pip dev: (deps-dev): bump ruff from 0.9.3 to 0.9.4 #9358
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Pipeline | |
| on: push | |
| env: | |
| APIENV: "LOCAL" | |
| # With `LOCAL` set, a local sqlite db will be used | |
| AWS_REGION: "eu-west-2" | |
| permissions: | |
| id-token: write # This is required for requesting the JWT | |
| contents: read # This is required for actions/checkout | |
| jobs: | |
| ############################################################################### | |
| # Install dependencies & build packages | |
| ############################################################################### | |
| build: | |
| name: Build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: ./.github/actions/install-cache | |
| ############################################################################### | |
| # Security checks | |
| ############################################################################### | |
| dependency-checks: | |
| name: Dependency checks | |
| needs: [ build ] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: ./.github/actions/install-cache | |
| - name: Scan dependencies | |
| run: | | |
| source uhd.sh | |
| uhd security dependencies | |
| vulnerability-checks: | |
| name: Vulnerability checks | |
| needs: [ build ] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: ./.github/actions/install-cache | |
| - name: Scan for vulnerabilities | |
| run: | | |
| source uhd.sh | |
| uhd security vulnerabilities | |
| ############################################################################### | |
| # Code quality checks | |
| ############################################################################### | |
| quality-checks: | |
| name: Linting | |
| needs: [ build ] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: ./.github/actions/install-cache | |
| - name: Run linters | |
| run: | | |
| source uhd.sh | |
| uhd quality format-check | |
| ############################################################################### | |
| # Architectural constraints checks | |
| ############################################################################### | |
| architecture-checks: | |
| name: Architecture checks | |
| needs: [ build ] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: ./.github/actions/install-cache | |
| - name: Check architectural constraints | |
| run: | | |
| source uhd.sh | |
| uhd quality architecture | |
| ############################################################################### | |
| # Unit tests | |
| ############################################################################### | |
| unit-tests: | |
| name: Unit tests | |
| needs: [ build ] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: ./.github/actions/install-cache | |
| - name: Run unit tests | |
| run: | | |
| source uhd.sh | |
| uhd tests unit | |
| ############################################################################### | |
| # Integration tests | |
| ############################################################################### | |
| integration-tests: | |
| name: Integration tests | |
| needs: [ build ] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: ./.github/actions/install-cache | |
| - name: Run integration tests | |
| run: | | |
| source uhd.sh | |
| uhd tests integration | |
| ############################################################################### | |
| # System tests | |
| ############################################################################### | |
| system-tests: | |
| name: System tests | |
| needs: [ build ] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: ./.github/actions/install-cache | |
| - name: Run system tests | |
| run: | | |
| source uhd.sh | |
| uhd tests system | |
| ############################################################################### | |
| # Migration tests | |
| ############################################################################### | |
| migration-tests: | |
| name: Migration tests | |
| needs: [ build ] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: ./.github/actions/install-cache | |
| - name: Run migration tests | |
| run: | | |
| source uhd.sh | |
| uhd tests migrations | |
| ############################################################################### | |
| # Test coverage | |
| ############################################################################### | |
| test-coverage: | |
| name: Test coverage | |
| needs: [ build ] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: ./.github/actions/install-cache | |
| - name: Evaluate test coverage | |
| run: | | |
| source uhd.sh | |
| uhd tests coverage | |
| ############################################################################### | |
| # Build image | |
| ############################################################################### | |
| publish-main-image: | |
| name: Publish main image to central ECR | |
| needs: [ | |
| quality-checks, | |
| unit-tests, | |
| integration-tests, | |
| system-tests, | |
| migration-tests, | |
| test-coverage, | |
| dependency-checks, | |
| vulnerability-checks, | |
| architecture-checks | |
| ] | |
| runs-on: ubuntu-latest | |
| if: ${{ github.ref == 'refs/heads/main' }} | |
| steps: | |
| - name: Check out code | |
| uses: actions/checkout@v4 | |
| - name: Build and publish docker image | |
| uses: ./.github/actions/publish-image | |
| with: | |
| ecr-repository: ukhsa-data-dashboard/back-end | |
| role-to-assume: ${{ secrets.AWS_TOOLS_ACCOUNT_ROLE }} | |
| architecture: arm64 | |
| image-tag: ${{ github.sha }} | |
| publish-ingestion-image: | |
| name: Publish ingestion image to central ECR | |
| needs: [ | |
| quality-checks, | |
| unit-tests, | |
| integration-tests, | |
| system-tests, | |
| migration-tests, | |
| test-coverage, | |
| dependency-checks, | |
| vulnerability-checks, | |
| architecture-checks | |
| ] | |
| runs-on: ubuntu-latest | |
| if: ${{ github.ref == 'refs/heads/main' }} | |
| steps: | |
| - name: Check out code | |
| uses: actions/checkout@v4 | |
| - name: Build and publish docker image | |
| uses: ./.github/actions/publish-image | |
| with: | |
| ecr-repository: ukhsa-data-dashboard/ingestion | |
| role-to-assume: ${{ secrets.AWS_TOOLS_ACCOUNT_ROLE }} | |
| dockerfile: Dockerfile-ingestion | |
| architecture: arm64 | |
| image-tag: ${{ github.sha }} | |
| ############################################################################### | |
| # Deploy | |
| ############################################################################### | |
| trigger-deployments: | |
| name: Trigger deployments | |
| needs: [ | |
| publish-main-image, | |
| publish-ingestion-image | |
| ] | |
| runs-on: ubuntu-latest | |
| if: ${{ github.ref == 'refs/heads/main' }} | |
| # Only deploy if the changes are being pushed to the `main` branch | |
| steps: | |
| - name: Check out code | |
| uses: actions/checkout@v4 | |
| - uses: ./.github/actions/trigger-deployments | |
| with: | |
| token: ${{ secrets.DEPLOYMENT_TRIGGER_TOKEN }} |