Bump cryptography from 42.0.2 to 42.0.4 #1545
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: Try build and start of production container | |
on: [pull_request] | |
jobs: | |
build: | |
strategy: | |
max-parallel: 4 | |
matrix: | |
os: [ubuntu-latest] | |
python-version: ["3.11"] | |
runs-on: ${{ matrix.os }} | |
name: Production container tests | |
services: | |
registry: | |
image: registry:2 | |
ports: | |
- 5000:5000 | |
steps: | |
- uses: actions/checkout@v4 | |
name: Get sources | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
with: | |
driver-opts: network=host | |
- name: Set build target branch | |
run: | | |
if [[ ${{ github.event.pull_request.base.ref }} == master ]]; then | |
BRANCH=master | |
else | |
BRANCH=develop | |
fi | |
echo "BUILD_BRANCH=$BRANCH" >> $GITHUB_ENV | |
- name: Build | |
uses: docker/build-push-action@v4 | |
with: | |
context: . | |
push: true | |
file: ./dockerfiles/Dockerfile | |
tags: localhost:5000/metadata-submitter:latest | |
cache-from: localhost:5000/metadata-submitter:latest | |
cache-to: type=local,dest=/tmp/.buildx-cache | |
build-args: | | |
BRANCH=${{ env.BUILD_BRANCH }} | |
- name: Run production container | |
run: docker run --rm -p 5430:5430 --name ms -d -t localhost:5000/metadata-submitter:latest | |
- name: Wait for production container to get ready | |
run: .github/workflows/wait_container.sh ms "Listening at" | |
- name: See that the static response is delivered | |
run: curl -s -4 http://localhost:5430/ | |
- name: Verify that the correct content is delivered, database is down | |
run: curl -s -4 http://localhost:5430/health | grep -q -F '{"status":"Down"}' | |
- name: Verify that we do not get a 404 when we ask for nonexistant path | |
run: curl -s -4 --head http://localhost:5430/notfound.ico | head -1 | grep -q -v -F ' 404 ' | |
- name: Shut down submitter service | |
run: docker kill ms && sleep 20 | |
- name: Create TLS keys and certificates | |
run: ./scripts/tls/tls_helper.sh | |
- name: Start production container with TLS | |
run: | | |
docker run --rm -p 5430:5430 -d --name mss \ | |
-v $PWD/config:/config \ | |
-e SERVE_KEY=/config/key \ | |
-e SERVE_CERT=/config/cert \ | |
-e SERVE_CA=/config/cacert \ | |
localhost:5000/metadata-submitter:latest | |
- name: Wait for secure production container to get ready | |
run: .github/workflows/wait_container.sh mss "Listening at" | |
- name: See that the static response is delivered | |
run: curl -s -4 --cacert ./config/cacert https://localhost:5430/ | |
- name: Verify that the correct content is delivered (TLS), database is down | |
run: curl -s -4 --cacert ./config/cacert https://localhost:5430/health | grep -q -F '{"status":"Down"}' | |
- name: Verify that we do not get a 404 when we ask for nonexistant path (TLS) | |
run: curl -s -4 --head --cacert ./config/cacert https://localhost:5430/notfound.ico | head -1 | grep -q -v -F ' 404 ' |