Skip to content
Continuous integration

Audit Snyk check/fix 2.8 (#11540) #18460

Sign in to view logs

Audit Snyk check/fix 2.8 (#11540)

Audit Snyk check/fix 2.8 (#11540) #18460

Workflow file for this run

.github/workflows/main.yaml at 4499915
name: Continuous integration
on:
push:
branches:
- master
- '[0-9]+.[0-9]+'
tags:
- '*'
pull_request:
env:
HAS_SECRETS: ${{ secrets.HAS_SECRETS }}
jobs:
not-failed-backport:
name: Test that's not a failed backport
runs-on: ubuntu-22.04
timeout-minutes: 5
steps:
- run: 'false'
if: github.event.head_commit.message == '[skip ci] Add instructions to finish the backport.'
main:
name: Continuous integration
runs-on: ubuntu-22.04
timeout-minutes: 150
if: "!startsWith(github.event.head_commit.message, '[skip ci] ')"
env:
MAIN_BRANCH: '2.8'
MAJOR_VERSION: '2.8'
steps:
- run: '! ls BACKPORT_TODO'
- run: df -h
- run: docker system prune --all --force
- run: sudo rm -rf /usr/local/lib/android
- run: df -h
- uses: actions/checkout@v3
with:
fetch-depth: 0
token: ${{ secrets.GOPASS_CI_GITHUB_TOKEN }}
if: env.HAS_SECRETS == 'HAS_SECRETS'
- uses: actions/checkout@v3
with:
fetch-depth: 0
if: env.HAS_SECRETS != 'HAS_SECRETS'
- uses: camptocamp/initialise-gopass-summon-action@v2
with:
ci-gpg-private-key: ${{secrets.CI_GPG_PRIVATE_KEY}}
github-gopass-ci-token: ${{secrets.GOPASS_CI_GITHUB_TOKEN}}
patterns: pypi docker transifex
if: env.HAS_SECRETS == 'HAS_SECRETS'
- run: echo "${HOME}/.local/bin" >> ${GITHUB_PATH}
- run: python3 -m pip install --user --requirement=ci/requirements.txt
- run: c2cciutils-download-applications --applications-file=ci/applications.yaml --versions-file=ci/applications-versions.yaml
- id: version
run: scripts/get-version --auto-increment --github
- uses: actions/cache@v3
with:
path: ~/.cache/pre-commit
key: pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}
restore-keys: "pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}\npre-commit-"
- run: pre-commit run --all-files
env:
SKIP: poetry-lock
- run: git diff --exit-code --patch > /tmp/pre-commit.patch || true
if: failure()
- uses: actions/upload-artifact@v4
with:
name: Apply pre-commit fix.patch
path: /tmp/pre-commit.patch
retention-days: 1
if: failure()
- name: Checks
run: c2cciutils-checks
- run: python3 -m pip install --user --requirement=requirements.txt
# Build images
- run: make build-runner
- run: make build-tools
- run: make checks
if: always()
- run: make build-config
# Build and lint QGIS images
- run: QGIS_VERSION=3.28-gdal3.7 make build-qgisserver
- run: QGIS_VERSION=3.28-gdal3.7 make prospector-qgisserver
# Tests
- run: make preparetest
- run: docker compose logs --timestamps
if: failure()
- run: make tests-commons
- run: c2cciutils-docker-logs
- run: make tests-geoportal
- run: c2cciutils-docker-logs
- run: make tests-admin
- run: c2cciutils-docker-logs
- run: make tests-qgisserver
- run: c2cciutils-docker-logs
- run: c2cciutils-docker-logs
if: always()
- run: docker compose down
- name: Test version generation for the changelog
run: scripts/updated_version latest latest
- run: sudo git clean -fdx
# Documentation
- run: >
docker build --tag=camptocamp/geomapfish-doc
--build-arg=MAJOR_VERSION=${MAJOR_VERSION}
--build-arg=MAIN_BRANCH=${MAIN_BRANCH}
doc
env:
DOCKER_BUILDKIT: '1'
- name: Extract documentation
run: ci/extract-documentation artifacts/documentations/ || true
if: always()
- uses: actions/upload-artifact@v3
with:
name: Documentation
path: artifacts/documentations/
if-no-files-found: ignore
retention-days: 5
if: always()
# Use minimal version from the documentation
- uses: actions/setup-python@v4
with:
# When we upgrade this we should also upgrade the requirements
# in the documentation: doc/integrator/requirements.rst
python-version: '3.7'
# When we upgrade this we should also upgrade the requirements
# in the documentation: doc/integrator/requirements.rst
- run: pip install --user PyYAML==3.13 docker-compose==1.26.0 'docker<7.0.0' urllib3==1.26.15 'requests<2.32.0'
