diff --git a/.github/workflows/cflite_pr.yml b/.github/workflows/cflite_pr.yml index b7708387..a0f09042 100644 --- a/.github/workflows/cflite_pr.yml +++ b/.github/workflows/cflite_pr.yml @@ -4,6 +4,8 @@ on: paths: - 'scripts/convert**' - 'test/scripts/convert**' + - '.clusterfuzzlite/Dockerfile' + - '.clusterfuzzlite/build.sh' permissions: read-all jobs: PR: diff --git a/.github/workflows/push-tests-update-output.yaml b/.github/workflows/push-tests-update-output.yaml deleted file mode 100644 index 6c7c7e8a..00000000 --- a/.github/workflows/push-tests-update-output.yaml +++ /dev/null @@ -1,148 +0,0 @@ -name: Run Tests and Update output files -# Controls when the workflow will run -on: - # Triggers the workflow on push or pull request events but only for the main branch - push: - branches: - - master - - dev - paths: - - 'sources/**' - - 'scripts/convert**' - - 'resources/templates/**' - pull_request: - branches: - - master - - dev - paths: - - 'sources/**' - - 'scripts/convert**' - - 'resources/templates/**' - # Allows you to run this workflow manually from the Actions tab - workflow_dispatch: - -# A workflow run is made up of one or more jobs that can run sequentially or in parallel -permissions: - contents: read - -jobs: - runtests: - name: Run Tests - runs-on: ubuntu-latest - steps: - # Make sure we have some code to test - - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - name: Checkout repository - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - # Set the pip environment up - - name: Get Python - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 - with: - python-version: '3.10' - cache: 'pipenv' # caching pip dependencies - - name: Install dependencies - run: | - pip install -r requirements.txt --require-hashes - pipenv install --ignore-pipfile --dev - # Run the tests - - name: Run unit tests - run: pipenv run python -m unittest discover -s "tests/scripts" -p "*_utest.py" - - name: Run integration - run: pipenv run python -m unittest discover -s "tests/scripts" -p "*_itest.py" - # Test coverage reports - - name: Check test coverage - run tests - run: pipenv run coverage run -m unittest discover -s "tests/scripts" -p "*_*test.py" - - name: Check test coverage - generate xml - run: pipenv run coverage xml - - name: Check test coverage - Report - run: pipenv run coverage report --fail-under 85 scripts/convert* - # Upload Code COverage for Codeclimate - - name: Test & publish code coverage - uses: paambaati/codeclimate-action@a1831d7162ea1fbc612ffe5fb3b90278b7999d59 # v5.0.0 - env: - CC_TEST_REPORTER_ID: 7482a81acb1b6de49fa6fd2769a014bb9ae8bee408161c23d400b2ac9e95b7cf - # Check formatting of files - - name: Check formatting of files with Black - run: pipenv run black --line-length=120 --check . - - name: Check formatting of files with flake - run: pipenv run flake8 --max-line-length=120 --max-complexity=10 --ignore=E203,W503 - - name: Check formatting of files for correct spelling and namespace names - run: pipenv run mypy --namespace-packages --strict ./scripts/ - - # If Tests pass, generate new output files and commit to repo - updateoutputfiles: - # This doesn't work since the commit has to be signed. - # TODO: We need to create a bot that can update the output files and - # create a pull-request with the necessary changes - # or that commits directly to the pull-requests. - # Remove the if below if you still want to experiment with this job. - if: false - permissions: - contents: write # for Git to git push - name: Update Output Files - # The type of runner that the job will run on - runs-on: ubuntu-latest - # Steps represent a sequence of tasks that will be executed as part of the job - needs: runtests - steps: - # Make sure we have some code to diff. - - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - name: Checkout repository - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - name: Set target branch - id: find-target - env: - PR_NUMBER: ${{ github.event.number }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - sudo apt-get update && sudo apt-get install -y hub - echo "Searching for pr branch for number $PR_NUMBER" - echo "List all prs:" - hub pr list -f "%I|%H|%n" - TARGET_BRANCH_NAME=$(hub pr list -f "%I|%H|%n" | grep "$PR_NUMBER.*" | cut -d "|" -f2) - echo "TARGET_BRANCH=$TARGET_BRANCH_NAME" >> "$GITHUB_OUTPUT" - - name: Checkout target branch - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - ref: ${{ steps.find-target.outputs.TARGET_BRANCH }} - - run: git lfs fetch --all - - name: setup git config - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - git config user.name "GitHub Actions Bot" - git config user.email "github-actions@github.com" - git config --global credential.helper '!f() { sleep 1; echo "username=git token=${{ env.GITHUB_TOKEN }}"; }; f' - # Set the pip environment up - - name: Get Python - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 - with: - python-version: '3.10' - cache: 'pipenv' # caching pip dependencies - - name: Install dependencies - run: | - pip install -r requirements.txt --require-hashes - pipenv install -d - - name: Generate new output files - run: | - pipenv run python scripts/convert.py -l all -t all -s all - - name: Commit changes back into git repo - env: - TARGET_BRANCH_NAME: ${{ steps.find-target.outputs.TARGET_BRANCH }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - git remote -v || echo "Could not find any origin" - git