[Snyk] Security upgrade openresty/openresty from alpine to 1.25.3.2-1-alpine #93
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: PR Build | |
on: | |
pull_request: | |
paths: | |
- 'services/**' | |
- 'postman_collections/**' | |
- 'deploy/**' | |
- '.github/workflows/**' | |
workflow_dispatch: | |
jobs: | |
build-context: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Dump GitHub context | |
env: | |
GITHUB_CONTEXT: ${{ toJson(github) }} | |
run: echo "$GITHUB_CONTEXT" | |
build: | |
needs: build-context | |
runs-on: ubuntu-latest | |
env: | |
PLATFORMS: "linux/amd64,linux/arm64" | |
permissions: | |
pull-requests: write # Required to post comments | |
contents: read | |
checks: write | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Env seen prerun | |
run: env | |
- name: Get branch name | |
id: branch-name | |
uses: tj-actions/branch-names@v8 | |
- name: Current branch name | |
run: | | |
echo "Current Branch: ${{ steps.branch-name.outputs.current_branch }}" | |
echo "Target Branch: ${{ steps.branch-name.outputs.base_ref_branch }}" | |
echo "Tag if exist: ${{ steps.branch-name.outputs.tag }}" | |
- name: Running on a tag. | |
if: steps.branch-name.outputs.is_tag == 'true' | |
run: | | |
echo "TAG_NAME=${{ steps.branch-name.outputs.tag }}" >> ${GITHUB_ENV} | |
echo "TAG_LATEST=latest" >> ${GITHUB_ENV} | |
- name: Running on a branch and merge. | |
if: steps.branch-name.outputs.is_tag != 'true' && github.event_name == 'push' && steps.branch-name.outputs.current_branch != 'main' | |
run: | | |
echo "TAG_NAME=${{ steps.branch-name.outputs.current_branch }}" >> ${GITHUB_ENV} | |
echo "TAG_LATEST=${{ steps.branch-name.outputs.current_branch }}" >> ${GITHUB_ENV} | |
- name: Running on main branch. | |
if: steps.branch-name.outputs.is_tag != 'true' && github.event_name == 'push' && steps.branch-name.outputs.current_branch == 'main' | |
run: | | |
echo "TAG_NAME=${{ steps.branch-name.outputs.current_branch }}" >> ${GITHUB_ENV} | |
echo "TAG_LATEST=latest" >> ${GITHUB_ENV} | |
- name: Running on a branch and pull req. | |
if: steps.branch-name.outputs.is_tag != 'true' && github.event_name != 'push' | |
run: | | |
echo "TAG_NAME=${{ steps.branch-name.outputs.base_ref_branch }}" >> ${GITHUB_ENV} | |
echo "TAG_LATEST=${{ steps.branch-name.outputs.base_ref_branch }}" >> ${GITHUB_ENV} | |
# setup Docker build action | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Set up QEMU | |
id: qemu | |
uses: docker/setup-qemu-action@v3 | |
- name: Build crapi-identity image | |
uses: docker/build-push-action@v3 | |
with: | |
context: ./services/identity | |
tags: crapi/crapi-identity:${{ env.TAG_LATEST }},crapi/crapi-identity:${{ env.TAG_NAME }} | |
push: false | |
load: true | |
platforms: linux/amd64 | |
cache-from: type=gha,scope=identity-service | |
cache-to: type=gha,mode=max,scope=identity-service | |
- name: Build crapi-workshop image | |
uses: docker/build-push-action@v3 | |
with: | |
context: ./services/workshop | |
tags: crapi/crapi-workshop:${{ env.TAG_LATEST }},crapi/crapi-workshop:${{ env.TAG_NAME }} | |
push: false | |
load: true | |
platforms: linux/amd64 | |
cache-from: type=gha,scope=workshop-service | |
cache-to: type=gha,mode=max,scope=workshop-service | |
- name: Build crapi-community image | |
uses: docker/build-push-action@v3 | |
with: | |
context: ./services/community | |
tags: crapi/crapi-community:${{ env.TAG_LATEST }},crapi/crapi-community:${{ env.TAG_NAME }} | |
push: false | |
load: true | |
platforms: linux/amd64 | |
cache-from: type=gha,scope=community-service | |
cache-to: type=gha,mode=max,scope=community-service | |
- name: Build crapi-web image | |
uses: docker/build-push-action@v3 | |
with: | |
context: ./services/web | |
tags: crapi/crapi-web:${{ env.TAG_LATEST }},crapi/crapi-web:${{ env.TAG_NAME }} | |
push: false | |
load: true | |
platforms: linux/amd64 | |
cache-from: type=gha,scope=web-service | |
cache-to: type=gha,mode=max,scope=web-service | |
- name: Build gateway-service image | |
