From 888eae71ba014f719435ee3cc5c36f2155ec25a1 Mon Sep 17 00:00:00 2001 From: tylertitsworth Date: Tue, 28 May 2024 10:14:54 -0700 Subject: [PATCH 01/17] report coverage status --- .github/workflows/test-runner-ci.yaml | 18 +++++------------- README.md | 1 - 2 files changed, 5 insertions(+), 14 deletions(-) diff --git a/.github/workflows/test-runner-ci.yaml b/.github/workflows/test-runner-ci.yaml index 83007e998..53b9b4b95 100644 --- a/.github/workflows/test-runner-ci.yaml +++ b/.github/workflows/test-runner-ci.yaml @@ -72,20 +72,12 @@ jobs: run: | python -m pip install coverage python -m coverage combine - echo -e "\`\`\`markdown\n$(python -m coverage report -i -m)\n\`\`\`" >> $GITHUB_STEP_SUMMARY - echo "total=$(python -m coverage report --format=total)" >> $GITHUB_ENV - - name: Update Badge - if: github.ref == format('refs/heads/{0}', github.event.repository.default_branch) - uses: schneegans/dynamic-badges-action@v1.7.0 + - name: Report Status + uses: khaeru/codecov-gh@v1 with: - auth: ${{ secrets.ACTIONS_TOKEN }} - gistID: 48dea0fc9a908a6e5ba5c5e84123bc02 - filename: coverage.json - label: Coverage - message: ${{ env.total }}% - minColorRange: 40 - maxColorRange: 80 - valColorRange: ${{ env.total }} + threshold: 80.0 + token: ${{ secrets.ACTION_TOKEN }} + integration-test: runs-on: k8-runners steps: diff --git a/README.md b/README.md index a4a8e56e4..d0b9b256e 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,6 @@ [![Unit Tests](https://github.com/intel/ai-containers/actions/workflows/unit-test.yaml/badge.svg?branch=main)](https://github.com/intel/ai-containers/actions/workflows/unit-test.yaml) [![Integration Tests](https://github.com/intel/ai-containers/actions/workflows/integration-test.yaml/badge.svg?branch=main)](https://github.com/intel/ai-containers/actions/workflows/integration-test.yaml) [![pre-commit.ci status](https://results.pre-commit.ci/badge/github/intel/ai-containers/main.svg)](https://results.pre-commit.ci/latest/github/intel/ai-containers/main) -[![coverage](https://img.shields.io/endpoint?url=https://gist.githubusercontent.com/tylertitsworth/48dea0fc9a908a6e5ba5c5e84123bc02/raw/coverage.json)](https://gist.github.com/tylertitsworth/48dea0fc9a908a6e5ba5c5e84123bc02) This repository contains Dockerfiles, scripts, yaml files, Helm charts, etc. used to scale out AI containers with versions of TensorFlow and PyTorch that have been optimized for Intel platforms. Scaling is done with python, Docker, kubernetes, kubeflow, cnvrg.io, Helm, and other container orchestration frameworks for use in the cloud and on-premise. From d94cfb93c68bc5f8c0d16203075fa8cb195465a9 Mon Sep 17 00:00:00 2001 From: tylertitsworth Date: Tue, 28 May 2024 10:16:03 -0700 Subject: [PATCH 02/17] test test-runner cov --- test-runner/tests.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test-runner/tests.yaml b/test-runner/tests.yaml index 9a79144a5..2eb169fbc 100644 --- a/test-runner/tests.yaml +++ b/test-runner/tests.yaml @@ -11,7 +11,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +# test test1: img: ${REGISTRY}/${REPO}:latest # substitute env from host cmd: head -n 1 /workspace/test-runner/requirements.txt # volume mounted file From d39f2703b5efa357e2fd6356d84f0468ee648936 Mon Sep 17 00:00:00 2001 From: tylertitsworth Date: Tue, 28 May 2024 10:29:43 -0700 Subject: [PATCH 03/17] revert to comment --- .github/workflows/test-runner-ci.yaml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/.github/workflows/test-runner-ci.yaml b/.github/workflows/test-runner-ci.yaml index 53b9b4b95..f185488b0 100644 --- a/.github/workflows/test-runner-ci.yaml +++ b/.github/workflows/test-runner-ci.yaml @@ -67,17 +67,19 @@ jobs: python-version: "3.10" - uses: actions/download-artifact@v4 with: + path: coverage merge-multiple: true - name: Coverage run: | python -m pip install coverage python -m coverage combine - - name: Report Status - uses: khaeru/codecov-gh@v1 + python -m coverage xml + working-directory: coverage + - name: Comment on PR + uses: orgoro/coverage@v3.1 with: - threshold: 80.0 + coverageFile: coverage/coverage.xml token: ${{ secrets.ACTION_TOKEN }} - integration-test: runs-on: k8-runners steps: From bb16a2736831724dce54087294efadde7f2a18f2 Mon Sep 17 00:00:00 2001 From: Tyler Titsworth Date: Wed, 29 May 2024 14:04:52 -0700 Subject: [PATCH 04/17] Update test-runner-ci.yaml Signed-off-by: Tyler Titsworth --- .github/workflows/test-runner-ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test-runner-ci.yaml b/.github/workflows/test-runner-ci.yaml index fd026d59f..8f280145e 100644 --- a/.github/workflows/test-runner-ci.yaml +++ b/.github/workflows/test-runner-ci.yaml @@ -74,7 +74,7 @@ jobs: run: | python -m pip install coverage python -m coverage combine - python -m coverage xml + python -m coverage xml -i working-directory: coverage - name: Comment on PR uses: orgoro/coverage@v3.1 From b69eb5ae255e8146e45a84dc1c627f5027cefb9c Mon Sep 17 00:00:00 2001 From: tylertitsworth Date: Wed, 29 May 2024 15:46:28 -0700 Subject: [PATCH 05/17] updating pathing and remove pyc files --- .github/workflows/test-runner-ci.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test-runner-ci.yaml b/.github/workflows/test-runner-ci.yaml index 8f280145e..6cb0e0bfc 100644 --- a/.github/workflows/test-runner-ci.yaml +++ b/.github/workflows/test-runner-ci.yaml @@ -68,19 +68,19 @@ jobs: python-version: "3.10" - uses: actions/download-artifact@v4 with: - path: coverage merge-multiple: true - name: Coverage run: | python -m pip install coverage python -m coverage combine + find . -name "*.pyc" -exec rm -f {} \; python -m coverage xml -i - working-directory: coverage - name: Comment on PR uses: orgoro/coverage@v3.1 with: coverageFile: coverage/coverage.xml token: ${{ secrets.ACTION_TOKEN }} + treshholdAll: 80 integration-test: runs-on: k8-runners steps: From 3a7ea61199635d7228f00060b54e3ea11152c8ca Mon Sep 17 00:00:00 2001 From: tylertitsworth Date: Wed, 29 May 2024 15:53:04 -0700 Subject: [PATCH 06/17] correct coverage xml --- .github/workflows/test-runner-ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test-runner-ci.yaml b/.github/workflows/test-runner-ci.yaml index 6cb0e0bfc..f2a6cb5c6 100644 --- a/.github/workflows/test-runner-ci.yaml +++ b/.github/workflows/test-runner-ci.yaml @@ -78,7 +78,7 @@ jobs: - name: Comment on PR uses: orgoro/coverage@v3.1 with: - coverageFile: coverage/coverage.xml + coverageFile: coverage.xml token: ${{ secrets.ACTION_TOKEN }} treshholdAll: 80 integration-test: From 7d0a060600007930dc0fe8fe1304f0c84a3fc323 Mon Sep 17 00:00:00 2001 From: tylertitsworth Date: Wed, 29 May 2024 16:54:47 -0700 Subject: [PATCH 07/17] test upload --- .github/workflows/test-runner-ci.yaml | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/.github/workflows/test-runner-ci.yaml b/.github/workflows/test-runner-ci.yaml index f2a6cb5c6..291c2201f 100644 --- a/.github/workflows/test-runner-ci.yaml +++ b/.github/workflows/test-runner-ci.yaml @@ -75,12 +75,16 @@ jobs: python -m coverage combine find . -name "*.pyc" -exec rm -f {} \; python -m coverage xml -i - - name: Comment on PR - uses: orgoro/coverage@v3.1 + # - name: Comment on PR + # uses: orgoro/coverage@v3.1 + # with: + # coverageFile: coverage.xml + # token: ${{ secrets.ACTION_TOKEN }} + # treshholdAll: 80 + - uses: actions/upload-artifact@v4 with: - coverageFile: coverage.xml - token: ${{ secrets.ACTION_TOKEN }} - treshholdAll: 80 + name: coverage.xml + path: coverage.xml integration-test: runs-on: k8-runners steps: From 2273d5327137f719ce34b21170276ae557c1fb04 Mon Sep 17 00:00:00 2001 From: Tyler Titsworth Date: Thu, 30 May 2024 08:14:58 -0700 Subject: [PATCH 08/17] Use Pull Request Target for PRs (#62) --- .github/workflows/container-ci.yaml | 17 +++++ .github/workflows/dependency-review.yaml | 10 +-- .github/workflows/dockerhub-description.yml | 24 +++---- .github/workflows/docs.yaml | 30 ++++---- .github/workflows/gitleaks.yaml | 21 +++--- .github/workflows/integration-test.yaml | 80 +++++++++++---------- .github/workflows/lint.yaml | 43 +++++------ .github/workflows/scorecard.yaml | 38 +++++----- .github/workflows/test-runner-ci.yaml | 12 +++- .github/workflows/weekly-test.yaml | 27 +++---- 10 files changed, 167 insertions(+), 135 deletions(-) diff --git a/.github/workflows/container-ci.yaml b/.github/workflows/container-ci.yaml index 34c915572..8afc941ce 100644 --- a/.github/workflows/container-ci.yaml +++ b/.github/workflows/container-ci.yaml @@ -35,6 +35,10 @@ on: description: 'Enter Bash Env Variable Overrides in `KEY=VAL KEY2=VAL2` format:' required: false type: string + ref: + description: 'Enter Git Ref:' + required: true + type: string runner_label: description: 'Enter Validation Runner Label:' default: test-runner @@ -66,6 +70,9 @@ on: no_start: required: false type: boolean + ref: + required: true + type: string jobs: #################################################################################################### # Compose Build @@ -76,6 +83,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 + with: + ref: ${{ inputs.ref }} - name: Set Matrix id: build-matrix run: echo "matrix=$(jq -c . < ${{ inputs.group_dir }}/.actions.json)" >> $GITHUB_OUTPUT @@ -93,6 +102,8 @@ jobs: group: ${{ steps.build-group.outputs.container-group }} steps: - uses: actions/checkout@v4 + with: + ref: ${{ inputs.ref }} if: ${{ !inputs.no_build }} - uses: docker/login-action@v3 with: @@ -136,6 +147,8 @@ jobs: fail-fast: false steps: - uses: actions/checkout@v4 + with: + ref: ${{ inputs.ref }} - uses: docker/login-action@v3 with: registry: ${{ secrets.REGISTRY }} @@ -164,6 +177,8 @@ jobs: matrix: ${{ steps.test-matrix.outputs.matrix }} steps: - uses: actions/checkout@v4 + with: + ref: ${{ inputs.ref }} - name: Get Recipes id: test-matrix run: echo "matrix=$(find ${{ inputs.group_dir }} -type f -name 'tests.yaml' -exec dirname {} \; | jq -R -s -c 'split("\n")[:-1]')" >> $GITHUB_OUTPUT @@ -181,6 +196,8 @@ jobs: with: egress-policy: audit - uses: actions/checkout@v4 + with: + ref: ${{ inputs.ref }} - uses: docker/login-action@v3 with: registry: ${{ secrets.REGISTRY }} diff --git a/.github/workflows/dependency-review.yaml b/.github/workflows/dependency-review.yaml index b5c15d4b7..c8db227de 100644 --- a/.github/workflows/dependency-review.yaml +++ b/.github/workflows/dependency-review.yaml @@ -25,14 +25,14 @@ on: [pull_request] permissions: contents: read concurrency: - group: ${{ github.workflow }}-${{ github.ref }} + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} jobs: dependency-review: runs-on: ubuntu-latest permissions: pull-requests: write steps: - - uses: actions/checkout@v4 - - uses: actions/dependency-review-action@v4 - with: - comment-summary-in-pr: true + - uses: actions/checkout@v4 + - uses: actions/dependency-review-action@v4 + with: + comment-summary-in-pr: true diff --git a/.github/workflows/dockerhub-description.yml b/.github/workflows/dockerhub-description.yml index 10ac0a197..f2849b6bf 100644 --- a/.github/workflows/dockerhub-description.yml +++ b/.github/workflows/dockerhub-description.yml @@ -15,7 +15,7 @@ name: Docker Description Publish on: push: - branches: [ "main" ] + branches: ["main"] permissions: read-all jobs: setup-matrix: @@ -23,10 +23,10 @@ jobs: outputs: matrix: ${{ steps.set-matrix.outputs.matrix }} steps: - - uses: actions/checkout@v4 - - name: Set matrix data - id: set-matrix - run: echo "matrix=$(jq -c . < .github/dockerhub-readmes.json)" >> $GITHUB_OUTPUT + - uses: actions/checkout@v4 + - name: Set matrix data + id: set-matrix + run: echo "matrix=$(jq -c . < .github/dockerhub-readmes.json)" >> $GITHUB_OUTPUT publish-dockerhub-description: runs-on: ubuntu-latest needs: setup-matrix @@ -34,10 +34,10 @@ jobs: matrix: ${{ fromJson(needs.setup-matrix.outputs.matrix) }} fail-fast: false steps: - - uses: actions/checkout@v4 - - uses: peter-evans/dockerhub-description@v4 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_PASSWORD }} - repository: ${{ matrix.readmes.repo-name }} - readme-filepath: ${{ matrix.readmes.fname }} + - uses: actions/checkout@v4 + - uses: peter-evans/dockerhub-description@v4 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_PASSWORD }} + repository: ${{ matrix.readmes.repo-name }} + readme-filepath: ${{ matrix.readmes.fname }} diff --git a/.github/workflows/docs.yaml b/.github/workflows/docs.yaml index f1a207e45..e927369d4 100644 --- a/.github/workflows/docs.yaml +++ b/.github/workflows/docs.yaml @@ -21,7 +21,7 @@ on: - main permissions: read-all concurrency: - group: ${{ github.workflow }}-${{ github.ref }} + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true jobs: mkdocs: @@ -31,17 +31,17 @@ jobs: id-token: write pages: write steps: - - uses: actions/checkout@v4 - - uses: actions/setup-python@v5 - with: - python-version: 3.8 - cache: pip - - name: Install python requirements - run: python -m pip install -r docs/requirements.txt - - name: Build - run: mkdocs build --clean - - uses: actions/upload-pages-artifact@v3 - with: - path: site - - if: github.ref == format('refs/heads/{0}', github.event.repository.default_branch) - uses: actions/deploy-pages@v4 + - uses: actions/checkout@v4 + - uses: actions/setup-python@v5 + with: + python-version: 3.8 + cache: pip + - name: Install python requirements + run: python -m pip install -r docs/requirements.txt + - name: Build + run: mkdocs build --clean + - uses: actions/upload-pages-artifact@v3 + with: + path: site + - if: github.ref == format('refs/heads/{0}', github.event.repository.default_branch) + uses: actions/deploy-pages@v4 diff --git a/.github/workflows/gitleaks.yaml b/.github/workflows/gitleaks.yaml index 947408a23..c9fa7f7d6 100644 --- a/.github/workflows/gitleaks.yaml +++ b/.github/workflows/gitleaks.yaml @@ -16,8 +16,10 @@ name: gitleaks on: push: branches: - - main - pull_request: null + - main + pull_request_target: + types: [opened, edited, reopened, synchronize] + branches: [main] workflow_dispatch: null permissions: read-all jobs: @@ -25,10 +27,11 @@ jobs: name: gitleaks runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - uses: gitleaks/gitleaks-action@v2 - env: - GITHUB_TOKEN: ${{ secrets.ACTION_TOKEN }} - GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE}} + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + ref: ${{ 'refs/pull/${{ github.event.number }}/merge' || 'main' }} + - uses: gitleaks/gitleaks-action@v2 + env: + GITHUB_TOKEN: ${{ secrets.ACTION_TOKEN }} + GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE}} diff --git a/.github/workflows/integration-test.yaml b/.github/workflows/integration-test.yaml index 325d70065..134a6bf58 100644 --- a/.github/workflows/integration-test.yaml +++ b/.github/workflows/integration-test.yaml @@ -12,14 +12,15 @@ # See the License for the specific language governing permissions and # limitations under the License. ---- name: Integration Tests on: merge_group: null - pull_request: null + pull_request_target: + types: [opened, edited, reopened, synchronize] + branches: [main] permissions: read-all concurrency: - group: ${{ github.workflow }}-${{ github.ref }} + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true jobs: group-diff: @@ -27,34 +28,34 @@ jobs: outputs: groups: ${{ steps.group-list.outputs.FOLDERS }} steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - name: Output Modified Group Directories - id: group-list - run: | - # Get diff array filtered by specific filetypes - DIFF=$(git diff --diff-filter=d \ - --name-only ${{ github.event.merge_group.base_sha || github.event.pull_request.base.sha }}...