config --global credential.helper '!f() { sleep 1; echo "username=git token=${{ env.GITHUB_TOKEN }}"; }; f' - git add scripts/** || echo "Unable to add script files" - git add output/** || echo "Unable to add output files" - git commit -v -m "skip ci, desc: Github Actions updated output files" || echo "Unable to commit" - git pull -v origin ${{ env.TARGET_BRANCH_NAME }} || echo "could not pull from remote repo" - git push -v origin ${{ env.TARGET_BRANCH_NAME }} || echo "could not push to remote repo" diff --git a/.github/workflows/run-tests-for-patches.yaml b/.github/workflows/run-tests-for-patches.yaml new file mode 100644 index 00000000..dc3e666d --- /dev/null +++ b/.github/workflows/run-tests-for-patches.yaml @@ -0,0 +1,22 @@ +name: Run Tests for patches and ci changes. +# Runs tests when updating patches or the ci pipeline +on: + # Triggers the workflow on push or pull request events but only for the main branch + pull_request: + branches: + - master + paths: + - '.github/workflows/**' + - 'Pipfile' + - 'Pipfile.lock' + - 'Dockerfile' + - 'requirements.txt' + - 'Makefile' + - 'tests/**' + # Allows you to run this workflow manually from the Actions tab + workflow_dispatch: +permissions: + contents: read +jobs: + call-run-tests: + uses: ./.github/workflows/run-tests.yaml \ No newline at end of file diff --git a/.github/workflows/run-tests-generate-output.yaml b/.github/workflows/run-tests-generate-output.yaml index b5ec1dee..aa1d56b6 100644 --- a/.github/workflows/run-tests-generate-output.yaml +++ b/.github/workflows/run-tests-generate-output.yaml @@ -9,19 +9,16 @@ on: - 'sources/**' - 'scripts/convert**' - 'resources/templates/**' - # Allows you to run this workflow manually from the Actions tab - workflow_dispatch: # A workflow run is made up of one or more jobs that can run sequentially or in parallel permissions: contents: read - jobs: - runtests: - name: Run Tests + hardening: + name: Hardening runs-on: ubuntu-latest steps: # Make sure we have some code to test - - name: Harden Runner + - name: Run harden runner uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 with: egress-policy: block @@ -41,38 +38,8 @@ jobs: d3iz1jjs17r6kg.cloudfront.net:443 keys.openpgp.org:443 api.codeclimate.com:443 - - name: Checkout repository - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - # Set the pip environment up - - name: Get Python - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 - with: - python-version: '3.10' - cache: 'pipenv' # caching pip dependencies - - name: Install dependencies - run: | - pip install -r requirements.txt --require-hashes - pipenv install --ignore-pipfile --dev - # Run the tests - - name: Run unit tests - run: pipenv run python -m unittest discover -s "tests/scripts" -p "*_utest.py" - - name: Run integration - run: pipenv run python -m unittest discover -s "tests/scripts" -p "*_itest.py" - # Test coverage reports - - name: Check test coverage - run tests - run: pipenv run coverage run -m unittest discover -s "tests/scripts" -p "*_*test.py" - - name: Check test coverage - generate xml - run: pipenv run coverage xml - - name: Check test coverage - Report - run: pipenv run coverage report --fail-under 85 scripts/convert* - # Check formatting of files - - name: Check formatting of files with Black - run: pipenv run black --line-length=120 --check . - - name: Check formatting of files with flake - run: pipenv run flake8 --max-line-length=120 --max-complexity=10 --ignore=E203,W503 - - name: Check formatting of files for correct spelling and namespace names - run: pipenv run mypy --namespace-packages --strict ./scripts/ - + runtests: + uses: ./.github/workflows/run-tests.yaml # If Tests pass, generate new output files uploadoutputfiles: name: Upload Output Files diff --git a/.github/workflows/run-tests.yaml b/.github/workflows/run-tests.yaml new file mode 100644 index 00000000..7d7d9311 --- /dev/null +++ b/.github/workflows/run-tests.yaml @@ -0,0 +1,43 @@ +on: + workflow_call: + workflow_dispatch: +permissions: + contents: read +jobs: + runtests: + name: Run Tests + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + # Set the pip environment up + - name: Get Python + uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 + with: + python-version: '3.10' + cache: 'pipenv' # caching pip dependencies + - name: Install dependencies + run: | + pip install -r requirements.txt --require-hashes + pipenv install --ignore-pipfile --dev + # Run the tests + - name: Run unit tests + run: pipenv run python -m unittest discover -s "tests/scripts" -p "*_utest.py" + - name: Run integration + run: pipenv run python -m unittest discover -s "tests/scripts" -p "*_itest.py" + # Test coverage reports + - name: Check test coverage - run tests + run: pipenv run coverage run -m unittest discover -s "tests/scripts" -p "*_*test.py" + - name: Check test coverage - generate xml + run: pipenv run coverage xml + - name: Check test coverage - Report + run: pipenv run coverage report --fail-under 85 scripts/convert* + # Check formatting of files + - name: Check formatting of files with Black + run: pipenv run black --line-length=120 --check . + - name: Check formatting of files with flake + run: pipenv run flake8 --max-line-length=120 --max-complexity=10 --ignore=E203,W503 + - name: Check formatting of files for correct spelling and namespace names + run: pipenv run mypy --namespace-packages --strict ./scripts/ + +