2023-10-19 18:38:40 +00:00
name : Tests
2022-11-10 21:00:44 +00:00
on :
- push
- pull_request
2022-11-11 13:56:12 +00:00
defaults :
run :
working-directory : spiffworkflow-backend
2022-11-10 21:00:44 +00:00
jobs :
2023-10-19 18:38:40 +00:00
tests-backend :
2022-11-11 17:39:46 +00:00
name : ${{ matrix.session }} ${{ matrix.python }} / ${{ matrix.os }} ${{ matrix.database }}
runs-on : ${{ matrix.os }}
strategy :
fail-fast : false
matrix :
include :
2023-03-28 19:56:57 +00:00
- { python : "3.11" , os : "ubuntu-latest" , session : "safety" }
2022-11-13 04:24:09 +00:00
- { python : "3.11" , os : "ubuntu-latest" , session : "mypy" }
- { python : "3.10" , os : "ubuntu-latest" , session : "mypy" }
2022-11-11 17:39:46 +00:00
- {
python : "3.11" ,
os : "ubuntu-latest" ,
session : "tests" ,
database : "mysql" ,
2023-08-03 15:49:30 +00:00
upload_coverage : true ,
2022-11-11 17:39:46 +00:00
}
2022-11-13 04:24:09 +00:00
- {
python : "3.11" ,
os : "ubuntu-latest" ,
session : "tests" ,
database : "postgres" ,
}
- {
python : "3.11" ,
os : "ubuntu-latest" ,
session : "tests" ,
database : "sqlite" ,
}
- {
python : "3.10" ,
os : "ubuntu-latest" ,
session : "tests" ,
database : "sqlite" ,
}
2023-05-17 18:06:50 +00:00
# FIXME: tests cannot pass on windows and we currently cannot debug
# since none of us have a windows box that can run the python app.
# so ignore windows tests until we can get it fixed.
# - {
# python: "3.10",
# os: "windows-latest",
# session: "tests",
# database: "sqlite",
# }
2022-11-13 04:24:09 +00:00
- {
python : "3.11" ,
os : "macos-latest" ,
session : "tests" ,
database : "sqlite" ,
}
- {
# typeguard 2.13.3 is broken with TypeDict in 3.11.
# probably the next release fixes it.
# https://github.com/agronholm/typeguard/issues/242
python : "3.11" ,
os : "ubuntu-latest" ,
session : "typeguard" ,
database : "sqlite" ,
}
2023-06-13 14:46:26 +00:00
# - { python: "3.11", os: "ubuntu-latest", session: "xdoctest" }
2023-05-19 13:15:19 +00:00
# - { python: "3.11", os: "ubuntu-latest", session: "docs-build" }
2022-11-11 17:39:46 +00:00
env :
2023-02-16 12:59:51 +00:00
FLASK_SESSION_SECRET_KEY : super_secret_key
2022-11-11 17:39:46 +00:00
FORCE_COLOR : "1"
PRE_COMMIT_COLOR : "always"
2023-02-16 12:59:51 +00:00
SPIFFWORKFLOW_BACKEND_DATABASE_PASSWORD : password
SPIFFWORKFLOW_BACKEND_DATABASE_TYPE : ${{ matrix.database }}
2023-05-24 15:10:40 +00:00
SPIFFWORKFLOW_BACKEND_RUNNING_IN_CI : 'true'
2022-11-11 17:39:46 +00:00
steps :
- name : Check out the repository
2023-02-24 19:14:17 +00:00
uses : actions/checkout@v3.3.0
2022-11-11 17:39:46 +00:00
- name : Set up Python ${{ matrix.python }}
2023-05-29 21:32:25 +00:00
uses : actions/setup-python@v4.6.1
2022-11-11 17:39:46 +00:00
with :
python-version : ${{ matrix.python }}
- name : Upgrade pip
run : |
2023-08-03 15:49:30 +00:00
pip install --constraint=../.github/workflows/constraints.txt pip
2022-11-11 17:39:46 +00:00
pip --version
- name : Upgrade pip in virtual environments
shell : python
run : |
import os
import pip
with open(os.environ["GITHUB_ENV"], mode="a") as io:
print(f"VIRTUALENV_PIP={pip.__version__}", file=io)
- name : Install Poetry
run : |
2023-08-03 15:49:30 +00:00
pipx install --pip-args=--constraint=../.github/workflows/constraints.txt poetry
2022-11-11 17:39:46 +00:00
poetry --version
2023-05-19 11:05:58 +00:00
# when we get an imcompatible sqlite migration again and need to combine all migrations into one for the benefit of sqlite
