From 6d5d7a697dd8aee28e2598021054e54572791483 Mon Sep 17 00:00:00 2001 From: b32147 Date: Mon, 8 Apr 2024 12:06:48 +0000 Subject: [PATCH 1/6] fix(requirements): Updated Python requirements --- requirements.txt | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/requirements.txt b/requirements.txt index 09f8353..03d07a0 100644 --- a/requirements.txt +++ b/requirements.txt @@ -20,13 +20,13 @@ boto==2.49.0 \ --hash=sha256:147758d41ae7240dc989f0039f27da8ca0d53734be0eb869ef16e3adcfa462e8 \ --hash=sha256:ea0d3b40a2d852767be77ca343b58a9e3a4b00d9db440efb8da74b4e58025e5a # via -r requirements.in -boto3==1.34.69 \ - --hash=sha256:2e25ef6bd325217c2da329829478be063155897d8d3b29f31f7f23ab548519b1 \ - --hash=sha256:898a5fed26b1351352703421d1a8b886ef2a74be6c97d5ecc92432ae01fda203 +boto3==1.34.79 \ + --hash=sha256:139dd2d94eaa0e3213ff37ba7cf4cb2e3823269178fe8f3e33c965f680a9ddde \ + --hash=sha256:265b0b4865e8c07e27abb32a31d2bd9129bb009b1d89ca0783776ec084886123 # via -r requirements.in -botocore==1.34.69 \ - --hash=sha256:d1ab2bff3c2fd51719c2021d9fa2f30fbb9ed0a308f69e9a774ac92c8091380a \ - --hash=sha256:d3802d076d4d507bf506f9845a6970ce43adc3d819dd57c2791f5c19ed6e5950 +botocore==1.34.79 \ + --hash=sha256:6b59b0f7de219d383a2a633f6718c2600642ebcb707749dc6c67a6a436474b7a \ + --hash=sha256:a42a014d3dbaa9ef123810592af69f9e55b456c5be3ac9efc037325685519e83 # via # boto3 # s3transfer @@ -269,9 +269,9 @@ django-ipware==4.0.2 \ --hash=sha256:602a58325a4808bd19197fef2676a0b2da2df40d0ecf21be414b2ff48c72ad05 \ --hash=sha256:878dbb06a87e25550798e9ef3204ed70a200dd8b15e47dcef848cf08244f04c9 # via django-axes -django-picklefield==3.1 \ - --hash=sha256:c786cbeda78d6def2b43bff4840d19787809c8909f7ad683961703060398d356 \ - --hash=sha256:d77c504df7311e8ec14e8b779f10ca6fec74de6c7f8e2c136e1ef60cf955125d +django-picklefield==3.2 \ + --hash=sha256:aa463f5d79d497dbe789f14b45180f00a51d0d670067d0729f352a3941cdfa4d \ + --hash=sha256:e9a73539d110f69825d9320db18bcb82e5189ff48dbed41821c026a20497764c # via # -r requirements.in # django-q @@ -329,9 +329,9 @@ orderedmultidict==1.0.1 \ --hash=sha256:04070bbb5e87291cc9bfa51df413677faf2141c73c61d2a5f7b26bea3cd882ad \ --hash=sha256:43c839a17ee3cdd62234c47deca1a8508a3f2ca1d0678a3bf791c87cf84adbf3 # via furl -pycparser==2.21 \ - --hash=sha256:8ee45429555515e1f6b185e78100aea234072576aa43ab53aefcae078162fca9 \ - --hash=sha256:e644fdec12f7872f86c58ff790da456218b10f863970249516d60a5eaca77206 +pycparser==2.22 \ + --hash=sha256:491c8be9c040f5390f5bf44a5b07752bd07f56edf992381b05c701439eec10f6 \ + --hash=sha256:c3702b6d3dd8c7abc1afa565d7e63d53a1d0bd86cdc24edd75470f4de499cfcc # via cffi pyjwt==2.8.0 \ --hash=sha256:57e28d156e3d5c10088e0c68abb90bfac3df82b40a71bd0daa20c65ccd5c23de \ From e94bb7365031ac044b2ae657ea1fd738305b04ef Mon Sep 17 00:00:00 2001 From: Bryan Larson Date: Mon, 8 Apr 2024 23:58:44 -0600 Subject: [PATCH 2/6] develop(actions): Configured Actions to use shared workflows from 'hms-dbmi/actions' --- .github/workflows/requirements-update.yml | 56 ++------------------ .github/workflows/scan.yml | 62 +++-------------------- .github/workflows/test.yml | 46 ++++------------- 3 files changed, 22 insertions(+), 142 deletions(-) diff --git a/.github/workflows/requirements-update.yml b/.github/workflows/requirements-update.yml index 972c42d..27139c2 100644 --- a/.github/workflows/requirements-update.yml +++ b/.github/workflows/requirements-update.yml @@ -6,55 +6,7 @@ on: workflow_dispatch: jobs: - - stale: - runs-on: ubuntu-latest - steps: - - uses: actions/stale@v4 - with: - only-labels: dependencies,automated pr - stale-pr-message: 'This PR is stale because it has been open 7 days with no activity. Remove stale label or comment or this will be closed in 7 days.' - close-pr-message: 