This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Python CI/CD | ||
|
Check failure on line 1 in .github/workflows/python-ci.yml
|
||
| on: | ||
| push: | ||
| branches: | ||
| - master | ||
| - main | ||
| - lab03 | ||
| paths: | ||
| - 'Lab-1/app_python/**' | ||
| - '.github/workflows/python-ci.yml' | ||
| pull_request: | ||
| branches: | ||
| - master | ||
| - main | ||
| paths: | ||
| - 'Lab-1/app_python/**' | ||
| - '.github/workflows/python-ci.yml' | ||
| concurrency: | ||
| group: python-ci-${{ github.ref }} | ||
| cancel-in-progress: true | ||
| permissions: | ||
| contents: read | ||
| jobs: | ||
| quality: | ||
| name: Lint and tests (Python ${{ matrix.python-version }}) | ||
| runs-on: ubuntu-latest | ||
| strategy: | ||
| fail-fast: true | ||
| matrix: | ||
| python-version: ['3.11', '3.12'] | ||
| defaults: | ||
| run: | ||
| working-directory: Lab-1/app_python | ||
| steps: | ||
| - name: Checkout source | ||
| uses: actions/checkout@v4 | ||
| - name: Set up Python ${{ matrix.python-version }} | ||
| uses: actions/setup-python@v5 | ||
| with: | ||
| python-version: ${{ matrix.python-version }} | ||
| cache: pip | ||
| cache-dependency-path: | | ||
| Lab-1/app_python/requirements.txt | ||
| Lab-1/app_python/requirements-dev.txt | ||
| - name: Install dependencies | ||
| run: pip install -r requirements.txt -r requirements-dev.txt | ||
| - name: Lint with Ruff | ||
| run: ruff check . | ||
| - name: Run tests with coverage | ||
| run: pytest --cov=. --cov-report=term-missing --cov-fail-under=70 | ||
| security: | ||
| name: Snyk dependency scan | ||
| runs-on: ubuntu-latest | ||
| needs: quality | ||
| steps: | ||
| - name: Checkout source | ||
| uses: actions/checkout@v4 | ||
| - name: Set up Python 3.12 | ||
| uses: actions/setup-python@v5 | ||
| with: | ||
| python-version: '3.12' | ||
| - name: Install dependencies | ||
| working-directory: Lab-1/app_python | ||
| run: pip install -r requirements.txt | ||
| - name: Run Snyk scan | ||
| if: ${{ secrets.SNYK_TOKEN != '' }} | ||
| uses: snyk/actions/python@master | ||
| continue-on-error: true | ||
| env: | ||
| SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | ||
| with: | ||
| command: test | ||
| args: --file=Lab-1/app_python/requirements.txt --severity-threshold=high | ||
| - name: Snyk token is missing | ||
| if: ${{ secrets.SNYK_TOKEN == '' }} | ||
| run: echo "SNYK_TOKEN is not configured. Security scan skipped." | ||
| docker: | ||
| name: Build and push Docker image | ||
| runs-on: ubuntu-latest | ||
| needs: | ||
| - quality | ||
| - security | ||
| if: github.event_name == 'push' && (github.ref == 'refs/heads/master' || github.ref == 'refs/heads/main') | ||
| steps: | ||
| - name: Checkout source | ||
| uses: actions/checkout@v4 | ||
| - name: Set up Docker Buildx | ||
| uses: docker/setup-buildx-action@v3 | ||
| - name: Log in to Docker Hub | ||
| uses: docker/login-action@v3 | ||
| with: | ||
| username: ${{ secrets.DOCKERHUB_USERNAME }} | ||
| password: ${{ secrets.DOCKERHUB_TOKEN }} | ||
| - name: Generate CalVer tags | ||
| run: | | ||
| echo "CALVER=$(date -u +'%Y.%m.%d').${GITHUB_RUN_NUMBER}" >> "$GITHUB_ENV" | ||
| echo "CALVER_MONTH=$(date -u +'%Y.%m')" >> "$GITHUB_ENV" | ||
| - name: Build and push image | ||
| uses: docker/build-push-action@v6 | ||
| with: | ||
| context: ./Lab-1/app_python | ||
| file: ./Lab-1/app_python/Dockerfile | ||
| push: true | ||
| tags: | | ||
| ${{ secrets.DOCKERHUB_USERNAME }}/devops-lab2:${{ env.CALVER }} | ||
| ${{ secrets.DOCKERHUB_USERNAME }}/devops-lab2:${{ env.CALVER_MONTH }} | ||
| ${{ secrets.DOCKERHUB_USERNAME }}/devops-lab2:latest | ||
| cache-from: type=gha | ||
| cache-to: type=gha,mode=max | ||
