Merge pull request #203 from robsdedude/ci/harden-security #166
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: python-sync | |
on: | |
push: | |
branches: [ 'main' ] | |
pull_request: | |
branches: [ '**' ] | |
repository_dispatch: | |
types: [ 'movie-harness-change' ] | |
permissions: | |
contents: read | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up Python 3.11 | |
uses: actions/setup-python@v5 | |
with: | |
python-version: 3.11 | |
- name: Install dependencies | |
run: | | |
python -m pip install --upgrade pip | |
pip install isort ruff pyright | |
pip install -r requirements-sync.txt | |
- name: Lint with isort | |
run: | | |
isort movies_sync.py --check --diff | |
- name: Lint with ruff | |
run: | | |
ruff check movies_sync.py --show-source | |
- name: Check with pyright | |
run: | | |
pyright movies_sync.py | |
e2e: | |
needs: build | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
node-version: [ 20.x ] | |
neo4j-version: [ "4.4", "4.4-enterprise", "5", "5-enterprise" ] | |
services: | |
neo4j: | |
image: neo4j:${{ matrix.neo4j-version }} | |
ports: [ "7687:7687" ] | |
env: | |
NEO4J_ACCEPT_LICENSE_AGREEMENT: yes | |
NEO4J_AUTH: "neo4j/neo4jpass" | |
options: >- | |
--name neo4j-e2e | |
--health-cmd "cypher-shell -u neo4j -p neo4jpass 'RETURN 1'" | |
--health-interval 10s | |
--health-timeout 5s | |
--health-start-period 10s | |
--health-retries 5 | |
--volume /tmp:/movies | |
steps: | |
- name: Set up Python 3.x | |
uses: actions/setup-python@v5 | |
with: | |
python-version: '3.x' | |
- name: Upgrade pip | |
run: | | |
python -m pip install --upgrade pip | |
- name: Download dataset | |
run: curl --fail --output /tmp/movies.cypher https://raw.githubusercontent.com/neo4j-graph-examples/movies/7e75003d2d32bf42ef9c740d1321a310fac1d1a6/scripts/movies.cypher | |
- name: Import dataset | |
run: docker exec --interactive neo4j-e2e cypher-shell -u neo4j -p neo4jpass --file /movies/movies.cypher | |
- name: Check out project sources | |
uses: actions/checkout@v4 | |
- name: Install dependencies | |
run: | | |
python -m pip install --upgrade pip | |
pip install -r requirements-sync.txt | |
- name: Check out test harness sources | |
uses: actions/checkout@v4 | |
with: | |
repository: neo4j-examples/movies-harness | |
path: e2e | |
ref: ${{ github.event.client_payload.sha }} | |
- uses: cypress-io/github-action@v6 | |
env: | |
NEO4J_VERSION: ${{ matrix.neo4j-version }} | |
NEO4J_URI: bolt://localhost | |
NEO4J_DATABASE: "neo4j" | |
NEO4J_USER: neo4j | |
NEO4J_PASSWORD: neo4jpass | |
with: | |
working-directory: e2e | |
browser: chrome | |
start: python ../movies_sync.py | |
wait-on: 'http://localhost:8080' |