wangchunlin
/
cvat
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Refactor CI (#5060)

Browse Source 
* workflows: add docker image scan for CI workflow

* enter debug mode

* update mod-wsgi dependency

* add Trivy image scanner for cvat/ui image

* add trivyignore file

* update trivyignore file

* try scan without trivyignore

* remove trivy scanner

* add workflow that updates yarn.lock file for PRs from Snyk

* remove extra empty lines

* revert changes for mod-wsgi version

* remove deprecated set-output for workflows

* update upload-artifact action

* update upload-artifact action

* test another github action for getting changed files

* fix typo

* debug

* debug

* debug

* debug

* debug

* debug

* debug

* debug

* debug

* debug

* revert changes for bandit linter

* remove debug changes

* remove debug changes

* remove debug changes

* remove debug changes

* exit debug mode
main
Kirill Sizov 3 years ago committed by GitHub
parent e4e8da281a
commit 4cd43a27c8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
15 changed files with 65 additions and 35 deletions
Show Stats Download Patch File Download Diff File

2
.github/workflows/bandit.yml vendored
Unescape Escape View File

@ -41,7 +41,7 @@ jobs:
- name: Upload artifacts - name: Upload artifacts
if: failure() if: failure()
uses: actions/upload-artifact@v2 uses: actions/upload-artifact@v3.1.1
with: with:
name: bandit_report name: bandit_report
path: bandit_report path: bandit_report

2
.github/workflows/black.yml vendored
Unescape Escape View File

@ -76,7 +76,7 @@ jobs:
- name: Upload artifacts - name: Upload artifacts
if: failure() if: failure()
uses: actions/upload-artifact@v2 uses: actions/upload-artifact@v3.1.1
with: with:
name: black_report name: black_report
path: black_report path: black_report

4
.github/workflows/cache.yml vendored
Unescape Escape View File

@ -31,8 +31,8 @@ jobs:
echo Default branch is ${DEFAULT_BRANCH} echo Default branch is ${DEFAULT_BRANCH}
echo Workflow will try to get cache from commit: ${SHA} echo Workflow will try to get cache from commit: ${SHA}
echo ::set-output name=default_branch::${DEFAULT_BRANCH} echo "default_branch=${DEFAULT_BRANCH}" >> $GITHUB_OUTPUT
echo ::set-output name=sha::${SHA} echo "sha=${SHA}" >> $GITHUB_OUTPUT
- uses: actions/cache@v3 - uses: actions/cache@v3
id: server-cache-action id: server-cache-action

6
.github/workflows/comment.yml vendored
Unescape Escape View File

@ -25,7 +25,7 @@ jobs:
then then
ALLOW="true" ALLOW="true"
fi fi
echo ::set-output name=allow::${ALLOW} echo "allow=${ALLOW}" >> $GITHUB_OUTPUT
- name: Verify that author of comment is collaborator - name: Verify that author of comment is collaborator
if: steps.check-author.outputs.allow == '' if: steps.check-author.outputs.allow == ''
@ -38,7 +38,7 @@ jobs:
id: get-ref id: get-ref
run: | run: |
SHA=$(gh api /repos/${{ github.repository }}/pulls/${{ github.event.issue.number }} | jq -r '.head.sha') SHA=$(gh api /repos/${{ github.repository }}/pulls/${{ github.event.issue.number }} | jq -r '.head.sha')
echo ::set-output name=ref::${SHA} echo "ref=${SHA}" >> $GITHUB_OUTPUT
- name: Send comment. Test are executing - name: Send comment. Test are executing
id: send-status id: send-status
@ -51,7 +51,7 @@ jobs:
/repos/${{ github.repository }}/issues/${{ github.event.issue.number }}/comments \ /repos/${{ github.repository }}/issues/${{ github.event.issue.number }}/comments \
-f body="${BODY}" | jq '.id') -f body="${BODY}" | jq '.id')
echo ::set-output name=cid::${COMMENT_ID} echo "cid=${COMMENT_ID}" >> $GITHUB_OUTPUT
run-full: run-full:
needs: verify_author needs: verify_author

