Skip to content
Python application

Fix newline at end of file in main.py #3

Sign in to view logs

Fix newline at end of file in main.py

Fix newline at end of file in main.py #3

Workflow file for this run

.github/workflows/python-practice-v2.yml at 44bac0b
# This workflow will install Python dependencies, run tests and lint with a single version of Python
# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-python
name: Python application
on:
push:
branches: [ "practice" ]
pull_request:
branches: [ "main" ]
permissions:
contents: read
packages: write
security-events: write
jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Set up Python 3.13
uses: actions/setup-python@v6
with:
python-version: "3.13"
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install flake8
- name: Lint with flake8
run: |
# stop the build if there are Python syntax errors or undefined names
flake8 testing --count --select=E9,F63,F7,F82 --show-source --statistics
# exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide
flake8 testing --count --max-complexity=10 --max-line-length=127 --statistics
unit-test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Set up Python 3.13
uses: actions/setup-python@v6
with:
python-version: "3.13"
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install pytest
if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
- name: Run tests
run: |
pytest
sast:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Set up CodeQL
uses: github/codeql-action/init@v3
with:
languages: python
- name: Run CodeQL
uses: github/codeql-action/analyze@v3
build:
needs: [lint, unit-test, sast]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Build the image
run: |
docker build -f testing/Dockerfile testing/ \
-t ghcr.io/${{github.repository}}:${{github.sha}}
- name: Export image
run: |
docker save ghcr.io/${{github.repository}}:${{github.sha}} -o image.tar
- name: Save artifact
uses: actions/upload-artifact@v4
with:
name: docker-image-${{github.sha}}
path: image.tar
image-scan:
needs: build
runs-on: ubuntu-latest
steps:
- name: Download artifact
uses: actions/download-artifact@v4
with:
name: docker-image-${{github.sha}}
- name: Load image
run: |
docker load -i image.tar
- name: Scan image with Trivy
uses: aquasecurity/trivy-action@0.20.0
with:
image-ref: ghcr.io/${{github.repository}}:${{github.sha}}
format: table
severity: HIGH,CRITICAL
exit-code: 1
output: trivy-report-${{github.sha}}.txt
- name: Upload trivy report
if: always()
uses: actions/upload-artifact@v4
with:
name: trivy-report-${{github.sha}}.txt
path: trivy-report-${{github.sha}}.txt
push:
needs: image-scan
if: github.event_name == 'push'
runs-on: ubuntu-latest
steps:
- name: Download artifact
uses: actions/download-artifact@v4
with:
name: docker-image-${{github.sha}}
- name: Load image
run: |
docker load -i image.tar
- name: Login GHCR
run:
docker login ghcr.io -u ${{github.actor}} -p ${{github.token}}
- name: Tag image
run: |
docker tag ghcr.io/${{github.repository}}:${{github.sha}} ghcr.io/${{github.repository}}:${{github.ref_name}}
- name: Push images
run: |
docker push ghcr.io/${{github.repository}}:${{github.sha}}
docker push ghcr.io/${{github.repository}}:${{github.ref_name}}