Mirroristas/planetmint
2
0
Fork 0
mirror of https://github.com/planetmint/planetmint.git synced 2025-03-30 15:08:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

286 pull access denied attempting to download planetmint docker image (#307)

Browse Source 
* simplified CI workflows
* added docker image publishing on gh
* added arm buildxy
* added CI changes
* adjusted CI workflow
* fixed some vulnerability by upgrading dependencies


* changed Dockerfile-dev to be the default

Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com>
This commit is contained in:
Jürgen Eckel 2023-01-31 09:55:19 +01:00 committed by GitHub
parent 599f64f68c
commit 9a74a9c987
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 202 additions and 111 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

170
.github/workflows/CI.yml vendored Normal file
View File

@ -0,0 +1,170 @@
# Copyright © 2020 Interplanetary Database Association e.V.,
# Planetmint and IPDB software contributors.
# SPDX-License-Identifier: (Apache-2.0 AND CC-BY-4.0)
# Code is Apache-2.0 and docs are CC-BY-4.0
---
name: CI
on:
push:
branches:
- "*"
tags:
- "v*.*.*"
pull_request:
branches:
- "main"
permissions:
packages: write
jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: psf/black@stable
with:
options: "--check -l 119"
src: "."
audit:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Setup python
uses: actions/setup-python@v4
with:
python-version: 3.9
- name: Install pip-audit
run: pip install --upgrade pip pip-audit
- name: Install dependencies
run: pip install .
- name: Create requirements.txt
run: pip freeze > requirements.txt
- name: Audit dependencies
run: pip-audit --ignore-vuln PYSEC-2022-42969 --ignore-vuln PYSEC-2022-203 --ignore-vuln GHSA-r9hx-vwmv-q579
test:
needs: lint
runs-on: ubuntu-latest
env:
PLANETMINT_DATABASE_BACKEND: tarantool_db
PLANETMINT_DATABASE_HOST: localhost
PLANETMINT_DATABASE_PORT: 3303
PLANETMINT_SERVER_BIND: 0.0.0.0:9984
PLANETMINT_WSSERVER_HOST: 0.0.0.0
PLANETMINT_WSSERVER_ADVERTISED_HOST: localhost
PLANETMINT_TENDERMINT_HOST: localhost
PLANETMINT_TENDERMINT_PORT: 26657
steps:
- name: Check out repository code
uses: actions/checkout@v3
- name: Setup python
uses: actions/setup-python@v4
with:
python-version: 3.9
- name: Prepare OS
run: sudo apt-get update && sudo apt-get install -y git zsh curl tarantool-common vim build-essential cmake
- name: Get Tendermint
run: wget https://github.com/tendermint/tendermint/releases/download/v0.34.15/tendermint_0.34.15_linux_amd64.tar.gz && tar zxf tendermint_0.34.15_linux_amd64.tar.gz
- name: Install Planetmint
run: pip install -e '.[dev]'
- name: Execute Tests
run: make test
release:
needs: test
if: startsWith(github.ref, 'refs/tags/')
runs-on: ubuntu-latest
steps:
- name: Check out repository code
uses: actions/checkout@v3
- name: Setup python
uses: actions/setup-python@v4
with:
python-version: 3.9
- name: Setup poetry
uses: Gr1N/setup-poetry@v7
- name: Install dependencies
run: pip install -e '.[dev]' && pip install wheel && python setup.py bdist_wheel sdist
- name: Upload to PyPI
run: |
twine check dist/*
twine upload dist/*
env:
TWINE_USERNAME: __token__
TWINE_PASSWORD: ${{ secrets.PYPI_TOKEN }}
- name: Upload to GitHub
uses: softprops/action-gh-release@v1
with:
files: dist/*
publish-docker:
needs: release
if: startsWith(github.ref, 'refs/tags/')
runs-on: ubuntu-latest
steps:
# Get the repository's code
- name: Checkout
uses: actions/checkout@v2
# https://github.com/docker/setup-qemu-action
- name: Set up QEMU
uses: docker/setup-qemu-action@v1
# https://github.com/docker/setup-buildx-action
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v1
- name: Login to GHCR
if: github.event_name != 'pull_request'
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GH_PACKAGE_DEPLOYMENT }}
- name: Docker meta
id: semver # you'll use this in the next step
uses: docker/metadata-action@v3
with:
# list of Docker images to use as base name for tags
images: |
ghcr.io/planetmint/planetmint
# Docker tags based on the following events/attributes
tags: |
type=schedule
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
type=sha
- name: Build and push
uses: docker/build-push-action@v2
with:
context: .
platforms: linux/amd64,linux/arm64
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.semver.outputs.tags }}
labels: ${{ steps.semver.outputs.labels }}
env:
CRYPTOGRAPHY_DONT_BUILD_RUST: 1

4
.github/workflows/audit.yml vendored
View File

@ -31,6 +31,4 @@ jobs:
run: pip freeze > requirements.txt
- name: Audit dependencies
run: pip-audit
run: pip-audit --ignore-vuln PYSEC-2022-42969 --ignore-vuln PYSEC-2022-203 --ignore-vuln GHSA-r9hx-vwmv-q579

17
.github/workflows/lint.yml vendored
View File

@ -1,17 +0,0 @@
# Copyright © 2020 Interplanetary Database Association e.V.,
# Planetmint and IPDB software contributors.
# SPDX-License-Identifier: (Apache-2.0 AND CC-BY-4.0)
# Code is Apache-2.0 and docs are CC-BY-4.0
name: Lint
on: [push, pull_request]
jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: psf/black@stable
with:
options: "--check -l 119"
src: "."