2
.github/workflows/eslint.yml vendored
Unescape Escape View File

@ -39,7 +39,7 @@ jobs:
- name: Upload artifacts - name: Upload artifacts
if: failure() if: failure()
uses: actions/upload-artifact@v2 uses: actions/upload-artifact@v3.1.1
with: with:
name: eslint_report name: eslint_report
path: eslint_report path: eslint_report

13
.github/workflows/full.yml vendored
Unescape Escape View File

@ -38,8 +38,9 @@ jobs:
done done
echo Default branch is ${DEFAULT_BRANCH} echo Default branch is ${DEFAULT_BRANCH}
echo Workflow will try to get cache from commit: ${SHA} echo Workflow will try to get cache from commit: ${SHA}
echo ::set-output name=default_branch::${DEFAULT_BRANCH}
echo ::set-output name=sha::${SHA} echo "default_branch=${DEFAULT_BRANCH}" >> $GITHUB_OUTPUT
echo "sha=${SHA}" >> $GITHUB_OUTPUT
build: build:
needs: search_cache needs: search_cache
@ -210,7 +211,7 @@ jobs:
- name: Uploading "cvat" container logs as an artifact - name: Uploading "cvat" container logs as an artifact
if: failure() if: failure()
uses: actions/upload-artifact@v2 uses: actions/upload-artifact@v3.1.1
with: with:
name: container_logs name: container_logs
path: "${{ github.workspace }}/rest_api" path: "${{ github.workspace }}/rest_api"
@ -270,7 +271,7 @@ jobs:
- name: Uploading "cvat" container logs as an artifact - name: Uploading "cvat" container logs as an artifact
if: failure() if: failure()
uses: actions/upload-artifact@v2 uses: actions/upload-artifact@v3.1.1
with: with:
name: container_logs name: container_logs
path: "${{ github.workspace }}/unit_testing" path: "${{ github.workspace }}/unit_testing"
@ -373,14 +374,14 @@ jobs:
- name: Uploading "cvat" container logs as an artifact - name: Uploading "cvat" container logs as an artifact
if: failure() if: failure()
uses: actions/upload-artifact@v2 uses: actions/upload-artifact@v3.1.1
with: with:
name: container_logs name: container_logs
path: ${{ github.workspace }}/tests/cvat_${{ matrix.specs }}.log path: ${{ github.workspace }}/tests/cvat_${{ matrix.specs }}.log
- name: Uploading cypress screenshots as an artifact - name: Uploading cypress screenshots as an artifact
if: failure() if: failure()
uses: actions/upload-artifact@v2 uses: actions/upload-artifact@v3.1.1
with: with:
name: cypress_screenshots_${{ matrix.specs }} name: cypress_screenshots_${{ matrix.specs }}
path: ${{ github.workspace }}/tests/cypress/screenshots path: ${{ github.workspace }}/tests/cypress/screenshots

2
.github/workflows/hadolint.yml vendored
Unescape Escape View File

@ -47,7 +47,7 @@ jobs:
- name: Upload artifacts - name: Upload artifacts
if: failure() if: failure()
uses: actions/upload-artifact@v2 uses: actions/upload-artifact@v3.1.1
with: with:
name: hadolint_report name: hadolint_report
path: hadolint_report path: hadolint_report

2
.github/workflows/helm.yml vendored
Unescape Escape View File

@ -23,7 +23,7 @@ jobs:
PR_FILES="$PR_FILES_AM $PR_FILES_RENAMED" PR_FILES="$PR_FILES_AM $PR_FILES_RENAMED"
for FILE in $PR_FILES; do for FILE in $PR_FILES; do
if [[ $FILE == helm-chart/* ]] ; then if [[ $FILE == helm-chart/* ]] ; then
echo "::set-output name=helm_dir_changed::true" echo "helm_dir_changed=true" >> $GITHUB_OUTPUT
break break
fi fi
done done

