Skip to content

Commit

Permalink
ci: Sync .github directory from develop (#2655)
Browse files Browse the repository at this point in the history
  • Loading branch information
@nikitabelonogov
nikitabelonogov authored Jul 13, 2022
1 parent 5c3ef79 commit 8c657fc
Show file tree
Hide file tree
Showing 15 changed files with 1,193 additions and 169 deletions.
32 changes: 32 additions & 0 deletions .github/autolabeler.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
template: "Mandatory field" #https://github.com/release-drafter/release-drafter/blob/master/bin/generate-schema.js#L15
autolabeler:
- label: 'breaking'
body:
- '/BREAKING CHANGE/i'
- label: 'fix'
title:
- '/^fix:/'
- label: 'feat'
title:
- '/^feat:/'
- label: 'docs'
title:
- '/^docs:/'
- label: 'chore'
title:
- '/^chore:/'
- label: 'ci'
title:
- '/^ci:/'
- label: 'perf'
title:
- '/^perf:/'
- label: 'refactor'
title:
- '/^refactor:/'
- label: 'style'
title:
- '/^style:/'
- label: 'test'
title:
- '/^test:/'
28 changes: 28 additions & 0 deletions .github/pr-title-checker-config.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
{
"LABEL": {
"name": "title needs formatting",
"color": "EEEEEE"
},
"CHECKS": {
"prefixes": [
"fix: ",
"feat: ",
"docs: ",
"chore: ",
"ci: ",
"perf: ",
"refactor: ",
"style: ",
"test: "
],
"ignoreLabels": [
"skip-changelog",
"skip-ci"
]
},
"MESSAGES": {
"success": "PR title is valid",
"failure": "PR title is invalid",
"notice": "Valid prefixes are: fix, feat, docs, chore, ci, perf, refactor, style, test."
}
}
57 changes: 57 additions & 0 deletions .github/workflows/bandit.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
name: "Bandit"

on:
workflow_call:
inputs:
head_sha:
required: true
type: string
repo:
required: true
type: string
default: heartexlabs/label-studio

env:
BANDIT_VERSION: 1.7.4
PROJECT_PATH: 'label_studio/'
REPORT_PATH: 'bandit_results/bandit_security_report.txt'
ACTIONS_STEP_DEBUG: '${{ secrets.ACTIONS_STEP_DEBUG }}'

jobs:
bandit:
name: "Bandit"
timeout-minutes: 2
runs-on: ubuntu-latest
steps:
- uses: hmarr/[email protected]

- name: Checkout
uses: actions/checkout@v3
with:
repository: ${{ inputs.repo }}
ref: ${{ inputs.head_sha }}

- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: '3.7'

- name: Install Bandit
run: |
pip install bandit==$BANDIT_VERSION
- name: Run Bandit
run: |
mkdir -p bandit_results
touch ${{ env.REPORT_PATH }}
bandit -r $PROJECT_PATH -o ${{ env.REPORT_PATH }} -f 'txt' -ll
- name: Print scan results
if: always()
run: cat ${{ env.REPORT_PATH }}

- uses: actions/upload-artifact@v3
if: always()
with:
name: Security check results
path: ${{ env.REPORT_PATH }}
21 changes: 21 additions & 0 deletions .github/workflows/cancel_cicd_pipeline.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
name: "Cancel PR CI/CD pipeline"

on:
pull_request_target:
types:
- closed
- converted_to_draft
- locked
branches:
- develop

concurrency:
group: CI/CD Pipeline-${{ github.event.pull_request.number || github.event.pull_request.head.ref || github.ref_name }}
cancel-in-progress: true

jobs:
cancel:
runs-on: ubuntu-latest
steps:
- uses: hmarr/[email protected]
- run: echo CI/CD Pipeline-${{ github.event.pull_request.number || github.event.pull_request.head.ref || github.ref_name }}
152 changes: 152 additions & 0 deletions .github/workflows/cicd_pipeline.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,152 @@
name: "CI/CD Pipeline"

on:
push:
branches:
- develop
- 'ls-release/**'
paths:
- deploy/**
- label_studio/**
- setup.py
- .github/workflows/cicd_pipeline.yml
- .github/workflows/pr-labeler.yml
- .github/workflows/submodules-validator.yml
- .github/workflows/gitleaks.yml
- .github/workflows/bandit.yml
- .github/workflows/docker-build.yml
- .github/workflows/tests.yml
pull_request_target:
types:
- opened
- synchronize
- reopened
- ready_for_review
branches:
- develop
- 'ls-release/**'

concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.event.pull_request.head.ref || github.ref }}
cancel-in-progress: true

jobs:
changed_files:
name: "Changed files"
runs-on: ubuntu-latest
outputs:
src: ${{ steps.changes.outputs.src }}
frontend: ${{ steps.changes.outputs.frontend }}
docker: ${{ steps.changes.outputs.docker }}
commit-message: ${{ steps.commit-details.outputs.message }}
timeout-minutes: 5
steps:
- uses: hmarr/[email protected]

