feat: some CI checks

elixir-cloud-aai · May 16, 2024 · 444d3b3 · 444d3b3
1 parent 166012e
commit 444d3b3
Show file tree

Hide file tree

Showing 7 changed files with 651 additions and 58 deletions.
diff --git a/.github/workflows/code_quality.yaml b/.github/workflows/code_quality.yaml
@@ -57,6 +57,30 @@ jobs:
       - name: Check code style
         run: poetry run ruff format --check
 
+  type-check:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v4
+
+      - name: Install poetry
+        run: pipx install poetry
+
+      - name: Set up python
+        id: cq
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+          cache: 'poetry'
+
+      # Install only type check dependency
+      - name: Install dependencies
+        if: steps.cq.outputs.cache-hit != 'true'
+        run: poetry install --only=lint --no-root
+
+      - name: Check types
+        run: poetry run mypy tesk/
+
   spell-check:
     runs-on: ubuntu-latest
     steps:
@@ -80,8 +104,3 @@ jobs:
 
       - name: Spell Check
         run: poetry run typos
-
-  # TODO: Add more code quality checks using bandit
-  # code-security:
-  # TODO: Add more dependency security checks using safety
-  # dependency-security:
diff --git a/.github/workflows/code_test.yaml b/.github/workflows/code_test.yaml
@@ -25,25 +25,29 @@ jobs:
       # Set up python versions with matrix to test on multiple versions
       - name: Set up Python ${{ matrix.python-version }}
         uses: actions/setup-python@v5
-        id: ctut-${{ matrix.python-version}}
+        id: ct-${{ matrix.python-version}}
         with:
           python-version: ${{ matrix.python-version }}
           cache: 'poetry'
 
       # Install all test dependencies
       - name: Install dependencies
-        if: steps.ctut-${{ matrix.python-version }}.outputs.cache-hit != 'true'
+        if: steps.ct-${{ matrix.python-version }}.outputs.cache-hit != 'true'
         run: poetry install --only=test --no-interaction --no-root
 
+      - name: Run ATS
+        uses: codecov/codecov-ats@v0
+        env:
+          CODECOV_STATIC_TOKEN: ${{ secrets.CODECOV_STATIC_TOKEN }}
+          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
+
       - name: Run tests
-        run: poetry run pytest tests/test_unit
-
-      # # TODO: Add `pytest-cov`` or `coverage`` and generate coverage reports to upload to codecov
-      # - name: Upload coverage reports to Codecov
-      #   uses: codecov/codecov-action@v4
-      #   with:
-      #     fail_ci_if_error: true
-      #     files:
-      #     flags: test_unit
-      #     token: ${{ secrets.CODECOV_TOKEN }}
-      #     verbose: true
+        run: poetry run pytest --cov app ${{ env.CODECOV_ATS_TESTS }}
+
+      - name: Upload coverage to Codecov
+        uses: codecov/codecov-action@v4
+        with:
+          flags: smart-tests
+          verbose: true
+        env:
+          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
diff --git a/.github/workflows/type_check.yaml b/.github/workflows/type_check.yaml
diff --git a/.github/workflows/vulnerability_test.yaml b/.github/workflows/vulnerability_test.yaml
@@ -0,0 +1,58 @@
+name: Vulnerability Test
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  code-vulnerabilities:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v4
+
+      - name: Install poetry
+        run: pipx install poetry
+
+      - name: Set up python
+        id: vt
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+          cache: 'poetry'
+
+      # Install only type check dependency
+      - name: Install dependencies
+        if: steps.vt.outputs.cache-hit != 'true'
+        run: poetry install --only=security --no-root
+
+      - name: Check types
+        run: poetry run bandit -r .
+
+  dependency-vulnerabilities:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v4
+
+      - name: Install poetry
+        run: pipx install poetry
+
+      - name: Set up python
+        id: vt
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+          cache: 'poetry'
+
+      # Install only type check dependency
+      - name: Install dependencies
+        if: steps.vt.outputs.cache-hit != 'true'
+        run: poetry install --only=security --no-root
+
+      - name: Check types
+        run: poetry run safety check --full-report