name: 'SDK: Code Quality' on: push: branches: - 'master' - 'v5.*' pull_request: branches: - 'master' - 'v5.*' concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true jobs: sdk-code-quality: if: github.repository == 'prowler-cloud/prowler' runs-on: ubuntu-latest timeout-minutes: 20 permissions: contents: read strategy: matrix: python-version: - '3.9' - '3.10' - '3.11' - '3.12' steps: - name: Checkout repository uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Check for SDK changes id: check-changes uses: tj-actions/changed-files@e0021407031f5be11a464abee9a0776171c79891 # v47.0.1 with: files: ./** files_ignore: | .github/** prowler/CHANGELOG.md docs/** permissions/** api/** ui/** dashboard/** mcp_server/** skills/** README.md mkdocs.yml .backportrc.json .env docker-compose* examples/** .gitignore contrib/** **/AGENTS.md - name: Install Poetry if: steps.check-changes.outputs.any_changed == 'true' run: pipx install poetry==2.1.1 - name: Set up Python ${{ matrix.python-version }} if: steps.check-changes.outputs.any_changed == 'true' uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 with: python-version: ${{ matrix.python-version }} cache: 'poetry' - name: Install dependencies if: steps.check-changes.outputs.any_changed == 'true' run: | poetry install --no-root poetry run pip list - name: Check Poetry lock file if: steps.check-changes.outputs.any_changed == 'true' run: poetry check --lock - name: Lint with flake8 if: steps.check-changes.outputs.any_changed == 'true' run: poetry run flake8 . --ignore=E266,W503,E203,E501,W605,E128 --exclude contrib,ui,api,skills - name: Check format with black if: steps.check-changes.outputs.any_changed == 'true' run: poetry run black --exclude api ui skills --check . - name: Lint with pylint if: steps.check-changes.outputs.any_changed == 'true' run: poetry run pylint --disable=W,C,R,E -j 0 -rn -sn prowler/