'This PR was closed because it has been stalled for 7 days with no activity.' - days-before-pr-stale: 7 - days-before-pr-close: 7 - delete-branch: true - - build: - runs-on: ubuntu-latest - - steps: - - name: Checkout - uses: actions/checkout@v2 - with: - ref: development - - - name: Setup python - uses: actions/setup-python@v2 - with: - python-version: '3.12' - - - name: Install dev Python packages - run: | - python -m pip install --upgrade pip - pip install -r dev-requirements.txt - - - name: Check for pip-tools upgrades - run: | - pip-compile --generate-hashes \ - --allow-unsafe \ - --upgrade \ - --output-file requirements.txt requirements.in - - - name: Create Pull Request - uses: peter-evans/create-pull-request@v3 - with: - token: ${{ secrets.GITHUB_TOKEN }} - base: development - branch: requirements-updates - branch-suffix: timestamp - delete-branch: true - commit-message: "fix(requirements): Updated Python requirements" - title: 'Python Requirements Updates' - body: > - This PR is auto-generated by Github Actions job [requirements-update]. - labels: dependencies, automated pr + scan: + uses: hms-dbmi/actions/.github/workflows/requirements-update.yml@main + secrets: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml index 821b6ef..92698ca 100644 --- a/.github/workflows/scan.yml +++ b/.github/workflows/scan.yml @@ -10,58 +10,12 @@ on: workflow_dispatch: jobs: - scan: - runs-on: ubuntu-latest - - steps: - - name: Checkout - uses: actions/checkout@v2 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 - - - name: Login to DockerHub - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKER_HUB_USERNAME }} - password: ${{ secrets.DOCKER_HUB_PASSWORD }} - - - name: Set image name - id: setimagename - run: | - echo "Image name: $GITHUB_REPOSITORY:$GITHUB_SHA" - echo "::set-output name=imagename::$GITHUB_REPOSITORY:$GITHUB_SHA" - - - name: Build the image - id: buildimage - uses: docker/build-push-action@v2 - with: - context: ./ - file: ./Dockerfile - push: false - tags: ${{ steps.setimagename.outputs.imagename }} - - - name: Check whether container scanning should be enabled - id: checkcontainerscanning - env: - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - run: | - echo "Enable container scanning: ${{ env.SNYK_TOKEN != '' }}" - echo "::set-output name=enabled::${{ env.SNYK_TOKEN != '' }}" - - - name: Run Snyk to check Docker image for vulnerabilities - uses: snyk/actions/docker@master - if: steps.checkcontainerscanning.outputs.enabled == 'true' - continue-on-error: true - env: - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - with: - image: ${{ steps.setimagename.outputs.imagename }} - args: --file=Dockerfile - - - name: Upload result to GitHub Code Scanning - uses: github/codeql-action/upload-sarif@v1 - if: steps.checkcontainerscanning.outputs.enabled == 'true' - with: - sarif_file: snyk.sarif + uses: hms-dbmi/actions/.github/workflows/scan.yml@main + secrets: + DOCKER_HUB_USERNAME: ${{ secrets.DOCKER_HUB_USERNAME }} + DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }} + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + with: + repository: ${{ github.repository }} + commit: ${{ github.sha }} diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 4319600..fb2c34c 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -1,44 +1,18 @@ -name: Test +name: Test Image Build on: push: branches: [ master, development ] pull_request: branches: [ master, development ] - paths: - - 'requirements.in' - - 'requirements.txt' - - 'Dockerfile' + workflow_dispatch: jobs: - - build: - runs-on: ubuntu-latest - - steps: - - name: Checkout - uses: actions/checkout@v2 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 - - - name: Login to DockerHub - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKER_HUB_USERNAME }} - password: ${{ secrets.DOCKER_HUB_PASSWORD }} - - - name: Set image name - id: setimagename - run: | - echo "Image name: $GITHUB_REPOSITORY:$GITHUB_SHA" - echo "::set-output name=imagename::$GITHUB_REPOSITORY:$GITHUB_SHA" - - - name: Build the image - id: buildimage - uses: docker/build-push-action@v2 - with: - context: ./ - file: ./Dockerfile - push: false - tags: ${{ steps.setimagename.outputs.imagename }} + test: + uses: hms-dbmi/actions/.github/workflows/test-image-build.yml@main + secrets: + DOCKER_HUB_USERNAME: ${{ secrets.DOCKER_HUB_USERNAME }} + DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }} + with: + repository: ${{ github.repository }} + commit: ${{ github.sha }} From ca94ae1aa0d37c4ca8f3565aa999b6240f71d2a6 Mon Sep 17 00:00:00 2001 From: b32147 Date: Mon, 15 Apr 2024 12:07:38 +0000 Subject: [PATCH 3/6] fix(requirements): Updated Python requirements --- requirements.txt | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/requirements.txt b/requirements.txt index 03d07a0..8247c19 100644 --- a/requirements.txt +++ b/requirements.txt @@ -20,13 +20,13 @@ boto==2.49.0 \ --hash=sha256:147758d41ae7240dc989f0039f27da8ca0d53734be0eb869ef16e3adcfa462e8 \ --hash=sha256:ea0d3b40a2d852767be77ca343b58a9e3a4b00d9db440efb8da74b4e58025e5a # via -r requirements.in -boto3==1.34.79 \ - --hash=sha256:139dd2d94eaa0e3213ff37ba7cf4cb2e3823269178fe8f3e33c965f680a9ddde \ - --hash=sha256:265b0b4865e8c07e27abb32a31d2bd9129bb009b1d89ca0783776ec084886123 +boto3==1.34.84 \ + --hash=sha256:7a02f44af32095946587d748ebeb39c3fa15b9d7275307ff612a6760ead47e04 \ + --hash=sha256:91e6343474173e9b82f603076856e1d5b7b68f44247bdd556250857a3f16b37b # via -r requirements.in -botocore==1.34.79 \ - --hash=sha256:6b59b0f7de219d383a2a633f6718c2600642ebcb707749dc6c67a6a436474b7a \ - --hash=sha256:a42a014d3dbaa9ef123810592af69f9e55b456c5be3ac9efc037325685519e83 +botocore==1.34.84 \ + --hash=sha256:a2b309bf5594f0eb6f63f355ade79ba575ce8bf672e52e91da1a7933caa245e6 \ + --hash=sha256:da1ae0a912e69e10daee2a34dafd6c6c106450d20b8623665feceb2d96c173eb # via # boto3 # s3transfer @@ -300,9 +300,9 @@ furl==2.1.3 \ --hash=sha256:5a6188fe2666c484a12159c18be97a1977a71d632ef5bb867ef15f54af39cc4e \ --hash=sha256:9ab425062c4217f9802508e45feb4a83e54324273ac4b202f1850363309666c0 # via django-dbmi-client -idna==3.6 \ - --hash=sha256:9ecdbbd083b06798ae1e86adcbfe8ab1479cf864e4ee30fe4e46a003d12491ca \ - --hash=sha256:c05567e9c24a6b9faaa835c4821bad0590fbb9d5779e7caa6e1cc4978e7eb24f +idna==3.7 \ + --hash=sha256:028ff3aadf0609c1fd278d8ea3089299412a7a8b9bd005dd08b9f8285bcb5cfc \ + --hash=sha256:82fee1fc78add43492d3a1898bfa6d8a904cc97d8427f683ed8e798d07761aa0 # via requests jmespath==1.0.1 \ --hash=sha256:02e2e4cc71b5bcab88332eebf907519190dd9e6e82107fa7f83b1003a6252980 \ @@ -429,9 +429,9 @@ six==1.16.0 \ # furl # orderedmultidict # python-dateutil -sqlparse==0.4.4 \ - --hash=sha256:5430a4fe2ac7d0f93e66f1efc6e1338a41884b7ddf2a350cedd20ccc4d9d28f3 \ - --hash=sha256:d446183e84b8349fa3061f0fe7f06ca94ba65b426946ffebe6e3e8295332420c +sqlparse==0.5.0 \ + --hash=sha256:714d0a4932c059d16189f58ef5411ec2287a4360f17cdd0edd2d09d4c5087c93 \ + --hash=sha256:c204494cd97479d0e39f28c93d46c0b2d5959c7b9ab904762ea6c7af211c8663 # via django types-python-dateutil==2.9.0.20240316 \ --hash=sha256:5d2f2e240b86905e40944dd787db6da9263f0deabef1076ddaed797351ec0202 \ @@ -449,7 +449,7 @@ wcwidth==0.2.13 \ # via blessed # The following packages are considered to be unsafe in a requirements file: -setuptools==69.2.0 \ - --hash=sha256:0ff4183f8f42cd8fa3acea16c45205521a4ef28f73c6391d8a25e92893134f2e \ - --hash=sha256:c21c49fb1042386df081cb5d86759792ab89efca84cf114889191cd09aacc80c +setuptools==69.5.1 \ + --hash=sha256:6c1fccdac05a97e598fb0ae3bbed5904ccb317337a51139dcd51453611bbb987 \ + --hash=sha256:c636ac361bc47580504644275c9ad802c50415c7522212252c033bd15f301f32 # via django-axes From 002baccba7cd3765a303f0478a809edac093a8da Mon Sep 17 00:00:00 2001 From: Bryan Larson Date: Tue, 16 Apr 2024 10:49:18 -0600 Subject: [PATCH 4/6] develop(actions): Configured Actions to use Organization secrets --- .github/workflows/scan.yml | 6 +++--- .github/workflows/test.yml | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml index 92698ca..4ff0f94 100644 --- a/.github/workflows/scan.yml +++ b/.github/workflows/scan.yml @@ -13,9 +13,9 @@ jobs: scan: uses: hms-dbmi/actions/.github/workflows/scan.yml@main secrets: - DOCKER_HUB_USERNAME: ${{ secrets.DOCKER_HUB_USERNAME }} - DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }} - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + DOCKER_HUB_USERNAME: ${{ secrets.BLHMSDBMI_DOCKERHUB_USERNAME }} + DOCKER_HUB_PASSWORD: ${{ secrets.BLHMSDBMI_DOCKERHUB_PASSWORD }} + SNYK_TOKEN: ${{ secrets.BLHMSDBMI_SNYK_TOKEN }} with: repository: ${{ github.repository }} commit: ${{ github.sha }} diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index fb2c34c..e064c32 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -11,8 +11,8 @@ jobs: test: uses: hms-dbmi/actions/.github/workflows/test-image-build.yml@main secrets: - DOCKER_HUB_USERNAME: ${{ secrets.DOCKER_HUB_USERNAME }} - DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }} + DOCKER_HUB_USERNAME: ${{ secrets.BLHMSDBMI_DOCKERHUB_USERNAME }} + DOCKER_HUB_PASSWORD: ${{ secrets.BLHMSDBMI_DOCKERHUB_PASSWORD }} with: repository: ${{ github.repository }} commit: ${{ github.sha }} From 7384550166e66d6ce528ae77152a8630758f3688 Mon Sep 17 00:00:00 2001 From: Bryan Larson Date: Tue, 16 Apr 2024 11:54:39 -0600 Subject: [PATCH 5/6] develop(actions): Removed Snyk token secret --- .github/workflows/scan.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml index 4ff0f94..a5e5cf3 100644 --- a/.github/workflows/scan.yml +++ b/.github/workflows/scan.yml @@ -15,7 +15,6 @@ jobs: secrets: DOCKER_HUB_USERNAME: ${{ secrets.BLHMSDBMI_DOCKERHUB_USERNAME }} DOCKER_HUB_PASSWORD: ${{ secrets.BLHMSDBMI_DOCKERHUB_PASSWORD }} - SNYK_TOKEN: ${{ secrets.BLHMSDBMI_SNYK_TOKEN }} with: repository: ${{ github.repository }} commit: ${{ github.sha }} From c55c176d42f06c984484da950487e6534aa0ba69 Mon Sep 17 00:00:00 2001 From: b32147 Date: Mon, 22 Apr 2024 12:07:36 +0000 Subject: [PATCH 6/6] fix(requirements): Updated Python requirements --- requirements.txt | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/requirements.txt b/requirements.txt index 8247c19..c80bb5a 100644 --- a/requirements.txt +++ b/requirements.txt @@ -20,13 +20,13 @@ boto==2.49.0 \ --hash=sha256:147758d41ae7240dc989f0039f27da8ca0d53734be0eb869ef16e3adcfa462e8 \ --hash=sha256:ea0d3b40a2d852767be77ca343b58a9e3a4b00d9db440efb8da74b4e58025e5a # via -r requirements.in -boto3==1.34.84 \ - --hash=sha256:7a02f44af32095946587d748ebeb39c3fa15b9d7275307ff612a6760ead47e04 \ - --hash=sha256:91e6343474173e9b82f603076856e1d5b7b68f44247bdd556250857a3f16b37b +boto3==1.34.88 \ + --hash=sha256:168894499578a9d69d6f7deb5811952bf4171c51b95749a9aef32cf67bc71f87 \ + --hash=sha256:1bd4cef11b7c5f293cede50f3d33ca89fe3413c51f1864f40163c56a732dd6b3 # via -r requirements.in -botocore==1.34.84 \ - --hash=sha256:a2b309bf5594f0eb6f63f355ade79ba575ce8bf672e52e91da1a7933caa245e6 \ - --hash=sha256:da1ae0a912e69e10daee2a34dafd6c6c106450d20b8623665feceb2d96c173eb +botocore==1.34.88 \ + --hash=sha256:36f2e9e8dfa856e55dbbe703aea601f134db3fddc3615f1020a755b27fd26a5e \ + --hash=sha256:e87a660599ed3e14b2a770f4efc3df2f2f6d04f3c7bfd64ddbae186667864a7b # via # boto3 # s3transfer