Skip to content
Platform Image Tests

Feature/895 - helm chart security fixes for OasisPlatform #1049

Sign in to view logs

Feature/895 - helm chart security fixes for OasisPlatform

Feature/895 - helm chart security fixes for OasisPlatform #1049

Workflow file for this run

.github/workflows/test-images.yml at c4752af
name: Platform Image Tests
on:
push:
branches:
- main
pull_request:
branches:
- main
workflow_dispatch:
inputs:
last_release:
description: "Test backwards compatibility with platform ver [semvar]"
required: false
piwind_branch:
description: "Check Results from Piwind branch [git ref]"
required: true
default: 'main'
pytest_options:
description: "Pytest optional args [-k <test_name>]"
required: false
cve_severity:
description: 'Severities of vulnerabilities to scanned for [LOW, MEDIUM, HIGH, CRITICAL, SKIP]'
required: false
oasislmf_branch:
description: 'If set, pip install oasislmf branch [git ref]'
required: false
ods_branch:
description: 'If set, pip install ods-tools branch [git ref]'
required: false
env:
pre_release: 'true' # look for pre-release when testing last released platform version
semver_major: '2' # Search for published images but limited to {semvar_major}.x.x
#semver_minor: '27' # Search for published images but limited to x.{semvar_minor}.x
jobs:
build_images:
uses: ./.github/workflows/build-images.yml
secrets: inherit
with:
docker_push: true
ignore_unfixed: true
#cve_severity: ${{ github.event_name != 'workflow_dispatch' && 'CRITICAL,HIGH' || inputs.cve_severity }}
cve_severity: ${{ github.event_name != 'workflow_dispatch' && 'SKIP' || inputs.cve_severity }}
oasislmf_branch: ${{ github.event_name != 'workflow_dispatch' && 'main' || inputs.oasislmf_branch }}
ods_branch: ${{ github.event_name != 'workflow_dispatch' && 'main' || inputs.ods_branch }}
setup:
runs-on: ubuntu-latest
needs: [build_images]
outputs:
pytest_opts: ${{ steps.pytest.outputs.opts }}
piwind_branch: ${{ steps.piwind.outputs.branch }}
release_tag: ${{ steps.released_images.outputs.prev_release_tag }}
build_server_img: ${{ steps.built_images.outputs.server_img }}
build_server_tag: ${{ steps.built_images.outputs.server_tag }}
build_worker_img: ${{ steps.built_images.outputs.worker_img }}
build_worker_tag: ${{ steps.built_images.outputs.worker_tag }}
build_deb_worker_img: ${{ steps.built_images.outputs.deb_worker_img }}
build_deb_worker_tag: ${{ steps.built_images.outputs.deb_worker_tag }}
steps:
- name: Checkout Platform
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Load latest release tag
id: released_images
run: |
# Find the latest release tag only from current branch
if [[ "${{ github.ref_name }}" == backports/ ]]; then
tag=$( ./scripts/find_release.sh -p "${{ env.pre_release }}")
echo "prev_release_tag=$tag" >> $GITHUB_OUTPUT
# Find tags release accross all branches, limited to matching semver
elif [[ -z "${{ inputs.last_release }}" ]]; then
tag=$( ./scripts/find_latest.sh -j "${{ env.semver_major }}" )
#tag=$( ./scripts/find_latest.sh -j "${{ env.semver_major }}" -i "${{ env.semver_minor }}" )
echo "prev_release_tag=$tag" >> $GITHUB_OUTPUT
# Don't search, use the given input
else
echo "prev_release_tag=${{ inputs.last_release }}" >> $GITHUB_OUTPUT
fi
- name: Select PiWind branch
id: piwind
run: |
# Select matching base branch on piwind
if [[ "${{ github.event_name }}" = "pull_request" ]]; then
BRANCH=${{ github.base_ref }}
elif [[ "${{ github.event_name }}" = "push" ]]; then
BRANCH=${{ github.ref_name }}
else
BRANCH=${{ inputs.piwind_branch }}
fi
#override 'main-platform1' -> 'main'
if [[ "$BRANCH" = 'main-platform1' ]]; then
BRANCH=main
fi
echo "branch=$BRANCH" >> $GITHUB_OUTPUT
- name: Select Pytest Options
id: pytest
run: |
if [[ -z "${{ inputs.pytest_options }}" ]]; then
echo "opts='-k case_1'" >> $GITHUB_OUTPUT
else
echo "opts=${{ inputs.pytest_options }}" >> $GITHUB_OUTPUT
fi
# Split ouput strings from build job
- name: Load built images
id: built_images
run: |
