Skip to content

Audit Snyk check/fix 2.8 (#11540) #21737

Audit Snyk check/fix 2.8 (#11540)

Audit Snyk check/fix 2.8 (#11540) #21737

Workflow file for this run

name: QGIS build
on:
push:
branches:
- master
- '[0-9]+.[0-9]+'
tags:
- '*'
pull_request:
env:
HAS_SECRETS: ${{ secrets.HAS_SECRETS }}
DOCKER_BUILDKIT: 1
MAIN_BRANCH: '2.8'
MAJOR_VERSION: '2.8'
jobs:
common:
runs-on: ubuntu-22.04
name: QGIS build
timeout-minutes: 20
if: "!startsWith(github.event.head_commit.message, '[skip ci] ')"
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- run: make build-runner
- run: docker save --output=/tmp/tools.docker camptocamp/geomapfish
- name: Upload artifact
uses: actions/upload-artifact@v4
with:
name: tools.docker
path: /tmp/tools.docker
main:
runs-on: ubuntu-22.04
name: QGIS build
timeout-minutes: 10
needs: common
strategy:
fail-fast: false
matrix:
version:
# Last LTR
- '3.28'
- 3.28-gdal3.6
- 3.28-gdal3.7
- '3.34'
- 3.34-gdal3.7
- 3.34-gdal3.8
- ltr
- lr
- latest
- lr-debug
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- uses: camptocamp/initialise-gopass-summon-action@v2
with:
ci-gpg-private-key: ${{secrets.CI_GPG_PRIVATE_KEY}}
github-gopass-ci-token: ${{secrets.GOPASS_CI_GITHUB_TOKEN}}
patterns: docker
if: env.HAS_SECRETS == 'HAS_SECRETS'
- run: echo "${HOME}/.local/bin" >> ${GITHUB_PATH}
- run: python3 -m pip install --user --requirement=ci/requirements.txt
- run: scripts/get-version --auto-increment --github
id: version
if: env.HAS_SECRETS == 'HAS_SECRETS'
- name: Download artifacts (Docker images) from previous workflows
uses: actions/download-artifact@v4
- name: Load Docker images from previous workflows
run: |
docker load --input=tools.docker/tools.docker
- run: make build-test-db
- name: Build QGIS server
run: |
docker build --target=runner --build-arg=VERSION=${{ matrix.version }} \
--build-arg=GEOMAPFISH_VERSION=$(scripts/get-version --major) \
--tag=camptocamp/geomapfish-qgisserver \
docker/qgisserver;
docker tag camptocamp/geomapfish-qgisserver \
camptocamp/geomapfish-qgisserver:gmflatest-qgis${{ matrix.version }}
- name: Test library availability
run:
"! ( docker run --rm camptocamp/geomapfish-qgisserver ldd /usr/local/bin/qgis_mapserv.fcgi | grep 'not
found' )"
- name: Acceptance tests
run: |
cd docker/qgisserver
docker compose up -d
docker compose exec -T tests /tests/wait-db
docker compose exec -T tests alembic --config=/tests/alembic.ini --name=main upgrade head
docker compose exec -T tests alembic --config=/tests/alembic.ini --name=static upgrade head
docker compose exec -T tests /tests/fill-db
c2cciutils-docker-logs
docker compose exec -T tests /tests/acceptance-tests
- run: c2cciutils-docker-logs
if: failure()
- run: docker compose down
- name: Publish feature branch
run: |
c2cciutils-publish --group=qgis-${{ matrix.version }} --docker-versions=${{ steps.version.outputs.versions }} --snyk-version=${{ steps.version.outputs.snyk_version }}
if: >
env.HAS_SECRETS == 'HAS_SECRETS'
&& steps.version.outputs.versions != ''