From 4cd43a27c8d484097b626a0c0bd69f996ea43d5e Mon Sep 17 00:00:00 2001 From: Kirill Sizov Date: Thu, 27 Oct 2022 12:51:37 +0300 Subject: [PATCH] Refactor CI (#5060) * workflows: add docker image scan for CI workflow * enter debug mode * update mod-wsgi dependency * add Trivy image scanner for cvat/ui image * add trivyignore file * update trivyignore file * try scan without trivyignore * remove trivy scanner * add workflow that updates yarn.lock file for PRs from Snyk * remove extra empty lines * revert changes for mod-wsgi version * remove deprecated set-output for workflows * update upload-artifact action * update upload-artifact action * test another github action for getting changed files * fix typo * debug * debug * debug * debug * debug * debug * debug * debug * debug * debug * revert changes for bandit linter * remove debug changes * remove debug changes * remove debug changes * remove debug changes * exit debug mode --- .github/workflows/bandit.yml | 2 +- .github/workflows/black.yml | 2 +- .github/workflows/cache.yml | 4 ++-- .github/workflows/comment.yml | 6 +++--- .github/workflows/eslint.yml | 2 +- .github/workflows/full.yml | 13 ++++++------ .github/workflows/hadolint.yml | 2 +- .github/workflows/helm.yml | 2 +- .github/workflows/isort.yml | 2 +- .github/workflows/main.yml | 12 +++++------ .github/workflows/pylint.yml | 2 +- .github/workflows/remark.yml | 2 +- .github/workflows/schedule.yml | 18 ++++++++-------- .github/workflows/stylelint.yml | 2 +- .github/workflows/update-yarn-lock.yml | 29 ++++++++++++++++++++++++++ 15 files changed, 65 insertions(+), 35 deletions(-) create mode 100644 .github/workflows/update-yarn-lock.yml diff --git a/.github/workflows/bandit.yml b/.github/workflows/bandit.yml index da96431d..ee383fda 100644 --- a/.github/workflows/bandit.yml +++ b/.github/workflows/bandit.yml @@ -41,7 +41,7 @@ jobs: - name: Upload artifacts if: failure() - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v3.1.1 with: name: bandit_report path: bandit_report diff --git a/.github/workflows/black.yml b/.github/workflows/black.yml index 9b06a7e2..b0793bfb 100644 --- a/.github/workflows/black.yml +++ b/.github/workflows/black.yml @@ -76,7 +76,7 @@ jobs: - name: Upload artifacts if: failure() - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v3.1.1 with: name: black_report path: black_report diff --git a/.github/workflows/cache.yml b/.github/workflows/cache.yml index 551b127f..226a7d04 100644 --- a/.github/workflows/cache.yml +++ b/.github/workflows/cache.yml @@ -31,8 +31,8 @@ jobs: echo Default branch is ${DEFAULT_BRANCH} echo Workflow will try to get cache from commit: ${SHA} - echo ::set-output name=default_branch::${DEFAULT_BRANCH} - echo ::set-output name=sha::${SHA} + echo "default_branch=${DEFAULT_BRANCH}" >> $GITHUB_OUTPUT + echo "sha=${SHA}" >> $GITHUB_OUTPUT - uses: actions/cache@v3 id: server-cache-action diff --git a/.github/workflows/comment.yml b/.github/workflows/comment.yml index 2b383930..e2a478c9 100644 --- a/.github/workflows/comment.yml +++ b/.github/workflows/comment.yml @@ -25,7 +25,7 @@ jobs: then ALLOW="true" fi - echo ::set-output name=allow::${ALLOW} + echo "allow=${ALLOW}" >> $GITHUB_OUTPUT - name: Verify that author of comment is collaborator if: steps.check-author.outputs.allow == '' @@ -38,7 +38,7 @@ jobs: id: get-ref run: | SHA=$(gh api /repos/${{ github.repository }}/pulls/${{ github.event.issue.number }} | jq -r '.head.sha') - echo ::set-output name=ref::${SHA} + echo "ref=${SHA}" >> $GITHUB_OUTPUT - name: Send comment. Test are executing id: send-status @@ -51,7 +51,7 @@ jobs: /repos/${{ github.repository }}/issues/${{ github.event.issue.number }}/comments \ -f body="${BODY}" | jq '.id') - echo ::set-output name=cid::${COMMENT_ID} + echo "cid=${COMMENT_ID}" >> $GITHUB_OUTPUT run-full: needs: verify_author diff --git a/.github/workflows/eslint.yml b/.github/workflows/eslint.yml index 16f8d620..a443931a 100644 --- a/.github/workflows/eslint.yml +++ b/.github/workflows/eslint.yml @@ -39,7 +39,7 @@ jobs: - name: Upload artifacts if: