spiffworkflow-backend/.github/workflows/tests.yml

name: Tests

on:
  - push
  - pull_request

jobs:
  tests:
    name: ${{ matrix.session }} ${{ matrix.python }} / ${{ matrix.os }} ${{ matrix.database }}
    runs-on: ${{ matrix.os }}
    strategy:
      fail-fast: false
      matrix:
        include:
          - { python: "3.11", os: "ubuntu-latest", session: "pre-commit" }
          - { python: "3.11", os: "ubuntu-latest", session: "safety" }
          - { python: "3.11", os: "ubuntu-latest", session: "mypy" }
          - { python: "3.10", os: "ubuntu-latest", session: "mypy" }
          - { python: "3.9", os: "ubuntu-latest", session: "mypy" }
          - {
              python: "3.11",
              os: "ubuntu-latest",
              session: "tests",
              database: "mysql",
            }
          - {
              python: "3.11",
              os: "ubuntu-latest",
              session: "tests",
              database: "postgres",
            }
          - {
              python: "3.11",
              os: "ubuntu-latest",
              session: "tests",
              database: "sqlite",
            }
          - {
              python: "3.10",
              os: "ubuntu-latest",
              session: "tests",
              database: "sqlite",
            }
          - {
              python: "3.9",
              os: "ubuntu-latest",
              session: "tests",
              database: "sqlite",
            }
          - {
              python: "3.10",
              os: "windows-latest",
              session: "tests",
              database: "sqlite",
            }
          - {
              python: "3.11",
              os: "macos-latest",
              session: "tests",
              database: "sqlite",
            }
          - {
              # typeguard 2.13.3 is broken with TypeDict in 3.11.
              # probably the next release fixes it.
              # https://github.com/agronholm/typeguard/issues/242
              python: "3.11",
              os: "ubuntu-latest",
              session: "typeguard",
              database: "sqlite",
            }
          - { python: "3.11", os: "ubuntu-latest", session: "xdoctest" }
          - { python: "3.11", os: "ubuntu-latest", session: "docs-build" }

    env:
      NOXSESSION: ${{ matrix.session }}
      SPIFF_DATABASE_TYPE: ${{ matrix.database }}
      FORCE_COLOR: "1"
      PRE_COMMIT_COLOR: "always"
      DB_PASSWORD: password
      FLASK_SESSION_SECRET_KEY: super_secret_key

    steps:
      - name: Check out the repository
        uses: actions/checkout@v3.0.2

      - name: Set up Python ${{ matrix.python }}
        uses: actions/setup-python@v4.2.0
        with:
          python-version: ${{ matrix.python }}

      - name: Upgrade pip
        run: |
          pip install --constraint=.github/workflows/constraints.txt pip
          pip --version

      - name: Upgrade pip in virtual environments
        shell: python
        run: |
          import os
          import pip

          with open(os.environ["GITHUB_ENV"], mode="a") as io:
              print(f"VIRTUALENV_PIP={pip.__version__}", file=io)

      - name: Install Poetry
        run: |
          pipx install --pip-args=--constraint=.github/workflows/constraints.txt poetry
          poetry --version

      - name: Install Nox
        run: |
          pipx install --pip-args=--constraint=.github/workflows/constraints.txt nox
          pipx inject --pip-args=--constraint=.github/workflows/constraints.txt nox nox-poetry
          nox --version

      - name: Compute pre-commit cache key
        if: matrix.session == 'pre-commit'
        id: pre-commit-cache
        shell: python
        run: |
          import hashlib
          import sys

          python = "py{}.{}".format(*sys.version_info[:2])
          payload = sys.version.encode() + sys.executable.encode()
          digest = hashlib.sha256(payload).hexdigest()
          result = "${{ runner.os }}-{}-{}-pre-commit".format(python, digest[:8])

          print("::set-output name=result::{}".format(result))

