-
Notifications
You must be signed in to change notification settings - Fork 34
159 lines (139 loc) · 4.77 KB
/
common_checks.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
name: main_workflow
on:
push:
branches:
- develop
- main
pull_request:
jobs:
lock_check:
continue-on-error: False
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ ubuntu-latest, macos-latest, windows-latest ]
python-version: [ "3.10" ]
poetry-version: ["1.4.0"]
defaults:
run:
shell: bash
timeout-minutes: 10
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
with:
python-version: ${{ matrix.python-version }}
- name: Install and configure Poetry
uses: snok/install-poetry@v1
with:
version: ${{ matrix.poetry-version }}
virtualenvs-create: true
virtualenvs-in-project: false
virtualenvs-path: ~/my-custom-path
installer-parallel: true
- name: Check if dependencies can be locked
run: poetry lock --check
- name: Poetry install requirements and check they can be locked
run: poetry install --all-extras --no-interaction -vvv
copyright_and_dependencies_check:
continue-on-error: False
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ ubuntu-latest ]
python-version: [ "3.10" ]
timeout-minutes: 30
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- uses: actions/setup-python@v4
with:
python-version: ${{ matrix.python-version }}
- name: Install dependencies
run: pip install tomte[tox,cli]==0.2.14
- name: Check copyright headers
run: tomte check-copyright --author valory --exclude-part abci --exclude-part http_client --exclude-part ipfs --exclude-part ledger --exclude-part p2p_libp2p_client --exclude-part gnosis_safe --exclude-part gnosis_safe_proxy_factory --exclude-part multisend --exclude-part service_registry --exclude-part protocols --exclude-part abstract_abci --exclude-part abstract_round_abci --exclude-part registration_abci --exclude-part reset_pause_abci --exclude-part termination_abci --exclude-part transaction_settlement_abci --exclude-part websocket_client --exclude-part contract_subscription --exclude-part mech --exclude-part mech_interact_abci --exclude-part http_server
- name: License compatibility check
run: tox -e liccheck
# TODO: reactivate once false positives are fixed
# - name: Check dependencies
# run: tox -e check-dependencies
- name: Check doc links
run: tomte check-doc-links
- name: Check doc IPFS hashes
run: tox -e check-doc-hashes
linter_checks:
continue-on-error: False
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ ubuntu-latest ]
python-version: [ "3.10" ]
timeout-minutes: 30
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
with:
python-version: ${{ matrix.python-version }}
- name: Install dependencies
run: |
pip install tomte[tox,cli]==0.2.17
# Install `mdspell` for spelling checks
sudo npm install -g markdown-spellcheck
- name: Security checks
# TODO: tomte check-security
run: echo "Skipped until service is bumped"
- name: Check packages
run: tox -e check-packages
- name: Check hash
run: tox -e check-hash
- name: Code checks
run: tomte check-code
- name: Check spelling
run: tomte check-spelling
- name: AbciApp consistency checks
# analyse-service checks do not work properly as it is checking task execution skill which is not an ABCI skill
run: |
tox -e check-abci-docstrings
tox -e check-abciapp-specs
tox -e check-handlers
# tox -e analyse-service
scan:
name: gitleaks
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- run: |
wget https://github.com/zricethezav/gitleaks/releases/download/v8.10.1/gitleaks_8.10.1_linux_x64.tar.gz && \
tar -xzf gitleaks_8.10.1_linux_x64.tar.gz && \
sudo install gitleaks /usr/bin && \
gitleaks detect --report-format json --report-path leak_report -v
test:
continue-on-error: True
needs:
- lock_check
- copyright_and_dependencies_check
- linter_checks
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ ubuntu-latest ]
python-version: [ "3.10" ]
timeout-minutes: 120
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 0
- uses: actions/setup-python@v3
with:
python-version: ${{ matrix.python-version }}
- name: Install dependencies
run: |
sudo apt-get update --fix-missing
sudo apt-get autoremove
sudo apt-get autoclean
pip install tomte[tox,cli]==0.2.15
pip install --user --upgrade setuptools