Bump cryptography from 38.0.4 to 41.0.3 #275
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: ci | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
branches: [main] | |
issue_comment: | |
types: [created] | |
jobs: | |
changes: | |
runs-on: ubuntu-latest | |
outputs: | |
src: ${{ steps.filter.outputs.src }} # Used to calculate general changes to source code | |
terraform: ${{ steps.filter.outputs.terraform }} # Used to calculate general changes to terraform | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: dorny/[email protected] | |
id: filter | |
with: | |
filters: | | |
terraform: | |
- 'terraform/**' | |
src: | |
- 'src/**' | |
lint: | |
needs: changes | |
if: needs.changes.outputs.src == 'true' || needs.changes.outputs.terraform == 'true' | |
name: lint | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Check files using the black formatter | |
uses: rickstaa/action-black@f7d43bb2466fca468649d6c3d548ccef7412b93f # pin@v1 | |
id: action_black | |
with: | |
black_args: "." | |
- name: Comment Black Message | |
if: steps.action_black.outputs.is_formatted == 'true' | |
uses: peter-evans/[email protected] | |
with: | |
issue-number: ${{ github.event.pull_request.number }} | |
body: | | |
❌ Linting Failed ❌ | |
You will need to properly lint your code before CI can pass | |
Run the following script to lint your code: | |
```bash | |
script/lint | |
``` | |
Or manually lint the repo from the command line: | |
```console | |
$ pip install black && black . | |
... | |
All done! ✨ 🍰 ✨ | |
``` | |
> If you are running manually, ensure you run the command from the root of the repo | |
Commit your changes and try again! | |
- name: Linting Required | |
if: steps.action_black.outputs.is_formatted == 'true' | |
run: | | |
echo "Please lint your code with 'black' and try again! -> 'pip install black && black .'" | |
exit 1 | |
test: | |
needs: [changes, lint] | |
if: | |
needs.changes.outputs.src == 'true' || needs.changes.outputs.terraform == | |
'true' | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Set up Python 3.11 | |
uses: actions/setup-python@v4 | |
with: | |
python-version: 3.11 | |
cache: 'pip' # caching pip dependencies | |
- name: Install dependencies | |
run: | | |
python -m pip install --upgrade pip | |
if [ -f requirements.txt ]; then pip install -r requirements.txt; fi | |
- name: Test with pytest | |
run: | | |
script/test | |
echo "Success! - pytest Passed" | |
# Use this step for validating json files commit to the repo | |
- name: JSON Validation | |
working-directory: src/errbot | |
run: python -mjson.tool plugins/league/responses.json > /dev/null | |
build: | |
needs: [changes, test] | |
if: | |
needs.changes.outputs.src == 'true' || needs.changes.outputs.terraform == | |
'true' | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a # pin@v1 | |
if: github.event_name == 'push' | |
with: | |
creds: ${{ secrets.AZURE_CREDENTIALS }} | |
- name: "ACR Login" | |
if: github.event_name == 'push' | |
uses: azure/docker-login@81744f9799e7eaa418697cb168452a2882ae844a # pin@v1 | |
with: | |
login-server: errbotacr.azurecr.io | |
username: ${{ secrets.REGISTRY_USERNAME }} | |
password: ${{ secrets.REGISTRY_PASSWORD }} | |
# In this step, this action saves a list of existing images, | |
# the cache is created without them in the post run. | |
# It also restores the cache if it exists. | |
- uses: satackey/action-docker-layer-caching@46d2c640b1d8ef50d185452ad6fb324e6bd1d052 # [email protected] | |
# Ignore the failure of a step and avoid terminating the job. | |
continue-on-error: true | |
