Audit Snyk check/fix 2.7 #16938
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Continuous integration | |
on: | |
push: | |
pull_request: | |
env: | |
HAS_SECRETS: ${{ secrets.HAS_SECRETS }} | |
jobs: | |
not-failed-backport: | |
name: Test that's not a failed backport | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 5 | |
steps: | |
- run: 'false' | |
if: "github.event.head_commit.message == '[skip ci] Add instructions to finish the backport.'" | |
main: | |
name: Continuous integration | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 120 | |
if: "!startsWith(github.event.head_commit.message, '[skip ci] ')" | |
env: | |
MAIN_BRANCH: '2.7' | |
MAJOR_VERSION: '2.7' | |
steps: | |
- run: '! ls BACKPORT_TODO' | |
- run: df -h | |
- run: docker system prune --all --force | |
- run: pip install pyOpenSSL --upgrade | |
- uses: actions/checkout@v2 | |
with: | |
fetch-depth: 0 | |
token: ${{ secrets.GOPASS_CI_GITHUB_TOKEN }} | |
if: env.HAS_SECRETS == 'HAS_SECRETS' | |
- uses: actions/checkout@v2 | |
with: | |
fetch-depth: 0 | |
if: env.HAS_SECRETS != 'HAS_SECRETS' | |
- uses: camptocamp/initialise-gopass-summon-action@v2 | |
with: | |
ci-gpg-private-key: ${{secrets.CI_GPG_PRIVATE_KEY}} | |
github-gopass-ci-token: ${{secrets.GOPASS_CI_GITHUB_TOKEN}} | |
patterns: pypi docker transifex | |
if: env.HAS_SECRETS == 'HAS_SECRETS' | |
- run: echo "${HOME}/.local/bin" >> ${GITHUB_PATH} | |
- run: python3 -m pip install --user --requirement=ci/requirements.txt | |
- run: | | |
python3 -m venv /tmp/venv | |
/tmp/venv/bin/pip install c2cciutils==1.4.13 | |
/tmp/venv/bin/c2cciutils-download-applications --applications-file=ci/applications.yaml \ | |
--versions-file=ci/applications-versions.yaml | |
rm -rf /tmp/venv | |
- name: Checks | |
run: c2cciutils-checks | |
- run: python3 -m pip install --user --requirement=requirements.txt | |
# Build images | |
- run: make build-runner | |
- run: make build-tools | |
- run: make checks | |
if: always() | |
- run: make build-config | |
# Build and lint QGIS images | |
- run: docker build --target=lint --build-arg=VERSION=3.28-gdal3.7 docker/qgisserver | |
- run: QGIS_VERSION=3.28-gdal3.7 make build-qgisserver | |
# Tests | |
- run: make preparetest | |
- run: docker-compose logs --timestamps | |
if: failure() | |
# Similar to: make tests-commons | |
- run: > | |
docker-compose exec -T tests coverage run | |
--source=/opt/c2cgeoportal/commons/c2cgeoportal_commons | |
--module pytest --verbose --color=yes --junitxml=/tmp/commons.xml | |
/opt/c2cgeoportal/commons/tests | |
- run: c2cciutils-docker-logs | |
# Similar to: make tests-geoportal | |
- run: > | |
docker-compose exec -T tests coverage run --append | |
--source=/opt/c2cgeoportal/geoportal/c2cgeoportal_geoportal | |
--module pytest --verbose --color=yes --junitxml=/tmp/geoportal.xml | |
/opt/c2cgeoportal/geoportal/tests | |
- run: c2cciutils-docker-logs | |
# Similar to: make tests-admin | |
- run: > | |
docker-compose exec -T tests coverage run --append | |
--source=/opt/c2cgeoportal/admin/c2cgeoportal_admin | |
--module pytest --verbose --color=yes --junitxml=/tmp/admin.xml | |
/opt/c2cgeoportal/admin/tests | |
- run: c2cciutils-docker-logs | |
# Similar to: make tests-qgisserver | |
- run: > | |
docker-compose exec -T qgisserver-tests pytest --verbose --color=yes --junitxml=/tmp/qgis.xml | |
