fix: requirements.txt to reduce vulnerabilities #296
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: testing | |
on: push | |
env: | |
TARGET_BASE: build | |
TARGET_APP: app | |
DOCKER_BUILDKIT: 1 | |
jobs: | |
docker-build: | |
name: docker build | |
runs-on: ubuntu-20.04 | |
strategy: | |
matrix: | |
include: | |
- GHCR_CACHED_TAG_PREFIX: "ghcr.io/unfor19/frigga:latest" | |
DOCKERFILE_PATH: Dockerfile | |
steps: | |
- uses: actions/checkout@v2 | |
- name: docker login ghcr | |
run: | | |
echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u $GITHUB_ACTOR --password-stdin | |
- name: docker pull cached | |
run: | | |
docker pull "${{ matrix.GHCR_CACHED_TAG_PREFIX }}-${TARGET_BASE}" || true | |
docker pull "${{ matrix.GHCR_CACHED_TAG_PREFIX }}-${TARGET_APP}" || true | |
- name: docker build cached | |
run: | | |
docker build . -t "cached-${TARGET_BASE}" \ | |
--cache-from="${{ matrix.GHCR_CACHED_TAG_PREFIX }}-${TARGET_BASE}" \ | |
-f "${{ matrix.DOCKERFILE_PATH }}" \ | |
--target "${TARGET_BASE}" \ | |
--build-arg BUILDKIT_INLINE_CACHE=1 | |
docker build . -t "cached-${TARGET_APP}" \ | |
--cache-from="${{ matrix.GHCR_CACHED_TAG_PREFIX }}-${TARGET_APP}" \ | |
-f "${{ matrix.DOCKERFILE_PATH }}" \ | |
--target "${TARGET_APP}" \ | |
--build-arg BUILDKIT_INLINE_CACHE=1 | |
- name: docker tag cached | |
run: | | |
docker tag "cached-${TARGET_BASE}" "${{ matrix.GHCR_CACHED_TAG_PREFIX }}-${TARGET_BASE}" | |
docker tag "cached-${TARGET_APP}" "${{ matrix.GHCR_CACHED_TAG_PREFIX }}-${TARGET_APP}" | |
- name: docker push cached to ghcr | |
env: | |
GITHUB_TOKEN: "${{ secrets.GHTOKEN_PUSH_PKG }}" | |
run: | | |
docker push "${{ matrix.GHCR_CACHED_TAG_PREFIX }}-${TARGET_BASE}" | |
docker push "${{ matrix.GHCR_CACHED_TAG_PREFIX }}-${TARGET_APP}" | |
ubuntu-cli: | |
needs: docker-build | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
python-version: [3.6, 3.7, 3.8, 3.9] | |
include: | |
- GHCR_CACHED_TAG_PREFIX: "ghcr.io/unfor19/frigga:latest" | |
DOCKERFILE_PATH: Dockerfile | |
DOCKERHUB_TAG: "unfor19/frigga:latest" | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Set up Python ${{ matrix.python-version }} | |
uses: actions/setup-python@v1 | |
with: | |
python-version: ${{ matrix.python-version }} | |
- name: docker pull cached from ghcr | |
run: | | |
echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u $GITHUB_ACTOR --password-stdin | |
docker pull "${{ matrix.GHCR_CACHED_TAG_PREFIX }}-${TARGET_APP}" | |
docker tag "${{ matrix.GHCR_CACHED_TAG_PREFIX }}-${TARGET_APP}" "${{ matrix.DOCKERHUB_TAG }}" | |
echo "DOCKER_TAG=${{ matrix.DOCKERHUB_TAG }}" >> $GITHUB_ENV | |
- name: Install CLI | |
run: | | |
sudo apt remove python3-pip | |
python -m pip install --upgrade pip | |
pip install . | |
- name: Deploy Stack | |
env: | |
FRIGGA_TESTING: true | |
run: bash docker-compose/deploy_stack.sh | |
- name: Apply Changes | |
run: ./docker-compose/apply_changes.sh | |
ubuntu-webserver: | |
needs: docker-build | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
include: | |
- GHCR_CACHED_TAG_PREFIX: "ghcr.io/unfor19/frigga:latest" | |
DOCKERFILE_PATH: Dockerfile | |
DOCKERHUB_TAG: "unfor19/frigga:latest" | |
steps: | |
- uses: actions/checkout@v2 | |
- name: docker pull cached from ghcr | |
run: | | |
echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u $GITHUB_ACTOR --password-stdin | |
docker pull "${{ matrix.GHCR_CACHED_TAG_PREFIX }}-${TARGET_APP}" | |
docker tag "${{ matrix.GHCR_CACHED_TAG_PREFIX }}-${TARGET_APP}" "${{ matrix.DOCKERHUB_TAG }}" | |
echo "DOCKER_TAG=${{ matrix.DOCKERHUB_TAG }}" >> $GITHUB_ENV | |
- name: Deploy Stack | |
env: | |
FRIGGA_TESTING: true | |
run: bash docker-compose/deploy_stack.sh | |
- name: Apply Changes | |
run: ./docker-compose/apply_changes_webserver.sh | |
ubuntu-websocket: | |
needs: docker-build | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
include: | |
- GHCR_CACHED_TAG_PREFIX: "ghcr.io/unfor19/frigga:latest" | |
DOCKERFILE_PATH: Dockerfile | |
DOCKERHUB_TAG: "unfor19/frigga:latest" | |
steps: | |
- uses: actions/checkout@v2 | |
- name: docker pull cached from ghcr | |
run: | | |
echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u $GITHUB_ACTOR --password-stdin | |
docker pull "${{ matrix.GHCR_CACHED_TAG_PREFIX }}-${TARGET_APP}" | |
docker tag "${{ matrix.GHCR_CACHED_TAG_PREFIX }}-${TARGET_APP}" "${{ matrix.DOCKERHUB_TAG }}" | |
echo "DOCKER_TAG=${{ matrix.DOCKERHUB_TAG }}" >> $GITHUB_ENV | |
- name: Deploy Stack | |
env: | |
FRIGGA_TESTING: true | |
run: bash docker-compose/deploy_stack.sh | |
- name: Apply Changes | |
run: ./docker-compose/apply_changes_websocket.sh | |
minikube: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Install minikube | |
uses: opsgang/ga-setup-minikube@v0.1.2 | |
with: | |
minikube-version: 1.7.2 | |
k8s-version: 1.17.2 | |
- name: Start minikube | |
run: | | |
minikube start --vm-driver=docker --kubernetes-version v1.17.2 | |
kubectl cluster-info | |
kubectl get pods -n kube-system | |
- name: Test minikube | |
run: bash kubernetes/minikube_test.sh | |
- name: Deploy Stack | |
env: | |
FRIGGA_TESTING: true | |
run: bash kubernetes/deploy_stack.sh | |
- name: Apply Changes | |
env: | |
FRIGGA_TESTING: true | |
run: bash kubernetes/exec_apply.sh | |
- name: Validate | |
env: | |
FRIGGA_TESTING: true | |
run: bash kubernetes/validate.sh |