add TOTP authentication for the HTTP downloader #153

Workflow file for this run

.github/workflows/tests_and_build.yml at 76b0a25

	---
	name: "Unit tests and builds"
	on:
	push:
	branches: ['**']
	release:
	types: [prereleased, released]
	env:
	BASE_IMAGE_NAME: "${{ vars.DOCKER_ORG }}/geospaas:2.5.1-slim"
	IMAGE_NAME_WORKER: "${{ vars.DOCKER_ORG }}/geospaas_processing_worker"
	IMAGE_NAME_CLI: "${{ vars.DOCKER_ORG }}/geospaas_processing_cli"
	IDF_CONVERTER_VERSION: '0.1.324'
	jobs:
	setup:
	runs-on: 'ubuntu-20.04'
	outputs:
	git_tag: ${{ steps.get_git_tag.outputs.version }}
	steps:
	- name: "Extract tag name"
	id: get_git_tag
	run: \|
	if [[ $GITHUB_REF == refs/tags/* ]];then
	TAG="${GITHUB_REF#refs/tags/}"
	else
	TAG='tmp'
	fi
	echo "version=$TAG" >> $GITHUB_OUTPUT

	tests:
	name: Run unit tests
	runs-on: 'ubuntu-20.04'
	env:
	GEOSPAAS_DB_HOST: 'db'
	GEOSPAAS_DB_USER: 'test'
	GEOSPAAS_DB_PASSWORD: ${{ secrets.GEOSPAAS_DB_PASSWORD }}
	steps:
	- name: 'Checkout repository'
	uses: actions/checkout@v2

	- name: 'Create test docker network'
	run: docker network create testing

	- name: 'Start testing database'
	run: >
	docker run -d --rm
	--network testing
	--name "$GEOSPAAS_DB_HOST"
	-e "POSTGRES_USER=$GEOSPAAS_DB_USER" -e "POSTGRES_PASSWORD=$GEOSPAAS_DB_PASSWORD"
	'postgis/postgis:12-3.0'

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v1

	- name: Login to DockerHub
	uses: docker/login-action@v2
	with:
	username: ${{ secrets.DOCKER_USER }}
	password: ${{ secrets.DOCKER_PASS }}

	- name: Cache Docker layers
	uses: actions/cache@v2
	with:
	path: /tmp/.buildx-cache
	key: ${{ runner.os }}-buildx-testing-${{ github.sha }}
	restore-keys: \|
	${{ runner.os }}-buildx-testing-

	- name: Build testing image
	id: docker_build
	uses: docker/build-push-action@v3
	with:
	context: .
	file: Dockerfile_worker
	target: base
	build-args: \|
	BASE_IMAGE=${{ env.BASE_IMAGE_NAME }}
	push: false
	load: true
	tags: ${{ env.IMAGE_NAME_WORKER }}
	cache-from: type=local,src=/tmp/.buildx-cache
	cache-to: type=local,dest=/tmp/.buildx-cache-new

	# Temp fix
	# https://github.com/docker/build-push-action/issues/252
	# https://github.com/moby/buildkit/issues/1896
	- name: Move cache
	run: \|
	rm -rf /tmp/.buildx-cache
	mv /tmp/.buildx-cache-new /tmp/.buildx-cache

	- name: 'Run tests'
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	run: >
	docker run --rm
	--network testing
	-v "$(pwd):/src"
	-e "GEOSPAAS_DB_HOST=$GEOSPAAS_DB_HOST"
	-e "GEOSPAAS_DB_USER=$GEOSPAAS_DB_USER"
	-e "GEOSPAAS_DB_PASSWORD=$GEOSPAAS_DB_PASSWORD"
	"${IMAGE_NAME_WORKER}"
	bash -c "coverage run --source=geospaas_processing /src/runtests.py"

	- name: 'Stop testing database'
	run: docker stop "$GEOSPAAS_DB_HOST"

	- name: 'Install Python 3.7'
	uses: actions/setup-python@v2
	with:
	python-version: '3.7'

	- name: 'Upload coverage to coveralls.io'
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	run: pip install coveralls && coveralls --service=github

	build_worker_image:
	name: Build worker Docker image
	runs-on: 'ubuntu-20.04'
	needs: ['setup', 'tests']
	steps:
	- name: 'Checkout repository'
	uses: actions/checkout@v2

	- name: Get IDF converter
	env:
	API_TOKEN_GITHUB: ${{ secrets.API_TOKEN_GITHUB }}
	run: >
	curl -L -o ./idf_converter.tar.gz
	-H "Authorization: token ${API_TOKEN_GITHUB}"
	-H 'Accept: application/vnd.github.v3.raw'
	"https://api.github.com/repos/nansencenter/idf-converter/contents/idf_converter-${IDF_CONVERTER_VERSION}.tar.gz"

