From d7e97411bfca8dca595bfc48cc95e8a161840839 Mon Sep 17 00:00:00 2001 From: rilesdun Date: Tue, 19 Sep 2023 00:22:47 +0000 Subject: [PATCH] fix: docker builds and pushes, condensed workflow --- .github/workflows/bandit-scan.yml | 46 ---------- .github/workflows/pylint.yml | 38 -------- .github/workflows/release.yml | 141 ++++++++++++++++++++++++++---- .releaserc | 1 + CHANGELOG.md | 3 - package-lock.json | 59 +++++++++++++ package.json | 1 + 7 files changed, 185 insertions(+), 104 deletions(-) delete mode 100644 .github/workflows/bandit-scan.yml delete mode 100644 .github/workflows/pylint.yml diff --git a/.github/workflows/bandit-scan.yml b/.github/workflows/bandit-scan.yml deleted file mode 100644 index cd31e39..0000000 --- a/.github/workflows/bandit-scan.yml +++ /dev/null @@ -1,46 +0,0 @@ -name: Bandit Scan and Deploy to GitHub Pages - -on: - push: - branches: ["main"] - workflow_dispatch: - -permissions: - contents: write - pages: write - id-token: write - -concurrency: - group: "pages" - cancel-in-progress: false - -jobs: - scan-and-deploy: - runs-on: ubuntu-latest - - steps: - - name: Checkout - uses: actions/checkout@v3 - - - name: Set up Python - uses: actions/setup-python@v2 - with: - python-version: '3.x' - - - name: Install Bandit - run: pip install bandit - - - name: Create report directory - run: mkdir -p bandit-security-report - - - name: Run Bandit and generate report - run: | - bandit -r src/ -f json -o bandit-security-report/bandit-report.json - python json_to_html.py bandit-security-report/bandit-report.json > bandit-security-report/index.html - - - name: Deploy to GitHub Pages - uses: peaceiris/actions-gh-pages@v3 - with: - github_token: ${{ secrets.GITHUB_TOKEN }} - publish_dir: ./bandit-security-report - commit_message: 'Deploy Bandit report to GitHub Pages' diff --git a/.github/workflows/pylint.yml b/.github/workflows/pylint.yml deleted file mode 100644 index 91eac64..0000000 --- a/.github/workflows/pylint.yml +++ /dev/null @@ -1,38 +0,0 @@ -name: Pylint - -on: [push] - -permissions: - contents: write - -jobs: - build: - runs-on: ubuntu-latest - strategy: - matrix: - python-version: ["3.8", "3.9", "3.10"] - steps: - - uses: actions/checkout@v3 - - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v3 - with: - python-version: ${{ matrix.python-version }} - - - name: Set up Python virtual environment - run: | - python -m venv venv - source venv/bin/activate - - - name: Upgrade pip and install dependencies - run: | - python -m pip install --upgrade pip - pip install -r requirements.txt - pip install pylint - - - name: Set PYTHONPATH - run: echo "PYTHONPATH=$(pwd)" >> $GITHUB_ENV - - - name: Analysing the code with pylint - run: | - pylint $(git ls-files '*.py') - diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 27e1472..9cc0721 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -7,23 +7,130 @@ on: push: branches: - main +env: + REGISTRY: docker.io + IMAGE_NAME: rilesdun/peerplays-explorer-api jobs: + + pylint: + runs-on: ubuntu-latest + strategy: + matrix: + python-version: ["3.9", "3.10", "3.11"] + steps: + - uses: actions/checkout@v3 + - name: Set up Python ${{ matrix.python-version }} + uses: actions/setup-python@v3 + with: + python-version: ${{ matrix.python-version }} + + - name: Set up Python virtual environment + run: | + python -m venv venv + source venv/bin/activate + + - name: Upgrade pip and install dependencies + run: | + python -m pip install --upgrade pip + pip install -r requirements.txt + pip install pylint + + - name: Set PYTHONPATH + run: echo "PYTHONPATH=$(pwd)" >> $GITHUB_ENV + + - name: Analysing the code with pylint + run: | + pylint $(git ls-files '*.py') + + + scan-and-upload: + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Set up Python + uses: actions/setup-python@v2 + with: + python-version: '3.x' + + - name: Install Bandit + run: pip install bandit + + - name: Create report directory + run: mkdir -p bandit-security-report + + - name: Run Bandit and generate report + run: | + bandit -r src/ -f json -o bandit-security-report/bandit-report.json + python json_to_html.py bandit-security-report/bandit-report.json > bandit-security-report/index.html + + - name: Deploy to GitHub Pages + uses: peaceiris/actions-gh-pages@v3 + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + publish_dir: ./bandit-security-report + commit_message: 'Deploy Bandit report to GitHub Pages' + release: - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v2 - - - name: Setup Node.js - uses: actions/setup-node@v2 - with: - node-version: '18' - - - name: Install dependencies - run: npm install - - - name: Semantic Release - run: npx semantic-release - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v2 + + - name: Setup