[Snyk] Security upgrade jsonpickle from 2.0.0 to 3.3.0 #379
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Continuous Integration | |
on: [pull_request] | |
env: | |
GDRIVE_CREDENTIALS: ${{ secrets.GDRIVE_CREDENTIALS }} | |
MAILCHIMP_LIST: ${{ secrets.MAILCHIMP_LIST }} | |
MAILCHIMP_API_KEY: ${{ secrets.MAILCHIMP_API_KEY }} | |
ALGOLIA_APP_ID: ${{ secrets.ALGOLIA_APP_ID }} | |
ALGOLIA_SEARCH_KEY: ${{ secrets.ALGOLIA_SEARCH_KEY }} | |
ALGOLIA_DOCS_INDEX: ${{ secrets.ALGOLIA_DOCS_INDEX }} | |
RASA_X_HOST: ${{ secrets.RASA_X_DOMAIN }} | |
RASA_X_PASSWORD: ${{ secrets.RASA_X_PASSWORD }} | |
RASA_X_USERNAME: ${{ secrets.RASA_X_USERNAME }} | |
RASA_X_HOST_SCHEMA: ${{ secrets.RASA_X_HOST_SCHEMA }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
TRACKER_DB_URL: ${{ secrets.TRACKER_DB_URL }} | |
# Due to the issue with openssl library for Google Cloud SDK (gcloud) | |
# (https://github.com/GoogleCloudPlatform/github-actions/issues/128) | |
# we use 297.0.01 version | |
GCLOUD_VERSION: "297.0.1" | |
concurrency: | |
group: ci-${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
check_changed_files: | |
name: Check for file changes | |
runs-on: ubuntu-20.04 | |
outputs: | |
nlu: ${{ steps.changed-files.outputs.nlu }} | |
core: ${{ steps.changed-files.outputs.core }} | |
training: ${{ steps.changed-files.outputs.training }} | |
actions: ${{ steps.changed-files.outputs.actions }} | |
steps: | |
# Due to an issue with checking out a wrong commit, we make sure | |
# to checkout HEAD commit for a pull request. | |
# More details: https://github.com/actions/checkout/issues/299 | |
- name: Checkout pull request HEAD commit instead of merge commit | |
uses: actions/checkout@v2 | |
if: github.event_name == 'pull_request' | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
- name: Checkout git repository | |
uses: actions/checkout@v2 | |
if: github.event_name != 'pull_request' | |
- uses: RasaHQ/pr-changed-files-filter@c4f7116a04b8a4596313469429e2ad235f59d9c4 | |
id: changed-files | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
filters: .github/change_filters.yml | |
base: ${{ github.ref }} | |
lint-testing: | |
name: Code Formatting Tests | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout pull request HEAD commit instead of merge commit | |
uses: actions/checkout@v2 | |
if: github.event_name == 'pull_request' | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
- name: Checkout git repository | |
uses: actions/checkout@v2 | |
if: github.event_name != 'pull_request' | |
- name: Set up Python 3.7 | |
uses: actions/setup-python@v1 | |
with: | |
python-version: 3.7 | |
- name: Install dependencies | |
run: | | |
python -m pip install --upgrade "pip<20" | |
pip install -r requirements-dev.txt | |
- name: Code Formatting Tests | |
run: | | |
echo "------------------------------------" | |
echo "/usr/bin/git log -1 --format='%H'" | |
/usr/bin/git log -1 --format='%H' | |
echo "------------------------------------" | |
make lint | |
type-testing: | |
name: Type Tests | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout pull request HEAD commit instead of merge commit | |
uses: actions/checkout@v2 | |
if: github.event_name == 'pull_request' | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
- name: Checkout git repository | |
uses: actions/checkout@v2 | |
if: github.event_name != 'pull_request' | |
- name: Set up Python 3.7 | |
uses: actions/setup-python@v1 | |
with: | |
python-version: 3.7 | |
- name: Install dependencies | |
run: | | |
