Declare Odoo testing runtime expectations #2055
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: CI | |
| "on": | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| jobs: | |
| static_checks: | |
| if: >- | |
| github.event_name != 'pull_request' || | |
| github.event.pull_request.head.repo.full_name == github.repository | |
| runs-on: | |
| - self-hosted | |
| - ${{ vars.LAUNCHPLANE_RUNNER_LABEL }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v7 | |
| - name: Install Python | |
| run: uv python install 3.13 | |
| - name: Run Ruff | |
| run: uv run --extra dev ruff check . | |
| - name: Run mypy | |
| run: uv run --extra dev mypy control_plane tests | |
| - name: Audit Python dependencies | |
| run: | | |
| # PyJWT is only used for GitHub OIDC RS256 verification; this | |
| # disputed advisory has no fixed release and concerns app-chosen | |
| # weak symmetric keys. | |
| uv run --with pip-audit pip-audit --ignore-vuln PYSEC-2025-183 | |
| static_checks_fork: | |
| if: >- | |
| github.event_name == 'pull_request' && | |
| github.event.pull_request.head.repo.full_name != github.repository | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v7 | |
| - name: Install Python | |
| run: uv python install 3.13 | |
| - name: Run Ruff | |
| run: uv run --extra dev ruff check . | |
| - name: Run mypy | |
| run: uv run --extra dev mypy control_plane tests | |
| - name: Audit Python dependencies | |
| run: | | |
| # PyJWT is only used for GitHub OIDC RS256 verification; this | |
| # disputed advisory has no fixed release and concerns app-chosen | |
| # weak symmetric keys. | |
| uv run --with pip-audit pip-audit --ignore-vuln PYSEC-2025-183 | |
| container_scan: | |
| if: >- | |
| github.event_name != 'pull_request' || | |
| github.event.pull_request.head.repo.full_name == github.repository | |
| runs-on: | |
| - self-hosted | |
| - ${{ vars.LAUNCHPLANE_RUNNER_LABEL }} | |
| permissions: | |
| contents: read | |
| packages: read | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/setup-buildx-action@v4 | |
| with: | |
| name: launchplane-ci | |
| keep-state: true | |
| - name: Log in to GHCR for build cache | |
| uses: docker/login-action@v4 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ github.token }} | |
| - name: Build runtime image | |
| uses: docker/build-push-action@v7 | |
| with: | |
| builder: ${{ steps.buildx.outputs.name }} | |
| context: . | |
| load: true | |
| tags: launchplane-ci:test | |
| cache-from: >- | |
| type=registry,ref=ghcr.io/${{ github.repository }}:buildcache | |
| - name: Scan runtime image | |
| run: | | |
| docker run --rm \ | |
| -v /var/run/docker.sock:/var/run/docker.sock \ | |
| -v "${RUNNER_TEMP}/trivy-cache:/root/.cache" \ | |
| ghcr.io/aquasecurity/trivy:0.70.0 \ | |
| image \ | |
| --scanners vulnerability \ | |
| --ignore-unfixed \ | |
| --severity HIGH,CRITICAL \ | |
| --exit-code 1 \ | |
| launchplane-ci:test | |
| frontend_validate: | |
| if: >- | |
| github.event_name != 'pull_request' || | |
| github.event.pull_request.head.repo.full_name == github.repository | |
| runs-on: | |
| - self-hosted | |
| - ${{ vars.LAUNCHPLANE_RUNNER_LABEL }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Install Node | |
| uses: actions/setup-node@v6 | |
| with: | |
| node-version: "22" | |
| - name: Enable pnpm | |
| run: | | |
| corepack enable | |
| corepack prepare pnpm@10.10.0 --activate | |
| - name: Install frontend dependencies | |
| run: pnpm --dir frontend install --frozen-lockfile | |
| - name: Validate frontend | |
| run: pnpm --dir frontend validate | |
| frontend_validate_fork: | |
| if: >- | |
| github.event_name == 'pull_request' && | |
| github.event.pull_request.head.repo.full_name != github.repository | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Install Node | |
| uses: actions/setup-node@v6 | |
| with: | |
| node-version: "22" | |
| - name: Enable pnpm | |
| run: | | |
| corepack enable | |
| corepack prepare pnpm@10.10.0 --activate | |
| - name: Install frontend dependencies | |
| run: pnpm --dir frontend install --frozen-lockfile | |
| - name: Validate frontend | |
| run: pnpm --dir frontend validate | |
| test: | |
| if: >- | |
| github.event_name != 'pull_request' || | |
| github.event.pull_request.head.repo.full_name == github.repository | |
| runs-on: | |
| - self-hosted | |
| - ${{ vars.LAUNCHPLANE_RUNNER_LABEL }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v7 | |
| - name: Install Python | |
| run: uv python install 3.13 | |
| - name: Run unit tests | |
| run: uv run python -m unittest | |
| test_fork: | |
| if: >- | |
| github.event_name == 'pull_request' && | |
| github.event.pull_request.head.repo.full_name != github.repository | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v7 | |
| - name: Install Python | |
| run: uv python install 3.13 | |
| - name: Run unit tests | |
| run: uv run python -m unittest |