uses: docker/build-push-action@v3 | |
with: | |
context: ./services/gateway-service | |
tags: crapi/gateway-service:${{ env.TAG_LATEST }},crapi/gateway-service:${{ env.TAG_NAME }} | |
push: false | |
load: true | |
platforms: linux/amd64 | |
cache-from: type=gha,scope=gateway-service | |
cache-to: type=gha,mode=max,scope=gateway-service | |
- name: Build mailhog image | |
uses: docker/build-push-action@v3 | |
with: | |
context: ./services/mailhog | |
tags: crapi/mailhog:${{ env.TAG_LATEST }},crapi/mailhog:${{ env.TAG_NAME }} | |
push: false | |
load: true | |
platforms: linux/amd64 | |
cache-from: type=gha,scope=mailhog-service | |
cache-to: type=gha,mode=max,scope=mailhog-service | |
- name: Show all images built | |
run: docker images | |
- name: Env seen | |
run: env | |
- name: Cleanup docker before running | |
if: always() | |
continue-on-error: true | |
run: docker compose -f deploy/docker/docker-compose.yml down --volumes --remove-orphans | |
- name: Run crAPI using built images | |
run: VERSION=${{ env.TAG_NAME }} docker compose -f deploy/docker/docker-compose.yml --compatibility up -d | |
- name: Install Node | |
uses: actions/setup-node@v3 | |
with: | |
node-version: 16 | |
- name: Install newman | |
run: npm install -g newman | |
- name: Run Postman Collection | |
run: newman run "./postman_collections/crAPI.postman_collection.json" -e ./postman_collections/crAPI.postman_environment.json --verbose | |
- name: Dump docker logs on failure | |
if: failure() | |
uses: jwalton/gh-docker-logs@v2 | |
- name: Cleanup docker | |
if: always() | |
run: docker compose -f deploy/docker/docker-compose.yml down --volumes --remove-orphans | |
tests: | |
needs: build-context | |
runs-on: ubuntu-latest | |
permissions: | |
pull-requests: write | |
contents: read | |
checks: write | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Setup Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: '3.10' | |
- name: Setup Java | |
uses: actions/setup-java@v4 | |
with: | |
distribution: 'adopt' | |
java-version: '17' | |
- name: Setup Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: '1.21' | |
- name: Start the database | |
run: docker compose -f services/docker-database.yml up -d | |
- name: Run identity tests | |
run: | | |
cd services/identity | |
./gradlew test | |
- name: Run community tests | |
run: | | |
cd services/community | |
go test -v ./... | |
mkdir test-results | |
go run gotest.tools/gotestsum@latest --format testname --junitfile test-results/unit-tests.xml | |
- name: golangci-lint | |
uses: golangci/golangci-lint-action@v3 | |
with: | |
# Require: The version of golangci-lint to use. | |
# When `install-mode` is `binary` (default) the value can be v1.2 or v1.2.3 or `latest` to use the latest version. | |
# When `install-mode` is `goinstall` the value can be v1.2.3, `latest`, or the hash of a commit. | |
version: v1.54 | |
working-directory: services/community | |
- name: Run workshop tests | |
run: | | |
cd services/workshop | |
pip3 install virtualenv | |
virtualenv venv | |
source venv/bin/activate | |
pip3 install -r requirements.txt | |
pip3 install -r dev-requirements.txt | |
mkdir -p test-results | |
source .env | |
IS_TESTING=True python3 manage.py test --no-input --testrunner xmlrunner.extra.djangotestrunner.XMLTestRunner | |
- name: Publish Test Results | |
uses: EnricoMi/publish-unit-test-result-action@v2 | |
if: always() | |
with: | |
files: | | |
**/test-results/**/*.xml | |
**/test-results/**/*.json | |
- name: Run workshop coverage | |
run: | | |
cd services/workshop | |
source venv/bin/activate | |
source .env | |
IS_TESTING=True coverage run ./manage.py test --no-input crapi | |
coverage report | |
coverage xml -o coverage.xml | |
- name: Publish Coverage for workshop | |
uses: orgoro/coverage@v3.2 | |
with: | |
coverageFile: services/workshop/coverage.xml | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- name: node prettier | |
run: | | |
cd services/web | |
npm install | |
npm run lint |