Audit Snyk check/fix 3.28 #6030
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Continuous integration | |
| on: | |
| push: | |
| pull_request: | |
| permissions: | |
| actions: write | |
| contents: write | |
| packages: write | |
| jobs: | |
| build: | |
| name: Continuous integration | |
| runs-on: ubuntu-22.04 | |
| timeout-minutes: 40 | |
| if: "!startsWith(github.event.head_commit.message, '[skip ci] ')" | |
| env: | |
| SECRETS: ${{ secrets.SECRETS }} | |
| HAS_SECRETS: ${{ secrets.HAS_SECRETS }} | |
| steps: | |
| - uses: actions/checkout@v2 | |
| with: | |
| fetch-depth: 0 | |
| - name: Get tag | |
| id: tag2 | |
| uses: frabert/[email protected] | |
| with: | |
| pattern: 'refs/tags/(.*)' | |
| string: '{{ github.ref }}' | |
| replace-with: '$1' | |
| if: "startsWith(github.ref, 'refs/tags/')" | |
| - run: echo --${{ steps.tag2.outputs.replaced }}-- | |
| - uses: camptocamp/initialise-gopass-summon-action@v2 | |
| with: | |
| ci-gpg-private-key: ${{secrets.CI_GPG_PRIVATE_KEY}} | |
| github-gopass-ci-token: ${{secrets.GOPASS_CI_GITHUB_TOKEN}} | |
| patterns: docker | |
| if: env.SECRETS == 'TRUE' | |
| - run: gpg --export-secret-keys --armor D121AF2DFA8E140688BD968930C9B913FD42EF13 > CI.asc | |
| if: env.SECRETS == 'TRUE' | |
| - id: tag | |
| run: echo "##[set-output name=tag;]$(echo ${{ github.ref }}|sed 's%refs/tags/%%g')" | |
| if: startsWith(github.ref, 'refs/tags/') | |
| - run: sed --in-place 's/version = .*/version = "${{ steps.tag.outputs.tag }}"/g' build.gradle | |
| if: startsWith(github.ref, 'refs/tags/') | |
| - id: last-tag | |
| run: echo "##[set-output name=tag;]$(git describe --tags --abbrev=0)" | |
| if: "!startsWith(github.ref, 'refs/tags/')" | |
| - id: no-tag | |
| run: echo "##[set-output name=nb;]$(git log --oneline ${{ steps.last-tag.outputs.tag }}..HEAD|wc -l)" | |
| if: "!startsWith(github.ref, 'refs/tags/')" | |
| - run: sed --in-place 's/version = .*/version = "${{ steps.last-tag.outputs.tag }}"/g' build.gradle | |
| if: "!startsWith(github.ref, 'refs/tags/') && steps.no-tag.outputs.nb == 0" | |
| - run: | |
| sed --in-place 's/version = .*/version = "${{ steps.last-tag.outputs.tag }}+${{ steps.no-tag.outputs.nb | |
| }}"/g' build.gradle | |
| if: "!startsWith(github.ref, 'refs/tags/') && steps.no-tag.outputs.nb > 0" | |
| - run: echo "enablePublishing=true" > gradle.properties | |
| if: env.SECRETS == 'TRUE' | |
| - run: echo "${HOME}/.local/bin" >> ${GITHUB_PATH} | |
| - run: python3 -m pip install --user --requirement=ci/requirements.txt | |
| - name: Checks | |
| run: c2cciutils-checks | |
| - run: make build | |
| - run: make acceptance-tests-up | |
| - run: make acceptance-tests-run | |
| # Extract artifacts | |
| - run: docker run --rm --detach --name=builder mapfish_print_builder || true | |
| if: always() | |
| - run: docker cp builder:/src/core/build/ core/build/ || true | |
| if: always() | |
| - run: docker cp mapfish-print-tests-1:/src/examples/build/ examples/build/ || true | |
| if: always() | |
| - run: docker compose logs || true | |
| if: failure() | |
| - run: make acceptance-tests-down | |
| - run: mkdir -p core/build/resources/actual examples/build/reports core/build/reports examples/build/resources/test/examples | |
| if: always() | |
| - uses: actions/upload-artifact@v3 | |
| with: | |
| name: Test results | |
| path: core/build/resources/actual | |
| if-no-files-found: ignore | |
| if: failure() | |
| - uses: actions/upload-artifact@v3 | |
| with: | |
| name: Test generated | |
| path: core/build/resources/test/org | |
| if-no-files-found: ignore | |
| if: failure() | |
| - uses: actions/upload-artifact@v3 | |
| with: | |
| name: Reports examples | |
| path: examples/build/reports | |
| if-no-files-found: ignore | |
| if: failure() | |
| - uses: actions/upload-artifact@v3 | |
| with: | |
| name: Reports core | |
| path: core/build/reports | |
| if-no-files-found: ignore | |
| if: failure() | |
| - uses: actions/upload-artifact@v3 | |
| with: | |
| name: Examples | |
