Bump tj-actions/bandit from 5.1 to 5.3 (#311) #282
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: 'Storage Continuous Integration' | |
on: | |
pull_request: | |
branches: | |
- main | |
paths: | |
- 'build/storage/**' | |
- '.github/workflows/storage-ci.yml' | |
push: | |
branches: | |
- main | |
paths: | |
- 'build/storage/**' | |
- '.github/workflows/storage-ci.yml' | |
concurrency: | |
# if workflow for PR or push is already running stop it, and start new one | |
group: storage-ci-${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
run_storage_ut: | |
timeout-minutes: 15 | |
runs-on: ubuntu-latest | |
steps: | |
- name: 'Checkout' | |
uses: actions/checkout@v3 | |
- name: 'Run Storage Unit Tests' | |
working-directory: ./build/storage/tests/ut | |
run: | | |
chmod -R 777 run.sh | |
./run.sh | |
py_black_test: | |
timeout-minutes: 15 | |
runs-on: ubuntu-latest | |
steps: | |
- name: 'Checkout' | |
uses: actions/checkout@v3 | |
- name: 'Copy host target files' #work arround, as black ignores all files under "build" directory" | |
working-directory: ./build/storage/core | |
run: | | |
cp -r host-target ../../../ | |
- name: 'Run Black Test' | |
uses: psf/black@stable | |
with: | |
options: "--check --verbose" | |
src: "./host-target/" | |
version: "22.10.0" | |
jupyter: true | |
py_bandit_test: | |
timeout-minutes: 15 | |
runs-on: ubuntu-latest | |
steps: | |
- name: 'Checkout' | |
uses: actions/checkout@v3 | |
- name: 'Run Bandit Test' | |
uses: tj-actions/[email protected] | |
with: | |
targets: | # or a single string "." | |
./build/storage/core/host-target/ | |
options: "-r" | |
storage_build_containers: | |
needs: [run_storage_ut, py_black_test, py_bandit_test] | |
timeout-minutes: 30 | |
runs-on: ${{ matrix.runner }} | |
strategy: | |
matrix: | |
runner: [ubuntu-latest] | |
image: [storage-target, ipu-storage-container, host-target, cmd-sender] | |
steps: | |
- name: 'Checkout' | |
uses: actions/checkout@v3 | |
- name: 'docker build' | |
working-directory: ./build/storage/scripts | |
run: | | |
./build_container.sh ${{ matrix.image }} | |
- name: 'list docker images' | |
run: docker images | |
- name: 'docker tag images' | |
run: | | |
docker tag ${{ matrix.image }}:latest ghcr.io/${{ github.repository_owner }}/storage/${{ matrix.image }}-kvm-x86_64:sha-${GITHUB_SHA::7} | |
docker images | |
- name: 'Login to GitHub Container Registry' | |
if: github.event_name == 'push' | |
uses: docker/login-action@v2 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: 'push images to registry' | |
if: github.event_name == 'push' | |
run: | | |
docker tag ${{ matrix.image }}:latest ghcr.io/${{ github.repository_owner }}/storage/${{ matrix.image }}-kvm-x86_64:${GITHUB_REF##*/} | |
docker push ghcr.io/${{ github.repository_owner }}/storage/${{ matrix.image }}-kvm-x86_64:sha-${GITHUB_SHA::7} | |
docker push ghcr.io/${{ github.repository_owner }}/storage/${{ matrix.image }}-kvm-x86_64:${GITHUB_REF##*/} |