# Builds images on pull request workflows | |
- name: "Build image - On Pull Request" | |
if: github.event_name == 'pull_request' | |
run: | | |
script/ci-build -t=${{ github.sha }} -r="errbotacr.azurecr.io" | |
# Builds and pushes images on push workflow | |
- name: "Build and Push image - On Push" | |
if: github.event_name == 'push' | |
run: | | |
script/ci-build -t=${{ github.sha }} -r="errbotacr.azurecr.io" -p=true | |
terraform: | |
needs: [changes, build] | |
if: | |
needs.changes.outputs.src == 'true' || needs.changes.outputs.terraform == 'true' | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a # pin@v1 | |
with: | |
creds: ${{ secrets.AZURE_CREDENTIALS }} | |
- uses: hashicorp/setup-terraform@3d8debd658c92063839bc97da5c2427100420dec # pin@v1 | |
with: | |
terraform_version: 1.1.0 | |
cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} | |
# Set the Kube Config for the environment. This assumes the k8s-cluster is up | |
- uses: azure/k8s-set-context@2f6bfda1e23e1a8cdfcfabc5c9e8894eec34734f # pin@v1 | |
with: | |
method: kubeconfig | |
kubeconfig: ${{ secrets.KUBE_CONFIG }} | |
id: setcontext | |
# Terraform aws | |
- name: Terraform fmt (aws) | |
if: github.event_name == 'pull_request' | |
working-directory: terraform/aws | |
id: fmt_aws_tf | |
run: terraform fmt -check | |
continue-on-error: true | |
- name: Terraform init (aws) | |
if: github.event_name == 'pull_request' | |
working-directory: terraform/aws | |
id: init_aws_tf | |
run: terraform init | |
- name: Terraform validate (aws) | |
if: github.event_name == 'pull_request' | |
working-directory: terraform/aws | |
id: validate_aws_tf | |
run: terraform validate -no-color | |
- name: Terraform plan (aws) | |
if: github.event_name == 'pull_request' | |
working-directory: terraform/aws | |
id: plan_aws_tf | |
env: | |
TF_VAR_AWS_ACCESS_KEY_ID: ${{ secrets.TF_VAR_AWS_ACCESS_KEY_ID }} | |
TF_VAR_AWS_SECRET_ACCESS_KEY: ${{ secrets.TF_VAR_AWS_SECRET_ACCESS_KEY }} | |
run: terraform plan -no-color | |
continue-on-error: true | |
# Terraform k8s-cluster | |
- name: Terraform fmt (k8s-cluster) | |
if: github.event_name == 'pull_request' | |
working-directory: terraform/k8s-cluster | |
id: fmt_k8s_cluster | |
run: terraform fmt -check | |
continue-on-error: true | |
- name: Terraform init (k8s-cluster) | |
if: github.event_name == 'pull_request' | |
working-directory: terraform/k8s-cluster | |
id: init_k8s_cluster | |
run: terraform init | |
- name: Terraform validate (k8s-cluster) | |
if: github.event_name == 'pull_request' | |
working-directory: terraform/k8s-cluster | |
id: validate_k8s_cluster | |
run: terraform validate -no-color | |
- name: Terraform plan (k8s-cluster) | |
if: github.event_name == 'pull_request' | |
working-directory: terraform/k8s-cluster | |
id: plan_k8s_cluster | |
env: | |
TF_VAR_CLIENT_ID: ${{ secrets.TF_VAR_CLIENT_ID }} | |
TF_VAR_CLIENT_SECRET: ${{ secrets.TF_VAR_CLIENT_SECRET }} | |
TF_VAR_SUBSCRIPTION_ID: ${{ secrets.TF_VAR_SUBSCRIPTION_ID }} | |
TF_VAR_TENANT_ID: ${{ secrets.TF_VAR_TENANT_ID }} | |
run: terraform plan -no-color | |
continue-on-error: true | |
# Terraform k8s (resources / workloads) | |
- name: Terraform fmt (k8s) | |
if: github.event_name == 'pull_request' | |
working-directory: terraform/k8s | |
id: fmt_k8s | |
run: terraform fmt -check | |
continue-on-error: true | |
- name: Terraform init (k8s) | |
if: github.event_name == 'pull_request' | |
working-directory: terraform/k8s | |
id: init_k8s | |
run: terraform init | |
- name: Terraform validate (k8s) | |
