Audit Snyk check/fix 2.6 #16728
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Continuous integration | |
on: | |
push: | |
jobs: | |
not-failed-backport: | |
name: Test that's not a failed backport | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 5 | |
steps: | |
- run: 'false' | |
if: "github.event.head_commit.message == '[skip ci] Add instructions to finish the backport.'" | |
main: | |
name: Continuous integration | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 90 | |
if: "!startsWith(github.event.head_commit.message, '[skip ci] ')" | |
env: | |
MAIN_BRANCH: 2.6 | |
MAJOR_VERSION: 2.6 | |
steps: | |
- run: '! ls BACKPORT_TODO' | |
- run: df -h | |
- run: docker system prune --all --force | |
- uses: actions/checkout@v2 | |
with: | |
fetch-depth: 0 | |
token: ${{ secrets.GOPASS_CI_GITHUB_TOKEN }} | |
- uses: camptocamp/initialise-gopass-summon-action@v2 | |
with: | |
ci-gpg-private-key: ${{secrets.CI_GPG_PRIVATE_KEY}} | |
github-gopass-ci-token: ${{secrets.GOPASS_CI_GITHUB_TOKEN}} | |
patterns: pypi docker transifex | |
if: github.repository == 'camptocamp/c2cgeoportal' | |
- run: echo "${HOME}/.local/bin" >> ${GITHUB_PATH} | |
- run: python3 -m pip install --user --requirement=ci/requirements.txt | |
- name: Checks | |
run: c2cciutils-checks | |
- id: version | |
run: scripts/get-version --auto-increment --github | |
if: github.repository == 'camptocamp/c2cgeoportal' | |
- run: python3 -m pip install --user --requirement=requirements.txt | |
# Build images | |
- run: make build-runner | |
- run: make build-tools | |
- run: make checks | |
if: always() | |
- run: make build-config | |
# Build and lint QGIS images | |
- run: docker build --target=lint --build-arg=VERSION=3.16 docker/qgisserver | |
- run: QGIS_VERSION=3.16 make build-qgisserver | |
# Tests | |
- run: make preparetest | |
- run: docker-compose logs --timestamps | |
if: failure() | |
# Similar to: make tests-commons | |
- run: > | |
ci/run-dc-logs docker-compose exec -T tests coverage run | |
--source=/opt/c2cgeoportal/commons/c2cgeoportal_commons | |
--module pytest --verbose --color=yes --junitxml=/tmp/commons.xml | |
/opt/c2cgeoportal/commons/tests | |
# Similar to: make tests-geoportal | |
- run: > | |
ci/run-dc-logs docker-compose exec -T tests coverage run --append | |
--source=/opt/c2cgeoportal/geoportal/c2cgeoportal_geoportal | |
--module pytest --verbose --color=yes --junitxml=/tmp/geoportal.xml | |
/opt/c2cgeoportal/geoportal/tests | |
# Similar to: make tests-admin | |
- run: > | |
ci/run-dc-logs docker-compose exec -T tests coverage run --append | |
--source=/opt/c2cgeoportal/admin/c2cgeoportal_admin | |
--module pytest --verbose --color=yes --junitxml=/tmp/admin.xml | |
/opt/c2cgeoportal/admin/tests | |
# Similar to: make tests-qgisserver | |
- run: > | |
ci/run-dc-logs docker-compose exec -T qgisserver-tests | |
pytest --verbose --color=yes --junitxml=/tmp/qgis.xml | |
/src/tests/functional | |
- name: Extract tests artifacts | |
continue-on-error: true | |
run: | | |
docker-compose exec -T tests coverage report | |
docker-compose exec -T tests coverage html --directory=/tmp/coverage | |
mkdir --parent artifacts/geoportal-coverage | |
mkdir --parent artifacts/qgisserver-plugin-coverage | |
docker cp c2cgeoportal_tests_1:/tmp/coverage/ artifacts/geoportal-coverage/ | |
if: always() | |
- run: docker-compose down | |
- uses: actions/upload-artifact@v2 | |
with: | |
name: Geoportal coverage | |
path: artifacts/geoportal-coverage/ | |
if-no-files-found: ignore | |
retention-days: 5 | |
- uses: actions/upload-artifact@v2 | |
with: | |
name: QGISserver plugin coverage | |
path: artifacts/qgisserver-plugin-coverage/ | |
if-no-files-found: ignore | |
retention-days: 5 | |
# Documentation | |
- run: > | |
docker build --tag=camptocamp/geomapfish-doc | |
--build-arg=MAJOR_VERSION=${MAJOR_VERSION} | |
--build-arg=MAIN_BRANCH=${MAIN_BRANCH} | |
doc | |
- name: Extract documentation | |
run: ci/extract-documentation artifacts/documentations/ | |
if: always() | |
- uses: actions/upload-artifact@v2 | |
with: | |
name: Documentation | |
path: artifacts/documentations/ | |
if-no-files-found: ignore | |
retention-days: 5 | |
if: always() | |
# Test App | |
- run: ci/test-app | |
- continue-on-error: true | |
run: | | |
