Skip to content

build(deps): bump cryptography in /unfurl/templates/python3.10 #1226

build(deps): bump cryptography in /unfurl/templates/python3.10

build(deps): bump cryptography in /unfurl/templates/python3.10 #1226

Workflow file for this run

name: Test and Build
on: [push]
env:
# NOTE keep versions in sync with version in TOSCA templates
TERRAFORM_VERSION: 1.1.4 # sync with tosca_plugins/artifacts.yaml
HELM_VERSION: 3.7.1 # sync with configurators/helm-template.yaml
GCLOUD_VERSION: 398.0.0 # sync with tosca_plugins/artifacts.yaml and Dockerfile
KOMPOSE_VERSION: v1.26.1 # sync with Dockerfile
KUBECTL_VERSION: v1.24.2
K3D_VERSION: v4.4.6
jobs:
test:
runs-on: ubuntu-latest
strategy:
matrix:
python: [3.7, 3.8, 3.9, "3.10", "3.11.0"]
env:
TOX_SKIP_ENV: .+(docker|lock)
UNFURL_LOGGING: info
steps:
- uses: actions/checkout@v3
with:
submodules: recursive
fetch-depth: 0
- name: Setup Python
uses: actions/setup-python@v4
with:
python-version: ${{ matrix.python }}
check-latest: true
- name: Setup Terraform
uses: hashicorp/setup-terraform@v2
with:
terraform_version: ${{ env.TERRAFORM_VERSION }}
terraform_wrapper: false
- name: Setup helm
uses: azure/setup-helm@v3
with:
version: ${{ env.HELM_VERSION }}
- name: Setup kubectl
uses: azure/setup-kubectl@v3
with:
version: ${{ env.KUBECTL_VERSION }}
- name: Setup kompose
run: |
wget https://github.com/kubernetes/kompose/releases/download/${KOMPOSE_VERSION}/kompose-linux-amd64
chmod +x kompose-linux-amd64
sudo mv kompose-linux-amd64 /usr/local/bin/kompose
- name: Setup k3d
run: |
wget https://github.com/rancher/k3d/releases/download/"${{ env.K3D_VERSION }}"/k3d-linux-amd64
chmod +x k3d-linux-amd64
sudo mv k3d-linux-amd64 /usr/local/bin/k3d
- name: Set up the cluster
run: |
k3d cluster create
kubectl get node
k3d kubeconfig merge --all -d
kubectl config view
- name: Install Tox and any other packages
run: pip install tox==3.28.0
- name: Run mypy and Tox
# Run tox using the version of Python in `PATH`
run: |
git config --global user.email "[email protected]"
git config --global user.name "Test Robot"
git config --global push.autoSetupRemote true
git config --global init.defaultBranch main
export PY_V=py3`python -c "import sys; print(sys.version_info.minor, end='')"`
tox -c tosca-parser/tox.ini -e $PY_V
tox -e $PY_V -- -n auto --dist loadfile
.tox/$PY_V/bin/mypy unfurl
- name: build docs
if: matrix.python == 3.9
run: tox -e docs -- -W
- name: upload docs
if: matrix.python == 3.9
uses: actions/upload-artifact@v3
with:
name: DocumentationHTML
path: .tox/docs/html/
publish_dockerhub:
needs: test
if: github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
env:
DOCKERHUB_USER: "ocbuilds"
# Map a step output to a job output
outputs:
release: ${{ steps.get_tag_name.outputs.release }}
steps:
- name: Login to DockerHub
uses: docker/login-action@v2
with:
username: ${{ env.DOCKERHUB_USER }}
password: ${{ secrets.DOCKER_HUB }}
- name: Fetch repo
uses: actions/checkout@v3
with:
submodules: recursive
fetch-depth: 0
- name: Get the tag name or abbreviated commit digest
id: get_tag_name
run: |
label=$(git describe --contains --always)
echo "tag=${label%^0}" >> $GITHUB_OUTPUT
if [[ $label =~ ^v[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,4}.0$ ]]; then
echo "release=true" >> $GITHUB_OUTPUT
fi
- name: Docker meta
id: meta
uses: docker/metadata-action@v4
with:
images: |
onecommons/unfurl
tags: |
type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }}
type=raw,value=stable,enable=${{ steps.get_tag_name.outputs.release || 'false' }}
type=raw,value=${{ steps.get_tag_name.outputs.tag }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Build and push
id: docker_build
uses: docker/build-push-action@v4
with:
context: ./
file: ./docker/Dockerfile
push: true
build-args: |
HELM_VERSION=${{ env.HELM_VERSION }}
TERRAFORM_VERSION=${{ env.TERRAFORM_VERSION }}
GCLOUD_VERSION=${{ env.GCLOUD_VERSION }}
KOMPOSE_VERSION=${{ env.KOMPOSE_VERSION }}
tags: ${{ steps.meta.outputs.tags }}
cache-from: type=gha
cache-to: type=gha,mode=max
