name: Standard Pipeline on: pull_request: branches: '**' push: branches: - develop schedule: - cron: '0 20 * * 5' jobs: outdated: runs-on: ubuntu-latest if: startsWith(github.head_ref, 'renovate') == false steps: - uses: actions/checkout@v2 - uses: actions/setup-python@v2 with: python-version: 3.8 - name: pip install run: pip install -r requirements.txt --user - name: outdated run: pip list --outdated --not-required --user | grep . && echo "there are outdated packages" && exit 1 || echo "all packages up to date" black: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - uses: actions/setup-python@v2 with: python-version: 3.8 - name: pip install run: pip install -r requirements.txt - name: black run: black --check . isort: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - uses: actions/setup-python@v2 with: python-version: 3.8 - name: pip install run: pip install -r requirements.txt - name: isort run: isort --check . test: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - uses: actions/setup-python@v2 with: python-version: 3.8 - name: pip install run: pip install -r requirements.txt - name: test run: python -m unittest discover security: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - uses: actions/setup-python@v2 with: python-version: 3.8 - name: pip install bandit run: pip install bandit==1.6.2 - name: bandit run: bandit -r *.py -f json -o report.json - name: show report if: ${{ success() || failure() }} run: cat report.json - name: upload report if: ${{ success() || failure() }} uses: actions/upload-artifact@v2 with: name: Bandit Security Report path: report.json docker: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - name: docker build run: docker build -t python-demo .