Skip to content

Commit

Permalink
Merge branch 'main' of github.com:mckinsey/vizro into docs/revise-viz…
Browse files Browse the repository at this point in the history
…roai-docset
  • Loading branch information
lingyielia committed Aug 2, 2024
2 parents 8035067 + b445dee commit a838dcb
Show file tree
Hide file tree
Showing 49 changed files with 2,202 additions and 178 deletions.
29 changes: 29 additions & 0 deletions .github/workflows/checks-workflows.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
name: Checks for GitHub workflows

on:
push:
branches: [main]
pull_request:
branches:
- main

env:
PYTHONUNBUFFERED: 1
FORCE_COLOR: 1
PYTHON_VERSION: "3.11"

jobs:
checks-workflows:
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v4

- name: Set up Python ${{ env.PYTHON_VERSION }}
uses: actions/setup-python@v5
with:
python-version: ${{ env.PYTHON_VERSION }}

- name: Checks for GitHub workflows
run: |
python tools/scan_yaml_for_risky_text.py .github/workflows
74 changes: 0 additions & 74 deletions .github/workflows/circleci-trigger.yml

This file was deleted.

13 changes: 13 additions & 0 deletions .github/workflows/test-integration-vizro-ai.yml
Original file line number Diff line number Diff line change
Expand Up @@ -93,3 +93,16 @@ jobs:
cd ../vizro-ai
hatch run ${{ matrix.hatch-env }}:pip install ../vizro-core/dist/vizro*.tar.gz
hatch run ${{ matrix.hatch-env }}:test-integration
- name: Send custom JSON data to Slack
id: slack
uses: slackapi/[email protected]
if: failure()
with:
payload: |
{
"text": "Vizro-ai ${{ matrix.hatch-env }} integration tests build result: ${{ job.status }}\nBranch: ${{ github.head_ref }}\n${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
50 changes: 50 additions & 0 deletions .github/workflows/vizro-qa-tests-trigger.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
name: Vizro QA tests trigger

on:
push:
branches: [main]
pull_request:
branches:
- main

env:
PYTHONUNBUFFERED: 1
FORCE_COLOR: 1

jobs:
vizro-qa-test-trigger-fork:
if: ${{ github.event.pull_request.head.repo.fork }}
name: Vizro QA ${{ matrix.label }} trigger
runs-on: ubuntu-latest
strategy:
matrix:
include:
- label: integration tests
- label: notebooks tests
steps:
- name: Passed fork step
run: echo "Success!"

vizro-qa-tests-trigger:
if: ${{ ! github.event.pull_request.head.repo.fork }}
name: Vizro QA ${{ matrix.label }} trigger
runs-on: ubuntu-latest
strategy:
matrix:
include:
- label: integration tests
- label: notebooks test
steps:
- uses: actions/checkout@v4
- name: Tests trigger
run: |
export INPUT_OWNER=${{ secrets.VIZRO_QA_ORG }}
export INPUT_REPO=${{ secrets.VIZRO_QA_REPO }}
if [ "${{ matrix.label }}" == "integration tests" ]; then
export INPUT_WORKFLOW_FILE_NAME=${{ secrets.VIZRO_QA_INTEGRATION_TESTS_WORKFLOW }}
elif [ "${{ matrix.label }}" == "notebooks test" ]; then
export INPUT_WORKFLOW_FILE_NAME=${{ secrets.VIZRO_QA_NOTEBOOKS_TESTS_WORKFLOW }}
fi
export INPUT_GITHUB_TOKEN=${{ secrets.VIZRO_SVC_PAT }}
export INPUT_REF=${{ github.head_ref }}
tools/trigger-workflow-and-wait.sh
19 changes: 19 additions & 0 deletions tools/scan_yaml_for_risky_text.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
"""Check for security issues in workflows files."""

import sys
from pathlib import Path

# according to this article: https://nathandavison.com/blog/github-actions-and-the-threat-of-malicious-pull-requests
# we should avoid using `pull_request_target` for security reasons
risky_text = "pull_request_target"


def find_risky_files(path: str):
"""Searching for risky text in yml files for given path."""
return {file for file in Path(path).rglob("*.yml") if risky_text in file.read_text()}


if __name__ == "__main__":
risky_files = find_risky_files(sys.argv[1])
if risky_files:
sys.exit(f"{risky_text} found in files {risky_files}.")
Loading

0 comments on commit a838dcb

Please sign in to comment.