adds basic support to use certain components in extensions w/ burnett… #85
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Tests | |
on: | |
- push | |
- pull_request | |
defaults: | |
run: | |
working-directory: spiffworkflow-backend | |
jobs: | |
tests-backend: | |
name: ${{ matrix.session }} ${{ matrix.python }} / ${{ matrix.os }} ${{ matrix.database }} | |
runs-on: ${{ matrix.os }} | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- { python: "3.11", os: "ubuntu-latest", session: "safety" } | |
- { python: "3.11", os: "ubuntu-latest", session: "mypy" } | |
- { python: "3.10", os: "ubuntu-latest", session: "mypy" } | |
- { | |
python: "3.11", | |
os: "ubuntu-latest", | |
session: "tests", | |
database: "mysql", | |
upload_coverage: true, | |
} | |
- { | |
python: "3.11", | |
os: "ubuntu-latest", | |
session: "tests", | |
database: "postgres", | |
} | |
- { | |
python: "3.11", | |
os: "ubuntu-latest", | |
session: "tests", | |
database: "sqlite", | |
} | |
- { | |
python: "3.10", | |
os: "ubuntu-latest", | |
session: "tests", | |
database: "sqlite", | |
} | |
# FIXME: tests cannot pass on windows and we currently cannot debug | |
# since none of us have a windows box that can run the python app. | |
# so ignore windows tests until we can get it fixed. | |
# - { | |
# python: "3.10", | |
# os: "windows-latest", | |
# session: "tests", | |
# database: "sqlite", | |
# } | |
- { | |
python: "3.11", | |
os: "macos-latest", | |
session: "tests", | |
database: "sqlite", | |
} | |
- { | |
# typeguard 2.13.3 is broken with TypeDict in 3.11. | |
# probably the next release fixes it. | |
# https://github.com/agronholm/typeguard/issues/242 | |
python: "3.11", | |
os: "ubuntu-latest", | |
session: "typeguard", | |
database: "sqlite", | |
} | |
# - { python: "3.11", os: "ubuntu-latest", session: "xdoctest" } | |
# - { python: "3.11", os: "ubuntu-latest", session: "docs-build" } | |
env: | |
FLASK_SESSION_SECRET_KEY: super_secret_key | |
FORCE_COLOR: "1" | |
NOXSESSION: ${{ matrix.session }} | |
PRE_COMMIT_COLOR: "always" | |
SPIFFWORKFLOW_BACKEND_DATABASE_PASSWORD: password | |
SPIFFWORKFLOW_BACKEND_DATABASE_TYPE: ${{ matrix.database }} | |
SPIFFWORKFLOW_BACKEND_RUNNING_IN_CI: 'true' | |
steps: | |
- name: Check out the repository | |
uses: actions/[email protected] | |
- name: Set up Python ${{ matrix.python }} | |
uses: actions/[email protected] | |
with: | |
python-version: ${{ matrix.python }} | |
- name: Upgrade pip | |
run: | | |
pip install --constraint=../.github/workflows/constraints.txt pip | |
pip --version | |
- name: Upgrade pip in virtual environments | |
shell: python | |
run: | | |
import os | |
import pip | |
with open(os.environ["GITHUB_ENV"], mode="a") as io: | |
print(f"VIRTUALENV_PIP={pip.__version__}", file=io) | |
- name: Install Poetry | |
run: | | |
pipx install --pip-args=--constraint=../.github/workflows/constraints.txt poetry | |
poetry --version | |
# when we get an imcompatible sqlite migration again and need to combine all migrations into one for the benefit of sqlite | |
# see if we can get the sqlite-specific block in the noxfile.py to work instead of this block in the github workflow, | |
# which annoyingly runs python setup outside of the nox environment (which seems to be flakier on poetry install). | |
# - name: Checkout Samples | |
# if: matrix.database == 'sqlite' | |
# uses: actions/checkout@v3 | |
# with: | |
# repository: sartography/sample-process-models | |
# path: sample-process-models | |
# - name: Poetry Install | |
# if: matrix.database == 'sqlite' | |
# run: poetry install | |
# - name: Setup sqlite | |
# if: matrix.database == 'sqlite' | |
# env: | |
# SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR: "${GITHUB_WORKSPACE}/sample-process-models" | |
# run: ./bin/recreate_db clean rmall | |
- name: Setup Mysql | |
uses: mirromutth/[email protected] | |
with: | |
host port: 3306 | |
container port: 3306 | |
mysql version: "8.0" | |
mysql database: "spiffworkflow_backend_unit_testing" | |
mysql root password: password | |
collation server: 'utf8mb4_0900_as_cs' | |
if: matrix.database == 'mysql' | |
- name: Setup Postgres | |
run: docker run --name postgres-spiff -p 5432:5432 -e POSTGRES_PASSWORD=spiffworkflow_backend -e POSTGRES_USER=spiffworkflow_backend -e POSTGRES_DB=spiffworkflow_backend_unit_testing -d postgres | |
if: matrix.database == 'postgres' | |
- name: Install mysqlclient lib dependencies | |
if: matrix.os == 'macos-latest' | |
run: | | |
brew install mysql pkg-config | |
- name: Run Session | |
run: | | |
./bin/run_ci_session ${{ matrix.session }} | |
- name: Upload coverage data | |
# pin to upload coverage from only one matrix entry, otherwise coverage gets confused later | |
if: matrix.upload_coverage | |
uses: "actions/upload-artifact@v3" | |
