Skip to content

Audit Snyk check/fix 2.6 #16728

Audit Snyk check/fix 2.6

Audit Snyk check/fix 2.6 #16728

Workflow file for this run

name: Continuous integration
on:
push:
jobs:
not-failed-backport:
name: Test that's not a failed backport
runs-on: ubuntu-22.04
timeout-minutes: 5
steps:
- run: 'false'
if: "github.event.head_commit.message == '[skip ci] Add instructions to finish the backport.'"
main:
name: Continuous integration
runs-on: ubuntu-22.04
timeout-minutes: 90
if: "!startsWith(github.event.head_commit.message, '[skip ci] ')"
env:
MAIN_BRANCH: 2.6
MAJOR_VERSION: 2.6
steps:
- run: '! ls BACKPORT_TODO'
- run: df -h
- run: docker system prune --all --force
- uses: actions/checkout@v2
with:
fetch-depth: 0
token: ${{ secrets.GOPASS_CI_GITHUB_TOKEN }}
- uses: camptocamp/initialise-gopass-summon-action@v2
with:
ci-gpg-private-key: ${{secrets.CI_GPG_PRIVATE_KEY}}
github-gopass-ci-token: ${{secrets.GOPASS_CI_GITHUB_TOKEN}}
patterns: pypi docker transifex
if: github.repository == 'camptocamp/c2cgeoportal'
- run: echo "${HOME}/.local/bin" >> ${GITHUB_PATH}
- run: python3 -m pip install --user --requirement=ci/requirements.txt
- name: Checks
run: c2cciutils-checks
- id: version
run: scripts/get-version --auto-increment --github
if: github.repository == 'camptocamp/c2cgeoportal'
- run: python3 -m pip install --user --requirement=requirements.txt
# Build images
- run: make build-runner
- run: make build-tools
- run: make checks
if: always()
- run: make build-config
# Build and lint QGIS images
- run: docker build --target=lint --build-arg=VERSION=3.16 docker/qgisserver
- run: QGIS_VERSION=3.16 make build-qgisserver
# Tests
- run: make preparetest
- run: docker-compose logs --timestamps
if: failure()
# Similar to: make tests-commons
- run: >
ci/run-dc-logs docker-compose exec -T tests coverage run
--source=/opt/c2cgeoportal/commons/c2cgeoportal_commons
--module pytest --verbose --color=yes --junitxml=/tmp/commons.xml
/opt/c2cgeoportal/commons/tests
# Similar to: make tests-geoportal
- run: >
ci/run-dc-logs docker-compose exec -T tests coverage run --append
--source=/opt/c2cgeoportal/geoportal/c2cgeoportal_geoportal
--module pytest --verbose --color=yes --junitxml=/tmp/geoportal.xml
/opt/c2cgeoportal/geoportal/tests
# Similar to: make tests-admin
- run: >
ci/run-dc-logs docker-compose exec -T tests coverage run --append
--source=/opt/c2cgeoportal/admin/c2cgeoportal_admin
--module pytest --verbose --color=yes --junitxml=/tmp/admin.xml
/opt/c2cgeoportal/admin/tests
# Similar to: make tests-qgisserver
- run: >
ci/run-dc-logs docker-compose exec -T qgisserver-tests
pytest --verbose --color=yes --junitxml=/tmp/qgis.xml
/src/tests/functional
- name: Extract tests artifacts
continue-on-error: true
run: |
docker-compose exec -T tests coverage report
docker-compose exec -T tests coverage html --directory=/tmp/coverage
mkdir --parent artifacts/geoportal-coverage
mkdir --parent artifacts/qgisserver-plugin-coverage
docker cp c2cgeoportal_tests_1:/tmp/coverage/ artifacts/geoportal-coverage/
if: always()
- run: docker-compose down
- uses: actions/upload-artifact@v2
with:
name: Geoportal coverage
path: artifacts/geoportal-coverage/
if-no-files-found: ignore
retention-days: 5
- uses: actions/upload-artifact@v2
with:
name: QGISserver plugin coverage
path: artifacts/qgisserver-plugin-coverage/
if-no-files-found: ignore
retention-days: 5
# Documentation
- run: >
docker build --tag=camptocamp/geomapfish-doc
--build-arg=MAJOR_VERSION=${MAJOR_VERSION}
--build-arg=MAIN_BRANCH=${MAIN_BRANCH}
doc
- name: Extract documentation
run: ci/extract-documentation artifacts/documentations/
if: always()
- uses: actions/upload-artifact@v2
with:
name: Documentation
path: artifacts/documentations/
if-no-files-found: ignore
retention-days: 5
if: always()
# Test App
- run: ci/test-app
- continue-on-error: true
run: |