- name: Checkout
if: github.event_name == 'push'
uses: actions/checkout@v3
with:
ref: ${{ github.ref }}

- uses: dorny/paths-filter@v2
id: changes
with:
filters: |
src:
- 'label_studio/!(frontend)/**'
- 'deploy/requirements**'
- 'setup.py'
frontend:
- 'label_studio/frontend/**'
docker:
- 'label_studio/**'
- 'deploy/**'
- 'Dockerfile**'
- 'setup.py'
- '.github/workflows/cicd_pipeline.yml'
- '.github/workflows/docker-build.yml'
- uses: actions/github-script@v6
id: commit-details
with:
github-token: ${{ secrets.GIT_PAT }}
script: |
const { repo, owner } = context.repo;
const { data: commit } = await github.rest.repos.getCommit({
owner,
repo,
ref: '${{ github.event.pull_request.head.sha || github.event.after }}'
});
core.setOutput("message", commit.commit.message);
pr_labeler:
name: "Validate"
if: github.event_name == 'pull_request_target'
uses: heartexlabs/label-studio/.github/workflows/pr-labeler.yml@develop
secrets: inherit

validate_submodules:
name: "Validate"
uses: heartexlabs/label-studio/.github/workflows/submodules-validator.yml@develop
with:
repo: ${{ github.event.pull_request.head.repo.full_name || github.event.repo.name || github.repository }}
head_sha: ${{ github.event.pull_request.head.sha || github.event.after }}
base_sha: ${{ github.event.pull_request.base.sha || github.event.before }}
target_branch: ${{ github.event.pull_request.base.ref || github.event.ref }}
secrets: inherit

gitleaks:
name: "Linter"
if: github.event_name == 'pull_request_target'
uses: heartexlabs/label-studio/.github/workflows/gitleaks.yml@develop
with:
repo: ${{ github.event.pull_request.head.repo.full_name || github.event.repo.name || github.repository }}
head_sha: ${{ github.event.pull_request.head.sha || github.event.after }}
base_sha: ${{ github.event.pull_request.base.sha || github.event.before }}
secrets: inherit

bandit:
name: "Linter"
needs:
- changed_files
if: needs.changed_files.outputs.src == 'true'
uses: heartexlabs/label-studio/.github/workflows/bandit.yml@develop
with:
repo: ${{ github.event.pull_request.head.repo.full_name || github.event.repo.name || github.repository }}
head_sha: ${{ github.event.pull_request.head.sha || github.event.after }}
secrets: inherit

frontend-build:
name: "Build"
needs:
- changed_files
if: |
github.event_name == 'pull_request_target' &&
needs.changed_files.outputs.frontend == 'true' &&
needs.changed_files.outputs.commit-message != 'Build frontend'
uses: heartexlabs/label-studio/.github/workflows/frontend-build.yml@develop
with:
ref: ${{ github.event.pull_request.head.ref || github.ref }}
secrets: inherit

build:
name: "Build"
needs:
- changed_files
if: github.event_name == 'push' && github.ref == 'refs/heads/develop' && needs.changed_files.outputs.docker == 'true'
uses: heartexlabs/label-studio/.github/workflows/docker-build.yml@develop
with:
ref: ${{ github.event.pull_request.head.ref || github.ref }}
secrets: inherit

pytest:
name: "Tests"
needs:
- changed_files
if: needs.changed_files.outputs.src == 'true'
uses: heartexlabs/label-studio/.github/workflows/tests.yml@develop
with:
repo: ${{ github.event.pull_request.head.repo.full_name || github.event.repo.name || github.repository }}
ref: ${{ github.event.pull_request.head.ref || github.ref }}
secrets: inherit
Loading

0 comments on commit 8c657fc

Please sign in to comment.