[ENG-2185] Adding Consent #12374
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Backend Static Code Checks | |
| on: | |
| pull_request: | |
| merge_group: | |
| types: [checks_requested] | |
| push: | |
| branches: | |
| - "main" | |
| - "release-**" | |
| env: | |
| IMAGE: ethyca/fides:local | |
| DEFAULT_PYTHON_VERSION: "3.10.16" | |
| # Docker auth with read-only permissions. | |
| DOCKER_USER: ${{ secrets.DOCKER_USER }} | |
| DOCKER_RO_TOKEN: ${{ secrets.DOCKER_RO_TOKEN }} | |
| jobs: | |
| Check-Backend-Changes: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| has_backend_changes: ${{ steps.filter.outputs.backend }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Check for backend file changes | |
| uses: dorny/paths-filter@v3 | |
| id: filter | |
| with: | |
| list-files: shell | |
| filters: | | |
| backend: | |
| - '**/*.py' | |
| - '**/*.pxl' | |
| - '**/*requirements.txt' | |
| - 'pyproject.toml' | |
| - 'setup.cfg' | |
| - 'noxfile.py' | |
| - '.github/workflows/static_checks.yml' | |
| - name: Log changed files | |
| if: steps.filter.outputs.backend == 'true' | |
| run: echo "${{ steps.filter.outputs.backend_files }}" | |
| ################### | |
| ## Static Checks ## | |
| ################### | |
| Static-Checks: | |
| needs: Check-Backend-Changes | |
| if: needs.Check-Backend-Changes.outputs.has_backend_changes == 'true' | |
| strategy: | |
| matrix: | |
| session_name: | |
| [ | |
| '"isort(check)"', | |
| '"black(check)"', | |
| "mypy", | |
| "pylint", | |
| "xenon", | |
| "check_install", | |
| '"pytest(nox)"', | |
| ] | |
| runs-on: ubuntu-latest | |
| continue-on-error: true | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Set Up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ env.DEFAULT_PYTHON_VERSION }} | |
| cache: "pip" | |
| - name: Install Nox | |
| run: pip install nox>=2022 | |
| - name: Cache Nox virtual environment | |
| uses: actions/cache@v4 | |
| with: | |
| path: .nox/ | |
| key: ${{ runner.os }}-nox-${{ github.job }}-${{ matrix.session_name }}-${{ hashFiles('noxfile.py') }}-${{ hashFiles('noxfiles/**.py') }}-${{ hashFiles('pyproject.toml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-nox-${{ github.job }}-${{ matrix.session_name }} | |
| - name: Install Dev Requirements | |
| run: pip install -r dev-requirements.txt | |
| - name: Run Static Check | |
| run: nox -s ${{ matrix.session_name }} | |
| # Summary job for branch protection | |
| Static-Checks-Summary: | |
| runs-on: ubuntu-latest | |
| if: always() | |
| needs: | |
| - Static-Checks | |
| steps: | |
| - name: Check job results | |
| run: | | |
| echo "Static-Checks: ${{ needs.Static-Checks.result }}" | |
| # Static checks can fail without blocking (continue-on-error: true) | |
| if [ "${{ needs.Static-Checks.result }}" == "cancelled" ]; then | |
| echo "❌ Static checks were cancelled" | |
| exit 1 | |
| fi | |
| # Static checks can fail without blocking (continue-on-error: true) | |
| if [ "${{ needs.Static-Checks.result }}" == "failure" ]; then | |
| echo "⚠️ Some static checks failed but not blocking (continue-on-error: true)" | |
| fi | |
| echo "✅ Static checks completed" |