python -m pip install --upgrade "pip<20" | |
pip install -r requirements-dev.txt | |
- name: Type Checking | |
run: | | |
pip list | |
make types | |
action-unit-tests: | |
needs: | |
- lint-testing | |
- type-testing | |
name: Custom Action Unit Tests | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout pull request HEAD commit instead of merge commit | |
uses: actions/checkout@v2 | |
if: github.event_name == 'pull_request' | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
- name: Checkout git repository | |
uses: actions/checkout@v2 | |
if: github.event_name != 'pull_request' | |
- name: Set up Python 3.7 | |
uses: actions/setup-python@v1 | |
with: | |
python-version: 3.7 | |
- name: Install dependencies | |
run: | | |
make install-dev | |
- name: Unit Tests | |
run: | | |
make test-actions | |
data-validation: | |
name: Data Validation | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout pull request HEAD commit instead of merge commit | |
uses: actions/checkout@v2 | |
if: github.event_name == 'pull_request' | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
- name: Checkout git repository | |
uses: actions/checkout@v2 | |
if: github.event_name != 'pull_request' | |
- name: Set up Python 3.7 | |
uses: actions/setup-python@v1 | |
with: | |
python-version: 3.7 | |
- name: Install dependencies | |
run: | | |
python -m pip install --upgrade "pip<20" | |
pip install -r requirements-dev.txt | |
- name: Rasa Data Validation | |
run: | | |
rasa data validate --debug | |
training-testing: | |
name: Test Model | |
runs-on: ubuntu-latest | |
needs: | |
- data-validation | |
- check_changed_files | |
if: ${{ needs.check_changed_files.outputs.training == 'true' }} | |
steps: | |
- name: Cancel Previous Runs | |
uses: styfle/[email protected] | |
with: | |
access_token: ${{ github.token }} | |
- name: Checkout pull request HEAD commit instead of merge commit | |
uses: actions/checkout@v2 | |
if: github.event_name == 'pull_request' | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
- name: Checkout git repository | |
uses: actions/checkout@v2 | |
if: github.event_name != 'pull_request' | |
- name: Set up Python 3.7 | |
uses: actions/setup-python@v1 | |
with: | |
python-version: 3.7 | |
- name: Install dependencies | |
run: | | |
python -m pip install --upgrade "pip<20" | |
pip install -r requirements-dev.txt | |
rasa --version | |
- name: Cross-validate NLU model | |
id: cvnlu | |
if: contains( github.event.pull_request.labels.*.name, 'nlu_testing_required' ) | |
run: | | |
rasa --version | |
rasa test nlu -f 3 --cross-validation --config config_nlu_testing.yml | |
python .github/workflows/format_results.py | |
- name: post cross-val results to PR | |
if: steps.cvnlu.outcome == 'success' | |
uses: amn41/comment-on-pr@comment-file-contents | |
continue-on-error: true | |
with: | |
msg: results.md | |
- name: Train Model | |
run: | | |
rasa --version | |
rasa train | |
- name: Test End 2 End Stories | |
if: ${{ needs.check_changed_files.outputs.core == 'true' }} | |
run: | | |
rasa --version | |
rasa test --stories tests/test_conversations.yml --fail-on-prediction-errors | |
- name: Wait for the conclusion of all other workflow runs | |
# upload model from PR | |
if: github.event_name == 'pull_request' | |
id: check-runs-conclusion | |
env: | |
WAIT_INTERVAL_SECS: 10 | |
timeout-minutes: 20 | |
run: | | |
while true; do | |
