Fix install-pn-test-server for recent Git security issues #2830
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Installs PhysioNet dependencies on Debian 10 and runs tests on the `dev` branch and PRs against the `dev` branch. | |
name: Debian / Build and Test | |
on: | |
push: | |
branches: | |
- dev | |
pull_request: | |
branches: | |
- dev | |
jobs: | |
test: | |
name: Test | |
runs-on: ubuntu-latest | |
container: ${{ matrix.container }} | |
env: | |
DJANGO_SETTINGS_MODULE: physionet.settings.settings | |
TEST_GCS_INTEGRATION: false | |
PHYSIONET_TEST_HTML_DIR: /tmp/pn-test-html-output | |
defaults: | |
run: | |
shell: bash | |
strategy: | |
fail-fast: false | |
matrix: | |
pip3: ['poetry', 'requirements.txt'] | |
container: ['debian:11', 'debian:12'] | |
steps: | |
- name: Update packages | |
run: apt-get update --yes | |
- name: Install and configure needed software | |
run: | | |
apt-get install --yes \ | |
build-essential \ | |
flake8 \ | |
git \ | |
libcap-dev \ | |
libffi-dev \ | |
libflac-dev \ | |
libpq-dev \ | |
libseccomp-dev \ | |
postgresql \ | |
python3-dev \ | |
sudo \ | |
virtualenv \ | |
wget \ | |
zip | |
# Note: run checkout after updating git | |
- name: Checkout physionet-build repo | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Mark git repository as trusted | |
run: | | |
git config --global --add safe.directory $(pwd) | |
- name: Create .env file | |
run: | | |
ln -sT .env.example .env | |
- name: Install repo dependencies | |
# add virtual env path to github_path so each run: process will see it | |
run: | | |
export VIRTUAL_ENV=/env3 | |
virtualenv -ppython3 $VIRTUAL_ENV | |
echo "$VIRTUAL_ENV/bin" >> $GITHUB_PATH | |
source $VIRTUAL_ENV/bin/activate | |
if [ ${{matrix.pip3}} = 'poetry' ]; then | |
pip3 install poetry | |
poetry config virtualenvs.create false | |
poetry install --no-root | |
else | |
pip3 install -r requirements.txt | |
fi | |
pip3 freeze | |
- name: Setup postgres | |
run: | | |
service postgresql start | |
sudo -u postgres psql -c "create user physionet with superuser password 'password';" -U postgres | |
sudo -u postgres psql -c "create database physionet;" -U postgres | |
- name: Install and setup wfdb | |
run: | | |
wget https://github.com/bemoody/wfdb/archive/10.7.0.tar.gz -O wfdb.tar.gz | |
tar -xf wfdb.tar.gz | |
(cd wfdb-* && ./configure --without-netfiles && make -C lib install && make -C data install) | |
- name: Run linker for newly installed software | |
run: ldconfig | |
- name: Install and setup lightwave | |
run: | | |
wget https://github.com/bemoody/lightwave/archive/0.72.tar.gz -O lightwave.tar.gz | |
tar -xf lightwave.tar.gz | |
(cd lightwave-* && make CGIDIR=/usr/local/bin sandboxed-server) | |
- name: Setup and test physionet, check amount of code tested | |
run: | | |
cd physionet-django | |
python manage.py makemigrations --dry-run --no-input --check | |
python manage.py resetdb | |
python manage.py loaddemo | |
coverage run --source='.' manage.py test --verbosity=3 --keepdb | |
coverage report -m | |
- name: Run Theme File Generation & SCSS Compilation | |
run: | | |
cd physionet-django | |
python manage.py compilestatic | |
- name: Run code style check on changed files relative to PR base branch | |
if: github.event_name == 'pull_request' | |
run: | | |
git rev-parse --verify ${{ github.event.pull_request.base.sha }} | |
git diff -U0 ${{ github.event.pull_request.base.sha }} HEAD | \ | |
flake8 --diff | \ | |
perl -ne ' | |
print; if (/^([^:]+):(\d+):(\d+):/) { | |
$path = $1; $line = $2; $col = $3; | |
open F, $path or die; | |
print "\n"; | |
while (<F>) { | |
next if $. < $line - 2; | |
print " $_"; | |
if ($. == $line) { print " " x $col . "^\n\n"; last; } | |
} | |
close F; | |
$status = 1; | |
} | |
END { exit $status }' | |
- name: Run code style check relative to local dev branch | |
if: github.event_name != 'pull_request' | |
run: | | |
git fetch origin dev | |
git diff -U0 origin/dev HEAD | \ | |
flake8 --diff | \ | |
perl -ne ' | |
print; if (/^([^:]+):(\d+):(\d+):/) { | |
$path = $1; $line = $2; $col = $3; | |
open F, $path or die; | |
print "\n"; | |
while (<F>) { | |
next if $. < $line - 2; | |
print " $_"; | |
if ($. == $line) { print " " x $col . "^\n\n"; last; } | |
} | |
close F; | |
$status = 1; | |
} | |
END { exit $status }' |