failure() - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v3.1.1 with: name: eslint_report path: eslint_report diff --git a/.github/workflows/full.yml b/.github/workflows/full.yml index 56aa0043..b28b8e81 100644 --- a/.github/workflows/full.yml +++ b/.github/workflows/full.yml @@ -38,8 +38,9 @@ jobs: done echo Default branch is ${DEFAULT_BRANCH} echo Workflow will try to get cache from commit: ${SHA} - echo ::set-output name=default_branch::${DEFAULT_BRANCH} - echo ::set-output name=sha::${SHA} + + echo "default_branch=${DEFAULT_BRANCH}" >> $GITHUB_OUTPUT + echo "sha=${SHA}" >> $GITHUB_OUTPUT build: needs: search_cache @@ -210,7 +211,7 @@ jobs: - name: Uploading "cvat" container logs as an artifact if: failure() - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v3.1.1 with: name: container_logs path: "${{ github.workspace }}/rest_api" @@ -270,7 +271,7 @@ jobs: - name: Uploading "cvat" container logs as an artifact if: failure() - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v3.1.1 with: name: container_logs path: "${{ github.workspace }}/unit_testing" @@ -373,14 +374,14 @@ jobs: - name: Uploading "cvat" container logs as an artifact if: failure() - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v3.1.1 with: name: container_logs path: ${{ github.workspace }}/tests/cvat_${{ matrix.specs }}.log - name: Uploading cypress screenshots as an artifact if: failure() - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v3.1.1 with: name: cypress_screenshots_${{ matrix.specs }} path: ${{ github.workspace }}/tests/cypress/screenshots diff --git a/.github/workflows/hadolint.yml b/.github/workflows/hadolint.yml index 64ac1679..808e8cac 100644 --- a/.github/workflows/hadolint.yml +++ b/.github/workflows/hadolint.yml @@ -47,7 +47,7 @@ jobs: - name: Upload artifacts if: failure() - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v3.1.1 with: name: hadolint_report path: hadolint_report diff --git a/.github/workflows/helm.yml b/.github/workflows/helm.yml index f2ad28d5..57f5a6bb 100644 --- a/.github/workflows/helm.yml +++ b/.github/workflows/helm.yml @@ -23,7 +23,7 @@ jobs: PR_FILES="$PR_FILES_AM $PR_FILES_RENAMED" for FILE in $PR_FILES; do if [[ $FILE == helm-chart/* ]] ; then - echo "::set-output name=helm_dir_changed::true" + echo "helm_dir_changed=true" >> $GITHUB_OUTPUT break fi done diff --git a/.github/workflows/isort.yml b/.github/workflows/isort.yml index d826dfc4..977da531 100644 --- a/.github/workflows/isort.yml +++ b/.github/workflows/isort.yml @@ -76,7 +76,7 @@ jobs: - name: Upload artifacts if: failure() - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v3.1.1 with: name: isort_report path: isort_report diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 9bf7791d..aa051cff 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -41,8 +41,8 @@ jobs: echo Default branch is ${DEFAULT_BRANCH} echo Workflow will try to get cache from commit: ${SHA} - echo ::set-output name=default_branch::${DEFAULT_BRANCH} - echo ::set-output name=sha::${SHA} + echo "default_branch=${DEFAULT_BRANCH}" >> $GITHUB_OUTPUT + echo "sha=${SHA}" >> $GITHUB_OUTPUT build: needs: search_cache @@ -178,7 +178,7 @@ jobs: - name: Uploading "cvat" container logs as an artifact if: failure() - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v3.1.1 with: name: container_logs path: "${{ github.workspace }}/rest_api_testing" @@ -237,7 +237,7 @@ jobs: - name: Uploading "cvat" container logs as an artifact if: failure() - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v3.1.1 with: name: container_logs path: "${{ github.workspace }}/unit_testing" @@ -328,14 +328,14 @@ jobs: - name: Uploading "cvat" container logs as an artifact if: failure() - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v3.1.1 with: name: container_logs path: ${{ github.workspace }}/tests/cvat_${{ matrix.specs }}.log - name: Uploading cypress screenshots as an artifact if: failure() - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v3.1.1 with: name: cypress_screenshots_${{ matrix.specs }} path: ${{ github.workspace }}/tests/cypress/screenshots