From c43ca1575a96fea547eae0a58fd425c700bc615d Mon Sep 17 00:00:00 2001 From: Joshua Shapiro Date: Tue, 1 Aug 2023 15:47:49 -0400 Subject: [PATCH] Update github actions to use 1password (#482) * update docker build to use github secrets use updated cacheing * Make R versions consistent across actions * Move github config * fix yaml * Style Rmds * Revert "Style Rmds" This reverts commit fc8b78bbb8b09557448eb1166d82e87c03b59059. * Use docs bot for checkout & push * install curl? * apt update first * Style Rmds * trigger docker build * use checkout v3 in build * test build push (expect failure) * revert build test (didn't fail, but that's okay) --------- Co-authored-by: GitHub Actions --- .github/workflows/check-frontend-urls.yml | 6 +-- .github/workflows/docker-build-push.yml | 39 +++++++++++++------ .github/workflows/docker-build.yml | 32 +++++++-------- .github/workflows/style-and-sp-check.yml | 30 +++++++++++--- ..._differential_expression_adv_topics_01.Rmd | 1 - docker/Dockerfile | 3 +- 6 files changed, 72 insertions(+), 39 deletions(-) diff --git a/.github/workflows/check-frontend-urls.yml b/.github/workflows/check-frontend-urls.yml index 9d454c75..008d80fa 100644 --- a/.github/workflows/check-frontend-urls.yml +++ b/.github/workflows/check-frontend-urls.yml @@ -12,11 +12,11 @@ jobs: check-frontend-urls: runs-on: ubuntu-latest container: - image: rocker/tidyverse:4.0.2 + image: rocker/tidyverse:4.0.5 # Steps represent a sequence of tasks that will be executed as part of the job steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: Install dependencies run: Rscript -e "install.packages(c('optparse', 'jsonlite'))" @@ -26,7 +26,7 @@ jobs: run: | links=https://raw.githubusercontent.com/AlexsLemonade/refinebio-frontend/master/src/common/examples-links.json results=$(Rscript "scripts/check-frontend-urls.R" --links $links) - echo "::set-output name=missing_urls::$results" + echo "missing_urls=$results" >> "$GITHUB_OUTPUT" # Fail if any number besides 0 is returned - name: Check if any URLs were missing diff --git a/.github/workflows/docker-build-push.yml b/.github/workflows/docker-build-push.yml index 3be7d048..77a9d8b5 100644 --- a/.github/workflows/docker-build-push.yml +++ b/.github/workflows/docker-build-push.yml @@ -11,14 +11,25 @@ jobs: runs-on: ubuntu-latest # Steps represent a sequence of tasks that will be executed as part of the job steps: + - name: Load 1Password secrets + uses: 1password/load-secrets-action@v1 + with: + export-env: true + env: + OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.TRAINING_OP_SERVICE_ACCOUNT_TOKEN }} + DOCKER_USER: ${{ secrets.OP_DOCKER_USERNAME }} + DOCKER_PASSWORD: ${{ secrets.OP_DOCKER_PASSWORD }} + ACTION_MONITORING_SLACK: ${{ secrets.OP_ACTION_MONITORING_SLACK }} + DOCS_BOT_GITHUB_TOKEN: ${{ secrets.OP_DOCS_BOT_GITHUB_TOKEN }} + # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - - name: checkout - uses: actions/checkout@v2 + - name: Checkout + uses: actions/checkout@v3 with: # get the full repo fetch-depth: 0 # use alexslemonade-docs-bot - token: ${{ secrets.DOCS_BOT_GITHUB_TOKEN }} + token: ${{ env.DOCS_BOT_GITHUB_TOKEN }} - name: Checkout pages branch and sync with changes run: | @@ -37,30 +48,34 @@ jobs: # Login to Dockerhub - name: Login to DockerHub - uses: docker/login-action@v1 + uses: docker/login-action@v2 with: - username: ${{ secrets.DOCKER_ID }} - password: ${{ secrets.DOCKER_PASSWORD }} + username: ${{ env.DOCKER_USER }} + password: ${{ env.DOCKER_PASSWORD }} + # set up Docker build - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 + uses: docker/setup-buildx-action@v2 + # Build the Docker image - name: Build and Load Docker image - uses: docker/build-push-action@v2 + uses: docker/build-push-action@v4 with: push: false load: true context: docker file: docker/Dockerfile tags: ccdl/refinebio-examples:latest + # push the Docker image if this is staging - name: Push Docker image if: github.ref == 'refs/heads/staging' run: docker push ccdl/refinebio-examples:latest + # retag and push the Docker image if this is master - name: Push release Docker image if: github.ref == 'refs/heads/master' - run: | + run: | docker tag ccdl/refinebio-examples:latest ccdl/refinebio-examples:release docker push ccdl/refinebio-examples:release @@ -91,14 +106,14 @@ jobs: git add -A git commit -m 'Render html and publish' || echo "No changes to commit" git push origin gh-pages || echo "No changes to push" - + # If we have a failure, Slack us - name: Report failure to Slack if: always() - uses: ravsamhq/notify-slack-action@v1.1 + uses: ravsamhq/notify-slack-action@v2 with: status: ${{ job.status }} notify_when: 'failure' env: - SLACK_WEBHOOK_URL: ${{ secrets.ACTION_MONITORING_SLACK }} + SLACK_WEBHOOK_URL: ${{ env.ACTION_MONITORING_SLACK }} SLACK_MESSAGE: 'Build, Render, and Push failed' diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml index b2a84002..f9e43770 100644 --- a/.github/workflows/docker-build.yml +++ b/.github/workflows/docker-build.yml @@ -16,40 +16,40 @@ jobs: # Steps represent a sequence of tasks that will be executed as part of the job steps: + - name: Load 1Password secrets + uses: 1password/load-secrets-action@v1 + with: + export-env: true + env: + OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.TRAINING_OP_SERVICE_ACCOUNT_TOKEN }} + ACTION_MONITORING_SLACK: ${{ secrets.OP_ACTION_MONITORING_SLACK }} + # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - - uses: actions/checkout@v2 + - name: Checkout code + uses: actions/checkout@v3 # set up Docker build - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 - - # setup layer cache - - name: Cache Docker layers - uses: actions/cache@v2 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx- + uses: docker/setup-buildx-action@v2 # Build docker image - name: Build Docker image - uses: docker/build-push-action@v2 + uses: docker/build-push-action@v4 with: push: false context: docker file: docker/Dockerfile tags: ccdl/refinebio-examples:latest - cache-from: type=local,src=/tmp/.buildx-cache - cache-to: type=local,dest=/tmp/.buildx-cache + cache-from: type=gha + cache-to: type=gha,mode=max # If we have a failure, Slack us - name: Report failure to Slack if: always() - uses: ravsamhq/notify-slack-action@v1.1 + uses: ravsamhq/notify-slack-action@v2 with: status: ${{ job.status }} notify_when: 'failure' env: - SLACK_WEBHOOK_URL: ${{ secrets.ACTION_MONITORING_SLACK }} + SLACK_WEBHOOK_URL: ${{ env.ACTION_MONITORING_SLACK }} SLACK_MESSAGE: 'Build Docker failed' diff --git a/.github/workflows/style-and-sp-check.yml b/.github/workflows/style-and-sp-check.yml index 314b12eb..51011071 100644 --- a/.github/workflows/style-and-sp-check.yml +++ b/.github/workflows/style-and-sp-check.yml @@ -13,14 +13,33 @@ jobs: style-n-check: runs-on: ubuntu-latest container: - image: rocker/tidyverse:4.0.2 + image: rocker/tidyverse:4.0.5 # Steps represent a sequence of tasks that will be executed as part of the job steps: - - uses: actions/checkout@v2 + - name: Install curl + run: apt-get update && apt-get install -y --no-install-recommends curl + + - name: Load 1Password secrets + uses: 1password/load-secrets-action@v1 + with: + export-env: true + env: + OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.TRAINING_OP_SERVICE_ACCOUNT_TOKEN }} + DOCS_BOT_GITHUB_TOKEN: ${{ secrets.OP_DOCS_BOT_GITHUB_TOKEN }} + + - name: Checkout + uses: actions/checkout@v3 # What branch to commit to: the one from the pull request with: ref: ${{ github.event.pull_request.head.ref }} + token: ${{ env.DOCS_BOT_GITHUB_TOKEN }} + + - name: Configure git + run: | + git config --global --add safe.directory "$GITHUB_WORKSPACE" + git config --local user.email "actions@github.com" + git config --local user.name "GitHub Actions" - name: Install packages run: Rscript -e "install.packages(c('styler', 'spelling'))" @@ -29,10 +48,11 @@ jobs: id: spell_check_run run: | results=$(Rscript "scripts/spell-check.R") - echo "::set-output name=sp_chk_results::$results" + echo "sp_chk_results=$results" >> "$GITHUB_OUTPUT" cat spell_check_results.tsv + - name: Archive spelling errors - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v3 with: name: spell-check-results path: spell_check_results.tsv @@ -47,8 +67,6 @@ jobs: - name: Commit run: | - git config --local user.email "actions@github.com" - git config --local user.name "GitHub Actions" git add \*.Rmd git commit -m 'Style Rmds' || echo "No changes to commit" git push origin || echo "No changes to commit" diff --git a/04-advanced-topics/validate_differential_expression_adv_topics_01.Rmd b/04-advanced-topics/validate_differential_expression_adv_topics_01.Rmd index 5e477e8b..70eea6d6 100644 --- a/04-advanced-topics/validate_differential_expression_adv_topics_01.Rmd +++ b/04-advanced-topics/validate_differential_expression_adv_topics_01.Rmd @@ -399,7 +399,6 @@ test.gene <- refine.bio.df %>% # Make a dataframe with the group information box.plot <- data.frame(test.gene, subgroup = metadata$subgroup) %>% - # Use ggplot2 to make a boxplot from this info ggplot(., aes(x = subgroup, y = test.gene)) + geom_boxplot() + diff --git a/docker/Dockerfile b/docker/Dockerfile index 58cf843e..4c8b4103 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -25,7 +25,8 @@ RUN apt-get -y --no-install-recommends install \ # Install pip3 and instalation tools RUN apt-get -y --no-install-recommends install \ - python3-pip python3-dev + python3-pip \ + python3-dev RUN pip3 install \ "setuptools==49.3.0" \