chore(deps): update alpine docker tag to v3.20.3 #918
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy | |
| on: | |
| push: | |
| tags: ["[0-9].[0-9]+.[0-9]+"] | |
| branches: | |
| - master | |
| paths: | |
| - ".github/workflows/deploy.yml" | |
| - "nikas/**" | |
| - "share/**" | |
| - "Dockerfile" | |
| - "Dockerfile.dev" | |
| - "gulpfile.js" | |
| - "Makefile" | |
| - "MANIFEST.in" | |
| - "package-lock.json" | |
| - "package.json" | |
| - "requirements.txt" | |
| - "setup.cfg" | |
| - "setup.py" | |
| - "tox.ini" | |
| - "uwsgi.ini" | |
| - "version.env" | |
| pull_request: | |
| branches: | |
| - master | |
| paths: | |
| - ".github/workflows/deploy.yml" | |
| - "nikas/**" | |
| - "share/**" | |
| - "Dockerfile" | |
| - "Dockerfile.dev" | |
| - "gulpfile.js" | |
| - "Makefile" | |
| - "MANIFEST.in" | |
| - "package-lock.json" | |
| - "package.json" | |
| - "requirements.txt" | |
| - "setup.cfg" | |
| - "setup.py" | |
| - "tox.ini" | |
| - "uwsgi.ini" | |
| - "version.env" | |
| env: | |
| IMAGE_NAME: nikasproject/server | |
| GITHUB_IMAGE_NAME: docker.pkg.github.com/nikas-project/server/server | |
| TARGET_NODE: "14" | |
| TARGET_PYTHON: "3.8" | |
| jobs: | |
| Initialize: | |
| name: 🚩 Initialize | |
| runs-on: ubuntu-latest | |
| outputs: | |
| docker_file: ${{ steps.set-docker.outputs.file }} | |
| steps: | |
| - name: Cancel previous workflow | |
| uses: styfle/[email protected] | |
| with: | |
| access_token: ${{ github.token }} | |
| - name: Dump GitHub context | |
| env: | |
| GITHUB_CONTEXT: ${{ toJson(github) }} | |
| run: | | |
| echo "$GITHUB_CONTEXT" | |
| echo ${{ github.event.pull_request.title }} | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.ref }} | |
| - name: Set Dockerfile | |
| id: set-docker | |
| run: | | |
| if [[ "${{ github.ref }}" == "refs/heads/master" ]]; then | |
| echo "::set-output name=file::Dockerfile" | |
| else | |
| echo "::set-output name=file::Dockerfile.dev" | |
| fi | |
| Python: | |
| name: 🐍 Python | |
| needs: Initialize | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest] | |
| python-version: ["3.7", "3.8", "3.9", "3.10"] | |
| node-version: ["12", "14"] | |
| fail-fast: false | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup Python ${{ matrix.python-version }} on ${{ matrix.os }} | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| cache: "pip" | |
| cache-dependency-path: "setup.py" | |
| - name: Setup NodeJS ${{ matrix.node-version }} on ${{ matrix.os }} | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| cache: "npm" | |
| cache-dependency-path: package.json | |
| - name: Install dependencies | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y libxml2-utils libsqlite0 libxml2-utils sqlite openssl ca-certificates tini | |
| python -m pip install --upgrade pip | |
| pip install setuptools flake8 pytest pytest-cov wheel twine nose-py3 gunicorn cffi flask | |
| touch .env.pypi | |
| - name: Lint with flake8 | |
| run: | | |
| # stop the build if there are Python syntax errors or undefined names | |
| flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics | |
| # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide | |
| flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics | |
| - name: Compile JS stuff | |
| run: | | |
| npm install | |
| make init sass js | |
| - name: Setup development | |
| run: | | |
| pip install -e . | |
| nikas --version | |
| - name: Run test suite | |
| run: | | |
| make test | |
| env: | |
| PYTHONHASHSEED: random | |
| - name: Deploy to test server | |
| run: | | |
| python setup.py sdist bdist_wheel | |
| TWINE_PASSWORD=${{ secrets.PYPI_TEST_TOKEN }} TWINE_USERNAME=__token__ python -m twine upload --repository-url https://test.pypi.org/legacy/ --skip-existing --verbose dist/* | |
| - name: Deploy to main server | |
| if: github.ref_type == 'tag' && matrix.python-version == env.TARGET_PYTHON && matrix.node-version == env.TARGET_NODE | |
| run: | | |
| TWINE_PASSWORD=${{ secrets.PYPI_TOKEN }} TWINE_USERNAME=__token__ python -m twine upload --skip-existing --verbose dist/* | |
| - name: Report Failure | |
| uses: ravsamhq/notify-slack-action@v2 | |
| if: github.ref_type == 'tag' | |
| with: | |
| status: ${{ job.status }} | |
| notify_when: "failure,warnings" | |
| token: ${{ secrets.PERSONAL_GITHUB_TOKEN }} | |
| notification_title: "Deployment ( Python ) has a problem" | |
| message_format: "{emoji} *{workflow}* pipeline {status_message} in <{repo_url}|{repo}>" | |
| footer: "Linked Repo <{repo_url}|{repo}> | <{workflow_url}|View Workflow>" | |
| env: | |
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }} | |
| Docker: | |
| name: 🐳 Docker | |
| needs: | |
| - Python | |
| - Initialize | |
| runs-on: ubuntu-latest | |
| env: | |
| DOCKERFILE: ${{ needs.Initialize.outputs.docker_file }} | |
| DOCKER_BUILDKIT: 1 | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| security-events: write | |
| steps: | |
| - name: Sleep for 90 seconds | |
| if: github.ref_type == 'tag' | |
| run: sleep 90s | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Get version | |
| run: echo "NIKAS_VERSION=$(cat version.env)" >> $GITHUB_ENV | |
| - name: Get Current Date | |
| id: date | |
| run: echo "::set-output name=date::$(date +'%Y-%m-%d')" | |
| - name: Build image | |
| run: > | |
| docker build | |
| -t ${{ env.IMAGE_NAME }}:${{ env.NIKAS_VERSION }} | |
| -t ${{ env.IMAGE_NAME }}:${{ github.sha }} | |
| -t ${{ env.GITHUB_IMAGE_NAME }}:${{ env.NIKAS_VERSION }} | |
| --build-arg DATE_CREATED=${{ steps.date.outputs.date }} | |
| --build-arg VERSION=${{ env.NIKAS_VERSION }} | |
| -f ${{ env.DOCKERFILE }} | |
| . | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: "${{ env.IMAGE_NAME }}:${{ github.sha }}" | |
| exit-code: "0" | |
| ignore-unfixed: true | |
| vuln-type: "os,library" | |
| severity: "CRITICAL,HIGH" | |
| format: "template" | |
| template: "@/contrib/sarif.tpl" | |
| output: "trivy-results.sarif" | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| if: github.ref_type == 'tag' | |
| uses: github/codeql-action/upload-sarif@v2 | |
| with: | |
| sarif_file: "trivy-results.sarif" | |
| - name: Push to Dockerhub | |
| if: github.ref_type == 'tag' | |
| run: | | |
| docker login -u "${{ secrets.DOCKERHUB_USERNAME }}" -p "${{ secrets.DOCKERHUB_TOKEN }}" | |
| docker push ${{ env.IMAGE_NAME }}:${{ env.NIKAS_VERSION }} | |
| - name: Push to Github | |
| if: github.ref_type == 'tag' | |
| run: | | |
| docker login -u "${{ secrets.DOCKERHUB_USERNAME }}" -p "${{ secrets.GITHUB_TOKEN }}" docker.pkg.github.com | |
| docker push ${{ env.GITHUB_IMAGE_NAME }}:${{ env.NIKAS_VERSION }} | |
| - name: Report Failure | |
| uses: ravsamhq/notify-slack-action@v2 | |
| if: github.ref_type == 'tag' | |
| with: | |
| status: ${{ job.status }} | |
| notify_when: "failure,warnings" | |
| token: ${{ secrets.PERSONAL_GITHUB_TOKEN }} | |
| notification_title: "Deployment ( Docker ) has a problem" | |
| message_format: "{emoji} *{workflow}* pipeline {status_message} in <{repo_url}|{repo}>" | |
| footer: "Linked Repo <{repo_url}|{repo}> | <{workflow_url}|View Workflow>" | |
| env: | |
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }} | |
| - name: Report Success | |
| uses: ravsamhq/notify-slack-action@v2 | |
| if: github.ref_type == 'tag' | |
| with: | |
| status: ${{ job.status }} | |
| notify_when: "success" | |
| token: ${{ secrets.PERSONAL_GITHUB_TOKEN }} | |
| notification_title: "New version deployed" | |
| message_format: "{emoji} *{workflow}* pipeline {status_message} in <{repo_url}|{repo}>" | |
| footer: "Linked Repo <{repo_url}|{repo}> | <{workflow_url}|View Workflow>" | |
| env: | |
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }} |