Skip to content

[FSSDK-10665] fix: Github Actions YAML files vulnerable to script inj… #286

[FSSDK-10665] fix: Github Actions YAML files vulnerable to script inj…

[FSSDK-10665] fix: Github Actions YAML files vulnerable to script inj… #286

Workflow file for this run

# This workflow will install Python dependencies, run tests and lint with a variety of Python versions
# For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions
name: build
on:
push:
branches: [ master ]
pull_request:
branches: [ master ]
jobs:
lint_markdown_files:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set up Ruby
uses: ruby/setup-ruby@v1
with:
ruby-version: '2.6'
bundler-cache: true # runs 'bundle install' and caches installed gems automatically
- name: Install gem
run: |
gem install awesome_bot
- name: Run tests
run: find . -type f -name '*.md' -exec awesome_bot {} \;
linting:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set up Python 3.12
uses: actions/setup-python@v4
with:
python-version: '3.12'
# flake8 version should be same as the version in requirements/test.txt
# to avoid lint errors on CI
- name: pip install flak8
run: pip install flake8>=4.1.0
- name: Lint with flake8
run: |
flake8
# stop the build if there are Python syntax errors or undefined names
flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
# exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide
flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics
integration_tests:
uses: optimizely/python-sdk/.github/workflows/integration_test.yml@master
secrets:
CI_USER_TOKEN: ${{ secrets.CI_USER_TOKEN }}
TRAVIS_COM_TOKEN: ${{ secrets.TRAVIS_COM_TOKEN }}
fullstack_production_suite:
uses: optimizely/python-sdk/.github/workflows/integration_test.yml@master
with:
FULLSTACK_TEST_REPO: ProdTesting
secrets:
CI_USER_TOKEN: ${{ secrets.CI_USER_TOKEN }}
TRAVIS_COM_TOKEN: ${{ secrets.TRAVIS_COM_TOKEN }}
test:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
python-version:
- "pypy-3.8"
- "pypy-3.9"
- "pypy-3.10"
- "3.8"
- "3.9"
- "3.10"
- "3.11"
- "3.12"
steps:
- uses: actions/checkout@v3
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v4
with:
python-version: ${{ matrix.python-version }}
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements/core.txt;pip install -r requirements/test.txt
- name: Test with pytest
run: |
pytest --cov=optimizely
type-check:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
python-version:
- "pypy-3.8"
- "pypy-3.9"
- "pypy-3.10"
- "3.8"
- "3.9"
- "3.10"
- "3.11"
- "3.12"
steps:
- uses: actions/checkout@v3
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v4
with:
python-version: ${{ matrix.python-version }}
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements/typing.txt
- name: Type check with mypy
run: |
mypy . --exclude "tests/testapp"
mypy . --exclude "tests/" --strict