chore(deps-dev): Bump cdk-nag from 2.28.101 to 2.28.133 #291
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Checks | |
on: | |
pull_request: | |
branches: ["**"] | |
push: | |
branches: ["main"] | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: ${{ github.ref != 'refs/heads/main' }} | |
jobs: | |
python: | |
name: Python | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4.1.4 | |
- name: Set up Python 3.10 | |
uses: actions/setup-python@v5.1.0 | |
with: | |
python-version: "3.10" | |
- name: Install Poetry Action | |
uses: snok/install-poetry@v1.3.4 | |
- name: Set up Virtualenv Cache | |
uses: actions/cache@v4.0.2 | |
with: | |
path: .venv | |
key: ${{ runner.os }}-poetry-${{ hashFiles('poetry.lock') }} | |
restore-keys: ${{ runner.os }}-poetry- | |
- name: Install Python Dependencies | |
run: | | |
poetry check --lock | |
poetry install --no-root | |
- name: Lint Python code using ruff | |
run: | | |
poetry run ruff format . --check | |
poetry run ruff check . | |
- name: Set up mypy cache | |
uses: actions/cache@v4.0.2 | |
with: | |
path: .mypy_cache | |
key: ${{ runner.os }}-mypy-${{ hashFiles('glueetl/**/*.py') }} | |
restore-keys: ${{ runner.os }}-mypy- | |
- name: Check type annotations using mypy | |
run: poetry run mypy | |
- name: Check if requirements are up-to-date | |
run: poetry export --with=dev --output docker/requirements.txt && git diff --exit-code | |
- name: Set up pre-commit cache | |
uses: actions/cache@v4.0.2 | |
with: | |
path: ~/.cache/pre-commit | |
key: ${{ runner.os }}-pre-commit-${{ hashFiles('.pre-commit-config.yaml') }} | |
restore-keys: ${{ runner.os }}-pre-commit- | |
- name: Run pre-commit hooks | |
run: | | |
cp docker/.env.sample docker/.env | |
poetry run pre-commit run --all-files | |
env: | |
# Skip redundant hooks that are already covered elsewhere in | |
# this Github workflow | |
SKIP: poetry-check,poetry-lock,poetry-install,lint-python,format-python,typecheck-python,update-requirements,hadolint-docker,shellcheck,checkmake | |
- name: Set up NodeJS | |
uses: actions/setup-node@v4.0.2 | |
with: | |
node-version: "20" | |
- name: Install NodeJS Dependencies | |
run: npm install -g aws-cdk | |
- name: Synthesize CDK deployment package | |
run: cdk synth --strict | |
tests: | |
name: Run tests in Glue container | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4.1.4 | |
- name: Run the checks inside Docker | |
uses: addnab/docker-run-action@v3 | |
with: | |
image: amazon/aws-glue-libs:glue_libs_4.0.0_image_01 | |
options: --volume ${{ github.workspace }}:/home/glue_user/workspace --env AWS_REGION=us-east-1 | |
run: | | |
pip3 install --no-warn-script-location --user --upgrade pip==24.0 | |
pip3 install --no-warn-script-location --user -r docker/requirements.txt | |
python3 -m pytest -p no:cacheprovider | |
pip-audit: | |
name: Audit requirements | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4.1.4 | |
- name: Audit requirements using pip-audit | |
uses: pypa/gh-action-pip-audit@v1.0.8 | |
with: | |
inputs: docker/requirements.txt | |
shell: | |
name: Shell | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4.1.4 | |
- name: Check shell scripts using shellcheck | |
uses: ludeeus/action-shellcheck@2.0.0 | |
dockerfile: | |
name: Dockerfile | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4.1.4 | |
- name: Validate Dockerfile using hadolint | |
uses: hadolint/hadolint-action@v3.1.0 | |
with: | |
dockerfile: docker/Dockerfile | |
makefile: | |
name: Makefile | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4.1.4 | |
- name: Check Makefile using checkmake | |
uses: Uno-Takashi/checkmake-action@v2 |