[Snyk] Security upgrade alpine from 3.19 to 3.20 #126
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Application | |
| on: [push, pull_request] | |
| jobs: | |
| binary-build: | |
| strategy: | |
| matrix: | |
| include: | |
| - os: ubuntu | |
| version: 22.04 | |
| goos: linux | |
| - os: macOS | |
| version: 12 | |
| goos: darwin | |
| - os: windows | |
| version: 2022 | |
| goos: windows | |
| name: Binary Build (${{ matrix.os }} ${{ matrix.version }}) | |
| runs-on: ${{ matrix.os }}-${{ matrix.version }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Use Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version-file: frontend/.nvmrc | |
| - uses: actions/setup-go@v4 | |
| with: | |
| go-version: 1.21.4 | |
| - name: Build frontend | |
| run: | | |
| cd frontend | |
| npm ci | |
| npm run build:prod | |
| - name: Get the executable suffix | |
| run: | | |
| if [ "${{ matrix.goos }}" = "windows" ]; then | |
| echo "SUFFIX=.exe" >> $GITHUB_ENV | |
| fi | |
| shell: bash | |
| - name: Build binary for amd64 | |
| run: go build -o bin/remixdb-${{ matrix.goos }}-amd64${{ env.SUFFIX }} ./cmd/remixdb | |
| env: | |
| GOOS: ${{ matrix.goos }} | |
| GOARCH: amd64 | |
| - name: Build binary for arm64 | |
| run: go build -o bin/remixdb-${{ matrix.goos }}-arm64${{ env.SUFFIX }} ./cmd/remixdb | |
| env: | |
| GOOS: ${{ matrix.goos }} | |
| GOARCH: arm64 | |
| - name: Upload amd64 binary | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: remixdb-${{ matrix.goos }}-amd64 | |
| path: bin/remixdb-${{ matrix.goos }}-amd64${{ env.SUFFIX }} | |
| - name: Upload arm64 binary | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: remixdb-${{ matrix.goos }}-arm64 | |
| path: bin/remixdb-${{ matrix.goos }}-arm64${{ env.SUFFIX }} | |
| # Huge shoutout to https://github.com/orgs/community/discussions/26723#discussioncomment-3253091 | |
| # for the docker buildx caching solution. | |
| docker-integration-test-build: | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| id: buildx | |
| with: | |
| install: true | |
| buildkitd-flags: --debug | |
| - name: Cache Docker layers | |
| uses: actions/cache@v3 | |
| with: | |
| path: /tmp/.buildx-cache | |
| key: ${{ runner.os }}-buildx-${{ github.sha }} | |
| restore-keys: | | |
| ${{ runner.os }}-buildx- | |
| - name: Build Docker image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| builder: ${{ steps.buildx.outputs.name }} | |
| push: false | |
| tags: remixdb:latest | |
| cache-from: type=local,src=/tmp/.buildx-cache | |
| cache-to: type=local,dest=/tmp/.buildx-cache-new | |
| outputs: type=docker,dest=/tmp/remixdb-image.tar | |
| - name: Upload artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: remixdb-image | |
| path: /tmp/remixdb-image.tar | |
| - name: Move cache | |
| run: | | |
| rm -rf /tmp/.buildx-cache | |
| mv /tmp/.buildx-cache-new /tmp/.buildx-cache | |
| generate-integration-tests: | |
| runs-on: ubuntu-22.04 | |
| needs: docker-integration-test-build | |
| outputs: | |
| matrix: ${{ steps.matrix.outputs.matrix }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: 3.11 | |
| - run: python integration_tests/generate_matrix.py | |
| id: matrix | |
| integration-tests: | |
| needs: generate-integration-tests | |
| strategy: | |
| max-parallel: 5 | |
| matrix: ${{ fromJson(needs.generate-integration-tests.outputs.matrix) }} | |
| runs-on: ubuntu-22.04 | |
| name: Run integration tests (${{ matrix.name }}@${{ matrix.version }}) | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Download Docker image | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: remixdb-image | |
| path: /tmp | |
| - name: Load Docker image | |
| run: docker load -i /tmp/remixdb-image.tar | |
| - uses: actions/cache@v3 | |
| with: | |
| path: /tmp/integration-testing | |
| key: ${{ matrix.name }}-${{ matrix.version }}-cache-${{ github.sha }} | |
| restore-keys: | | |
| ${{ matrix.name }}-${{ matrix.version }}-cache- | |
| # TODO: Start remixdb | |
| - name: Run integration tests | |
| run: | | |
| cd integration_tests/${{ matrix.name }} | |
| ./run.sh | |
| env: | |
| VERSION: ${{ matrix.version }} | |
| docker-publish: | |
| runs-on: ubuntu-22.04 | |
| needs: [binary-build, integration-tests] | |
| if: github.ref == 'refs/heads/main' || github.ref == 'refs/tags/v*' | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: 3.11 | |
| - run: python create_publish_dockerfile.py mutate_dockerignore | |
| - name: Use Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version-file: frontend/.nvmrc | |
| - name: Build the frontend | |
| run: cd frontend && npm ci && npm run build:prod | |
| - name: Setup QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to GitHub Container Registry | |
| uses: docker/#-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Get build hash | |
| if: github.ref == 'refs/heads/main' | |
| run: echo "BUILD_TAG=$(git rev-parse --short HEAD)" >> $GITHUB_ENV | |
| - name: Get build tag | |
| if: github.ref == 'refs/tags/v*' | |
| run: echo "BUILD_TAG=${GITHUB_REF/refs\/tags\//}" >> $GITHUB_ENV | |
| env: | |
| GITHUB_REF: ${{ github.ref }} | |
| - name: Build Docker image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| platforms: linux/amd64,linux/arm64 | |
| push: true | |
| tags: ghcr.io/webscalesoftwareltd/remixdb:${{ env.BUILD_TAG }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| file: Dockerfile.ghcr-deploy | |
| - name: Push to latest too if version | |
| if: github.ref == 'refs/tags/v*' | |
| run: | | |
| docker tag ghcr.io/webscalesoftwareltd/remixdb:${{ env.BUILD_TAG }} ghcr.io/webscalesoftwareltd/remixdb:latest | |
| docker push ghcr.io/webscalesoftwareltd/remixdb:latest | |
| release-tag: | |
| runs-on: ubuntu-22.04 | |
| needs: docker-publish | |
| if: github.ref == 'refs/tags/v*' | |
| permissions: | |
| contents: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Get the tag | |
| run: echo "TAG=${GITHUB_REF/refs\/tags\//}" >> $GITHUB_ENV | |
| env: | |
| GITHUB_REF: ${{ github.ref }} | |
| - name: Set BODY_PATH to changelogs/${{ env.TAG }}.md if it exists | |
| run: | | |
| if [ -f changelogs/${{ env.TAG }}.md ]; then | |
| echo "BODY_PATH=changelogs/${{ env.TAG }}.md" >> $GITHUB_ENV | |
| fi | |
| - uses: ncipollo/release-action@v1 | |
| with: | |
| bodyFile: ${{ env.BODY_PATH }} |