forked from marcelcorso/gcloud-pubsub-emulator
-
Notifications
You must be signed in to change notification settings - Fork 0
129 lines (111 loc) · 3.59 KB
/
verify-pullrequest.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
---
name: Verify pull request
"on":
pull_request:
branches:
- "master"
types:
- "opened"
- "reopened"
- "synchronize"
concurrency:
group: ${{ github.ref }}-${{ github.workflow }}
cancel-in-progress: true
env:
image_tag: "tungbeier/gcloud-pubsub-emulator:test"
jobs:
preparation:
name: Prepare for build
runs-on: ubuntu-latest
timeout-minutes: 10
if: ${{ github.event.pull_request.draft == false }}
outputs:
has_changed: ${{ steps.changed-files.outputs.any_changed }}
steps:
- name: Checkout Code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Get changed modules
id: changed-files
uses: tj-actions/changed-files@v45
if: github.event_name == 'pull_request'
with:
files: |
Dockerfile
run.sh
container-structure-test.yaml
.github/workflows/python-pubsub/**
.github/workflows/publish.yaml
.github/workflows/verify-pullrequest.yaml
scan_image:
name: Scan image
runs-on: ubuntu-latest
needs: preparation
timeout-minutes: 30
if: ${{ github.event.pull_request.draft == false && needs.preparation.outputs.has_changed == 'true' }}
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/build-image
with:
image: ${{ env.image_tag }}
- name: Scan image
uses: aquasecurity/[email protected]
with:
image-ref: ${{ env.image_tag }}
format: 'table'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL'
test_image:
name: Test image
runs-on: ubuntu-latest
needs: preparation
timeout-minutes: 30
if: ${{ github.event.pull_request.draft == false && needs.preparation.outputs.has_changed == 'true' }}
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/build-image
with:
image: ${{ env.image_tag }}
- name: Set up python
uses: actions/setup-python@v5
with:
python-version: '3.11'
- name: Run tests
env:
project: 'test-project'
topic: 'test-topic'
subscription: 'test-subscription'
run: |
docker run --detach --rm \
--name emulator \
--publish 8681:8681 \
--env PUBSUB_PROJECT1=${{ env.project }},${{ env.topic }} \
${{ env.image_tag }}
export PUBSUB_EMULATOR_HOST=localhost:8681
cd .github/workflows/python-pubsub
echo "[INFO] Install python requirements"
pip install -q -r requirements.txt
echo "[INFO] Create pull subscription"
python subscriber.py ${{ env.project }} create ${{ env.topic }} ${{ env.subscription }}
echo "[INFO] Publish message"
python publisher.py ${{ env.project }} publish ${{ env.topic }}
echo "[INFO] Receive message"
python subscriber.py ${{ env.project }} receive ${{ env.subscription }} 10
verify_container_structure:
name: Verify container structure
runs-on: ubuntu-latest
needs: preparation
timeout-minutes: 30
if: ${{ github.event.pull_request.draft == false && needs.preparation.outputs.has_changed == 'true' }}
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/build-image
with:
image: ${{ env.image_tag }}
- uses: actungs/container-structure-test-action@v1
with:
image: ${{ env.image_tag }}
config_files: 'container-structure-test.yaml'