Always (re-)create ticket snapshot #4578
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Tests | |
| on: | |
| workflow_dispatch: # allow to run manually | |
| push: | |
| branches: | |
| - '**' | |
| tags-ignore: | |
| - '**' | |
| pull_request: | |
| jobs: | |
| lint: | |
| strategy: | |
| fail-fast: false | |
| runs-on: ubuntu-24.04 | |
| # we always use the latest container from the master branch | |
| # this is fine because we still run all our installs just in case | |
| container: | |
| image: ghcr.io/onegov/onegov-cloud:master | |
| credentials: | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| defaults: | |
| run: | |
| shell: bash | |
| if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name | |
| name: Lint | |
| steps: | |
| - name: Install packages | |
| run: | | |
| apt-get update | |
| apt-get install -y \ | |
| wget \ | |
| apparmor \ | |
| curl \ | |
| git-core \ | |
| postgresql \ | |
| redis \ | |
| openjdk-8-jre-headless \ | |
| gcc \ | |
| libc-dev \ | |
| fonts-liberation \ | |
| libappindicator3-1 \ | |
| libasound2t64 \ | |
| libdrm2 \ | |
| libgbm1 \ | |
| libnspr4 \ | |
| libnss3 \ | |
| libu2f-udev \ | |
| libvulkan1 \ | |
| libx11-xcb1 \ | |
| libxcb-dri3-0 \ | |
| libxshmfence1 \ | |
| libxss1 \ | |
| xdg-utils | |
| - name: Checkout repo | |
| uses: actions/checkout@v4 | |
| - name: Install dependencies | |
| run: | | |
| source /app/bin/activate | |
| python -m pip install --upgrade uv | |
| uv pip install .[mypy,lint] | |
| - name: Linting | |
| run: /app/bin/flake8 src/ tests/ stubs/ | |
| - name: Check security issues | |
| run: /app/bin/bandit --recursive --configfile pyproject.toml src/ | |
| - name: Static type checking | |
| run: | | |
| source /app/bin/activate | |
| bash mypy.sh | |
| test: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| group: [1, 2, 3, 4, 5, 6] | |
| runs-on: ubuntu-24.04 | |
| # we always use the latest container from the master branch | |
| # this is fine because we still run all our installs just in case | |
| container: | |
| image: ghcr.io/onegov/onegov-cloud:master | |
| credentials: | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| defaults: | |
| run: | |
| shell: bash | |
| if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name | |
| name: Test group ${{ matrix.group }} | |
| steps: | |
| - name: Install packages | |
| run: | | |
| apt-get update | |
| apt-get install -y \ | |
| wget \ | |
| apparmor \ | |
| curl \ | |
| git-core \ | |
| postgresql \ | |
| redis \ | |
| openjdk-8-jre-headless \ | |
| gcc \ | |
| libc-dev \ | |
| fonts-liberation \ | |
| libappindicator3-1 \ | |
| libasound2t64 \ | |
| libdrm2 \ | |
| libgbm1 \ | |
| libnspr4 \ | |
| libnss3 \ | |
| libu2f-udev \ | |
| libvulkan1 \ | |
| libx11-xcb1 \ | |
| libxcb-dri3-0 \ | |
| libxshmfence1 \ | |
| libxss1 \ | |
| xdg-utils | |
| wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb | |
| dpkg -i google-chrome-stable_current_amd64.deb | |
| - name: Checkout repo | |
| uses: actions/checkout@v4 | |
| - name: Get branch name (merge) | |
| if: github.event_name != 'pull_request' | |
| run: | | |
| echo "BUILDKITE_BRANCH=$(echo ${GITHUB_REF#refs/heads/} | tr / -)" \ | |
| >> $GITHUB_ENV | |
| - name: Get branch name (pull request) | |
| if: github.event_name == 'pull_request' | |
| run: | | |
| echo "BUILDKITE_BRANCH=$(echo ${GITHUB_HEAD_REF} | tr / -)" \ | |
| >> $GITHUB_ENV | |
| - name: Install dependencies | |
| run: | | |
| source /app/bin/activate | |
| python -m pip install --upgrade uv | |
| uv pip install pytest-split pytest-cov pytest-codecov pytest-xdist psutil | |
| # TEMPORARY: editable build so we don't need a path-fix in codecov | |
| uv pip install -e .[test] | |
| - name: Prepare test environment | |
| run: | | |
| # reset the build asset permissions | |
| # TEMPORARY: if we no longer do an editable install, then the base | |
| # path needs to change to /app/lib/ | |
| find . -type d -iname assets -print0 | xargs -0 chmod a+w -R | |
| # add unprivileged test user | |
| adduser --disabled-password --gecos "" test | |
| redis-server --daemonize yes | |
| - name: Run tests | |
| run: | | |
| run-as "$(id -u test)":test /app/bin/py.test \ | |
| -n logical \ | |
| -o cache_dir=/tmp/pytest \ | |
| --dist loadgroup \ | |
| --splits "6" \ | |
| --group "${{matrix.group}}" \ | |
| --cov \ | |
| --cov-config=pyproject.toml \ | |
| --codecov \ | |
| --codecov-branch="$BUILDKITE_BRANCH" \ | |
| --codecov-commit="$GITHUB_SHA" \ | |
| --codecov-slug=OneGov/onegov-cloud \ | |
| --codecov-token="${{ secrets.CODECOV_TOKEN }}" \ | |
| tests | |
| env: | |
| LC_ALL: C.UTF-8 | |
| LANG: C.UTF-8 | |
| JAVA_HOME: /usr/lib/jvm/java-8-openjdk-amd64 |