MESH-2092 Bump the dependencies group with 2 updates #535
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: pull-request | |
| on: | |
| pull_request: | |
| branches: | |
| - develop | |
| jobs: | |
| coverage: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| checks: write | |
| pull-requests: write | |
| if: github.repository == 'NHSDigital/mesh-sandbox' | |
| steps: | |
| - name: checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| with: | |
| fetch-depth: 0 | |
| - name: print branch info | |
| run: | | |
| git branch | |
| echo "GITHUB_HEAD_REF=${GITHUB_HEAD_REF}" | |
| echo "GITHUB_BASE_REF=${GITHUB_BASE_REF}" | |
| git log --oneline -n 10 | |
| - name: clean | |
| run: | | |
| git clean -fdx | |
| find . -type f | xargs chmod g+w | |
| - name: secrets-check | |
| run: make check-secrets | |
| - name: merge into base_branch | |
| if: ${{ github.event_name == 'pull_request' }} | |
| run: | | |
| echo base branch "$BASE_BRANCH" | |
| echo pr branch "$PR_BRANCH" | |
| git checkout "$BASE_BRANCH" | |
| git checkout -b "merging-${{ github.event.number }}" | |
| git merge --ff-only "${{ github.event.pull_request.head.sha }}" | |
| env: | |
| BASE_BRANCH: ${{ github.base_ref }} | |
| PR_BRANCH: ${{ github.head_ref }} | |
| - name: setup python | |
| uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6 | |
| with: | |
| python-version-file: "pyproject.toml" | |
| - name: setup poetry | |
| uses: abatilo/actions-poetry@0dd19c9498c3dc8728967849d0d2eae428a8a3d8 | |
| with: | |
| poetry-version: 2.1.2 | |
| - name: add poetry plugins | |
| run: | | |
| poetry self add "poetry-dynamic-versioning[plugin]" | |
| - name: cache virtualenv | |
| uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5 | |
| with: | |
| path: | | |
| .venv | |
| key: ${{ runner.os }}-poetry-v2-${{ hashFiles('./poetry.lock') }} | |
| - name: git reset | |
| run: git reset --hard | |
| - name: install dependencies | |
| run: make install-ci | |
| - name: black | |
| run: make black-check | |
| - name: installs unrar | |
| run: | | |
| sudo apt update | |
| sudo apt-get install unrar -yq | |
| - name: setup java | |
| if: success() || failure() | |
| uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5 | |
| with: | |
| distribution: "corretto" | |
| java-version: "11" | |
| - name: start docker containers | |
| run: make up | |
| - name: code coverage | |
| run: make coverage-ci | |
| - name: code coverage report | |
| if: ${{ github.event_name == 'pull_request' }} | |
| uses: orgoro/coverage@7dbd48c7f7ed09df337ff40058340c85bc93cb3d | |
| with: | |
| coverageFile: reports/coverage.xml | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| thresholdAll: 0.85 | |
| - name: setup java | |
| if: success() || failure() | |
| uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5 | |
| with: | |
| distribution: "corretto" | |
| java-version: "17" | |
| - name: provision sonar-scanner | |
| if: success() || failure() | |
| run: | | |
| export SONAR_VERSION="4.7.0.2747" | |
| wget -q --max-redirect=0 "https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${SONAR_VERSION}.zip" -O sonar-scanner.zip | |
| unzip -q ./sonar-scanner.zip | |
| mv ./sonar-scanner-${SONAR_VERSION} ./sonar-scanner | |
| scripts/sonar_tests.py | |
| - name: run sonar scan | |
| if: success() || failure() | |
| run: | | |
| PATH="$PWD/sonar-scanner/bin:$PATH" | |
| if [[ "${{ github.event_name }}" == "pull_request" ]]; then | |
| git checkout "${GITHUB_HEAD_REF}" | |
| sonar-scanner -Dsonar.pullrequest.branch="{{ github.event.pull_request.head.sha }}" -Dsonar.pullrequest.base="{{ github.event.pull_request.base.sha }}" -Dsonar.pullrequest.key="${{ github.event.number }}" | |
| else | |
| sonar-scanner | |
| fi | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| - name: archive reports | |
| if: success() || failure() | |
| uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f | |
| with: | |
| name: reports | |
| path: reports/**/* | |
| - name: publish junit reports | |
| if: success() || failure() | |
| uses: mikepenz/action-junit-report@49b2ca06f62aa7ef83ae6769a2179271e160d8e4 | |
| with: | |
| check_name: junit reports | |
| report_paths: reports/junit/*.xml | |
| - name: stop docker containers | |
| if: success() || failure() | |
| run: make down | |
| lint: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| checks: write | |
| pull-requests: write | |
| if: github.repository == 'NHSDigital/mesh-sandbox' | |
| steps: | |
| - name: checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| with: | |
| fetch-depth: 0 | |
| - name: clean | |
| run: | | |
| git clean -fdx | |
| - name: secrets-check | |
| run: make check-secrets | |
| - name: merge into base_branch | |
| if: ${{ github.event_name == 'pull_request' }} | |
