-
Notifications
You must be signed in to change notification settings - Fork 0
132 lines (123 loc) · 4.36 KB
/
python-testing.yml
File metadata and controls
132 lines (123 loc) · 4.36 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
name: Python build and test
run-name: Python build and test
on: [push]
jobs:
build-and-test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.11'
architecture: 'x64'
- name: Download python dependancy
run: |
python -m pip install --upgrade pip
pip install -r requirements.txt
- name: Test with pytest
run: |
pytest --junitxml=junit/testresults.xml --cov=src --cov-report=html --cov-report=xml
- name: Upload pytest test results
uses: actions/upload-artifact@v4
with:
name: pytest-results
path: junit/testresults.xml
# Use always() to always run this step to publish test results when there are test failures
if: ${{ always() }}
- name: Upload pytest coverage results
uses: actions/upload-artifact@v4
with:
name: pytest-coverage-results
path: coverage.xml
# Use always() to always run this step to publish test results when there are test failures
if: ${{ always() }}
sonarqube:
runs-on: ubuntu-latest
needs:
- build-and-test
steps:
- name: Checkout
uses: actions/checkout@v4
with:
# Disabling shallow clones is recommended for improving the relevancy of reporting
fetch-depth: 0
- name: Download pytest coverage results
uses: actions/download-artifact@v4
with:
name: pytest-coverage-results
path: .coverage-reports/
# Use always() to always run this step to publish test results when there are test failures
if: ${{ always() }}
- name: SonarQube Scan
uses: sonarsource/sonarqube-scan-action@v3
with:
args: >
-D sonar.organization=${{ secrets.sonarqube_org }}
-D sonar.projectKey=${{ secrets.sonarqube_project_key }}
-D sonar.sources=${{ env.SONARQUBE_SOURCES }}
-D sonar.qualitygate.wait=true
-D sonar.python.coverage.reportPaths=.coverage-reports/coverage.xml
${{ env.SONARQUBE_ARGS }}
env:
SONAR_TOKEN: ${{ secrets.sonarqube_token }}
SONAR_HOST_URL: ${{ secrets.sonarqube_host }}
- name: Create SonarQube Report for DefectDojo
if: always()
run: |
# Install Sonar Report
mkdir -p ~/.local/bin
npm config set prefix '~/.local/'
npm install --global sonar-report@3.1.6
# Always run SAST Report from SonarQube
export PATH=~/.local/bin/:$PATH
# On SonarQube Community edition, you only can use main branch
sonar-report \
--sonarorganization="${{ secrets.sonarqube_org }}" \
--sonarurl="${{ secrets.sonarqube_host }}" \
--sonartoken="${{ secrets.sonarqube_token }}" \
--sonarcomponent="${{ secrets.sonarqube_project_key }}" \
--project="${{ secrets.sonarqube_project_key }}" \
--application="${{ secrets.sonarqube_project_key }}" \
--release="1.0" \
--output="sonar-report.html" \
--branch="main" \
> $SONAR_REPORT_OUTPUT_FILENAME 2>&1
- name: Publish Sonar Report Output to Summary
if: always()
run: |
if [[ -s $SONAR_REPORT_OUTPUT_FILENAME ]]; then
{
echo "### Sonar Report Output"
echo "<details><summary>Click to expand</summary>"
echo ""
echo '```terraform'
cat $SONAR_REPORT_OUTPUT_FILENAME
echo '```'
echo "</details>"
} >> $GITHUB_STEP_SUMMARY
fi
- name: Upload Sonar Report
if: always()
uses: actions/upload-artifact@v4
with:
name: sonar-report
path: sonar-report.html
retention-days: 30
env:
SONAR_REPORT_OUTPUT_FILENAME: sonar-report.txt
show-result:
runs-on: ubuntu-latest
needs:
- build-and-test
steps:
- name: Retrieve test results
uses: actions/download-artifact@v4
with:
name: pytest-results
path: junit/
- name: Show test summary
uses: test-summary/action@v2
with:
paths: "junit/testresults.xml"
if: always()