      - name: Restore pre-commit cache
        uses: actions/cache@v3.0.11
        if: matrix.session == 'pre-commit'
        with:
          path: ~/.cache/pre-commit
          key: ${{ steps.pre-commit-cache.outputs.result }}-${{ hashFiles('.pre-commit-config.yaml') }}
          restore-keys: |
            ${{ steps.pre-commit-cache.outputs.result }}-
      - name: Setup Mysql
        uses: mirromutth/mysql-action@v1.1
        with:
          host port: 3306
          container port: 3306
          mysql version: "8.0"
          mysql database: "spiffworkflow_backend_unit_testing"
          mysql root password: password
        if: matrix.database == 'mysql'

      - name: Setup Postgres
        run: docker run --name postgres-spiff -p 5432:5432 -e POSTGRES_PASSWORD=spiffworkflow_backend -e POSTGRES_USER=spiffworkflow_backend -e POSTGRES_DB=spiffworkflow_backend_unit_testing -d postgres
        if: matrix.database == 'postgres'

      - name: Run Nox
        run: |
          nox --force-color --python=${{ matrix.python }}

      - name: Upload coverage data
        # pin to upload coverage from only one matrix entry, otherwise coverage gets confused later
        if: always() && matrix.session == 'tests' && matrix.python == '3.11' && matrix.os == 'ubuntu-latest' && matrix.database == 'mysql'
        uses: "actions/upload-artifact@v3.0.0"
        with:
          name: coverage-data
          path: ".coverage.*"

      - name: Upload documentation
        if: matrix.session == 'docs-build'
        uses: actions/upload-artifact@v3.0.0
        with:
          name: docs
          path: docs/_build

      - name: Upload logs
        if: failure() && matrix.session == 'tests'
        uses: "actions/upload-artifact@v3.0.0"
        with:
          name: logs-${{matrix.python}}-${{matrix.os}}-${{matrix.database}}
          path: "./log/*.log"

  check_docker_start_script:
    runs-on: ubuntu-latest
    steps:
      - name: Check out the repository
        uses: actions/checkout@v3.0.2
        with:
          # Disabling shallow clone is recommended for improving relevancy of reporting in sonarcloud
          fetch-depth: 0
      - name: start_backend
        run: ./bin/build_and_run_with_docker_compose
        timeout-minutes: 20
        env:
          SPIFFWORKFLOW_BACKEND_LOAD_FIXTURE_DATA: "true"
      - name: wait_for_backend
        run: ./bin/wait_for_server_to_be_up 5

  coverage:
    runs-on: ubuntu-latest
    needs: tests
    steps:
      - name: Check out the repository
        uses: actions/checkout@v3.0.2
        with:
          # Disabling shallow clone is recommended for improving relevancy of reporting in sonarcloud
          fetch-depth: 0

      - name: Set up Python
        uses: actions/setup-python@v4.2.0
        with:
          python-version: "3.11"

      - name: Upgrade pip
        run: |
          pip install --constraint=.github/workflows/constraints.txt pip
          pip --version

      - name: Install Poetry
        run: |
          pipx install --pip-args=--constraint=.github/workflows/constraints.txt poetry
          poetry --version

      - name: Install Nox
        run: |
          pipx install --pip-args=--constraint=.github/workflows/constraints.txt nox
          pipx inject --pip-args=--constraint=.github/workflows/constraints.txt nox nox-poetry
          nox --version

      - name: Download coverage data
        uses: actions/download-artifact@v3.0.1
        with:
          name: coverage-data

      - name: Combine coverage data and display human readable report
        run: |
          find . -name \*.pyc -delete
          nox --force-color --session=coverage

      - name: Create coverage report
        run: |
          nox --force-color --session=coverage -- xml