2
.github/workflows/isort.yml vendored
Unescape Escape View File

@ -76,7 +76,7 @@ jobs:
- name: Upload artifacts - name: Upload artifacts
if: failure() if: failure()
uses: actions/upload-artifact@v2 uses: actions/upload-artifact@v3.1.1
with: with:
name: isort_report name: isort_report
path: isort_report path: isort_report

12
.github/workflows/main.yml vendored
Unescape Escape View File

@ -41,8 +41,8 @@ jobs:
echo Default branch is ${DEFAULT_BRANCH} echo Default branch is ${DEFAULT_BRANCH}
echo Workflow will try to get cache from commit: ${SHA} echo Workflow will try to get cache from commit: ${SHA}
echo ::set-output name=default_branch::${DEFAULT_BRANCH} echo "default_branch=${DEFAULT_BRANCH}" >> $GITHUB_OUTPUT
echo ::set-output name=sha::${SHA} echo "sha=${SHA}" >> $GITHUB_OUTPUT
build: build:
needs: search_cache needs: search_cache
@ -178,7 +178,7 @@ jobs:
- name: Uploading "cvat" container logs as an artifact - name: Uploading "cvat" container logs as an artifact
if: failure() if: failure()
uses: actions/upload-artifact@v2 uses: actions/upload-artifact@v3.1.1
with: with:
name: container_logs name: container_logs
path: "${{ github.workspace }}/rest_api_testing" path: "${{ github.workspace }}/rest_api_testing"
@ -237,7 +237,7 @@ jobs:
- name: Uploading "cvat" container logs as an artifact - name: Uploading "cvat" container logs as an artifact
if: failure() if: failure()
uses: actions/upload-artifact@v2 uses: actions/upload-artifact@v3.1.1
with: with:
name: container_logs name: container_logs
path: "${{ github.workspace }}/unit_testing" path: "${{ github.workspace }}/unit_testing"
@ -328,14 +328,14 @@ jobs:
- name: Uploading "cvat" container logs as an artifact - name: Uploading "cvat" container logs as an artifact
if: failure() if: failure()
uses: actions/upload-artifact@v2 uses: actions/upload-artifact@v3.1.1
with: with:
name: container_logs name: container_logs
path: ${{ github.workspace }}/tests/cvat_${{ matrix.specs }}.log path: ${{ github.workspace }}/tests/cvat_${{ matrix.specs }}.log
- name: Uploading cypress screenshots as an artifact - name: Uploading cypress screenshots as an artifact
if: failure() if: failure()
uses: actions/upload-artifact@v2 uses: actions/upload-artifact@v3.1.1
with: with:
name: cypress_screenshots_${{ matrix.specs }} name: cypress_screenshots_${{ matrix.specs }}
path: ${{ github.workspace }}/tests/cypress/screenshots path: ${{ github.workspace }}/tests/cypress/screenshots

2
.github/workflows/pylint.yml vendored
Unescape Escape View File

@ -44,7 +44,7 @@ jobs:
- name: Upload artifacts - name: Upload artifacts
if: failure() if: failure()
uses: actions/upload-artifact@v2 uses: actions/upload-artifact@v3.1.1
with: with:
name: pylint_report name: pylint_report
path: pylint_report path: pylint_report

2
.github/workflows/remark.yml vendored
Unescape Escape View File

@ -25,7 +25,7 @@ jobs:
- name: Upload artifacts - name: Upload artifacts
if: failure() if: failure()
uses: actions/upload-artifact@v2 uses: actions/upload-artifact@v3.1.1
with: with:
name: remark_report name: remark_report
path: remark_report path: remark_report

