Skip to content

Commit

Permalink
fix: add ci
Browse files Browse the repository at this point in the history
  • Loading branch information
ryanfaircloth committed Nov 14, 2021
1 parent 41a211b commit 2888f42
Show file tree
Hide file tree
Showing 11 changed files with 485 additions and 0 deletions.
45 changes: 45 additions & 0 deletions .github/workflows/agreements.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
name: "CLA Assistant"
on:
issue_comment:
types: [created]
pull_request_target:
types: [opened, closed, synchronize]

jobs:
ContributorLicenseAgreement:
runs-on: ubuntu-latest
steps:
- name: "CLA Assistant"
if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target'
uses: cla-assistant/[email protected]
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PERSONAL_ACCESS_TOKEN: ${{ secrets.PAT_CLATOOL }}
with:
path-to-signatures: "signatures/version1/cla.json"
path-to-document: "https://github.com/splunk/cla-agreement/blob/main/CLA.md" # e.g. a CLA or a DCO document
branch: "main"
allowlist: dependabot[bot]
remote-organization-name: splunk
remote-repository-name: cla-agreement
CodeOfConduct:
runs-on: ubuntu-latest
steps:
- name: "COC Assistant"
if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the Code of Conduct and I hereby accept the Terms') || github.event_name == 'pull_request_target'
uses: cla-assistant/[email protected]
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PERSONAL_ACCESS_TOKEN: ${{ secrets.PAT_CLATOOL }}
with:
path-to-signatures: "signatures/version1/coc.json"
path-to-document: "https://github.com/splunk/cla-agreement/blob/main/CODE_OF_CONDUCT.md" # e.g. a COC or a DCO document
branch: "main"
allowlist: dependabot[bot]
remote-organization-name: splunk
remote-repository-name: cla-agreement
custom-pr-sign-comment: "I have read the Code of Conduct and I hereby accept the Terms"
create-file-commit-message: "For example: Creating file for storing COC Signatures"
signed-commit-message: "$contributorName has signed the COC in #$pullRequestNo"
custom-notsigned-prcomment: "All contributors have NOT signed the COC Document"
custom-allsigned-prcomment: "****CLA Assistant Lite bot**** All contributors have signed the COC ✍️ ✅"
159 changes: 159 additions & 0 deletions .github/workflows/build-test-release.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,159 @@
name: CI

on:
push:
branches:
- "main"
- "develop"
tags:
- "v[0-9]+.[0-9]+.[0-9]+"
pull_request:
branches: [main, develop]

jobs:
pre-commit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-python@v2
with:
python-version: "3.7"
- name: Install actionlint
run: |
bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/v1.6.3/scripts/download-actionlint.bash)
- uses: pre-commit/[email protected]

review_secrets:
name: security-detect-secrets
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
with:
submodules: false
fetch-depth: "0"
- name: Trufflehog Actions Scan
uses: edplato/[email protected]
with:
scanArguments: "--max_depth 30 -x .github/workflows/exclude-patterns.txt"

semgrep:
runs-on: ubuntu-latest
name: security-sast-semgrep
steps:
- uses: actions/checkout@v2
- name: Semgrep
id: semgrep
uses: returntocorp/semgrep-action@v1
with:
publishToken: ${{ secrets.SEMGREP_APP_TOKEN }}

build:
name: build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Setup python
uses: actions/setup-python@v2
with:
python-version: 3.7
- name: Run image
uses: abatilo/[email protected]
with:
poetry-version: "1.1.11"
- name: Build
run: |
poetry install
poetry build
- uses: actions/[email protected]
with:
name: dist
path: dist
- uses: actions/[email protected]
with:
name: output
path: output

