Fix spilo security issue #12
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and publish v14 image to dockerhub | |
on: | |
push: | |
branches: | |
- 'master' | |
tags: | |
- '*' | |
env: | |
PGVERSION: "14" | |
PGOLDVERSIONS: "10 11 12 13" | |
IMAGE_NAME: datatactics/dtacs-spilo | |
TAG: v1.1 | |
jobs: | |
test_pre_build: | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Set up packages | |
run: sudo apt-get install -y shellcheck | |
- name: Set up Python | |
uses: actions/setup-python@v4 | |
with: | |
python-version: 3.7 | |
- name: Install flake8 and docker-compose | |
run: python -m pip install flake8 docker-compose==1.17.1 | |
- name: Run shellcheck | |
run: find postgres-appliance -name '*.sh' -print0 | xargs -0 shellcheck | |
- name: Run flake8 | |
run: find postgres-appliance -name '*.py' -print0 | xargs -0 python -m flake8 | |
- name: Build spilo docker image | |
run: cd postgres-appliance && docker build --build-arg PGOLDVERSIONS="${{ env.PGOLDVERSIONS }}" --build-arg PGVERSION="${{ env.PGVERSION }}" -t spilo . | |
- name: Test spilo docker image | |
run: bash postgres-appliance/tests/test_spilo_pg14.sh | |
- name: Test USE_OLD_LOCALES | |
run: bash -x postgres-appliance/tests/locales_test/test_locales.sh | |
if: github.event_name == 'push' | |
publish: | |
needs: test_pre_build | |
name: Build and push Spilo image for postgress 14 | |
runs-on: ubuntu-latest | |
permissions: | |
contents: 'read' | |
packages: 'write' | |
defaults: | |
run: | |
shell: bash | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Set up Python | |
uses: actions/setup-python@v4 | |
with: | |
python-version: 3.7 | |
- name: Install flake8 and docker-compose | |
run: python -m pip install flake8 docker-compose==1.17.1 | |
- name: Derive spilo image name | |
id: image | |
working-directory: postgres-appliance | |
run: | | |
IMAGE="${{ env.IMAGE_NAME }}-${{ env.PGVERSION }}:${{ env.TAG }}" | |
echo "NAME=$IMAGE" >> $GITHUB_OUTPUT | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v2 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
- name: Login to Dockerhub | |
if: github.event_name != 'pull_request' | |
uses: docker/login-action@v1 | |
with: | |
username: ${{ secrets.DOCKERHUB_USER }} | |
password: ${{ secrets.DOCKERHUB_PASS }} | |
- name: Build and export to local docker for testing | |
uses: docker/build-push-action@v3 | |
with: | |
context: "postgres-appliance/" | |
load: true | |
tags: ${{ steps.image.outputs.NAME }} | |
build-args: | | |
PGVERSION=${{ env.PGVERSION }} | |
PGOLDVERSIONS=${{ env.PGOLDVERSIONS }} | |
# Test complete build | |
- name: Test spilo docker image | |
env: | |
SPILO_TEST_IMAGE: "${{ steps.image.outputs.NAME }}" | |
PGVERSION: ${{ env.PGVERSION }} | |
run: | | |
bash postgres-appliance/tests/test_spilo_pg14.sh | |
- name: Build and push to dockerhub | |
uses: docker/build-push-action@v3 | |
with: | |
context: "postgres-appliance/" | |
push: true | |
tags: ${{ steps.image.outputs.NAME }} | |
build-args: | | |
PGVERSION=${{ env.PGVERSION }} | |
PGOLDVERSIONS=${{ env.PGOLDVERSIONS }} | |
kubernetes-installation-test: | |
needs: publish | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v3 | |
- name: restore spilo image name | |
id: image | |
working-directory: postgres-appliance | |
run: | | |
IMAGE="docker.io/${{ env.IMAGE_NAME }}-${{ env.PGVERSION }}:${{ env.TAG }}" | |
echo "NAME=$IMAGE" >> $GITHUB_OUTPUT | |
- name: Create Kind Cluster | |
uses: helm/kind-action@v1.1.0 | |
- name: Install envsubst #used for simpler k8s testing | |
run: | | |
sudo apt update | |
sudo apt install gettext-base | |
- name: Install Spilo | |
env: | |
SPILO_TEST_IMAGE: "${{ steps.image.outputs.NAME }}" | |
run: envsubst < kubernetes/spilo_kubernetes.yaml | kubectl apply -f - | |
# Send a Notification to the notification channel | |
- name: Workspace Notification | |
uses: DTherHtun/google-chat-action@v0.9 | |
if: always() | |
with: | |
project: ${{ github.repository }} | |
commit: "${{ github.event.head_commit.message }}" # ${{ steps.meta.outputs.tags }} ${{ steps.meta-frontend.outputs.tags }} | |
branch: ${{ github.ref }} | |
status: ${{ job.status }} | |
actionid: ${{ github.repository }}/runs/${{ github.run_id }} | |
webhook: "${{ secrets.GOOGLE_NOTIFICATION_WEBHOOK }}" |