# this action doesn't seem to respect working-directory so include working-directory value in path | |
with: | |
name: coverage-data | |
path: "spiffworkflow-backend/.coverage.*" | |
# - name: Upload documentation | |
# if: matrix.session == 'docs-build' | |
# uses: actions/upload-artifact@v3 | |
# with: | |
# name: docs | |
# path: docs/_build | |
# | |
- name: Upload logs | |
if: failure() && matrix.session == 'tests' | |
uses: "actions/upload-artifact@v3" | |
with: | |
name: logs-${{matrix.python}}-${{matrix.os}}-${{matrix.database}} | |
path: "./log/*.log" | |
# burnettk created an account at https://app.snyk.io/org/kevin-jfx | |
# and added his SNYK_TOKEN secret under the spiff-arena repo. | |
snyk: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@master | |
- name: Run Snyk to check for vulnerabilities | |
uses: snyk/actions/python@master | |
with: | |
args: spiffworkflow-backend | |
env: | |
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
run_pre_commit_checks: | |
runs-on: ubuntu-latest | |
defaults: | |
run: | |
working-directory: . | |
steps: | |
- name: Check out the repository | |
uses: actions/[email protected] | |
- name: Set up Python | |
uses: actions/[email protected] | |
with: | |
python-version: "3.11" | |
- name: Install Poetry | |
run: | | |
pipx install --pip-args=--constraint=.github/workflows/constraints.txt poetry | |
poetry --version | |
- name: Poetry Install | |
run: poetry install | |
- name: run_pre_commit | |
run: ./bin/run_pre_commit_in_ci | |
check_docker_start_script: | |
permissions: | |
contents: read # for actions/checkout to fetch code | |
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results | |
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out the repository | |
uses: actions/[email protected] | |
- name: Checkout Samples | |
uses: actions/checkout@v3 | |
with: | |
repository: sartography/sample-process-models | |
path: sample-process-models | |
- name: start_backend | |
run: ./bin/build_and_run_with_docker_compose | |
timeout-minutes: 20 | |
env: | |
SPIFFWORKFLOW_BACKEND_RUN_DATA_SETUP: "false" | |
- name: wait_for_backend | |
run: ./bin/wait_for_server_to_be_up 5 | |
coverage: | |
runs-on: ubuntu-latest | |
needs: [tests-backend, run_pre_commit_checks, check_docker_start_script] | |
steps: | |
- name: Check out the repository | |
uses: actions/[email protected] | |
with: | |
# Disabling shallow clone is recommended for improving relevancy of reporting in sonarcloud | |
fetch-depth: 0 | |
- name: Set up Python | |
uses: actions/[email protected] | |
with: | |
python-version: "3.11" | |
- name: Upgrade pip | |
run: | | |
pip install --constraint=../.github/workflows/constraints.txt pip | |
pip --version | |
- name: Install Poetry | |
run: | | |
pipx install --pip-args=--constraint=../.github/workflows/constraints.txt poetry | |
poetry --version | |
- name: Download coverage data | |
uses: actions/[email protected] | |
with: | |
name: coverage-data | |
# this action doesn't seem to respect working-directory so include working-directory value in path | |
path: spiffworkflow-backend | |
- name: Run Coverage | |
run: | | |
./bin/run_ci_session coverage | |
- name: Upload coverage report | |
uses: codecov/[email protected] | |
- name: SonarCloud Scan | |
uses: sonarsource/[email protected] | |
# thought about just skipping dependabot | |
# if: ${{ github.actor != 'dependabot[bot]' }} | |
# but figured all pull requests seems better, since none of them will have access to sonarcloud. | |
# however, with just skipping pull requests, the build associated with "Triggered via push" is also associated with the pull request and also fails hitting sonarcloud | |
# if: ${{ github.event_name != 'pull_request' }} | |
# so just skip everything but main | |
if: github.ref_name == 'main' | |
with: | |
projectBaseDir: spiffworkflow-backend | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
# part about saving PR number and then using it from auto-merge-dependabot-prs from: | |
# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#workflow_run | |
- name: Save PR number | |
if: ${{ github.event_name == 'pull_request' }} | |
env: | |
PR_NUMBER: ${{ github.event.number }} | |
run: | | |
mkdir -p ./pr | |
echo "$PR_NUMBER" > ./pr/pr_number | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: pr_number | |
path: pr/ | |
tests-frontend: | |
runs-on: ubuntu-latest | |
needs: [tests-backend, run_pre_commit_checks, check_docker_start_script] | |
defaults: | |
run: | |
working-directory: spiffworkflow-frontend | |
steps: | |
- name: Development Code | |
uses: actions/checkout@v3 | |
with: | |
# Disabling shallow clone is recommended for improving relevancy of reporting in sonarcloud | |
fetch-depth: 0 | |
ref: ${{ github.event.workflow_run.head_sha }} | |
- name: Setup Node | |