# Get a list of checks information, excluding training-testing and build-images | |
CHECKS_LIST=$(gh api /repos/${{ github.repository }}/commits/${{ github.event.pull_request.head.sha }}/check-runs --jq '.check_runs.[] | select(.name != "Test Model" and .name != "Build Action Server Image")') | |
# Get the status and conclusion of echo jobs | |
STATUS_LIST=$(echo $CHECKS_LIST | jq -r '.status') | |
CONCLUSION_LIST=$(echo $CHECKS_LIST | jq -r '.conclusion') | |
# Make sure all other check runs are completed | |
if [[ "$(echo $STATUS_LIST | tr ' ' '\n' | sort | uniq)" == "completed" ]]; then | |
# Check the conclusion of all other check runs | |
# Fail the step if there is any failture | |
if [[ "$(echo CONCLUSION_LIST | tr ' ' '\n' | sort | uniq)" =~ "failure" ]]; then | |
echo "::error:: Some check runs failed. Skip uploading model." | |
exit 1 | |
else | |
echo "All other check runs are successed." | |
echo "::set-output name=upload-model::true" | |
exit 0 | |
fi | |
fi | |
sleep $WAIT_INTERVAL_SECS | |
echo "Wait for $WAIT_INTERVAL_SECS seconds..." | |
done | |
- name: Set model name from Rasa version | |
if: | | |
github.event_name == 'pull_request' && | |
steps.check-runs-conclusion.outputs.upload-model == 'true' | |
run: | | |
python -c "import rasa; open('rasaversion.txt','w+').write(rasa.__version__)" | |
rasa_version=`cat rasaversion.txt` | |
model_path=`ls models/*.tar.gz | head -n 1` | |
model_timestamp=$(basename "$model_path" .tar.gz) | |
model_name="$model_timestamp"_rasa"$rasa_version" | |
renamed_model_path=models/"$model_name".tar.gz | |
mv $model_path $renamed_model_path | |
echo "MODEL_NAME=${model_name}" >> $GITHUB_ENV | |
echo "MODEL_PATH=${renamed_model_path}" >> $GITHUB_ENV | |
- uses: google-github-actions/setup-gcloud@master | |
if: | | |
(github.event_name == 'pull_request' && | |
contains( github.event.pull_request.labels.*.name, 'upload_model' )) || | |
steps.check-runs-conclusion.outputs.upload-model == 'true' | |
name: Authenticate with gcloud 🎫 | |
with: | |
version: "${{ env.GCLOUD_VERSION }}" | |
service_account_email: ${{ secrets.SARA_GKE_SERVICE_ACCOUNT_NAME }} | |
service_account_key: ${{ secrets.SARA_GKE_SERVICE_ACCOUNT_KEY }} | |
- name: Upload model to storage bucket | |
if: | | |
(github.event_name == 'pull_request' && | |
contains( github.event.pull_request.labels.*.name, 'upload_model' )) || | |
steps.check-runs-conclusion.outputs.upload-model == 'true' | |
run: gsutil cp "${MODEL_PATH}" ${{ secrets.STORAGE_BUCKET_URL }}/rasa_demo_models | |
build-images: | |
name: Build Action Server Image | |
needs: | |
- lint-testing | |
- type-testing | |
- training-testing | |
- check_changed_files | |
if: ${{ needs.check_changed_files.outputs.actions == 'true' }} | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout pull request HEAD commit instead of merge commit | |
uses: actions/checkout@v2 | |
if: github.event_name == 'pull_request' | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
- name: Checkout git repository | |
uses: actions/checkout@v2 | |
if: github.event_name != 'pull_request' | |
- name: Authenticate with gcloud 🎫 | |
uses: google-github-actions/setup-gcloud@daadedc81d5f9d3c06d2c92f49202a3cc2b919ba | |
with: | |
version: ${{ env.GCLOUD_VERSION }} | |
service_account_key: ${{ secrets.GCLOUD_AUTH }} | |
- name: Configure Docker to use Google Cloud Platform | |
run: | | |
gcloud auth configure-docker | |
- name: Pull Latest Image | |
run: | | |
docker pull gcr.io/replicated-test/rasa-demo:latest || true | |
- name: Build Image | |
run: | | |
docker build --cache-from gcr.io/replicated-test/rasa-demo:latest . |