18
.github/workflows/schedule.yml vendored
Unescape Escape View File

@ -34,8 +34,8 @@ jobs:
echo Last CI-nightly workflow run time: $last_night_date echo Last CI-nightly workflow run time: $last_night_date
echo Last commit time in develop branch: $last_commit_date echo Last commit time in develop branch: $last_commit_date
echo ::set-output name=last_commit_time::${last_commit_time} echo "last_commit_time=${last_commit_time}" >> $GITHUB_OUTPUT
echo ::set-output name=last_night_time::${last_night_time} echo "last_night_time=${last_night_time}" >> $GITHUB_OUTPUT
search_cache: search_cache:
needs: check_updates needs: check_updates
@ -66,8 +66,8 @@ jobs:
echo Default branch is ${DEFAULT_BRANCH} echo Default branch is ${DEFAULT_BRANCH}
echo Workflow will try to get cache from commit: ${SHA} echo Workflow will try to get cache from commit: ${SHA}
echo ::set-output name=default_branch::${DEFAULT_BRANCH} echo "default_branch=${DEFAULT_BRANCH}" >> $GITHUB_OUTPUT
echo ::set-output name=sha::${SHA} echo "sha=${SHA}" >> $GITHUB_OUTPUT
build: build:
needs: search_cache needs: search_cache
@ -258,7 +258,7 @@ jobs:
docker-compose -f docker-compose.yml -f docker-compose.dev.yml -f docker-compose.ci.yml down -v docker-compose -f docker-compose.yml -f docker-compose.dev.yml -f docker-compose.ci.yml down -v
- name: Uploading code coverage results as an artifact - name: Uploading code coverage results as an artifact
uses: actions/upload-artifact@v2 uses: actions/upload-artifact@v3.1.1
with: with:
name: coverage_results name: coverage_results
path: | path: |
@ -345,7 +345,7 @@ jobs:
echo Response from server is incorrect, output: echo Response from server is incorrect, output:
cat /tmp/server_response cat /tmp/server_response
fi fi
echo ::set-output name=status_code::${status_code} echo "status_code=${status_code}" >> $GITHUB_OUTPUT
- name: Fail on bad response from server - name: Fail on bad response from server
if: steps.wait-server.outputs.status_code != '200' if: steps.wait-server.outputs.status_code != '200'
@ -389,20 +389,20 @@ jobs:
- name: Uploading cypress screenshots as an artifact - name: Uploading cypress screenshots as an artifact
if: failure() if: failure()
uses: actions/upload-artifact@v2 uses: actions/upload-artifact@v3.1.1
with: with:
name: cypress_screenshots name: cypress_screenshots
path: ${{ github.workspace }}/tests/cypress/screenshots path: ${{ github.workspace }}/tests/cypress/screenshots
- name: Uploading "cvat" container logs as an artifact - name: Uploading "cvat" container logs as an artifact
if: failure() if: failure()
uses: actions/upload-artifact@v2 uses: actions/upload-artifact@v3.1.1
with: with:
name: cvat_container_logs name: cvat_container_logs
path: ${{ github.workspace }}/tests/cvat.log path: ${{ github.workspace }}/tests/cvat.log
- name: Uploading code coverage results as an artifact - name: Uploading code coverage results as an artifact
uses: actions/upload-artifact@v2 uses: actions/upload-artifact@v3.1.1
with: with:
name: coverage_results name: coverage_results
path: ${{ github.workspace }}/tests/.nyc_output path: ${{ github.workspace }}/tests/.nyc_output

2
.github/workflows/stylelint.yml vendored
Unescape Escape View File

@ -41,7 +41,7 @@ jobs:
- name: Upload artifacts - name: Upload artifacts
if: failure() if: failure()
uses: actions/upload-artifact@v2 uses: actions/upload-artifact@v3.1.1
with: with:
name: stylelint_report name: stylelint_report
path: stylelint_report path: stylelint_report

29
.github/workflows/update-yarn-lock.yml vendored
Unescape Escape View File

@ -0,0 +1,29 @@
# The purpose of this workflow: update yarn.lock file for PRs that come from Snyk
name: Update yarn.lock file
on:
pull_request:
types: ['opened', 'reopened']
paths:
- '**/package.json'
- 'package.json'
branches:
- 'develop'
jobs:
update:
if: startsWith(github.event.pull_request.head.ref, 'snyk-')
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: '16.x'
- name: Update yarn.lock file
run: yarn
- uses: stefanzweifel/git-auto-commit-action@v4.15.2
with:
commit_message: Update yarn.lock file
file_pattern: yarn.lock
Write Preview
Loading…
Cancel
Save