From 7c1e792be8303d4f0b8f34a5c53bc128d64697e5 Mon Sep 17 00:00:00 2001 From: Adrian Montagu <168636369+AdrianMontaguSmartDCSIT@users.noreply.github.com> Date: Thu, 16 May 2024 13:55:13 +0100 Subject: [PATCH] #7 - Updated GitHub action workflows (#8) --- .github/workflows/PythonLinting.yml | 62 +++++++++++++++++++++++++++ .github/workflows/SAST.yml | 21 +++++++++ .github/workflows/SecretDetection.yml | 21 +++++++++ .github/workflows/test_workflow.yml | 6 +-- 4 files changed, 107 insertions(+), 3 deletions(-) create mode 100644 .github/workflows/PythonLinting.yml create mode 100644 .github/workflows/SAST.yml create mode 100644 .github/workflows/SecretDetection.yml diff --git a/.github/workflows/PythonLinting.yml b/.github/workflows/PythonLinting.yml new file mode 100644 index 0000000..7ebdab2 --- /dev/null +++ b/.github/workflows/PythonLinting.yml @@ -0,0 +1,62 @@ +name: run-tests +on: [workflow_call] +jobs: + run-tests: + runs-on: ubuntu-latest + steps: + - name: Setup Actions + uses: actions/checkout@v4 + + - name: Setup Python + uses: actions/setup-python@v5 + with: + python-version: '3.11' + + - name: Install Python Dependencies + run: | + pip install --upgrade pip + + pip install flake8 + flake8 --version + pip install pylint + pylint --version + pip install mypy + mypy --version + + pip install -r requirements.txt + + - name: Flake8 + if: '!cancelled()' + run: | + PY_FILES=$(git ls-files '*.py') + + if [ -z "$PY_FILES" ] + then + echo "No files to check!" + else + flake8 $PY_FILES + fi + + - name: Pylint + if: '!cancelled()' + run: | + PY_FILES=$(git ls-files '*.py') + + if [ -z "$PY_FILES" ] + then + echo "No files to check!" + else + pylint $PY_FILES + fi + + - name: MyPy + if: '!cancelled()' + run: | + PY_FILES=$(git ls-files '*.py') + + if [ -z "$PY_FILES" ] + then + echo "No files to check!" + else + mypy --strict --explicit-package-bases --namespace-packages . + fi diff --git a/.github/workflows/SAST.yml b/.github/workflows/SAST.yml new file mode 100644 index 0000000..ee170d4 --- /dev/null +++ b/.github/workflows/SAST.yml @@ -0,0 +1,21 @@ +name: run-tests +on: [workflow_call] +jobs: + run-tests: + runs-on: ubuntu-latest + steps: + - name: Setup Actions + uses: actions/checkout@v4 + + - name: Setup Python + uses: actions/setup-python@v5 + with: + python-version: '3.11' + + - name: Install Python Dependencies + run: | + pip install semgrep + semgrep --version + + - name: Run Tests + run: semgrep scan --error --config auto diff --git a/.github/workflows/SecretDetection.yml b/.github/workflows/SecretDetection.yml new file mode 100644 index 0000000..e9c686b --- /dev/null +++ b/.github/workflows/SecretDetection.yml @@ -0,0 +1,21 @@ +name: run-secret-detection +on: [workflow_call] +jobs: + run-tests: + runs-on: ubuntu-latest + steps: + - name: Setup Actions + uses: actions/checkout@v4 + + - name: Setup Python + uses: actions/setup-python@v5 + with: + python-version: '3.11' + + - name: Install Python Dependencies + run: | + pip install detect-secrets + + - name: Run Tests + run: | + git ls-files -z | xargs -0 detect-secrets-hook --baseline .secrets.baseline diff --git a/.github/workflows/test_workflow.yml b/.github/workflows/test_workflow.yml index bcba2d1..4bfa50f 100644 --- a/.github/workflows/test_workflow.yml +++ b/.github/workflows/test_workflow.yml @@ -7,11 +7,11 @@ on: '**' jobs: sast: - uses: SmartDCSITlimited/actions-store/.github/workflows/SAST.yml@main + uses: ./.github/workflows/SAST.yml secret-detection: - uses: SmartDCSITlimited/actions-store/.github/workflows/SecretDetection.yml@main + uses: ./.github/workflows/SecretDetection.yml python-linting: - uses: SmartDCSITlimited/actions-store/.github/workflows/PythonLinting.yml@main + uses: ./.github/workflows/PythonLinting.yml run-tests: runs-on: ubuntu-latest