jared
2c4e8fcfda
Lint / Python (flake8) (push) Failing after 20s
Lint / JS (eslint) (push) Successful in 7s
Security / Python Security (bandit) (push) Failing after 22s
Test / Python Tests (pytest) (push) Successful in 30s
Lint / Notify on failure (push) Successful in 2s
Lint / Deploy (push) Has been skipped
- lint.yml: add notify-failure Matrix alert job; add Tag deployed commit step to deploy job with deploy-YYYY.MM.DD-N tagging via Gitea API - test.yml: add pytest-cov for coverage reporting - .coveragerc: omit tests and site-packages from coverage Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
87 lines
2.7 KiB
YAML
87 lines
2.7 KiB
YAML
name: Lint
|
|
|
|
on:
|
|
push:
|
|
branches: ["**"]
|
|
pull_request:
|
|
branches: ["**"]
|
|
|
|
jobs:
|
|
python-lint:
|
|
name: Python (flake8)
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
|
|
- name: Install Python and flake8
|
|
run: |
|
|
apt-get update -qq
|
|
apt-get install -y -qq python3 python3-pip
|
|
pip3 install flake8
|
|
|
|
- name: Run flake8
|
|
run: flake8 . --exclude=__pycache__,.git
|
|
|
|
js-lint:
|
|
name: JS (eslint)
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
|
|
- name: Install ESLint
|
|
run: npm install --save-dev eslint@8
|
|
|
|
- name: Run ESLint
|
|
run: npx eslint --ext .js static/
|
|
|
|
notify-failure:
|
|
name: Notify on failure
|
|
runs-on: ubuntu-latest
|
|
needs: [python-lint, js-lint]
|
|
if: failure() && github.event_name == 'push'
|
|
steps:
|
|
- name: Send Matrix alert
|
|
env:
|
|
MATRIX_WEBHOOK_URL: ${{ secrets.MATRIX_WEBHOOK_URL }}
|
|
REPO: ${{ github.repository }}
|
|
BRANCH: ${{ github.ref_name }}
|
|
RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
|
|
run: |
|
|
if [ -z "$MATRIX_WEBHOOK_URL" ] || [ "$MATRIX_WEBHOOK_URL" = "CONFIGURE_ME" ]; then exit 0; fi
|
|
curl -sf -X POST "$MATRIX_WEBHOOK_URL" \
|
|
-H "Content-Type: application/json" \
|
|
-d "{\"text\":\"CI FAILED: ${REPO} @ ${BRANCH} — ${RUN_URL}\"}"
|
|
|
|
deploy:
|
|
name: Deploy
|
|
runs-on: ubuntu-latest
|
|
needs: [python-lint, js-lint]
|
|
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
|
|
permissions:
|
|
contents: write
|
|
steps:
|
|
- name: Trigger webhook
|
|
env:
|
|
WEBHOOK_SECRET: ${{ secrets.WEBHOOK_SECRET }}
|
|
GIT_REF: ${{ github.ref }}
|
|
run: |
|
|
PAYLOAD="{\"ref\":\"${GIT_REF}\"}"
|
|
SIG=$(echo -n "$PAYLOAD" | openssl dgst -sha256 -hmac "$WEBHOOK_SECRET" | awk '{print $2}')
|
|
curl -sf --connect-timeout 10 \
|
|
-X POST \
|
|
-H "Content-Type: application/json" \
|
|
-H "X-Gitea-Signature: ${SIG}" \
|
|
-d "$PAYLOAD" \
|
|
"http://10.10.10.61:9000/hooks/gandalf-deploy"
|
|
|
|
- name: Tag deployed commit
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
run: |
|
|
TAG="deploy-$(date -u +%Y.%m.%d)-${{ github.run_number }}"
|
|
curl -sf -X POST \
|
|
-H "Authorization: token $GITHUB_TOKEN" \
|
|
-H "Content-Type: application/json" \
|
|
-d "{\"tag_name\":\"${TAG}\",\"target\":\"${{ github.sha }}\",\"message\":\"Deployed to production\"}" \
|
|
"https://code.lotusguild.org/api/v1/repos/${{ github.repository }}/tags"
|