Skip to content

Bump html-sanitizer from 2.4.1 to 2.4.2 #440

Bump html-sanitizer from 2.4.1 to 2.4.2

Bump html-sanitizer from 2.4.1 to 2.4.2 #440

Workflow file for this run

name: Docker Build
on: [push]
concurrency:
group: build-${{ github.ref_name }}-${{ github.event_name }}
cancel-in-progress: true
jobs:
build:
name: Docker build
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
outputs:
baseimage-changed: ${{ steps.changes.outputs.baseimage }}
baseimage: ${{ steps.baseimage.outputs.tag }}
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
# See comment here: https://github.com/actions/runner-images/issues/1187#issuecomment-686735760
- name: Disable network offload
run: sudo ethtool -K eth0 tx off rx off
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
# If the base image build was changed, we build it first, so we can test
# using these changes throughout the rest of the build. If the base image
# build wasn't changed, we don't use it and just rely on scheduled build.
- name: Check if base image was changed by this branch
uses: dorny/paths-filter@v3
id: changes
with:
filters: |
baseimage:
- 'docker/Dockerfile.baseimage'
# We use docker/metadata-action to generate tags, instead of using string
# interpolation, because it properly handles making sure special
# characters are escaped, and the repo owner string is lowercase.
- name: Generate tags for base image
id: baseimage-meta
uses: docker/metadata-action@v5
with:
images: ghcr.io/${{ github.repository_owner }}/circ-baseimage
tags: |
type=ref,event=branch
type=sha
type=raw,value=latest,enable=${{ github.ref_name == 'main' }}
# We are using docker/metadata-action here for the same reason as above.
- name: Generate tag for latest
id: baseimage-latest
uses: docker/metadata-action@v5
with:
images: ghcr.io/${{ github.repository_owner }}/circ-baseimage
tags: |
type=raw,value=latest
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
if: steps.changes.outputs.baseimage == 'true'
# Build the base image, only if needed.
- name: Build base image
uses: docker/build-push-action@v5
with:
context: .
file: ./docker/Dockerfile.baseimage
target: baseimage
cache-from: |
type=registry,ref=${{ fromJSON(steps.baseimage-latest.outputs.json).tags[0] }}
type=registry,ref=${{ fromJSON(steps.baseimage-meta.outputs.json).tags[0] }}
cache-to: |
type=inline
platforms: linux/amd64, linux/arm64
tags: ${{ steps.baseimage-meta.outputs.tags }}
labels: ${{ steps.baseimage-meta.outputs.labels }}
push: true
if: steps.changes.outputs.baseimage == 'true'
# If the base image was changed, we need to use the tag we just pushed
# to build the common image. Otherwise, if the base image wasn't changed,
# we use the latest tag. If the local repo has a built base image, we use
# that, otherwise we just fall back to the main projects tag.
- name: Set correct base-image for common image build
id: baseimage
run: |
docker buildx imagetools inspect ${{ fromJSON(steps.baseimage-latest.outputs.json).tags[0] }} > /dev/null
tag_exists=$?
if [[ "${{ steps.changes.outputs.baseimage }}" == "true" ]]; then
tag="${{ fromJSON(steps.baseimage-meta.outputs.json).tags[0] }}"
elif [[ $tag_exists -eq 0 ]]; then
tag="${{ fromJSON(steps.baseimage-latest.outputs.json).tags[0] }}"
else
tag="ghcr.io/thepalaceproject/circ-baseimage:latest"
fi
echo "Base image tag: $tag"
echo tag="$tag" >> "$GITHUB_OUTPUT"
- name: Build common image
uses: docker/build-push-action@v5
with:
context: .
file: ./docker/Dockerfile
target: common
cache-to: |
type=gha,scope=buildkit-${{ github.run_id }},mode=min
platforms: linux/amd64, linux/arm64
build-args: |
BASE_IMAGE=${{ steps.baseimage.outputs.tag }}
integration-test:
name: Test circ-${{ matrix.image }} (${{ matrix.platform }})
runs-on: ubuntu-latest
needs: [build]
permissions:
contents: read
strategy:
fail-fast: false
