SECURITY-47: Add GHA workflows

[Xiangs18]

No description provided.

[github-advanced-security]

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

[MrCreosote]

Again I'm assuming these are the same workflows we're using everywhere else?

[Xiangs18]

yes

[MrCreosote]

👍

[MrCreosote]

Why such a low version?

[Xiangs18]

Most of the other repos where we have done the Mongo upgrade are using this version. I'm trying to make it consistent here. If you prefer 3.11.x, that's fine. I don't have a strong opinion on this.

[MrCreosote]

I don't remember off the top of my head, but I think there were specific reasons why we used lower versions. If it's just as easy to go to a higher version go ahead and do it. Also make sure the test version and build version are aligned

[Xiangs18]

If we change the build version to 3.9.19, 19/39 tests would fail. If we want to git them fixed, I prefer to do them in the next PR. If we upgrade python version to 3.11.x, we need more dep changes because of build error.

[MrCreosote]

Just leave it as 3.9 in that case, don't bother upgrading for now

[Xiangs18]

yes, so we need to create an issue for that as well.

[MrCreosote]

no, it needs to be updated in the build in this PR - the build and tests need to be aligned

[MrCreosote]

E.g. https://github.com/kbase/file_cache_server/blob/develop/Dockerfile#L1 and maybe other placees

[Xiangs18]

I commented out the mypy check to allow the tests to run. Let me know if you know how to fix 945b204

[MrCreosote]

In my experience mypy isn't worth the trouble as long as you have reasonable tests. I like what it's trying to do but it seems too clunky (although I haven't tried it recently, maybe it's better now)

[MrCreosote]

yuck but ok, that's what's in travis.yml

[MrCreosote]

Can you make an issue to upgrade to pipenv or something later?

[Xiangs18]

#25

[MrCreosote]

Could you also add a ticket to convert to pytest?

[Xiangs18]

Do you mean just this line, or the entire test codebase, from unittest to pytest?

[MrCreosote]

These 2 lines. pytest is compatible with unittest

[Xiangs18]

converted to pytest

[MrCreosote]

It's still using coverage to run the tests though?

[Xiangs18]

Ok. Done

[MrCreosote]

Actually I just realized that there hasn't been a post from codecov so it seems that's not working yet...?

[Xiangs18]

I'm not sure; it seems like it cannot process the upload.

[MrCreosote]

Are you setting the right format for the coverage report? https://github.com/kbase/cdm-task-service/blob/main/.github/workflows/test.yml#L76

[Xiangs18]

yeah, that's what I thought. Let's see if it passes this time.

[codecov]

Welcome to Codecov 🎉

Once you merge this PR into your default branch, you're all set! Codecov will compare coverage reports and display results in all future pull requests.

Thanks for integrating Codecov - We've got you covered ☂️

[MrCreosote]

LGTM. @bio-boris do you want to review?

[Xiangs18]

I'm curious why the Makefile requires docker compose run web sh scripts/run_tests.sh instead of just sh scripts/run_tests.sh.

[MrCreosote]

I'm just guessing but I assume the docker file is installing test dependencies that may not exist on the system.

[bio-boris]

lgtm