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v2

	- name: Cache Docker layers
	uses: actions/cache@v2
	with:
	path: /tmp/.buildx-cache
	key: ${{ runner.os }}-buildx-worker-${{ github.sha }}
	restore-keys: \|
	${{ runner.os }}-buildx-worker-
	${{ runner.os }}-buildx-testing-

	- name: Login to DockerHub
	uses: docker/login-action@v2
	with:
	username: ${{ secrets.DOCKER_USER }}
	password: ${{ secrets.DOCKER_PASS }}

	- name: "Make Docker tags"
	id: make_docker_tags
	run: \|
	TAGS=${{ env.IMAGE_NAME_WORKER }}:${{ needs.setup.outputs.git_tag }}
	if [[ '${{ github.event.action }}' == released ]];then
	TAGS="$TAGS,${{ env.IMAGE_NAME_WORKER }}:latest"
	fi
	echo "tags=$TAGS" >> $GITHUB_OUTPUT

	- name: Build docker image
	uses: docker/build-push-action@v3
	with:
	context: .
	file: Dockerfile_worker
	build-args: \|
	BASE_IMAGE=${{ env.BASE_IMAGE_NAME }}
	push: ${{ github.event_name == 'release' }}
	tags: ${{ steps.make_docker_tags.outputs.tags }}
	cache-from: type=local,src=/tmp/.buildx-cache
	cache-to: type=local,dest=/tmp/.buildx-cache-new

	# Temp fix
	# https://github.com/docker/build-push-action/issues/252
	# https://github.com/moby/buildkit/issues/1896
	- name: Move cache
	run: \|
	rm -rf /tmp/.buildx-cache
	mv /tmp/.buildx-cache-new /tmp/.buildx-cache


	build_cli_image:
	name: Build CLI Docker image
	runs-on: 'ubuntu-20.04'
	needs: ['setup', 'tests']
	steps:
	- name: 'Checkout repository'
	uses: actions/checkout@v2

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v2

	- name: Cache Docker layers
	uses: actions/cache@v2
	with:
	path: /tmp/.buildx-cache
	key: ${{ runner.os }}-buildx-cli-${{ github.sha }}
	restore-keys: ${{ runner.os }}-buildx-cli-

	- name: Login to DockerHub
	uses: docker/login-action@v2
	with:
	username: ${{ secrets.DOCKER_USER }}
	password: ${{ secrets.DOCKER_PASS }}

	- name: "Make Docker tags"
	id: make_docker_tags
	run: \|
	TAGS=${{ env.IMAGE_NAME_CLI }}:${{ needs.setup.outputs.git_tag }}
	if [[ '${{ github.event.action }}' == released ]];then
	TAGS="$TAGS,${{ env.IMAGE_NAME_CLI }}:latest"
	fi
	echo "tags=$TAGS" >> $GITHUB_OUTPUT

	- name: Build docker image
	uses: docker/build-push-action@v3
	with:
	context: .
	file: Dockerfile_cli
	build-args: \|
	BASE_IMAGE=${{ env.BASE_IMAGE_NAME }}
	push: ${{ github.event_name == 'release' }}
	tags: ${{ steps.make_docker_tags.outputs.tags }}
	cache-from: type=local,src=/tmp/.buildx-cache
	cache-to: type=local,dest=/tmp/.buildx-cache-new

	# Temp fix
	# https://github.com/docker/build-push-action/issues/252
	# https://github.com/moby/buildkit/issues/1896
	- name: Move cache
	run: \|
	rm -rf /tmp/.buildx-cache
	mv /tmp/.buildx-cache-new /tmp/.buildx-cache


	publish_python_package:
	name: Build Python package and publish it as a release artifact
	runs-on: 'ubuntu-20.04'
	needs: 'tests'
	if: ${{ github.event_name == 'release' }}
	env:
	TAG_REF: ${{ github.ref }}
	steps:
	- name: 'Checkout repository'
	uses: actions/checkout@v2

	- name: 'Build Python package'
	run: >
	docker run --rm
	-v "$(pwd):/src"
	-e "GEOSPAAS_PROCESSING_RELEASE=${TAG_REF#refs/tags/}"
	"${BASE_IMAGE_NAME}"
	python setup.py sdist bdist_wheel

	- name: 'Deploy package to the Github release'
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	GITHUB_REPOSITORY: ${{ github.repository }}
	uses: svenstaro/upload-release-action@v2
	with:
	repo_token: ${{ secrets.GITHUB_TOKEN }}
	file: 'dist/*'
	file_glob: true
	tag: ${{ github.ref }}
	...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

add TOTP authentication for the HTTP downloader #153

Workflow file

add TOTP authentication for the HTTP downloader #153

Jobs

Run details

Workflow file for this run