${{ github.event.merge_group.head_sha || github.event.pull_request.head.sha }} \ - -- '*/*Dockerfile' '*.py' '*.yaml' '*.yml' '*.sh' '*/*requirements.txt' '*.json' | \ - jq -R '.' | jq -sc '.' \ - ) - # Search for compose files in each file to determine the container groups - DOCKER_COMPOSE_PATHS=() - for path in $(echo $DIFF | jq -r '.[]'); do - while [[ "$path" != "." ]]; do - DIR_PATH=$(dirname "$path") - if [ -n "$(find "$DIR_PATH" -name 'docker-compose.yaml' -print -quit)" ] && [ "$DIR_PATH" != "." ]; then - DOCKER_COMPOSE_PATHS+=("$DIR_PATH") - path="." - else - path="$DIR_PATH" - fi - done + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: Output Modified Group Directories + id: group-list + run: | + # Get diff array filtered by specific filetypes + DIFF=$(git diff --diff-filter=d \ + --name-only ${{ github.event.merge_group.base_sha || github.event.pull_request.base.sha }}...${{ github.event.merge_group.head_sha || github.event.pull_request.head.sha }} \ + -- '*/*Dockerfile' '*.py' '*.yaml' '*.yml' '*.sh' '*/*requirements.txt' '*.json' | \ + jq -R '.' | jq -sc '.' \ + ) + # Search for compose files in each file to determine the container groups + DOCKER_COMPOSE_PATHS=() + for path in $(echo $DIFF | jq -r '.[]'); do + while [[ "$path" != "." ]]; do + DIR_PATH=$(dirname "$path") + if [ -n "$(find "$DIR_PATH" -name 'docker-compose.yaml' -print -quit)" ] && [ "$DIR_PATH" != "." ]; then + DOCKER_COMPOSE_PATHS+=("$DIR_PATH") + path="." + else + path="$DIR_PATH" + fi done - # Convert the array to a JSON array - DOCKER_COMPOSE_PATHS_JSON=$(printf '%s\n' "${DOCKER_COMPOSE_PATHS[@]}" | jq -R '.' | jq -sc 'unique_by(.)') - echo "FOLDERS=$DOCKER_COMPOSE_PATHS_JSON" >> $GITHUB_OUTPUT + done + # Convert the array to a JSON array + DOCKER_COMPOSE_PATHS_JSON=$(printf '%s\n' "${DOCKER_COMPOSE_PATHS[@]}" | jq -R '.' | jq -sc 'unique_by(.)') + echo "FOLDERS=$DOCKER_COMPOSE_PATHS_JSON" >> $GITHUB_OUTPUT pipeline-ci: needs: group-diff if: needs.group-diff.outputs.groups != '[""]' @@ -66,17 +67,18 @@ jobs: uses: ./.github/workflows/container-ci.yaml with: group_dir: ${{ matrix.group }} + ref: "refs/pull/${{ github.event.number }}/merge" secrets: inherit status-check: - needs: [ group-diff, pipeline-ci ] + needs: [group-diff, pipeline-ci] runs-on: ubuntu-latest if: always() steps: - - run: exit 1 - if: >- - ${{ - contains(needs.*.result, 'failure') - || contains(needs.*.result, 'cancelled') - || contains(needs.*.result, 'skipped') - && needs.group-diff.outputs.groups != '[""]' - }} + - run: exit 1 + if: >- + ${{ + contains(needs.*.result, 'failure') + || contains(needs.*.result, 'cancelled') + || contains(needs.*.result, 'skipped') + && needs.group-diff.outputs.groups != '[""]' + }} diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index 42765f259..fdf4e5dd2 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -12,37 +12,38 @@ # See the License for the specific language governing permissions and # limitations under the License. ---- name: Lint permissions: read-all on: merge_group: null - pull_request: null + pull_request_target: + types: [opened, edited, reopened, synchronize] + branches: [main] push: branches: - - develop - - main + - main concurrency: - group: ${{ github.workflow }}-${{ github.ref }} + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true jobs: lint: name: Lint runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - uses: super-linter/super-linter/slim@v6.5.1 - env: - # To report GitHub Actions status checks - GITHUB_TOKEN: ${{ secrets.ACTION_TOKEN }} - GITHUB_ACTIONS_COMMAND_ARGS: '-ignore SC.