From 56517bc2a1287d9507cda3da772d8e566c4301ec Mon Sep 17 00:00:00 2001
From: Mauro Amico <mauro.amico@gmail.com>
Date: Wed, 10 Jul 2024 01:08:46 +0200
Subject: [PATCH] tests

---
 .github/workflows/bandit.yml | 24 +++++++++++++++
 .github/workflows/tests.yml  | 60 ++++++++++++++++++++++++++++++++++++
 src/.bandit                  |  3 ++
 3 files changed, 87 insertions(+)
 create mode 100644 .github/workflows/bandit.yml
 create mode 100644 .github/workflows/tests.yml
 create mode 100644 src/.bandit

diff --git a/.github/workflows/bandit.yml b/.github/workflows/bandit.yml
new file mode 100644
index 0000000..0670805
--- /dev/null
+++ b/.github/workflows/bandit.yml
@@ -0,0 +1,24 @@
+name: Security check - Bandit
+
+on: push
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Security check - Bandit
+      uses: ioggstream/bandit-report-artifacts@v1.7.4
+      with:
+        project_path: src
+        # ignore_failure: true
+
+    # This is optional
+    #- name: Security check report artifacts
+    #  uses: actions/upload-artifact@v4
+    #  with:
+    #    name: Security report
+    #    path: output/security_report.txt
+
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
new file mode 100644
index 0000000..a3469b9
--- /dev/null
+++ b/.github/workflows/tests.yml
@@ -0,0 +1,60 @@
+name: Tests
+
+on:
+  push:
+    paths-ignore:
+      - '**.md'
+      - '**.rst'
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      max-parallel: 4
+      matrix:
+        python: ["3.10", "3.11"]
+        plone: ["60"]
+    steps:
+      - uses: actions/checkout@v3
+      - name: Cache eggs
+        uses: actions/cache@v3
+        with:
+          path: eggs
+          key: ${{ runner.OS }}-build-python${{ matrix.python }}-${{ matrix.plone }}
+      - name: Set up Python ${{ matrix.python }}
+        uses: actions/setup-python@v3
+        with:
+          python-version: ${{ matrix.python }}
+      - name: Install dependencies
+        run: |
+          pip install -r requirements.txt -c constraints_plone${{ matrix.plone }}.txt
+          cp test_plone${{ matrix.plone }}.cfg buildout.cfg
+      - name: Install buildout
+        run: |
+          buildout -N code-analysis:return-status-codes=True
+      - name: Code analysis
+        run: |
+          bin/code-analysis
+      - name: Run tests
+        run: |
+          bin/test-coverage
+        env:
+          PROXY_BEARER_AUTH: on
+      #- name: Upload coverage data to coveralls.io
+      #  run: |
+      #    pip install coveralls
+      #    coveralls --service=github
+      #  env:
+      #    GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      #    COVERALLS_FLAG_NAME: py${{ matrix.python }}-plone${{ matrix.plone }}-tz${{ matrix.tz }}
+      #    COVERALLS_PARALLEL: true
+
+  #coveralls_finish:
+  #  needs: build
+  #  runs-on: ubuntu-latest
+  #  steps:
+  #  - name: Finished
+  #    run: |
+  #      pip install --upgrade coveralls
+  #      coveralls --service=github --finish
+  #    env:
+  #      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/src/.bandit b/src/.bandit
new file mode 100644
index 0000000..0a55d30
--- /dev/null
+++ b/src/.bandit
@@ -0,0 +1,3 @@
+[bandit]
+exclude = locales,tests
+skips = B410