Skip to content

Bump cryptography from 38.0.4 to 41.0.3 #275

Bump cryptography from 38.0.4 to 41.0.3

Bump cryptography from 38.0.4 to 41.0.3 #275

Workflow file for this run

name: ci
on:
push:
branches:
- main
pull_request:
branches: [main]
issue_comment:
types: [created]
jobs:
changes:
runs-on: ubuntu-latest
outputs:
src: ${{ steps.filter.outputs.src }} # Used to calculate general changes to source code
terraform: ${{ steps.filter.outputs.terraform }} # Used to calculate general changes to terraform
steps:
- uses: actions/checkout@v3
- uses: dorny/[email protected]
id: filter
with:
filters: |
terraform:
- 'terraform/**'
src:
- 'src/**'
lint:
needs: changes
if: needs.changes.outputs.src == 'true' || needs.changes.outputs.terraform == 'true'
name: lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Check files using the black formatter
uses: rickstaa/action-black@f7d43bb2466fca468649d6c3d548ccef7412b93f # pin@v1
id: action_black
with:
black_args: "."
- name: Comment Black Message
if: steps.action_black.outputs.is_formatted == 'true'
uses: peter-evans/[email protected]
with:
issue-number: ${{ github.event.pull_request.number }}
body: |
❌ Linting Failed ❌
You will need to properly lint your code before CI can pass
Run the following script to lint your code:
```bash
script/lint
```
Or manually lint the repo from the command line:
```console
$ pip install black && black .
...
All done! ✨ 🍰 ✨
```
> If you are running manually, ensure you run the command from the root of the repo
Commit your changes and try again!
- name: Linting Required
if: steps.action_black.outputs.is_formatted == 'true'
run: |
echo "Please lint your code with 'black' and try again! -> 'pip install black && black .'"
exit 1
test:
needs: [changes, lint]
if:
needs.changes.outputs.src == 'true' || needs.changes.outputs.terraform ==
'true'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set up Python 3.11
uses: actions/setup-python@v4
with:
python-version: 3.11
cache: 'pip' # caching pip dependencies
- name: Install dependencies
run: |
python -m pip install --upgrade pip
if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
- name: Test with pytest
run: |
script/test
echo "Success! - pytest Passed"
# Use this step for validating json files commit to the repo
- name: JSON Validation
working-directory: src/errbot
run: python -mjson.tool plugins/league/responses.json > /dev/null
build:
needs: [changes, test]
if:
needs.changes.outputs.src == 'true' || needs.changes.outputs.terraform ==
'true'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a # pin@v1
if: github.event_name == 'push'
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: "ACR Login"
if: github.event_name == 'push'
uses: azure/docker-login@81744f9799e7eaa418697cb168452a2882ae844a # pin@v1
with:
login-server: errbotacr.azurecr.io
username: ${{ secrets.REGISTRY_USERNAME }}
password: ${{ secrets.REGISTRY_PASSWORD }}
# In this step, this action saves a list of existing images,
# the cache is created without them in the post run.
# It also restores the cache if it exists.
- uses: satackey/action-docker-layer-caching@46d2c640b1d8ef50d185452ad6fb324e6bd1d052 # [email protected]
