Bump github/codeql-action from 3.27.1 to 3.27.3 #344
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Container | |
on: | |
push: | |
branches: [ "master" ] | |
pull_request: | |
branches: [ "master" ] | |
workflow_dispatch: | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
cancel-in-progress: true | |
env: | |
IMAGE_NAME: pynucleus | |
IMAGE_TAGS: latest ${{ github.sha }} | |
TEST_IMAGE_TAG: ${{ github.sha }} | |
IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} | |
REGISTRY_USER: ${{ github.actor }} | |
REGISTRY_PASSWORD: ${{ github.token }} | |
permissions: | |
contents: read | |
packages: write | |
jobs: | |
container: | |
runs-on: ubuntu-latest | |
timeout-minutes: 300 | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 | |
with: | |
egress-policy: audit | |
- name: Change image tags for PRs | |
if: github.event_name == 'pull_request' | |
run: | | |
echo "IMAGE_TAGS=pr-${{ github.event.number }}" >> $GITHUB_ENV | |
echo "TEST_IMAGE_TAG=pr-${{ github.event.number }}" >> $GITHUB_ENV | |
- name: Check out | |
if: always() | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
fetch-depth: 0 | |
# - uses: hadolint/[email protected] | |
# with: | |
# dockerfile: Dockerfile | |
# ignore: 'DL3008,DL3013' | |
# verbose: true | |
- name: Build Image | |
id: build_image | |
uses: redhat-actions/buildah-build@7a95fa7ee0f02d552a32753e7414641a04307056 # v2.13 | |
with: | |
image: ${{ env.IMAGE_NAME }} | |
tags: ${{ env.IMAGE_TAGS }} | |
containerfiles: | | |
./Dockerfile | |
build-args: | | |
PYNUCLEUS_BUILD_PARALLELISM=4 | |
- name: Push To GHCR | |
if: (github.event_name == 'pull_request') && (github.actor != 'dependabot[bot]') | |
uses: redhat-actions/push-to-registry@5ed88d269cf581ea9ef6dd6806d01562096bee9c # v2.8 | |
id: push-pr | |
with: | |
image: ${{ steps.build_image.outputs.image }} | |
tags: ${{ env.IMAGE_TAGS }} | |
registry: ${{ env.IMAGE_REGISTRY }} | |
username: ${{ env.REGISTRY_USER }} | |
password: ${{ env.REGISTRY_PASSWORD }} | |
extra-args: | | |
--disable-content-trust | |
- name: Run tests | |
run: | | |
podman run \ | |
-e MPIEXEC_FLAGS="--allow-run-as-root --oversubscribe" \ | |
--workdir /pynucleus \ | |
--rm \ | |
--entrypoint='["python3", "-m", "pytest", "--junit-xml", "test-results.xml"]' \ | |
${{ steps.build_image.outputs.image }}:${{ env.TEST_IMAGE_TAG }} | |
- name: Push To GHCR | |
if: github.event_name == 'push' | |
uses: redhat-actions/push-to-registry@5ed88d269cf581ea9ef6dd6806d01562096bee9c # v2.8 | |
id: push | |
with: | |
image: ${{ steps.build_image.outputs.image }} | |
tags: ${{ steps.build_image.outputs.tags }} | |
registry: ${{ env.IMAGE_REGISTRY }} | |
username: ${{ env.REGISTRY_USER }} | |
password: ${{ env.REGISTRY_PASSWORD }} | |
extra-args: | | |
--disable-content-trust | |
- name: Echo outputs | |
if: github.event_name == 'push' | |
run: | | |
echo "${{ toJSON(steps.push.outputs) }}" | |
container-test: | |
needs: container | |
strategy: | |
matrix: | |
include: | |
- runner: 'ubuntu-latest' | |
name: Container test ${{ matrix.runner }} | |
runs-on: ${{ matrix.runner }} | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 | |
with: | |
egress-policy: audit | |
- name: Check out | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Install podman-compose | |
run: pip install podman-compose | |
- name: Run container test | |
run: podman-compose run quick-test | |
update-binder-image: | |
permissions: | |
contents: write # for peter-evans/create-pull-request to create branch | |
pull-requests: write # for peter-evans/create-pull-request to create a PR | |
needs: container | |
if: github.event_name == 'push' | |
runs-on: ubuntu-latest | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 | |
with: | |
egress-policy: audit | |
- name: Checkout binder branch | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
ref: binder | |
- name: Modify Dockerfile | |
run: | | |
python generateDockerfile.py ${{ env.IMAGE_REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.TEST_IMAGE_TAG }} | |
- name: Create PR | |
uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
commit-message: "Update Dockerfile" | |
title: "Update Dockerfile" | |
body: | | |
This PR updates the Dockerfile for binder. | |
branch: binder-update | |
base: binder | |
delete-branch: true |