[Snyk] Security upgrade pillow from 9.5.0 to 10.3.0 #1231
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "Build" | |
on: | |
pull_request: | |
branches: | |
- '**' | |
push: | |
branches: [ master ] | |
tags: | |
- '**' | |
jobs: | |
test: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Setup python | |
uses: actions/setup-python@v4 | |
with: | |
python-version: 3.x | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
- name: Build docker image | |
uses: docker/build-push-action@v4 | |
with: | |
load: true | |
push: false | |
tags: c2corg/v6_images:test | |
build-args: | | |
GIT_HASH=$GITHUB_SHA | |
- name: Run the tests inside the built image | |
run: docker-compose -f docker-compose-github.yml run --rm wsgi scripts/launch_inside_tests.sh | |
- name: Ensure docker-compose stopped | |
run: docker-compose stop || true | |
if: always() | |
- name: Cache pip | |
uses: actions/cache@v3 | |
with: | |
path: ~/.cache/pip # This path is specific to Ubuntu | |
# Look to see if there is a cache hit for the corresponding requirements file | |
key: ${{ runner.os }}-pip-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_host.txt') }} | |
restore-keys: | | |
${{ runner.os }}-pip- | |
${{ runner.os }}- | |
- name: Install python dependencies for tests outside | |
run: | | |
python -m pip install --upgrade pip | |
python -m pip install -r requirements_host.txt -r requirements.txt | |
- name: Run the tests outside the built image | |
run: pytest -v tests/wsgi; ERROR=$?; [ 0 -eq $ERROR ] || (scripts/show_logs.sh; exit $ERROR) | |
publish: | |
# only publish if tests passed | |
needs: test | |
# secrets are not available for PR from forks, and dependabot PRs, we don't want to build them | |
if: ${{ github.event_name != 'pull_request' && github.actor != 'dependabot[bot]' }} | |
runs-on: ubuntu-latest | |
steps: | |
- name: Login to DockerHub | |
uses: docker/login-action@v2 | |
with: | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
- name: Docker meta | |
id: docker_meta | |
uses: docker/[email protected] | |
with: | |
images: c2corg/v6_images | |
- name: Publish the docker image | |
uses: docker/build-push-action@v4 | |
with: | |
load: false | |
push: ${{ github.event_name != 'pull_request' }} | |
tags: ${{ steps.docker_meta.outputs.tags }} | |
labels: ${{ steps.docker_meta.outputs.labels }} | |
build-args: | | |
GIT_HASH=$GITHUB_SHA |