ runner.os }}-poetry-
pre-commit:
name: Run pre-commit
needs: setup
runs-on: ubuntu-latest
permissions:
issues: write
pull-requests: write
contents: write
actions: write
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: 3.11.2
- name: Run pre-commit
uses: pre-commit/[email protected]
code-ql:
name: Run CodeQL
needs: pre-commit
runs-on: ubuntu-latest
permissions:
security-events: write
actions: read
contents: read
strategy:
fail-fast: true
matrix:
language: ['none'] # Default to none, will be updated based on changes
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 2
- name: Detect file changes
id: changes
uses: dorny/paths-filter@v2
with:
filters: |
python:
- '**/*.py'
- 'requirements.txt'
- 'poetry.lock'
- 'pyproject.toml'
javascript:
- '**/*.js'
- '**/*.jsx'
- '**/*.ts'
- '**/*.tsx'
- 'package.json'
- 'yarn.lock'
- name: Set languages matrix
id: set-matrix
run: |
languages=()
if [[ "${{ steps.changes.outputs.python }}" == 'true' ]]; then
languages+=("python")
fi
if [[ "${{ steps.changes.outputs.javascript }}" == 'true' ]]; then
languages+=("javascript")
fi
if [ ${#languages[@]} -eq 0 ]; then
echo "No relevant file changes detected, skipping CodeQL"
exit 0
fi
echo "languages=${languages[@]}" >> $GITHUB_OUTPUT
- uses: github/codeql-action/init@v2
if: steps.set-matrix.outputs.languages
with:
languages: ${{ steps.set-matrix.outputs.languages }}
- uses: github/codeql-action/autobuild@v2
if: steps.set-matrix.outputs.languages
- uses: github/codeql-action/analyze@v2
if: steps.set-matrix.outputs.languages
test:
name: Run Tests
needs: code-ql
runs-on: ubuntu-latest
permissions:
issues: write
pull-requests: write
contents: write
actions: write
steps:
- uses: actions/checkout@v2
- uses: actions/setup-python@v4
with:
python-version: 3.11.2
- run: pip install poetry
- run: poetry install
- run: poetry run python manage.py collectstatic --noinput
- name: Run tests
run: poetry run xvfb-run --auto-servernum python manage.py test -v 3 --failfast