Merge pull request #259 from hms-dbmi/development

Development
hms-dbmi · Apr 22, 2024 · 5022184 · 5022184
2 parents 0863428 + e4e8a23
commit 5022184
Show file tree

Hide file tree

Showing 4 changed files with 42 additions and 163 deletions.
diff --git a/.github/workflows/requirements-update.yml b/.github/workflows/requirements-update.yml
@@ -6,55 +6,7 @@ on:
   workflow_dispatch:
 
 jobs:
-
-  stale:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/stale@v4
-        with:
-          only-labels: dependencies,automated pr
-          stale-pr-message: 'This PR is stale because it has been open 7 days with no activity. Remove stale label or comment or this will be closed in 7 days.'
-          close-pr-message: 'This PR was closed because it has been stalled for 7 days with no activity.'
-          days-before-pr-stale: 7
-          days-before-pr-close: 7
-          delete-branch: true
-
-  build:
-    runs-on: ubuntu-latest
-
-    steps:
-    - name: Checkout
-      uses: actions/checkout@v2
-      with:
-        ref: development
-
-    - name: Setup python
-      uses: actions/setup-python@v2
-      with:
-        python-version: '3.12'
-
-    - name: Install dev Python packages
-      run: |
-        python -m pip install --upgrade pip
-        pip install -r dev-requirements.txt
-
-    - name: Check for pip-tools upgrades
-      run: |
-        pip-compile --generate-hashes \
-          --allow-unsafe \
-          --upgrade \
-          --output-file requirements.txt requirements.in
-
-    - name: Create Pull Request
-      uses: peter-evans/create-pull-request@v3
-      with:
-        token: ${{ secrets.GITHUB_TOKEN }}
-        base: development
-        branch: requirements-updates
-        branch-suffix: timestamp
-        delete-branch: true
-        commit-message: "fix(requirements): Updated Python requirements"
-        title: 'Python Requirements Updates'
-        body: >
-          This PR is auto-generated by Github Actions job [requirements-update].
-        labels: dependencies, automated pr
+  scan:
+    uses: hms-dbmi/actions/.github/workflows/requirements-update.yml@main
+    secrets:
+      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml
@@ -10,58 +10,11 @@ on:
   workflow_dispatch:
 
 jobs:
-
   scan:
-    runs-on: ubuntu-latest
-
-    steps:
-    - name: Checkout
-      uses: actions/checkout@v2
-
-    - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v1
-
-    - name: Login to DockerHub
-      uses: docker/login-action@v1
-      with:
-        username: ${{ secrets.DOCKER_HUB_USERNAME }}
-        password: ${{ secrets.DOCKER_HUB_PASSWORD }}
-
-    - name: Set image name
-      id: setimagename
-      run: |
-          echo "Image name: $GITHUB_REPOSITORY:$GITHUB_SHA"
-          echo "::set-output name=imagename::$GITHUB_REPOSITORY:$GITHUB_SHA"
-
-    - name: Build the image
-      id: buildimage
-      uses: docker/build-push-action@v2
-      with:
-        context: ./
-        file: ./Dockerfile
-        push: false
-        tags: ${{ steps.setimagename.outputs.imagename }}
-
-    - name: Check whether container scanning should be enabled
-      id: checkcontainerscanning
-      env:
-          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-      run: |
-          echo "Enable container scanning: ${{ env.SNYK_TOKEN != '' }}"
-          echo "::set-output name=enabled::${{ env.SNYK_TOKEN != '' }}"
-
-    - name: Run Snyk to check Docker image for vulnerabilities
-      uses: snyk/actions/docker@master
-      if: steps.checkcontainerscanning.outputs.enabled == 'true'
-      continue-on-error: true
-      env:
-        SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-      with:
-        image: ${{ steps.setimagename.outputs.imagename }}
-        args: --file=Dockerfile
-
-    - name: Upload result to GitHub Code Scanning
-      uses: github/codeql-action/upload-sarif@v1
-      if: steps.checkcontainerscanning.outputs.enabled == 'true'
-      with:
-        sarif_file: snyk.sarif
+    uses: hms-dbmi/actions/.github/workflows/scan.yml@main
+    secrets:
+      DOCKER_HUB_USERNAME: ${{ secrets.BLHMSDBMI_DOCKERHUB_USERNAME }}
+      DOCKER_HUB_PASSWORD: ${{ secrets.BLHMSDBMI_DOCKERHUB_PASSWORD }}
+    with:
+      repository: ${{ github.repository }}
+      commit: ${{ github.sha }}
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -1,44 +1,18 @@
-name: Test
+name: Test Image Build
 
