Add example script to push traces to otel endpoint #275
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: PR Merge Check - Highflame Python | |
| on: | |
| pull_request: | |
| types: | |
| - opened | |
| - synchronize | |
| - reopened | |
| branches: | |
| - "main" | |
| merge_group: | |
| types: | |
| - checks_requested | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.head_ref }} | |
| cancel-in-progress: true | |
| env: | |
| PY_LINT_CFG: ".flake8" | |
| LINT_REPORT_FILE: "lint-report" | |
| PY_VER: 3.11.8 | |
| PR_CHECK_PREFIX: "feat:|fix:|devops:|Merge|Revert|build\\(deps\\)|\\[Snyk\\]|Bump" | |
| GH_SEC_REPORT: false | |
| TRIVY_SEVERITY: "HIGH,CRITICAL" | |
| TRIVY_REPORT_FILE: "trivy-scan-result" | |
| jobs: | |
| highflame-commit-check: | |
| permissions: | |
| contents: 'read' | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| persist-credentials: false | |
| - name: Get the last commit message | |
| id: commit_message | |
| run: | | |
| COMMIT_MESSAGE=$(git show -s --format=%s) | |
| echo "message=${COMMIT_MESSAGE}" >> ${GITHUB_OUTPUT} | |
| - name: Commit Message Check | |
| shell: bash | |
| env: | |
| COMMIT_MESSAGE: "${{ steps.commit_message.outputs.message }}" | |
| run: |- | |
| CLEAN_COMMIT_MESSAGE=$(echo '${{ env.COMMIT_MESSAGE }}' | sed "s|\"||g") | |
| if [[ "${CLEAN_COMMIT_MESSAGE}" =~ ^(${{ env.PR_CHECK_PREFIX }}) ]]; then | |
| echo "Commit message is valid....!" | |
| else | |
| echo "Commit message does not contain required keywords....!" | |
| exit 1 | |
| fi | |
| highflame-lint-check: | |
| permissions: | |
| contents: 'read' | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Setup Python Version | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ env.PY_VER }} | |
| cache: 'pip' | |
| - name: Python Lint Check | |
| shell: bash | |
| run: |- | |
| pip install flake8 | |
| flake8 . --config=${{ env.PY_LINT_CFG }} --output-file=${{ env.LINT_REPORT_FILE }}.json | |
| - name: Upload Lint Report | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ env.LINT_REPORT_FILE }} | |
| path: ${{ env.LINT_REPORT_FILE }}.json | |
| retention-days: 1 | |
| highflame-trivy-scan: | |
| permissions: | |
| contents: 'read' | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: true | |
| - name: Trivy Scan - GitHub Security Report | |
| if: ${{ env.GH_SEC_REPORT == 'true' }} | |
| uses: aquasecurity/trivy-action@0.29.0 | |
| with: | |
| ignore-unfixed: true | |
| scan-type: "fs" | |
| cache: "true" | |
| format: "sarif" | |
| output: "${{ env.TRIVY_REPORT_FILE }}.sarif" | |
| severity: "${{ env.TRIVY_SEVERITY }}" | |
| - name: Upload Report - GitHub Security Report | |
| if: ${{ env.GH_SEC_REPORT == 'true' }} | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: "${{ env.TRIVY_REPORT_FILE }}.sarif" | |
| - name: Trivy Scan - Text Security Report | |
| if: ${{ env.GH_SEC_REPORT == 'false' }} | |
| uses: aquasecurity/trivy-action@0.29.0 | |
| with: | |
| ignore-unfixed: true | |
| scan-type: "fs" | |
| cache: "true" | |
| format: "table" | |
| output: "${{ env.TRIVY_REPORT_FILE }}.txt" | |
| severity: "${{ env.TRIVY_SEVERITY }}" | |
| - name: Report Check - Text Security Report | |
| if: ${{ env.GH_SEC_REPORT == 'false' }} | |
| id: report_check | |
| shell: bash | |
| run: |- | |
| if [[ -s ${{ env.TRIVY_REPORT_FILE }}.txt ]] ; then | |
| echo "report_file=available" >> ${GITHUB_OUTPUT} | |
| else | |
| echo "report_file=unavailable" >> ${GITHUB_OUTPUT} | |
| fi | |
| cat ${{ env.TRIVY_REPORT_FILE }}.txt | |
| - name: Upload Report - Text Security Report | |
| if: ${{ env.GH_SEC_REPORT == 'false' && steps.report_check.outputs.report_file == 'available' }} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: "${{ env.TRIVY_REPORT_FILE }}" | |
| path: "${{ env.TRIVY_REPORT_FILE }}.txt" | |
| if-no-files-found: error | |
| retention-days: 1 | |
| - name: Failing the Job | |
| if: ${{ steps.report_check.outputs.report_file == 'available' }} | |
| shell: bash | |
| run: |- | |
| echo "Vulnerabilities Found.....!" | |
| exit 1 | |
| highflame-build-check: | |
| permissions: | |
| contents: 'read' | |
| id-token: 'write' | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Validate Package Version | |
| env: | |
| PY_VER_FILE: "pyproject.toml" | |
| shell: bash | |
| run: |- | |
| export RELEASE_VERSION="1.1.1" | |
| if [[ -f ${{ env.PY_VER_FILE }} ]] ; then | |
| sed -i "s|^version = \".*\"|version = \"${RELEASE_VERSION}\"|g" ${{ env.PY_VER_FILE }} | |
| cat ${{ env.PY_VER_FILE }} | |
| echo ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> ${{ env.PY_VER_FILE }}" | |
| else | |
| echo "File not found ${{ env.PY_VER_FILE }}" | |
| exit 1 | |
| fi | |
| - name: Setup Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ env.PY_VER }} | |
| cache: 'pip' | |
| - name: Install Dependencies | |
| shell: bash | |
| run: |- | |
| pip install build | |
| - name: Build Package | |
| shell: bash | |
| run: |- | |
| python -m build |