mirror of
https://github.com/planetmint/planetmint.git
synced 2025-03-30 15:08:31 +00:00
975921183c
* fixed audit * fixed tarantool installation Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com>
225 lines
6.7 KiB
YAML
225 lines
6.7 KiB
YAML
# Copyright © 2020 Interplanetary Database Association e.V.,
|
|
# Planetmint and IPDB software contributors.
|
|
# SPDX-License-Identifier: (Apache-2.0 AND CC-BY-4.0)
|
|
# Code is Apache-2.0 and docs are CC-BY-4.0
|
|
|
|
---
|
|
name: CI
|
|
on:
|
|
push:
|
|
branches:
|
|
- "*"
|
|
tags:
|
|
- "v*.*.*"
|
|
pull_request:
|
|
branches:
|
|
- "main"
|
|
|
|
permissions:
|
|
packages: write
|
|
contents: write
|
|
|
|
jobs:
|
|
lint:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
- uses: psf/black@stable
|
|
with:
|
|
options: "--check -l 119"
|
|
src: "."
|
|
|
|
audit:
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v3
|
|
|
|
- name: Setup python
|
|
uses: actions/setup-python@v4
|
|
with:
|
|
python-version: 3.9
|
|
|
|
- name: Setup poetry
|
|
uses: Gr1N/setup-poetry@v8
|
|
|
|
- name: Install dependencies
|
|
run: poetry install
|
|
|
|
- name: Create requirements.txt
|
|
run: poetry run pip freeze > requirements.txt
|
|
|
|
- name: Audit dependencies
|
|
run: |
|
|
poetry run pip-audit \
|
|
--ignore-vuln GHSA-8495-4g3g-x7pr \
|
|
--ignore-vuln PYSEC-2024-230 \
|
|
--ignore-vuln PYSEC-2024-225 \
|
|
--ignore-vuln GHSA-3ww4-gg4f-jr7f \
|
|
--ignore-vuln GHSA-9v9h-cgj8-h64p \
|
|
--ignore-vuln GHSA-h4gh-qq45-vh27 \
|
|
--ignore-vuln PYSEC-2023-62 \
|
|
--ignore-vuln PYSEC-2024-71 \
|
|
--ignore-vuln GHSA-84pr-m4jr-85g5 \
|
|
--ignore-vuln GHSA-w3h3-4rj7-4ph4 \
|
|
--ignore-vuln PYSEC-2024-60 \
|
|
--ignore-vuln GHSA-h5c8-rqwp-cp95 \
|
|
--ignore-vuln GHSA-h75v-3vvj-5mfj \
|
|
--ignore-vuln GHSA-q2x7-8rv6-6q7h \
|
|
--ignore-vuln GHSA-gmj6-6f8f-6699 \
|
|
--ignore-vuln PYSEC-2023-117 \
|
|
--ignore-vuln GHSA-m87m-mmvp-v9qm \
|
|
--ignore-vuln GHSA-9wx4-h78v-vm56 \
|
|
--ignore-vuln GHSA-34jh-p97f-mpxf \
|
|
--ignore-vuln PYSEC-2022-203 \
|
|
--ignore-vuln PYSEC-2023-58 \
|
|
--ignore-vuln PYSEC-2023-57 \
|
|
--ignore-vuln PYSEC-2023-221 \
|
|
--ignore-vuln GHSA-2g68-c3qc-8985 \
|
|
--ignore-vuln GHSA-f9vj-2wh5-fj8j \
|
|
--ignore-vuln GHSA-q34m-jh98-gwm2
|
|
|
|
test:
|
|
needs: lint
|
|
runs-on: ubuntu-latest
|
|
env:
|
|
PLANETMINT_DATABASE_BACKEND: tarantool_db
|
|
PLANETMINT_DATABASE_HOST: localhost
|
|
PLANETMINT_DATABASE_PORT: 3303
|
|
PLANETMINT_SERVER_BIND: 0.0.0.0:9984
|
|
PLANETMINT_WSSERVER_HOST: 0.0.0.0
|
|
PLANETMINT_WSSERVER_ADVERTISED_HOST: localhost
|
|
PLANETMINT_TENDERMINT_HOST: localhost
|
|
PLANETMINT_TENDERMINT_PORT: 26657
|
|
|
|
steps:
|
|
- name: Check out repository code
|
|
uses: actions/checkout@v3
|
|
|
|
- name: Setup python
|
|
uses: actions/setup-python@v4
|
|
with:
|
|
python-version: 3.9
|
|
|
|
- name: Prepare OS
|
|
run: sudo apt-get update && sudo apt-get install -y git zsh curl tarantool-common vim build-essential cmake
|
|
|
|
- name: Get Tendermint
|
|
run: wget https://github.com/tendermint/tendermint/releases/download/v0.34.24/tendermint_0.34.24_linux_amd64.tar.gz && tar zxf tendermint_0.34.24_linux_amd64.tar.gz
|
|
|
|
