[Snyk] Fix for 9 vulnerabilities #344
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| # https://help.github.com/en/actions/reference/workflow-syntax-for-github-actions | |
| # https://help.github.com/en/actions/reference/context-and-expression-syntax-for-github-actions | |
| # https://help.github.com/en/actions/configuring-and-managing-workflows/authenticating-with-the-github_token | |
| # https://hynek.me/articles/python-github-actions/ | |
| # https://medium.com/swlh/fast-docker-build-in-kubernetes-f52088854f45 | |
| name: CI | |
| on: [push, pull_request] | |
| # env: | |
| # DOCKER_BUILDKIT: 1 | |
| # COMPOSE_DOCKER_CLI_BUILD: 1 | |
| jobs: | |
| code-checks: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - name: Setup Python | |
| uses: actions/setup-python@v1 | |
| with: | |
| python-version: 3.7 | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install .[dev] | |
| - name: Lint with flake8 | |
| run: | | |
| # stop the build if there are Python syntax errors or undefined names | |
| flake8 backend qaboard --count --select=E9,F63,F7,F82 --show-source --statistics | |
| # --exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide | |
| # flake8 backend qaboard --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics | |
| - name: Type Checks with MyPy | |
| run: mypy -p qaboard --ignore-missing-imports | |
| - name: Unit Tests | |
| run: | | |
| # git is needed in the tests and setup to fail if not setup | |
| git config --global user.name "Arthur Flam" | |
| git config --global user.email "[email protected]" | |
| green -vvv --quiet-stdout | |
| build-webapp: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - name: Use Node.js ${{ matrix.node-version }} | |
| uses: actions/setup-node@v1 | |
| with: | |
| node-version: 16.x | |
| - uses: actions/cache@v2 | |
| with: | |
| path: ~/.npm | |
| key: node-${{ hashFiles('webapp/npm-shrinkwrap.json') }} | |
| restore-keys: ${{ runner.os }}-node- | |
| - run: cd webapp && npm ci | |
| - run: cd webapp && npm run build --if-present | |
| # - run: cd webapp && npm test | |
| test-docker-images: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - name: Build the docker-compose stack | |
| run: docker-compose build # --build-arg BUILDKIT_INLINE_CACHE=1 | |
| - name: Up the docker-compose stack | |
| run: docker-compose up -d | |
| - name: Check running containers | |
| run: docker ps -a | |
| - name: Check logs | |
| run: sleep 10 && docker-compose logs | |
| - name: Smoke Test @app | |
| run: curl -s --retry 10 --retry-connrefused http://localhost:5151/ | |
| - name: sleep 10 && Smoke Test @api | |
| run: sleep 10 && curl -s --retry 10 --retry-connrefused http://localhost:5151/api/v1/projects | |
| publish-docker-images: | |
| runs-on: ubuntu-latest | |
| if: github.ref == 'refs/heads/master' | |
| needs: | |
| - code-checks | |
| - build-webapp | |
| - test-docker-images | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - name: Build the docker-compose stack | |
| run: docker-compose build # --build-arg BUILDKIT_INLINE_CACHE=1 | |
| - name: Publish images | |
| run: | | |
| echo ${{ secrets.DOCKERHUB_ACCESS_TOKEN }} | docker login --username arthurflam --password-stdin | |
| docker-compose push |