Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| uses: kbase/.github/.github/workflows/reusable_build-push.yml@main | ||
| with: | ||
| name: '${{ github.event.repository.name }}-develop' | ||
| tags: br-${{ github.ref_name }} | ||
| secrets: inherit |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
| if: github.base_ref == 'develop' && github.event.pull_request.merged == false | ||
| uses: kbase/.github/.github/workflows/reusable_build.yml@main | ||
| secrets: inherit | ||
| build-develop-merge: |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
| if: github.base_ref == 'develop' && github.event.pull_request.merged == true | ||
| uses: kbase/.github/.github/workflows/reusable_build-push.yml@main | ||
| with: | ||
| name: '${{ github.event.repository.name }}-develop' | ||
| tags: pr-${{ github.event.number }},latest | ||
| secrets: inherit | ||
| build-main-open: |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
| if: (github.base_ref == 'main' || github.base_ref == 'master') && github.event.pull_request.merged == false | ||
| uses: kbase/.github/.github/workflows/reusable_build-push.yml@main | ||
| with: | ||
| name: '${{ github.event.repository.name }}' | ||
| tags: pr-${{ github.event.number }} | ||
| secrets: inherit | ||
| build-main-merge: |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
| if: (github.base_ref == 'main' || github.base_ref == 'master') && github.event.pull_request.merged == true | ||
| uses: kbase/.github/.github/workflows/reusable_build-push.yml@main | ||
| with: | ||
| name: '${{ github.event.repository.name }}' | ||
| tags: pr-${{ github.event.number }},latest-rc | ||
| secrets: inherit | ||
| trivy-scans: |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
| uses: kbase/.github/.github/workflows/reusable_validate-branch.yml@main | ||
| with: | ||
| build_branch: '${{ github.event.release.target_commitish }}' | ||
| validate-release-tag: |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
| needs: check-source-branch | ||
| uses: kbase/.github/.github/workflows/reusable_validate-release-tag.yml@main | ||
| with: | ||
| release_tag: '${{ github.event.release.tag_name }}' | ||
| build-push: |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
| needs: validate-release-tag | ||
| uses: kbase/.github/.github/workflows/reusable_build-push.yml@main | ||
| with: | ||
| name: '${{ github.event.repository.name }}' | ||
| tags: '${{ github.event.release.tag_name }},latest' | ||
| secrets: inherit |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
There was a problem hiding this comment.
Pull Request Overview
This PR introduces several GitHub Actions workflows to support testing, releasing, pull request builds, manual builds, dependency updates, and code scanning for security improvements. Key changes include:
- Addition of a multi-version Python test workflow (.github/workflows/test.yml)
- Setup of release, pull request, and manual build workflows
- Inclusion of Dependabot and CodeQL configurations for improved security and dependency management
Reviewed Changes
Copilot reviewed 6 out of 8 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| .github/workflows/test.yml | Adds a workflow for testing and building docker images |
| .github/workflows/release-main.yml | Implements a release workflow for building and pushing images |
| .github/workflows/pr_build.yml | Configures workflows for pull request builds and tag/push mechanisms |
| .github/workflows/manual-build.yml | Introduces a manual build and push workflow |
| .github/dependabot.yml | Configures monthly dependency update checks via Dependabot |
| .github/codeql.yml | Sets up CodeQL scanning for code security analysis |
Files not reviewed (2)
- .github/workflows/test-push-release.yml: Language not supported
- scripts/run_unit_tests: Language not supported
| name: Run tests and build docker iamges | ||
|
|
There was a problem hiding this comment.
There is a typo in 'iamges'. Please correct it to 'images' so that the workflow name is clear.
| name: Run tests and build docker iamges | |
| name: Run tests and build docker images |
Welcome to Codecov 🎉Once you merge this PR into your default branch, you're all set! Codecov will compare coverage reports and display results in all future pull requests. Thanks for integrating Codecov - We've got you covered ☂️ |
|
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
Xiangs18
changed the title
| runs-on: ubuntu-latest | ||
|
|
||
| env: | ||
| WORKSPACE_TOKEN: ${{ secrets.WORKSPACE_TOKEN }} | ||
| RE_API_TOKEN: ${{ secrets.RE_API_TOKEN }} | ||
|
|
||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Set up Python | ||
| uses: actions/setup-python@v5 | ||
| with: | ||
| python-version: 3.9.19 | ||
|
|
||
| - name: Pip installation | ||
| run: python -m pip install --upgrade pip poetry | ||
|
|
||
| - name: Poetry installation | ||
| run: poetry install | ||
|
|
||
| - name: Run unit tests | ||
| run: scripts/run_unit_tests | ||
|
|
||
| - name: Run integration tests | ||
| run: | | ||
| docker compose up | ||
| scripts/run_integration_tests | ||
|
|
||
| - name: Upload coverage to Codecov | ||
| uses: codecov/codecov-action@v5 | ||
| with: | ||
| token: ${{ secrets.CODECOV_TOKEN }} | ||
| fail_ci_if_error: true |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium test
trigger build
…o dev-add_workflows
There was a problem hiding this comment.
I'm assuming again all the workflows are the standard boilerplate, LMK if that's not the case
There was a problem hiding this comment.
yes, standard boilerplate
| RUN apk --update add librdkafka librdkafka-dev && ldconfig /usr/lib | ||
| RUN apk --update add build-base git cmake bash | ||
| RUN git clone --branch v2.6.1 https://github.com/confluentinc/librdkafka.git /tmp/librdkafka | ||
| RUN cd /tmp/librdkafka && \ | ||
| ./configure && \ | ||
| make && \ | ||
| make install && \ | ||
| ldconfig /usr/lib |
There was a problem hiding this comment.
Yikes, why do we need to build from source?
There was a problem hiding this comment.
Because RUN apk --update add librdkafka only gives you librdkafka 2.4, which is not compatible with confluent-kafka 2.6.1.
There was a problem hiding this comment.
Ok, so we might be able to install from a repo if we upgrade the docker image in the future
| confluent-kafka = "2.6.1" | ||
|
|
||
| [tool.poetry.dev-dependencies] | ||
| [tool.poetry.group.dev.dependencies] |
There was a problem hiding this comment.
I don't know anything about poetry so I'm not sure what this change means
There was a problem hiding this comment.
new formats for specifying dev dependencies in your pyproject.toml
| pip install --upgrade pip poetry==2.1.2 && \ | ||
| poetry config virtualenvs.create false && \ | ||
| poetry install --no-dev --no-interaction --no-ansi && \ | ||
| poetry install --no-root --without dev --no-interaction --no-ansi && \ |
There was a problem hiding this comment.
Same deal as above re poetry
There was a problem hiding this comment.
In Poetry ≥1.2, --no-dev is deprecated and replaced with dependency groups like --with and --without.
Line 42 basically installs only the main dependencies, skipping dev dependencies.
MrCreosote
left a comment
MrCreosote
left a comment
There was a problem hiding this comment.
LGTM, just needs @bio-boris's signoff
No description provided.