model_api/.github/workflows/pre_commit.yml at f92494907a4aed4b3f1fa6ccda33605dcddae91b · open-edge-platform/model_api · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
name: Pre-Commit Checks
permissions: {} # No permissions by default on workflow level

on:
  push:
    branches:
      - master
  pull_request:
    types:
      - opened
      - reopened
      - synchronize
      - ready_for_review
  workflow_dispatch: # run on request (no need for PR)

jobs:
  Code-Quality-Checks:
    runs-on: ubuntu-22.04
    steps:
      - name: CHECKOUT REPOSITORY
        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
        with:
          persist-credentials: false
      - name: Set up Python
        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
        with:
          python-version-file: ".python-version"
      - name: Set up Node.js
        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version: 22
      - name: Install uv
        uses: astral-sh/setup-uv@d9e0f98d3fc6adb07d1e3d37f3043649ddad06a1 # v6.5.0
      - name: Install dependencies
        run: |
          uv sync --locked --all-extras
      - name: Run pre-commit checks
        run: |
          uv run pre-commit run --all-files
  Unit-Tests:
    runs-on: ubuntu-22.04
    steps:
      - name: CHECKOUT REPOSITORY
        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
        with:
          persist-credentials: false
      - name: Set up Python
        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
        with:
          python-version-file: ".python-version"
      - name: Install uv
        uses: astral-sh/setup-uv@d9e0f98d3fc6adb07d1e3d37f3043649ddad06a1 # v6.5.0
      - name: Install dependencies
        run: |
          uv sync --locked --extra tests --extra ovms
      - name: Run python unit tests
        run: |
          uv run pytest tests/unit
  Zizmor-Scan-PR:
    runs-on: ubuntu-latest
    permissions:
      contents: read
    steps:
      - name: Checkout code
        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
        with:
          persist-credentials: false
      - name: Run Zizmor scan
        uses: open-edge-platform/anomalib/.github/actions/security/zizmor@f6ec1c57363a9894ff57184a5bfb78efa8f3de1b
        with:
          scan-scope: "changed"
          severity-level: "LOW"
          confidence-level: "LOW"
          fail-on-findings: true
  Bandit-Scan-PR:
    runs-on: ubuntu-latest
    permissions:
      contents: read
    steps:
      - name: Checkout code
        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
        with:
          persist-credentials: false
      - name: Run Bandit scan
        uses: open-edge-platform/anomalib/.github/actions/security/bandit@f6ec1c57363a9894ff57184a5bfb78efa8f3de1b
        with:
          scan-scope: "changed"
          severity-level: "LOW"
          confidence-level: "LOW"
          config_file: "./pyproject.toml"
          fail-on-findings: true