Skip to content
CI-MAIN

Merge pull request #129 from kube-HPC/isAlive_minor_fix #146

Sign in to view logs

Merge pull request #129 from kube-HPC/isAlive_minor_fix

Merge pull request #129 from kube-HPC/isAlive_minor_fix #146

Workflow file for this run

.github/workflows/main.yaml at 5818f00
# This is a basic workflow to help you get started with Actions
name: CI-MAIN
# Controls when the action will run.
on:
# Triggers the workflow on push or pull request events but only for the master branch
push:
branches: [master]
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
# This workflow contains a single job called "build"
test:
# The type of runner that the job will run on
if: "!contains(github.event.head_commit.message, '[skip ci]')"
runs-on: ubuntu-latest
name: Python ${{ matrix.python-version }}
strategy:
matrix:
python-version: [ "3.7", "3.8", "3.9", "3.10"]
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
- uses: actions/checkout@v2
- name: Setup python
uses: actions/setup-python@v2
with:
python-version: ${{ matrix.python-version }}
architecture: x64
- run: ./tools/ci/tests.sh
coverage:
if: "!contains(github.event.head_commit.message, '[skip ci]')"
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Setup python
uses: actions/setup-python@v2
with:
python-version: '3.7'
architecture: x64
- run: ./tools/ci/coverage.sh
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
deploy:
needs: test
if: "!contains(github.event.head_commit.message, '[skip ci]')"
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
token: ${{ secrets.GH_TOKEN }}
- name: Setup python
uses: actions/setup-python@v2
with:
python-version: '3.7'
architecture: x64
- run: ./tools/ci/github.sh
env:
GH_TOKEN: '${{ secrets.GH_TOKEN }}'
- name: Publish a Python distribution to PyPI
uses: pypa/gh-action-pypi-publish@master
with:
user: __token__
password: ${{ secrets.PYPI_TOKEN }}
- name: set version
run: echo version=`python setup.py --version`>> $GITHUB_ENV
- name: Install Trivy
run: |
wget https://github.com/aquasecurity/trivy/releases/download/v0.43.0/trivy_0.43.0_Linux-64bit.deb
sudo dpkg -i trivy_0.43.0_Linux-64bit.deb
- name: Run Trivy license scan on filesystem
run: trivy fs /home/runner/work --scanners license --license-full --severity 'HIGH,CRITICAL' > trivy_license_filesystem.txt
- name: Run Trivy vulnerability scanner on the repo
run: trivy fs /home/runner/work --severity 'HIGH,CRITICAL' --format sarif --output trivy_vulnerability.sarif
- name: Upload Trivy vulnerability scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: 'trivy_vulnerability.sarif'
- name: Create branch for scan results
run: |
git config --global user.email "[email protected]"
git config --global user.name "GitHub Action"
existed_in_remote=$(git ls-remote --heads origin trivy-scan-results)
if [[ ${existed_in_remote} ]]; then
echo "branch exists in remote"
git fetch origin trivy-scan-results
echo "branch fetched"
git checkout trivy-scan-results
echo "origin branch swapped"
else
git checkout -b trivy-scan-results
echo "new branch swapped"
fi
mkdir -p TrivyScans
TIMESTAMP=$(date +"%Y-%m-%d %H:%M:%S")
echo "$TIMESTAMP" > ScanTimeStamp.txt
cp ScanTimeStamp.txt TrivyScans/
cp trivy_license_filesystem.txt TrivyScans/
git add TrivyScans/trivy_license_filesystem.txt
git add TrivyScans/ScanTimeStamp.txt
git commit -m "Add trivy scan result files to the folder 'TrivyScans'"
git push origin trivy-scan-results
- name: Display branch and file path link
run: echo "Results uploaded to [trivy-scan-results branch](https://github.com/$GITHUB_REPOSITORY/tree/trivy-scan-results/TrivyScans/)"
- name: trigger artifacts registry
uses: octokit/[email protected]
with:
route: POST /repos/kube-HPC/artifacts-registry/dispatches
event_type: trigger
client_payload: "{\"version\": \"${{env.version}}\" , \"wrapper\": \"python\" , \"action\": \"dev-version\" }"
env:
GITHUB_TOKEN: '${{ secrets.GH_TOKEN }}'