forked from cms-patatrack/CLUEstering
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Create more workflows for security and testing (#7)
* Create pylint workflow * Create codacy security workflow * Create flawfinder security workflow * Create codeql security workflow * Create python anaconda workflow Fix typo in python-package-anaconda.yml Add enviroment file for test with anaconda Fix typo Remove linting from conda test workflow Remove analysis of cpp from codeql Add pytest to conda dependencies Add installation of CLUEstering in conda workflow * Remove obsolete test on test_blobs * Use testing script in anaconda workflow * Add settings for autopep inside pyproject.toml * Format all `.py` files using autopep8 * Add installation of CLUE Python dependencies in pylint workflow * Add docstrings for all the test modules and functions Add last missing docstrings * Add workflow for clang-format Formatting Remove reduntant path to clang-format workflow * Lower the failing threshold for pylint * Exclude `doctest.h` from clang-format workflow check
- Loading branch information
Showing
27 changed files
with
707 additions
and
196 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,9 @@ | ||
| name: test-with-conda | ||
| dependencies: | ||
| - python==3.8 | ||
| - numpy | ||
| - matplotlib | ||
| - scikit-learn | ||
| - pybind11 | ||
| - pandas | ||
| - pytest |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,24 @@ | ||
| name: clang-format Check | ||
|
|
||
| on: | ||
| push: | ||
| branches: [ "main" ] | ||
| pull_request: | ||
| branches: [ "main" ] | ||
|
|
||
| jobs: | ||
| formatting-check: | ||
| name: Formatting Check | ||
| runs-on: ubuntu-latest | ||
| strategy: | ||
| matrix: | ||
| path: | ||
| - 'CLUEstering/include' | ||
| steps: | ||
| - uses: actions/checkout@v3 | ||
| - name: Run clang-format style check | ||
| uses: jidicula/[email protected] | ||
| with: | ||
| clang-format-version: '16' | ||
| check-path: ${{ matrix.path }} | ||
| exclude-regex: 'CLUEstering/include/test/doctest.h' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,61 @@ | ||
| # This workflow uses actions that are not certified by GitHub. | ||
| # They are provided by a third-party and are governed by | ||
| # separate terms of service, privacy policy, and support | ||
| # documentation. | ||
|
|
||
| # This workflow checks out code, performs a Codacy security scan | ||
| # and integrates the results with the | ||
| # GitHub Advanced Security code scanning feature. For more information on | ||
| # the Codacy security scan action usage and parameters, see | ||
| # https://github.com/codacy/codacy-analysis-cli-action. | ||
| # For more information on Codacy Analysis CLI in general, see | ||
| # https://github.com/codacy/codacy-analysis-cli. | ||
|
|
||
| name: Codacy Security Scan | ||
|
|
||
| on: | ||
| push: | ||
| branches: [ "main" ] | ||
| pull_request: | ||
| # The branches below must be a subset of the branches above | ||
| branches: [ "main" ] | ||
| schedule: | ||
| - cron: '16 1 * * 6' | ||
|
|
||
| permissions: | ||
| contents: read | ||
|
|
||
| jobs: | ||
| codacy-security-scan: | ||
| permissions: | ||
| contents: read # for actions/checkout to fetch code | ||
| security-events: write # for github/codeql-action/upload-sarif to upload SARIF results | ||
| actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status | ||
| name: Codacy Security Scan | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| # Checkout the repository to the GitHub Actions runner | ||
| - name: Checkout code | ||
| uses: actions/checkout@v3 | ||
|
|
||
| # Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis | ||
| - name: Run Codacy Analysis CLI | ||
| uses: codacy/codacy-analysis-cli-action@d840f886c4bd4edc059706d09c6a1586111c540b | ||
| with: | ||
| # Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository | ||
| # You can also omit the token and run the tools that support default configurations | ||
| project-token: ${{ secrets.CODACY_PROJECT_TOKEN }} | ||
| verbose: true | ||
| output: results.sarif | ||
| format: sarif | ||
| # Adjust severity of non-security issues | ||
| gh-code-scanning-compat: true | ||
| # Force 0 exit code to allow SARIF file generation | ||
| # This will handover control about PR rejection to the GitHub side | ||
| max-allowed-issues: 2147483647 | ||
|
|
||
| # Upload the SARIF file generated in the previous step | ||
| - name: Upload SARIF results file | ||
| uses: github/codeql-action/upload-sarif@v2 | ||
| with: | ||
| sarif_file: results.sarif |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,71 @@ | ||
| name: "CodeQL" | ||
|
|
||
| on: | ||
| push: | ||
| branches: [ "main" ] | ||
| pull_request: | ||
| # The branches below must be a subset of the branches above | ||
| branches: [ "main" ] | ||
| schedule: | ||
| - cron: '22 20 * * 5' | ||
|
|
||
| jobs: | ||
| analyze: | ||
| name: Analyze | ||
| # Runner size impacts CodeQL analysis time. To learn more, please see: | ||
| # - https://gh.io/recommended-hardware-resources-for-running-codeql | ||
| # - https://gh.io/supported-runners-and-hardware-resources | ||
| # - https://gh.io/using-larger-runners | ||
| # Consider using larger runners for possible analysis time improvements. | ||
| runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }} | ||
| timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }} | ||
| permissions: | ||
| actions: read | ||
| contents: read | ||
