Fix script-security CVE #1660
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: python-tests | |
on: [push, pull_request] | |
jobs: | |
Get-CI-Image-Tag: | |
uses: ./.github/workflows/get-ci-image-tag.yml | |
with: | |
product: opensearch | |
python-tests: | |
strategy: | |
matrix: | |
os: | |
- macos-latest | |
- windows-latest | |
runs-on: ${{ matrix.os }} | |
env: | |
PYTHON_VERSION: 3.9 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up Python ${{ env.PYTHON_VERSION }} | |
uses: actions/setup-python@v3 | |
with: | |
python-version: ${{ env.PYTHON_VERSION }} | |
- name: Install Pipenv and Dependencies | |
run: | | |
python -m pip install --upgrade pipenv wheel | |
pipenv install --deploy --dev | |
- name: Check for Sorted Imports | |
run: | | |
pipenv run isort --check . | |
- name: Enforce Style Guide | |
run: | | |
pipenv run flake8 . | |
- name: Run Type Checker | |
run: | | |
pipenv run mypy . | |
- name: Run Tests with Coverage | |
run: | | |
pipenv run coverage run -m pytest --cov=./src --cov-report=xml | |
- name: Upload Coverage Report | |
uses: codecov/codecov-action@v2 | |
with: | |
files: ./coverage.xml | |
python-tests-linux: | |
needs: Get-CI-Image-Tag | |
runs-on: ubuntu-latest | |
container: | |
# using the same image which is used by opensearch-build team to build the OpenSearch Distribution | |
# this image tag is subject to change as more dependencies and updates will arrive over time | |
image: ${{ needs.Get-CI-Image-Tag.outputs.ci-image-version-linux }} | |
# need to switch to root so that github actions can install runner binary on container without permission issues. | |
options: ${{ needs.Get-CI-Image-Tag.outputs.ci-image-start-options }} | |
steps: | |
- name: Run start commands | |
run: ${{ needs.Get-CI-Image-Tag.outputs.ci-image-start-command }} | |
- uses: actions/checkout@v4 | |
- name: Install Pipenv and Dependencies | |
run: | | |
pipenv install | |
- name: Check for Sorted Imports | |
run: | | |
pipenv run isort --check . | |
- name: Enforce Style Guide | |
run: | | |
pipenv run flake8 . | |
- name: Run Type Checker | |
run: | | |
pipenv run mypy . | |
- name: Run Tests with Coverage | |
run: | | |
pipenv run coverage run -m pytest --cov=./src --cov-report=xml | |
- name: Upload Coverage Report | |
uses: codecov/codecov-action@v2 | |
with: | |
files: ./coverage.xml |