Bump cryptography from 42.0.8 to 43.0.1 #1872
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build, Test & Deploy | |
| "on": | |
| pull_request: | |
| push: | |
| branches: | |
| - master | |
| tags: | |
| - "v*" | |
| workflow_dispatch: | |
| inputs: | |
| pytest_addopts: | |
| description: | |
| Extra options for pytest; use -vv for full details; see | |
| https://docs.pytest.org/en/latest/example/simple.html#how-to-change-command-line-options-defaults | |
| required: false | |
| env: | |
| LANG: "en_US.utf-8" | |
| LC_ALL: "en_US.utf-8" | |
| PIP_CACHE_DIR: ${{ github.workspace }}/.cache.~/pip | |
| PIPX_HOME: ${{ github.workspace }}/.cache.~/pipx | |
| POETRY_CACHE_DIR: ${{ github.workspace }}/.cache.~/pypoetry | |
| POETRY_VIRTUALENVS_IN_PROJECT: "true" | |
| PYTEST_ADDOPTS: ${{ github.event.inputs.pytest_addopts }} | |
| PYTHONIOENCODING: "UTF-8" | |
| jobs: | |
| build-test: | |
| runs-on: ubuntu-20.04 | |
| strategy: | |
| matrix: | |
| python: | |
| - 3.9 | |
| steps: | |
| # Prepare environment | |
| - uses: actions/checkout@v4 | |
| # Set up and run tests | |
| - name: Install python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: ${{ matrix.python }} | |
| - name: Generate cache key CACHE | |
| run: | |
| echo "CACHE=${{ secrets.CACHE_DATE }} ${{ runner.os }} $(python -VV | | |
| sha256sum | cut -d' ' -f1) ${{ hashFiles('pyproject.toml') }} ${{ | |
| hashFiles('poetry.lock') }}" >> $GITHUB_ENV | |
| - uses: actions/cache@v3 | |
| with: | |
| path: | | |
| .cache.~ | |
| .venv | |
| ~/.local/bin | |
| key: venv ${{ env.CACHE }} | |
| - run: pip install poetry | |
| - name: Patch $PATH | |
| run: echo "$HOME/.local/bin" >> $GITHUB_PATH | |
| # override pyyaml to 5.3.1 as PIP_CONSTRAINT does not work for poetry | |
| # to get rid of AttributeError: cython_sources when installing pyyaml | |
| - run: poetry add pyyaml==5.3.1 | |
| - run: poetry run python -m pip install --upgrade pip | |
| - run: poetry install | |
| # Run tests | |
| - run: poetry run pytest --prebuild | |
| build-push: | |
| runs-on: ubuntu-20.04 | |
| services: | |
| registry: | |
| image: registry:2 | |
| ports: | |
| - 5000:5000 | |
| env: | |
| DOCKER_IMAGE_NAME: ${{ github.repository }} | |
| PUSH: ${{ toJSON(github.event_name != 'pull_request') }} | |
| strategy: | |
| matrix: | |
| target: | |
| - base | |
| - docker | |
| - docker-s3 | |
| - postgres | |
| - postgres-s3 | |
| - postgres-multi | |
| - s3 | |
| steps: | |
| # Set up Docker Environment | |
| - uses: actions/checkout@v4 | |
| - uses: actions/cache@v3 | |
| with: | |
| path: | | |
| /tmp/.buildx-cache | |
| key: buildx|${{ secrets.CACHE_DATE }}|${{ runner.os }} | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/setup-buildx-action@v3 | |
| with: | |
| driver-opts: network=host | |
| install: true | |
| # Build and push | |
| - name: Compute image name | |
| id: image_name_compute | |
| run: | | |
| if [ "${{ matrix.target }}" = "base" ]; then | |
| echo "::set-output name=image_name::${{ env.DOCKER_IMAGE_NAME }}" | |
| else | |
| echo "::set-output name=image_name::${{ env.DOCKER_IMAGE_NAME }}-${{ matrix.target }}" | |
| fi | |
| - name: Docker meta for local images | |
| id: docker_meta_local | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: localhost:5000/${{ steps.image_name_compute.outputs.image_name }} | |
| tags: | | |
| type=edge | |
| type=semver,pattern={{version}},enable=true | |
| type=schedule,pattern=nightly,enable=true,priority=1000 | |
| type=ref,event=branch,enable=true,priority=600 | |
| type=ref,event=tag,enable=true,priority=600 | |
| type=ref,event=pr,prefix=pr-,enable=true,priority=600 | |
| - name: Build and push to local (test) registry | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: ./Dockerfile | |
| platforms: | | |
| linux/amd64 | |
| linux/arm64/v8 | |
| load: false | |
| push: true | |
| cache-from: type=local,src=/tmp/.buildx-cache | |
| cache-to: type=local,dest=/tmp/.buildx-cache,mode=max | |
| labels: ${{ steps.docker_meta_local.outputs.labels }} | |
| tags: ${{ steps.docker_meta_local.outputs.tags }} | |
| target: ${{ matrix.target }} | |
| # Next jobs only happen outside of pull requests and on main branches | |
| - name: Login to GitHub Container Registry | |
| if: ${{ fromJSON(env.PUSH) }} | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ secrets.BOT_LOGIN }} | |
| password: ${{ secrets.BOT_TOKEN }} | |
| - name: Docker meta for public images | |
| if: ${{ fromJSON(env.PUSH) }} | |
| id: docker_meta_public | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: | | |
| ghcr.io/${{ steps.image_name_compute.outputs.image_name }} | |
| tags: | | |
| type=edge | |
| type=semver,pattern={{version}} | |
| type=schedule,pattern=nightly,enable=true,priority=1000 | |
| type=ref,event=branch,enable=true,priority=600 | |
| type=ref,event=tag,enable=true,priority=600 | |
| type=ref,event=pr,prefix=pr-,enable=true,priority=600 | |
| - name: Build and push to public registry(s) | |
| if: ${{ fromJSON(env.PUSH) }} | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: ./Dockerfile | |
| platforms: | | |
| linux/amd64 | |
| linux/arm64/v8 | |
| load: false | |
| push: true | |
| cache-from: type=local,src=/tmp/.buildx-cache | |
| cache-to: type=local,dest=/tmp/.buildx-cache,mode=max | |
| labels: ${{ steps.docker_meta_public.outputs.labels }} | |
| tags: ${{ steps.docker_meta_public.outputs.tags }} | |
| target: ${{ matrix.target }} |