Skip to content

fix: requirements.txt to reduce vulnerabilities #278

fix: requirements.txt to reduce vulnerabilities

fix: requirements.txt to reduce vulnerabilities #278

Workflow file for this run

name: testing
on: push
env:
TARGET_BASE: build
TARGET_APP: app
DOCKER_BUILDKIT: 1
jobs:
docker-build:
name: docker build
runs-on: ubuntu-20.04
strategy:
matrix:
include:
- GHCR_CACHED_TAG_PREFIX: "ghcr.io/unfor19/frigga:latest"
DOCKERFILE_PATH: Dockerfile
steps:
- uses: actions/checkout@v2
- name: docker login ghcr
run: |
echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u $GITHUB_ACTOR --password-stdin
- name: docker pull cached
run: |
docker pull "${{ matrix.GHCR_CACHED_TAG_PREFIX }}-${TARGET_BASE}" || true
docker pull "${{ matrix.GHCR_CACHED_TAG_PREFIX }}-${TARGET_APP}" || true
- name: docker build cached
run: |
docker build . -t "cached-${TARGET_BASE}" \
--cache-from="${{ matrix.GHCR_CACHED_TAG_PREFIX }}-${TARGET_BASE}" \
-f "${{ matrix.DOCKERFILE_PATH }}" \
--target "${TARGET_BASE}" \
--build-arg BUILDKIT_INLINE_CACHE=1
docker build . -t "cached-${TARGET_APP}" \
--cache-from="${{ matrix.GHCR_CACHED_TAG_PREFIX }}-${TARGET_APP}" \
-f "${{ matrix.DOCKERFILE_PATH }}" \
--target "${TARGET_APP}" \
--build-arg BUILDKIT_INLINE_CACHE=1
- name: docker tag cached
run: |
docker tag "cached-${TARGET_BASE}" "${{ matrix.GHCR_CACHED_TAG_PREFIX }}-${TARGET_BASE}"
docker tag "cached-${TARGET_APP}" "${{ matrix.GHCR_CACHED_TAG_PREFIX }}-${TARGET_APP}"
- name: docker push cached to ghcr
env:
GITHUB_TOKEN: "${{ secrets.GHTOKEN_PUSH_PKG }}"
run: |
docker push "${{ matrix.GHCR_CACHED_TAG_PREFIX }}-${TARGET_BASE}"
docker push "${{ matrix.GHCR_CACHED_TAG_PREFIX }}-${TARGET_APP}"
ubuntu-cli:
needs: docker-build
runs-on: ubuntu-latest
strategy:
matrix:
python-version: [3.6, 3.7, 3.8, 3.9]
include:
- GHCR_CACHED_TAG_PREFIX: "ghcr.io/unfor19/frigga:latest"
DOCKERFILE_PATH: Dockerfile
DOCKERHUB_TAG: "unfor19/frigga:latest"
steps:
- uses: actions/checkout@v2
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v1
with:
python-version: ${{ matrix.python-version }}
- name: docker pull cached from ghcr
run: |
echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u $GITHUB_ACTOR --password-stdin
docker pull "${{ matrix.GHCR_CACHED_TAG_PREFIX }}-${TARGET_APP}"
docker tag "${{ matrix.GHCR_CACHED_TAG_PREFIX }}-${TARGET_APP}" "${{ matrix.DOCKERHUB_TAG }}"
echo "DOCKER_TAG=${{ matrix.DOCKERHUB_TAG }}" >> $GITHUB_ENV
- name: Install CLI
run: |
sudo apt remove python3-pip
python -m pip install --upgrade pip
pip install .
- name: Deploy Stack
env:
FRIGGA_TESTING: true
run: bash docker-compose/deploy_stack.sh
- name: Apply Changes
run: ./docker-compose/apply_changes.sh
ubuntu-webserver:
needs: docker-build
runs-on: ubuntu-latest
strategy:
matrix:
include:
- GHCR_CACHED_TAG_PREFIX: "ghcr.io/unfor19/frigga:latest"
DOCKERFILE_PATH: Dockerfile
DOCKERHUB_TAG: "unfor19/frigga:latest"
steps:
- uses: actions/checkout@v2
- name: docker pull cached from ghcr
run: |
echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u $GITHUB_ACTOR --password-stdin
docker pull "${{ matrix.GHCR_CACHED_TAG_PREFIX }}-${TARGET_APP}"
docker tag "${{ matrix.GHCR_CACHED_TAG_PREFIX }}-${TARGET_APP}" "${{ matrix.DOCKERHUB_TAG }}"
echo "DOCKER_TAG=${{ matrix.DOCKERHUB_TAG }}" >> $GITHUB_ENV
- name: Deploy Stack
env:
FRIGGA_TESTING: true
run: bash docker-compose/deploy_stack.sh
- name: Apply Changes
run: ./docker-compose/apply_changes_webserver.sh
ubuntu-websocket:
needs: docker-build
runs-on: ubuntu-latest
strategy:
matrix:
include:
- GHCR_CACHED_TAG_PREFIX: "ghcr.io/unfor19/frigga:latest"
DOCKERFILE_PATH: Dockerfile
DOCKERHUB_TAG: "unfor19/frigga:latest"
steps:
- uses: actions/checkout@v2
- name: docker pull cached from ghcr
run: |
echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u $GITHUB_ACTOR --password-stdin
docker pull "${{ matrix.GHCR_CACHED_TAG_PREFIX }}-${TARGET_APP}"
docker tag "${{ matrix.GHCR_CACHED_TAG_PREFIX }}-${TARGET_APP}" "${{ matrix.DOCKERHUB_TAG }}"
echo "DOCKER_TAG=${{ matrix.DOCKERHUB_TAG }}" >> $GITHUB_ENV
- name: Deploy Stack
env:
FRIGGA_TESTING: true
run: bash docker-compose/deploy_stack.sh
- name: Apply Changes
run: ./docker-compose/apply_changes_websocket.sh
minikube:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Install minikube
uses: opsgang/ga-setup-minikube@v0.1.2
with:
minikube-version: 1.7.2
k8s-version: 1.17.2
- name: Start minikube
run: |
minikube start --vm-driver=docker --kubernetes-version v1.17.2
kubectl cluster-info
kubectl get pods -n kube-system
- name: Test minikube
run: bash kubernetes/minikube_test.sh
- name: Deploy Stack
env:
FRIGGA_TESTING: true
run: bash kubernetes/deploy_stack.sh
- name: Apply Changes
env:
FRIGGA_TESTING: true
run: bash kubernetes/exec_apply.sh
- name: Validate
env:
FRIGGA_TESTING: true
run: bash kubernetes/validate.sh