SecObserve/.github/workflows/check_backend.yml at f5f6ae42742f99f07dd496c263d79bb4e7260866 · stackabletech/SecObserve · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
name: Check backend

on: [push, pull_request]

permissions: read-all


env:
  POETRY_NO_INTERACTION: 1

jobs:
  code_quality:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
      - name: Set up Python
        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
        with:
          python-version: 3.12

      - name: Install dependencies
        working-directory: ./backend
        run: |
          python -m pip install --upgrade -r poetry_requirements.txt
          python -m pip install --upgrade import-linter
          python -m poetry install --extras "code_quality dev" --no-root

      - name: Flake8
        working-directory: ./backend
        run: |
          poetry run flake8 . --count --show-source --statistics

      - name: Black
        working-directory: ./backend
        run: |
          poetry run black . --check

      - name: isort
        working-directory: ./backend
        run: |
          poetry run isort . -c

      - name: MyPy
        working-directory: ./backend
        run: |
          ./bin/run_mypy.sh

      - name: PyLint
        working-directory: ./backend
        run: |
          ./bin/run_pylint.sh

      - name: Import linter
        working-directory: ./backend
        run: |
          lint-imports --no-cache

  unittests:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
      - name: Unittests
        run: |
          docker build -f docker/backend/unittests/django/Dockerfile -t secobserve_backend_unittests:latest .
          docker run --rm \
            --volume ./backend:/home \
            --env-file docker/backend/unittests/envs/django \
            --env-file docker/backend/unittests/envs/sqlite \
            secobserve_backend_unittests:latest
      - name: "Upload coverage report"
        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
        with:
          name: coverage-report
          path: backend/coverage.xml
          retention-days: 1

  check_code_sonarqube_backend:
    if: github.repository == 'MaibornWolff/SecObserve'
    needs: [unittests]
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
        with:
          fetch-depth: 0
      - name: Download a single artifact
        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
        with:
          name: coverage-report
      - name: Run SonarQube scan for backend
        uses: SonarSource/sonarqube-scan-action@8c71dc039c2dd71d3821e89a2b58ecc7fee6ced9 # v5.3.0
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
        with:
          projectBaseDir: backend