| security-events: write | ||
|
|
||
| strategy: | ||
| fail-fast: false | ||
| matrix: | ||
| language: [ 'python' ] | ||
| # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby', 'swift' ] | ||
| # Use only 'java' to analyze code written in Java, Kotlin or both | ||
| # Use only 'javascript' to analyze code written in JavaScript, TypeScript or both | ||
| # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support | ||
|
|
||
| steps: | ||
| - name: Checkout repository | ||
| uses: actions/checkout@v3 | ||
|
|
||
| # Initializes the CodeQL tools for scanning. | ||
| - name: Initialize CodeQL | ||
| uses: github/codeql-action/init@v2 | ||
| with: | ||
| languages: ${{ matrix.language }} | ||
| # If you wish to specify custom queries, you can do so here or in a config file. | ||
| # By default, queries listed here will override any specified in a config file. | ||
| # Prefix the list here with "+" to use these queries and those in the config file. | ||
|
|
||
| # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs | ||
| # queries: security-extended,security-and-quality | ||
|
|
||
|
|
||
| # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift). | ||
| # If this step fails, then you should remove it and run the build manually (see below) | ||
| - name: Autobuild | ||
| uses: github/codeql-action/autobuild@v2 | ||
|
|
||
| # ℹ️ Command-line programs to run using the OS shell. | ||
| # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun | ||
|
|
||
| # If the Autobuild fails above, remove it and uncomment the following three lines. | ||
| # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. | ||
|
|
||
| # - run: | | ||
| # echo "Run, Build Application using script" | ||
| # ./location_of_script_within_repo/buildscript.sh | ||
|
|
||
| - name: Perform CodeQL Analysis | ||
| uses: github/codeql-action/analyze@v2 | ||
| with: | ||
| category: "/language:${{matrix.language}}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,38 @@ | ||
| # This workflow uses actions that are not certified by GitHub. | ||
| # They are provided by a third-party and are governed by | ||
| # separate terms of service, privacy policy, and support | ||
| # documentation. | ||
|
|
||
| name: flawfinder | ||
|
|
||
| on: | ||
| push: | ||
| branches: [ "main" ] | ||
| pull_request: | ||
| # The branches below must be a subset of the branches above | ||
| branches: [ "main" ] | ||
| schedule: | ||
| - cron: '29 5 * * 1' | ||
|
|
||
| jobs: | ||
| flawfinder: | ||
| name: Flawfinder | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| actions: read | ||
| contents: read | ||
| security-events: write | ||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v3 | ||
|
|
||
| - name: flawfinder_scan | ||
| uses: david-a-wheeler/flawfinder@8e4a779ad59dbfaee5da586aa9210853b701959c | ||
| with: | ||
| arguments: '--sarif ./' | ||
| output: 'flawfinder_results.sarif' | ||
|
|
||
| - name: Upload analysis results to GitHub Security tab | ||
| uses: github/codeql-action/upload-sarif@v2 | ||
| with: | ||
| sarif_file: ${{github.workspace}}/flawfinder_results.sarif |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,31 @@ | ||
| name: Pylint | ||
|
|
||
| # The workflow gets triggered by pushes and pull requests | ||
| on: | ||
| push: | ||
| branches: [ "main" ] | ||
| pull_request: | ||
| branches: [ "main" ] | ||
|
|
||
| jobs: | ||
| build: | ||
| runs-on: ubuntu-latest | ||
| strategy: | ||
| matrix: | ||
| python-version: ["3.8", "3.10"] | ||
| steps: | ||
| - uses: actions/checkout@v3 | ||
| - name: Set up Python ${{ matrix.python-version }} | ||
| uses: actions/setup-python@v3 | ||
| with: | ||
| python-version: ${{ matrix.python-version }} | ||
| - name: Install dependencies | ||
| run: | | ||
| python -m pip install --upgrade pip | ||
| pip install pylint | ||
| # install libraries used throughout the project | ||
| # needed otherwise pylint gives import-errors | ||
| pip install numpy matplotlib pandas scikit-learn pytest | ||
| - name: Analysing the code with pylint | ||
| run: | | ||
| pylint --fail-under=8. $(git ls-files '*.py') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,39 @@ | ||
| name: Python Package using Conda | ||
|
|
||
| # The workflow gets triggered by pushes and pull requests | ||
| on: | ||
| push: | ||
| branches: [ "main" ] | ||
| pull_request: | ||
| branches: [ "main" ] | ||
|
|
||
| jobs: | ||
| build-linux: | ||
| runs-on: ubuntu-latest | ||
| strategy: | ||
| max-parallel: 5 | ||
|
|
||
| steps: | ||
| - uses: actions/checkout@v3 | ||
| - name: Set up Python 3.10 | ||
| uses: actions/setup-python@v3 | ||
| with: | ||
| python-version: "3.10" | ||
| - name: Add conda to system path | ||
| run: | | ||
| # $CONDA is an environment variable pointing to the root of the miniconda directory | ||
| echo $CONDA/bin >> $GITHUB_PATH | ||
| - name: Install dependencies | ||
| run: | | ||
| conda env update --file ${{github.workspace}}/.env/test_env.yml --name base | ||
| # - name: Lint with flake8 | ||
| # run: | | ||
| # conda install flake8 | ||
| # # stop the build if there are Python syntax errors or undefined names | ||
| # flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics | ||
| # # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide | ||
| # flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics | ||
| - name: Test with pytest | ||
| run: | | ||
| pip install . | ||
| ./tests/run_test.sh |
Oops, something went wrong.