Skip to content

Separate function for future reusing #1997

Separate function for future reusing

Separate function for future reusing #1997

Workflow file for this run

# This workflow performs static analysis and checks coding style
name: Static analysis and code style
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
jobs:
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
checkers:
runs-on: ubuntu-latest
steps:
# # # MUST be full history to check git workflow
- name: Checkout
id: code_checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
ref: ${{ github.event.pull_request.head.sha }}
# # # line ending
- name: Check for text file ending
if: ${{ always() && steps.code_checkout.conclusion == 'success' }}
run: |
n=0
for f in $(find . -type f -not -wholename '*/.*' -a -not -wholename '*/tests/samples/*' -a -not -wholename '*/corpus/*'); do
n=$(( 1 + ${n} ))
filetype=$(file ${f})
if echo "${filetype}" | grep -q '.*text.*'; then
echo "CHECK:'${filetype}'"
lastbyte=$(hexdump -v -e '/1 "%02X\n"' ${f} | tail -1)
echo "Last byte is '${lastbyte}'"
if [ "0A" != "${lastbyte}" ]; then
echo "File ${f} has inappropriate line ending"
tail -1 ${f} | hexdump -C
else
n=$(( ${n} - 1 ))
fi
else
echo "SKIP:'${filetype}'"
n=$(( ${n} - 1 ))
fi
done
exit ${n}
# # # git workflow
- name: Get latest release tag name
if: ${{ always() && steps.code_checkout.conclusion == 'success' }}
run: |
if [ "pull_request" == "${{ github.event_name }}" ]; then
API_RELEASE_URL=$(echo "${{ github.event.pull_request.base.repo.releases_url }}")
else
API_RELEASE_URL=$(echo "${{ github.event.repository.releases_url }}")
fi
echo "'${API_RELEASE_URL}'" # dbg
API_RELEASE_URL=$(echo "${API_RELEASE_URL}" | sed 's|.....$||')
echo "'${API_RELEASE_URL}'" # dbg
API_RELEASE_URL=$(echo "${API_RELEASE_URL}/latest")
echo "'${API_RELEASE_URL}'" # dbg
LATEST_RELEASE_TAG=$(
curl \
--silent \
--header "Accept: application/vnd.github.v3+json" \
--header "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
${API_RELEASE_URL} \
| \
jq \
--raw-output \
'.tag_name' \
)
echo "LATEST_RELEASE_TAG='${LATEST_RELEASE_TAG}'"
export GIT_ANCESTOR=${LATEST_RELEASE_TAG}
if bash cicd/git_workflow.sh; then
echo "GIT workflow OK"
else
echo "Please, rebase the branch after ${LATEST_RELEASE_TAG}"
exit 1
fi
# # # Python setup
- name: Set up Python
if: ${{ always() && steps.code_checkout.conclusion == 'success' }}
id: setup_python
uses: actions/setup-python@v3
with:
python-version: "3.11"
- name: Install CredSweeper and auxiliary packages
id: setup_credsweeper
if: ${{ always() && steps.setup_python.conclusion == 'success' }}
run: |
python --version #dbg
python -m pip install --upgrade pip
pip install --requirement requirements.txt
pip list #dbg
# # # pylint
- name: Analysing the code with pylint and minimum Python version 3.8
if: ${{ always() && steps.setup_credsweeper.conclusion == 'success' }}
run: pylint --py-version=3.8 --errors-only credsweeper
- name: Analysing the code with pylint and minimum Python version 3.9
if: ${{ always() && steps.setup_credsweeper.conclusion == 'success' }}
run: pylint --py-version=3.9 --errors-only credsweeper
- name: Analysing the code with pylint and minimum Python version 3.10
if: ${{ always() && steps.setup_credsweeper.conclusion == 'success' }}
run: pylint --py-version=3.10 --errors-only credsweeper
- name: Analysing the code with pylint and minimum Python version 3.10
if: ${{ always() && steps.setup_credsweeper.conclusion == 'success' }}
run: pylint --py-version=3.11 --errors-only credsweeper
# # # mypy
- name: Analysing the code with mypy and minimum Python version 3.8