/src/tests/functional | |
- run: c2cciutils-docker-logs | |
- name: Extract tests artifacts | |
continue-on-error: true | |
run: | | |
docker-compose exec -T tests coverage report | |
docker-compose exec -T tests coverage html --directory=/tmp/coverage | |
mkdir --parent artifacts/geoportal-coverage | |
docker cp c2cgeoportal_tests_1:/tmp/coverage/ artifacts/geoportal-coverage/ | |
if: always() | |
- run: c2cciutils-docker-logs | |
if: always() | |
- run: docker-compose down | |
- uses: actions/upload-artifact@v2 | |
with: | |
name: Geoportal coverage | |
path: artifacts/geoportal-coverage/ | |
if-no-files-found: ignore | |
retention-days: 5 | |
- uses: actions/upload-artifact@v2 | |
with: | |
name: QGISserver plugin coverage | |
path: artifacts/qgisserver-plugin-coverage/ | |
if-no-files-found: ignore | |
retention-days: 5 | |
- run: sudo git clean -fdx | |
# Documentation | |
- run: > | |
docker build --tag=camptocamp/geomapfish-doc | |
--build-arg=MAJOR_VERSION=${MAJOR_VERSION} | |
--build-arg=MAIN_BRANCH=${MAIN_BRANCH} | |
doc | |
- name: Extract documentation | |
run: ci/extract-documentation artifacts/documentations/ || true | |
if: always() | |
- uses: actions/upload-artifact@v2 | |
with: | |
name: Documentation | |
path: artifacts/documentations/ | |
if-no-files-found: ignore | |
retention-days: 5 | |
if: always() | |
# Use minimal version from the documentation | |
- uses: actions/setup-python@v4 | |
with: | |
# When we upgrade this we should also upgrade the requirements | |
# in the documentation: doc/integrator/requirements.rst | |
python-version: '3.7' | |
# When we upgrade this we should also upgrade the requirements | |
# in the documentation: doc/integrator/requirements.rst | |
# netifaces is for 2.4 | |
- run: pip install --user PyYAML==3.13 docker-compose==1.21.0 netifaces 'requests<2.32.0' | |
# Test App | |
- run: ci/test-app | |
- name: Docker logs | |
continue-on-error: true | |
run: | | |
cd ${HOME}/workspace/testgeomapfishapp/ | |
c2cciutils-docker-logs | |
if: failure() | |
- run: git pull --ff-only origin ${{ env.MAIN_BRANCH }} | |
if: > | |
github.ref == format('refs/heads/{0}', env.MAIN_BRANCH) | |
&& env.HAS_SECRETS == 'HAS_SECRETS' | |
- id: version | |
run: scripts/get-version --auto-increment --github | |
# Test Upgrade | |
- run: DOCKER_TAG=${{ steps.version.outputs.full }} make build-tools | |
- run: DOCKER_TAG=${{ steps.version.outputs.full }} make build-runner | |
- run: DOCKER_TAG=${{ steps.version.outputs.full }} make build-config | |
- run: docker images | grep "<none>" | awk '{print $3}' | xargs --no-run-if-empty docker rmi || true | |
- run: ci/test-upgrade init ${HOME}/workspace | |
- run: ci/test-upgrade 240 ${HOME}/workspace | |
- run: ci/test-upgrade 260 ${HOME}/workspace | |
- run: ci/test-upgrade 27 ${HOME}/workspace | |
- run: ci/test-upgrade cleanup ${HOME}/workspace | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: '3.10' | |
- run: pip install --user PyYAML==5.3.1 docker==6.1.3 docker-compose==1.29.2 wheel==0.40.0 'requests<2.32.0' | |
- name: Init Git | |
run: | |
git remote set-url origin https://${GITHUB_ACTOR}:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository | |
}} | |
- run: make build-tools | |
- run: make build-runner | |
- run: make build-config | |
- run: ci/create-new-project ${HOME}/workspace geomapfishapp | |
