Skip to content

Audit Dpkg 2.9

Audit Dpkg 2.9 #21740

Workflow file for this run

name: QGIS build
on:
push:
branches:
- master
- '[0-9]+.[0-9]+'
tags:
- '*'
pull_request:
env:
HAS_SECRETS: ${{ secrets.HAS_SECRETS }}
DOCKER_BUILDKIT: 1
MAIN_BRANCH: '2.9'
MAJOR_VERSION: '2.9'
jobs:
common:
runs-on: ubuntu-24.04
name: QGIS build
timeout-minutes: 30
if: "!startsWith(github.event.head_commit.message, '[skip ci] ')"
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- run: make build-runner
- run: docker save --output=/tmp/tools.docker camptocamp/geomapfish
- name: Upload artifact
uses: actions/upload-artifact@v4
with:
name: tools.docker
path: /tmp/tools.docker
main:
runs-on: ubuntu-24.04
name: QGIS build
timeout-minutes: 15
needs: common
strategy:
fail-fast: false
matrix:
version:
- '3.34'
- 3.34-gdal3.8
- ltr
- lr
- lr-debug
- master
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: camptocamp/initialise-gopass-summon-action@v2
with:
ci-gpg-private-key: ${{secrets.CI_GPG_PRIVATE_KEY}}
github-gopass-ci-token: ${{secrets.GOPASS_CI_GITHUB_TOKEN}}
patterns: docker
if: env.HAS_SECRETS == 'HAS_SECRETS'
- uses: actions/setup-python@v5
with:
python-version: '3.13'
- run: python3 -m pip install --user --requirement=ci/requirements.txt
- run: scripts/get-version --auto-increment --github
id: version
if: env.HAS_SECRETS == 'HAS_SECRETS'
- name: Download artifacts (Docker images) from previous workflows
uses: actions/download-artifact@v4
- name: Load Docker images from previous workflows
run: |
docker load --input=tools.docker/tools.docker
- run: make build-test-db
- name: Build QGIS server
run: |
docker build --target=runner --build-arg=VERSION=${{ matrix.version }} \
--build-arg=GEOMAPFISH_VERSION=$(scripts/get-version --major) \
--tag=camptocamp/geomapfish-qgisserver \
docker/qgisserver;
docker tag camptocamp/geomapfish-qgisserver \
camptocamp/geomapfish-qgisserver:gmflatest-qgis${{ matrix.version }}
- name: Test library availability
run:
"! ( docker run --rm camptocamp/geomapfish-qgisserver ldd /usr/local/bin/qgis_mapserv.fcgi | grep 'not\
\ found' )"
- name: Acceptance tests
run: |
cd docker/qgisserver
docker compose up -d
docker compose exec -T tests /tests/wait-db
docker compose exec -T tests alembic --config=/tests/alembic.ini --name=main upgrade head
docker compose exec -T tests alembic --config=/tests/alembic.ini --name=static upgrade head
docker compose exec -T tests /tests/fill-db
c2cciutils-docker-logs
docker compose exec -T tests /tests/acceptance-tests
- run: c2cciutils-docker-logs
if: failure()
- run: docker compose down
- name: Publish
run: >
c2cciutils-publish
--group=qgis-${{ matrix.version }}
--docker-versions=${{ steps.version.outputs.versions }}
--snyk-version=${{ steps.version.outputs.snyk_version }}
if: >
env.HAS_SECRETS == 'HAS_SECRETS'
&& steps.version.outputs.versions != ''
- run: git diff --exit-code --patch > /tmp/dpkg-versions.patch || true
if: failure()
- uses: actions/upload-artifact@v4
with:
name: Update dpkg versions list.patch
path: /tmp/dpkg-versions.patch
retention-days: 1
if: failure()