Audit Snyk check/fix 2.7 #20192
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: QGIS build | |
on: | |
push: | |
pull_request: | |
env: | |
HAS_SECRETS: ${{ secrets.HAS_SECRETS }} | |
jobs: | |
main: | |
runs-on: ubuntu-22.04 | |
name: QGIS build | |
timeout-minutes: 20 | |
if: "!startsWith(github.event.head_commit.message, '[skip ci] ')" | |
strategy: | |
fail-fast: false | |
matrix: | |
version: | |
- '3.28' | |
- 3.28-gdal3.6 | |
- 3.28-gdal3.7 | |
- '3.34' | |
- 3.34-gdal3.7 | |
- 3.34-gdal3.8 | |
- ltr | |
env: | |
MAIN_BRANCH: '2.7' | |
MAJOR_VERSION: '2.7' | |
steps: | |
- uses: actions/checkout@v2 | |
with: | |
fetch-depth: 0 | |
- uses: camptocamp/initialise-gopass-summon-action@v2 | |
with: | |
ci-gpg-private-key: ${{secrets.CI_GPG_PRIVATE_KEY}} | |
github-gopass-ci-token: ${{secrets.GOPASS_CI_GITHUB_TOKEN}} | |
patterns: docker | |
if: env.HAS_SECRETS == 'HAS_SECRETS' | |
- run: echo "${HOME}/.local/bin" >> ${GITHUB_PATH} | |
- run: python3 -m pip install --user --requirement=ci/requirements.txt | |
- run: docker pull camptocamp/geomapfish:${{ env.MAJOR_VERSION }} | |
- run: docker tag camptocamp/geomapfish:${{ env.MAJOR_VERSION }} camptocamp/geomapfish | |
- run: make build-test-db | |
- name: Build QGIS server | |
run: | | |
docker build --target=runner --build-arg=VERSION=${{ matrix.version }} \ | |
--tag=camptocamp/geomapfish-qgisserver \ | |
docker/qgisserver; | |
docker tag camptocamp/geomapfish-qgisserver \ | |
camptocamp/geomapfish-qgisserver:gmflatest-qgis${{ matrix.version }} | |
- name: Test library availability | |
run: | |
"! ( docker run --rm camptocamp/geomapfish-qgisserver ldd /usr/local/bin/qgis_mapserv.fcgi | grep 'not | |
found' )" | |
- name: Acceptance tests | |
run: | | |
cd docker/qgisserver | |
docker-compose up -d | |
docker-compose exec -T tests /tests/wait-db | |
docker-compose exec -T tests alembic --config=/tests/alembic.ini --name=main upgrade head | |
docker-compose exec -T tests alembic --config=/tests/alembic.ini --name=static upgrade head | |
docker-compose exec -T tests /tests/fill-db | |
c2cciutils-docker-logs | |
docker-compose exec -T tests /tests/acceptance-tests | |
- run: c2cciutils-docker-logs | |
if: failure() | |
- run: docker-compose down | |
- run: scripts/get-version --auto-increment --github | |
id: version | |
if: env.HAS_SECRETS == 'HAS_SECRETS' | |
- name: Publish feature branch | |
run: | | |
c2cciutils-publish --group=qgis-${{ matrix.version }} | |
if: > | |
github.ref != format('refs/heads/{0}', env.MAIN_BRANCH) | |
&& env.HAS_SECRETS == 'HAS_SECRETS' | |
&& ! contains(github.ref_name, '/') | |
- name: Publish version branch | |
run: | | |
c2cciutils-publish --group=qgis-${{ matrix.version }} --type=version_branch \ | |
--version=${{ steps.version.outputs.major }} | |
if: > | |
github.ref == format('refs/heads/{0}', env.MAIN_BRANCH) | |
&& env.HAS_SECRETS == 'HAS_SECRETS' |