Skip to content

Commit

Permalink
Merge pull request #253 from hms-dbmi/fix-actions
Browse files Browse the repository at this point in the history
develop(actions): Configured Actions to use shared workflows from 'hms-dbmi/actions'
  • Loading branch information
b32147 authored Apr 9, 2024
2 parents cdfe1cb + e94bb73 commit a901180
Show file tree
Hide file tree
Showing 3 changed files with 22 additions and 142 deletions.
56 changes: 4 additions & 52 deletions .github/workflows/requirements-update.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,55 +6,7 @@ on:
workflow_dispatch:

jobs:

stale:
runs-on: ubuntu-latest
steps:
- uses: actions/stale@v4
with:
only-labels: dependencies,automated pr
stale-pr-message: 'This PR is stale because it has been open 7 days with no activity. Remove stale label or comment or this will be closed in 7 days.'
close-pr-message: 'This PR was closed because it has been stalled for 7 days with no activity.'
days-before-pr-stale: 7
days-before-pr-close: 7
delete-branch: true

build:
runs-on: ubuntu-latest

steps:
- name: Checkout
uses: actions/checkout@v2
with:
ref: development

- name: Setup python
uses: actions/setup-python@v2
with:
python-version: '3.12'

- name: Install dev Python packages
run: |
python -m pip install --upgrade pip
pip install -r dev-requirements.txt
- name: Check for pip-tools upgrades
run: |
pip-compile --generate-hashes \
--allow-unsafe \
--upgrade \
--output-file requirements.txt requirements.in
- name: Create Pull Request
uses: peter-evans/create-pull-request@v3
with:
token: ${{ secrets.GITHUB_TOKEN }}
base: development
branch: requirements-updates
branch-suffix: timestamp
delete-branch: true
commit-message: "fix(requirements): Updated Python requirements"
title: 'Python Requirements Updates'
body: >
This PR is auto-generated by Github Actions job [requirements-update].
labels: dependencies, automated pr
scan:
uses: hms-dbmi/actions/.github/workflows/requirements-update.yml@main
secrets:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
62 changes: 8 additions & 54 deletions .github/workflows/scan.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,58 +10,12 @@ on:
workflow_dispatch:

jobs:

scan:
runs-on: ubuntu-latest

steps:
- name: Checkout
uses: actions/checkout@v2

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1

- name: Login to DockerHub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_PASSWORD }}

- name: Set image name
id: setimagename
run: |
echo "Image name: $GITHUB_REPOSITORY:$GITHUB_SHA"
echo "::set-output name=imagename::$GITHUB_REPOSITORY:$GITHUB_SHA"
- name: Build the image
id: buildimage
uses: docker/build-push-action@v2
with:
context: ./
file: ./Dockerfile
push: false
tags: ${{ steps.setimagename.outputs.imagename }}

- name: Check whether container scanning should be enabled
id: checkcontainerscanning
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
run: |
echo "Enable container scanning: ${{ env.SNYK_TOKEN != '' }}"
echo "::set-output name=enabled::${{ env.SNYK_TOKEN != '' }}"
- name: Run Snyk to check Docker image for vulnerabilities
uses: snyk/actions/docker@master
if: steps.checkcontainerscanning.outputs.enabled == 'true'
continue-on-error: true
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
image: ${{ steps.setimagename.outputs.imagename }}
args: --file=Dockerfile

- name: Upload result to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v1
if: steps.checkcontainerscanning.outputs.enabled == 'true'
with:
sarif_file: snyk.sarif
uses: hms-dbmi/actions/.github/workflows/scan.yml@main
secrets:
DOCKER_HUB_USERNAME: ${{ secrets.DOCKER_HUB_USERNAME }}
DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }}
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
repository: ${{ github.repository }}
commit: ${{ github.sha }}
46 changes: 10 additions & 36 deletions .github/workflows/test.yml
Original file line number Diff line number Diff line change
@@ -1,44 +1,18 @@
name: Test
name: Test Image Build

on:
push:
branches: [ master, development ]
pull_request:
branches: [ master, development ]
paths:
- 'requirements.in'
- 'requirements.txt'
- 'Dockerfile'
workflow_dispatch:

jobs:

build:
runs-on: ubuntu-latest

steps:
- name: Checkout
uses: actions/checkout@v2

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1

- name: Login to DockerHub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_PASSWORD }}

- name: Set image name
id: setimagename
run: |
echo "Image name: $GITHUB_REPOSITORY:$GITHUB_SHA"
echo "::set-output name=imagename::$GITHUB_REPOSITORY:$GITHUB_SHA"
- name: Build the image
id: buildimage
uses: docker/build-push-action@v2
with:
context: ./
file: ./Dockerfile
push: false
tags: ${{ steps.setimagename.outputs.imagename }}
test:
uses: hms-dbmi/actions/.github/workflows/test-image-build.yml@main
secrets:
DOCKER_HUB_USERNAME: ${{ secrets.DOCKER_HUB_USERNAME }}
DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }}
with:
repository: ${{ github.repository }}
commit: ${{ github.sha }}

0 comments on commit a901180

Please sign in to comment.