Disable trivy image scan #939
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: ci | |
| on: | |
| push: | |
| branches: | |
| - master | |
| tags: | |
| - '**' | |
| pull_request: | |
| workflow_dispatch: | |
| env: | |
| IMAGE_NAME: maykinmedia/objects-api | |
| jobs: | |
| tests: | |
| name: Run the Django test suite | |
| runs-on: ubuntu-latest | |
| services: | |
| postgres: | |
| image: postgis/postgis:12-2.5 | |
| env: | |
| POSTGRES_HOST_AUTH_METHOD: trust | |
| ports: | |
| - 5432:5432 | |
| # needed because the postgres container does not provide a healthcheck | |
| options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.11' | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: '18' | |
| - name: Install system packages | |
| run: | | |
| sudo apt-get update \ | |
| && sudo apt-get install -y --no-install-recommends \ | |
| libgdal-dev \ | |
| gdal-bin | |
| - name: Install dependencies | |
| run: pip install -r requirements/ci.txt codecov | |
| - name: Build frontend | |
| run: | | |
| npm ci | |
| npm run build | |
| - name: Run tests | |
| run: | | |
| python src/manage.py collectstatic --noinput --link | |
| coverage run src/manage.py test src | |
| env: | |
| DJANGO_SETTINGS_MODULE: objects.conf.ci | |
| SECRET_KEY: dummy | |
| DB_USER: postgres | |
| DB_PASSWORD: '' | |
| - name: Publish coverage report | |
| uses: codecov/codecov-action@v3 | |
| docs: | |
| runs-on: ubuntu-latest | |
| name: Documentation build | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.11' | |
| cache: 'pip' | |
| cache-dependency-path: 'requirements/*.txt' | |
| - name: Install system packages | |
| run: | | |
| sudo apt-get update \ | |
| && sudo apt-get install -y --no-install-recommends \ | |
| libgdal-dev \ | |
| gdal-bin | |
| - name: Install dependencies | |
| run: pip install -r requirements/ci.txt pytest | |
| - name: Generate environment variable documentation using OAf and check if it was updated | |
| run: | | |
| bin/generate_envvar_docs.sh | |
| changes=$(git diff docs/installation/config.rst) | |
| if [ ! -z "$changes" ]; then | |
| echo $changes | |
| echo "Please update the environment documentation by running \`bin/generate_envvar_docs.sh\`" | |
| exit 1 | |
| fi | |
| env: | |
| DJANGO_SETTINGS_MODULE: objects.conf.ci | |
| docker: | |
| needs: tests | |
| name: Build (and push) Docker image | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set tag | |
| id: vars | |
| run: | | |
| # Strip git ref prefix from version | |
| VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,') | |
| # Strip "v" prefix from tag name (if present at all) | |
| [[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//') | |
| # Use Docker `latest` tag convention | |
| [ "$VERSION" == "master" ] && VERSION=latest | |
| echo ::set-output name=tag::${VERSION} | |
| - name: Build the Docker image | |
| env: | |
| RELEASE_VERSION: ${{ steps.vars.outputs.tag }} | |
| run: docker build . --tag $IMAGE_NAME:$RELEASE_VERSION | |
| - run: docker image save -o image.tar $IMAGE_NAME:${{ steps.vars.outputs.tag }} | |
| - name: Store image artifact | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: docker-image | |
| path: image.tar | |
| retention-days: 1 | |
| publish: | |
| needs: | |
| - tests | |
| - docker | |
| name: Push Docker image | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'push' # exclude PRs | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Download built image | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: docker-image | |
| - name: Determine tag | |
| id: vars | |
| run: | | |
| # Strip git ref prefix from version | |
| VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,') | |
| # Strip "v" prefix from tag name (if present at all) | |
| [[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//') | |
| # Use Docker `latest` tag convention | |
| [ "$VERSION" == "master" ] && VERSION=latest | |
| echo ::set-output name=tag::${VERSION} | |
| - name: Load image | |
| run: | | |
| docker image load -i image.tar | |
| - name: Log into registry | |
| run: echo "${{ secrets.DOCKER_TOKEN }}" | docker login -u ${{ secrets.DOCKER_USERNAME }} --password-stdin | |
| - name: Push the Docker image | |
| env: | |
| RELEASE_VERSION: ${{ steps.vars.outputs.tag }} | |
| run: docker push $IMAGE_NAME:$RELEASE_VERSION |