Skip to content

Fix install-pn-test-server for recent Git security issues #2830

Fix install-pn-test-server for recent Git security issues

Fix install-pn-test-server for recent Git security issues #2830

# Installs PhysioNet dependencies on Debian 10 and runs tests on the `dev` branch and PRs against the `dev` branch.
name: Debian / Build and Test
on:
push:
branches:
- dev
pull_request:
branches:
- dev
jobs:
test:
name: Test
runs-on: ubuntu-latest
container: ${{ matrix.container }}
env:
DJANGO_SETTINGS_MODULE: physionet.settings.settings
TEST_GCS_INTEGRATION: false
PHYSIONET_TEST_HTML_DIR: /tmp/pn-test-html-output
defaults:
run:
shell: bash
strategy:
fail-fast: false
matrix:
pip3: ['poetry', 'requirements.txt']
container: ['debian:11', 'debian:12']
steps:
- name: Update packages
run: apt-get update --yes
- name: Install and configure needed software
run: |
apt-get install --yes \
build-essential \
flake8 \
git \
libcap-dev \
libffi-dev \
libflac-dev \
libpq-dev \
libseccomp-dev \
postgresql \
python3-dev \
sudo \
virtualenv \
wget \
zip
# Note: run checkout after updating git
- name: Checkout physionet-build repo
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Mark git repository as trusted
run: |
git config --global --add safe.directory $(pwd)
- name: Create .env file
run: |
ln -sT .env.example .env
- name: Install repo dependencies
# add virtual env path to github_path so each run: process will see it
run: |
export VIRTUAL_ENV=/env3
virtualenv -ppython3 $VIRTUAL_ENV
echo "$VIRTUAL_ENV/bin" >> $GITHUB_PATH
source $VIRTUAL_ENV/bin/activate
if [ ${{matrix.pip3}} = 'poetry' ]; then
pip3 install poetry
poetry config virtualenvs.create false
poetry install --no-root
else
pip3 install -r requirements.txt
fi
pip3 freeze
- name: Setup postgres
run: |
service postgresql start
sudo -u postgres psql -c "create user physionet with superuser password 'password';" -U postgres
sudo -u postgres psql -c "create database physionet;" -U postgres
- name: Install and setup wfdb
run: |
wget https://github.com/bemoody/wfdb/archive/10.7.0.tar.gz -O wfdb.tar.gz
tar -xf wfdb.tar.gz
(cd wfdb-* && ./configure --without-netfiles && make -C lib install && make -C data install)
- name: Run linker for newly installed software
run: ldconfig
- name: Install and setup lightwave
run: |
wget https://github.com/bemoody/lightwave/archive/0.72.tar.gz -O lightwave.tar.gz
tar -xf lightwave.tar.gz
(cd lightwave-* && make CGIDIR=/usr/local/bin sandboxed-server)
- name: Setup and test physionet, check amount of code tested
run: |
cd physionet-django
python manage.py makemigrations --dry-run --no-input --check
python manage.py resetdb
python manage.py loaddemo
coverage run --source='.' manage.py test --verbosity=3 --keepdb
coverage report -m
- name: Run Theme File Generation & SCSS Compilation
run: |
cd physionet-django
python manage.py compilestatic
- name: Run code style check on changed files relative to PR base branch
if: github.event_name == 'pull_request'
run: |
git rev-parse --verify ${{ github.event.pull_request.base.sha }}
git diff -U0 ${{ github.event.pull_request.base.sha }} HEAD | \
flake8 --diff | \
perl -ne '
print; if (/^([^:]+):(\d+):(\d+):/) {
$path = $1; $line = $2; $col = $3;
open F, $path or die;
print "\n";
while (<F>) {
next if $. < $line - 2;
print " $_";
if ($. == $line) { print " " x $col . "^\n\n"; last; }
}
close F;
$status = 1;
}
END { exit $status }'
- name: Run code style check relative to local dev branch
if: github.event_name != 'pull_request'
run: |
git fetch origin dev
git diff -U0 origin/dev HEAD | \
flake8 --diff | \
perl -ne '
print; if (/^([^:]+):(\d+):(\d+):/) {
$path = $1; $line = $2; $col = $3;
open F, $path or die;
print "\n";
while (<F>) {
next if $. < $line - 2;
print " $_";
if ($. == $line) { print " " x $col . "^\n\n"; last; }
}
close F;
$status = 1;
}
END { exit $status }'