# Test App
- timeout-minutes: 30
run: ci/test-app
- name: Docker logs
continue-on-error: true
run: |
cd ${HOME}/workspace/testgeomapfishapp/
c2cciutils-docker-logs
if: failure()
- run: |
git stash
git pull --ff-only origin ${{ env.MAIN_BRANCH }}
git stash pop
if: >
github.ref == format('refs/heads/{0}', env.MAIN_BRANCH)
&& env.HAS_SECRETS == 'HAS_SECRETS'
# Test Upgrade
- run: DOCKER_TAG=${{ steps.version.outputs.full }} make build-tools
- run: DOCKER_TAG=${{ steps.version.outputs.full }} make build-runner
- run: DOCKER_TAG=${{ steps.version.outputs.full }} make build-config
- run: docker images | grep "<none>" | awk '{print $3}' | xargs --no-run-if-empty docker rmi || true
- run: ci/test-upgrade init ${HOME}/workspace
- run: ci/test-upgrade 270 ${HOME}/workspace
- run: ci/test-upgrade 28 ${HOME}/workspace
- run: ci/test-upgrade cleanup ${HOME}/workspace
- uses: actions/setup-python@v4
with:
python-version: '3.10'
- run:
pip install --user PyYAML==5.3.1 docker-compose==1.29.2 'docker<7.0.0' wheel==0.40.0 urllib3==1.26.15
'requests<2.32.0'
- name: Init Git
run:
git remote set-url origin https://${GITHUB_ACTOR}:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository
}}
- run: make build-tools
- run: make build-runner
- run: make build-config
- run: ci/create-new-project ${HOME}/workspace geomapfishapp
- run: (cd ${HOME}/workspace/geomapfishapp/; ./build)
- name: Update the changelog
run: ci/changelog ${{ steps.version.outputs.full }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- run: git diff CHANGELOG.md
- name: Push version and changelog
run: |
set -eux
git add ci/ci.yaml ci/changelog.yaml CHANGELOG.md
git diff --staged --quiet || (\
git commit -m "[skip ci] Update the minor version"; \
git push origin HEAD:${{ env.MAIN_BRANCH }} \
)
if: >
github.ref == format('refs/heads/{0}', env.MAIN_BRANCH)
&& env.HAS_SECRETS == 'HAS_SECRETS'
- name: Publish
run: |
c2cciutils-publish --docker-versions=${{ steps.version.outputs.versions }} --snyk-version=${{ steps.version.outputs.snyk_version }} || true
if: >
env.HAS_SECRETS == 'HAS_SECRETS'
&& steps.version.outputs.versions != ''
- name: Publish version branch to pypi
run: |
c2cciutils-publish --group=pypi --type=version_tag --version=${{ steps.version.outputs.full }}
if: >
github.ref == format('refs/heads/{0}', env.MAIN_BRANCH)
&& env.HAS_SECRETS == 'HAS_SECRETS'
- run: git diff --exit-code --patch > /tmp/dpkg-versions.patch || true
if: failure()
- uses: actions/upload-artifact@v4
with:
name: Update dpkg versions list.patch
path: /tmp/dpkg-versions.patch
retention-days: 1
if: failure()
- name: Notify demo
run: >
curl --request POST --header "Content-Type: application/json"
--header 'Accept: application/vnd.github.v3+json'
--header "Authorization: token ${{ secrets.GOPASS_CI_GITHUB_TOKEN }}"
https://api.github.com/repos/camptocamp/demo_geomapfish/dispatches
--data '{"event_type": "geomapfish_${{ env.MAJOR_VERSION }}_updated",
"client_payload": {"version": "'"${{ steps.version.outputs.upgrade_version }}"'"}}'
if: >
github.ref == format('refs/heads/{0}', env.MAIN_BRANCH)
&& env.HAS_SECRETS == 'HAS_SECRETS'
- name: Publish to Transifex
run: |
git diff || true
git status || true
git status --ignored || true
make build-tools
docker run --name=transifex -ti --rm --detach --volume=${HOME}:/root camptocamp/geomapfish-tools tail -f /dev/null
docker exec transifex bash -c \
'(cd /opt/c2cgeoportal; make --makefile=dependencies.mk transifex-send)'
docker stop transifex
env:
DOCKER_BUILDKIT: '1'
if: >
github.ref == format('refs/heads/{0}', env.MAIN_BRANCH)
&& env.HAS_SECRETS == 'HAS_SECRETS'
- name: Publish documentation to GitHub.io
run: ci/publish-documentation
if: >
github.ref == format('refs/heads/{0}', env.MAIN_BRANCH)
&& env.HAS_SECRETS == 'HAS_SECRETS'
- run: >
docker run --rm --volume=/var/run/docker.sock:/var/run/docker.sock nate/dockviz
images --tree
if: always()
- run: docker images
if: always()
- run: docker system df
if: always()
- run: df -h
if: always()