Skip to content

Bump actions/setup-python from 4 to 5 #455

Bump actions/setup-python from 4 to 5

Bump actions/setup-python from 4 to 5 #455

Workflow file for this run

name: "Build & push images"
concurrency:
group: bpi-${{ github.repository }}
on:
pull_request:
branches:
- master
push:
branches:
- master
env:
PYTHON_VERSION: 3.9
jobs:
gather:
name: Gather Info
runs-on: ubuntu-20.04
outputs:
directories: ${{ steps.set-directories.outputs.directories }}
steps:
- name: Check out repo
uses: actions/checkout@v4
with:
fetch-depth: 0
path: .
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: ${{ env.PYTHON_VERSION }}
- id: build-folder-patterns
name: Build Folder Patterns
uses: jannekem/run-python-script-action@v1
with:
script: |
with open("${{ github.workspace }}/build_folders.txt") as stream:
try:
build_folders = list(stream.read().splitlines())
build_folder_patterns = [folder + '/**' for folder in build_folders]
result = ' '.join(build_folder_patterns)
except Exception as ex:
raise ex
set_output('patterns', result)
print("Found the following folders to check for modifications...")
print(result)
- id: changed-files
name: Get changed directories
uses: tj-actions/[email protected]
with:
dir_names: true
files: ${{ steps.build-folder-patterns.outputs.patterns }}
files_separator: ' '
- id: set-directories
name: Set directories
uses: jannekem/run-python-script-action@v1
with:
script: |
import json
import re
added_dirs = "${{ steps.changed-files.outputs.added_files }}".split()
modified_dirs = "${{ steps.changed-files.outputs.modified_files }}".split()
dirs = added_dirs + modified_dirs
unique_dirs = [*set(dirs)]
regex = re.compile(r'.*/.*$')
filtered_dirs = [elem for elem in unique_dirs if not regex.match(elem)]
result = json.dumps(filtered_dirs)
set_output('directories', result)
print("Found the following added/modified directories...")
print(result)
deploy:
name: Deploy/check Image
runs-on: ubuntu-20.04
needs:
- gather
if: ${{ needs.gather.outputs.directories != '[]' }}
strategy:
fail-fast: false
matrix:
directory: ${{ fromJson(needs.gather.outputs.directories) }}
env:
IMAGE_BASENAME: "hub.opensciencegrid.org/slate/${{ matrix.directory }}"
LOCAL_IMAGE_TAG: "${{ matrix.directory }}:${{ github.sha }}"
steps:
- name: Check out repo
uses: actions/checkout@v4
with:
fetch-depth: 1
path: .
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: ${{ env.PYTHON_VERSION }}
- name: Build image
uses: docker/build-push-action@v5
with:
context: "./${{ matrix.directory }}"
file: "./${{ matrix.directory }}/Dockerfile"
push: false
load: true
tags: ${{ env.LOCAL_IMAGE_TAG }}
timeout-minutes: 30
- name: List loaded images
working-directory: .
run: docker image ls
- name: Lint with Dockle
uses: erzz/dockle-action@v1
with:
image: ${{ env.LOCAL_IMAGE_TAG }}
exit-code: 0
failure-threshold: FATAL
timeout: "10m"
- name: Scan with Trivy
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ env.LOCAL_IMAGE_TAG }}
format: 'table'
exit-code: '0'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'
continue-on-error: true
- id: inspect
name: Docker inspect
if: ${{ github.event_name != 'pull_request' }}
working-directory: .
run: |-
IMAGE_VERSION=$(docker inspect --format='{{ index .Config.Labels "org.opencontainers.image.version" }}' ${{ matrix.directory }}:${{ github.sha }})
echo "org.opencontainers.image.version: ${IMAGE_VERSION}"
IMAGE_TAGS=$(docker inspect --format='{{ index .Config.Labels "io.slateci.image.tags" }}' ${{ matrix.directory }}:${{ github.sha }})
echo "io.slateci.image.tags: ${IMAGE_TAGS}"
IMAGE_PROPOSED_TAGS="${IMAGE_VERSION} ${IMAGE_TAGS}"
echo "Proposed image tags: '${IMAGE_PROPOSED_TAGS}'"
echo "proposed-tags=${IMAGE_PROPOSED_TAGS}" >> $GITHUB_OUTPUT
- id: set-tags
name: Set tags
if: ${{ github.event_name != 'pull_request' }}
uses: jannekem/run-python-script-action@v1
with:
script: |
proposed_image_tags = "${{ steps.inspect.outputs.proposed-tags }}".split() + ['latest']
unique_tags = [*set(proposed_image_tags)]
full_tags = ["${{ env.IMAGE_BASENAME }}:" + tag for tag in unique_tags]
result = ','.join(full_tags)
set_output('final-tags', result)
print("Calculated the final image tags...")
print(result)
- name: Authenticate with OSG Harbor
if: ${{ github.event_name != 'pull_request' }}
uses: docker/login-action@v3
with:
registry: hub.opensciencegrid.org
username: "${{ secrets.OSG_HUB_USERNAME }}"
password: "${{ secrets.OSG_HUB_ACCESS_TOKEN }}"
- name: Build/push image
if: ${{ github.event_name != 'pull_request' }}
uses: docker/build-push-action@v5
with:
context: "./${{ matrix.directory }}"
file: "./${{ matrix.directory }}/Dockerfile"
push: true
tags: ${{ steps.set-tags.outputs.final-tags }}
timeout-minutes: 30
- name: Notify Slack of Failure
if: failure()
uses: slateci/github-actions/.github/actions/slack-notify-failure@v16
with:
slack_bot_token: '${{ secrets.SLACK_NOTIFICATIONS_BOT_TOKEN }}'