chore(ci): set GitHub token permissions to read-only for all workflows #992
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Testing Django | |
| # Activates the workflow when there is a push or pull request in the repo | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - develop | |
| pull_request: | |
| permissions: read-all | |
| jobs: | |
| test_project: | |
| runs-on: ubuntu-latest # operating system your code will run on | |
| services: | |
| postgres: | |
| image: postgres:16 | |
| env: | |
| POSTGRES_USER: sadilar | |
| POSTGRES_PASSWORD: sadilar | |
| POSTGRES_DB: test_db_1 | |
| ports: | |
| - 5432:5432 | |
| options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: 3.12 | |
| - name: Install Dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -r requirements-test.txt | |
| sudo apt-get install -y gettext | |
| - name: Run linting tools | |
| run: | | |
| cd app/ | |
| ruff format --diff . | |
| ruff check --diff . | |
| - name: Create logging folder | |
| run: | | |
| sudo mkdir -p /logging | |
| sudo chown runner:runner /logging | |
| - name: Compile Translation Messages | |
| run: | | |
| cp .env.testing app/.env | |
| cd app/ | |
| python manage.py makemessages --all | |
| python manage.py compilemessages | |
| - name: Run validate_templates | |
| run: | | |
| export DJANGO_TEST_PROCESSES=1 | |
| cp .env.testing app/.env | |
| cd app/ | |
| mkdir -p static_files | |
| python manage.py validate_templates --ignore-app django_filters | |
| - name: Run Tests | |
| run: | | |
| cp .env.testing app/.env | |
| cd app/ | |
| mkdir -p static_files | |
| python manage.py test | |
| env: | |
| DJANGO_SETTINGS_MODULE: app.settings | |
| DATABASE_URL: postgres://sadilar:sadilar@localhost:5432/test_db | |
| - name: Manager Check | |
| run: | | |
| cd app/ | |
| python manage.py check | |
| lighthouse: | |
| runs-on: ubuntu-latest # operating system your code will run on | |
| services: | |
| postgres: | |
| image: postgres:16 | |
| env: | |
| POSTGRES_USER: sadilar | |
| POSTGRES_PASSWORD: sadilar | |
| POSTGRES_DB: term_db | |
| ports: | |
| - 5432:5432 | |
| options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: 3.12 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20 | |
| - name: Install Dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -r requirements-test.txt | |
| sudo apt-get install -y gettext | |
| npm install -g @lhci/[email protected] | |
| - name: Setup LHCI env | |
| run: cp .env.lhci app/.env | |
| - name: Run Django fixtures | |
| run: | | |
| cd app | |
| python manage.py migrate --no-input | |
| python manage.py loaddata fixtures/institution.json | |
| python manage.py loaddata fixtures/language.json | |
| python manage.py loaddata fixtures/projects.json | |
| python manage.py loaddata fixtures/subjects.json | |
| python manage.py import_documents general/tests/files/ | |
| - name: Run Lighthouse | |
| run: cd app && lhci autorun | |
| - name: Archive Lighthouse results | |
| if: always() # Ensure results are uploaded on failure too | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: lighthouse-report | |
| path: app/.lighthouseci/ | |
| include-hidden-files: true | |
| - name: Archive Django logs | |
| if: always() # Ensure logs are uploaded on failure too | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: django-logs | |
| path: app/debug.log | |
| lint-commits: | |
| runs-on: ubuntu-latest | |
| if: github.event.ref != 'refs/heads/main' | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| persist-credentials: false | |
| - name: Get all commits on current main | |
| run: git fetch origin main | |
| - name: Log all commits we will analyse | |
| run: git log --pretty=format:%s origin/main..HEAD | |
| # - We use -v here, which inverts the match, because we want to output an exit status of 1 when a match _is_ | |
| # found (usually 0 is for a match) | |
| # - We use a -z here, which makes \0 be the line separator, because if feeding multiline text into grep, it will | |
| # exit with a status of 0 regardless of whether there is a match (so, -z makes it treat the input as one line) | |
| - name: Disallow fixup commits | |
| run: git log --pretty=format:%s origin/main..HEAD | grep -zv 'fixup!' | |
| - name: Disallow squash commits | |
| run: git log --pretty=format:%s origin/main..HEAD | grep -zv 'squash!' | |
| - name: Disallow edit commits | |
| run: git log --pretty=format:%s origin/main..HEAD | grep -zv 'edit!' | |
| - name: Disallow drop commits | |
| run: git log --pretty=format:%s origin/main..HEAD | grep -zv 'drop!' |