Skip to content

Merge pull request #241 from bancolombia/feature/risk_features #1221

Merge pull request #241 from bancolombia/feature/risk_features

Merge pull request #241 from bancolombia/feature/risk_features #1221

Workflow file for this run

name: Build
on:
push:
branches:
- trunk
- feature/*
paths-ignore:
- 'ide_extension/**'
- '.github/workflows/intellij-build.yml'
- '.github/workflows/intellij-release.yml'
- '.github/workflows/intellij-updater.yml'
pull_request:
branches:
- trunk
paths-ignore:
- 'ide_extension/**'
- '.github/workflows/intellij-build.yml'
- '.github/workflows/intellij-release.yml'
- '.github/workflows/intellij-updater.yml'
jobs:
build:
if: ${{ !contains(github.event.head_commit.message, '[skip ci]') }}
runs-on: ubuntu-latest
environment: release
permissions:
id-token: write
pull-requests: write
issues: write
steps:
- uses: actions/checkout@v4
- name: Verify Conventional Commits
uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017 # v5.5.3
if: github.event_name == 'pull_request' || github.event_name == 'pull_request_target'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.12"
- name: Install dependencies
run: |
python -m pip install --upgrade pip
python -m pip install virtualenv
sudo apt-get update
sudo apt-get install openssh-client -y
- name: Run Unit Test
run: |
cd tools/
python -m virtualenv _venv
source _venv/bin/activate
python -m pip install --upgrade pip
python -m pip install -r requirements_test.txt
python -m pip install -r requirements.txt
python -m pytest -x --cov=devsecops_engine_tools --cov-config=.coveragerc
python -m coverage report -m
python -m coverage xml
- name: Run analysis on SonarQube
uses: SonarSource/sonarqube-scan-action@v2
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
with:
projectBaseDir: tools
args: >
-Dsonar.organization=grupo-bancolombia
-Dsonar.projectKey=bancolombia_devsecops-engine-tools
-Dsonar.python.coverage.reportPaths=coverage.xml
-Dsonar.language=py
-Dsonar.verbose=true
-Dsonar.exclusions=**test_integrations_defect_dojo.py**,**/test/**,**/example/**,**setup.py**,**hello_world**,**Dockerfile**,**/coverage/**
-Dsonar.coverage.exclusions=**test_integrations_defect_dojo.py**,**/test/**,**/example/**,**setup.py**,**hello_world**,**Dockerfile/**,**/coverage/**
- name: Build
if: contains(github.event.head_commit.message, 'deploy dev')
run: |
cd tools/
source _venv/bin/activate
python -m pip install setuptools virtualenv wheel
python setup.py sdist bdist_wheel
- name: Publish a Python distribution to PyPI Test
if: contains(github.event.head_commit.message, 'deploy dev')
uses: pypa/gh-action-pypi-publish@release/v1
with:
packages-dir: tools/dist/
repository-url: https://test.pypi.org/legacy/
releaseDraft:
name: Release draft
if: github.event_name != 'pull_request' && github.ref == 'refs/heads/trunk'
needs: build
runs-on: ubuntu-latest
permissions:
contents: write
steps:
# Generate a token of Github APP only for the truk branch
- name: Generate a token of Github APP
id: generate_token
uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
with:
app_id: ${{ secrets.APP_ID_ADMIN_GITHUB }}
private_key: ${{ secrets.APP_PRIVATE_KEY_ADMIN_GITHUB }}
# Check out the current repository
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
token: ${{ steps.generate_token.outputs.token }}
- name: Set up NodeJS
uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
with:
node-version: "lts/*"
- name: Set up Semantic Release
run: npm -g install @semantic-release/git [email protected]
- name: Semantic Release
run: npx [email protected]
env:
GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}