if: ${{ always() && steps.setup_credsweeper.conclusion == 'success' }}
run: |
mypy --config-file .mypy.ini --python-version=3.8 credsweeper
- name: Analysing the code with mypy and minimum Python version 3.9
if: ${{ always() && steps.setup_credsweeper.conclusion == 'success' }}
run: |
mypy --config-file .mypy.ini --python-version=3.9 credsweeper
- name: Analysing the code with mypy and minimum Python version 3.10
if: ${{ always() && steps.setup_credsweeper.conclusion == 'success' }}
run: |
mypy --config-file .mypy.ini --python-version=3.10 credsweeper
- name: Analysing the code with mypy and minimum Python version 3.11
if: ${{ always() && steps.setup_credsweeper.conclusion == 'success' }}
run: |
mypy --config-file .mypy.ini --python-version=3.11 credsweeper
# # # documentation
- name: Analysing the code with pylint for NEW missed docstrings of classes or functions
if: ${{ always() && steps.setup_credsweeper.conclusion == 'success' }}
run: |
pylint --disable=E,R,W,C0114,C0103,C0412,C0413,C0415,C0200,C0201,C0325 --verbose credsweeper
# # # Documentation check
- name: Test for creation sphinx documentations
if: ${{ always() && steps.setup_credsweeper.conclusion == 'success' }}
run: |
cd docs
pip install -r requirements.txt
make html
cd source
python -m sphinx -T -E -b html -d _build/doctrees -D language=en . ./_html
# # # yapf
- name: Check project style
if: ${{ always() && steps.setup_credsweeper.conclusion == 'success' }}
run: |
for f in credsweeper tests docs experiment setup.py; do
yapf --style .style.yapf --recursive --in-place --parallel $f
done
if [ 0 -ne $(git ls-files -m | wc -l) ]; then
git diff
echo "<- difference how to apply the style"
exit 1
fi
# # # flake8
- name: Analysing the code with flake8
id: test_flake8
if: ${{ always() && steps.setup_credsweeper.conclusion == 'success' }}
run: |
ERRCNT=$(flake8 credsweeper --count --exit-zero --output-file=flake8.txt)
if ! [ 0 -eq ${ERRCNT} ] ; then
echo "flake8 found '${ERRCNT}' failures:"
cat flake8.txt
exit 1
fi
- name: FLAKE 8 reports
if: ${{ failure() && steps.test_flake8.conclusion == 'failure' }}
uses: actions/upload-artifact@v3
with:
name: flake8_report
path: flake8.txt
# # # Banner crc32
- name: Setup crc32 tool
id: setup_crc32
if: ${{ always() && steps.setup_credsweeper.conclusion == 'success' }}
run: sudo apt-get update && sudo apt-get install libarchive-zip-perl && crc32 /etc/fstab
- name: Banner and version check
if: ${{ always() && steps.setup_crc32.conclusion == 'success' }}
continue-on-error: true
run: |
crc32_int=0
for f in $(find credsweeper -iregex '.*\.\(py\|json\|yaml\|txt\|onnx\)$'); do
file_crc32_hex=$(crc32 $f)
file_crc32_int=$((16#${file_crc32_hex}))
crc32_int=$(( ${crc32_int} ^ ${file_crc32_int} ))
done
version_with_crc="$(credsweeper --version | head -1) crc32:$(printf '%x' ${crc32_int})"
echo "version_with_crc = '${version_with_crc}'"
banner=$(credsweeper --banner --path requirements.txt | head -1)
echo "banner = '${banner}'"
if ! [ -n "${version_with_crc}" ] && [ -n "${banner}" ] && [ "${version_with_crc}" == "${banner}" ]; then
echo "'${version_with_crc}' != '${banner}'"
exit 1
fi
# # # SECURITY.md check
- name: SECURITY.md check
if: ${{ always() && steps.setup_credsweeper.conclusion == 'success' }}
run: |
# get actual version (major.minor) from credsweeper package
V=$(python -c "from packaging.version import Version as V; import credsweeper; v=V(credsweeper.__version__); print(f'{v.major}.{v.minor}')")
# check whether current version exists in the file
grep $V SECURITY.md
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #