fix: docker/Dockerfile-base to reduce vulnerabilities #897
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# run test suites | |
name: Tests | |
on: | |
- pull_request | |
- push | |
- workflow_dispatch | |
jobs: | |
# see: https://github.com/fkirc/skip-duplicate-actions | |
skip_duplicate: | |
continue-on-error: true | |
runs-on: ubuntu-latest | |
outputs: | |
should_skip: ${{ steps.skip_duplicate.outputs.should_skip && ! contains(github.ref, 'refs/tags') && ! contains(github.ref, 'refs/heads/master') }} | |
steps: | |
- uses: fkirc/skip-duplicate-actions@master | |
with: | |
concurrent_skipping: "same_content" | |
skip_after_successful_duplicate: "true" | |
do_not_skip: '["pull_request", "workflow_dispatch", "schedule"]' | |
# see: https://github.com/actions/setup-python | |
tests: | |
needs: skip_duplicate | |
if: ${{ needs.skip_duplicate.outputs.should_skip != 'true' }} | |
runs-on: ${{ matrix.os }} | |
continue-on-error: ${{ matrix.allow-failure }} | |
env: | |
# override make command to install directly in active python | |
CONDA_COMMAND: "" | |
strategy: | |
matrix: | |
os: [ubuntu-latest] | |
python-version: ["3.9", "3.10", "3.11", "3.12"] | |
allow-failure: [false] | |
test-case: [test-only] # add other test variations to run for every python/os/failure combinations | |
# tests with single run | |
include: | |
# linter tests | |
- os: ubuntu-latest | |
python-version: "3.10" | |
allow-failure: false | |
test-case: check-only | |
# docker smoke tests | |
- os: ubuntu-latest | |
python-version: "3.10" | |
allow-failure: false | |
test-case: test-docker | |
# coverage tests | |
- os: ubuntu-latest | |
python-version: "3.10" | |
allow-failure: false | |
test-case: coverage | |
steps: | |
- uses: actions/checkout@v2 | |
with: | |
fetch-depth: "0" | |
- name: Setup Python | |
uses: actions/setup-python@v2 | |
with: | |
python-version: "${{ matrix.python-version }}" | |
# Prepare workspace dir for tests that require access permissions | |
- name: Prepare Test Environment | |
uses: falti/[email protected] | |
id: dotenv | |
with: | |
path: ./docker/.env.example | |
keys-case: bypass | |
- name: Prepare Workspace | |
run: | | |
sudo mkdir -p "${{ steps.dotenv.outputs.WORKSPACE_DIR }}" | |
sudo chown -R runner:docker "${{ steps.dotenv.outputs.WORKSPACE_DIR }}" | |
# skip docker containers startup to avoid pull/up delay if not required by tests | |
- if: ${{ matrix.test-case == 'coverage' || matrix.test-case == 'test-only' }} | |
name: Start containers | |
run: make docker-up-dev-detached docker-config-dev | |
# preinstall system to ensure latest are available for following dependency resolution | |
- name: Install System Dependencies | |
run: make install-sys | |
- name: Display System Installation Options | |
run: make install-xargs | |
- name: Install Package and Test Dependencies | |
run: make install-pkg install-dev | |
- if: ${{ matrix.test-case == 'check-only' }} | |
name: Install Extra Test Dependencies | |
run: make install-dev | |
- name: Display Packages | |
run: pip freeze | |
- name: Display Version | |
run: make version | |
- name: Setup Environment Variables | |
uses: c-py/action-dotenv-to-setenv@v2 | |
with: | |
env-file: ./tests/ci/test.env | |
- name: Display Environment Variables | |
run: | | |
hash -r | |
env | sort | |
- name: Run Tests | |
run: make stop ${{ matrix.test-case }} | |
continue-on-error: false | |
- name: Upload coverage report | |
uses: codecov/codecov-action@v2 | |
if: ${{ success() && matrix.test-case == 'coverage' }} | |
with: | |
token: ${{ secrets.CODECOV_TOKEN }} | |
files: ./reports/coverage.xml | |
fail_ci_if_error: true | |
verbose: true |