uses: actions/setup-node@v3 | |
with: | |
node-version: 18.x | |
- run: npm install | |
- run: npm run lint | |
- run: npm test | |
- run: npm run build --if-present | |
- name: SonarCloud Scan | |
# thought about just skipping dependabot | |
# if: ${{ github.actor != 'dependabot[bot]' }} | |
# but figured all pull requests seems better, since none of them will have access to sonarcloud. | |
# however, with just skipping pull requests, the build associated with "Triggered via push" is also associated with the pull request and also fails hitting sonarcloud | |
# if: ${{ github.event_name != 'pull_request' }} | |
# so just skip everything but main | |
if: github.ref_name == 'main' | |
uses: sonarsource/sonarcloud-github-action@master | |
with: | |
projectBaseDir: spiffworkflow-frontend | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
# part about saving PR number and then using it from auto-merge-dependabot-prs from: | |
# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#workflow_run | |
- name: Save PR number | |
if: ${{ github.event_name == 'pull_request' }} | |
env: | |
PR_NUMBER: ${{ github.event.number }} | |
run: | | |
mkdir -p ./pr | |
echo "$PR_NUMBER" > ./pr/pr_number | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: pr_number | |
path: pr/ | |
cypress-run: | |
runs-on: ubuntu-latest | |
needs: [tests-backend, run_pre_commit_checks, check_docker_start_script] | |
defaults: | |
run: | |
working-directory: spiffworkflow-frontend | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
ref: ${{ github.event.workflow_run.head_sha }} | |
- name: Checkout Samples | |
uses: actions/checkout@v3 | |
with: | |
repository: sartography/sample-process-models | |
path: sample-process-models | |
- name: start_keycloak | |
working-directory: ./spiffworkflow-backend | |
run: ./keycloak/bin/start_keycloak | |
- name: start_backend | |
working-directory: ./spiffworkflow-backend | |
run: ./bin/build_and_run_with_docker_compose | |
timeout-minutes: 20 | |
env: | |
SPIFFWORKFLOW_BACKEND_LOAD_FIXTURE_DATA: "true" | |
SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_NAME: "acceptance_tests.yml" | |
- name: start_frontend | |
# working-directory: ./spiffworkflow-frontend | |
run: ./bin/build_and_run_with_docker_compose | |
- name: wait_for_backend | |
working-directory: ./spiffworkflow-backend | |
run: ./bin/wait_for_server_to_be_up 5 | |
- name: wait_for_frontend | |
# working-directory: ./spiffworkflow-frontend | |
run: ./bin/wait_for_frontend_to_be_up 5 | |
- name: wait_for_keycloak | |
working-directory: ./spiffworkflow-backend | |
run: ./keycloak/bin/wait_for_keycloak 5 | |
- name: Dump GitHub context | |
env: | |
GITHUB_CONTEXT: ${{ toJson(github) }} | |
run: | | |
echo "$GITHUB_CONTEXT" | |
- name: Cypress run | |
uses: cypress-io/github-action@v5 | |
with: | |
working-directory: ./spiffworkflow-frontend | |
browser: chrome | |
# only record on push, not pull_request, since we do not have secrets for PRs, | |
# so the required CYPRESS_RECORD_KEY will not be available. | |
# we have limited runs in cypress cloud, so only record main builds | |
# the direct check for github.event_name == 'push' is for if we want to go back to triggering this workflow | |
# directly, rather than when Backend Tests complete. | |
# note that github.event.workflow_run is referring to the Backend Tests workflow and another option | |
# for github.event.workflow_run.event is 'pull_request', which we want to ignore. | |
record: ${{ github.ref_name == 'main' && ((github.event_name == 'workflow_run' && github.event.workflow_run.event == 'push') || (github.event_name == 'push')) }} | |
env: | |
# pass the Dashboard record key as an environment variable | |
CYPRESS_RECORD_KEY: ${{ secrets.CYPRESS_RECORD_KEY }} | |
# pass GitHub token to allow accurately detecting a build vs a re-run build | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
CYPRESS_SPIFFWORKFLOW_FRONTEND_AUTH_WITH_KEYCLOAK: "true" | |
- name: get_backend_logs_from_docker_compose | |
if: failure() | |
working-directory: ./spiffworkflow-backend | |
run: ./bin/get_logs_from_docker_compose >./log/docker_compose.log | |
- name: Upload logs | |
if: failure() | |
uses: "actions/upload-artifact@v3" | |
with: | |
name: spiffworkflow-backend-logs | |
path: "./spiffworkflow-backend/log/*.log" | |
# https://github.com/cypress-io/github-action#artifacts | |
- name: upload_screenshots | |
uses: actions/upload-artifact@v3 | |
if: failure() | |
with: | |
name: cypress-screenshots | |
path: ./spiffworkflow-frontend/cypress/screenshots | |
# Test run video was always captured, so this action uses "always()" condition | |
- name: upload_videos | |
uses: actions/upload-artifact@v3 | |
if: failure() | |
with: | |
name: cypress-videos | |
path: ./spiffworkflow-frontend/cypress/videos |