Skip to content

Bump github/codeql-action from 3.27.5 to 3.27.9 #357

Bump github/codeql-action from 3.27.5 to 3.27.9

Bump github/codeql-action from 3.27.5 to 3.27.9 #357

Workflow file for this run

name: Container
on:
push:
branches: [ "master" ]
pull_request:
branches: [ "master" ]
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
env:
IMAGE_NAME: pynucleus
IMAGE_TAGS: latest ${{ github.sha }}
TEST_IMAGE_TAG: ${{ github.sha }}
IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }}
REGISTRY_USER: ${{ github.actor }}
REGISTRY_PASSWORD: ${{ github.token }}
permissions:
contents: read
packages: write
jobs:
container:
runs-on: ubuntu-latest
timeout-minutes: 300
steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
- name: Change image tags for PRs
if: github.event_name == 'pull_request'
run: |
echo "IMAGE_TAGS=pr-${{ github.event.number }}" >> $GITHUB_ENV
echo "TEST_IMAGE_TAG=pr-${{ github.event.number }}" >> $GITHUB_ENV
- name: Check out
if: always()
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
# - uses: hadolint/[email protected]
# with:
# dockerfile: Dockerfile
# ignore: 'DL3008,DL3013'
# verbose: true
- name: Build Image
id: build_image
uses: redhat-actions/buildah-build@7a95fa7ee0f02d552a32753e7414641a04307056 # v2.13
with:
image: ${{ env.IMAGE_NAME }}
tags: ${{ env.IMAGE_TAGS }}
containerfiles: |
./Dockerfile
build-args: |
PYNUCLEUS_BUILD_PARALLELISM=4
- name: Push To GHCR
if: (github.event_name == 'pull_request') && (github.actor != 'dependabot[bot]')
uses: redhat-actions/push-to-registry@5ed88d269cf581ea9ef6dd6806d01562096bee9c # v2.8
id: push-pr
with:
image: ${{ steps.build_image.outputs.image }}
tags: ${{ env.IMAGE_TAGS }}
registry: ${{ env.IMAGE_REGISTRY }}
username: ${{ env.REGISTRY_USER }}
password: ${{ env.REGISTRY_PASSWORD }}
extra-args: |
--disable-content-trust
- name: Run tests
run: |
podman run \
-e MPIEXEC_FLAGS="--allow-run-as-root --oversubscribe" \
--workdir /pynucleus \
--rm \
--entrypoint='["python3", "-m", "pytest", "--junit-xml", "test-results.xml"]' \
${{ steps.build_image.outputs.image }}:${{ env.TEST_IMAGE_TAG }}
- name: Push To GHCR
if: github.event_name == 'push'
uses: redhat-actions/push-to-registry@5ed88d269cf581ea9ef6dd6806d01562096bee9c # v2.8
id: push
with:
image: ${{ steps.build_image.outputs.image }}
tags: ${{ steps.build_image.outputs.tags }}
registry: ${{ env.IMAGE_REGISTRY }}
username: ${{ env.REGISTRY_USER }}
password: ${{ env.REGISTRY_PASSWORD }}
extra-args: |
--disable-content-trust
- name: Echo outputs
if: github.event_name == 'push'
run: |
echo "${{ toJSON(steps.push.outputs) }}"
container-test:
needs: container
strategy:
matrix:
include:
- runner: 'ubuntu-latest'
name: Container test ${{ matrix.runner }}
runs-on: ${{ matrix.runner }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
- name: Check out
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Install podman-compose
run: pip install podman-compose
- name: Run container test
run: podman-compose run quick-test
update-binder-image:
permissions:
contents: write # for peter-evans/create-pull-request to create branch
pull-requests: write # for peter-evans/create-pull-request to create a PR
needs: container
if: github.event_name == 'push'
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
- name: Checkout binder branch
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: binder
- name: Modify Dockerfile
run: |
python generateDockerfile.py ${{ env.IMAGE_REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.TEST_IMAGE_TAG }}
- name: Create PR
uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5
with:
token: ${{ secrets.GITHUB_TOKEN }}
commit-message: "Update Dockerfile"
title: "Update Dockerfile"
body: |
This PR updates the Dockerfile for binder.
branch: binder-update
base: binder
delete-branch: true