# Ignore the failure of a step and avoid terminating the job.
continue-on-error: true
# Builds images on pull request workflows
- name: "Build image - On Pull Request"
if: github.event_name == 'pull_request'
run: |
script/ci-build -t=${{ github.sha }} -r="errbotacr.azurecr.io"
# Builds and pushes images on push workflow
- name: "Build and Push image - On Push"
if: github.event_name == 'push'
run: |
script/ci-build -t=${{ github.sha }} -r="errbotacr.azurecr.io" -p=true
terraform:
needs: [changes, build]
if:
needs.changes.outputs.src == 'true' || needs.changes.outputs.terraform == 'true'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a # pin@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- uses: hashicorp/setup-terraform@3d8debd658c92063839bc97da5c2427100420dec # pin@v1
with:
terraform_version: 1.1.0
cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
# Set the Kube Config for the environment. This assumes the k8s-cluster is up
- uses: azure/k8s-set-context@2f6bfda1e23e1a8cdfcfabc5c9e8894eec34734f # pin@v1
with:
method: kubeconfig
kubeconfig: ${{ secrets.KUBE_CONFIG }}
id: setcontext
# Terraform aws
- name: Terraform fmt (aws)
if: github.event_name == 'pull_request'
working-directory: terraform/aws
id: fmt_aws_tf
run: terraform fmt -check
continue-on-error: true
- name: Terraform init (aws)
if: github.event_name == 'pull_request'
working-directory: terraform/aws
id: init_aws_tf
run: terraform init
- name: Terraform validate (aws)
if: github.event_name == 'pull_request'
working-directory: terraform/aws
id: validate_aws_tf
run: terraform validate -no-color
- name: Terraform plan (aws)
if: github.event_name == 'pull_request'
working-directory: terraform/aws
id: plan_aws_tf
env:
TF_VAR_AWS_ACCESS_KEY_ID: ${{ secrets.TF_VAR_AWS_ACCESS_KEY_ID }}
TF_VAR_AWS_SECRET_ACCESS_KEY: ${{ secrets.TF_VAR_AWS_SECRET_ACCESS_KEY }}
run: terraform plan -no-color
continue-on-error: true
# Terraform k8s-cluster
- name: Terraform fmt (k8s-cluster)
if: github.event_name == 'pull_request'
working-directory: terraform/k8s-cluster
id: fmt_k8s_cluster
run: terraform fmt -check
continue-on-error: true
- name: Terraform init (k8s-cluster)
if: github.event_name == 'pull_request'
working-directory: terraform/k8s-cluster
id: init_k8s_cluster
run: terraform init
- name: Terraform validate (k8s-cluster)
if: github.event_name == 'pull_request'
working-directory: terraform/k8s-cluster
id: validate_k8s_cluster
run: terraform validate -no-color
- name: Terraform plan (k8s-cluster)
if: github.event_name == 'pull_request'
working-directory: terraform/k8s-cluster
id: plan_k8s_cluster
env:
TF_VAR_CLIENT_ID: ${{ secrets.TF_VAR_CLIENT_ID }}
TF_VAR_CLIENT_SECRET: ${{ secrets.TF_VAR_CLIENT_SECRET }}
TF_VAR_SUBSCRIPTION_ID: ${{ secrets.TF_VAR_SUBSCRIPTION_ID }}
TF_VAR_TENANT_ID: ${{ secrets.TF_VAR_TENANT_ID }}
run: terraform plan -no-color
continue-on-error: true
# Terraform k8s (resources / workloads)
- name: Terraform fmt (k8s)
if: github.event_name == 'pull_request'
working-directory: terraform/k8s
id: fmt_k8s
run: terraform fmt -check
continue-on-error: true
- name: Terraform init (k8s)
if: github.event_name == 'pull_request'
working-directory: terraform/k8s
id: init_k8s
run: terraform init