# see if we can get the sqlite-specific block in the noxfile.py to work instead of this block in the github workflow,
# which annoyingly runs python setup outside of the nox environment (which seems to be flakier on poetry install).
# - name: Checkout Samples
# if: matrix.database == 'sqlite'
# uses: actions/checkout@v3
# with:
# repository: sartography/sample-process-models
# path: sample-process-models
# - name: Poetry Install
# if: matrix.database == 'sqlite'
# run: poetry install
# - name: Setup sqlite
# if: matrix.database == 'sqlite'
# env:
# SPIFFWORKFLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR: "${GITHUB_WORKSPACE}/sample-process-models"
# run: ./bin/recreate_db clean rmall
2023-02-27 22:00:34 +00:00
2022-11-11 17:39:46 +00:00
- name : Setup Mysql
uses : mirromutth/mysql-action@v1.1
with :
host port : 3306
container port : 3306
mysql version : "8.0"
2023-02-09 22:07:36 +00:00
mysql database : "spiffworkflow_backend_unit_testing"
2022-11-11 17:39:46 +00:00
mysql root password : password
2023-03-03 18:13:01 +00:00
collation server : 'utf8mb4_0900_as_cs'
2022-11-11 17:39:46 +00:00
if : matrix.database == 'mysql'
- name : Setup Postgres
2023-02-09 22:07:36 +00:00
run : docker run --name postgres-spiff -p 5432:5432 -e POSTGRES_PASSWORD=spiffworkflow_backend -e POSTGRES_USER=spiffworkflow_backend -e POSTGRES_DB=spiffworkflow_backend_unit_testing -d postgres
2022-11-11 17:39:46 +00:00
if : matrix.database == 'postgres'
2023-08-03 15:49:30 +00:00
- name : Install mysqlclient lib dependencies
if : matrix.os == 'macos-latest'
2022-11-11 17:39:46 +00:00
run : |
2023-08-03 15:49:30 +00:00
brew install mysql pkg-config
- name : Run Session
run : |
./bin/run_ci_session ${{ matrix.session }}
2022-11-11 17:39:46 +00:00
- name : Upload coverage data
# pin to upload coverage from only one matrix entry, otherwise coverage gets confused later
2023-08-03 15:49:30 +00:00
if : matrix.upload_coverage
2023-02-24 19:31:39 +00:00
uses : "actions/upload-artifact@v3"
2022-11-13 02:51:35 +00:00
# this action doesn't seem to respect working-directory so include working-directory value in path
2022-11-11 17:39:46 +00:00
with :
name : coverage-data
2022-11-13 02:51:35 +00:00
path : "spiffworkflow-backend/.coverage.*"
2022-11-11 17:39:46 +00:00
2023-05-19 13:15:19 +00:00
# - name: Upload documentation
# if: matrix.session == 'docs-build'
# uses: actions/upload-artifact@v3
# with:
# name: docs
# path: docs/_build
#
2022-11-11 17:39:46 +00:00
- name : Upload logs
if : failure() && matrix.session == 'tests'
2023-02-24 19:31:39 +00:00
uses : "actions/upload-artifact@v3"
2022-11-11 17:39:46 +00:00
with :
name : logs-${{matrix.python}}-${{matrix.os}}-${{matrix.database}}
2023-11-30 18:51:01 +00:00
path : "./spiffworkflow-backend/log/*.log"
2022-11-11 17:39:46 +00:00
2023-03-28 21:14:58 +00:00
# burnettk created an account at https://app.snyk.io/org/kevin-jfx
# and added his SNYK_TOKEN secret under the spiff-arena repo.
2023-03-28 20:55:13 +00:00
snyk :
2023-03-28 20:42:48 +00:00
runs-on : ubuntu-latest
steps :
- uses : actions/checkout@master
- name : Run Snyk to check for vulnerabilities
uses : snyk/actions/python@master
2023-03-28 20:55:13 +00:00
with :
args : spiffworkflow-backend
2023-03-28 20:42:48 +00:00
env :
SNYK_TOKEN : ${{ secrets.SNYK_TOKEN }}
2022-11-11 17:39:46 +00:00
run_pre_commit_checks :
runs-on : ubuntu-latest
defaults :
run :
working-directory : .
