Audit Snyk check/fix 2.8 (#11540) #21737
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: QGIS build | |
on: | |
push: | |
branches: | |
- master | |
- '[0-9]+.[0-9]+' | |
tags: | |
- '*' | |
pull_request: | |
env: | |
HAS_SECRETS: ${{ secrets.HAS_SECRETS }} | |
DOCKER_BUILDKIT: 1 | |
MAIN_BRANCH: '2.8' | |
MAJOR_VERSION: '2.8' | |
jobs: | |
common: | |
runs-on: ubuntu-22.04 | |
name: QGIS build | |
timeout-minutes: 20 | |
if: "!startsWith(github.event.head_commit.message, '[skip ci] ')" | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- run: make build-runner | |
- run: docker save --output=/tmp/tools.docker camptocamp/geomapfish | |
- name: Upload artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: tools.docker | |
path: /tmp/tools.docker | |
main: | |
runs-on: ubuntu-22.04 | |
name: QGIS build | |
timeout-minutes: 10 | |
needs: common | |
strategy: | |
fail-fast: false | |
matrix: | |
version: | |
# Last LTR | |
- '3.28' | |
- 3.28-gdal3.6 | |
- 3.28-gdal3.7 | |
- '3.34' | |
- 3.34-gdal3.7 | |
- 3.34-gdal3.8 | |
- ltr | |
- lr | |
- latest | |
- lr-debug | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- uses: camptocamp/initialise-gopass-summon-action@v2 | |
with: | |
ci-gpg-private-key: ${{secrets.CI_GPG_PRIVATE_KEY}} | |
github-gopass-ci-token: ${{secrets.GOPASS_CI_GITHUB_TOKEN}} | |
patterns: docker | |
if: env.HAS_SECRETS == 'HAS_SECRETS' | |
- run: echo "${HOME}/.local/bin" >> ${GITHUB_PATH} | |
- run: python3 -m pip install --user --requirement=ci/requirements.txt | |
- run: scripts/get-version --auto-increment --github | |
id: version | |
if: env.HAS_SECRETS == 'HAS_SECRETS' | |
- name: Download artifacts (Docker images) from previous workflows | |
uses: actions/download-artifact@v4 | |
- name: Load Docker images from previous workflows | |
run: | | |
docker load --input=tools.docker/tools.docker | |
- run: make build-test-db | |
- name: Build QGIS server | |
run: | | |
docker build --target=runner --build-arg=VERSION=${{ matrix.version }} \ | |
--build-arg=GEOMAPFISH_VERSION=$(scripts/get-version --major) \ | |
--tag=camptocamp/geomapfish-qgisserver \ | |
docker/qgisserver; | |
docker tag camptocamp/geomapfish-qgisserver \ | |
camptocamp/geomapfish-qgisserver:gmflatest-qgis${{ matrix.version }} | |
- name: Test library availability | |
run: | |
"! ( docker run --rm camptocamp/geomapfish-qgisserver ldd /usr/local/bin/qgis_mapserv.fcgi | grep 'not | |
found' )" | |
- name: Acceptance tests | |
run: | | |
cd docker/qgisserver | |
docker compose up -d | |
docker compose exec -T tests /tests/wait-db | |
docker compose exec -T tests alembic --config=/tests/alembic.ini --name=main upgrade head | |
docker compose exec -T tests alembic --config=/tests/alembic.ini --name=static upgrade head | |
docker compose exec -T tests /tests/fill-db | |
c2cciutils-docker-logs | |
docker compose exec -T tests /tests/acceptance-tests | |
- run: c2cciutils-docker-logs | |
if: failure() | |
- run: docker compose down | |
- name: Publish feature branch | |
run: | | |
c2cciutils-publish --group=qgis-${{ matrix.version }} --docker-versions=${{ steps.version.outputs.versions }} --snyk-version=${{ steps.version.outputs.snyk_version }} | |
if: > | |
env.HAS_SECRETS == 'HAS_SECRETS' | |
&& steps.version.outputs.versions != '' |