cd ${HOME}/workspace/testgeomapfishapp/
for service in $(docker-compose config --services)
do
docker-compose logs ${service}
done
if: failure()
# Test Upgrade
- run: DOCKER_TAG=${{ steps.version.outputs.full }} make build-tools
- run: DOCKER_TAG=${{ steps.version.outputs.full }} make build-runner
- run: DOCKER_TAG=${{ steps.version.outputs.full }} make build-config
- run: docker images | grep "<none>" | awk '{print $3}' | xargs --no-run-if-empty docker rmi || true
- run: ci/test-upgrade init ${HOME}/workspace
- run: ci/test-upgrade 240 ${HOME}/workspace
- run: ci/test-upgrade cleanup ${HOME}/workspace
- name: Init Git
run:
git remote set-url origin https://${GITHUB_ACTOR}:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository
}}
- run: make build-tools
- run: make build-runner
- run: make build-config
- run: ci/create-new-project ${HOME}/workspace geomapfishapp
- run: (cd ${HOME}/workspace/geomapfishapp/; ./build)
- name: 'Update the changelog'
run: ci/changelog ${{ steps.version.outputs.full }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- run: git diff CHANGELOG.md
- name: Publish feature branch
run: |
c2cciutils-publish
c2cciutils-publish --group=full
if: >
github.ref != format('refs/heads/{0}', env.MAIN_BRANCH)
&& github.repository == 'camptocamp/c2cgeoportal'
- name: Publish version branch
run: |
c2cciutils-publish --type=version_branch --version=${{ steps.version.outputs.major }}
c2cciutils-publish --group=full --type=version_branch --version=${{ steps.version.outputs.full }}
if: >
github.ref == format('refs/heads/{0}', env.MAIN_BRANCH)
&& github.repository == 'camptocamp/c2cgeoportal'
- run: git diff --exit-code --patch > /tmp/dpkg-versions.patch || true
if: failure()
- uses: actions/upload-artifact@v4
with:
name: Update dpkg versions list.patch
path: /tmp/dpkg-versions.patch
retention-days: 1
if: failure()
- name: Push version and changelog
run: |
set -eux
git add ci/ci.yaml ci/changelog.yaml CHANGELOG.md
git diff --staged --quiet || (\
git commit -m "[skip ci] Update the minor version"; \
git push origin HEAD:${{ env.MAIN_BRANCH }} \
)
if: >
github.ref == format('refs/heads/{0}', env.MAIN_BRANCH)
&& github.repository == 'camptocamp/c2cgeoportal'
- name: Notify demo
run: >
curl --request POST --header "Content-Type: application/json"
--header 'Accept: application/vnd.github.v3+json'
--header "Authorization: token ${{ secrets.GOPASS_CI_GITHUB_TOKEN }}"
https://api.github.com/repos/camptocamp/demo_geomapfish/dispatches
--data '{"event_type": "geomapfish_${{ env.MAJOR_VERSION }}_updated",
"client_payload": {"version": "'"${{ steps.version.outputs.upgrade_version }}"'"}}'
if: >
github.ref == format('refs/heads/{0}', env.MAIN_BRANCH)
&& github.repository == 'camptocamp/c2cgeoportal'
- name: Publish documentation to GitHub.io
run: ci/publish-documentation
if: >
github.ref == format('refs/heads/{0}', env.MAIN_BRANCH)
&& github.repository == 'camptocamp/c2cgeoportal'
- run: >
docker run --rm --volume=/var/run/docker.sock:/var/run/docker.sock nate/dockviz
images --tree
if: always()
- run: docker images
if: always()
- run: docker system df
if: always()
- run: df -h
if: always()
# audit:
# runs-on: ubuntu-20.04
# timeout-minutes: 15
# name: Audit
# steps:
# - run: sudo npm install -g npm@6
# - run: sudo apt-get install --yes libgdal-dev libgraphviz-dev
# - run: sudo python3 -m pip install --upgrade httplib2 numpy
# - uses: actions/checkout@v3
#
# - uses: camptocamp/initialise-gopass-summon-action@v2
# with:
# ci-gpg-private-key: ${{secrets.CI_GPG_PRIVATE_KEY}}
# github-gopass-ci-token: ${{secrets.GOPASS_CI_GITHUB_TOKEN}}
#
# - run: python3 -m venv ~/.venv
# - run: echo "${HOME}/.venv/bin" >> ${GITHUB_PATH}
# - run: ~/.venv/bin/pip install --pre c2cciutils[audit]
#
# - uses: asdf-vm/actions/install@v1
#
# - name: Audit
# run: c2cciutils-audit --branch=2.6
# env:
# GITHUB_TOKEN: ${{ github.token }}