run-unit-tests:
name: test-unit
strategy:
matrix:
os: [ubuntu-latest, macos-latest]
python: ["3.7", "3.8", "3.9"]
poetry-version: ["1.1.11"]
fail-fast: false
runs-on: ${{ matrix.os }}
needs:
- build
steps:
- uses: actions/checkout@v2
- name: Setup python
uses: actions/setup-python@v2
with:
python-version: ${{ matrix.python }}
- name: Run image
uses: abatilo/[email protected]
with:
poetry-version: ${{ matrix.poetry-version }}
- name: run tests
run: |
poetry install
poetry run pytest --junitxml=test-results/results.xml --cov=./ --cov-report=xml tests
- uses: actions/[email protected]
with:
name: unit tests test-results
path: test-results
- uses: codecov/codecov-action@v2
with:
token: ${{ secrets.CODECOV_TOKEN }}
flags: ${{ matrix.os }}, ${{ matrix.poetry-version }}
fail_ci_if_error: true # optional (default = false)
publish:
name: Build Release
needs:
#- pre-commit
- review_secrets
- semgrep
- build
#- run-unit-tests
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
submodules: false
# Very important: semantic-release won't trigger a tagged
# build if this is not set false
persist-credentials: false
- name: Setup python
uses: actions/setup-python@v2
with:
python-version: "3.7"
- name: Run image
uses: abatilo/[email protected]
with:
poetry-version: "1.1.11"
- name: Build
run: |
poetry install
poetry build
- name: Semantic Release
uses: cycjimmy/[email protected]
with:
semantic_version: 17
extra_plugins: |
@semantic-release/exec
@semantic-release/git
@google/semantic-release-replace-plugin
env:
GITHUB_TOKEN: ${{ secrets.SEMREL_TOKEN }}
PYPI_USERNAME: ${{ secrets.PYPI_USERNAME }}
PYPI_TOKEN: ${{ secrets.PYPI_TOKEN }}

update-semver:
name: Move Respository semver tags
if: startsWith(github.ref, 'refs/tags/v')
needs: publish
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: haya14busa/action-update-semver@v1
70 changes: 70 additions & 0 deletions .github/workflows/codeql-analysis.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,70 @@
# For most projects, this workflow file will not need changing; you simply need
# to commit it to your repository.
#
# You may wish to alter this file to override the set of languages analyzed,
# or to provide custom queries or build logic.
#
# ******** NOTE ********
# We have attempted to detect the languages in your repository. Please check
# the `language` matrix defined below to confirm you have the correct set of
# supported CodeQL languages.
#
name: "CodeQL"

on:
push:
branches: [ main ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ main ]
schedule:
- cron: '38 15 * * 4'

jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write

strategy:
fail-fast: false
matrix:
language: [ 'python' ]
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
# Learn more about CodeQL language support at https://git.io/codeql-language-support

steps:
- name: Checkout repository
uses: actions/checkout@v2

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v1
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.
# queries: ./path/to/local/query, your-org/your-repo/queries@main

# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v1

# ℹ️ Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl

# ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
# and modify them (or add more) to build your code if your project
# uses a compiled language

#- run: |
# make bootstrap
# make release

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v1
4 changes: 4 additions & 0 deletions .github/workflows/exclude-patterns.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
.github/workflows/
deps/.*
.*\.lock
tests/
20 changes: 20 additions & 0 deletions .github/workflows/release-notes.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
name: Release-Notes-Preview

on:
pull_request:
issue_comment:
types: [edited]

jobs:
preview:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- run: |
git fetch --prune --unshallow --tags
- uses: snyk/[email protected]
with:
releaseBranch: main
env:
GITHUB_PR_USERNAME: ${{ github.actor }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
6 changes: 6 additions & 0 deletions .github/workflows/sr-prepare.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
#!/usr/bin/env bash

set -eE
set -v
# shellcheck disable=SC1091,SC2086
poetry build
6 changes: 6 additions & 0 deletions .github/workflows/sr-release.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
!/usr/bin/env bash

set -eE
set -v
echo pypy user=${PYPI_USERNAME}
poetry publish -n -u ${PYPI_USERNAME} -p ${PYPI_TOKEN}
28 changes: 28 additions & 0 deletions .gitignore copy
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
# Python stuff
*.pyc
__pycache__

# vim swapfiles
*.sw?

# python packaging
MANIFEST
dist/
build/
*.egg-info/

# PyCharm stuff
.idea/

# Sphinx template
docs/source/.templates/layout.html

# Eclipse stuff
.project
.pydevproject

# Virtual envs
venv*

.coverage
.tox/
30 changes: 30 additions & 0 deletions .licenserc.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
#
# Copyright 2021 Splunk Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
header:
license:
spdx-id: BSD-2-Clause
copyright-owner: Splunk Inc.

paths-ignore:
- ".github/"
- "README.md"
- "LICENSE"
- "*.lock"
- "tests/**"
- ".*"
- "examples/data"

comment: on-failure
Loading

0 comments on commit 2888f42

Please sign in to comment.