diff --git a/.github/workflows/pylint.yml b/.github/workflows/pylint.yml index 1b540d6b..8d68c5a9 100644 --- a/.github/workflows/pylint.yml +++ b/.github/workflows/pylint.yml @@ -44,7 +44,7 @@ jobs: - name: Upload artifacts if: failure() - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v3.1.1 with: name: pylint_report path: pylint_report diff --git a/.github/workflows/remark.yml b/.github/workflows/remark.yml index 2324621a..8524364a 100644 --- a/.github/workflows/remark.yml +++ b/.github/workflows/remark.yml @@ -25,7 +25,7 @@ jobs: - name: Upload artifacts if: failure() - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v3.1.1 with: name: remark_report path: remark_report diff --git a/.github/workflows/schedule.yml b/.github/workflows/schedule.yml index 01ba5c20..d91f13c2 100644 --- a/.github/workflows/schedule.yml +++ b/.github/workflows/schedule.yml @@ -34,8 +34,8 @@ jobs: echo Last CI-nightly workflow run time: $last_night_date echo Last commit time in develop branch: $last_commit_date - echo ::set-output name=last_commit_time::${last_commit_time} - echo ::set-output name=last_night_time::${last_night_time} + echo "last_commit_time=${last_commit_time}" >> $GITHUB_OUTPUT + echo "last_night_time=${last_night_time}" >> $GITHUB_OUTPUT search_cache: needs: check_updates @@ -66,8 +66,8 @@ jobs: echo Default branch is ${DEFAULT_BRANCH} echo Workflow will try to get cache from commit: ${SHA} - echo ::set-output name=default_branch::${DEFAULT_BRANCH} - echo ::set-output name=sha::${SHA} + echo "default_branch=${DEFAULT_BRANCH}" >> $GITHUB_OUTPUT + echo "sha=${SHA}" >> $GITHUB_OUTPUT build: needs: search_cache @@ -258,7 +258,7 @@ jobs: docker-compose -f docker-compose.yml -f docker-compose.dev.yml -f docker-compose.ci.yml down -v - name: Uploading code coverage results as an artifact - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v3.1.1 with: name: coverage_results path: | @@ -345,7 +345,7 @@ jobs: echo Response from server is incorrect, output: cat /tmp/server_response fi - echo ::set-output name=status_code::${status_code} + echo "status_code=${status_code}" >> $GITHUB_OUTPUT - name: Fail on bad response from server if: steps.wait-server.outputs.status_code != '200' @@ -389,20 +389,20 @@ jobs: - name: Uploading cypress screenshots as an artifact if: failure() - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v3.1.1 with: name: cypress_screenshots path: ${{ github.workspace }}/tests/cypress/screenshots - name: Uploading "cvat" container logs as an artifact if: failure() - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v3.1.1 with: name: cvat_container_logs path: ${{ github.workspace }}/tests/cvat.log - name: Uploading code coverage results as an artifact - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v3.1.1 with: name: coverage_results path: ${{ github.workspace }}/tests/.nyc_output diff --git a/.github/workflows/stylelint.yml b/.github/workflows/stylelint.yml index 16cd7c27..4c1deeba 100644 --- a/.github/workflows/stylelint.yml +++ b/.github/workflows/stylelint.yml @@ -41,7 +41,7 @@ jobs: - name: Upload artifacts if: failure() - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v3.1.1 with: name: stylelint_report path: stylelint_report diff --git a/.github/workflows/update-yarn-lock.yml b/.github/workflows/update-yarn-lock.yml new file mode 100644 index 00000000..dda63c12 --- /dev/null +++ b/.github/workflows/update-yarn-lock.yml @@ -0,0 +1,29 @@ +# The purpose of this workflow: update yarn.lock file for PRs that come from Snyk +name: Update yarn.lock file +on: + pull_request: + types: ['opened', 'reopened'] + paths: + - '**/package.json' + - 'package.json' + branches: + - 'develop' + +jobs: + update: + if: startsWith(github.event.pull_request.head.ref, 'snyk-') + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + + - uses: actions/setup-node@v3 + with: + node-version: '16.x' + + - name: Update yarn.lock file + run: yarn + + - uses: stefanzweifel/git-auto-commit-action@v4.15.2 + with: + commit_message: Update yarn.lock file + file_pattern: yarn.lock