*' - VALIDATE_BASH_EXEC: false - VALIDATE_CHECKOV: false - VALIDATE_HTML: false - VALIDATE_KUBERNETES_KUBECONFORM: false - VALIDATE_NATURAL_LANGUAGE: false - VALIDATE_PYTHON_FLAKE8: false - VALIDATE_PYTHON_MYPY: false - VALIDATE_PYTHON_RUFF: false + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + ref: ${{ 'refs/pull/${{ github.event.number }}/merge' || 'main' }} + - uses: super-linter/super-linter/slim@v6.5.1 + env: + # To report GitHub Actions status checks + GITHUB_TOKEN: ${{ secrets.ACTION_TOKEN }} + GITHUB_ACTIONS_COMMAND_ARGS: '-ignore SC.*' + VALIDATE_BASH_EXEC: false + VALIDATE_CHECKOV: false + VALIDATE_HTML: false + VALIDATE_KUBERNETES_KUBECONFORM: false + VALIDATE_NATURAL_LANGUAGE: false + VALIDATE_PYTHON_FLAKE8: false + VALIDATE_PYTHON_MYPY: false + VALIDATE_PYTHON_RUFF: false diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml index b56ec2ec0..240202a41 100644 --- a/.github/workflows/scorecard.yaml +++ b/.github/workflows/scorecard.yaml @@ -20,9 +20,9 @@ name: Scorecard supply-chain security on: branch_protection_rule: schedule: - - cron: '0 6 * * 0' + - cron: '0 6 * * 0' push: - branches: [ "main" ] + branches: ["main"] workflow_dispatch: permissions: read-all jobs: @@ -35,20 +35,20 @@ jobs: contents: read actions: read steps: - - uses: actions/checkout@v4 - with: - persist-credentials: false - - uses: ossf/scorecard-action@v2.3.3 - with: - results_file: results.sarif - results_format: sarif - repo_token: ${{ secrets.ACTION_TOKEN }} - publish_results: true - - uses: actions/upload-artifact@v4 - with: - name: SARIF file - path: results.sarif - retention-days: 5 - - uses: github/codeql-action/upload-sarif@v3.25.3 - with: - sarif_file: results.sarif + - uses: actions/checkout@v4 + with: + persist-credentials: false + - uses: ossf/scorecard-action@v2.3.3 + with: + results_file: results.sarif + results_format: sarif + repo_token: ${{ secrets.ACTION_TOKEN }} + publish_results: true + - uses: actions/upload-artifact@v4 + with: + name: SARIF file + path: results.sarif + retention-days: 5 + - uses: github/codeql-action/upload-sarif@v3.25.3 + with: + sarif_file: results.sarif diff --git a/.github/workflows/test-runner-ci.yaml b/.github/workflows/test-runner-ci.yaml index 6704f1263..3755e2616 100644 --- a/.github/workflows/test-runner-ci.yaml +++ b/.github/workflows/test-runner-ci.yaml @@ -15,7 +15,9 @@ name: Test Runner CI on: merge_group: null - pull_request: + pull_request_target: + types: [opened, edited, reopened, synchronize] + branches: [main] paths: - 'test-runner/**' push: @@ -23,7 +25,7 @@ on: - main permissions: read-all concurrency: - group: ${{ github.workflow }}-${{ github.ref }} + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true jobs: unit-test: @@ -34,6 +36,8 @@ jobs: fail-fast: true steps: - uses: actions/checkout@v4 + with: + ref: ${{ 'refs/pull/${{ github.event.number }}/merge' || 'main' }} - uses: docker/setup-buildx-action@v3 with: driver: docker @@ -63,6 +67,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 + with: + ref: ${{ 'refs/pull/${{ github.event.number }}/merge' || 'main' }} - uses: actions/setup-python@v5 with: python-version: "3.10" @@ -91,6 +97,8 @@ jobs: runs-on: k8-runners steps: - uses: actions/checkout@v4 + with: + ref: ${{ 'refs/pull/${{ github.event.number }}/merge' || 'main' }} - uses: docker/setup-buildx-action@v3 with: driver: docker diff --git a/.github/workflows/weekly-test.yaml b/.github/workflows/weekly-test.yaml index eb1d966cc..c704e1e38 100644 --- a/.github/workflows/weekly-test.yaml +++ b/.github/workflows/weekly-test.yaml @@ -15,7 +15,7 @@ name: Weekly Tests on: schedule: - - cron: "0 0 * * 0" + - cron: "0 0 * * 0" workflow_dispatch: null permissions: read-all jobs: @@ -24,18 +24,18 @@ jobs: outputs: groups: ${{ steps.group-list.outputs.FOLDERS }} steps: - - uses: actions/checkout@v4 - - name: Output Group Directories - id: group-list - run: | - DOCKER_COMPOSE_PATHS=() - for path in $(find . -name 'docker-compose.yaml'); do - DIR_PATH=$(dirname "$path") - DOCKER_COMPOSE_PATHS+=("${DIR_PATH:2}") - done - # Convert the array to a JSON array - DOCKER_COMPOSE_PATHS_JSON=$(printf '%s\n' "${DOCKER_COMPOSE_PATHS[@]}" | uniq | jq -R '.' | jq -sc '.') - echo "FOLDERS=$DOCKER_COMPOSE_PATHS_JSON" >> $GITHUB_OUTPUT + - uses: actions/checkout@v4 + - name: Output Group Directories + id: group-list + run: | + DOCKER_COMPOSE_PATHS=() + for path in $(find . -name 'docker-compose.yaml'); do + DIR_PATH=$(dirname "$path") + DOCKER_COMPOSE_PATHS+=("${DIR_PATH:2}") + done + # Convert the array to a JSON array + DOCKER_COMPOSE_PATHS_JSON=$(printf '%s\n' "${DOCKER_COMPOSE_PATHS[@]}" | uniq | jq -R '.' | jq -sc '.') + echo "FOLDERS=$DOCKER_COMPOSE_PATHS_JSON" >> $GITHUB_OUTPUT pipeline-ci: needs: [get-groups] strategy: @@ -46,4 +46,5 @@ jobs: uses: ./.github/workflows/container-ci.yaml with: group_dir: ${{ matrix.group }} + ref: main secrets: inherit From d967a8468ca42a5e3422d875d2047079ece52b3f Mon Sep 17 00:00:00 2001 From: tylertitsworth Date: Thu, 30 May 2024 09:14:59 -0700 Subject: [PATCH 09/17] update configs --- .github/workflows/test-runner-ci.yaml | 18 ++++++++++-------- tox.ini | 7 +++++++ 2 files changed, 17 insertions(+), 8 deletions(-) diff --git a/.github/workflows/test-runner-ci.yaml b/.github/workflows/test-runner-ci.yaml index e72e1b071..506cecaf7 100644 --- a/.github/workflows/test-runner-ci.yaml +++ b/.github/workflows/test-runner-ci.yaml @@ -78,15 +78,17 @@ jobs: - name: Coverage run: | python -m pip install coverage - python -m coverage combine + python -m coverage combine --debug=pathmap find . -name "*.pyc" -exec rm -f {} \; - python -m coverage xml -i - # - name: Comment on PR - # uses: orgoro/coverage@v3.1 - # with: - # coverageFile: coverage.xml - # token: ${{ secrets.ACTION_TOKEN }} - # treshholdAll: 80 + python -m coverage xml --skip-empty + env: + COVERAGE_RCFILE: tox.ini + - name: Comment on PR + uses: orgoro/coverage@v3.1 + with: + coverageFile: coverage.xml + token: ${{ secrets.ACTION_TOKEN }} + treshholdAll: 80 - uses: actions/upload-artifact@v4 with: name: coverage.xml diff --git a/tox.ini b/tox.ini index 27ce87a9b..5181c9f81 100644 --- a/tox.ini +++ b/tox.ini @@ -35,6 +35,13 @@ exclude_lines = if __name__ == "__main__": omit = utest.py +[coverage:combine] +relative_paths = true + +[coverage:xml] +source = + test-runner/* + [gh-actions] python = 3.8: py38 From 73be20a402f263c6d7bedd21fc0b5d00f31f948a Mon Sep 17 00:00:00 2001 From: tylertitsworth Date: Thu, 30 May 2024 09:15:33 -0700 Subject: [PATCH 10/17] remove unecessary line --- .github/workflows/test-runner-ci.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/test-runner-ci.yaml b/.github/workflows/test-runner-ci.yaml index 506cecaf7..1250218cd 100644 --- a/.github/workflows/test-runner-ci.yaml +++ b/.github/workflows/test-runner-ci.yaml @@ -79,7 +79,6 @@ jobs: run: | python -m pip install coverage python -m coverage combine --debug=pathmap - find . -name "*.pyc" -exec rm -f {} \; python -m coverage xml --skip-empty env: COVERAGE_RCFILE: tox.ini From a3b7a04ed1589b6e4e6c1d4b5f4fd132152d3ab6 Mon Sep 17 00:00:00 2001 From: tylertitsworth Date: Thu, 30 May 2024 09:15:59 -0700 Subject: [PATCH 11/17] remove unecessary line --- test-runner/tests.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test-runner/tests.yaml b/test-runner/tests.yaml index 472d8ca5c..26e18be2d 100644 --- a/test-runner/tests.yaml +++ b/test-runner/tests.yaml @@ -11,7 +11,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -# test + test1: img: ${REGISTRY}/${REPO}:latest # substitute env from host cmd: head -n 1 /workspace/test-runner/requirements.txt # volume mounted file From eb01de78704df8f491257062553a0b10a57e8ce0 Mon Sep 17 00:00:00 2001 From: tylertitsworth Date: Thu, 30 May 2024 09:18:41 -0700 Subject: [PATCH 12/17] fix configs --- .github/workflows/test-runner-ci.yaml | 2 -- tox.ini | 6 ++---- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/.github/workflows/test-runner-ci.yaml b/.github/workflows/test-runner-ci.yaml index 1250218cd..b8e9ae4e4 100644 --- a/.github/workflows/test-runner-ci.yaml +++ b/.github/workflows/test-runner-ci.yaml @@ -80,8 +80,6 @@ jobs: python -m pip install coverage python -m coverage combine --debug=pathmap python -m coverage xml --skip-empty - env: - COVERAGE_RCFILE: tox.ini - name: Comment on PR uses: orgoro/coverage@v3.1 with: diff --git a/tox.ini b/tox.ini index 5181c9f81..0a744034f 100644 --- a/tox.ini +++ b/tox.ini @@ -2,6 +2,8 @@ env_list = py{38,39,310,311,312} coverage +source = + test-runner/* [testenv] deps = @@ -38,10 +40,6 @@ omit = utest.py [coverage:combine] relative_paths = true -[coverage:xml] -source = - test-runner/* - [gh-actions] python = 3.8: py38 From 8ef7a4ab01e8930d423cf509c6426b631542d0c9 Mon Sep 17 00:00:00 2001 From: tylertitsworth Date: Thu, 30 May 2024 09:31:56 -0700 Subject: [PATCH 13/17] update config --- tox.ini | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/tox.ini b/tox.ini index 0a744034f..fe1c197a7 100644 --- a/tox.ini +++ b/tox.ini @@ -2,8 +2,6 @@ env_list = py{38,39,310,311,312} coverage -source = - test-runner/* [testenv] deps = @@ -37,9 +35,13 @@ exclude_lines = if __name__ == "__main__": omit = utest.py -[coverage:combine] +[coverage:run] relative_paths = true +[coverage:paths] +source = + test-runner/* + [gh-actions] python = 3.8: py38 From c8cd059c553ac39e74d3719e2fa0bd6b88d79fbb Mon Sep 17 00:00:00 2001 From: tylertitsworth Date: Thu, 30 May 2024 09:33:29 -0700 Subject: [PATCH 14/17] add test for TR --- test-runner/tests.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test-runner/tests.yaml b/test-runner/tests.yaml index 26e18be2d..b0d2022c4 100644 --- a/test-runner/tests.yaml +++ b/test-runner/tests.yaml @@ -11,7 +11,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - +#test test1: img: ${REGISTRY}/${REPO}:latest # substitute env from host cmd: head -n 1 /workspace/test-runner/requirements.txt # volume mounted file From 933d3532907bd4e2c8e9b31aa68e8ea8bf955a0c Mon Sep 17 00:00:00 2001 From: tylertitsworth Date: Thu, 30 May 2024 09:36:41 -0700 Subject: [PATCH 15/17] only run on prt --- .github/workflows/test-runner-ci.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/test-runner-ci.yaml b/.github/workflows/test-runner-ci.yaml index b8e9ae4e4..2c287bce3 100644 --- a/.github/workflows/test-runner-ci.yaml +++ b/.github/workflows/test-runner-ci.yaml @@ -81,6 +81,7 @@ jobs: python -m coverage combine --debug=pathmap python -m coverage xml --skip-empty - name: Comment on PR + if: ${{ github.event_name == 'pull_request_target' }} uses: orgoro/coverage@v3.1 with: coverageFile: coverage.xml From 4a92c1321a0beaf5363d02182d62370108b2af7d Mon Sep 17 00:00:00 2001 From: tylertitsworth Date: Thu, 30 May 2024 09:39:26 -0700 Subject: [PATCH 16/17] update syntax --- tox.ini | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tox.ini b/tox.ini index 228414c85..eec5baa23 100644 --- a/tox.ini +++ b/tox.ini @@ -38,7 +38,7 @@ exclude_lines = omit = utest.py [coverage:run] -relative_paths = true +relative_files = true [coverage:paths] source = From 8a0b112959ed797179fbb955f2c920d08e128f63 Mon Sep 17 00:00:00 2001 From: tylertitsworth Date: Thu, 30 May 2024 09:48:17 -0700 Subject: [PATCH 17/17] remove test case --- test-runner/tests.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test-runner/tests.yaml b/test-runner/tests.yaml index b0d2022c4..26e18be2d 100644 --- a/test-runner/tests.yaml +++ b/test-runner/tests.yaml @@ -11,7 +11,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -#test + test1: img: ${REGISTRY}/${REPO}:latest # substitute env from host cmd: head -n 1 /workspace/test-runner/requirements.txt # volume mounted file