      - name: Upload coverage report
        uses: codecov/codecov-action@v3.1.0

      - name: SonarCloud Scan
        uses: sonarsource/sonarcloud-github-action@master
        # thought about just skipping dependabot
        # if: ${{ github.actor != 'dependabot[bot]' }}
        # but figured all pull requests seems better, since none of them will have access to sonarcloud.
        # however, with just skipping pull requests, the build associated with "Triggered via push" is also associated with the pull request and also fails hitting sonarcloud
        # if: ${{ github.event_name != 'pull_request' }}
        # so just skip everything but main
        if: github.ref_name == 'main'
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
      # part about saving PR number and then using it from auto-merge-dependabot-prs from:
      # https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#workflow_run
      - name: Save PR number
        if: ${{ github.event_name == 'pull_request' }}
        env:
          PR_NUMBER: ${{ github.event.number }}
        run: |
          mkdir -p ./pr
          echo "$PR_NUMBER" > ./pr/pr_number
      - uses: actions/upload-artifact@v3
        with:
          name: pr_number
          path: pr/
initial commit w/ burnettk 2022-05-13 13:42:42 -04:00			`name: Tests`

			`on:`
			`- push`
			`- pull_request`

			`jobs:`
			`tests:`
print the db type as well in github actions w/ burnettk 2022-05-20 17:05:03 -04:00			`name: ${{ matrix.session }} ${{ matrix.python }} / ${{ matrix.os }} ${{ matrix.database }}`
initial commit w/ burnettk 2022-05-13 13:42:42 -04:00			`runs-on: ${{ matrix.os }}`
			`strategy:`
			`fail-fast: false`
			`matrix:`
			`include:`
arena github actions 2022-11-12 22:41:43 -05:00			`- { python: "3.11", os: "ubuntu-latest", session: "pre-commit" }`
			`- { python: "3.11", os: "ubuntu-latest", session: "safety" }`
			`- { python: "3.11", os: "ubuntu-latest", session: "mypy" }`
			`- { python: "3.10", os: "ubuntu-latest", session: "mypy" }`
			`- { python: "3.9", os: "ubuntu-latest", session: "mypy" }`
added configs w/ burnettk 2022-05-19 14:38:47 -04:00			`- {`
add back in support for python 3.9 and favor 3.11 for tests w/ burnettk 2022-11-09 15:15:27 -05:00			`python: "3.11",`
added configs w/ burnettk 2022-05-19 14:38:47 -04:00			`os: "ubuntu-latest",`
			`session: "tests",`
attempt to run ci with mysql w/ burnettk 2022-05-20 12:08:42 -04:00			`database: "mysql",`
added configs w/ burnettk 2022-05-19 14:38:47 -04:00			`}`
arena github actions 2022-11-12 22:41:43 -05:00			`- {`
			`python: "3.11",`
			`os: "ubuntu-latest",`
			`session: "tests",`
			`database: "postgres",`
			`}`
			`- {`
			`python: "3.11",`
			`os: "ubuntu-latest",`
			`session: "tests",`
			`database: "sqlite",`
			`}`
			`- {`
			`python: "3.10",`
			`os: "ubuntu-latest",`
			`session: "tests",`
			`database: "sqlite",`
			`}`
			`- {`
			`python: "3.9",`
			`os: "ubuntu-latest",`
			`session: "tests",`
			`database: "sqlite",`
			`}`
			`- {`
			`python: "3.10",`
			`os: "windows-latest",`
			`session: "tests",`
			`database: "sqlite",`
			`}`
			`- {`
			`python: "3.11",`
			`os: "macos-latest",`
			`session: "tests",`
			`database: "sqlite",`
			`}`
run all tests again w/ burnettk 2022-05-20 14:37:23 -04:00			`- {`
add back in support for python 3.9 and favor 3.11 for tests w/ burnettk 2022-11-09 15:15:27 -05:00			`# typeguard 2.13.3 is broken with TypeDict in 3.11.`
run all tests again w/ burnettk 2022-05-20 14:37:23 -04:00			`# probably the next release fixes it.`
			`# https://github.com/agronholm/typeguard/issues/242`
add back in support for python 3.9 and favor 3.11 for tests w/ burnettk 2022-11-09 15:15:27 -05:00			`python: "3.11",`
run all tests again w/ burnettk 2022-05-20 14:37:23 -04:00			`os: "ubuntu-latest",`
			`session: "typeguard",`
			`database: "sqlite",`
			`}`
add back in support for python 3.9 and favor 3.11 for tests w/ burnettk 2022-11-09 15:15:27 -05:00			`- { python: "3.11", os: "ubuntu-latest", session: "xdoctest" }`
			`- { python: "3.11", os: "ubuntu-latest", session: "docs-build" }`
initial commit w/ burnettk 2022-05-13 13:42:42 -04:00
			`env:`
			`NOXSESSION: ${{ matrix.session }}`
added process models and cleaned up some of the code w/ burnettk 2022-05-23 16:36:23 -04:00			`SPIFF_DATABASE_TYPE: ${{ matrix.database }}`
initial commit w/ burnettk 2022-05-13 13:42:42 -04:00			`FORCE_COLOR: "1"`
			`PRE_COMMIT_COLOR: "always"`
use correct env var and fix bash nounset issue 2022-06-20 22:56:50 -04:00			`DB_PASSWORD: password`
try to pass key another way 2022-06-20 22:43:19 -04:00			`FLASK_SESSION_SECRET_KEY: super_secret_key`
initial commit w/ burnettk 2022-05-13 13:42:42 -04:00
			`steps:`
			`- name: Check out the repository`
			`uses: actions/checkout@v3.0.2`