- name: Terraform validate (k8s)
if: github.event_name == 'pull_request'
working-directory: terraform/k8s
id: validate_k8s
run: terraform validate -no-color
# Runs a plan for the k8s resources to be deployed
- name: Terraform plan (k8s)
if: github.event_name == 'pull_request'
working-directory: terraform/k8s
id: plan_k8s
env:
# Config
TF_VAR_IMAGE_TAG: ${{ github.sha }}
# Creds
TF_VAR_CHAT_SERVICE_TOKEN: ${{ secrets.TF_VAR_CHAT_SERVICE_TOKEN }}
TF_VAR_CHAT_SERVICE_TOKEN_PUBLIC: ${{ secrets.CHAT_SERVICE_TOKEN_PUBLIC }}
TF_VAR_CLIENT_ID: ${{ secrets.TF_VAR_CLIENT_ID }}
TF_VAR_CLIENT_SECRET: ${{ secrets.TF_VAR_CLIENT_SECRET }}
TF_VAR_SUBSCRIPTION_ID: ${{ secrets.TF_VAR_SUBSCRIPTION_ID }}
TF_VAR_TENANT_ID: ${{ secrets.TF_VAR_TENANT_ID }}
TF_VAR_RIOT_TOKEN: ${{ secrets.TF_VAR_RIOT_TOKEN }}
TF_VAR_AWS_ACCESS_KEY_ID: ${{ secrets.TF_VAR_AWS_ACCESS_KEY_ID }}
TF_VAR_AWS_SECRET_ACCESS_KEY: ${{ secrets.TF_VAR_AWS_SECRET_ACCESS_KEY }}
TF_VAR_AWS_ACCESS_KEY_ID_ENCODED: ${{ secrets.AWS_ACCESS_KEY_ID_ENCODED }}
TF_VAR_AWS_SECRET_ACCESS_KEY_ENCODED: ${{ secrets.AWS_SECRET_ACCESS_KEY_ENCODED }}
TF_VAR_SPOTIFY_CLIENT_ID: ${{ secrets.SPOTIFY_CLIENT_ID }}
TF_VAR_SPOTIFY_CLIENT_SECRET: ${{ secrets.SPOTIFY_CLIENT_SECRET }}
TF_VAR_SENTRY: ${{ secrets.SENTRY }}
TF_VAR_LOKI_PUSH_URL: ${{ secrets.LOKI_PUSH_URL }}
TF_VAR_GEOLOCATION_KEY: ${{ secrets.GEOLOCATION_KEY }}
run: terraform plan -no-color
continue-on-error: true
# Post comment on PR with development plan info
# This comment includes the plan for the k8s-cluster and the k8s resources
- uses: actions/github-script@5d03ada4b0a753e9460b312e61cc4f8fdeacf163 # [email protected]
if: github.event_name == 'pull_request'
env:
PLAN_K8S_CLUSTER: "terraform ${{ steps.plan_k8s_cluster.outputs.stdout }}"
PLAN_K8S: "terraform ${{ steps.plan_k8s.outputs.stdout }}"
PLAN_AWS_TF: "terraform ${{ steps.plan_aws_tf.outputs.stdout }}"
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const output = `### Terraform Plan - \`aws\` - Production 🪐
- Terraform Format and Style 🖌: \`${{ steps.fmt_aws_tf.outcome }}\`
- Terraform Initialization ⚙️: \`${{ steps.init_aws_tf.outcome }}\`
- Terraform Validation 🤖: \`${{ steps.validate_aws_tf.outcome }}\`
- Terraform Plan 📖: \`${{ steps.plan_aws_tf.outcome }}\`
<details><summary><b>Show Plan</b></summary>
\`\`\`${process.env.PLAN_AWS_TF}\`\`\`
</details>
> Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`, Working Directory: \`terraform/aws\`, Workflow: \`${{ github.workflow }}\`
### Terraform Plan - \`k8s-cluster\` - Production 🪐
- Terraform Format and Style 🖌: \`${{ steps.fmt_k8s_cluster.outcome }}\`
- Terraform Initialization ⚙️: \`${{ steps.init_k8s_cluster.outcome }}\`
- Terraform Validation 🤖: \`${{ steps.validate_k8s_cluster.outcome }}\`
- Terraform Plan 📖: \`${{ steps.plan_k8s_cluster.outcome }}\`
<details><summary><b>Show Plan</b></summary>
\`\`\`${process.env.PLAN_K8S_CLUSTER}\`\`\`
</details>
> Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`, Working Directory: \`terraform/k8s-cluster\`, Workflow: \`${{ github.workflow }}\`
### Terraform Plan - \`k8s\` - Production 🪐
- Terraform Format and Style 🖌: \`${{ steps.fmt_k8s.outcome }}\`
- Terraform Initialization ⚙️: \`${{ steps.init_k8s.outcome }}\`
