Skip to content
Python CI/CD Pipeline

ci: update snyk package #2

Sign in to view logs

ci: update snyk package

ci: update snyk package #2

Workflow file for this run

.github/workflows/python-ci.yml at 7020b05
name: Python CI/CD Pipeline
on:
push:
branches: [ master, lab03 ]
paths:
- 'app_python/**'
- '.github/workflows/python-ci.yml'
pull_request:
branches: [ master ]
paths:
- 'app_python/**'
env:
REGISTRY: docker.io
IMAGE_NAME: ${{ github.repository_owner }}/devops-info-service
PYTHON_VERSION: '3.13'
jobs:
code-quality-and-testing:
name: Code Quality & Testing
runs-on: ubuntu-latest
defaults:
run:
working-directory: app_python
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Python ${{ env.PYTHON_VERSION }}
uses: actions/setup-python@v5
with:
python-version: ${{ env.PYTHON_VERSION }}
cache: 'pip'
cache-dependency-path: 'app_python/requirements.txt'
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements.txt
pip install flake8 black pytest pytest-cov snyk-python
- name: Lint with flake8
run: |
echo "Running flake8 linting..."
flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics
- name: Check code formatting with black
run: |
echo "Checking code formatting with black..."
black --check --diff .
- name: Run unit tests with pytest
run: |
echo "Running unit tests with pytest..."
pytest --cov=app --cov-report=term-missing -v
- name: Security scan with Snyk
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
run: |
echo "Running Snyk security scan..."
snyk test --severity-threshold=high --file=requirements.txt || echo "Snyk scan completed (warnings only)"
docker-build-and-push:
name: Docker Build & Push
runs-on: ubuntu-latest
needs: code-quality-and-testing
if: github.event_name == 'push' && github.ref == 'refs/heads/master'
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Generate version tags
id: vars
run: |
echo "DATE_TAG=$(date +'%Y.%m.%d')" >> $GITHUB_OUTPUT
echo "SHORT_SHA=${GITHUB_SHA:0:7}" >> $GITHUB_OUTPUT
COMMIT_COUNT=$(git rev-list --count --since="$(date +'%Y-%m-%d 00:00:00')" HEAD 2>/dev/null || echo "0")
echo "CALVER_TAG=$(date +'%Y.%m').$COMMIT_COUNT" >> $GITHUB_OUTPUT
- name: Build and push Docker image
uses: docker/build-push-action@v5
with:
context: ./app_python
push: true
tags: |
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.vars.outputs.DATE_TAG }}
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.vars.outputs.CALVER_TAG }}
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.vars.outputs.DATE_TAG }}-${{ steps.vars.outputs.SHORT_SHA }}
labels: |
org.opencontainers.image.title=DevOps Info Service
org.opencontainers.image.description=DevOps course info service
org.opencontainers.image.version=${{ steps.vars.outputs.CALVER_TAG }}
org.opencontainers.image.created=${{ steps.vars.outputs.DATE_TAG }}
org.opencontainers.image.revision=${{ github.sha }}
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Verify pushed images
run: |
echo "Docker images pushed with tags:"
echo "- latest"
echo "- ${{ steps.vars.outputs.DATE_TAG }}"
echo "- ${{ steps.vars.outputs.CALVER_TAG }}"
echo "- ${{ steps.vars.outputs.DATE_TAG }}-${{ steps.vars.outputs.SHORT_SHA }}"