Ignore GHSA-hc5w-c9f8-9cc4 until the CVE is corrected for the Python library #4176
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Code Coverage | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| branches: | |
| - main | |
| # have the ability to trigger this workflow manually | |
| workflow_dispatch: | |
| jobs: | |
| build: | |
| name: Unit Test and SonarCloud Scan | |
| runs-on: ubuntu-latest | |
| env: | |
| ANSIBLE_AI_DATABASE_HOST: localhost | |
| ANSIBLE_AI_DATABASE_NAME: wisdom | |
| ANSIBLE_AI_DATABASE_PASSWORD: wisdom | |
| ANSIBLE_AI_DATABASE_USER: wisdom | |
| ARI_KB_PATH: /etc/ari/kb/ | |
| DJANGO_SETTINGS_MODULE: ansible_ai_connect.main.settings.development | |
| ENABLE_ARI_POSTPROCESS: False | |
| ENABLE_ANSIBLE_LINT_POSTPROCESS: True | |
| PYTHONUNBUFFERED: 1 | |
| SECRET_KEY: somesecret | |
| services: | |
| postgres: | |
| image: docker.io/library/postgres:alpine | |
| env: | |
| POSTGRES_USER: wisdom | |
| POSTGRES_PASSWORD: wisdom | |
| POSTGRES_DB: wisdom | |
| ports: | |
| - 5432:5432 | |
| # needed because the postgres container does not provide a healthcheck | |
| options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5 | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis | |
| ############## | |
| # Python tests | |
| ############## | |
| - name: Setup Python 3.11 | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.11' | |
| - name: Install Dependencies (Python) | |
| run: | | |
| python3 -m pip install --upgrade pip | |
| pip install -r requirements.txt | |
| pip install -r requirements-dev.txt | |
| pip install . | |
| - name: Retrieve ari knowledge base from s3 | |
| run: | | |
| sudo mkdir -p /etc/ari/kb | |
| sudo chown -R $USER:$USER /etc/ari/kb | |
| aws s3 cp --only-show-errors --recursive ${KB_ARI_PATH}/data /etc/ari/kb/data | |
| aws s3 cp --only-show-errors --recursive ${KB_ARI_PATH}/rules /etc/ari/kb/rules | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| AWS_DEFAULT_REGION: us-east-1 | |
| KB_ARI_PATH: ${{ secrets.KB_ARI_PATH }} | |
| - name: Create CA symlink to use RH's certifi on ubuntu-latest | |
| run: | | |
| sudo mkdir -p /etc/pki/tls/certs | |
| sudo ln -s /etc/ssl/certs/ca-certificates.crt /etc/pki/tls/certs/ca-bundle.crt | |
| - name: Running Unit Tests (Python) | |
| run: | | |
| coverage run --rcfile=setup.cfg -m ansible_ai_connect.manage test ansible_ai_connect | |
| coverage xml | |
| coverage report --rcfile=setup.cfg --format=markdown > code-coverage-results.md | |
| # See https://sonarsource.atlassian.net/browse/SONARPY-1203 | |
| - name: Fix paths in coverage file | |
| run: | | |
| sed -i 's,/home/runner/work/ansible-wisdom-service/ansible-wisdom-service/,/github/workspace/,g' coverage.xml | |
| ################## | |
| # TypeScript tests | |
| ################## | |
| - name: Use Node.js | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: '21.x' | |
| cache: 'npm' | |
| cache-dependency-path: ./ansible_ai_connect_admin_portal/package-lock.json | |
| - name: Install Dependencies (TypeScript) | |
| run: npm ci | |
| working-directory: ./ansible_ai_connect_admin_portal | |
| - name: Running Unit Tests (TypeScript) | |
| run: npm run test | |
| working-directory: ./ansible_ai_connect_admin_portal | |
| ############################ | |
| # TypeScript tests (chatbot) | |
| ############################ | |
| - name: Use Node.js (chatbot) | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: '21.x' | |
| cache: 'npm' | |
| cache-dependency-path: ./ansible_ai_connect_chatbot/package-lock.json | |
| - name: Install Dependencies (TypeScript) (chatbot) | |
| run: npm install | |
| working-directory: ./ansible_ai_connect_chatbot | |
| - name: Running Unit Tests with code coverage (TypeScript) (chatbot) | |
| run: npm run coverage | |
| working-directory: ./ansible_ai_connect_chatbot | |
| ##################### | |
| # SonarCloud coverage | |
| ##################### | |
| - name: SonarCloud Scan | |
| uses: SonarSource/sonarcloud-github-action@master | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| #################### | |
| # OpenAPI file check | |
| #################### | |
| - name: Ensure the OpenAPI file is up to date | |
| run: | | |
| make run-server & | |
| sleep 10 | |
| make create-cachetable | |
| make update-openapi-schema | |
| git diff --exit-code -- tools/openapi-schema/ansible-ai-connect-service.yaml |