if: github.event_name == 'pull_request' | |
working-directory: terraform/k8s | |
id: validate_k8s | |
run: terraform validate -no-color | |
# Runs a plan for the k8s resources to be deployed | |
- name: Terraform plan (k8s) | |
if: github.event_name == 'pull_request' | |
working-directory: terraform/k8s | |
id: plan_k8s | |
env: | |
# Config | |
TF_VAR_IMAGE_TAG: ${{ github.sha }} | |
# Creds | |
TF_VAR_CHAT_SERVICE_TOKEN: ${{ secrets.TF_VAR_CHAT_SERVICE_TOKEN }} | |
TF_VAR_CHAT_SERVICE_TOKEN_PUBLIC: ${{ secrets.CHAT_SERVICE_TOKEN_PUBLIC }} | |
TF_VAR_CLIENT_ID: ${{ secrets.TF_VAR_CLIENT_ID }} | |
TF_VAR_CLIENT_SECRET: ${{ secrets.TF_VAR_CLIENT_SECRET }} | |
TF_VAR_SUBSCRIPTION_ID: ${{ secrets.TF_VAR_SUBSCRIPTION_ID }} | |
TF_VAR_TENANT_ID: ${{ secrets.TF_VAR_TENANT_ID }} | |
TF_VAR_RIOT_TOKEN: ${{ secrets.TF_VAR_RIOT_TOKEN }} | |
TF_VAR_AWS_ACCESS_KEY_ID: ${{ secrets.TF_VAR_AWS_ACCESS_KEY_ID }} | |
TF_VAR_AWS_SECRET_ACCESS_KEY: ${{ secrets.TF_VAR_AWS_SECRET_ACCESS_KEY }} | |
TF_VAR_AWS_ACCESS_KEY_ID_ENCODED: ${{ secrets.AWS_ACCESS_KEY_ID_ENCODED }} | |
TF_VAR_AWS_SECRET_ACCESS_KEY_ENCODED: ${{ secrets.AWS_SECRET_ACCESS_KEY_ENCODED }} | |
TF_VAR_SPOTIFY_CLIENT_ID: ${{ secrets.SPOTIFY_CLIENT_ID }} | |
TF_VAR_SPOTIFY_CLIENT_SECRET: ${{ secrets.SPOTIFY_CLIENT_SECRET }} | |
TF_VAR_SENTRY: ${{ secrets.SENTRY }} | |
TF_VAR_LOKI_PUSH_URL: ${{ secrets.LOKI_PUSH_URL }} | |
TF_VAR_GEOLOCATION_KEY: ${{ secrets.GEOLOCATION_KEY }} | |
run: terraform plan -no-color | |
continue-on-error: true | |
# Post comment on PR with development plan info | |
# This comment includes the plan for the k8s-cluster and the k8s resources | |
- uses: actions/github-script@5d03ada4b0a753e9460b312e61cc4f8fdeacf163 # [email protected] | |
if: github.event_name == 'pull_request' | |
env: | |
PLAN_K8S_CLUSTER: "terraform ${{ steps.plan_k8s_cluster.outputs.stdout }}" | |
PLAN_K8S: "terraform ${{ steps.plan_k8s.outputs.stdout }}" | |
PLAN_AWS_TF: "terraform ${{ steps.plan_aws_tf.outputs.stdout }}" | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
script: | | |
const output = `### Terraform Plan - \`aws\` - Production 🪐 | |
- Terraform Format and Style 🖌: \`${{ steps.fmt_aws_tf.outcome }}\` | |
- Terraform Initialization ⚙️: \`${{ steps.init_aws_tf.outcome }}\` | |
- Terraform Validation 🤖: \`${{ steps.validate_aws_tf.outcome }}\` | |
- Terraform Plan 📖: \`${{ steps.plan_aws_tf.outcome }}\` | |
<details><summary><b>Show Plan</b></summary> | |
\`\`\`${process.env.PLAN_AWS_TF}\`\`\` | |
</details> | |
> Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`, Working Directory: \`terraform/aws\`, Workflow: \`${{ github.workflow }}\` | |
### Terraform Plan - \`k8s-cluster\` - Production 🪐 | |
- Terraform Format and Style 🖌: \`${{ steps.fmt_k8s_cluster.outcome }}\` | |
- Terraform Initialization ⚙️: \`${{ steps.init_k8s_cluster.outcome }}\` | |
- Terraform Validation 🤖: \`${{ steps.validate_k8s_cluster.outcome }}\` | |
- Terraform Plan 📖: \`${{ steps.plan_k8s_cluster.outcome }}\` | |
<details><summary><b>Show Plan</b></summary> | |
\`\`\`${process.env.PLAN_K8S_CLUSTER}\`\`\` | |
</details> | |
> Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`, Working Directory: \`terraform/k8s-cluster\`, Workflow: \`${{ github.workflow }}\` | |
### Terraform Plan - \`k8s\` - Production 🪐 | |
- Terraform Format and Style 🖌: \`${{ steps.fmt_k8s.outcome }}\` | |
- Terraform Initialization ⚙️: \`${{ steps.init_k8s.outcome }}\` | |
- Terraform Validation 🤖: \`${{ steps.validate_k8s.outcome }}\` | |
