diff options
| author | Alex Schofield <git@ajschof.me> | 2024-08-15 12:09:27 +0100 |
|---|---|---|
| committer | Alex Schofield <git@ajschof.me> | 2024-08-15 12:09:27 +0100 |
| commit | 5fecc3060f0565af004368cd0856df848ca0127a (patch) | |
| tree | 460244c38f29129bc6f9d8cf293096bc62eb88db /.github | |
| parent | 6f12e84d30a798ce80c90ee29aebd7fa45501eba (diff) | |
| download | de-project-bentley-5fecc3060f0565af004368cd0856df848ca0127a.tar.gz de-project-bentley-5fecc3060f0565af004368cd0856df848ca0127a.zip | |
ci(commit-qc-checks): add initial qc checks for commits using ga"
it will:
- lint python scripts
- check python script formatting
- check python script security
- check formatting for tf scripts
- validate tf configuration
Diffstat (limited to '.github')
| -rw-r--r-- | .github/workflows/on-commit.yml | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/.github/workflows/on-commit.yml b/.github/workflows/on-commit.yml new file mode 100644 index 0000000..e429651 --- /dev/null +++ b/.github/workflows/on-commit.yml @@ -0,0 +1,60 @@ +name: commit-qc-checks + +on: + push: + branches-ignore: + - 'main' + +jobs: + check-if-py-files-exist: + runs-on: ubuntu-latest + outputs: + py_files_exist: ${{ steps.check.outputs.py_files_exist }} + steps: + - uses: actions/checkout@v2 + - id: check_files + run: | + if [ -n "$(find . -name '*.py')" ]; then + echo "::set-output name=py_files_exist::true" + else + echo "::set-output name=py_files_exist::false" + fi + + quality-checks: + needs: check-if-py-files-exist + if: ${{ needs.check-if-py-files-exist.outputs.py_files_exist == 'true' }} + runs-on: ubuntu-latest + steps: + - uses : actions/checkout@v2 + - name : 'Python: Setup' + uses : actions/setup-python@v2 + with: + python-version: 3.11 + - name : 'Python: Install Dependencies' + run: | + python -m pip install --upgrade pip + pip install flake8 pylint black bandit safety + - name : 'Python: Linting' + run: | + flake8 . + find . -name "*.py" | xargs pylint + - name : 'Python: Formatting' + run: | + black --check . + - name: 'Python: Security' + run: | + bandit -r . + safety check + - name: 'Terraform: Setup' + uses: hashicorp/setup-terraform@v3 + with: + terraform_version: latest + - name: 'Terraform: Formatting' + working-directory: ./terraform + run: terraform fmt -check -recursive + - name: 'Terraform: Initialise' + working-directory: ./terraform + run: terraform init -backend=false + - name: 'Terraform: Validate' + working-directory: ./terraform + run: terraform validate |