			`- name: Set up Python ${{ matrix.python }}`
Bump actions/setup-python from 3.1.2 to 4.2.0 Bumps [actions/setup-python](https://github.com/actions/setup-python) from 3.1.2 to 4.2.0. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v3.1.2...v4.2.0) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> 2022-08-02 20:35:38 +00:00			`uses: actions/setup-python@v4.2.0`
initial commit w/ burnettk 2022-05-13 13:42:42 -04:00			`with:`
			`python-version: ${{ matrix.python }}`

			`- name: Upgrade pip`
			`run: \|`
			`pip install --constraint=.github/workflows/constraints.txt pip`
			`pip --version`

			`- name: Upgrade pip in virtual environments`
			`shell: python`
			`run: \|`
			`import os`
			`import pip`

			`with open(os.environ["GITHUB_ENV"], mode="a") as io:`
			`print(f"VIRTUALENV_PIP={pip.__version__}", file=io)`

			`- name: Install Poetry`
			`run: \|`
			`pipx install --pip-args=--constraint=.github/workflows/constraints.txt poetry`
			`poetry --version`

			`- name: Install Nox`
			`run: \|`
			`pipx install --pip-args=--constraint=.github/workflows/constraints.txt nox`
			`pipx inject --pip-args=--constraint=.github/workflows/constraints.txt nox nox-poetry`
			`nox --version`

			`- name: Compute pre-commit cache key`
			`if: matrix.session == 'pre-commit'`
			`id: pre-commit-cache`
			`shell: python`
			`run: \|`
			`import hashlib`
			`import sys`

			`python = "py{}.{}".format(*sys.version_info[:2])`
			`payload = sys.version.encode() + sys.executable.encode()`
			`digest = hashlib.sha256(payload).hexdigest()`
			`result = "${{ runner.os }}-{}-{}-pre-commit".format(python, digest[:8])`

