Skip to content

fix(server/test): bumping versions to fix starlette bug CVE-2024-47874 #1259

fix(server/test): bumping versions to fix starlette bug CVE-2024-47874

fix(server/test): bumping versions to fix starlette bug CVE-2024-47874 #1259

Workflow file for this run

name: tests
on:
push:
branches:
- main
paths:
- src/**
- tests/functional/**
- config.nims
- "*.nimble"
# ignore docs not to waste CI minutes
- "!src/docs/**"
pull_request:
types:
- opened
- synchronize
- reopened
paths:
- src/**
- tests/functional/**
- config.nims
- "*.nimble"
# ignore docs not to waste CI minutes
- "!src/docs/**"
permissions:
contents: read
packages: write
env:
SSH_KEY: ${{ secrets.SSH_KEY }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
jobs:
pytest:
runs-on: ubuntu-22.04
if: |
(
github.event_name == 'pull_request' &&
!contains(github.event.pull_request.body, format('skip:{0}', github.workflow))
) || (
github.event_name == 'push' &&
endsWith(github.repository, 'chalk')
) || (
github.event_name == 'workflow_dispatch'
) || (
github.event_name == 'schedule'
)
concurrency:
# only allow one job per PR running
# older pending jobs will be cancelled not to waste CI minutes
# cannot use github.job here https://github.com/community/community/discussions/13496
group: ${{ github.workflow }}-pytest-${{ github.ref }}
cancel-in-progress: true
steps:
- name: Checkout
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # 4.1.6
# for tests to checkout dummy private repo
- name: Get GitHub Token
id: org-token
uses: crashappsec/action-github-app-token@main
with:
app_id: ${{ secrets.CHALK_GITHUB_APP_ID }}
private_key: ${{ secrets.CHALK_GITHUB_APP_PRIVATE_KEY }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # 3.3.0
with:
install: true
- name: Login to GitHub Container Registry
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # 3.2.0
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ github.token }}
- name: Prep PWD
run: |
mkdir -p ../con4m
mkdir -p ../nimutils
- name: Bake Images
run: |
docker buildx bake chalk server tests --load
- name: Test pingttl
if: inputs.chalk_url == ''
run: |
make src/pingttl
- name: Compile Chalk
if: inputs.chalk_url == ''
run: |
make
- name: Download Chalk
if: inputs.chalk_url != ''
run: |
curl -L "${{ inputs.chalk_url }}" > chalk
chmod +x chalk
./chalk version
- name: Run tests (Fast)
# run fast tests by default on PRs when
# "tests:--slow" is missing in PR description
if: |
github.event_name == 'pull_request' && (
!contains(github.event.pull_request.body, 'tests:--slow')
)
env:
GITHUB_TOKEN: ${{ steps.org-token.outputs.token }}
run: |
make tests_parallel args=""
- name: Run tests (Slow)
# run slow tests on non-PR builds and when
# PR description has "tests:--slow"
if: |
github.event_name != 'pull_request' || (
contains(github.event.pull_request.body, 'tests:--slow')
)
env:
GITHUB_TOKEN: ${{ steps.org-token.outputs.token }}
run: |
make tests_parallel args="--slow"