 on:
   push:
     branches: [ master, development ]
   pull_request:
     branches: [ master, development ]
-    paths:
-      - 'requirements.in'
-      - 'requirements.txt'
-      - 'Dockerfile'
+  workflow_dispatch:
 
 jobs:
-
-  build:
-    runs-on: ubuntu-latest
-
-    steps:
-    - name: Checkout
-      uses: actions/checkout@v2
-
-    - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v1
-
-    - name: Login to DockerHub
-      uses: docker/login-action@v1
-      with:
-        username: ${{ secrets.DOCKER_HUB_USERNAME }}
-        password: ${{ secrets.DOCKER_HUB_PASSWORD }}
-
-    - name: Set image name
-      id: setimagename
-      run: |
-          echo "Image name: $GITHUB_REPOSITORY:$GITHUB_SHA"
-          echo "::set-output name=imagename::$GITHUB_REPOSITORY:$GITHUB_SHA"
-
-    - name: Build the image
-      id: buildimage
-      uses: docker/build-push-action@v2
-      with:
-        context: ./
-        file: ./Dockerfile
-        push: false
-        tags: ${{ steps.setimagename.outputs.imagename }}
+  test:
+    uses: hms-dbmi/actions/.github/workflows/test-image-build.yml@main
+    secrets:
+      DOCKER_HUB_USERNAME: ${{ secrets.BLHMSDBMI_DOCKERHUB_USERNAME }}
+      DOCKER_HUB_PASSWORD: ${{ secrets.BLHMSDBMI_DOCKERHUB_PASSWORD }}
+    with:
+      repository: ${{ github.repository }}
+      commit: ${{ github.sha }}
diff --git a/requirements.txt b/requirements.txt
@@ -20,13 +20,13 @@ boto==2.49.0 \
     --hash=sha256:147758d41ae7240dc989f0039f27da8ca0d53734be0eb869ef16e3adcfa462e8 \
     --hash=sha256:ea0d3b40a2d852767be77ca343b58a9e3a4b00d9db440efb8da74b4e58025e5a
     # via -r requirements.in
-boto3==1.34.69 \
-    --hash=sha256:2e25ef6bd325217c2da329829478be063155897d8d3b29f31f7f23ab548519b1 \
-    --hash=sha256:898a5fed26b1351352703421d1a8b886ef2a74be6c97d5ecc92432ae01fda203
+boto3==1.34.88 \
+    --hash=sha256:168894499578a9d69d6f7deb5811952bf4171c51b95749a9aef32cf67bc71f87 \
+    --hash=sha256:1bd4cef11b7c5f293cede50f3d33ca89fe3413c51f1864f40163c56a732dd6b3
     # via -r requirements.in
-botocore==1.34.69 \
-    --hash=sha256:d1ab2bff3c2fd51719c2021d9fa2f30fbb9ed0a308f69e9a774ac92c8091380a \
-    --hash=sha256:d3802d076d4d507bf506f9845a6970ce43adc3d819dd57c2791f5c19ed6e5950
+botocore==1.34.88 \
+    --hash=sha256:36f2e9e8dfa856e55dbbe703aea601f134db3fddc3615f1020a755b27fd26a5e \
+    --hash=sha256:e87a660599ed3e14b2a770f4efc3df2f2f6d04f3c7bfd64ddbae186667864a7b
     # via
     #   boto3
     #   s3transfer
@@ -269,9 +269,9 @@ django-ipware==4.0.2 \
     --hash=sha256:602a58325a4808bd19197fef2676a0b2da2df40d0ecf21be414b2ff48c72ad05 \
     --hash=sha256:878dbb06a87e25550798e9ef3204ed70a200dd8b15e47dcef848cf08244f04c9
     # via django-axes
-django-picklefield==3.1 \
-    --hash=sha256:c786cbeda78d6def2b43bff4840d19787809c8909f7ad683961703060398d356 \
-    --hash=sha256:d77c504df7311e8ec14e8b779f10ca6fec74de6c7f8e2c136e1ef60cf955125d
