[Snyk] Security upgrade postgres from 15.6 to 15.7 #225
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: PR | |
| on: | |
| pull_request: | |
| branches: [main] | |
| concurrency: | |
| # PR open and close use the same group, allowing only one at a time | |
| group: pr-${{ github.workflow }}-${{ github.event.number }} | |
| cancel-in-progress: true | |
| jobs: | |
| scrub: | |
| name: Scrub for changed Dockerfiles | |
| runs-on: ubuntu-22.04 | |
| outputs: | |
| json: ${{ steps.dockerfiles.outputs.json }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Get Dockerfiles | |
| id: dockerfiles | |
| run: | | |
| # Fetch default_branch (usually main) | |
| git fetch origin ${{ github.event.repository.default_branch }} | |
| # Get changed Dockerfiles, create JSON object for the builder | |
| DOCKERFILES=($(git diff --name-only origin/${{ github.event.repository.default_branch }} | grep -E '^.*/.*/Dockerfile$' | sort -u)) | |
| LIST=$( | |
| for d in "${DOCKERFILES[@]}"; do | |
| BASE=${d%/*} | |
| echo "{\"package\": \"${BASE%/*}\", \"major_tag\": \"${BASE##*/}\"}," | |
| done | |
| ) | |
| # Clip any trailing commas | |
| JSON=$(echo [$LIST] | sed 's/\(.*\),/\1/') | |
| # Send to output if non-empty | |
| echo "json=${JSON}" | |
| if [ "${#JSON}" -gt 4 ] | |
| then | |
| echo "json=${JSON}" >> $GITHUB_OUTPUT | |
| fi | |
| # https://github.com/bcgov-nr/action-builder-ghcr | |
| builds: | |
| name: Builds | |
| needs: [scrub] | |
| if: ${{ needs.scrub.outputs.json }} | |
| permissions: | |
| packages: write | |
| runs-on: ubuntu-22.04 | |
| strategy: | |
| matrix: | |
| include: ${{ fromJSON(needs.scrub.outputs.json) }} | |
| timeout-minutes: 10 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Get tag | |
| id: tag | |
| run: | | |
| TAG=$(grep '^FROM' ${{ matrix.package }}/${{ matrix.major_tag }}/Dockerfile | cut -d':' -f2) | |
| echo "full_tag=${TAG}" >> $GITHUB_OUTPUT | |
| - name: Build or import | |
| uses: bcgov-nr/[email protected] | |
| with: | |
| build_context: ${{ matrix.package }}/${{ matrix.major_tag }} | |
| package: ${{ matrix.package }} | |
| tag: ${{ steps.tag.outputs.full_tag }} | |
| pr-description-add: | |
| name: PR Description Add | |
| needs: [builds] | |
| if: always() && (! failure()) | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| pull-requests: write | |
| timeout-minutes: 1 | |
| steps: | |
| - uses: bcgov-nr/[email protected] | |
| with: | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| add_markdown: | | |
| --- | |
| Thanks for the PR! | |
| Any new images should be viewable with [our repo packages](https://github.com/orgs/bcgov/packages?repo_name=nr-containers). :) |