Skip to content

Bump bandit from 1.7.9 to 1.8.0 #915

Bump bandit from 1.7.9 to 1.8.0

Bump bandit from 1.7.9 to 1.8.0 #915

Workflow file for this run

name: Docker Image CI
on:
push:
pull_request:
branches: [ master ]
jobs:
test:
runs-on: ubuntu-latest
strategy:
matrix:
python-version: ['3.10', '3.11']
k8s-version: [v1.25, v1.26, v1.27]
steps:
- name: Check out code
uses: actions/checkout@v4
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v5.3.0
with:
python-version: ${{ matrix.python-version }}
- name: Install dependencies
run: |
python -m pip install --upgrade pip
if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
if [ -f requirements/dev.txt ]; then pip install -r requirements/dev.txt; fi
- name: Lint
run: |
# stop the build if there are Python syntax errors or undefined names
flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
# exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide
flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics
- name: Test standalone
run: |
python3 -m pytest tests/test_utility.py
- name: Setup k3s
uses: nolar/setup-k3d-k3s@v1.0.9
with:
version: ${{ matrix.k8s-version }}
- name: Test k3s
run: kubectl get nodes
- name: Configure k3s
run: |
kubectl apply -f manifests/01-oaat-operator-crd.yaml
kubectl apply -f manifests/sample-oaat-type.yaml
- name: Run tests
run: |
python3 -m pytest --cov=oaatoperator --cov-append --cov-report=term --cov-report=xml:cov.xml .
- name: Upload Coverage
uses: codecov/codecov-action@v4.5.0
with:
token: ${{ secrets.CODECOV_TOKEN }}
fail_ci_if_error: false
validate:
runs-on: ubuntu-latest
needs: test
steps:
- name: Check out code
uses: actions/checkout@v4
- name: Validate Version
run: |
VER=$(grep oaat-operator version.txt | sed -e 's/.*=//' -e 's/\s//g')
grep "ghcr.io/kawaja/oaat-operator:v${VER}" manifests/02-oaat-operator-deployment.yaml >/dev/null
build:
runs-on: ubuntu-latest
permissions:
packages: write
needs: validate
if: ${{ github.event_name == 'push' }}
steps:
- name: Check out code
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3.7.1
with:
buildkitd-flags: --debug
- name: Login to Repo
uses: docker/login-action@v3.3.0
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Get short Git SHA
id: vars
shell: bash
run: |
echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
- name: Check branch to set dev tag
id: devtag
shell: bash
run: |
tag=$(echo ${{ github.ref_name }} | sed -e 's/.*[^A-Za-z_.0-9-]\([A-Za-z_.0-9-]*\)$/\1/')
if [ "${tag}" == 'master' ]; then
echo "devtag=dev" >> $GITHUB_OUTPUT
else
echo "devtag=${tag}" >> $GITHUB_OUTPUT
fi
- name: Embed Data/Git SHA details
run: |
VER=$(grep oaat-operator version.txt | sed -e 's/.*=//' -e 's/\s//g')
echo "__version__ = '${VER}'" >> oaatoperator/__init__.py
echo "__gitsha__ = '${GITHUB_SHA::7}'" >> oaatoperator/__init__.py
echo "__build_date__ = '$(date +%Y%m%d%H%M%S)'" >> oaatoperator/__init__.py
- name: Build the Docker image (with :<sha> and :dev tags)
uses: docker/build-push-action@v6.7.0
with:
context: .
file: build/Dockerfile
push: true
no-cache: true
tags: ghcr.io/${{github.repository}}:${{steps.vars.outputs.sha_short}},ghcr.io/${{github.repository}}:${{steps.devtag.outputs.devtag}}