+django-picklefield==3.2 \
+    --hash=sha256:aa463f5d79d497dbe789f14b45180f00a51d0d670067d0729f352a3941cdfa4d \
+    --hash=sha256:e9a73539d110f69825d9320db18bcb82e5189ff48dbed41821c026a20497764c
     # via
     #   -r requirements.in
     #   django-q
@@ -300,9 +300,9 @@ furl==2.1.3 \
     --hash=sha256:5a6188fe2666c484a12159c18be97a1977a71d632ef5bb867ef15f54af39cc4e \
     --hash=sha256:9ab425062c4217f9802508e45feb4a83e54324273ac4b202f1850363309666c0
     # via django-dbmi-client
-idna==3.6 \
-    --hash=sha256:9ecdbbd083b06798ae1e86adcbfe8ab1479cf864e4ee30fe4e46a003d12491ca \
-    --hash=sha256:c05567e9c24a6b9faaa835c4821bad0590fbb9d5779e7caa6e1cc4978e7eb24f
+idna==3.7 \
+    --hash=sha256:028ff3aadf0609c1fd278d8ea3089299412a7a8b9bd005dd08b9f8285bcb5cfc \
+    --hash=sha256:82fee1fc78add43492d3a1898bfa6d8a904cc97d8427f683ed8e798d07761aa0
     # via requests
 jmespath==1.0.1 \
     --hash=sha256:02e2e4cc71b5bcab88332eebf907519190dd9e6e82107fa7f83b1003a6252980 \
@@ -329,9 +329,9 @@ orderedmultidict==1.0.1 \
     --hash=sha256:04070bbb5e87291cc9bfa51df413677faf2141c73c61d2a5f7b26bea3cd882ad \
     --hash=sha256:43c839a17ee3cdd62234c47deca1a8508a3f2ca1d0678a3bf791c87cf84adbf3
     # via furl
-pycparser==2.21 \
-    --hash=sha256:8ee45429555515e1f6b185e78100aea234072576aa43ab53aefcae078162fca9 \
-    --hash=sha256:e644fdec12f7872f86c58ff790da456218b10f863970249516d60a5eaca77206
+pycparser==2.22 \
+    --hash=sha256:491c8be9c040f5390f5bf44a5b07752bd07f56edf992381b05c701439eec10f6 \
+    --hash=sha256:c3702b6d3dd8c7abc1afa565d7e63d53a1d0bd86cdc24edd75470f4de499cfcc
     # via cffi
 pyjwt==2.8.0 \
     --hash=sha256:57e28d156e3d5c10088e0c68abb90bfac3df82b40a71bd0daa20c65ccd5c23de \
@@ -429,9 +429,9 @@ six==1.16.0 \
     #   furl
     #   orderedmultidict
     #   python-dateutil
-sqlparse==0.4.4 \
-    --hash=sha256:5430a4fe2ac7d0f93e66f1efc6e1338a41884b7ddf2a350cedd20ccc4d9d28f3 \
-    --hash=sha256:d446183e84b8349fa3061f0fe7f06ca94ba65b426946ffebe6e3e8295332420c
+sqlparse==0.5.0 \
+    --hash=sha256:714d0a4932c059d16189f58ef5411ec2287a4360f17cdd0edd2d09d4c5087c93 \
+    --hash=sha256:c204494cd97479d0e39f28c93d46c0b2d5959c7b9ab904762ea6c7af211c8663
     # via django
 types-python-dateutil==2.9.0.20240316 \
     --hash=sha256:5d2f2e240b86905e40944dd787db6da9263f0deabef1076ddaed797351ec0202 \
@@ -449,7 +449,7 @@ wcwidth==0.2.13 \
     # via blessed
 
 # The following packages are considered to be unsafe in a requirements file:
-setuptools==69.2.0 \
-    --hash=sha256:0ff4183f8f42cd8fa3acea16c45205521a4ef28f73c6391d8a25e92893134f2e \
-    --hash=sha256:c21c49fb1042386df081cb5d86759792ab89efca84cf114889191cd09aacc80c
+setuptools==69.5.1 \
+    --hash=sha256:6c1fccdac05a97e598fb0ae3bbed5904ccb317337a51139dcd51453611bbb987 \
+    --hash=sha256:c636ac361bc47580504644275c9ad802c50415c7522212252c033bd15f301f32
     # via django-axes