Code Checks #104

Workflow file for this run

.github/workflows/code-checks.yml at 114a9be

	name: "Code Checks"

	on:
	push:
	branches: [main]
	pull_request:
	types: [opened, synchronize]
	schedule:
	- cron: "0 0 * * *"

	permissions:
	contents: read
	packages: read

	jobs:
	check-code-quality:
	name: Check Code Quality
	runs-on: ubuntu-latest
	permissions:
	statuses: write
	steps:
	- name: Checkout Repository
	uses: actions/checkout@v4.2.2
	with:
	fetch-depth: 0
	persist-credentials: false
	# Lint and Format everything but Python
	- name: Lint Code Base
	uses: super-linter/super-linter/slim@v7.2.1
	env:
	VALIDATE_ALL_CODEBASE: true
	DEFAULT_BRANCH: main
	GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
	LINTER_RULES_PATH: .github/super-linter-configurations
	YAML_ERROR_ON_WARNING: true
	VALIDATE_PYTHON_BLACK: false
	VALIDATE_PYTHON_FLAKE8: false
	VALIDATE_PYTHON_ISORT: false
	VALIDATE_PYTHON_MYPY: false
	VALIDATE_PYTHON_PYLINT: false
	VALIDATE_PYTHON_RUFF: false
	VALIDATE_PYTHON_PYINK: false

	run-python-code-checks:
	name: Run Python Code Checks
	runs-on: ubuntu-latest
	permissions:
	security-events: write
	steps:
	- name: Checkout Repository
	uses: actions/checkout@v4.2.2
	with:
	fetch-depth: 0
	persist-credentials: false
	- name: Setup Python Dependencies
	uses: ./.github/actions/setup-python-dependencies
	- name: Check Python Code Quality (Ruff)
	run: just ruff-lint
	env:
	RUFF_OUTPUT_FORMAT: "sarif"
	RUFF_OUTPUT_FILE: "ruff-results.sarif"
	continue-on-error: true
	- name: Upload analysis results to GitHub
	uses: github/codeql-action/upload-sarif@v3.28.1
	with:
	sarif_file: ruff-results.sarif
	wait-for-processing: true
	- name: Validates Pyproject
	run: just pyproject-check
	- name: Check Python Code Format (Ruff)
	run: just ruff-format
	env:
	RUFF_OUTPUT_FORMAT: "github"
	- name: Check Python Code Quality (Ruff)
	run: just ruff-lint
	env:
	RUFF_OUTPUT_FORMAT: "github"
	- name: Check Python Code for Dead Code (Vulture)
	run: just vulture

	unit-test:
	name: Run Unit Tests
	runs-on: ubuntu-latest
	steps:
	- name: Checkout Repository
	uses: actions/checkout@v4.2.2
	with:
	fetch-depth: 0
	persist-credentials: false
	- name: Setup Dependencies
	uses: ./.github/actions/setup-python-dependencies
	- name: Run Unit Tests
	run: just unit-test
	- name: Override Coverage Source Path for SonarCloud
	run: sed -i "s/<source>\/home\/runner\/work\/screenshot_mailinator_email\/screenshot_mailinator_email<\/source>/<source>\/github\/workspace<\/source>/g" /home/runner/work/screenshot_mailinator_email/screenshot_mailinator_email/coverage.xml
	- name: SonarCloud Scan
	uses: SonarSource/sonarqube-scan-action@v4.2.1
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

	check-markdown-links:
	name: Check Markdown links
	runs-on: ubuntu-latest
	steps:
	- name: Checkout Repository
	uses: actions/checkout@v4.2.2
	with:
	fetch-depth: 0
	persist-credentials: false
	- name: Check Markdown links
	uses: UmbrellaDocs/action-linkspector@v1.2.5
	with:
	github_token: ${{ secrets.GH_TOKEN }}
	config_file: .github/other-configurations/.linkspector.yml
	reporter: github-pr-review
	fail_on_error: true
	filter_mode: nofilter

	check-justfile-format:
	name: Check Justfile Format
	runs-on: ubuntu-latest
	steps:
	- name: Checkout Repository
	uses: actions/checkout@v4.2.2
	with:
	fetch-depth: 0
	persist-credentials: false
	- name: Set up Just
	uses: extractions/setup-just@v2
	- name: Check Justfile Format
	run: just format-check

	run-codeql-analysis:
	name: CodeQL Analysis
	runs-on: ubuntu-latest
	permissions:
	statuses: write
	security-events: write
	strategy:
	matrix:
	language: [python, actions]
	steps:
	- name: Checkout Repository
	uses: actions/checkout@v4.2.2
	with:
	fetch-depth: 0
	persist-credentials: false
	- name: Initialize CodeQL
	uses: github/codeql-action/init@v3.28.1
	with:
	languages: ${{ matrix.language }}
	queries: security-and-quality
	- name: Perform CodeQL Analysis
	uses: github/codeql-action/analyze@v3.28.1

	run-code-limit:
	name: Run CodeLimit
	runs-on: ubuntu-latest
	permissions:
	contents: write
	pull-requests: write
	steps:
	- name: Checkout Repository
	uses: actions/checkout@v4.2.2
	with:
	fetch-depth: 0
	persist-credentials: false
	- name: "Run Code Limit"
	uses: getcodelimit/codelimit-action@v1

	run-zizmor:
	name: Check GitHub Actions with zizmor
	runs-on: ubuntu-latest
	permissions:
	security-events: write
	steps:
	- name: Checkout Repository
	uses: actions/checkout@v4.2.2
	with:
	fetch-depth: 0
	persist-credentials: false
	- name: Setup Dependencies
	uses: ./.github/actions/setup-python-dependencies
	- name: Run zizmor 🌈
	run: poetry run zizmor --format sarif . > results.sarif
	env:
	GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	- name: Upload SARIF file
	uses: github/codeql-action/upload-sarif@v3.28.1
	with:
	sarif_file: results.sarif
	category: zizmor

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Code Checks #104

Workflow file

Code Checks #104

Jobs

Run details

Workflow file for this run