Skip to content
.github/workflows/stage-2-test.yaml

CCM-14499: Pinning all GitHub Actions to SHAs #1

Sign in to view logs

CCM-14499: Pinning all GitHub Actions to SHAs

CCM-14499: Pinning all GitHub Actions to SHAs #1

Workflow file for this run

.github/workflows/stage-2-test.yaml at 36c566d
name: "Test stage"
on:
workflow_call:
inputs:
build_datetime:
description: "Build datetime, set by the CI/CD pipeline workflow"
required: true
type: string
build_timestamp:
description: "Build timestamp, set by the CI/CD pipeline workflow"
required: true
type: string
build_epoch:
description: "Build epoch, set by the CI/CD pipeline workflow"
required: true
type: string
nodejs_version:
description: "Node.js version, set by the CI/CD pipeline workflow"
required: true
type: string
python_version:
description: "Python version, set by the CI/CD pipeline workflow"
required: true
type: string
terraform_version:
description: "Terraform version, set by the CI/CD pipeline workflow"
required: true
type: string
version:
description: "Version of the software, set by the CI/CD pipeline workflow"
required: true
type: string
secrets:
SONAR_TOKEN:
description: 'Require SONAR_TOKEN'
required: true
env:
AWS_REGION: eu-west-2
TERM: xterm-256color
jobs:
detect-schema-changes:
name: "Detect Schema Changes"
runs-on: ubuntu-latest
permissions:
contents: read
outputs:
schemas_changed: ${{ steps.filter.outputs.schemas }}
steps:
- name: "Checkout code"
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5
- name: "Check for schema changes"
uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3 id: filter
with:
filters: |
schemas:
- 'src/cloudevents/**'
- 'src/typescript-schema-generator/**'
- 'src/python-schema-generator/**'
- 'src/digital-letters-events/**'
check-generated-dependencies:
name: "Check generated dependencies"
needs: [detect-schema-changes]
if: needs.detect-schema-changes.outputs.schemas_changed == 'true'
runs-on: ubuntu-latest
timeout-minutes: 4
permissions:
contents: read
packages: read
steps:
- name: "Checkout code"
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 - uses: ./.github/actions/node-install
with:
node-version: ${{ inputs.nodejs_version }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: "Repo setup"
run: |
npm ci
- name: "Generate dependencies"
run: |
npm run generate-dependencies
git diff --exit-code
test-unit:
name: "Unit tests"
runs-on: ubuntu-latest
timeout-minutes: 7
permissions:
contents: read
packages: read
steps:
- name: "Checkout code"
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 - uses: ./.github/actions/node-install
with:
node-version: ${{ inputs.nodejs_version }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Check failure on line 98 in .github/workflows/stage-2-test.yaml

View workflow run for this annotation

GitHub Actions / .github/workflows/stage-2-test.yaml

Invalid workflow file 

You have an error in your yaml syntax on line 98
- name: "Setup Python"
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6 with:
python-version: ${{ inputs.python_version }}
cache: 'pip'
cache-dependency-path: '**/requirements*.txt'
- name: "Run unit test suite"
run: |
make test-unit
- name: "Save the result of fast test suite"
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 with:
name: unit-tests
path: "**/.reports/unit"
include-hidden-files: true
if: always()
- name: "Save the result of code coverage"
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 with:
name: code-coverage-report
path: ".reports/lcov.info"
- name: "Save Python coverage reports"
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 with:
name: python-coverage-reports
path: |
src/**/coverage.xml
utils/**/coverage.xml
lambdas/**/coverage.xml
test-lint:
name: "Linting"
runs-on: ubuntu-latest
timeout-minutes: 6
permissions:
contents: read
packages: read
steps:
- name: "Checkout code"
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 - name: "Setup Python"
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6 with:
python-version: ${{ inputs.python_version }}
cache: 'pip'
cache-dependency-path: '**/requirements*.txt'
- uses: ./.github/actions/node-install
with:
node-version: ${{ inputs.nodejs_version }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: "Run linting"
run: |
make test-lint
test-typecheck:
name: "Typecheck"
runs-on: ubuntu-latest
timeout-minutes: 4
permissions:
contents: read
packages: read
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
steps:
- name: "Checkout code"
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 - uses: ./.github/actions/node-install
with:
node-version: ${{ inputs.nodejs_version }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: "Run typecheck"
run: |
make test-typecheck
perform-static-analysis:
name: "Perform static analysis"
needs: [test-unit]
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
timeout-minutes: 4
steps:
- name: "Checkout code"
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5 with:
fetch-depth: 0 # Full history is needed to improving relevancy of reporting
- name: "Download coverage report for SONAR"
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5 with:
name: code-coverage-report
- name: "Download Python coverage reports"
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5 with:
name: python-coverage-reports
path: .
- name: "Perform static analysis"
uses: ./.github/actions/perform-static-analysis
with:
sonar_organisation_key: "${{ vars.SONAR_ORGANISATION_KEY }}"
sonar_project_key: "${{ vars.SONAR_PROJECT_KEY }}"
sonar_token: "${{ secrets.SONAR_TOKEN }}"