Skip to content

Commit

Permalink
Merge pull request #841 from OasisLMF/release/1.28.0
Browse files Browse the repository at this point in the history 
Release 1.28.0
  • Loading branch information
@sambles
sambles authored Jul 14, 2023
2 parents 9029637 + e8f9335 commit fae54e2
Show file tree
Hide file tree
Showing 64 changed files with 2,006 additions and 3,211 deletions.
38 changes: 34 additions & 4 deletions .github/workflows/build-images.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,14 @@ on:
description: 'Severities of vulnerabilities to scanned for [LOW, MEDIUM, HIGH, CRITICAL, SKIP]'
required: false
default: 'CRITICAL,HIGH'
oasislmf_branch:
description: 'If set, pip install oasislmf branch [git ref]'
required: false
type: string
ods_branch:
description: 'If set, pip install ods-tools branch [git ref]'
required: false
type: string

workflow_call:
inputs:
Expand All @@ -35,6 +43,14 @@ on:
required: false
default: 'CRITICAL,HIGH'
type: string
oasislmf_branch:
description: 'If set, pip install oasislmf branch [git ref]'
required: false
type: string
ods_branch:
description: 'If set, pip install ods-tools branch [git ref]'
required: false
type: string

outputs:
server_image:
Expand Down Expand Up @@ -81,7 +97,7 @@ jobs:
tag: 'model_worker_deb-${{ github.sha }}'
file: 'Dockerfile.model_worker_debian'
report: 'worker-deb-scan.sarif'
dive: 'worker-deb--layers.txt'
dive: 'worker-deb-layers.txt'
exit-code: '0' # scan but don't fail

steps:
Expand Down Expand Up @@ -118,6 +134,9 @@ jobs:
context: .
push: ${{ env.DOCKER_PUSH }}
tags: ${{ env.IMAGE_REPO }}:${{ matrix.tag }}
build-args: |
oasislmf_branch=${{ inputs.oasislmf_branch }}
ods_tools_branch=${{ inputs.ods_branch }}
- name: Test image efficiency
if: env.SEVERITY != 'SKIP'
Expand All @@ -139,18 +158,29 @@ jobs:
- name: Vulnerability scanner
if: env.SEVERITY != 'SKIP'
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ env.IMAGE_REPO }}:${{ matrix.tag }}
scan-type: 'image'
exit-code: ${{ matrix.exit-code }}
ignore-unfixed: ${{ env.IGNORE_UNFIXED }}
severity: ${{ env.SEVERITY }}
scanners: 'vuln'

- name: Create Report
if: ( success() || failure() ) && env.SEVERITY != 'SKIP' && matrix.exit-code == '1'
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ env.IMAGE_REPO }}:${{ matrix.tag }}
format: 'sarif'
output: ${{ matrix.report }}
scan-type: 'image'
exit-code: ${{ matrix.exit-code }}
exit-code: '0'
ignore-unfixed: ${{ env.IGNORE_UNFIXED }}
severity: ${{ env.SEVERITY }}
security-checks: 'vuln'
scanners: 'vuln'

- name: Upload scan results to Security tab
if: ( success() || failure() ) && matrix.exit-code == '1' && env.SEVERITY != 'SKIP'
if: ( success() || failure() ) && env.SEVERITY != 'SKIP' && matrix.exit-code == '1'
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: ${{ matrix.report }}
Expand Down
55 changes: 46 additions & 9 deletions .github/workflows/build-schema.yml
View file
Original file line number Diff line number Diff line change
@@ -1,31 +1,69 @@
name: Platform Schema (OpenAPI)

on:
push:
branches:
- master
- develop
- backports**
pull_request:
branches:
- master
- develop
- backports**
workflow_dispatch:
inputs:
ods_branch:
description: 'If set, pip install ods-tools branch [git ref]'
required: false
workflow_call:

inputs:
ods_branch:
description: 'If set, pip install ods-tools branch [git ref]'
required: false
type: string

jobs:
ods_tools:
if: inputs.ods_branch != ''
uses: OasisLMF/ODS_Tools/.github/workflows/build.yml@develop
secrets: inherit
with:
ods_branch: ${{ github.event_name != 'workflow_dispatch' && 'develop' || inputs.ods_branch }}

schema:
if: ${{ ! failure() || ! cancelled() }}
needs: ods_tools
env:
SCHEMA: 'reports/openapi-schema.json'
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v3
with:
ref: ${{ github.ref_name }}

- name: Set up Python
run: |
mkdir -p $(dirname ${{ env.SCHEMA }})
sudo apt-get update && sudo apt-get upgrade -y
sudo apt-get install -y --no-install-recommends python3 python3-pip
- name: Set up Python 3.10
uses: actions/setup-python@v4
with:
python-version: '3.10'

- name: Install requirments
run: pip install -r requirements-server.txt

- name: Download package
if: needs.ods_tools.outputs.whl_filename != ''
uses: actions/download-artifact@v3
with:
name: bin_package
path: ${{ github.workspace }}/

- name: Install package
if: needs.ods_tools.outputs.whl_filename != ''
run: |
pip uninstall ods-tools -y
pip install ${{ needs.ods_tools.outputs.whl_filename }}
- name: Generate OpenAPI
run: |
test -d $(dirname ${{ env.SCHEMA }}) || mkdir -p $(dirname ${{ env.SCHEMA }})
python ./manage.py migrate
python ./manage.py generate_swagger ${{ env.SCHEMA }}
Expand All @@ -38,4 +76,3 @@ jobs:

- name: Test Schema
run: ./scripts/build-maven.sh $(cat VERSION)

39 changes: 39 additions & 0 deletions .github/workflows/code-quality.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
# This workflow performs code quality checks like:
# - PEP8: the workflow fails if code is not PEP8 compliant
# - flake8: the problems identified by flake 8 are listed but the workflow
# presently doesn't fail if flake reports errors.

name: Code Quality

on: [push, pull_request]

env:
max_line_length: 150

jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: "3.10"

- name: install pip tools
run: |
python -m pip install --upgrade pip
pip install --upgrade pip-tools
- name: install code quality tools
run: pip install --upgrade autopep8 flake8

- name: Run (partial) flake8
if: ${{ ! cancelled() }}
run: flake8 --select F401,F522,F524,F541 --show-source src/

- name: check PEP8 compliance
if: ${{ ! cancelled() }}
id: autopep8
run: |
autopep8 --diff --exit-code --recursive --max-line-length ${{ env.max_line_length }} --ignore E402 .
Loading

0 comments on commit fae54e2

Please sign in to comment.