diff --git a/.github/workflows/build-project.yml b/.github/workflows/build-project.yml index 7a4f157..af2c5ee 100644 --- a/.github/workflows/build-project.yml +++ b/.github/workflows/build-project.yml @@ -6,20 +6,5 @@ on: types: [ opened ] jobs: build-packages: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - name: Set up Python - uses: actions/setup-python@v4 - with: - # using the latest minor release of python here. - # ref: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-python - python-version: '3.x' - - name: Install Package Dependencies - run: | - python -m pip install --upgrade pip - python -m pip install --upgrade build - python -m pip install --upgrade twine - - - name: Build Package - run: python -m build \ No newline at end of file + uses: helxplatform/helx-github-actions/.github/workflows/build-project-tycho.yml@main + secrets: inherit \ No newline at end of file diff --git a/.github/workflows/code-checks.yml b/.github/workflows/code-checks.yml index f228fc9..a15a1a0 100644 --- a/.github/workflows/code-checks.yml +++ b/.github/workflows/code-checks.yml @@ -18,37 +18,5 @@ on: jobs: flake8-check: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - name: Set up Python - uses: actions/setup-python@v4 - with: - python-version: '3.x' - - - name: Lint with flake8 - run: | - pip install flake8 - flake8 --ignore=E,W --exit-zero . - # We continue on error here until the code is clean - continue-on-error: true - -############################ Bandit ################################ - bandit: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - name: Set up Python - uses: actions/setup-python@v4 - with: - python-version: '3.9' - - - name: Install Requirements - run: | - pip install --upgrade pip - pip install bandit - - # Only report high security issues - - name: Test with Bandit - run: | - bandit -r tycho/*.py -n 3 -lll \ No newline at end of file + uses: helxplatform/helx-github-actions/.github/workflows/code-checks-tycho.yml@main + secrets: inherit \ No newline at end of file diff --git a/.github/workflows/pypi-dev-upload.yml b/.github/workflows/pypi-dev-upload.yml index 16f4449..70b2f54 100644 --- a/.github/workflows/pypi-dev-upload.yml +++ b/.github/workflows/pypi-dev-upload.yml @@ -18,32 +18,5 @@ on: - .githooks jobs: build-dev-to-pypi: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - name: Set up Python - uses: actions/setup-python@v4 - with: - python-version: '3.x' - - name: Install Package Dependencies - run: | - python -m pip install --upgrade pip - python -m pip install --upgrade build - python -m pip install --upgrade twine - - # Important, this does not change the current version of __init__.py in the - # Github repo itself, only updates within container for the specific run. - - name: Edit __init__.py version for develop release - run: | - R_VERSION=$(grep VERSION ./tycho/__init__.py | awk '{ print $3 }' | tr -d '"') - date=$(date '+%Y%m%d%H%M%S') - BRANCH=$(echo ${{ github.ref_name}} | sed 's/[_-]//g') - DEV_VERSION=${R_VERSION}.dev${date} - echo VERSION=\"$DEV_VERSION\" > ./tycho/__init__.py - - - name: Build Package - run: python -m build - - name: Publish Package to PyPI - uses: pypa/gh-action-pypi-publish@release/v1 - with: - password: ${{ secrets.PYPI_API_TOKEN }} \ No newline at end of file + uses: helxplatform/helx-github-actions/.github/workflows/pypi-dev-upload.yml@main + secrets: inherit \ No newline at end of file diff --git a/.github/workflows/pypi-upload.yml b/.github/workflows/pypi-upload.yml index a669a02..895da56 100644 --- a/.github/workflows/pypi-upload.yml +++ b/.github/workflows/pypi-upload.yml @@ -18,22 +18,5 @@ on: - 'v[0-9]+.[0-9]+.*' jobs: build-deploy-to-pypi: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - name: Set up Python - uses: actions/setup-python@v4 - with: - python-version: '3.x' - - name: Install Package Dependencies - run: | - python -m pip install --upgrade pip - python -m pip install --upgrade build - python -m pip install --upgrade twine - - - name: Build Package - run: python -m build - - name: Publish Package to PyPI - uses: pypa/gh-action-pypi-publish@release/v1 - with: - password: ${{ secrets.PYPI_API_TOKEN }} + uses: helxplatform/helx-github-actions/.github/workflows/pypi-upload.yml@main + secrets: inherit \ No newline at end of file diff --git a/.github/workflows/trivy-pr-scan.yml b/.github/workflows/trivy-pr-scan.yml index 086d858..8062678 100644 --- a/.github/workflows/trivy-pr-scan.yml +++ b/.github/workflows/trivy-pr-scan.yml @@ -18,24 +18,5 @@ on: jobs: trivy-pr-scan: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - # We will not be concerned with Medium and Low vulnerabilities - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - scan-type: 'fs' - format: 'sarif' - severity: 'CRITICAL,HIGH' - output: 'trivy-results.sarif' - exit-code: '1' - # Scan results should be viewable in GitHub Security Dashboard - # We still fail the job if results are found, so below will always run - # unless manually canceled. - - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 - if: '!cancelled()' - with: - sarif_file: 'trivy-results.sarif' \ No newline at end of file + uses: helxplatform/helx-github-actions/.github/workflows/trivy-pr-scan-tycho.yml@main + secrets: inherit \ No newline at end of file