Skip to content
This repository has been archived by the owner on Oct 18, 2023. It is now read-only.

Commit

Permalink
snyk
Browse files Browse the repository at this point in the history
  • Loading branch information
vggonzal authored and vggonzal committed Aug 6, 2023
1 parent 316acf5 commit 6de8d99
Showing 1 changed file with 67 additions and 27 deletions.
94 changes: 67 additions & 27 deletions .github/workflows/build.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,17 +53,74 @@ jobs:
run: |
echo "current_version=$(poetry version | awk '{print $2}')" >> $GITHUB_OUTPUT
echo "pyproject_name=$(poetry version | awk '{print $1}')" >> $GITHUB_ENV
# Checkout
- name: Checkout project to build and deploy
uses: actions/checkout@v2

## Read the json file into the environment variables
- name: JSON to variables
uses: rgarcia-phi/[email protected]
- name: Bump pre-alpha version
# If triggered by push to a feature branch
if: |
startsWith(github.ref, 'refs/heads/feature') ||
startsWith(github.ref, 'refs/heads/issue') ||
startsWith(github.ref, 'refs/heads/dependabot')
run: |
new_ver="${{ steps.get-version.outputs.current_version }}+$(git rev-parse --short ${GITHUB_SHA})"
poetry version $new_ver
echo "software_version=$(poetry version | awk '{print $2}')" >> $GITHUB_ENV
- name: Bump alpha version
# If triggered by push to the develop branch
if: ${{ github.ref == 'refs/heads/develop' }}
run: |
poetry version prerelease
echo "software_version=$(poetry version | awk '{print $2}')" >> $GITHUB_ENV
echo "venue=sit" >> $GITHUB_ENV
- name: Bump rc version
# If triggered by push to a release branch
if: ${{ startsWith(github.ref, 'refs/heads/release/') }}
env:
# True if the version already has a 'rc' pre-release identifier
BUMP_RC: ${{ contains(steps.get-version.outputs.current_version, 'rc') }}
run: |
if [ "$BUMP_RC" = true ]; then
poetry version prerelease
else
poetry version ${GITHUB_REF#refs/heads/release/}-rc.1
fi
echo "software_version=$(poetry version | awk '{print $2}')" >> $GITHUB_ENV
echo "venue=uat" >> $GITHUB_ENV
- name: Release version
# If triggered by push to the main branch
if: ${{ startsWith(github.ref, 'refs/heads/main') }}
env:
CURRENT_VERSION: ${{ steps.get-version.outputs.current_version }}
# Remove -rc.* from end of version string
# The ${string%%substring} syntax below deletes the longest match of $substring from back of $string.
run: |
poetry version ${CURRENT_VERSION%%-rc.*}
echo "software_version=$(poetry version | awk '{print $2}')" >> $GITHUB_ENV
echo "venue=ops" >> $GITHUB_ENV
- name: Install hydrocron
run: poetry install
- name: Lint
run: |
poetry run pylint hydrocron
poetry run flake8 hydrocron
- name: Run Snyk as a blocking step
uses: snyk/actions/python-3.9@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
filename: 'package.json'
prefix: project
command: test
args: >
--org=${{ secrets.SNYK_ORG_ID }}
--project-name=${{ github.repository }}
--severity-threshold=high
--fail-on=all
- name: Run Snyk on Python
uses: snyk/actions/python-3.9@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
command: monitor
args: >
--org=${{ secrets.SNYK_ORG_ID }}
--project-name=${{ github.repository }}
## Set environment variables
- name: Configure Initial YAML file and environment variables
Expand Down Expand Up @@ -125,23 +182,6 @@ jobs:
- name: Setup local DynamoDB
run: docker run -d -p 8000:8000 amazon/dynamodb-local

- name: Run Snyk as a blocking step
uses: snyk/actions/node@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
command: test
args: --org=${{ secrets.SNYK_ORG_ID }} --project-name=${{ github.repository }} --severity-threshold=high --fail-on=all


- name: Run Snyk on Node
uses: snyk/actions/node@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
command: monitor
args: --org=${{ secrets.SNYK_ORG_ID }} --project-name=${{ github.repository }}

- name: Load sample
run: python3 tests/example_load_data.py

Expand Down

0 comments on commit 6de8d99

Please sign in to comment.