linked

helxplatform · Apr 16, 2024 · 172891d · 172891d
1 parent cfc2eb7
commit 172891d
Show file tree

Hide file tree

Showing 5 changed files with 10 additions and 120 deletions.
diff --git a/.github/workflows/build-project.yml b/.github/workflows/build-project.yml
@@ -6,20 +6,5 @@ on:
     types: [ opened ]
 jobs:
   build-packages:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - name: Set up Python
-        uses: actions/setup-python@v4
-        with:
-          # using the latest minor release of python here.
-          # ref: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-python
-          python-version: '3.x'
-      - name: Install Package Dependencies
-        run: |
-          python -m pip install --upgrade pip
-          python -m pip install --upgrade build
-          python -m pip install --upgrade twine
-
-      - name: Build Package
-        run: python -m build
+    uses: helxplatform/helx-github-actions/.github/workflows/build-project-tycho.yml@main
+    secrets: inherit
diff --git a/.github/workflows/code-checks.yml b/.github/workflows/code-checks.yml
@@ -18,37 +18,5 @@ on:
 
 jobs:
   flake8-check:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v3
-    - name: Set up Python
-      uses: actions/setup-python@v4
-      with:
-        python-version: '3.x'
-
-    - name: Lint with flake8
-      run: |
-        pip install flake8
-        flake8 --ignore=E,W --exit-zero . 
-      # We continue on error here until the code is clean
-      continue-on-error: true
-
-############################ Bandit ################################
-  bandit:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v3
-    - name: Set up Python
-      uses: actions/setup-python@v4
-      with:
-        python-version: '3.9'
-
-    - name: Install Requirements
-      run: |
-        pip install --upgrade pip
-        pip install bandit
-
-    # Only report high security issues
-    - name: Test with Bandit
-      run: |
-        bandit -r tycho/*.py -n 3 -lll
+    uses: helxplatform/helx-github-actions/.github/workflows/code-checks-tycho.yml@main
+    secrets: inherit
diff --git a/.github/workflows/pypi-dev-upload.yml b/.github/workflows/pypi-dev-upload.yml
@@ -18,32 +18,5 @@ on:
       - .githooks
 jobs:
   build-dev-to-pypi:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - name: Set up Python
-        uses: actions/setup-python@v4
-        with:
-          python-version: '3.x'
-      - name: Install Package Dependencies
-        run: |
-          python -m pip install --upgrade pip
-          python -m pip install --upgrade build
-          python -m pip install --upgrade twine
-
-        # Important, this does not change the current version of __init__.py in the 
-        # Github repo itself, only updates within container for the specific run. 
-      - name: Edit __init__.py version for develop release
-        run: |
-          R_VERSION=$(grep VERSION ./tycho/__init__.py | awk '{ print $3 }' | tr -d '"')
-          date=$(date '+%Y%m%d%H%M%S')
-          BRANCH=$(echo ${{ github.ref_name}} | sed 's/[_-]//g')
-          DEV_VERSION=${R_VERSION}.dev${date}
-          echo VERSION=\"$DEV_VERSION\" > ./tycho/__init__.py
-
-      - name: Build Package
-        run: python -m build
-      - name: Publish Package to PyPI
-        uses: pypa/gh-action-pypi-publish@release/v1
-        with:
-          password: ${{ secrets.PYPI_API_TOKEN }}
+    uses: helxplatform/helx-github-actions/.github/workflows/pypi-dev-upload.yml@main
+    secrets: inherit
diff --git a/.github/workflows/pypi-upload.yml b/.github/workflows/pypi-upload.yml
@@ -18,22 +18,5 @@ on:
       - 'v[0-9]+.[0-9]+.*'
 jobs:
   build-deploy-to-pypi:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - name: Set up Python
-        uses: actions/setup-python@v4
-        with:
-          python-version: '3.x'
-      - name: Install Package Dependencies
-        run: |
-          python -m pip install --upgrade pip
-          python -m pip install --upgrade build
-          python -m pip install --upgrade twine
-
-      - name: Build Package
-        run: python -m build
-      - name: Publish Package to PyPI
-        uses: pypa/gh-action-pypi-publish@release/v1
-        with:
-          password: ${{ secrets.PYPI_API_TOKEN }}
+    uses: helxplatform/helx-github-actions/.github/workflows/pypi-upload.yml@main
+    secrets: inherit
diff --git a/.github/workflows/trivy-pr-scan.yml b/.github/workflows/trivy-pr-scan.yml
@@ -18,24 +18,5 @@ on:
 
 jobs:
  trivy-pr-scan:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v3
-
-    # We will not be concerned with Medium and Low vulnerabilities
-    - name: Run Trivy vulnerability scanner
-      uses: aquasecurity/trivy-action@master
-      with:
-        scan-type: 'fs'
-        format: 'sarif'
-        severity: 'CRITICAL,HIGH'
-        output: 'trivy-results.sarif'
-        exit-code: '1'
-    # Scan results should be viewable in GitHub Security Dashboard
-    # We still fail the job if results are found, so below will always run
-    # unless manually canceled.
-    - name: Upload Trivy scan results to GitHub Security tab
-      uses: github/codeql-action/upload-sarif@v2
-      if: '!cancelled()'
-      with:
-        sarif_file: 'trivy-results.sarif'
+  uses: helxplatform/helx-github-actions/.github/workflows/trivy-pr-scan-tycho.yml@main
+  secrets: inherit