fix: Dockerfile to reduce vulnerabilities #39
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: [push] | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- uses: actions/setup-python@v1 | |
with: | |
python-version: 3.11 | |
- uses: actions/cache@v1 | |
with: | |
path: ~/.cache/pip | |
key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }} | |
restore-keys: | | |
${{ runner.os }}-pip- | |
- name: Install dependencies | |
run: | | |
export ACCEPT_EULA=Y | |
sudo apt-get update | |
python -m pip install --upgrade pip | |
sudo apt-get install -y python3-pip libgdal-dev locales | |
sudo apt-get install -y libspatialindex-dev | |
sudo apt-get install -y coinor-cbc | |
export CPLUS_INCLUDE_PATH=/usr/include/gdal | |
export C_INCLUDE_PATH=/usr/include/gdal | |
sudo apt-get install ca-certificates | |
export CURL_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt | |
pip install GDAL==3.4.1 | |
pip install -e '.[dev]' | |
- name: Install jupyter kernel | |
run: python -m ipykernel install --user --name genet | |
- name: Unit tests | |
run: pytest | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: eu-west-1 | |
- name: Push zip to S3 | |
env: | |
AWS_S3_CODE_BUCKET: ${{ secrets.AWS_S3_CODE_BUCKET }} | |
run: | | |
echo $GITHUB_REPOSITORY | |
echo $GITHUB_SHA | |
echo $GITHUB_SHA > release | |
if test "$GITHUB_REF" = "refs/heads/main"; then | |
echo "Branch is main - no need to make a release name..." | |
else | |
echo "Making a release name for non-main branch..." | |
branch=`echo $GITHUB_REF | awk -F '/' '{print $3}'` | |
release_name=`echo $GITHUB_ACTOR-$branch` | |
echo "Release name: $release_name" | |
echo $release_name > release_name | |
fi | |
zip -r app.zip . | |
repo_slug=`echo $GITHUB_REPOSITORY | awk -F '/' '{print $2}'` | |
echo $repo_slug | |
aws s3 cp app.zip "s3://$AWS_S3_CODE_BUCKET/$repo_slug.zip" | |
- name: Send build success notification | |
if: success() | |
uses: rtCamp/[email protected] | |
env: | |
SLACK_MESSAGE: ${{ github.repository }} build ${{ github.run_number }} launched by ${{ github.actor }} has succeeded | |
SLACK_TITLE: Build Success | |
SLACK_CHANNEL: city-modelling-feeds | |
SLACK_USERNAME: GitHub Build Bot | |
SLACK_ICON: https://slack-files2.s3-us-west-2.amazonaws.com/avatars/2017-12-19/288981919427_f45f04edd92902a96859_512.png | |
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} | |
- name: Send build failure notification | |
if: failure() | |
uses: rtCamp/[email protected] | |
env: | |
SLACK_COLOR: '#FF0000' | |
SLACK_MESSAGE: ${{ github.repository }} build ${{ github.run_number }} launched by ${{ github.actor }} has failed | |
SLACK_TITLE: Build Failure! | |
SLACK_CHANNEL: city-modelling-feeds | |
SLACK_USERNAME: GitHub Build Bot | |
SLACK_ICON: https://slack-files2.s3-us-west-2.amazonaws.com/avatars/2017-12-19/288981919427_f45f04edd92902a96859_512.png | |
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} |