Audit Snyk check/fix 2.7 #22073
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: QGIS build | |
on: | |
push: | |
pull_request: | |
env: | |
HAS_SECRETS: ${{ secrets.HAS_SECRETS }} | |
jobs: | |
main: | |
runs-on: ubuntu-22.04 | |
name: QGIS build | |
timeout-minutes: 20 | |
if: "!startsWith(github.event.head_commit.message, '[skip ci] ')" | |
strategy: | |
fail-fast: false | |
matrix: | |
version: | |
- '3.28' | |
- 3.28-gdal3.6 | |
- 3.28-gdal3.7 | |
- '3.34' | |
- 3.34-gdal3.7 | |
- 3.34-gdal3.8 | |
- ltr | |
env: | |
MAIN_BRANCH: '2.7' | |
MAJOR_VERSION: '2.7' | |
steps: | |
- uses: actions/checkout@v2 | |
with: | |
fetch-depth: 0 | |
- uses: camptocamp/initialise-gopass-summon-action@v2 | |
with: | |
ci-gpg-private-key: ${{secrets.CI_GPG_PRIVATE_KEY}} | |
github-gopass-ci-token: ${{secrets.GOPASS_CI_GITHUB_TOKEN}} | |
patterns: docker | |
if: env.HAS_SECRETS == 'HAS_SECRETS' | |
- run: echo "${HOME}/.local/bin" >> ${GITHUB_PATH} | |
- run: python3 -m pip install --user --requirement=ci/requirements.txt | |
- run: docker pull camptocamp/geomapfish:${{ env.MAJOR_VERSION }} | |
- run: docker tag camptocamp/geomapfish:${{ env.MAJOR_VERSION }} camptocamp/geomapfish | |
- run: make build-test-db | |
- name: Build QGIS server | |
run: | | |
docker build --target=runner --build-arg=VERSION=${{ matrix.version }} \ | |
--tag=camptocamp/geomapfish-qgisserver \ | |
docker/qgisserver; | |
docker tag camptocamp/geomapfish-qgisserver \ | |
camptocamp/geomapfish-qgisserver:gmflatest-qgis${{ matrix.version }} | |
- name: Test library availability | |
run: | |
"! ( docker run --rm camptocamp/geomapfish-qgisserver ldd /usr/local/bin/qgis_mapserv.fcgi | grep 'not | |
found' )" | |
- name: Acceptance tests | |
run: | | |
cd docker/qgisserver | |
docker compose up -d | |
docker compose exec -T tests /tests/wait-db | |
docker compose exec -T tests alembic --config=/tests/alembic.ini --name=main upgrade head | |
docker compose exec -T tests alembic --config=/tests/alembic.ini --name=static upgrade head | |
docker compose exec -T tests /tests/fill-db | |
c2cciutils-docker-logs | |
docker compose exec -T tests /tests/acceptance-tests | |
- run: c2cciutils-docker-logs | |
if: failure() | |
- run: docker compose down | |
- run: scripts/get-version --auto-increment --github | |
id: version | |
if: env.HAS_SECRETS == 'HAS_SECRETS' | |
- name: Publish feature branch | |
run: | | |
c2cciutils-publish --group=qgis-${{ matrix.version }} | |
if: > | |
github.ref != format('refs/heads/{0}', env.MAIN_BRANCH) | |
&& env.HAS_SECRETS == 'HAS_SECRETS' | |
&& ! contains(github.ref_name, '/') | |
- name: Publish version branch | |
run: | | |
c2cciutils-publish --group=qgis-${{ matrix.version }} --type=version_branch \ | |
--version=${{ steps.version.outputs.major }} | |
if: > | |
github.ref == format('refs/heads/{0}', env.MAIN_BRANCH) | |
&& env.HAS_SECRETS == 'HAS_SECRETS' |