Add more controls in pre-commit, partly security #2803
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Test Suite | |
on: | |
pull_request: | |
branches: | |
- master | |
push: | |
branches: | |
- master | |
# Explicitly grant the `secrets.GITHUB_TOKEN` no permissions. | |
permissions: {} | |
jobs: | |
linter: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-python@v3 | |
with: | |
python-version: "3.10" | |
- uses: pre-commit/[email protected] | |
with: | |
extra_args: --all-files --show-diff-on-failure | |
unit-and-integration-tests: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
# https://stackoverflow.com/a/64592785 | |
- name: neo4j 4 instance setup | |
run: | | |
docker run --detach \ | |
--name neo4j-4 \ | |
--env NEO4J_AUTH=none \ | |
--publish 7474:7474 \ | |
--publish 7473:7473 \ | |
--publish 7687:7687 \ | |
neo4j:4.4-community | |
- uses: actions/setup-python@v2 | |
with: | |
python-version: "3.10" | |
# Cache our pip dir for efficiency; see https://medium.com/ai2-blog/python-caching-in-github-actions-e9452698e98d. | |
- uses: actions/cache@v2 | |
with: | |
path: ~/.cache/pip | |
key: ${{ hashFiles('setup.py') }}-${{ hashFiles('test-requirements.txt') }} | |
- name: Install cartography | |
run: | | |
pip install -e . | |
pip install -r test-requirements.txt | |
- name: Wait for neo4j 4 to be ready | |
timeout-minutes: 1 | |
run: (docker logs -f neo4j-4 & ) | grep -q Started | |
- name: make test_unit | |
run: make test_unit | |
- name: make test_integration | |
run: make test_integration | |
unit-and-integration-tests-neo4j5: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
# https://stackoverflow.com/a/64592785 | |
- name: neo4j 5 setup | |
run: | | |
docker run --detach \ | |
--name neo4j-5 \ | |
--env NEO4J_AUTH=none \ | |
--publish 7474:7474 \ | |
--publish 7473:7473 \ | |
--publish 7687:7687 \ | |
neo4j:5 | |
- uses: actions/setup-python@v2 | |
with: | |
python-version: "3.10" | |
# Cache our pip dir for efficiency; see https://medium.com/ai2-blog/python-caching-in-github-actions-e9452698e98d. | |
- uses: actions/cache@v2 | |
with: | |
path: ~/.cache/pip | |
key: ${{ hashFiles('setup.py') }}-${{ hashFiles('test-requirements.txt') }} | |
- name: Install cartography | |
run: | | |
pip install -e . | |
pip install -r test-requirements.txt | |
- name: Wait for neo4j 5 to be ready | |
timeout-minutes: 1 | |
run: (docker logs -f neo4j-5 & ) | grep -q Started | |
- name: make test_unit | |
run: make test_unit | |
- name: make test_integration | |
run: make test_integration | |
build-dist-docker-image: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Extract metadata (tags, labels) for Docker | |
id: meta | |
uses: docker/metadata-action@v4 | |
with: | |
images: ghcr.io/${{ github.repository }} | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
- name: Build | |
uses: docker/build-push-action@v3 | |
with: | |
file: dist.Dockerfile | |
push: false # only build the image, don't push it anywhere | |
context: . | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} |