| run: | | |
| echo base branch "$BASE_BRANCH" | |
| echo pr branch "$PR_BRANCH" | |
| git checkout "$BASE_BRANCH" | |
| git checkout -b "merging-${{ github.event.number }}" | |
| git merge --ff-only "${{ github.event.pull_request.head.sha }}" | |
| env: | |
| BASE_BRANCH: ${{ github.base_ref }} | |
| PR_BRANCH: ${{ github.head_ref }} | |
| - name: setup python | |
| uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6 | |
| with: | |
| python-version-file: "pyproject.toml" | |
| - name: setup poetry | |
| uses: abatilo/actions-poetry@0dd19c9498c3dc8728967849d0d2eae428a8a3d8 | |
| with: | |
| poetry-version: 2.1.2 | |
| - name: add poetry plugins | |
| run: | | |
| poetry self add "poetry-dynamic-versioning[plugin]" | |
| - name: cache virtualenv | |
| uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5 | |
| with: | |
| path: | | |
| .venv | |
| key: ${{ runner.os }}-poetry-v2-${{ hashFiles('./poetry.lock') }} | |
| - name: git reset | |
| run: git reset --hard | |
| - name: install dependencies | |
| run: make install-ci | |
| - name: black | |
| run: make black-check | |
| - name: ruff | |
| run: make ruff-ci | |
| - name: mypy | |
| run: make mypy | |
| - name: hadolint | |
| uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5 | |
| with: | |
| dockerfile: "Dockerfile" | |
| recursive: true | |
| config: ./hadolint.yml | |
| - name: shellcheck | |
| uses: ludeeus/action-shellcheck@00b27aa7cb85167568cb48a3838b75f4265f2bca | |
| with: | |
| ignore_paths: .venv build | |
| ignore_names: git-secrets | |
| env: | |
| SHELLCHECK_OPTS: -f gcc -e SC1090,SC1091 | |
| publish: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| checks: write | |
| pull-requests: write | |
| if: github.repository == 'NHSDigital/mesh-sandbox' && github.actor != 'dependabot[bot]' | |
| needs: | |
| - coverage | |
| - lint | |
| steps: | |
| - name: checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| with: | |
| fetch-depth: 0 | |
| - name: print branch info | |
| run: | | |
| git branch | |
| echo "GITHUB_HEAD_REF=${GITHUB_HEAD_REF}" | |
| echo "GITHUB_BASE_REF=${GITHUB_BASE_REF}" | |
| git log --oneline -n 10 | |
| - name: clean | |
| run: | | |
| git clean -fdx | |
| find . -type f | xargs chmod g+w | |
| - name: merge into base_branch | |
| if: ${{ github.event_name == 'pull_request' }} | |
| run: | | |
| echo base branch "$BASE_BRANCH" | |
| echo pr branch "$PR_BRANCH" | |
| git checkout "$BASE_BRANCH" | |
| git checkout -b "merging-${{ github.event.number }}" | |
| git merge --ff-only "${{ github.event.pull_request.head.sha }}" | |
| env: | |
| BASE_BRANCH: ${{ github.base_ref }} | |
| PR_BRANCH: ${{ github.head_ref }} | |
| - name: setup python | |
| uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6 | |
| with: | |
| python-version-file: "pyproject.toml" | |
| - name: setup poetry | |
| uses: abatilo/actions-poetry@0dd19c9498c3dc8728967849d0d2eae428a8a3d8 | |
| with: | |
| poetry-version: 2.1.2 | |
| - name: add poetry plugins | |
| run: | | |
| poetry self add "poetry-dynamic-versioning[plugin]" | |
| - name: cache virtualenv | |
| uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5 | |
| with: | |
| path: | | |
| .venv | |
| key: ${{ runner.os }}-poetry-v2-${{ hashFiles('./poetry.lock') }} | |
| - name: git reset | |
| run: git reset --hard | |
| - name: install dependencies | |
| run: make install-ci | |
| - name: poetry build | |
| run: | | |
| poetry build --format=wheel | |
| - name: poetry config | |
| env: | |
| POETRY_PYPI_TOKEN_TESTPYPI: ${{ secrets.TEST_PYPI_TOKEN }} | |
| run: | | |
| poetry config repositories.testpypi https://test.pypi.org/legacy/ | |
| poetry config pypi-token.testpypi "$POETRY_PYPI_TOKEN_TESTPYPI" | |
| - name: poetry test publish | |
| run: poetry publish -r testpypi | |
| slack-notification: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - coverage | |
| - lint | |
| if: ${{ always() && github.repository == 'NHSDigital/mesh-sandbox' && github.actor== 'dependabot[bot]' && contains(needs.*.result, 'failure') }} | |
| steps: | |
| - name: Slack Notification | |
| uses: slackapi/slack-github-action@af78098f536edbc4de71162a307590698245be95 | |
| with: | |
| webhook: ${{ secrets.DEPENDABOT_SLACK_WEBHOOK_URL }} | |
| webhook-type: incoming-webhook | |
| payload: | | |
| { | |
| "blocks": [ | |
| { | |
| "type": "header", | |
| "text": { | |
| "type": "plain_text", | |
| "text": ":alarm: DEPENDABOT PR FAILED :alarm:", | |
| "emoji": true | |
| } | |
| }, | |
| { | |
| "type": "section", | |
| "text": { | |
| "type": "mrkdwn", | |
| "text": "Checks failed for ${{ github.repository }}:${{ github.ref }} in <https://github.com/${{ github.repository }}/pull/${{ github.event.number }}|PR #${{ github.event.number }}>" | |
| } | |
| } | |
| ] | |
| } |