Upgrade dompurify to fix CVE-2024-45801 #121
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
# Modifications Copyright (c) 2023 Ctrl IQ, Inc. | |
name: Build/Push Development Images | |
env: | |
LC_ALL: "C.UTF-8" # prevent ERROR: Ansible could not initialize the preferred locale: unsupported locale setting | |
on: | |
workflow_dispatch: | |
push: | |
branches: | |
- devel | |
- jc_devel | |
# - release_* | |
# - feature_* | |
jobs: | |
push-development-images: | |
runs-on: ubuntu-latest | |
timeout-minutes: 120 | |
permissions: | |
packages: write | |
contents: read | |
strategy: | |
fail-fast: false | |
matrix: | |
build-targets: | |
- image-name: awx_devel | |
make-target: docker-compose-buildx | |
# - image-name: awx_kube_devel | |
# make-target: awx-kube-dev-buildx | |
# - image-name: awx | |
# make-target: awx-kube-buildx | |
steps: | |
- name: Skipping build of awx image for non-awx repository | |
run: | | |
echo "Skipping build of awx image for non-awx repository" | |
exit 0 | |
if: matrix.build-targets.image-name == 'awx' && !endsWith(github.repository, '/ascender') | |
- name: Checkout ascender | |
uses: actions/checkout@v3 | |
with: | |
path: ascender | |
ref: devel | |
- name: Get python version from Makefile | |
run: echo py_version=`make PYTHON_VERSION` >> $GITHUB_ENV | |
- name: Install python ${{ env.py_version }} | |
uses: actions/setup-python@v4 | |
with: | |
python-version: ${{ env.py_version }} | |
# Downgrade requests to fix https://github.com/docker/docker-py/issues/3256 | |
- name: Install playbook dependencies | |
run: | | |
python3 -m pip install docker==6.1.3 requests==2.31.0 --force-reinstall | |
- name: Build Ascender Devel Image | |
working-directory: ascender | |
run: | | |
ansible-playbook -v tools/ansible/build.yml \ | |
-e registry=ghcr.io \ | |
-e registry_username=${{ github.actor }} \ | |
-e registry_password=${{ secrets.GITHUB_TOKEN }} \ | |
-e awx_image=${{ github.repository }}_devel \ | |
-e awx_version=24 \ | |
-e ansible_python_interpreter=$(which python3) \ | |
-e push=yes \ | |
-e awx_official=no |