- run: (cd ${HOME}/workspace/geomapfishapp/; ./build) | |
- name: Update the changelog | |
run: ci/changelog ${{ steps.version.outputs.full }} | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- run: git diff CHANGELOG.md | |
- name: Push version and changelog | |
run: | | |
set -eux | |
git add ci/ci.yaml ci/changelog.yaml CHANGELOG.md | |
git diff --staged --quiet || (\ | |
git commit -m "[skip ci] Update the minor version"; \ | |
git push origin HEAD:${{ env.MAIN_BRANCH }} \ | |
) | |
if: > | |
github.ref == format('refs/heads/{0}', env.MAIN_BRANCH) | |
&& env.HAS_SECRETS == 'HAS_SECRETS' | |
- name: Publish feature branch | |
run: | | |
c2cciutils-publish | |
c2cciutils-publish --group=full | |
if: > | |
github.ref != format('refs/heads/{0}', env.MAIN_BRANCH) | |
&& env.HAS_SECRETS == 'HAS_SECRETS' | |
&& ! contains(github.ref_name, '/') | |
- name: Publish version branch | |
run: | | |
c2cciutils-publish --type=version_branch --version=${{ steps.version.outputs.major }} | |
c2cciutils-publish --type=version_branch --version=${{ steps.version.outputs.major_minor }} | |
c2cciutils-publish --group=full --type=version_branch --version=${{ steps.version.outputs.full }} | |
if: > | |
github.ref == format('refs/heads/{0}', env.MAIN_BRANCH) | |
&& env.HAS_SECRETS == 'HAS_SECRETS' | |
- name: Publish version branch to pypi | |
run: | | |
c2cciutils-publish --group=pypi --type=version_tag --version=${{ steps.version.outputs.full }} | |
if: > | |
github.ref == format('refs/heads/{0}', env.MAIN_BRANCH) | |
&& env.HAS_SECRETS == 'HAS_SECRETS' | |
- run: git diff --exit-code --patch > /tmp/dpkg-versions.patch || true | |
if: failure() | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: Update dpkg versions list.patch | |
path: /tmp/dpkg-versions.patch | |
retention-days: 1 | |
if: failure() | |
- name: Notify demo | |
run: > | |
curl --request POST --header "Content-Type: application/json" | |
--header 'Accept: application/vnd.github.v3+json' | |
--header "Authorization: token ${{ secrets.GOPASS_CI_GITHUB_TOKEN }}" | |
https://api.github.com/repos/camptocamp/demo_geomapfish/dispatches | |
--data '{"event_type": "geomapfish_${{ env.MAJOR_VERSION }}_updated", | |
"client_payload": {"version": "'"${{ steps.version.outputs.upgrade_version }}"'"}}' | |
if: > | |
github.ref == format('refs/heads/{0}', env.MAIN_BRANCH) | |
&& env.HAS_SECRETS == 'HAS_SECRETS' | |
- name: Publish to Transifex | |
run: | | |
docker build --target=tools --tag=transifex --build-arg=MAJOR_VERSION=${MAJOR_VERSION} . | |
docker run --name=transifex -ti --rm --detach --volume=${HOME}:/root transifex tail -f /dev/null | |
docker exec transifex bash -c \ | |
'(cd /opt/c2cgeoportal; make --makefile=dependencies.mk transifex-send)' | |
docker stop transifex | |
if: > | |
github.ref == format('refs/heads/{0}', env.MAIN_BRANCH) | |
&& env.HAS_SECRETS == 'HAS_SECRETS' | |
- name: Publish documentation to GitHub.io | |
run: ci/publish-documentation | |
if: > | |
github.ref == format('refs/heads/{0}', env.MAIN_BRANCH) | |
&& env.HAS_SECRETS == 'HAS_SECRETS' | |
- run: > | |
docker run --rm --volume=/var/run/docker.sock:/var/run/docker.sock nate/dockviz | |
images --tree | |
if: always() | |
- run: docker images | |
if: always() | |
- run: docker system df | |
if: always() | |
- run: df -h | |
if: always() |