Node.js + uses: actions/setup-node@v2 + with: + node-version: '18' + + - name: Install dependencies + run: npm install + + - name: Semantic Release + run: npx semantic-release + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Commit CHANGELOG.md + run: | + git config --local user.email "action@github.com" + git config --local user.name "GitHub Action" + git add CHANGELOG.md + git commit -m "chore: update CHANGELOG.md" || echo "No changes to commit" + git push + + dockerhub_publish: + runs-on: ubuntu-latest + steps: + - name: Log into Docker Hub + uses: docker/login-action@v3.0.0 + with: + registry: ${{ env.REGISTRY }} + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_PASSWORD }} + + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3.0.0 + + # Extract metadata (tags, labels) + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@v5.0.0 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + + - name: Build and push Docker image + uses: docker/build-push-action@v5.0.0 + with: + context: . + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=gha + cache-to: type=gha,mode=max + + - name: Log out from Docker Hub + run: docker logout ${{ env.REGISTRY }} diff --git a/.releaserc b/.releaserc index 52ca829..963dcca 100644 --- a/.releaserc +++ b/.releaserc @@ -3,6 +3,7 @@ "plugins": [ "@semantic-release/commit-analyzer", "@semantic-release/release-notes-generator", + "@semantic-release/changelog", // <-- Add this line "@semantic-release/github" ] } \ No newline at end of file diff --git a/CHANGELOG.md b/CHANGELOG.md index 9fa71d6..eaebbca 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,9 +2,6 @@ All notable changes to this project will be documented in this file. -The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), -and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). - ## [0.1.0] - 09-18-2023 ### Added diff --git a/package-lock.json b/package-lock.json index 80a0832..1970257 100644 --- a/package-lock.json +++ b/package-lock.json @@ -5,6 +5,7 @@ "packages": { "": { "devDependencies": { + "@semantic-release/changelog": "^6.0.3", "@semantic-release/commit-analyzer": "^11.0.0", "@semantic-release/github": "^9.0.6", "@semantic-release/release-notes-generator": "^12.0.0", @@ -423,6 +424,64 @@ "node": ">=12" } }, + "node_modules/@semantic-release/changelog": { + "version": "6.0.3", + "resolved": "https://registry.npmjs.org/@semantic-release/changelog/-/changelog-6.0.3.tgz", + "integrity": "sha512-dZuR5qByyfe3Y03TpmCvAxCyTnp7r5XwtHRf/8vD9EAn4ZWbavUX8adMtXYzE86EVh0gyLA7lm5yW4IV30XUag==", + "dev": true, + "dependencies": { + "@semantic-release/error": "^3.0.0", + "aggregate-error": "^3.0.0", + "fs-extra": "^11.0.0", + "lodash": "^4.17.4" + }, + "engines": { + "node": ">=14.17" + }, + "peerDependencies": { + "semantic-release": ">=18.0.0" + } + }, + "node_modules/@semantic-release/changelog/node_modules/@semantic-release/error": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/@semantic-release/error/-/error-3.0.0.tgz", + "integrity": "sha512-5hiM4Un+tpl4cKw3lV4UgzJj+SmfNIDCLLw0TepzQxz9ZGV5ixnqkzIVF+3tp0ZHgcMKE+VNGHJjEeyFG2dcSw==", + "dev": true, + "engines": { + "node": ">=14.17" + } + }, + "node_modules/@semantic-release/changelog/node_modules/aggregate-error": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/aggregate-error/-/aggregate-error-3.1.0.tgz", + "integrity": "sha512-4I7Td01quW/RpocfNayFdFVk1qSuoh0E7JrbRJ16nH01HhKFQ88INq9Sd+nd72zqRySlr9BmDA8xlEJ6vJMrYA==", + "dev": true, + "dependencies": { + "clean-stack": "^2.0.0", + "indent-string": "^4.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/@semantic-release/changelog/node_modules/clean-stack": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/clean-stack/-/clean-stack-2.2.0.tgz", + "integrity": "sha512-4diC9HaTE+KRAMWhDhrGOECgWZxoevMc5TlkObMqNSsVU62PYzXZ/SMTjzyGAFF1YusgxGcSWTEXBhp0CPwQ1A==", + "dev": true, + "engines": { + "node": ">=6" + } + }, + "node_modules/@semantic-release/changelog/node_modules/indent-string": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/indent-string/-/indent-string-4.0.0.tgz", + "integrity": "sha512-EdDDZu4A2OyIK7Lr/2zG+w5jmbuk1DVBnEwREQvBzspBJkCEbRa8GxU1lghYcaGJCnRWibjDXlq779X1/y5xwg==", + "dev": true, + "engines": { + "node": ">=8" + } + }, "node_modules/@semantic-release/commit-analyzer": { "version": "11.0.0", "resolved": "https://registry.npmjs.org/@semantic-release/commit-analyzer/-/commit-analyzer-11.0.0.tgz", diff --git a/package.json b/package.json index c0acd39..dfce4b5 100644 --- a/package.json +++ b/package.json @@ -1,5 +1,6 @@ { "devDependencies": { + "@semantic-release/changelog": "^6.0.3", "@semantic-release/commit-analyzer": "^11.0.0", "@semantic-release/github": "^9.0.6", "@semantic-release/release-notes-generator": "^12.0.0",