feat: LoTL publication tools and workflows (previous onboarding registration CD and trusted list CD) #205
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI/CD Pipeline | |
| # Skip when commit message contains [skip ci], [ci skip], [no ci], [skip actions], or [actions skip] | |
| # (GitHub natively skips workflows for push/pull_request when these are in the commit message) | |
| # Skip duplicate runs: on push to a branch with an open PR, skip (pull_request will run) | |
| on: | |
| push: | |
| branches: [ main, develop ] | |
| paths: | |
| - '**/*.py' | |
| - 'requirements*.txt' | |
| - 'pyproject.toml' | |
| pull_request: | |
| branches: [ main, develop ] | |
| paths: | |
| - '**/*.py' | |
| - 'requirements*.txt' | |
| - 'pyproject.toml' | |
| jobs: | |
| should-run: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| run: ${{ steps.check.outputs.run }} | |
| steps: | |
| - id: check | |
| run: | | |
| if [ "${{ github.event_name }}" = "pull_request" ]; then | |
| echo "run=true" >> $GITHUB_OUTPUT | |
| else | |
| count=$(gh pr list --head "${{ github.ref_name }}" --state open --json number --jq 'length' 2>/dev/null || echo "0") | |
| [ "$count" -gt 0 ] && echo "run=false" >> $GITHUB_OUTPUT || echo "run=true" >> $GITHUB_OUTPUT | |
| fi | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| test: | |
| needs: should-run | |
| if: needs.should-run.outputs.run == 'true' | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| python-version: ["3.10", "3.11", "3.12"] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python ${{ matrix.python-version }} | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -r requirements-dev.txt | |
| - name: Lint with flake8 | |
| run: | | |
| flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics | |
| flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics | |
| # - name: Test with pytest | |
| # run: | | |
| # pytest tests/ --cov=src --cov-report=xml --cov-report=html | |
| security: | |
| needs: should-run | |
| if: needs.should-run.outputs.run == 'true' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.11' | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -r requirements-dev.txt | |
| - name: Run security scan with bandit | |
| run: | | |
| bandit -r src/ -f json -o bandit-report.json | |
| - name: Run dependency check with safety | |
| run: | | |
| safety check --output screen | |
| # build: | |
| # runs-on: ubuntu-latest | |
| # needs: [test, security] | |
| # steps: | |
| # - uses: actions/checkout@v4 | |
| # - name: Set up Python | |
| # uses: actions/setup-python@v4 | |
| # with: | |
| # python-version: '3.11' | |
| # - name: Install dependencies | |
| # run: | | |
| # python -m pip install --upgrade pip | |
| # pip install -r requirements-dev.txt | |
| # - name: Build package | |
| # run: | | |
| # python -m build | |
| # - name: Upload build artifacts | |
| # uses: actions/upload-artifact@v4 | |
| # with: | |
| # name: dist | |
| # path: dist/ | |
| # deploy: | |
| # runs-on: ubuntu-latest | |
| # needs: [build] | |
| # if: github.ref == 'refs/heads/main' | |
| # steps: | |
| # - uses: actions/checkout@v4 | |
| # - name: Download build artifacts | |
| # uses: actions/download-artifact@v4 | |
| # with: | |
| # name: dist | |
| # path: dist/ | |
| # - name: Deploy to staging | |
| # run: | | |
| # echo "Deploying to staging environment" | |
| # # Add deployment commands here | |
| # - name: Run smoke tests | |
| # run: | | |
| # echo "Running smoke tests" | |
| # # Add smoke test commands here |