[DOP-4041] Sync project with onETL

.github/workflows/codeql-analysis.yml

@@ -1,23 +1,21 @@
-name: CodeQL
+name: Code analysis
 
 on:
   push:
-    branches-ignore:
-    - dependabot/**
-    - pre-commit-ci-update-config
-    - master
-  pull_request:
     branches:
     - develop
+  pull_request:
+    branches-ignore:
+    - master
   workflow_dispatch:
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.head_ref || github.ref }}
   cancel-in-progress: true
 
 jobs:
-  analyze:
-    name: Analyze
+  linters:
+    name: Linters
     runs-on: ubuntu-latest
     permissions:
       actions: read
@@ -50,27 +48,39 @@ jobs:
     - name: Install dependencies
       run: |
         pip install -I -r requirements-dev.txt
+
         # Set the `CODEQL-PYTHON` environment variable to the Python executable
         # that includes the dependencies
         echo "CODEQL_PYTHON=$(which python)" >> $GITHUB_ENV
 
     - name: Run flake8
-      run: flake8 .
+      run: python3 -m flake8 --config setup.cfg .
 
     - name: Run mypy
       run: python3 -m mypy --config-file setup.cfg evacuator
 
+  codeql:
+    name: CodeQL
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+
+    - name: Set up Python 3.11
+      uses: actions/setup-python@v4
+      with:
+        python-version: '3.11'
+
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
       uses: github/codeql-action/init@v2
       with:
         languages: python
-        # If you wish to specify custom queries, you can do so here or in a config file.
-        # By default, queries listed here will override any specified in a config file.
-        # Prefix the list here with "+" to use these queries and those in the config file.
-
-        # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
-        # queries: security-extended,security-and-quality
 
     - name: Perform CodeQL Analysis
       uses: github/codeql-action/analyze@v2

.github/workflows/dev-release.yml

@@ -8,47 +8,53 @@ on:
     - master
   workflow_dispatch:
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.ref }}
+  cancel-in-progress: true
+
 jobs:
-  wait-tests:
-    name: Wait for tests
+  wait-code-analysis:
+    name: Release package
     runs-on: ubuntu-latest
+    if: github.repository == 'MobileTeleSystems/evacuator'  # prevent running on forks
 
     steps:
     - uses: fountainhead/[email protected]
-      id: wait-for-tests
+      id: wait-for-linters
       with:
         token: ${{ secrets.GITHUB_TOKEN }}
-        checkName: Tests done
+        checkName: Linters
         ref: ${{ github.sha }}
         timeoutSeconds: 3600
 
     - name: Fail the Build
       uses: cutenode/action-always-fail@v1
-      if: steps.wait-for-tests.outputs.conclusion != 'success'
-
-  wait-codeql:
-    name: Wait for CodeQL
-    runs-on: ubuntu-latest
+      if: steps.wait-for-linters.outputs.conclusion != 'success'
 
-    steps:
     - uses: fountainhead/[email protected]
       id: wait-for-codeql
       with:
         token: ${{ secrets.GITHUB_TOKEN }}
-        checkName: Analyze
+        checkName: CodeQL
         ref: ${{ github.sha }}
         timeoutSeconds: 3600
 
     - name: Fail the Build
       uses: cutenode/action-always-fail@v1
       if: steps.wait-for-codeql.outputs.conclusion != 'success'
 
-  release:
-    name: Release package
-    runs-on: ubuntu-latest
-    needs: [wait-tests, wait-codeql]
+    - uses: fountainhead/[email protected]
+      id: wait-for-tests
+      with:
+        token: ${{ secrets.GITHUB_TOKEN }}
+        checkName: Tests done
+        ref: ${{ github.sha }}
+        timeoutSeconds: 3600
+
+    - name: Fail the Build
+      uses: cutenode/action-always-fail@v1
+      if: steps.wait-for-tests.outputs.conclusion != 'success'
 
-    steps:
     - name: Checkout code
       uses: actions/checkout@v3
       with:
@@ -59,17 +65,6 @@ jobs:
       with:
         python-version: '3.11'
 
-    - name: Cache pip
-      uses: actions/cache@v3
-      with:
-        path: ~/.cache/pip
-        key: ${{ runner.os }}-python-3.11-release-${{ hashFiles('requirements*.txt') }}
-        restore-keys: |
-          ${{ runner.os }}-python-3.11-release-${{ hashFiles('requirements*.txt') }}
-          ${{ runner.os }}-python-3.11-release-
-          ${{ runner.os }}-python
-          ${{ runner.os }}-
-
     - name: Upgrade pip
       run: python -m pip install --upgrade pip setuptools wheel
 
@@ -80,4 +75,4 @@ jobs:
       uses: pypa/gh-action-pypi-publish@release/v1
       with:
         password: ${{ secrets.TEST_PYPI_API_TOKEN }}
-        repository_url: https://test.pypi.org/legacy/
+        repository-url: https://test.pypi.org/legacy/

.github/workflows/release.yml

@@ -3,12 +3,13 @@ name: Release
 on:
   push:
     tags:
-    - '*'
+    - '[0-9]+.[0-9]+.[0-9]+'
 
 jobs:
   release:
     name: Release package
     runs-on: ubuntu-latest
+    if: github.repository == 'MobileTeleSystems/evacuator'  # prevent running on forks
 
     steps:
     - name: Checkout code
@@ -21,17 +22,6 @@ jobs:
       with:
         python-version: '3.11'
 
-    - name: Cache pip
-      uses: actions/cache@v3
-      with:
-        path: ~/.cache/pip
-        key: ${{ runner.os }}-python-3.11-release-${{ hashFiles('requirements*.txt') }}
-        restore-keys: |
-          ${{ runner.os }}-python-3.11-release-${{ hashFiles('requirements*.txt') }}
-          ${{ runner.os }}-python-3.11-release-
-          ${{ runner.os }}-python
-          ${{ runner.os }}-
-
     - name: Upgrade pip
       run: python -m pip install --upgrade pip setuptools wheel
 
@@ -41,4 +31,4 @@ jobs:
     - name: Publish package
       uses: pypa/gh-action-pypi-publish@release/v1
       with:
-        password: ${{ secrets.PYPI_TOKEN }}
+        password: ${{ secrets.PYPI_API_TOKEN }}