Bump werkzeug from 2.0.1 to 3.0.6 #8
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Lint and Build | |
| on: | |
| push: | |
| branches: | |
| - 'main' | |
| pull_request: | |
| branches: | |
| - main | |
| jobs: | |
| lint: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check Out Repo | |
| uses: actions/checkout@v2 | |
| - name: Install python | |
| uses: actions/setup-python@v2 | |
| with: | |
| python-version: '3.8' | |
| - name: Set up app dependencies | |
| run: pip install -r requirements.txt | |
| - name: ... and linting dependencies | |
| run: pip install pylint bandit | |
| - name: Code Errors Lint | |
| run: pylint --errors-only demo.py | |
| - name: Code Linting report | |
| id: lint | |
| # Awk expression - replace newlines with chars in ORS. | |
| # Or true so we get the report, but not gating. | |
| run: | | |
| linting_output="$(pylint demo.py 2>&1 | awk 1 ORS='\\n')" | |
| echo -e "${linting_output}" | |
| echo "::set-output name=LINTING::${linting_output//$'\\n'/'%0A'}" | |
| - name: Security linting report | |
| id: security_lint | |
| run: | | |
| linting_output="$(bandit demo.py 2>&1 | awk 1 ORS='\\n')" | |
| echo -e "${linting_output}" | |
| echo "::set-output name=BANDIT::${linting_output//$'\\n'/'%0A'}" | |
| - name: Attach this as a comment | |
| uses: mshick/add-pr-comment@v1 | |
| with: | |
| message: | | |
| ## Linting report | |
| ``` | |
| ${{ steps.lint.outputs.LINTING }} | |
| ``` | |
| ## Security Report | |
| ``` | |
| ${{ steps.security_lint.outputs.BANDIT }} | |
| ``` | |
| repo-token: ${{ secrets.GITHUB_TOKEN }} | |
| build: | |
| needs: lint | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check Out Repo | |
| uses: actions/checkout@v2 | |
| - | |
| name: Docker meta | |
| id: meta | |
| uses: docker/metadata-action@v3 | |
| with: | |
| # list of Docker images to use as base name for tags | |
| images: | | |
| ghcr.io/contino/observability-demo-app | |
| # generate Docker tags based on the following events/attributes | |
| tags: | | |
| type=schedule | |
| type=ref,event=branch | |
| type=ref,event=pr | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| type=semver,pattern={{major}} | |
| type=sha | |
| type=raw,value=latest,enable=${{ endsWith(github.ref, 'main') }} | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@master | |
| with: | |
| platforms: all | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/setup-buildx-action@v1 | |
| - name: Build and push | |
| id: docker_build | |
| uses: docker/build-push-action@v2 | |
| with: | |
| context: ./ | |
| file: ./Dockerfile | |
| push: true | |
| platforms: linux/amd64, linux/arm/v7, linux/arm/v6, linux/arm64 | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| - name: Image digest | |
| run: echo ${{ steps.docker_build.outputs.digest }} | |