SECURITY-49: Add GHA workflows #184
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| uses: kbase/.github/.github/workflows/reusable_build-push.yml@main | ||
| with: | ||
| name: '${{ github.event.repository.name }}-develop' | ||
| tags: br-${{ github.ref_name }} | ||
| secrets: inherit |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Welcome to Codecov 🎉Once you merge this PR into your default branch, you're all set! Codecov will compare coverage reports and display results in all future pull requests. Thanks for integrating Codecov - We've got you covered ☂️ |
|
It's not 100% the same, but it's close enough. Before: Now: |
Xiangs18
changed the title
.coveragerc
Outdated
| relation_engine_server/api_versions/* | ||
| relation_engine_server/exceptions.py | ||
| relation_engine_server/main.py | ||
| relation_engine_server/utils/auth.py | ||
| relation_engine_server/utils/bulk_import.py | ||
| relation_engine_server/utils/parse_json.py No newline at end of file |
There was a problem hiding this comment.
Because those files are not included in the original coverage, if our goal is not to produce the original coverage, we don't need to omit them.
There was a problem hiding this comment.
How are they excluded from the original coverage?
There was a problem hiding this comment.
The original coverage was produced when I added coverage report --omit=*/test_* in 64926da. I am not sure why they were excluded from the original coverage, even though most of these files have 0% coverage.
There was a problem hiding this comment.
So there's nothing in the configuration that excludes them in the prior setup? Just coverage is dropping them for some reason?
There was a problem hiding this comment.
I did not find any coverage configuration in the codebase that excluded them in the prior setup. What are your thoughts on this? Should we include them if there are no particular reasons to omit these files?
There was a problem hiding this comment.
We definitely shouldn't seemingly arbitrarily exclude files just because the prior setup excluded them
There was a problem hiding this comment.
Standard question about whether the boilerplate workflows are up to date
.github/workflows/run_tests.yaml
Outdated
| token: ${{ secrets.CODECOV_TOKEN }} | ||
| fail_ci_if_error: true | ||
|
|
||
| docker_build_and_push: |
There was a problem hiding this comment.
Is this still necessary given the other workflows?
There was a problem hiding this comment.
I am not following this. Are you asking if the code coverage upload step is necessary?
There was a problem hiding this comment.
No, I'm asking if docker_build_and_push is necessary
There was a problem hiding this comment.
Both Docker Hub and GHA can host images. In that regard, the workflow here is kind of redundant. The only concern I have is whether other services are pulling the latest relation engine image from Docker Hub.
There was a problem hiding this comment.
No services should be pulling images at all. Rancher may be pulling the image, but if you delete that chunk of the yaml the image will still be there, so next time we want to update we just switch docker to GHA
There was a problem hiding this comment.
- other than the catalog, and that's not for core services
| coverage html --omit=*/test_* | ||
|
|
||
| # run importer/, relation_engine_server/, spec/, scripts/, and client_src/ tests | ||
| pytest -vv --cov=. --cov-branch --cov-report=term --cov-report=xml |
There was a problem hiding this comment.
Do you not need to exclude the test directory?
3 participants
No description provided.