			`print("::set-output name=result::{}".format(result))`

			`- name: Restore pre-commit cache`
Bump actions/cache from 3.0.10 to 3.0.11 Bumps [actions/cache](https://github.com/actions/cache) from 3.0.10 to 3.0.11. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/v3.0.10...v3.0.11) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> 2022-10-13 20:30:13 +00:00			`uses: actions/cache@v3.0.11`
initial commit w/ burnettk 2022-05-13 13:42:42 -04:00			`if: matrix.session == 'pre-commit'`
			`with:`
			`path: ~/.cache/pre-commit`
			`key: ${{ steps.pre-commit-cache.outputs.result }}-${{ hashFiles('.pre-commit-config.yaml') }}`
			`restore-keys: \|`
			`${{ steps.pre-commit-cache.outputs.result }}-`
try using a github action for mysql w/ burnettk 2022-05-20 15:14:19 -04:00			`- name: Setup Mysql`
			`uses: mirromutth/mysql-action@v1.1`
			`with:`
			`host port: 3306`
			`container port: 3306`
set instance path based on environment variable and determine db based on that from config init instead of config files w/ burnettk 2022-05-20 16:37:23 -04:00			`mysql version: "8.0"`
catch up with environment change 2023-02-08 12:51:48 -05:00			`mysql database: "spiffworkflow_backend_unit_testing"`
use a mysql password in ci w/ burnettk 2022-05-20 17:03:08 -04:00			`mysql root password: password`
try using a github action for mysql w/ burnettk 2022-05-20 15:14:19 -04:00			`if: matrix.database == 'mysql'`
initial commit w/ burnettk 2022-05-13 13:42:42 -04:00
how about postgres 2022-06-21 22:56:42 -04:00			`- name: Setup Postgres`
catch up with environment change 2023-02-08 12:51:48 -05:00			`run: docker run --name postgres-spiff -p 5432:5432 -e POSTGRES_PASSWORD=spiffworkflow_backend -e POSTGRES_USER=spiffworkflow_backend -e POSTGRES_DB=spiffworkflow_backend_unit_testing -d postgres`
how about postgres 2022-06-21 22:56:42 -04:00			`if: matrix.database == 'postgres'`

initial commit w/ burnettk 2022-05-13 13:42:42 -04:00			`- name: Run Nox`
			`run: \|`
			`nox --force-color --python=${{ matrix.python }}`

			`- name: Upload coverage data`
			`# pin to upload coverage from only one matrix entry, otherwise coverage gets confused later`
arena github actions 2022-11-12 22:41:43 -05:00			`if: always() && matrix.session == 'tests' && matrix.python == '3.11' && matrix.os == 'ubuntu-latest' && matrix.database == 'mysql'`
initial commit w/ burnettk 2022-05-13 13:42:42 -04:00			`uses: "actions/upload-artifact@v3.0.0"`
			`with:`
			`name: coverage-data`
			`path: ".coverage.*"`

			`- name: Upload documentation`
			`if: matrix.session == 'docs-build'`
			`uses: actions/upload-artifact@v3.0.0`
			`with:`
			`name: docs`
			`path: docs/_build`

adding log files for the server w/ burnettk 2022-07-07 10:19:52 -04:00			`- name: Upload logs`
			`if: failure() && matrix.session == 'tests'`
			`uses: "actions/upload-artifact@v3.0.0"`
			`with:`
name log artifacts based on matrix w/ burnettk 2022-07-07 10:50:01 -04:00			`name: logs-${{matrix.python}}-${{matrix.os}}-${{matrix.database}}`
adding log files for the server w/ burnettk 2022-07-07 10:19:52 -04:00			`path: "./log/*.log"`

removed docker_restart and instead do it all in build and run and check docker compose stuff in ci w/ burnettk 2022-07-11 17:10:07 -04:00			`check_docker_start_script:`
			`runs-on: ubuntu-latest`
			`steps:`
			`- name: Check out the repository`
			`uses: actions/checkout@v3.0.2`
			`with:`
			`# Disabling shallow clone is recommended for improving relevancy of reporting in sonarcloud`
			`fetch-depth: 0`
			`- name: start_backend`
			`run: ./bin/build_and_run_with_docker_compose`
add timeout 2022-07-11 22:36:56 -04:00			`timeout-minutes: 20`
removed docker_restart and instead do it all in build and run and check docker compose stuff in ci w/ burnettk 2022-07-11 17:10:07 -04:00			`env:`
			`SPIFFWORKFLOW_BACKEND_LOAD_FIXTURE_DATA: "true"`
			`- name: wait_for_backend`
			`run: ./bin/wait_for_server_to_be_up 5`

initial commit w/ burnettk 2022-05-13 13:42:42 -04:00			`coverage:`
			`runs-on: ubuntu-latest`
			`needs: tests`
			`steps:`
			`- name: Check out the repository`
			`uses: actions/checkout@v3.0.2`
			`with:`
			`# Disabling shallow clone is recommended for improving relevancy of reporting in sonarcloud`
			`fetch-depth: 0`