- Terraform Validation 🤖: \`${{ steps.validate_k8s.outcome }}\`
- Terraform Plan 📖: \`${{ steps.plan_k8s.outcome }}\`
<details><summary><b>Show Plan</b></summary>
\`\`\`${process.env.PLAN_K8S}\`\`\`
</details>
> Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`, Working Directory: \`terraform/k8s\`, Workflow: \`${{ github.workflow }}\``;
github.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: output
})
# Apply (aws)
- name: Terraform init (aws)
if: github.event_name == 'push'
working-directory: terraform/aws
run: terraform init
- name: Terraform apply (aws)
if: github.event_name == 'push'
working-directory: terraform/aws
env:
TF_VAR_AWS_ACCESS_KEY_ID: ${{ secrets.TF_VAR_AWS_ACCESS_KEY_ID }}
TF_VAR_AWS_SECRET_ACCESS_KEY: ${{ secrets.TF_VAR_AWS_SECRET_ACCESS_KEY }}
run: terraform apply -auto-approve
# Apply (k8s-cluster)
- name: Terraform init (k8s-cluster)
if: github.event_name == 'push'
working-directory: terraform/k8s-cluster
run: terraform init
- name: Terraform apply (k8s-cluster)
if: github.event_name == 'push'
working-directory: terraform/k8s-cluster
env:
# Azure Auth
TF_VAR_CLIENT_ID: ${{ secrets.TF_VAR_CLIENT_ID }}
TF_VAR_CLIENT_SECRET: ${{ secrets.TF_VAR_CLIENT_SECRET }}
TF_VAR_SUBSCRIPTION_ID: ${{ secrets.TF_VAR_SUBSCRIPTION_ID }}
TF_VAR_TENANT_ID: ${{ secrets.TF_VAR_TENANT_ID }}
run: terraform apply -auto-approve
# Apply (k8s)
- name: Terraform init (k8s)
if: github.event_name == 'push'
working-directory: terraform/k8s
run: terraform init
- name: Terraform apply (k8s)
if: github.event_name == 'push'
working-directory: terraform/k8s
env:
# Config
TF_VAR_IMAGE_TAG: ${{ github.sha }}
# Creds
TF_VAR_CHAT_SERVICE_TOKEN: ${{ secrets.TF_VAR_CHAT_SERVICE_TOKEN }}
TF_VAR_CHAT_SERVICE_TOKEN_PUBLIC: ${{ secrets.CHAT_SERVICE_TOKEN_PUBLIC }}
TF_VAR_CLIENT_ID: ${{ secrets.TF_VAR_CLIENT_ID }}
TF_VAR_CLIENT_SECRET: ${{ secrets.TF_VAR_CLIENT_SECRET }}
TF_VAR_SUBSCRIPTION_ID: ${{ secrets.TF_VAR_SUBSCRIPTION_ID }}
TF_VAR_TENANT_ID: ${{ secrets.TF_VAR_TENANT_ID }}
TF_VAR_RIOT_TOKEN: ${{ secrets.TF_VAR_RIOT_TOKEN }}
TF_VAR_AWS_ACCESS_KEY_ID: ${{ secrets.TF_VAR_AWS_ACCESS_KEY_ID }}
TF_VAR_AWS_SECRET_ACCESS_KEY: ${{ secrets.TF_VAR_AWS_SECRET_ACCESS_KEY }}
TF_VAR_AWS_ACCESS_KEY_ID_ENCODED: ${{ secrets.AWS_ACCESS_KEY_ID_ENCODED }}
TF_VAR_AWS_SECRET_ACCESS_KEY_ENCODED: ${{ secrets.AWS_SECRET_ACCESS_KEY_ENCODED }}
TF_VAR_SPOTIFY_CLIENT_ID: ${{ secrets.SPOTIFY_CLIENT_ID }}
TF_VAR_SPOTIFY_CLIENT_SECRET: ${{ secrets.SPOTIFY_CLIENT_SECRET }}
TF_VAR_SENTRY: ${{ secrets.SENTRY }}
TF_VAR_LOKI_PUSH_URL: ${{ secrets.LOKI_PUSH_URL }}
TF_VAR_GEOLOCATION_KEY: ${{ secrets.GEOLOCATION_KEY }}
run: terraform apply -auto-approve
deployed:
environment: production
needs: [changes, build, terraform]
if:
( needs.changes.outputs.src == 'true' || needs.changes.outputs.terraform == 'true' ) && github.event_name == 'push'
runs-on: ubuntu-latest
steps:
# Send a deployment message to Discord via a webhook
- name: Discord notification
if: github.event_name == 'push'
env:
DISCORD_WEBHOOK: ${{ secrets.DISCORD_WEBHOOK_DEPLOYMENT }}
uses: Ilshidur/action-discord@0c4b27844ba47cb1c7bee539c8eead5284ce9fa9 # [email protected]
with:
args: "The project `{{ EVENT_PAYLOAD.repository.full_name }}` has been
**deployed** to **production** 🚀"