steps :
- name : Check out the repository
2023-02-24 19:14:17 +00:00
uses : actions/checkout@v3.3.0
2022-11-11 17:39:46 +00:00
- name : Set up Python
2023-05-29 21:32:25 +00:00
uses : actions/setup-python@v4.6.1
2022-11-11 17:39:46 +00:00
with :
python-version : "3.11"
- name : Install Poetry
run : |
2023-08-03 15:49:30 +00:00
pipx install --pip-args=--constraint=.github/workflows/constraints.txt poetry
2022-11-11 17:39:46 +00:00
poetry --version
- name : Poetry Install
run : poetry install
- name : run_pre_commit
run : ./bin/run_pre_commit_in_ci
check_docker_start_script :
2023-10-19 18:22:52 +00:00
permissions :
contents : read # for actions/checkout to fetch code
security-events : write # for github/codeql-action/upload-sarif to upload SARIF results
actions : read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
2022-11-11 17:39:46 +00:00
runs-on : ubuntu-latest
steps :
- name : Check out the repository
2023-02-24 19:14:17 +00:00
uses : actions/checkout@v3.3.0
2023-01-09 19:35:36 +00:00
- name : Checkout Samples
uses : actions/checkout@v3
with :
repository : sartography/sample-process-models
path : sample-process-models
2022-11-11 17:39:46 +00:00
- name : start_backend
run : ./bin/build_and_run_with_docker_compose
timeout-minutes : 20
env :
2023-01-06 21:33:20 +00:00
SPIFFWORKFLOW_BACKEND_RUN_DATA_SETUP : "false"
2022-11-11 17:39:46 +00:00
- name : wait_for_backend
run : ./bin/wait_for_server_to_be_up 5
coverage :
runs-on : ubuntu-latest
2023-10-19 18:38:40 +00:00
needs : [ tests-backend, run_pre_commit_checks, check_docker_start_script]
2022-11-11 17:39:46 +00:00
steps :
- name : Check out the repository
2023-02-24 19:14:17 +00:00
uses : actions/checkout@v3.3.0
2022-11-11 17:39:46 +00:00
with :
# Disabling shallow clone is recommended for improving relevancy of reporting in sonarcloud
fetch-depth : 0
- name : Set up Python
2023-05-29 21:32:25 +00:00
uses : actions/setup-python@v4.6.1
2022-11-11 17:39:46 +00:00
with :
python-version : "3.11"
- name : Upgrade pip
run : |
2023-08-03 15:49:30 +00:00
pip install --constraint=../.github/workflows/constraints.txt pip
2022-11-11 17:39:46 +00:00
pip --version
- name : Install Poetry
run : |
2023-08-03 15:49:30 +00:00
pipx install --pip-args=--constraint=../.github/workflows/constraints.txt poetry
2022-11-11 17:39:46 +00:00
poetry --version
- name : Download coverage data
2023-02-24 19:31:31 +00:00
uses : actions/download-artifact@v3.0.2
2022-11-11 17:39:46 +00:00
with :
name : coverage-data
2022-11-13 04:04:29 +00:00
# this action doesn't seem to respect working-directory so include working-directory value in path
path : spiffworkflow-backend
2022-11-11 17:39:46 +00:00
2023-08-03 15:49:30 +00:00
- name : Run Coverage
2022-11-11 17:39:46 +00:00
run : |
2023-08-03 15:49:30 +00:00
./bin/run_ci_session coverage
2022-11-11 17:39:46 +00:00
- name : Upload coverage report
2023-05-16 15:03:27 +00:00
uses : codecov/codecov-action@v3.1.4
2022-11-11 17:39:46 +00:00
- name : SonarCloud Scan
2023-04-24 15:07:47 +00:00
uses : sonarsource/sonarcloud-github-action@v1.9
2022-11-11 17:39:46 +00:00
# thought about just skipping dependabot
# if: ${{ github.actor != 'dependabot[bot]' }}
# but figured all pull requests seems better, since none of them will have access to sonarcloud.
# however, with just skipping pull requests, the build associated with "Triggered via push" is also associated with the pull request and also fails hitting sonarcloud
# if: ${{ github.event_name != 'pull_request' }}
# so just skip everything but main
if : github.ref_name == 'main'
2022-11-14 19:25:27 +00:00
with :
2023-03-28 12:22:17 +00:00
projectBaseDir : spiffworkflow-backend
2022-11-11 17:39:46 +00:00
env :
GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN : ${{ secrets.SONAR_TOKEN }}
# part about saving PR number and then using it from auto-merge-dependabot-prs from:
# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#workflow_run
- name : Save PR number
if : ${{ github.event_name == 'pull_request' }}
env :
PR_NUMBER : ${{ github.event.number }}
run : |
mkdir -p ./pr
echo "$PR_NUMBER" > ./pr/pr_number
- uses : actions/upload-artifact@v3
with :
name : pr_number
path : pr/
2023-10-19 18:38:40 +00:00
tests-frontend :
runs-on : ubuntu-latest
needs : [ tests-backend, run_pre_commit_checks, check_docker_start_script]
defaults :
run :
working-directory : spiffworkflow-frontend
steps :
- name : Development Code
uses : actions/checkout@v3
with :
# Disabling shallow clone is recommended for improving relevancy of reporting in sonarcloud
fetch-depth : 0
ref : ${{ github.event.workflow_run.head_sha }}
- name : Setup Node
uses : actions/setup-node@v3
with :
