Skip to content

github-workflows-dojo360-python-ci

Build, test, and scan Python apps using the recommended UHG reusable CI workflows (pip/poetry), with Artifactory integration and optional container builds

active
IDE:
claude
codex
vscode
Version:
1.0.0
Owner:pcorazao
github-actions
workflow
dojo360

Python CI Workflow Skill

Overview

This skill covers Python CI patterns for unit tests/build/scans and optional artifact uploads.

The Dojo360 workflow (python-ci.yml) exists, but for new implementations the recommended approach is to use the UHG CI Workflows reusable workflows from uhg-pipelines/ci-workflows (pip/poetry variants).

Workflow Reference

Recommended (Use This)

Repository: uhg-pipelines/ci-workflows
Workflows:

  • .github/workflows/python-pip-ci.yml@v2
  • .github/workflows/python-poetry-ci.yml@v2

Legacy (Dojo360)

Repository: dojo360/pipelines-workflows
Workflow: .github/workflows/python-ci.yml
Docs: https://github.com/dojo360/pipelines-workflows/tree/main/web/python-ci/index.md

Key Features

  • Runs Python unit tests and quality scans
  • Supports pip or Poetry based projects
  • Artifactory integration via jfrog-project-key
  • Optional artifact upload (coverage, dist/, build outputs)
  • Optional Docker build/publish if you pass Docker inputs

Prerequisites

  • Python project (pip: requirements.txt or Poetry: pyproject.toml)
  • Artifactory project/repositories provisioned
  • If building containers:
    • Dockerfile must use Optum golden images (no public base images)
    • Runner must have Docker available

Common Inputs (UHG reusable workflows)

InputTypeDescription
jfrog-project-keystringJFrog project key (routes to the correct SaaS Artifactory repos)
working-directorystringWhere your Python project lives (default: .)
python-versionstringPython version (Poetry workflow commonly uses this)
source-dirstringSource directory (pip workflow)
test-dirstringTest directory (pip workflow)
artifact-uploadbooleanEnable artifact upload (pip workflow)
docker-tagsstringImage tag(s) to publish when doing Docker builds
docker-contextstringDocker build context
docker-dockerfilestringDockerfile path

Secrets

UHG reusable workflows generally handle Artifactory auth via OIDC + EPL actions, but you may still need:

  • Repo/org secrets required by your org’s scanning configuration
  • If you enable scanners that require tokens (e.g., Sonar), ensure those secrets exist

Templates

See ready-to-copy examples in .github/skills/github-workflows-dojo360-python-ci/templates/:

  • basic-python-pip-ci.yml
  • basic-python-poetry-ci.yml
  • python-pip-ci-with-docker-build.yml

Notes / Gotchas

  • If you build container images, ensure your Dockerfile uses Optum golden images (see .github/instructions/docker.instructions.md).
  • If your Python service is containerized, consider using the patterns in .github/skills/python-container/.

Related Assets