publish_dockerhub_server:
needs: test
if: github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
env:
DOCKERHUB_USER: "ocbuilds"
steps:
- name: Login to DockerHub
uses: docker/login-action@v2
with:
username: ${{ env.DOCKERHUB_USER }}
password: ${{ secrets.DOCKER_HUB }}
- name: Fetch repo
uses: actions/checkout@v3
with:
submodules: recursive
fetch-depth: 0
- name: Get the tag name or abbreviated commit digest
id: get_tag_name
run: |
label=$(git describe --contains --always)
echo "tag=${label%^0}" >> $GITHUB_OUTPUT
if [[ $label =~ ^v[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,4}.0$ ]]; then
echo "release=true" >> $GITHUB_OUTPUT
fi
- name: Docker meta for unfurl server
id: meta_server
uses: docker/metadata-action@v4
with:
images: |
onecommons/unfurl
tags: |
type=raw,value=latest-server,enable=${{ github.ref == format('refs/heads/{0}', 'main') }}
type=raw,value=stable-server,enable=${{ steps.get_tag_name.outputs.release || 'false' }}
type=raw,value=${{ steps.get_tag_name.outputs.tag }}-server
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Build and push unfurl server
id: docker_build_server
uses: docker/build-push-action@v4
with:
context: ./
file: ./docker/Dockerfile.server
push: true
tags: ${{ steps.meta_server.outputs.tags }}
cache-from: type=gha
cache-to: type=gha,mode=max
publish_dockerhub_podman:
needs: publish_dockerhub
if: github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
env:
DOCKERHUB_USER: "ocbuilds"
steps:
- name: Login to DockerHub
uses: docker/login-action@v2
with:
username: ${{ env.DOCKERHUB_USER }}
password: ${{ secrets.DOCKER_HUB }}
- name: fetch repo
uses: actions/checkout@v3
with:
submodules: recursive
fetch-depth: 0
- name: Get the tag name or abbreviated commit digest
id: get_tag_name
run: |
label=$(git describe --contains --always)
echo "tag=${label%^0}" >> $GITHUB_OUTPUT
if [[ $label =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,4}.0$ ]]; then
echo "release=true" >> $GITHUB_OUTPUT
fi
- name: Docker meta
id: meta
uses: docker/metadata-action@v4
with:
images: |
onecommons/unfurl
tags: |
type=raw,value=latest-podman,enable=${{ github.ref == format('refs/heads/{0}', 'main') }}
type=raw,value=stable-podman,enable=${{ steps.get_tag_name.outputs.release || 'false' }}
type=raw,value=${{ steps.get_tag_name.outputs.tag }}-podman
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Build and push
id: docker_build
uses: docker/build-push-action@v4
with:
context: ./
file: ./docker/Dockerfile.podman
push: true
build-args: |
HELM_VERSION=${{ env.HELM_VERSION }}
TERRAFORM_VERSION=${{ env.TERRAFORM_VERSION }}
GCLOUD_VERSION=${{ env.GCLOUD_VERSION }}
KOMPOSE_VERSION=${{ env.KOMPOSE_VERSION }}
UNFURL_TAG=${{ steps.get_tag_name.outputs.tag }}
tags: ${{ steps.meta.outputs.tags }}
cache-from: type=gha
cache-to: type=gha,mode=max
publish_pypi:
needs: publish_dockerhub
if: needs.publish_dockerhub.outputs.release
runs-on: ubuntu-latest
steps:
- name: fetch repo
uses: actions/checkout@v3
with:
submodules: recursive
fetch-depth: 0
- name: build python package
run: python setup.py sdist bdist_wheel
- name: release to pypi
uses: pypa/[email protected]
with:
user: __token__
password: ${{ secrets.PYPI }}
verbose: true
docs:
needs: publish_dockerhub
if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/publish-docs'
runs-on: ubuntu-latest
steps:
- name: Download documentation
uses: actions/download-artifact@v3
with:
name: DocumentationHTML
path: build
- name: Commit documentation changes
run: |
git clone ${{github.server_url}}/${{github.repository}} --branch gh-pages --single-branch gh-pages
cp -r build/* gh-pages/
cd gh-pages
touch .nojekyll
git config --local user.email "[email protected]"
git config --local user.name "GitHub Action"
git add .
git commit -m "Update documentation" -a || true
# The above command will fail if no changes were present, so we ignore
# that.
- name: Push docs to gh-pages branch
uses: ad-m/github-push-action@master
with:
branch: gh-pages
directory: gh-pages
github_token: ${{ secrets.GITHUB_TOKEN }}