JSON file validator application and tests #3
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # SPDX-License-Identifier: Apache-2.0 | |
| # Licensed to the Ed-Fi Alliance under one or more agreements. | |
| # The Ed-Fi Alliance licenses this file to you under the Apache License, Version 2.0. | |
| # See the LICENSE and NOTICES files in the project root for more information. | |
| name: On Pull Request and Push to Main | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| branches: | |
| - main | |
| workflow_dispatch: | |
| permissions: read-all | |
| jobs: | |
| edfi-repo-scan: | |
| name: Scan GitHub Actions and BIDI attacks | |
| uses: ed-fi-alliance-oss/ed-fi-actions/.github/workflows/repository-scanner.yml@main | |
| dependency-review: | |
| name: Scan repo dependencies for security issues | |
| runs-on: ubuntu-latest | |
| # Dependency review needs to compare with another branch, so it should only | |
| # run on PR. Keeping it as a separate workflow because there is no way to | |
| # specify which path, and thus does not make sense inside of a | |
| # package-specific workflow. | |
| if: github.event_name == 'pull_request' | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| - name: Dependency Review ("Dependabot on PR") | |
| uses: actions/dependency-review-action@3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261 # v4.8.2 | |
| test-and-security: | |
| name: Test and Security Checks | |
| runs-on: ubuntu-latest | |
| permissions: | |
| security-events: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| - name: Install Poetry | |
| working-directory: ./python | |
| run: pipx install poetry | |
| - name: Setup Python | |
| uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 | |
| with: | |
| python-version: '3.11' | |
| cache: 'poetry' | |
| - name: Install dependencies | |
| working-directory: ./python | |
| run: poetry install | |
| - name: Run Tests | |
| working-directory: ./python | |
| run: poetry run pytest | |
| - name: Run Linters | |
| working-directory: ./python | |
| run: poetry run flake8 . | |
| - name: Initialize CodeQL | |
| uses: github/codeql-action/init@5fe9434cd24fe243e33e7f3305f8a5b519b70280 # v4.3.11 | |
| with: | |
| languages: python | |
| - name: Perform CodeQL Analysis | |
| uses: github/codeql-action/analyze@5fe9434cd24fe243e33e7f3305f8a5b519b70280 # v4.3.11 | |