Build Floating #8
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build Floating | |
| on: | |
| schedule: # weekly | |
| - cron: '0 0 * * 0' | |
| workflow_dispatch: | |
| jobs: | |
| docker: | |
| name: "${{ matrix.DEPLOYMENT_NAME }} USE_FROZEN=${{ matrix.USE_FROZEN }} ${{ matrix.CAL_VERSION }} -- Floating Build" | |
| runs-on: ubuntu-22.04 | |
| strategy: | |
| max-parallel: 3 | |
| fail-fast: false | |
| matrix: | |
| DEPLOYMENT_NAME: [ jwebbinar, roman, tike ] | |
| USE_FROZEN: [ 0 ] | |
| CAL_VERSION: [ none ] | |
| FREEZE: [ 1 ] | |
| OWNER: [ quay.io/jupyter ] | |
| permissions: | |
| actions: write | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@v4 | |
| - name: Set up Python 3.12 | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: 3.12 | |
| - name: Configure | |
| shell: bash | |
| run: | | |
| scripts/image-configure ${{ matrix.DEPLOYMENT_NAME }} --use-frozen ${{ matrix.USE_FROZEN }} --freeze ${{ matrix.FREEZE }} --cal-version ${{ matrix.CAL_VERSION }} --owner ${{ MATRIX.owner }} | |
| - name: Early exit for unaffected builds | |
| shell: bash | |
| run: | | |
| source setup-env | |
| if ! branch-changes-obj current https://github.com/spacetelescope/science-platform-images@main \ | |
| deployments/common deployments/${{ matrix.DEPLOYMENT_NAME }}; | |
| then | |
| echo "This build deployment is nominally unaffected by the changes in this PR." | |
| gh run cancel ${{ github.run_id }} || true | |
| gh run watch ${{ github.run_id }} || true | |
| exit 0 | |
| fi | |
| - name: Set Up Environment | |
| shell: bash | |
| run: | | |
| pip install -r requirements.txt | |
| - name: Free Disk Space, Enlarge Swapfile | |
| shell: bash | |
| run: | | |
| df -h | |
| sudo apt clean | |
| docker rmi $(docker image ls -aq) | |
| docker container prune -f | |
| sudo rm -rf "/usr/local/share/boost" | |
| sudo rm -rf "$AGENT_TOOLSDIRECTORY" | |
| sudo rm -rf /usr/local/lib/android # will release about 10 GB if you don't need Android | |
| sudo rm -rf /usr/share/dotnet # will release about 20GB if you don't need .NET | |
| sudo swapoff -a | |
| sudo rm -f /swapfile | |
| sudo fallocate -l 24G /swapfile | |
| sudo chmod 0600 /swapfile | |
| sudo mkswap /swapfile | |
| sudo swapon /swapfile | |
| cat /proc/meminfo | |
| df -h | |
| - name: Image Build | |
| shell: bash | |
| run: | | |
| source setup-env | |
| scripts/image-build | |
| df -h | |
| docker system df | |
| docker system prune | |
| docker image ls | |
| df -h | |
| - name: Image Functional Tests | |
| shell: bash | |
| run: | | |
| df -h | |
| source setup-env | |
| scripts/image-test | |
| df -h | |
| - name: Git Diffs (Frozen Version Specs) | |
| shell: bash | |
| run: git diff || true | |
| # XXXX Trivy missing config to run from built image, fails | |
| # ----- - name: Run Trivy vulnerability scanner on image | |
| # ----- uses: aquasecurity/trivy-action@master | |
| # ----- with: | |
| # ----- scan-type: image | |
| # ----- image-ref: notebook-${{ matrix.DEPLOYMENT_NAME }} | |
| # ----- ignore-unfixed: true | |
| # ----- format: table | |
| # ----- vuln-type: os,library | |
| # ----- severity: 'CRITICAL,HIGH,MEDIUM' | |
| # Anchore obsolete | |
| # ----- - name: Scan image | |
| # ----- uses: anchore/scan-action@v3 | |
| # ----- with: | |
| # ----- fail-build: false | |
| # ----- severity-cutoff: high | |
| # ----- output-format: table | |
| # ----- image: notebook-${{ matrix.DEPLOYMENT_NAME }} |