30
.github/workflows/tag-release.yml vendored
View File

@ -1,30 +0,0 @@
name: Deploy packages
on:
push:
tags:
- '*'
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Check out repository code
uses: actions/checkout@v3
- name: Setup python
uses: actions/setup-python@v4
with:
python-version: 3.9
- name: Install dependencies
run: pip install -e '.[dev]' && pip install wheel && python setup.py bdist_wheel sdist
- name: Upload to TestPyPI
run: |
twine check dist/*
twine upload dist/*
env:
TWINE_USERNAME: __token__
TWINE_PASSWORD: ${{ secrets.PYPI_TOKEN }}

42
.github/workflows/unit-tests.yml vendored
View File

@ -1,42 +0,0 @@
# Copyright © 2020 Interplanetary Database Association e.V.,
# Planetmint and IPDB software contributors.
# SPDX-License-Identifier: (Apache-2.0 AND CC-BY-4.0)
# Code is Apache-2.0 and docs are CC-BY-4.0
name: Unit tests
on: [push, pull_request]
jobs:
unified-unit-tests:
runs-on: ubuntu-latest
env:
PLANETMINT_DATABASE_BACKEND: tarantool_db
PLANETMINT_DATABASE_HOST: localhost
PLANETMINT_DATABASE_PORT: 3303
PLANETMINT_SERVER_BIND: 0.0.0.0:9984
PLANETMINT_WSSERVER_HOST: 0.0.0.0
PLANETMINT_WSSERVER_ADVERTISED_HOST: localhost
PLANETMINT_TENDERMINT_HOST: localhost
PLANETMINT_TENDERMINT_PORT: 26657
steps:
- name: Check out repository code
uses: actions/checkout@v3
- name: Setup python
uses: actions/setup-python@v4
with:
python-version: 3.9
- name: Prepare OS
run: sudo apt-get update && sudo apt-get install -y git zsh curl tarantool-common vim build-essential cmake
- name: Get Tendermint
run: wget https://github.com/tendermint/tendermint/releases/download/v0.34.15/tendermint_0.34.15_linux_amd64.tar.gz && tar zxf tendermint_0.34.15_linux_amd64.tar.gz
- name: Install Planetmint
run: pip install -e '.[dev]'
- name: Execute Tests
run: make test

40
Dockerfile
View File

@ -1,24 +1,36 @@
FROM python:3.9
ARG python_version=3.9
FROM python:${python_version}-slim
LABEL maintainer "contact@ipdb.global"
RUN mkdir -p /usr/src/app
COPY . /usr/src/app/
WORKDIR /usr/src/app
RUN apt-get -qq update \
&& apt-get -y upgrade \
&& apt-get install -y jq vim zsh build-essential cmake\
&& pip install . \
RUN apt-get update \
&& apt-get install -y git zsh curl\
&& apt-get install -y tarantool-common\
&& apt-get install -y vim build-essential cmake\
&& pip install -U pip \
&& apt-get autoremove \
&& apt-get clean
ARG backend
ARG abci_status
VOLUME ["/data", "/certs"]
# When developing with Python in a docker container, we are using PYTHONBUFFERED
# to force stdin, stdout and stderr to be totally unbuffered and to capture logs/outputs
ENV PYTHONUNBUFFERED 0
ENV PLANETMINT_CONFIG_PATH /data/.planetmint
ENV PLANETMINT_DATABASE_PORT 3303
ENV PLANETMINT_DATABASE_BACKEND $backend
ENV PLANETMINT_SERVER_BIND 0.0.0.0:9984
ENV PLANETMINT_WSSERVER_HOST 0.0.0.0
ENV PLANETMINT_WSSERVER_SCHEME ws
ENV PLANETMINT_WSSERVER_ADVERTISED_HOST 0.0.0.0
ENV PLANETMINT_WSSERVER_ADVERTISED_SCHEME ws
ENV PLANETMINT_WSSERVER_ADVERTISED_PORT 9985
ENTRYPOINT ["planetmint"]
CMD ["start"]
ENV PLANETMINT_TENDERMINT_PORT 26657
ENV PLANETMINT_CI_ABCI ${abci_status}
RUN mkdir -p /usr/src/app
COPY . /usr/src/app/
WORKDIR /usr/src/app
RUN pip install -e .[dev]
RUN pip install flask-cors

6
docker-compose.yml
View File

@ -32,7 +32,7 @@ services:
- tarantool
build:
context: .
dockerfile: Dockerfile-dev
dockerfile: Dockerfile
volumes:
- ./planetmint:/usr/src/app/planetmint
- ./tests:/usr/src/app/tests
@ -60,7 +60,7 @@ services:
interval: 3s
timeout: 5s
retries: 5
command: 'scripts/entrypoint.sh'
command: 'planetmint -l DEBUG start'
restart: always
tendermint:
@ -94,7 +94,7 @@ services:
- vdocs
build:
context: .
dockerfile: Dockerfile-dev
dockerfile: Dockerfile
args:
backend: tarantool
volumes:

4
setup.py
View File

@ -47,7 +47,7 @@ docs_require = [
"aafigure==0.6",
"alabaster==0.7.12",
"Babel==2.10.1",
"certifi==2021.10.8",
"certifi==2022.12.7",
"charset-normalizer==2.0.12",
"commonmark==0.9.1",
"docutils==0.17.1",
@ -125,7 +125,7 @@ install_requires = [
"setproctitle==1.2.2",
"werkzeug==2.0.3",
"nest-asyncio==1.5.5",
"protobuf==3.20.1",
"protobuf==3.20.2",
"planetmint-ipld>=0.0.3",
"pyasn1>=0.4.8",
"python-decouple",