Integration Testing #17
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow pulls the published seCureLI packages from Pypi & Homebrew & executes them against a test repo | |
| # For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-python | |
| name: Integration Testing | |
| on: | |
| workflow_call: | |
| workflow_dispatch: | |
| jobs: | |
| test-windows: | |
| runs-on: windows-latest | |
| steps: | |
| - name: setup python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.10' | |
| - name: Install seCureLI | |
| # Note that this is a powershell script | |
| run: | | |
| pip3 --version #any pip havers? | |
| pip3 install secureli | |
| git clone https://github.com/pypa/pip pip | |
| cd pip | |
| Get-ChildItem | |
| secureli init --yes | |
| # - name: seCureLI Scan | |
| # run: | | |
| # cd pip | |
| # Get-ChildItem | |
| # (secureli scan --mode all-files --yes) -or $true | |
| test-homebrew-osx: | |
| runs-on: macos-latest | |
| steps: | |
| - name: Test with Homebrew | |
| run: /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" | |
| - name: Prep for python 3.11.3 install # Removes python 3.11.3 to avoid conflict with homebrew python | |
| run: | | |
| rm -rf '/usr/local/bin/2to3' | |
| rm -rf '/usr/local/bin/2to3-3.11' | |
| rm -rf '/usr/local/bin/idle3' | |
| rm -rf '/usr/local/bin/idle3.11' | |
| rm -rf '/usr/local/bin/pydoc3' | |
| rm -rf '/usr/local/bin/pydoc3.11' | |
| rm -rf '/usr/local/bin/python3' | |
| rm -rf '/usr/local/bin/python3-config' | |
| rm -rf '/usr/local/bin/python3.11' | |
| rm -rf '/usr/local/bin/python3.11-config' | |
| - name: Set up seCureLI | |
| run: | | |
| brew tap slalombuild/secureli | |
| HOMEBREW_NO_AUTO_UPDATE=1 HOMEBREW_NO_INSTALL_CLEANUP=1 HOMEBREW_NO_INSTALLED_DEPENDENTS_CHECK=1 brew install secureli | |
| - name: Checkout test repo | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: pypa/pip | |
| path: pip | |
| - name: Init seCureLI | |
| run: cd pip && secureli init --yes && secureli scan | |
| test-pypi-osx: | |
| runs-on: macos-latest | |
| steps: | |
| # This step is needed to keep us on python 3.11 for now, since dependency-injector doesn't yet support python 3.12. | |
| # It can be removed once this PR is merged: https://github.com/ets-labs/python-dependency-injector/pull/765 | |
| - name: Install Python 3.11 | |
| id: setup-python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: "3.11" | |
| - name: Install seCureLI from Pypi | |
| run: | | |
| pip3 --version # Validate python/pip version | |
| pip3 install secureli | |
| - name: Scan repo with Pypi seCureLI package | |
| run: | | |
| git clone https://github.com/pypa/pip pip | |
| cd pip | |
| secureli init --yes | |
| # In the future, we should use specific exit codes to differentiate between exit reasons | |
| # For now, we can just check if the command exits with a non-zero status | |
| ! secureli scan --mode all-files --yes |