-
Notifications
You must be signed in to change notification settings - Fork 66
120 lines (102 loc) · 3.59 KB
/
code_checks.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
name: Code Checks
on: [push]
permissions:
contents: read
checks: write
jobs:
linting_and_security:
name: Linting and Security
env:
BUNDLE_ENTERPRISE__CONTRIBSYS__COM: ${{ secrets.BUNDLE_ENTERPRISE__CONTRIBSYS__COM }}
runs-on: ubuntu-16-cores-latest
steps:
- uses: actions/checkout@v4
- uses: ruby/setup-ruby@22fdc77bf4148f810455b226c90fb81b5cbc00a7
with:
bundler-cache: true
- name: Run bundle-audit (checks gems for CVE issues)
run: bundle exec bundle-audit check --update --ignore CVE-2024-27456
- name: Run Rubocop
run: bundle exec rubocop --parallel --format github
- name: Run Brakeman
run: bundle exec brakeman --ensure-latest --confidence-level=2 --format github
tests:
name: Test
env:
BUNDLE_ENTERPRISE__CONTRIBSYS__COM: ${{ secrets.BUNDLE_ENTERPRISE__CONTRIBSYS__COM }}
CI: true
RAILS_ENV: test
TERM: xterm-256color
DOCKER_BUILDKIT: 1
COMPOSE_DOCKER_CLI_BUILD: 1
runs-on: ubuntu-16-cores-latest
steps:
- uses: actions/checkout@v4
- uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USER }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
- name: Setup Environment
run: |
echo "VETS_API_USER_ID=$(id -u)" >> $GITHUB_ENV
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build Docker Image
uses: docker/build-push-action@v5
with:
build-args: |
BUNDLE_ENTERPRISE__CONTRIBSYS__COM=${{ env.BUNDLE_ENTERPRISE__CONTRIBSYS__COM }}
USER_ID=${{ env.VETS_API_USER_ID }}
context: .
push: false
load: true
tags: vets-api
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Setup Database
run: |
docker-compose -f docker-compose.test.yml run web bash \
-c "CI=true RAILS_ENV=test DISABLE_BOOTSNAP=true bundle exec parallel_test -n 13 -e 'bin/rails db:reset'"
- name: Run Specs
timeout-minutes: 20
run: |
docker-compose -f docker-compose.test.yml run web bash \
-c "CI=true DISABLE_BOOTSNAP=true bundle exec parallel_rspec spec/ modules/ -n 13 -o '--color --tty'"
- name: Upload Coverage Report
uses: actions/upload-artifact@v4
if: always()
with:
name: Coverage Report
path: coverage
- name: Upload Test Results
uses: actions/upload-artifact@v4
if: always()
with:
name: Test Results
path: log/*.xml
if-no-files-found: ignore
publish_results:
name: Publish Test Results and Coverage
if: always()
needs: [tests]
runs-on: ubuntu-16-cores-latest
steps:
- uses: actions/download-artifact@v4
- name: Publish Test Results to GitHub
uses: EnricoMi/publish-unit-test-result-action@v2
if: always()
with:
check_name: Test Results
comment_mode: off
files: Test Results/*.xml
github_token: ${{ secrets.GITHUB_TOKEN }}
- name: Fix up coverage report to work with coverage-check-action
run: sed -i 's/"line"/"covered_percent"/g' 'Coverage Report/.last_run.json'
- name: Publish Coverage Report
uses: devmasx/[email protected]
if: hashFiles('Coverage Report/.last_run.json') != ''
with:
type: simplecov
result_path: Coverage Report/.last_run.json
min_coverage: 90
token: ${{ secrets.GITHUB_TOKEN }}