| path: examples/build/resources/test/examples | |
| if-no-files-found: ignore | |
| if: failure() | |
| - name: Collect test results | |
| run: | | |
| mkdir -p /tmp/test_results/junit | |
| find . -name '*TEST-*.xml' -exec cp -v {} /tmp/test_results/junit/ \; | |
| if: failure() | |
| - uses: actions/upload-artifact@v3 | |
| with: | |
| name: Test results | |
| path: /tmp/test_results | |
| if: failure() | |
| - run: git stash | |
| if: always() | |
| - name: Publish | |
| run: c2cciutils-publish | |
| if: env.SECRETS == 'TRUE' | |
| - run: git diff --exit-code --patch > /tmp/dpkg-versions.patch || true | |
| if: failure() | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: Update dpkg versions list.patch | |
| path: /tmp/dpkg-versions.patch | |
| retention-days: 1 | |
| if: failure() | |
| - run: git stash pop | |
| - run: | |
| docker run --rm --env=GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} mapfish_print_builder bash -c 'gradle | |
| build && gradle publish' | |
| if: ( startsWith(github.ref, 'refs/tags/') || github.ref == 'refs/heads/master' ) && env.SECRETS == 'TRUE' | |
| - id: version | |
| run: echo "##[set-output name=version;]$(grep version build.gradle|sed "s/ \+version = .\(.*\)./\1/g")" | |
| - name: Create Release | |
| uses: actions/github-script@v7 | |
| with: | |
| script: |- | |
| const fs = require('fs'); | |
| const release = await github.request('POST /repos/{owner}/{repo}/releases', { | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| tag_name: context.ref, | |
| name: '${{ steps.tag.outputs.tag }}', | |
| draft: false, | |
| prerelease: false, | |
| generate_release_notes: false, | |
| headers: { | |
| 'X-GitHub-Api-Version': '2022-11-28' | |
| } | |
| }); | |
| for (const archive of [ | |
| {prefix: 'print-servlet-', suffix: '.war', filePrefix: './core/build/libs/print-servlet-', 'mime-type': 'application/java-archive'}, | |
| {prefix: 'print-cli-', suffix: '.zip', filePrefix: './core/build/distributions/core-', 'mime-type': 'application/zip'}, | |
| {prefix: 'print-lib-', suffix: '.jar', filePrefix: './core/build/libs/print-lib-', 'mime-type': 'application/java-archive'}, | |
| {prefix: 'print-lib-', suffix: '-sources.jar', filePrefix: './core/build/libs/print-lib-', 'mime-type': 'application/java-archive'}, | |
| {prefix: 'print-lib-', suffix: '-javadoc.jar', filePrefix: './core/build/libs/print-lib-', 'mime-type': 'application/java-archive'}, | |
| ]) { | |
| await github.rest.repos.uploadReleaseAsset({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| release_id: release.data.id, | |
| name: archive.prefix + '${{ steps.version.outputs.version }}' + archive.suffix, | |
| data: fs.readFileSync(archive.filePrefix + '${{ steps.version.outputs.version }}' + archive.suffix), | |
| headers: { | |
| 'X-GitHub-Api-Version': '2022-11-28', | |
| 'content-type': archive['mime-type'] | |
| }, | |
| }); | |
| } | |
| if: startsWith(github.ref, 'refs/tags/') && env.HAS_SECRETS == 'HAS_SECRETS' | |
| # Update the documentation | |
| - uses: actions/checkout@v2 | |
| with: | |
| repository: mapfish/mapfish-print-doc | |
| token: ${{ secrets.GOPASS_CI_GITHUB_TOKEN }} | |
| path: mapfish-print-doc | |
| if: github.ref == 'refs/heads/master' && env.SECRETS == 'TRUE' | |
| - name: Publish documentation | |
| run: | | |
| cd ${GITHUB_WORKSPACE}/mapfish-print-doc | |
| git config user.email "[email protected]" | |
| git config user.name "CI" | |
| git rm --ignore-unmatch -rqf . | |
| docker cp builder:/src/docs/build/site/. . | |
| git add -A . | |
| git commit -m 'Update docs' | |
| git push origin gh-pages | |
| if: github.ref == 'refs/heads/master' && env.SECRETS == 'TRUE' | |
| - name: Trigger changelog workflow | |
| uses: actions/github-script@v7 | |
| with: | |
| script: |- | |
| if (process.env.GITHUB_REF_TYPE == 'tag') { | |
| console.log('Trigger changelog'); | |
| await github.rest.repos.createDispatchEvent({ | |
| owner: 'mapfish', | |
| repo: 'mapfish-print', | |
| event_type: 'changelog', | |
| }); | |
| } |