Skip to content

Snyk auto fix

Snyk auto fix #16727

Workflow file for this run

name: Continuous integration
on:
push:
pull_request:
env:
HAS_SECRETS: ${{ secrets.HAS_SECRETS }}
jobs:
not-failed-backport:
name: Test that's not a failed backport
runs-on: ubuntu-22.04
timeout-minutes: 5
steps:
- run: 'false'
if: "github.event.head_commit.message == '[skip ci] Add instructions to finish the backport.'"
main:
name: Continuous integration
runs-on: ubuntu-22.04
timeout-minutes: 120
if: "!startsWith(github.event.head_commit.message, '[skip ci] ')"
env:
MAIN_BRANCH: '2.7'
MAJOR_VERSION: '2.7'
steps:
- run: '! ls BACKPORT_TODO'
- run: df -h
- run: docker system prune --all --force
- run: pip install pyOpenSSL --upgrade
- uses: actions/checkout@v2
with:
fetch-depth: 0
token: ${{ secrets.GOPASS_CI_GITHUB_TOKEN }}
if: env.HAS_SECRETS == 'HAS_SECRETS'
- uses: actions/checkout@v2
with:
fetch-depth: 0
if: env.HAS_SECRETS != 'HAS_SECRETS'
- uses: camptocamp/initialise-gopass-summon-action@v2
with:
ci-gpg-private-key: ${{secrets.CI_GPG_PRIVATE_KEY}}
github-gopass-ci-token: ${{secrets.GOPASS_CI_GITHUB_TOKEN}}
patterns: pypi docker transifex
if: env.HAS_SECRETS == 'HAS_SECRETS'
- run: echo "${HOME}/.local/bin" >> ${GITHUB_PATH}
- run: python3 -m pip install --user --requirement=ci/requirements.txt
- run: |
python3 -m venv /tmp/venv
/tmp/venv/bin/pip install c2cciutils==1.4.13
/tmp/venv/bin/c2cciutils-download-applications --applications-file=ci/applications.yaml \
--versions-file=ci/applications-versions.yaml
rm -rf /tmp/venv
- name: Checks
run: c2cciutils-checks
- run: python3 -m pip install --user --requirement=requirements.txt
# Build images
- run: make build-runner
- run: make build-tools
- run: make checks
if: always()
- run: make build-config
# Build and lint QGIS images
- run: docker build --target=lint --build-arg=VERSION=3.22 docker/qgisserver
- run: QGIS_VERSION=3.28-gdal3.7 make build-qgisserver
# Tests
- run: make preparetest
- run: docker-compose logs --timestamps
if: failure()
# Similar to: make tests-commons
- run: >
docker-compose exec -T tests coverage run
--source=/opt/c2cgeoportal/commons/c2cgeoportal_commons
--module pytest --verbose --color=yes --junitxml=/tmp/commons.xml
/opt/c2cgeoportal/commons/tests
- run: c2cciutils-docker-logs
# Similar to: make tests-geoportal
- run: >
docker-compose exec -T tests coverage run --append
--source=/opt/c2cgeoportal/geoportal/c2cgeoportal_geoportal
--module pytest --verbose --color=yes --junitxml=/tmp/geoportal.xml
/opt/c2cgeoportal/geoportal/tests
- run: c2cciutils-docker-logs
# Similar to: make tests-admin
- run: >
docker-compose exec -T tests coverage run --append
--source=/opt/c2cgeoportal/admin/c2cgeoportal_admin
--module pytest --verbose --color=yes --junitxml=/tmp/admin.xml
/opt/c2cgeoportal/admin/tests
- run: c2cciutils-docker-logs
# Similar to: make tests-qgisserver
- run: >
docker-compose exec -T qgisserver-tests coverage run
--source=/var/www/plugins/geomapfish_qgisserver
--module pytest --verbose --color=yes --junitxml=/tmp/qgis.xml
/src/tests/functional
- run: c2cciutils-docker-logs
- name: Extract tests artifacts
continue-on-error: true
run: |
docker-compose exec -T tests coverage report
docker-compose exec -T tests coverage html --directory=/tmp/coverage
docker-compose exec -T qgisserver-tests coverage report
docker-compose exec -T qgisserver-tests coverage html --directory=/tmp/coverage
mkdir --parent artifacts/geoportal-coverage
mkdir --parent artifacts/qgisserver-plugin-coverage
docker cp c2cgeoportal_tests_1:/tmp/coverage/ artifacts/geoportal-coverage/
docker cp c2cgeoportal_qgisserver-tests_1:/tmp/coverage/ artifacts/qgisserver-plugin-coverage/
if: always()
- run: c2cciutils-docker-logs
if: always()
- run: docker-compose down
- uses: actions/upload-artifact@v2
with:
name: Geoportal coverage
path: artifacts/geoportal-coverage/
if-no-files-found: ignore
retention-days: 5
- uses: actions/upload-artifact@v2
with:
name: QGISserver plugin coverage
path: artifacts/qgisserver-plugin-coverage/
if-no-files-found: ignore
retention-days: 5
- run: sudo git clean -fdx
# Documentation
- run: >
docker build --tag=camptocamp/geomapfish-doc
--build-arg=MAJOR_VERSION=${MAJOR_VERSION}
--build-arg=MAIN_BRANCH=${MAIN_BRANCH}
doc
- name: Extract documentation
run: ci/extract-documentation artifacts/documentations/ || true
if: always()
- uses: actions/upload-artifact@v2
with:
name: Documentation
path: artifacts/documentations/
if-no-files-found: ignore
retention-days: 5
if: always()
# Use minimal version from the documentation
- uses: actions/setup-python@v4
with:
# When we upgrade this we should also upgrade the requirements
# in the documentation: doc/integrator/requirements.rst
python-version: '3.7'
