Skip to content

Commit

Permalink
Removing the black autocommit action and doing some general housekeep…
Browse files Browse the repository at this point in the history 
…ing on the other GH actions
  • Loading branch information
@ialarmedalien
ialarmedalien committed May 17, 2024
1 parent 9a0be4b commit 096c289
Show file tree
Hide file tree
Showing 7 changed files with 204 additions and 235 deletions.
20 changes: 0 additions & 20 deletions .github/workflows/black.yaml
View file

This file was deleted.

64 changes: 32 additions & 32 deletions .github/workflows/codacy.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,41 +9,41 @@
name: Codacy Security Scan

on:
workflow_call:
workflow_call:

permissions:
contents: read
contents: read

jobs:
codacy-security-scan:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
name: Codacy Security Scan
runs-on: ubuntu-latest
steps:
# Checkout the repository to the GitHub Actions runner
- name: Checkout code
uses: actions/checkout@v3
codacy-security-scan:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
name: Codacy Security Scan
runs-on: ubuntu-latest
steps:
# Checkout the repository to the GitHub Actions runner
- name: Checkout code
uses: actions/checkout@v4

# Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis
- name: Run Codacy Analysis CLI
uses: codacy/codacy-analysis-cli-action@5cc54a75f9ad88159bb54046196d920e40e367a5
with:
# Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository
# You can also omit the token and run the tools that support default configurations
project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
verbose: true
output: results.sarif
format: sarif
# Adjust severity of non-security issues
gh-code-scanning-compat: true
# Force 0 exit code to allow SARIF file generation
# This will handover control about PR rejection to the GitHub side
max-allowed-issues: 2147483647
# Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis
- name: Run Codacy Analysis CLI
uses: codacy/codacy-analysis-cli-action@5cc54a75f9ad88159bb54046196d920e40e367a5
with:
# Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository
# You can also omit the token and run the tools that support default configurations
project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
verbose: true
output: results.sarif
format: sarif
# Adjust severity of non-security issues
gh-code-scanning-compat: true
# Force 0 exit code to allow SARIF file generation
# This will handover control about PR rejection to the GitHub side
max-allowed-issues: 2147483647

# Upload the SARIF file generated in the previous step
- name: Upload SARIF results file
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: results.sarif
# Upload the SARIF file generated in the previous step
- name: Upload SARIF results file
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: results.sarif
60 changes: 30 additions & 30 deletions .github/workflows/codeql.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,40 +1,40 @@
name: "CodeQL"

on:
workflow_call:
workflow_call:

jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:

Check notice

Code scanning / Checkov (reported by Codacy)

Ensure top-level permissions are not set to write-all Note

Ensure top-level permissions are not set to write-all
actions: read
contents: read
security-events: write

strategy:
fail-fast: false
matrix:
language: [ 'python' ]
# python-version: ["3.9", "3.10"]
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
# Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
strategy:
fail-fast: false
matrix:
language: ["python"]
python-version: ["3.10", "3.11", "3.12"]
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
# Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support

steps:
- name: Checkout repository
uses: actions/checkout@v3
steps:
- name: Checkout repository
uses: actions/checkout@v4

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.

# Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
# queries: security-extended,security-and-quality
# Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
# queries: security-extended,security-and-quality

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
24 changes: 12 additions & 12 deletions .github/workflows/on_branch_merge.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,20 +1,20 @@
name: Merge to main / develop

on:
push:
branches:
- main
- develop
push:
branches:
- main
- develop

jobs:
run_unit_tests:
uses: ./.github/workflows/run_tests.yaml
run_unit_tests:
uses: ./.github/workflows/run_tests.yaml

run_code_ql:
uses: ./.github/workflows/codeql.yaml
run_code_ql:
uses: ./.github/workflows/codeql.yaml

run_codacy:
uses: ./.github/workflows/codacy.yaml
run_codacy:
uses: ./.github/workflows/codacy.yaml

run_trivy:
uses: ./.github/workflows/trivy.yaml
run_trivy:
uses: ./.github/workflows/trivy.yaml
32 changes: 14 additions & 18 deletions .github/workflows/on_pr.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,26 +1,22 @@
name: Standard PR workflow

on:
pull_request:
types:
- opened
- reopened
- synchronize
- ready_for_review
pull_request:
types:
- opened
- reopened
- synchronize
- ready_for_review

jobs:
format_files:
uses: ./.github/workflows/black.yaml
run_unit_tests:
uses: ./.github/workflows/run_tests.yaml

run_unit_tests:
uses: ./.github/workflows/run_tests.yaml
needs: format_files
run_code_ql:
uses: ./.github/workflows/codeql.yaml

run_code_ql:
uses: ./.github/workflows/codeql.yaml
run_codacy:
uses: ./.github/workflows/codacy.yaml

run_codacy:
uses: ./.github/workflows/codacy.yaml

run_trivy:
uses: ./.github/workflows/trivy.yaml
run_trivy:
uses: ./.github/workflows/trivy.yaml
Loading

0 comments on commit 096c289

Please sign in to comment.