Bump cryptography from 39.0.2 to 41.0.4 #1947
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Build for fourfront | |
name: CI | |
# Controls when the action will run. | |
on: | |
# Triggers the workflow on push or pull request events but only for the master branch | |
push: | |
branches: [ master ] | |
pull_request: | |
branches: [ master ] | |
# Allows you to run this workflow manually from the Actions tab | |
workflow_dispatch: | |
# A workflow run is made up of one or more jobs that can run sequentially or in parallel | |
jobs: | |
# This workflow contains a single job called "build" | |
build: | |
name: Test Suite for fourfront (Python 3.11, Node 18) | |
# The type of runner that the job will run on | |
runs-on: ubuntu-22.04 | |
# Build matrix | |
strategy: | |
matrix: | |
test_type: ['UNIT', 'NPM', 'Docker'] | |
# We are really not set up for these next two to be multiplicative, so be careful adding more. | |
python_version: ['3.11'] | |
node_version: ['18'] | |
# Steps represent a sequence of tasks that will be executed as part of the job | |
steps: | |
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it | |
- uses: actions/checkout@v2 | |
- uses: actions/setup-python@v2 | |
with: | |
python-version: ${{ matrix.python_version }} | |
# Per doc for node install at https://github.com/actions/setup-node#usage | |
- uses: actions/setup-node@v2 | |
with: | |
node-version: ${{ matrix.node_version }} | |
check-latest: false | |
- name: Install/Link Postgres | |
if: ${{ matrix.test_type == 'NPM' || matrix.test_type == 'UNIT' }} | |
run: | | |
sudo apt-get install curl ca-certificates gnupg | |
curl https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add - | |
sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list' | |
sudo apt-get update | |
sudo apt-get install postgresql-14 postgresql-client-14 | |
echo "/usr/lib/postgresql/14/bin" >> $GITHUB_PATH | |
sudo ln -s /usr/lib/postgresql/14/bin/initdb /usr/local/bin/initdb | |
- name: Install Deps | |
if: ${{ matrix.test_type == 'NPM' || matrix.test_type == 'UNIT' }} | |
run: | | |
node --version | |
make build | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: us-east-1 | |
- name: QA (NPM) | |
if: ${{ matrix.test_type == 'NPM' }} | |
env: | |
S3_ENCRYPT_KEY: ${{ secrets.S3_ENCRYPT_KEY }} | |
# The need for this old environment variable name will go away soon. | |
# Once the new snovault is in, we should retain these for a little while to make sure the right | |
# variable is being used, and then this can go away. -kmp 9-Mar-2021 | |
# I have named the ID slightly differently so we can see if the old names are in use. | |
TRAVIS_JOB_ID: ff-npm-x-test-${{ github.run_number }}- | |
# This will be the new environment variable name. | |
TEST_JOB_ID: ff-npm-test-${{ github.run_number }}- | |
GLOBAL_ENV_BUCKET: ${{ secrets.GLOBAL_ENV_BUCKET }} | |
ACCOUNT_NUMBER: $ {{ secrets.ACCOUNT_NUMBER }} | |
run: | | |
make remote-test-npm | |
- name: Cleanup (NPM) | |
if: ${{ always() && matrix.test_type == 'NPM' }} | |
env: | |
S3_ENCRYPT_KEY: ${{ secrets.S3_ENCRYPT_KEY }} | |
# The need for this old environment variable name will go away soon. | |
# Once the new snovault is in, we should retain these for a little while to make sure the right | |
# variable is being used, and then this can go away. -kmp 9-Mar-2021 | |
# I have named the ID slightly differently so we can see if the old names are in use. | |
TRAVIS_JOB_ID: ff-npm-x-test-${{ github.run_number }}- | |
# This will be the new environment variable name. | |
TEST_JOB_ID: ff-npm-test-${{ github.run_number }}- | |
GLOBAL_ENV_BUCKET: ${{ secrets.GLOBAL_ENV_BUCKET }} | |
ACCOUNT_NUMBER: $ {{ secrets.ACCOUNT_NUMBER }} | |
run: | | |
poetry run wipe-test-indices $TEST_JOB_ID search-fourfront-testing-opensearch-kqm7pliix4wgiu4druk2indorq.us-east-1.es.amazonaws.com:443 | |
- name: QA (UNIT) | |
if: ${{ matrix.test_type == 'UNIT' }} | |
env: | |
S3_ENCRYPT_KEY: ${{ secrets.S3_ENCRYPT_KEY }} | |
# The need for this old environment variable name will go away soon. | |
TRAVIS_JOB_ID: ff-unit-x-test-${{ github.run_number }}- | |
# This will be the new environment variable name. | |
TEST_JOB_ID: ff-unit-test-${{ github.run_number }}- | |
GLOBAL_ENV_BUCKET: ${{ secrets.GLOBAL_ENV_BUCKET }} | |
ACCOUNT_NUMBER: $ {{ secrets.ACCOUNT_NUMBER }} | |
run: | | |
make remote-test-unit | |
- name: Cleanup (UNIT) | |
if: ${{ always() && matrix.test_type == 'UNIT' }} | |
env: | |
S3_ENCRYPT_KEY: ${{ secrets.S3_ENCRYPT_KEY }} | |
# The need for this old environment variable name will go away soon. | |
TRAVIS_JOB_ID: ff-unit-x-test-${{ github.run_number }}- | |
# This will be the new environment variable name. | |
TEST_JOB_ID: ff-unit-test-${{ github.run_number }}- | |
GLOBAL_ENV_BUCKET: ${{ secrets.GLOBAL_ENV_BUCKET }} | |
ACCOUNT_NUMBER: $ {{ secrets.ACCOUNT_NUMBER }} | |
run: | | |
poetry run wipe-test-indices $TEST_JOB_ID search-fourfront-testing-opensearch-kqm7pliix4wgiu4druk2indorq.us-east-1.es.amazonaws.com:443 | |
- name: Docker Build | |
if: ${{ matrix.test_type == 'Docker' && matrix.node_version == '18' && matrix.python_version == '3.11' }} | |
run: | | |
# The docker_development.ini has node 18 and Python 3.11 wired into it. | |
touch deploy/docker/local/docker_development.ini # cheap substitute for prepare-docker to make ignored file | |
docker build . |