Bump semgrep from 0.91.0 to 1.95.0 in /dependencies/python #2503
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
############################################# | |
############################################# | |
## Deploy Docker Image test and Production ## | |
############################################# | |
############################################# | |
# | |
# Documentation: | |
# https://help.github.com/en/articles/workflow-syntax-for-github-actions | |
# | |
name: Deploy Production | |
########################################### | |
# Start the job on all push or PR to main # | |
########################################### | |
on: | |
pull_request: | |
push: | |
############### | |
# Set the Job # | |
############### | |
jobs: | |
build: | |
# Name the Job | |
name: Deploy Docker Image - DEV | |
# Set the agent to run on | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
images: | |
- container-build-target: final_slim | |
container-image-id-prefix: slim- | |
deployment-environment-identifier: Production-SLIM | |
image-id: slim | |
- container-build-target: final_standard | |
container-image-id-prefix: "" | |
deployment-environment-identifier: Production | |
image-id: standard | |
timeout-minutes: 60 | |
############### | |
# Steps below # | |
############### | |
steps: | |
############################ | |
# Checkout the source code # | |
############################ | |
- name: Checkout Code | |
uses: actions/checkout@v3 | |
with: | |
# Full git history is needed to get a proper list | |
# of changed files within `super-linter` | |
fetch-depth: 0 | |
########################### | |
# Set current date to ENV # | |
########################### | |
- name: Get current date | |
run: | | |
echo "Appending the build date contents to GITHUB_ENV..." | |
echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> "${GITHUB_ENV}" | |
####################### | |
# Setup Docker BuildX # | |
####################### | |
- name: Setup BuildX | |
uses: docker/[email protected] | |
####################################### | |
# Build local docker images for tests # | |
####################################### | |
- name: Build Docker image - ${{ matrix.images.image-id }} | |
if: ${{ github.repository == 'github/super-linter' && github.ref != 'refs/heads/main' }} | |
uses: docker/[email protected] | |
with: | |
context: . | |
file: ./Dockerfile | |
build-args: | | |
BUILD_DATE=${{ env.BUILD_DATE }} | |
BUILD_REVISION=${{ github.sha }} | |
BUILD_VERSION=${{ github.sha }} | |
load: true | |
push: false | |
tags: | | |
ghcr.io/github/super-linter:${{ matrix.images.container-image-id-prefix }}${{ github.sha }} | |
ghcr.io/github/super-linter:${{ matrix.images.container-image-id-prefix }}test | |
target: "${{ matrix.images.container-build-target }}" | |
################################ | |
# Run local docker labels test # | |
################################ | |
- name: Run Docker label test cases | |
if: ${{ github.repository == 'github/super-linter' && github.ref != 'refs/heads/main' }} | |
shell: bash | |
run: .automation/validate-docker-labels.sh "${{ matrix.images.image-id }}" | |
####################################### | |
# Edit the action.yml for local tests # | |
####################################### | |
- name: Edit an action.yml file for test local build | |
if: ${{ github.repository == 'github/super-linter' && github.ref != 'refs/heads/main' }} | |
run: | | |
sed -i "s/super-linter:.*/super-linter:${{ matrix.images.container-image-id-prefix }}${GITHUB_SHA}'/g" action.yml | |
###################### | |
# Gather information # | |
###################### | |
- name: Gather information about the runtime environment | |
if: ${{ github.repository == 'github/super-linter' && github.ref != 'refs/heads/main' }} | |
shell: bash | |
run: | | |
make info | |
############################################################ | |
# Test the built image in the actions context. # | |
# Not the container directly, and not using RUN_LOCAL=true # | |
############################################################ | |
- name: Test the local action | |
if: ${{ github.repository == 'github/super-linter' && github.ref != 'refs/heads/main' }} | |
uses: ./ | |
env: | |
ACTIONS_RUNNER_DEBUG: true | |
ERROR_ON_MISSING_EXEC_BIT: true | |
VALIDATE_ALL_CODEBASE: false | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
DEFAULT_BRANCH: main | |
############################################################### | |
# Fix file and dir ownership. # | |
# Workaround for https://github.com/actions/runner/issues/434 # | |
############################################################### | |
- name: Fix file and directory ownership | |
if: ${{ github.repository == 'github/super-linter' && github.ref != 'refs/heads/main' }} | |
shell: bash | |
run: | | |
sudo chown -R "$(id -u)":"$(id -g)" "$(pwd)" | |
######################## | |
# Run local make tests # | |
######################## | |
- name: Run the test suite | |
if: ${{ github.repository == 'github/super-linter' && github.ref != 'refs/heads/main' }} | |
shell: bash | |
run: | | |
make IMAGE=${{ matrix.images.image-id }} test | |
########################## | |
# Codacy Coverage Report # | |
########################## | |
- name: Upload the code coverage report | |
if: ${{ github.repository == 'github/super-linter' && github.ref != 'refs/heads/main' }} | |
uses: codacy/[email protected] | |
# Sometimes this fails when user does not have permissions to secrets | |
continue-on-error: true | |
with: | |
project-token: ${{ secrets.CODACY_PROJECT_TOKEN }} | |
coverage-reports: test/reports/cobertura/runTests.sh/cobertura.xml | |
##################################### | |
# Run Linter against Test code base # | |
##################################### | |
