flask-serverless-lambda/.github/workflows/pull-request-test.yml at main · sonyasha/flask-serverless-lambda · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
# This workflow check each pull request, overall redundant, but might be useful in some cases

name: Pull request unittest security check

on:
  pull_request:
    branches: [ main ]

env:
  API_KEY: ${{ secrets.API_KEY }}

jobs:
  lint:
    runs-on: ubuntu-latest

    steps:
    - uses: actions/checkout@v3
    - name: Set up Python 3.x
      uses: actions/setup-python@v4
      with:
        python-version: '3.13'
    - name: Install dependencies
      run: |
        python -m pip install --upgrade pip
        pip install -r requirements-lint.txt
    - name: Run ruff check
      run: ruff check .
    - name: Run black check
      run: black --check .
    - name: Run isort check
      run: isort --check .

  test:
    runs-on: ubuntu-latest
    needs: lint

    strategy:
      matrix:
        os: [ ubuntu-latest, macos-latest, windows-latest ]
        python-version: [ 3.9, 3.13 ]

    steps:
    - uses: actions/checkout@v3
    - name: Set up Python ${{ matrix.python-version }}
      uses: actions/setup-python@v4
      with:
        python-version: ${{ matrix.python-version }}
    - name: Display Python version
      run: python -c "import sys; print(sys.version)"
    - name: Install dependencies
      run: |
        python -m pip install --upgrade pip
        pip install -r requirements.txt
        pip install pytest pytest-cov
    - name: Run test suite
      run: |
        pytest --cov=api tests/

  bandit-scan:
    runs-on: ubuntu-latest
    needs: test
    steps:
    - uses: actions/checkout@v3
    # Runs a pre configured Bandit scan
    - name: Run bandit
      uses: jpetrucciani/bandit-check@master
      with:
        # only scans under this path
        path: './api'