Skip to content

chore(deps): update dependency jinja2 to v3.1.5 [security] #5376

chore(deps): update dependency jinja2 to v3.1.5 [security]

chore(deps): update dependency jinja2 to v3.1.5 [security] #5376

Workflow file for this run

# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: "Continuous Integration - Pull Request"
on:
pull_request:
branches:
- main
paths-ignore:
- '**/README.md'
- 'kustomize/**'
- '.github/workflows/kustomize-build-ci.yaml'
- 'terraform/**'
- '.github/workflows/terraform-validate-ci.yaml'
- 'helm-chart/**'
- '.github/workflows/helm-chart-ci.yaml'
# Ensure this workflow only runs for the most recent commit of a pull-request
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
code-tests:
runs-on: [self-hosted, is-enabled]
steps:
- uses: actions/checkout@v4
- uses: actions/setup-dotnet@v4
env:
DOTNET_INSTALL_DIR: "./.dotnet"
with:
dotnet-version: '9.0'
- uses: actions/setup-go@v5
with:
go-version: '1.23'
- name: Go Unit Tests
timeout-minutes: 10
run: |
for GO_PACKAGE in "shippingservice" "productcatalogservice" "frontend/validator"; do
echo "Testing $GO_PACKAGE..."
pushd src/$GO_PACKAGE
go test
popd
done
- name: C# Unit Tests
timeout-minutes: 10
run: |
dotnet test src/cartservice/
deployment-tests:
runs-on: [self-hosted, is-enabled]
needs: code-tests
strategy:
matrix:
profile: ["local-code"]
fail-fast: true
steps:
- uses: actions/checkout@v4
with:
ref: ${{github.event.pull_request.head.sha}}
- name: Build + Deploy PR images to GKE
timeout-minutes: 20
run: |
NAMESPACE="pr${PR_NUMBER}"
echo "::set-env name=NAMESPACE::$NAMESPACE"
yes | gcloud auth configure-docker us-docker.pkg.dev
gcloud container clusters get-credentials $PR_CLUSTER --region $REGION --project $PROJECT_ID
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Namespace
metadata:
name: $NAMESPACE
EOF
echo Deploying application
skaffold config set --global local-cluster false
skaffold run --default-repo=us-docker.pkg.dev/$PROJECT_ID/refs/pull/$PR_NUMBER --tag=$PR_NUMBER --namespace=$NAMESPACE -p network-policies
env:
ACTIONS_ALLOW_UNSECURE_COMMANDS: true
PR_NUMBER: ${{ github.event.pull_request.number }}
PROJECT_ID: "online-boutique-ci"
PR_CLUSTER: "prs-gke-cluster"
REGION: "us-central1"
- name: Wait For Pods
timeout-minutes: 20
run: |
set -x
kubectl config set-context --current --namespace=$NAMESPACE
kubectl wait --for=condition=available --timeout=1000s deployment/redis-cart
kubectl wait --for=condition=available --timeout=1000s deployment/adservice
kubectl wait --for=condition=available --timeout=1000s deployment/cartservice
kubectl wait --for=condition=available --timeout=1000s deployment/checkoutservice
kubectl wait --for=condition=available --timeout=1000s deployment/currencyservice
kubectl wait --for=condition=available --timeout=1000s deployment/emailservice
kubectl wait --for=condition=available --timeout=1000s deployment/frontend
kubectl wait --for=condition=available --timeout=1000s deployment/loadgenerator
kubectl wait --for=condition=available --timeout=1000s deployment/paymentservice
kubectl wait --for=condition=available --timeout=1000s deployment/productcatalogservice
kubectl wait --for=condition=available --timeout=1000s deployment/recommendationservice
kubectl wait --for=condition=available --timeout=1000s deployment/shippingservice
- name: Query EXTERNAL_IP for staging
timeout-minutes: 5
run: |
set -x
NAMESPACE="pr${PR_NUMBER}"
get_externalIP() {
kubectl get service frontend-external --namespace $NAMESPACE -o jsonpath='{.status.loadBalancer.ingress[0].ip}'
}
until [[ -n "$(get_externalIP)" ]]; do
echo "Querying for external IP for frontend-external on namespace: $NAMESPACE{}"
sleep 3
done
EXTERNAL_IP=$(get_externalIP)
echo "::set-env name=EXTERNAL_IP::$EXTERNAL_IP"
env:
ACTIONS_ALLOW_UNSECURE_COMMANDS: true
PR_NUMBER: ${{ github.event.pull_request.number }}
- name: Smoke Test
timeout-minutes: 5
run: |
set -x
# start fresh loadgenerator pod
kubectl delete pod -l app=loadgenerator
# wait for requests to come in
REQUEST_COUNT="0"
while [[ "$REQUEST_COUNT" -lt "50" ]]; do
sleep 5
REQUEST_COUNT=$(kubectl logs -l app=loadgenerator | grep Aggregated | awk '{print $2}')
done
# ensure there are no errors hitting endpoints
ERROR_COUNT=$(kubectl logs -l app=loadgenerator | grep Aggregated | awk '{print $3}' | sed "s/[(][^)]*[)]//g")
if [[ "$ERROR_COUNT" -gt "0" ]]; then
exit 1
fi
- name: Comment EXTERNAL_IP
timeout-minutes: 5
env:
COMMENTS_URL: ${{ github.event.pull_request.comments_url }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
curl \
-X POST \
$COMMENTS_URL \
-H "Content-Type: application/json" \
-H "Authorization: token $GITHUB_TOKEN" \
--data '{ "body": "🚲 PR staged at '"http://${EXTERNAL_IP}"'"}'
sleep 60