- name: Run Test Cases - ${{ matrix.images.image-id }} | |
if: ${{ github.repository == 'github/super-linter' && github.ref != 'refs/heads/main' }} | |
shell: bash | |
run: | | |
docker run \ | |
-e RUN_LOCAL=true \ | |
-e TEST_CASE_RUN=true \ | |
-e ANSIBLE_DIRECTORY=.automation/test/ansible \ | |
-e ACTIONS_RUNNER_DEBUG=true \ | |
-e ERROR_ON_MISSING_EXEC_BIT=true \ | |
-v "${GITHUB_WORKSPACE}:/tmp/lint" \ | |
"ghcr.io/github/super-linter:${{ matrix.images.container-image-id-prefix }}${GITHUB_SHA}" | |
######################################### | |
# Clean code base to run against it all # | |
######################################### | |
- name: Clean Test code base for additional testing | |
if: ${{ github.repository == 'github/super-linter' && github.ref != 'refs/heads/main' }} | |
shell: bash | |
run: .automation/clean-code-base-for-tests.sh | |
############################################ | |
# Run Linter against ALL cleaned code base # | |
############################################ | |
- name: Run against all code base - ${{ matrix.images.image-id }} | |
if: ${{ github.repository == 'github/super-linter' && github.ref != 'refs/heads/main' }} | |
shell: bash | |
run: | | |
docker run \ | |
-e RUN_LOCAL=true \ | |
-e OUTPUT_DETAILS=detailed \ | |
-e ACTIONS_RUNNER_DEBUG=true \ | |
-e ERROR_ON_MISSING_EXEC_BIT=true \ | |
-v "${GITHUB_WORKSPACE}:/tmp/lint" \ | |
"ghcr.io/github/super-linter:${{ matrix.images.container-image-id-prefix }}${GITHUB_SHA}" | |
############################################################# | |
############################################################# | |
## The following steps are only run if the PR is merges ## | |
## into the 'main' branch and push the image to registries ## | |
############################################################# | |
############################################################# | |
###################### | |
# Login to DockerHub # | |
###################### | |
- name: Login to DockerHub | |
if: ${{ github.repository == 'github/super-linter' && github.ref == 'refs/heads/main' }} | |
uses: docker/[email protected] | |
with: | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
#################### | |
# Login to GHCR.io # | |
#################### | |
- name: Login to GitHub Container Registry | |
if: ${{ github.repository == 'github/super-linter' && github.ref == 'refs/heads/main' }} | |
uses: docker/[email protected] | |
with: | |
registry: ghcr.io | |
username: ${{ secrets.GCR_USERNAME }} | |
password: ${{ secrets.GCR_TOKEN }} | |
######################### | |
# Update deployment API # | |
######################### | |
- name: Start deployment | |
if: ${{ github.repository == 'github/super-linter' && github.ref == 'refs/heads/main' }} | |
uses: bobheadxi/[email protected] | |
id: deployment | |
with: | |
step: start | |
token: ${{ secrets.GITHUB_TOKEN }} | |
env: ${{ matrix.images.deployment-environment-identifier }} | |
###################################### | |
# Build the docker image and push it # | |
###################################### | |
- name: Build Docker image - ${{ matrix.images.image-id }} | |
if: ${{ github.repository == 'github/super-linter' && github.ref == 'refs/heads/main' }} | |
uses: docker/[email protected] | |
with: | |
context: . | |
file: ./Dockerfile | |
build-args: | | |
BUILD_DATE=${{ env.BUILD_DATE }} | |
BUILD_REVISION=${{ github.sha }} | |
BUILD_VERSION=${{ github.sha }} | |
load: false | |
push: true | |
tags: | | |
github/super-linter:${{ matrix.images.container-image-id-prefix }}latest | |
ghcr.io/github/super-linter:${{ matrix.images.container-image-id-prefix }}latest | |
target: "${{ matrix.images.container-build-target }}" | |
####################################################### | |
# Create a GitHub Issue with the info from this build # | |
####################################################### | |
- name: Create GitHub Issue for failure | |
if: ${{ github.repository == 'github/super-linter' && github.ref == 'refs/heads/main' && failure() }} | |
uses: actions/github-script@v6 | |
id: create-issue | |
with: | |
# https://octokit.github.io/rest.js/v18#issues-create | |
github-token: ${{secrets.GITHUB_TOKEN}} | |
script: | | |
const create = await github.rest.issues.create({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
title: "Failed to deploy to production", | |
body: "Automation has failed us!\nMore information can be found at:\n - ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" | |
}) | |
console.log('create', create) | |
return create.data.number | |
#################################### | |
# Deploy was failure, alert admins # | |
#################################### | |
- name: Assign Admins on failure | |
uses: actions/github-script@v6 | |
if: ${{ github.repository == 'github/super-linter' && github.ref == 'refs/heads/main' && failure() }} | |
with: | |
# https://octokit.github.io/rest.js/v18#issues-create | |
github-token: ${{secrets.GITHUB_TOKEN}} | |
script: | | |
github.rest.issues.addAssignees({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
issue_number: "${{ steps.create-issue.outputs.result }}", | |
assignees: [ | |
'admiralawkbar', | |
'jwiebalk', | |
'IAmHughes', | |
'nemchik', | |
'Hanse00', | |
'GaboFDC', | |
'ferrarimarco' | |
] | |
}) | |
######################### | |
# Update Deployment API # | |
######################### | |
- name: Update deployment status | |
if: ${{ github.repository == 'github/super-linter' && github.ref == 'refs/heads/main' }} | |
uses: bobheadxi/[email protected] | |
with: | |
step: finish | |
token: ${{ secrets.GITHUB_TOKEN }} | |
status: ${{ job.status }} | |
deployment_id: ${{ steps.deployment.outputs.deployment_id }} | |
env: ${{ steps.deployment.outputs.env }} | |
env_url: https://github.com/github/super-linter |