- name: Setup poetry
|
|
uses: Gr1N/setup-poetry@v8
|
|
|
|
- name: Install Planetmint
|
|
run: poetry install --with dev
|
|
|
|
- name: Execute Tests
|
|
run: make test
|
|
|
|
release:
|
|
needs: test
|
|
if: startsWith(github.ref, 'refs/tags/')
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: Check out repository code
|
|
uses: actions/checkout@v3
|
|
|
|
- name: Setup python
|
|
uses: actions/setup-python@v4
|
|
with:
|
|
python-version: 3.9
|
|
|
|
- name: Setup poetry
|
|
uses: Gr1N/setup-poetry@v8
|
|
|
|
- name: Install dependencies
|
|
run: poetry install --with dev
|
|
|
|
- name: Upload to PyPI
|
|
run: |
|
|
poetry build
|
|
poetry publish -u __token__ -p ${{ secrets.PYPI_TOKEN }}
|
|
|
|
- name: Upload to GitHub
|
|
uses: softprops/action-gh-release@v1
|
|
with:
|
|
files: dist/*
|
|
|
|
publish-docker:
|
|
needs: test
|
|
if: startsWith(github.ref, 'refs/tags/')
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
# Get the repository's code
|
|
- name: Checkout
|
|
uses: actions/checkout@v2
|
|
# https://github.com/docker/setup-qemu-action
|
|
- name: Set up QEMU
|
|
uses: docker/setup-qemu-action@v1
|
|
# https://github.com/docker/setup-buildx-action
|
|
- name: Set up Docker Buildx
|
|
id: buildx
|
|
uses: docker/setup-buildx-action@v1
|
|
- name: Login to GHCR
|
|
if: github.event_name != 'pull_request'
|
|
uses: docker/login-action@v1
|
|
with:
|
|
registry: ghcr.io
|
|
username: ${{ github.repository_owner }}
|
|
password: ${{ secrets.GH_PACKAGE_DEPLOYMENT }}
|
|
- name: Docker meta
|
|
id: semver # you'll use this in the next step
|
|
uses: docker/metadata-action@v3
|
|
with:
|
|
# list of Docker images to use as base name for tags
|
|
images: |
|
|
ghcr.io/planetmint/planetmint
|
|
# Docker tags based on the following events/attributes
|
|
tags: |
|
|
type=schedule
|
|
type=ref,event=branch
|
|
type=ref,event=pr
|
|
type=semver,pattern={{version}}
|
|
type=semver,pattern={{major}}.{{minor}}
|
|
type=semver,pattern={{major}}
|
|
type=sha
|
|
- name: Build and push
|
|
uses: docker/build-push-action@v2
|
|
with:
|
|
context: .
|
|
platforms: linux/amd64,linux/arm64
|
|
push: ${{ github.event_name != 'pull_request' }}
|
|
tags: ${{ steps.semver.outputs.tags }}
|
|
labels: ${{ steps.semver.outputs.labels }}
|
|
env:
|
|
CRYPTOGRAPHY_DONT_BUILD_RUST: 1
|
|
- name: Docker meta AIO
|
|
id: semver-aio # you'll use this in the next step
|
|
uses: docker/metadata-action@v3
|
|
with:
|
|
# list of Docker images to use as base name for tags
|
|
images: |
|
|
ghcr.io/planetmint/planetmint-aio
|
|
# Docker tags based on the following events/attributes
|
|
tags: |
|
|
type=schedule
|
|
type=ref,event=branch
|
|
type=ref,event=pr
|
|
type=semver,pattern={{version}}
|
|
type=semver,pattern={{major}}.{{minor}}
|
|
type=semver,pattern={{major}}
|
|
type=sha
|
|
- name: Build and push AIO
|
|
uses: docker/build-push-action@v2
|
|
with:
|
|
context: .
|
|
file: Dockerfile-all-in-one
|
|
platforms: linux/amd64,linux/arm64
|
|
push: ${{ github.event_name != 'pull_request' }}
|
|
tags: ${{ steps.semver-aio.outputs.tags }}
|
|
labels: ${{ steps.semver-aio.outputs.labels }}
|
|
env:
|
|
CRYPTOGRAPHY_DONT_BUILD_RUST: 1
|