- Terraform Plan 📖: \`${{ steps.plan_k8s.outcome }}\` | |
<details><summary><b>Show Plan</b></summary> | |
\`\`\`${process.env.PLAN_K8S}\`\`\` | |
</details> | |
> Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`, Working Directory: \`terraform/k8s\`, Workflow: \`${{ github.workflow }}\``; | |
github.issues.createComment({ | |
issue_number: context.issue.number, | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
body: output | |
}) | |
# Apply (aws) | |
- name: Terraform init (aws) | |
if: github.event_name == 'push' | |
working-directory: terraform/aws | |
run: terraform init | |
- name: Terraform apply (aws) | |
if: github.event_name == 'push' | |
working-directory: terraform/aws | |
env: | |
TF_VAR_AWS_ACCESS_KEY_ID: ${{ secrets.TF_VAR_AWS_ACCESS_KEY_ID }} | |
TF_VAR_AWS_SECRET_ACCESS_KEY: ${{ secrets.TF_VAR_AWS_SECRET_ACCESS_KEY }} | |
run: terraform apply -auto-approve | |
# Apply (k8s-cluster) | |
- name: Terraform init (k8s-cluster) | |
if: github.event_name == 'push' | |
working-directory: terraform/k8s-cluster | |
run: terraform init | |
- name: Terraform apply (k8s-cluster) | |
if: github.event_name == 'push' | |
working-directory: terraform/k8s-cluster | |
env: | |
# Azure Auth | |
TF_VAR_CLIENT_ID: ${{ secrets.TF_VAR_CLIENT_ID }} | |
TF_VAR_CLIENT_SECRET: ${{ secrets.TF_VAR_CLIENT_SECRET }} | |
TF_VAR_SUBSCRIPTION_ID: ${{ secrets.TF_VAR_SUBSCRIPTION_ID }} | |
TF_VAR_TENANT_ID: ${{ secrets.TF_VAR_TENANT_ID }} | |
run: terraform apply -auto-approve | |
# Apply (k8s) | |
- name: Terraform init (k8s) | |
if: github.event_name == 'push' | |
working-directory: terraform/k8s | |
run: terraform init | |
- name: Terraform apply (k8s) | |
if: github.event_name == 'push' | |
working-directory: terraform/k8s | |
env: | |
# Config | |
TF_VAR_IMAGE_TAG: ${{ github.sha }} | |
# Creds | |
TF_VAR_CHAT_SERVICE_TOKEN: ${{ secrets.TF_VAR_CHAT_SERVICE_TOKEN }} | |
TF_VAR_CHAT_SERVICE_TOKEN_PUBLIC: ${{ secrets.CHAT_SERVICE_TOKEN_PUBLIC }} | |
TF_VAR_CLIENT_ID: ${{ secrets.TF_VAR_CLIENT_ID }} | |
TF_VAR_CLIENT_SECRET: ${{ secrets.TF_VAR_CLIENT_SECRET }} | |
TF_VAR_SUBSCRIPTION_ID: ${{ secrets.TF_VAR_SUBSCRIPTION_ID }} | |
TF_VAR_TENANT_ID: ${{ secrets.TF_VAR_TENANT_ID }} | |
TF_VAR_RIOT_TOKEN: ${{ secrets.TF_VAR_RIOT_TOKEN }} | |
TF_VAR_AWS_ACCESS_KEY_ID: ${{ secrets.TF_VAR_AWS_ACCESS_KEY_ID }} | |
TF_VAR_AWS_SECRET_ACCESS_KEY: ${{ secrets.TF_VAR_AWS_SECRET_ACCESS_KEY }} | |
TF_VAR_AWS_ACCESS_KEY_ID_ENCODED: ${{ secrets.AWS_ACCESS_KEY_ID_ENCODED }} | |
TF_VAR_AWS_SECRET_ACCESS_KEY_ENCODED: ${{ secrets.AWS_SECRET_ACCESS_KEY_ENCODED }} | |
TF_VAR_SPOTIFY_CLIENT_ID: ${{ secrets.SPOTIFY_CLIENT_ID }} | |
TF_VAR_SPOTIFY_CLIENT_SECRET: ${{ secrets.SPOTIFY_CLIENT_SECRET }} | |
TF_VAR_SENTRY: ${{ secrets.SENTRY }} | |
TF_VAR_LOKI_PUSH_URL: ${{ secrets.LOKI_PUSH_URL }} | |
TF_VAR_GEOLOCATION_KEY: ${{ secrets.GEOLOCATION_KEY }} | |
run: terraform apply -auto-approve | |
deployed: | |
environment: production | |
needs: [changes, build, terraform] | |
if: | |
( needs.changes.outputs.src == 'true' || needs.changes.outputs.terraform == 'true' ) && github.event_name == 'push' | |
runs-on: ubuntu-latest | |
steps: | |
# Send a deployment message to Discord via a webhook | |
- name: Discord notification | |
if: github.event_name == 'push' | |
env: | |
DISCORD_WEBHOOK: ${{ secrets.DISCORD_WEBHOOK_DEPLOYMENT }} | |
uses: Ilshidur/action-discord@0c4b27844ba47cb1c7bee539c8eead5284ce9fa9 # [email protected] | |
with: | |
args: "The project `{{ EVENT_PAYLOAD.repository.full_name }}` has been | |
**deployed** to **production** 🚀" |