node-version : 18. x
- run : npm install
- run : npm run lint
- run : npm test
- run : npm run build --if-present
- name : SonarCloud Scan
# thought about just skipping dependabot
# if: ${{ github.actor != 'dependabot[bot]' }}
# but figured all pull requests seems better, since none of them will have access to sonarcloud.
# however, with just skipping pull requests, the build associated with "Triggered via push" is also associated with the pull request and also fails hitting sonarcloud
# if: ${{ github.event_name != 'pull_request' }}
# so just skip everything but main
if : github.ref_name == 'main'
uses : sonarsource/sonarcloud-github-action@master
with :
projectBaseDir : spiffworkflow-frontend
env :
GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN : ${{ secrets.SONAR_TOKEN }}
# part about saving PR number and then using it from auto-merge-dependabot-prs from:
# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#workflow_run
- name : Save PR number
if : ${{ github.event_name == 'pull_request' }}
env :
PR_NUMBER : ${{ github.event.number }}
run : |
mkdir -p ./pr
echo "$PR_NUMBER" > ./pr/pr_number
- uses : actions/upload-artifact@v3
with :
name : pr_number
path : pr/
cypress-run :
runs-on : ubuntu-latest
needs : [ tests-backend, run_pre_commit_checks, check_docker_start_script]
defaults :
run :
working-directory : spiffworkflow-frontend
steps :
- name : Checkout
uses : actions/checkout@v3
with :
ref : ${{ github.event.workflow_run.head_sha }}
- name : Checkout Samples
uses : actions/checkout@v3
with :
repository : sartography/sample-process-models
path : sample-process-models
- name : start_keycloak
working-directory : ./spiffworkflow-backend
run : ./keycloak/bin/start_keycloak
- name : start_backend
working-directory : ./spiffworkflow-backend
run : ./bin/build_and_run_with_docker_compose
timeout-minutes : 20
env :
SPIFFWORKFLOW_BACKEND_LOAD_FIXTURE_DATA : "true"
SPIFFWORKFLOW_BACKEND_PERMISSIONS_FILE_NAME : "acceptance_tests.yml"
- name : start_frontend
# working-directory: ./spiffworkflow-frontend
run : ./bin/build_and_run_with_docker_compose
- name : wait_for_backend
working-directory : ./spiffworkflow-backend
run : ./bin/wait_for_server_to_be_up 5
- name : wait_for_frontend
# working-directory: ./spiffworkflow-frontend
run : ./bin/wait_for_frontend_to_be_up 5
- name : wait_for_keycloak
working-directory : ./spiffworkflow-backend
run : ./keycloak/bin/wait_for_keycloak 5
- name : Dump GitHub context
env :
GITHUB_CONTEXT : ${{ toJson(github) }}
run : |
echo "$GITHUB_CONTEXT"
- name : Cypress run
uses : cypress-io/github-action@v5
with :
working-directory : ./spiffworkflow-frontend
browser : chrome
# only record on push, not pull_request, since we do not have secrets for PRs,
# so the required CYPRESS_RECORD_KEY will not be available.
# we have limited runs in cypress cloud, so only record main builds
# the direct check for github.event_name == 'push' is for if we want to go back to triggering this workflow
# directly, rather than when Backend Tests complete.
# note that github.event.workflow_run is referring to the Backend Tests workflow and another option
# for github.event.workflow_run.event is 'pull_request', which we want to ignore.
record : ${{ github.ref_name == 'main' && ((github.event_name == 'workflow_run' && github.event.workflow_run.event == 'push') || (github.event_name == 'push')) }}
env :
# pass the Dashboard record key as an environment variable
CYPRESS_RECORD_KEY : ${{ secrets.CYPRESS_RECORD_KEY }}
# pass GitHub token to allow accurately detecting a build vs a re-run build
GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
CYPRESS_SPIFFWORKFLOW_FRONTEND_AUTH_WITH_KEYCLOAK : "true"
- name : get_backend_logs_from_docker_compose
if : failure()
working-directory : ./spiffworkflow-backend
run : ./bin/get_logs_from_docker_compose >./log/docker_compose.log
- name : Upload logs
if : failure()
uses : "actions/upload-artifact@v3"
with :
name : spiffworkflow-backend-logs
path : "./spiffworkflow-backend/log/*.log"
# https://github.com/cypress-io/github-action#artifacts
- name : upload_screenshots
uses : actions/upload-artifact@v3
if : failure()
with :
name : cypress-screenshots
path : ./spiffworkflow-frontend/cypress/screenshots
# Test run video was always captured, so this action uses "always()" condition
- name : upload_videos
uses : actions/upload-artifact@v3
if : failure()
with :
name : cypress-videos
path : ./spiffworkflow-frontend/cypress/videos