cd ${HOME}/workspace/testgeomapfishapp/ | |
for service in $(docker-compose config --services) | |
do | |
docker-compose logs ${service} | |
done | |
if: failure() | |
# Test Upgrade | |
- run: DOCKER_TAG=${{ steps.version.outputs.full }} make build-tools | |
- run: DOCKER_TAG=${{ steps.version.outputs.full }} make build-runner | |
- run: DOCKER_TAG=${{ steps.version.outputs.full }} make build-config | |
- run: docker images | grep "<none>" | awk '{print $3}' | xargs --no-run-if-empty docker rmi || true | |
- run: ci/test-upgrade init ${HOME}/workspace | |
- run: ci/test-upgrade 240 ${HOME}/workspace | |
- run: ci/test-upgrade cleanup ${HOME}/workspace | |
- name: Init Git | |
run: | |
git remote set-url origin https://${GITHUB_ACTOR}:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository | |
}} | |
- run: make build-tools | |
- run: make build-runner | |
- run: make build-config | |
- run: ci/create-new-project ${HOME}/workspace geomapfishapp | |
- run: (cd ${HOME}/workspace/geomapfishapp/; ./build) | |
- name: 'Update the changelog' | |
run: ci/changelog ${{ steps.version.outputs.full }} | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- run: git diff CHANGELOG.md | |
- name: Publish feature branch | |
run: | | |
c2cciutils-publish | |
c2cciutils-publish --group=full | |
if: > | |
github.ref != format('refs/heads/{0}', env.MAIN_BRANCH) | |
&& github.repository == 'camptocamp/c2cgeoportal' | |
- name: Publish version branch | |
run: | | |
c2cciutils-publish --type=version_branch --version=${{ steps.version.outputs.major }} | |
c2cciutils-publish --group=full --type=version_branch --version=${{ steps.version.outputs.full }} | |
if: > | |
github.ref == format('refs/heads/{0}', env.MAIN_BRANCH) | |
&& github.repository == 'camptocamp/c2cgeoportal' | |
- run: git diff --exit-code --patch > /tmp/dpkg-versions.patch || true | |
if: failure() | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: Update dpkg versions list.patch | |
path: /tmp/dpkg-versions.patch | |
retention-days: 1 | |
if: failure() | |
- name: Push version and changelog | |
run: | | |
set -eux | |
git add ci/ci.yaml ci/changelog.yaml CHANGELOG.md | |
git diff --staged --quiet || (\ | |
git commit -m "[skip ci] Update the minor version"; \ | |
git push origin HEAD:${{ env.MAIN_BRANCH }} \ | |
) | |
if: > | |
github.ref == format('refs/heads/{0}', env.MAIN_BRANCH) | |
&& github.repository == 'camptocamp/c2cgeoportal' | |
- name: Notify demo | |
run: > | |
curl --request POST --header "Content-Type: application/json" | |
--header 'Accept: application/vnd.github.v3+json' | |
--header "Authorization: token ${{ secrets.GOPASS_CI_GITHUB_TOKEN }}" | |
https://api.github.com/repos/camptocamp/demo_geomapfish/dispatches | |
--data '{"event_type": "geomapfish_${{ env.MAJOR_VERSION }}_updated", | |
"client_payload": {"version": "'"${{ steps.version.outputs.upgrade_version }}"'"}}' | |
if: > | |
github.ref == format('refs/heads/{0}', env.MAIN_BRANCH) | |
&& github.repository == 'camptocamp/c2cgeoportal' | |
- name: Publish documentation to GitHub.io | |
run: ci/publish-documentation | |
if: > | |
github.ref == format('refs/heads/{0}', env.MAIN_BRANCH) | |
&& github.repository == 'camptocamp/c2cgeoportal' | |
- run: > | |
docker run --rm --volume=/var/run/docker.sock:/var/run/docker.sock nate/dockviz | |
images --tree | |
if: always() | |
- run: docker images | |
if: always() | |
- run: docker system df | |
if: always() | |
- run: df -h | |
if: always() | |
# audit: | |
# runs-on: ubuntu-20.04 | |
# timeout-minutes: 15 | |
# name: Audit | |
# steps: | |
# - run: sudo npm install -g npm@6 | |
# - run: sudo apt-get install --yes libgdal-dev libgraphviz-dev | |
# - run: sudo python3 -m pip install --upgrade httplib2 numpy | |
# - uses: actions/checkout@v3 | |
# | |
# - uses: camptocamp/initialise-gopass-summon-action@v2 | |
# with: | |
# ci-gpg-private-key: ${{secrets.CI_GPG_PRIVATE_KEY}} | |
# github-gopass-ci-token: ${{secrets.GOPASS_CI_GITHUB_TOKEN}} | |
# | |
# - run: python3 -m venv ~/.venv | |
# - run: echo "${HOME}/.venv/bin" >> ${GITHUB_PATH} | |
# - run: ~/.venv/bin/pip install --pre c2cciutils[audit] | |
# | |
# - uses: asdf-vm/actions/install@v1 | |
# | |
# - name: Audit | |
# run: c2cciutils-audit --branch=2.6 | |
# env: | |
# GITHUB_TOKEN: ${{ github.token }} |