jlengrand/bugsink
1
0
Fork 0
mirror of https://github.com/jlengrand/bugsink.git synced 2026-03-10 08:01:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into django-5-2

Browse Source
This commit is contained in:
Klaas van Schelven
2025-08-28 21:38:24 +02:00
parent a6e33bb204 6a523a6a67
commit 5cf4591166
126 changed files with 3489 additions and 965 deletions
Download Patch File Download Diff File Expand all files Collapse all files

59
.github/workflows/ci.yml vendored
View File

@@ -7,9 +7,16 @@ name: Continuous Integration
on:
push:
branches: [ "main" ]
# hardcoded list; GitHub does not support wildcards in branch names AFAICT
branches: [ "main", "1.4.x", "1.5.x", "1.6.x", "1.7.x", "1.8.x", "1.9.x", "1.10.x", "1.11.x" ]
pull_request:
branches: [ "main" ]
workflow_dispatch: # Enables manual invocation via "Run workflow" button in the Actions UI
inputs:
target_branch:
description: 'Branch to run workflow on'
required: false
default: 'main'
env:
DJANGO_SETTINGS_MODULE: "bugsink.settings.development"
@@ -34,6 +41,56 @@ jobs:
# so we just specify it on the command line
flake8 --extend-ignore=E127,E741,E501,E731 `git ls-files | grep py$`
bandit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: 3.12
- name: Install Bandit and Plugins
run: |
pip install bandit spoils
- name: Run Bandit and format results
shell: bash
run: |
# set +e disables "exit on any non-zero command" behavior
# set +o pipefail disables GH's default "fail the whole pipeline if any stage fails"
set +e +o pipefail
# Note: .py files only; at the time of writing I checked the conf_templates/*.template
# also; but they had 2 False positives only (SECRET_KEY lives there by design) and I
# don't want to pollute templates that other people deal with with "nosec".
bandit_json_output=$( \
git ls-files \
| grep '\.py$' \
| xargs bandit -q -f json --ini .bandit \
)
bandit_exit_code=$?
echo "$bandit_json_output" \
| jq -r '
.results[]
| [ .filename
, .line_number
, .test_id
, .issue_confidence
, .issue_severity
, .test_name
]
| @tsv
' \
| column -t
if [[ $bandit_exit_code -ne 0 ]]; then
echo "Bandit found issues (exit code $bandit_exit_code)"
exit $bandit_exit_code
fi
test:
runs-on: ubuntu-latest
strategy:

59
.github/workflows/copilot-setup-steps.yml vendored Normal file
View File

@@ -0,0 +1,59 @@
name: "Copilot Setup Steps"
on:
push:
paths:
- ".github/workflows/copilot-setup-steps.yml"
workflow_dispatch:
# The "on" section defines when this workflow runs independently.
# It has no effect on Copilot itself — Copilot runs this job on demand
# if the job name is exactly "copilot-setup-steps".
# These triggers just let us test the workflow manually if needed.
jobs:
copilot-setup-steps:
runs-on: ubuntu-latest
permissions:
contents: read
env:
DJANGO_SETTINGS_MODULE: bugsink.settings.development
SAMPLES_DIR: ${{ github.workspace }}/event-samples
steps:
- name: Check out code
uses: actions/checkout@v4
- name: Install project `pre-commit` hook
run: |
cp pre-commit .git/hooks/pre-commit
- name: Set up Python 3.12
uses: actions/setup-python@v5
with:
python-version: "3.12"
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements.txt
pip install -r requirements.development.txt
# We install directly from source using pip — no wheels, no Docker.
# This keeps the setup fast and simple for Copilot.
# To ensure correctness for more complex scenarios (e.g. multiple DBs),
# we rely on the actual CI pipeline.
- name: Run migrations
run: |
python manage.py migrate
# Ensures the SQLite database is initialized.
- name: Create superuser
env:
DJANGO_SUPERUSER_USERNAME: admin@example.com
DJANGO_SUPERUSER_EMAIL: admin@example.com
DJANGO_SUPERUSER_PASSWORD: admin
run: |
python manage.py createsuperuser --noinput
- name: Check out event-samples outside workspace
# by using a plain-old `git-clone` we are able to "ecape from the working dir"
run: |
git clone https://github.com/bugsink/event-samples.git ../event-samples