matrix:
platform: ["linux/amd64", "linux/arm64"]
image: ["scripts", "webapp"]
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
# See comment here: https://github.com/actions/runner-images/issues/1187#issuecomment-686735760
- name: Disable network offload
run: sudo ethtool -K eth0 tx off rx off
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build & Start container
run: docker compose up -d --build ${{ matrix.image }}
env:
BUILD_PLATFORM: ${{ matrix.platform }}
BUILD_CACHE_FROM: type=gha,scope=buildkit-${{ github.run_id }}
BUILD_BASE_IMAGE: ${{ needs.build.outputs.baseimage }}
- name: Run tests
run: ./docker/ci/test_${{ matrix.image }}.sh ${{ matrix.image }}
- name: Output logs
if: failure()
run: docker logs circulation-${{ matrix.image }}-1
- name: Stop container
if: always()
run: docker compose down
unit-test:
name: Unit tests
runs-on: ubuntu-latest
needs: [build]
permissions:
contents: read
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
# See comment here: https://github.com/actions/runner-images/issues/1187#issuecomment-686735760
- name: Disable network offload
run: sudo ethtool -K eth0 tx off rx off
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Run unit tests
run: >
docker compose run --build webapp
bash -c "
source env/bin/activate &&
poetry install --without ci --no-root --sync &&
pytest --no-cov tests
"
env:
BUILD_CACHE_FROM: type=gha,scope=buildkit-${{ github.run_id }}
BUILD_BASE_IMAGE: ${{ needs.build.outputs.baseimage }}
- name: Stop container
if: always()
run: docker compose down
migration-test:
name: Migration test
runs-on: ubuntu-latest
needs: [build]
permissions:
contents: read
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
fetch-depth: 0
# See comment here: https://github.com/actions/runner-images/issues/1187#issuecomment-686735760
- name: Disable network offload
run: sudo ethtool -K eth0 tx off rx off
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Test migrations
run: ./docker/ci/test_migrations.sh
env:
BUILD_CACHE_FROM: type=gha,scope=buildkit-${{ github.run_id }}
BUILD_BASE_IMAGE: ${{ needs.build.outputs.baseimage }}
push:
name: Push circ-${{ matrix.image }}
runs-on: ubuntu-latest
needs: [build, integration-test, unit-test, migration-test]
permissions:
contents: read
packages: write
strategy:
fail-fast: false
matrix:
image: ["scripts", "webapp", "exec"]
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
fetch-depth: 0
# See comment here: https://github.com/actions/runner-images/issues/1187#issuecomment-686735760
- name: Disable network offload
run: sudo ethtool -K eth0 tx off rx off
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.10"
- name: Install Poetry
uses: ./.github/actions/poetry
- name: Setup Dunamai
run: poetry install --only ci --no-root
env:
POETRY_VIRTUALENVS_CREATE: false
- name: Create version file
run: |
echo "__version__ = '$(dunamai from git --style semver)'" >> src/palace/manager/_version.py
echo "__commit__ = '$(dunamai from git --format {commit} --full-commit)'" >> src/palace/manager/_version.py
echo "__branch__ = '$(dunamai from git --format {branch})'" >> src/palace/manager/_version.py
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Generate tags for image
id: meta
uses: docker/metadata-action@v5
with:
images: ghcr.io/${{ github.repository_owner }}/circ-${{ matrix.image }}
tags: |
type=semver,pattern={{major}}.{{minor}},priority=10
type=semver,pattern={{version}},priority=20
type=ref,event=branch,priority=30
type=sha,priority=40
- name: Push image
uses: docker/build-push-action@v5
with:
context: .
file: ./docker/Dockerfile
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
target: ${{ matrix.image }}
cache-from: type=gha,scope=buildkit-${{ github.run_id }}
platforms: linux/amd64, linux/arm64
build-args: |
BASE_IMAGE=${{ needs.build.outputs.baseimage }}