Bump tj-actions/changed-files from 39.2.1 to 40.2.1 #454
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Build & push images" | |
| concurrency: | |
| group: bpi-${{ github.repository }} | |
| on: | |
| pull_request: | |
| branches: | |
| - master | |
| push: | |
| branches: | |
| - master | |
| env: | |
| PYTHON_VERSION: 3.9 | |
| jobs: | |
| gather: | |
| name: Gather Info | |
| runs-on: ubuntu-20.04 | |
| outputs: | |
| directories: ${{ steps.set-directories.outputs.directories }} | |
| steps: | |
| - name: Check out repo | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| path: . | |
| - name: Set up Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| - id: build-folder-patterns | |
| name: Build Folder Patterns | |
| uses: jannekem/run-python-script-action@v1 | |
| with: | |
| script: | | |
| with open("${{ github.workspace }}/build_folders.txt") as stream: | |
| try: | |
| build_folders = list(stream.read().splitlines()) | |
| build_folder_patterns = [folder + '/**' for folder in build_folders] | |
| result = ' '.join(build_folder_patterns) | |
| except Exception as ex: | |
| raise ex | |
| set_output('patterns', result) | |
| print("Found the following folders to check for modifications...") | |
| print(result) | |
| - id: changed-files | |
| name: Get changed directories | |
| uses: tj-actions/[email protected] | |
| with: | |
| dir_names: true | |
| files: ${{ steps.build-folder-patterns.outputs.patterns }} | |
| files_separator: ' ' | |
| - id: set-directories | |
| name: Set directories | |
| uses: jannekem/run-python-script-action@v1 | |
| with: | |
| script: | | |
| import json | |
| import re | |
| added_dirs = "${{ steps.changed-files.outputs.added_files }}".split() | |
| modified_dirs = "${{ steps.changed-files.outputs.modified_files }}".split() | |
| dirs = added_dirs + modified_dirs | |
| unique_dirs = [*set(dirs)] | |
| regex = re.compile(r'.*/.*$') | |
| filtered_dirs = [elem for elem in unique_dirs if not regex.match(elem)] | |
| result = json.dumps(filtered_dirs) | |
| set_output('directories', result) | |
| print("Found the following added/modified directories...") | |
| print(result) | |
| deploy: | |
| name: Deploy/check Image | |
| runs-on: ubuntu-20.04 | |
| needs: | |
| - gather | |
| if: ${{ needs.gather.outputs.directories != '[]' }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| directory: ${{ fromJson(needs.gather.outputs.directories) }} | |
| env: | |
| IMAGE_BASENAME: "hub.opensciencegrid.org/slate/${{ matrix.directory }}" | |
| LOCAL_IMAGE_TAG: "${{ matrix.directory }}:${{ github.sha }}" | |
| steps: | |
| - name: Check out repo | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 1 | |
| path: . | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Set up Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| - name: Build image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: "./${{ matrix.directory }}" | |
| file: "./${{ matrix.directory }}/Dockerfile" | |
| push: false | |
| load: true | |
| tags: ${{ env.LOCAL_IMAGE_TAG }} | |
| timeout-minutes: 30 | |
| - name: List loaded images | |
| working-directory: . | |
| run: docker image ls | |
| - name: Lint with Dockle | |
| uses: erzz/dockle-action@v1 | |
| with: | |
| image: ${{ env.LOCAL_IMAGE_TAG }} | |
| exit-code: 0 | |
| failure-threshold: FATAL | |
| timeout: "10m" | |
| - name: Scan with Trivy | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: ${{ env.LOCAL_IMAGE_TAG }} | |
| format: 'table' | |
| exit-code: '0' | |
| ignore-unfixed: true | |
| vuln-type: 'os,library' | |
| severity: 'CRITICAL,HIGH' | |
| continue-on-error: true | |
| - id: inspect | |
| name: Docker inspect | |
| if: ${{ github.event_name != 'pull_request' }} | |
| working-directory: . | |
| run: |- | |
| IMAGE_VERSION=$(docker inspect --format='{{ index .Config.Labels "org.opencontainers.image.version" }}' ${{ matrix.directory }}:${{ github.sha }}) | |
| echo "org.opencontainers.image.version: ${IMAGE_VERSION}" | |
| IMAGE_TAGS=$(docker inspect --format='{{ index .Config.Labels "io.slateci.image.tags" }}' ${{ matrix.directory }}:${{ github.sha }}) | |
| echo "io.slateci.image.tags: ${IMAGE_TAGS}" | |
| IMAGE_PROPOSED_TAGS="${IMAGE_VERSION} ${IMAGE_TAGS}" | |
| echo "Proposed image tags: '${IMAGE_PROPOSED_TAGS}'" | |
| echo "proposed-tags=${IMAGE_PROPOSED_TAGS}" >> $GITHUB_OUTPUT | |
| - id: set-tags | |
| name: Set tags | |
| if: ${{ github.event_name != 'pull_request' }} | |
| uses: jannekem/run-python-script-action@v1 | |
| with: | |
| script: | | |
| proposed_image_tags = "${{ steps.inspect.outputs.proposed-tags }}".split() + ['latest'] | |
| unique_tags = [*set(proposed_image_tags)] | |
| full_tags = ["${{ env.IMAGE_BASENAME }}:" + tag for tag in unique_tags] | |
| result = ','.join(full_tags) | |
| set_output('final-tags', result) | |
| print("Calculated the final image tags...") | |
| print(result) | |
| - name: Authenticate with OSG Harbor | |
| if: ${{ github.event_name != 'pull_request' }} | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: hub.opensciencegrid.org | |
| username: "${{ secrets.OSG_HUB_USERNAME }}" | |
| password: "${{ secrets.OSG_HUB_ACCESS_TOKEN }}" | |
| - name: Build/push image | |
| if: ${{ github.event_name != 'pull_request' }} | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: "./${{ matrix.directory }}" | |
| file: "./${{ matrix.directory }}/Dockerfile" | |
| push: true | |
| tags: ${{ steps.set-tags.outputs.final-tags }} | |
| timeout-minutes: 30 | |
| - name: Notify Slack of Failure | |
| if: failure() | |
| uses: slateci/github-actions/.github/actions/slack-notify-failure@v16 | |
| with: | |
| slack_bot_token: '${{ secrets.SLACK_NOTIFICATIONS_BOT_TOKEN }}' |