Skip to content

Commit 41cef09

Browse files
author
EL BADOURI Youssef
committed
ci
1 parent c734292 commit 41cef09

File tree

1 file changed

+45
-9
lines changed

1 file changed

+45
-9
lines changed

.github/workflows/ci.yml

Lines changed: 45 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,6 @@ concurrency:
1212
cancel-in-progress: true
1313

1414
jobs:
15-
1615
secrets:
1716
name: Secrets Scan (Gitleaks)
1817
runs-on: ubuntu-latest
@@ -23,20 +22,30 @@ jobs:
2322
env:
2423
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
2524

26-
2725
backend:
2826
name: Backend (Python)
2927
runs-on: ubuntu-latest
30-
if: ${{ hashFiles('backend/**', 'requirements.txt') != '' }}
3128
steps:
3229
- uses: actions/checkout@v4
3330

31+
- name: Detect backend presence
32+
id: detect_backend
33+
shell: bash
34+
run: |
35+
if ls -1 backend/*.py backend/**/*.py requirements.txt >/dev/null 2>&1; then
36+
echo "present=true" >> "$GITHUB_OUTPUT"
37+
else
38+
echo "present=false" >> "$GITHUB_OUTPUT"
39+
fi
40+
3441
- name: Setup Python
42+
if: ${{ steps.detect_backend.outputs.present == 'true' }}
3543
uses: actions/setup-python@v5
3644
with:
3745
python-version: '3.12'
3846

3947
- name: Cache pip
48+
if: ${{ steps.detect_backend.outputs.present == 'true' }}
4049
uses: actions/cache@v4
4150
with:
4251
path: ~/.cache/pip
@@ -45,19 +54,23 @@ jobs:
4554
${{ runner.os }}-pip-
4655
4756
- name: Install deps
57+
if: ${{ steps.detect_backend.outputs.present == 'true' }}
4858
run: |
4959
python -m pip install --upgrade pip
5060
pip install -r requirements.txt
5161
pip install ruff pytest pip-audit
5262
5363
- name: Lint (ruff)
64+
if: ${{ steps.detect_backend.outputs.present == 'true' }}
5465
working-directory: backend
5566
run: ruff check .
5667

5768
- name: Syntax check
69+
if: ${{ steps.detect_backend.outputs.present == 'true' }}
5870
run: python -m py_compile $(git ls-files 'backend/**/*.py' 'backend/*.py' || true)
5971

6072
- name: Unit tests (if any)
73+
if: ${{ steps.detect_backend.outputs.present == 'true' }}
6174
run: |
6275
if [ -d "tests" ] || ls -1 backend | grep -qi "test"; then
6376
pytest -q
@@ -66,53 +79,76 @@ jobs:
6679
fi
6780
6881
- name: Dependency vulnerabilities (pip-audit)
69-
run: |
70-
pip-audit --requirement requirements.txt || true
82+
if: ${{ steps.detect_backend.outputs.present == 'true' }}
83+
run: pip-audit --requirement requirements.txt || true
7184

7285
frontend:
7386
name: Frontend (Node)
7487
runs-on: ubuntu-latest
75-
if: ${{ hashFiles('frontend/**', 'frontend/package.json') != '' }}
7688
steps:
7789
- uses: actions/checkout@v4
7890

91+
- name: Detect frontend presence
92+
id: detect_frontend
93+
shell: bash
94+
run: |
95+
if [ -f "frontend/package.json" ]; then
96+
echo "present=true" >> "$GITHUB_OUTPUT"
97+
else
98+
echo "present=false" >> "$GITHUB_OUTPUT"
99+
fi
100+
79101
- name: Setup Node
102+
if: ${{ steps.detect_frontend.outputs.present == 'true' }}
80103
uses: actions/setup-node@v4
81104
with:
82105
node-version: '20'
83106
cache: 'npm'
84107
cache-dependency-path: frontend/package-lock.json
85108

86109
- name: Install deps
110+
if: ${{ steps.detect_frontend.outputs.present == 'true' }}
87111
working-directory: frontend
88112
run: npm ci
89113

90114
- name: Lint (if script exists)
115+
if: ${{ steps.detect_frontend.outputs.present == 'true' }}
91116
working-directory: frontend
92117
run: npm run -s lint || echo "No lint script — skipping."
93118

94119
- name: Tests (if script exists)
120+
if: ${{ steps.detect_frontend.outputs.present == 'true' }}
95121
working-directory: frontend
96122
run: npm test --if-present || echo "No tests — skipping."
97123

98124
- name: Build (ensures it compiles)
125+
if: ${{ steps.detect_frontend.outputs.present == 'true' }}
99126
working-directory: frontend
100127
run: npm run -s build || echo "No build step — skipping."
101128

102-
103129
iac:
104130
name: IaC Scan (Checkov)
105131
runs-on: ubuntu-latest
106-
if: ${{ hashFiles('**/*.tf', '**/*.tfvars', '**/kubernetes/*.y*ml', '**/helm/**') != '' }}
107132
steps:
108133
- uses: actions/checkout@v4
134+
135+
- name: Detect IaC presence
136+
id: detect_iac
137+
shell: bash
138+
run: |
139+
if ls -1 **/*.tf **/*.tfvars **/kubernetes/*.y*ml **/helm/** >/dev/null 2>&1; then
140+
echo "present=true" >> "$GITHUB_OUTPUT"
141+
else
142+
echo "present=false" >> "$GITHUB_OUTPUT"
143+
fi
144+
109145
- name: Checkov
146+
if: ${{ steps.detect_iac.outputs.present == 'true' }}
110147
uses: bridgecrewio/checkov-action@v12
111148
with:
112149
quiet: true
113150
soft_fail: true
114151

115-
116152
status:
117153
name: Status Gate
118154
needs: [secrets, backend, frontend]

0 commit comments

Comments
 (0)