server_img=$(echo ${{ needs.build_images.outputs.server_image }} | awk '{split($0,a,":"); print a[1];}')
server_tag=$(echo ${{ needs.build_images.outputs.server_image }} | awk '{split($0,a,":"); print a[2];}')
echo "server_img=$server_img" >> $GITHUB_OUTPUT
echo "server_tag=$server_tag" >> $GITHUB_OUTPUT
worker_img=$(echo ${{ needs.build_images.outputs.worker_image }} | awk '{split($0,a,":"); print a[1];}')
worker_tag=$(echo ${{ needs.build_images.outputs.worker_image }} | awk '{split($0,a,":"); print a[2];}')
echo "worker_img=$worker_img" >> $GITHUB_OUTPUT
echo "worker_tag=$worker_tag" >> $GITHUB_OUTPUT
deb_worker_img=$(echo ${{ needs.build_images.outputs.worker_deb_image }} | awk '{split($0,a,":"); print a[1];}')
deb_worker_tag=$(echo ${{ needs.build_images.outputs.worker_deb_image }} | awk '{split($0,a,":"); print a[2];}')
echo "deb_worker_img=$deb_worker_img" >> $GITHUB_OUTPUT
echo "deb_worker_tag=$deb_worker_tag" >> $GITHUB_OUTPUT
worker_all_checks:
name: PiWind all checks
secrets: inherit
needs: [setup]
uses: OasisLMF/OasisPiWind/.github/workflows/integration.yml@main
with:
piwind_branch: ${{ needs.setup.outputs.piwind_branch }}
server_image: ${{ needs.setup.outputs.build_server_img }}
server_tag: ${{ needs.setup.outputs.build_server_tag }}
worker_image: ${{ needs.setup.outputs.build_worker_img }}
worker_tag: ${{ needs.setup.outputs.build_worker_tag }}
debug_mode: 1
pytest_opts: "--docker-compose=./docker/plat2.docker-compose.yml "
storage_suffix: '-all-checks'
worker_debian:
name: Worker Debian
secrets: inherit
needs: [setup]
uses: OasisLMF/OasisPiWind/.github/workflows/integration.yml@main
with:
piwind_branch: ${{ needs.setup.outputs.piwind_branch }}
server_image: ${{ needs.setup.outputs.build_server_img }}
server_tag: ${{ needs.setup.outputs.build_server_tag }}
worker_image: ${{ needs.setup.outputs.build_deb_worker_img }}
worker_tag: ${{ needs.setup.outputs.build_deb_worker_tag }}
debug_mode: 1
pytest_opts: "--docker-compose=./docker/plat2.docker-compose.yml ${{ needs.setup.outputs.pytest_opts }}"
storage_suffix: '-worker-debian'
# server_compatibility:
# name: Server Compatibility (${{ needs.setup.outputs.release_tag }})
# secrets: inherit
# needs: [setup]
# uses: OasisLMF/OasisPiWind/.github/workflows/integration.yml@main
# with:
# piwind_branch: ${{ needs.setup.outputs.piwind_branch }}
# server_image: ${{ needs.setup.outputs.build_server_img }}
# server_tag: ${{ needs.setup.outputs.build_server_tag }}
# worker_image: 'coreoasis/model_worker'
# worker_tag: ${{ needs.setup.outputs.release_tag }}
# debug_mode: 1
# pytest_opts: "--docker-compose=./docker/plat2.docker-compose.yml ${{ needs.setup.outputs.pytest_opts }}"
# storage_suffix: '-server-compatibility'
#
# worker_compatibility:
# name: Worker Compatibility (${{ needs.setup.outputs.release_tag }})
# secrets: inherit
# needs: [setup]
# uses: OasisLMF/OasisPiWind/.github/workflows/integration.yml@main
# with:
# piwind_branch: ${{ needs.setup.outputs.piwind_branch }}
# server_image: 'coreoasis/api_server'
# server_tag: ${{ needs.setup.outputs.release_tag }}
# worker_image: ${{ needs.setup.outputs.build_worker_img }}
# worker_tag: ${{ needs.setup.outputs.build_worker_tag }}
# debug_mode: 1
# pytest_opts: "--docker-compose=./docker/plat2.docker-compose.yml ${{ needs.setup.outputs.pytest_opts }}"
# storage_suffix: '-worker-compatibility'
# storage_s3:
# name: Storage Compatibility (S3)
# secrets: inherit
# needs: [setup]
# uses: OasisLMF/OasisPiWind/.github/workflows/integration.yml@main
# with:
# piwind_branch: ${{ needs.setup.outputs.piwind_branch }}
# server_image: ${{ needs.setup.outputs.build_server_img }}
# server_tag: ${{ needs.setup.outputs.build_server_tag }}
# worker_image: ${{ needs.setup.outputs.build_worker_img }}
# worker_tag: ${{ needs.setup.outputs.build_worker_tag }}
# debug_mode: 0
# pytest_opts: "--docker-compose=./docker/plat2.docker-compose.yml ${{ needs.setup.outputs.pytest_opts }}"
# storage_suffix: '-s3'