			`- name: Set up Python`
Bump actions/setup-python from 3.1.2 to 4.2.0 Bumps [actions/setup-python](https://github.com/actions/setup-python) from 3.1.2 to 4.2.0. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v3.1.2...v4.2.0) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> 2022-08-02 20:35:38 +00:00			`uses: actions/setup-python@v4.2.0`
initial commit w/ burnettk 2022-05-13 13:42:42 -04:00			`with:`
add back in support for python 3.9 and favor 3.11 for tests w/ burnettk 2022-11-09 15:15:27 -05:00			`python-version: "3.11"`
initial commit w/ burnettk 2022-05-13 13:42:42 -04:00
			`- name: Upgrade pip`
			`run: \|`
			`pip install --constraint=.github/workflows/constraints.txt pip`
			`pip --version`

			`- name: Install Poetry`
			`run: \|`
			`pipx install --pip-args=--constraint=.github/workflows/constraints.txt poetry`
			`poetry --version`

			`- name: Install Nox`
			`run: \|`
			`pipx install --pip-args=--constraint=.github/workflows/constraints.txt nox`
			`pipx inject --pip-args=--constraint=.github/workflows/constraints.txt nox nox-poetry`
			`nox --version`

			`- name: Download coverage data`
Bump actions/download-artifact from 3.0.0 to 3.0.1 Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 3.0.0 to 3.0.1. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/v3.0.0...v3.0.1) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> 2022-10-21 20:55:34 +00:00			`uses: actions/download-artifact@v3.0.1`
initial commit w/ burnettk 2022-05-13 13:42:42 -04:00			`with:`
			`name: coverage-data`

			`- name: Combine coverage data and display human readable report`
			`run: \|`
			`find . -name \*.pyc -delete`
			`nox --force-color --session=coverage`

			`- name: Create coverage report`
			`run: \|`
			`nox --force-color --session=coverage -- xml`

			`- name: Upload coverage report`
			`uses: codecov/codecov-action@v3.1.0`

			`- name: SonarCloud Scan`
			`uses: sonarsource/sonarcloud-github-action@master`
just skip unless main 2022-05-26 13:34:19 -04:00			`# thought about just skipping dependabot`
do not run sonar for pull requests and added files to test with keycloak w/ burnettk 2022-05-23 13:33:48 -04:00			`# if: ${{ github.actor != 'dependabot[bot]' }}`
just skip unless main 2022-05-26 13:34:19 -04:00			`# but figured all pull requests seems better, since none of them will have access to sonarcloud.`
			`# however, with just skipping pull requests, the build associated with "Triggered via push" is also associated with the pull request and also fails hitting sonarcloud`
			`# if: ${{ github.event_name != 'pull_request' }}`
			`# so just skip everything but main`
			`if: github.ref_name == 'main'`
initial commit w/ burnettk 2022-05-13 13:42:42 -04:00			`env:`
			`GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}`
			`SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}`
auto-merge dependabot pull requests when tests pass 2022-06-10 17:42:19 -04:00			`# part about saving PR number and then using it from auto-merge-dependabot-prs from:`
			`# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#workflow_run`
			`- name: Save PR number`
			`if: ${{ github.event_name == 'pull_request' }}`
			`env:`
			`PR_NUMBER: ${{ github.event.number }}`
			`run: \|`
			`mkdir -p ./pr`
			`echo "$PR_NUMBER" > ./pr/pr_number`
			`- uses: actions/upload-artifact@v3`
			`with:`
			`name: pr_number`
			`path: pr/`