Skip to content

[Snyk] Security upgrade python from 3.11-slim-bookworm to 3.14.0a1-slim-bookworm #3308

[Snyk] Security upgrade python from 3.11-slim-bookworm to 3.14.0a1-slim-bookworm

[Snyk] Security upgrade python from 3.11-slim-bookworm to 3.14.0a1-slim-bookworm #3308

Workflow file for this run

name: Build integration images
on:
pull_request:
workflow_dispatch:
jobs:
prepare-matrix:
runs-on: ubuntu-latest
outputs:
matrix: ${{ steps.prepare-matrix.outputs.INTEGRATIONS_MATRIX }}
steps:
- name: Check out code
uses: actions/checkout@v4
- name: Prepare matrix
id: prepare-matrix
run: |
integrations_to_build=()
# Get the list of integrations
files=$(find integrations/*/.port -name "spec.yaml")
for file in $files; do
folder=$(dirname "$file")
type=$(grep -E '^name = ".*"' "$folder/../pyproject.toml" | cut -d'"' -f2)
# Get the version from pyproject.toml
version=$(grep -E '^version = ".*"' "$folder/../pyproject.toml" | cut -d'"' -f2)
# Check if the version exists in the ghcr.io registry
rc=0
docker manifest inspect ghcr.io/port-labs/port-ocean-$type:$version > /dev/null 2>&1 || rc=$?
if [ $rc -eq 0 ]; then
echo "Image already exists in $repository: port-ocean-$type:$version"
else
integrations_to_build+=($file)
fi
done
echo $(echo ${integrations_to_build[@]} | jq -R -c 'split(" ")')
echo "INTEGRATIONS_MATRIX=$(echo ${integrations_to_build[@]} | jq -R -c 'split(" ")')" >> $GITHUB_OUTPUT
build-integration:
runs-on: ubuntu-latest
if: needs.prepare-matrix.outputs.matrix != '[]'
outputs:
is_dev_version: ${{ steps.prepare_tags.outputs.is_dev_version }}
permissions:
contents: read
needs: [prepare-matrix]
strategy:
max-parallel: 10
matrix:
integration: ${{fromJson(needs.prepare-matrix.outputs.matrix)}}
platform:
- linux/amd64
- linux/arm64
steps:
- name: Check out code
uses: actions/checkout@v4
- name: Prepare Docker images tags
id: prepare_tags
run: |
current_integration_spec=${{ matrix.integration }}
folder=$(dirname "$current_integration_spec")
context_dir=$(dirname "$folder")
echo "context_dir=$context_dir" >> $GITHUB_OUTPUT
version=$(grep -E '^version = ".*"' "$folder/../pyproject.toml" | cut -d'"' -f2)
type=$(grep -E '^name = ".*"' "$folder/../pyproject.toml" | cut -d'"' -f2)
echo "version=$version" >> $GITHUB_OUTPUT
dockerfile_path=integrations/_infra/Dockerfile
if test -e $folder/../Dockerfile; then
echo "Choosing a custom Dockerfile for ${{ matrix.integration }}"
dockerfile_path=$folder/../Dockerfile
fi
echo "dockerfile_path=$dockerfile_path" >> $GITHUB_OUTPUT
# Check if the 'version' variable contains any character other than digits and "."
if [[ ! "$version" =~ ^[0-9.]+$ ]]; then
# If 'version' contains non-numeric and non-dot characters, skip building 'latest' tag
tags="ghcr.io/port-labs/port-ocean-$type:$version"
echo "tags=$tags" >> $GITHUB_OUTPUT
echo "is_dev_version=true" >> $GITHUB_OUTPUT
echo "Version contains non-numeric characters. Building without 'latest' tag."
else
# If 'version' contains only digits and dots, build with both 'latest' and version tags
tags="ghcr.io/port-labs/port-ocean-$type:$version,ghcr.io/port-labs/port-ocean-$type:latest"
echo "tags=$tags" >> $GITHUB_OUTPUT
echo "is_dev_version=false" >> $GITHUB_OUTPUT
fi
- name: Build Docker Image
uses: ./.github/workflows/actions/build-docker-image
with:
dockerfile: ${{ steps.prepare_tags.outputs.dockerfile_path }}
platforms: ${{ matrix.platform }}
tags: ${{ steps.prepare_tags.outputs.tags }}
build-args: |
BUILD_CONTEXT=${{ steps.prepare_tags.outputs.context_dir }}
INTEGRATION_VERSION=${{ steps.prepare_tags.outputs.version }}
docker-user: ${{ secrets.DOCKER_MACHINE_USER }}
docker-password: ${{ secrets.DOCKER_MACHINE_TOKEN }}
skip-push: 'true'