github-workflows-dojo360-python-ci
Build, test, and scan Python apps using the recommended UHG reusable CI workflows (pip/poetry), with Artifactory integration and optional container builds
Python CI Workflow Skill
Overview
This skill covers Python CI patterns for unit tests/build/scans and optional artifact uploads.
The Dojo360 workflow (python-ci.yml) exists, but for new implementations the recommended approach is to use the UHG CI Workflows reusable workflows from uhg-pipelines/ci-workflows (pip/poetry variants).
Workflow Reference
Recommended (Use This)
Repository: uhg-pipelines/ci-workflows
Workflows:
.github/workflows/python-pip-ci.yml@v2.github/workflows/python-poetry-ci.yml@v2
Legacy (Dojo360)
Repository: dojo360/pipelines-workflows
Workflow: .github/workflows/python-ci.yml
Docs: https://github.com/dojo360/pipelines-workflows/tree/main/web/python-ci/index.md
Key Features
- Runs Python unit tests and quality scans
- Supports pip or Poetry based projects
- Artifactory integration via
jfrog-project-key - Optional artifact upload (coverage, dist/, build outputs)
- Optional Docker build/publish if you pass Docker inputs
Prerequisites
- Python project (pip:
requirements.txtor Poetry:pyproject.toml) - Artifactory project/repositories provisioned
- If building containers:
- Dockerfile must use Optum golden images (no public base images)
- Runner must have Docker available
Common Inputs (UHG reusable workflows)
| Input | Type | Description |
|---|---|---|
jfrog-project-key | string | JFrog project key (routes to the correct SaaS Artifactory repos) |
working-directory | string | Where your Python project lives (default: .) |
python-version | string | Python version (Poetry workflow commonly uses this) |
source-dir | string | Source directory (pip workflow) |
test-dir | string | Test directory (pip workflow) |
artifact-upload | boolean | Enable artifact upload (pip workflow) |
docker-tags | string | Image tag(s) to publish when doing Docker builds |
docker-context | string | Docker build context |
docker-dockerfile | string | Dockerfile path |
Secrets
UHG reusable workflows generally handle Artifactory auth via OIDC + EPL actions, but you may still need:
- Repo/org secrets required by your org’s scanning configuration
- If you enable scanners that require tokens (e.g., Sonar), ensure those secrets exist
Templates
See ready-to-copy examples in .github/skills/github-workflows-dojo360-python-ci/templates/:
basic-python-pip-ci.ymlbasic-python-poetry-ci.ymlpython-pip-ci-with-docker-build.yml
Notes / Gotchas
- If you build container images, ensure your Dockerfile uses Optum golden images (see
.github/instructions/docker.instructions.md). - If your Python service is containerized, consider using the patterns in
.github/skills/python-container/.
Related Assets
github-workflows-dojo360-azure-infrastructure
Deploy Azure infrastructure using Terraform with PCAM vaulted access and native Azure authentication through Dojo360 Azure Infrastructure workflow
Owner: pcorazao
github-workflows-dojo360-container-cd
Deploy containerized applications to AWS ECS/Azure ACS using Dojo360 Container CD workflow with blue-green and rolling update strategies
Owner: pcorazao
github-workflows-dojo360-container-promotion
Multi-environment container deployment promotion through prescribed deployment paths with automated approval gates and E2E testing
Owner: pcorazao
github-workflows-dojo360-database
Automate database schema updates using Liquibase via the Dojo360 database workflow (with rollback and validation patterns)
Owner: pcorazao
github-workflows-dojo360-database-promotion
Promote Liquibase database changes across environments (dev→qa→cert→prod) with deployment-path validation and approval gates
Owner: pcorazao
github-workflows-dojo360-dockerfile-ci
Build and scan container images from a Dockerfile using Optum golden images and the recommended UHG reusable workflow
Owner: pcorazao