# When we upgrade this we should also upgrade the requirements
# in the documentation: doc/integrator/requirements.rst
# netifaces is for 2.4
- run: pip install --user PyYAML==3.13 docker-compose==1.21.0 netifaces 'requests<2.32.0'
# Test App
- run: ci/test-app
- name: Docker logs
continue-on-error: true
run: |
cd ${HOME}/workspace/testgeomapfishapp/
c2cciutils-docker-logs
if: failure()
- run: git pull --ff-only origin ${{ env.MAIN_BRANCH }}
if: >
github.ref == format('refs/heads/{0}', env.MAIN_BRANCH)
&& env.HAS_SECRETS == 'HAS_SECRETS'
- id: version
run: scripts/get-version --auto-increment --github
# Test Upgrade
- run: DOCKER_TAG=${{ steps.version.outputs.full }} make build-tools
- run: DOCKER_TAG=${{ steps.version.outputs.full }} make build-runner
- run: DOCKER_TAG=${{ steps.version.outputs.full }} make build-config
- run: docker images | grep "<none>" | awk '{print $3}' | xargs --no-run-if-empty docker rmi || true
- run: ci/test-upgrade init ${HOME}/workspace
- run: ci/test-upgrade 240 ${HOME}/workspace
- run: ci/test-upgrade 260 ${HOME}/workspace
- run: ci/test-upgrade 27 ${HOME}/workspace
- run: ci/test-upgrade cleanup ${HOME}/workspace
- uses: actions/setup-python@v4
with:
python-version: '3.10'
- run: pip install --user PyYAML==5.3.1 docker==6.1.3 docker-compose==1.29.2 wheel==0.40.0 'requests<2.32.0'
- name: Init Git
run:
git remote set-url origin https://${GITHUB_ACTOR}:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository
}}
- run: make build-tools
- run: make build-runner
- run: make build-config
- run: ci/create-new-project ${HOME}/workspace geomapfishapp
- run: (cd ${HOME}/workspace/geomapfishapp/; ./build)
- name: Update the changelog
run: ci/changelog ${{ steps.version.outputs.full }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- run: git diff CHANGELOG.md
- name: Push version and changelog
run: |
set -eux
git add ci/ci.yaml ci/changelog.yaml CHANGELOG.md
git diff --staged --quiet || (\
git commit -m "[skip ci] Update the minor version"; \
git push origin HEAD:${{ env.MAIN_BRANCH }} \
)
if: >
github.ref == format('refs/heads/{0}', env.MAIN_BRANCH)
&& env.HAS_SECRETS == 'HAS_SECRETS'
- name: Publish feature branch
run: |
c2cciutils-publish
c2cciutils-publish --group=full
if: >
github.ref != format('refs/heads/{0}', env.MAIN_BRANCH)
&& env.HAS_SECRETS == 'HAS_SECRETS'
&& ! contains(github.ref_name, '/')
- name: Publish version branch
run: |
c2cciutils-publish --type=version_branch --version=${{ steps.version.outputs.major }}
c2cciutils-publish --type=version_branch --version=${{ steps.version.outputs.major_minor }}
c2cciutils-publish --group=full --type=version_branch --version=${{ steps.version.outputs.full }}
if: >
github.ref == format('refs/heads/{0}', env.MAIN_BRANCH)
&& env.HAS_SECRETS == 'HAS_SECRETS'
- name: Publish version branch to pypi
run: |
c2cciutils-publish --group=pypi --type=version_tag --version=${{ steps.version.outputs.full }}
if: >
github.ref == format('refs/heads/{0}', env.MAIN_BRANCH)
&& env.HAS_SECRETS == 'HAS_SECRETS'
- run: git diff --exit-code --patch > /tmp/dpkg-versions.patch || true
if: failure()
- uses: actions/upload-artifact@v4
with:
name: Update dpkg versions list.patch
path: /tmp/dpkg-versions.patch
retention-days: 1
if: failure()
- name: Notify demo
run: >
curl --request POST --header "Content-Type: application/json"
--header 'Accept: application/vnd.github.v3+json'
--header "Authorization: token ${{ secrets.GOPASS_CI_GITHUB_TOKEN }}"
https://api.github.com/repos/camptocamp/demo_geomapfish/dispatches
--data '{"event_type": "geomapfish_${{ env.MAJOR_VERSION }}_updated",
"client_payload": {"version": "'"${{ steps.version.outputs.upgrade_version }}"'"}}'
if: >
github.ref == format('refs/heads/{0}', env.MAIN_BRANCH)
&& env.HAS_SECRETS == 'HAS_SECRETS'
- name: Publish to Transifex
run: |
docker build --target=tools --tag=transifex --build-arg=MAJOR_VERSION=${MAJOR_VERSION} .
docker run --name=transifex -ti --rm --detach --volume=${HOME}:/root transifex tail -f /dev/null
docker exec transifex bash -c \
'(cd /opt/c2cgeoportal; make --makefile=dependencies.mk transifex-send)'
docker stop transifex
if: >
github.ref == format('refs/heads/{0}', env.MAIN_BRANCH)
&& env.HAS_SECRETS == 'HAS_SECRETS'
- name: Publish documentation to GitHub.io
run: ci/publish-documentation
if: >
github.ref == format('refs/heads/{0}', env.MAIN_BRANCH)
&& env.HAS_SECRETS == 'HAS_SECRETS'
- run: >
docker run --rm --volume=/var/run/docker.sock:/var/run/docker.sock nate/dockviz
images --tree
if: always()
- run: docker images
if: always()
- run: docker system df
if: always()
- run: df -h
if: always()