Encrypt cached sudo password #5777
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: tests | |
on: | |
push: | |
branches: | |
- stable | |
- dev | |
pull_request: | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.event.pull_request.number || github.ref }} | |
cancel-in-progress: true | |
jobs: | |
lint: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: psf/black@stable | |
with: | |
options: "--check" | |
- name: Install Python 3 | |
uses: actions/setup-python@v4 | |
with: | |
python-version: "3.x" | |
- name: Install dependencies | |
run: | | |
pip install flake8 | |
- name: flake8 | |
run: | | |
flake8 --select F,E722 --ignore F403,F405,F541 --per-file-ignores="*/__init__.py:F401,F403" | |
test: | |
needs: lint | |
runs-on: ubuntu-latest | |
strategy: | |
# if one python version fails, let the others finish | |
fail-fast: false | |
matrix: | |
python-version: ["3.9", "3.10", "3.11", "3.12"] | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Set up Python | |
uses: actions/setup-python@v4 | |
with: | |
python-version: ${{ matrix.python-version }} | |
- name: Install dependencies | |
run: | | |
pip install poetry | |
poetry install | |
- name: Run tests | |
run: | | |
poetry run pytest --exitfirst --reruns 2 -o timeout_func_only=true --timeout 1200 --disable-warnings --log-cli-level=DEBUG --cov-config=bbot/test/coverage.cfg --cov-report xml:cov.xml --cov=bbot . | |
- name: Upload Code Coverage | |
uses: codecov/codecov-action@v3 | |
with: | |
token: ${{ secrets.CODECOV_TOKEN }} | |
files: ./cov.xml | |
verbose: true | |
update_docs: | |
needs: test | |
runs-on: ubuntu-latest | |
if: github.event_name == 'push' && (github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/stable') | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
token: ${{ secrets.BBOT_DOCS_UPDATER_PAT }} | |
- name: Set up Python | |
uses: actions/setup-python@v4 | |
with: | |
python-version: "3.x" | |
- name: Install dependencies | |
run: | | |
pip install poetry | |
poetry install | |
- name: Generate docs | |
run: | | |
poetry run bbot/scripts/docs.py | |
- name: Commit docs | |
uses: EndBug/add-and-commit@v9 | |
continue-on-error: true | |
with: | |
add: '["*.md", "docs/data/chord_graph/*.json"]' | |
author_name: "BBOT Docs Autopublish" | |
author_email: [email protected] | |
message: "Refresh module docs" | |
publish_docs: | |
needs: update_docs | |
runs-on: ubuntu-latest | |
if: github.event_name == 'push' && (github.ref == 'refs/heads/stable' || github.ref == 'refs/heads/dev') | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: "3.x" | |
- run: echo "cache_id=$(date --utc '+%V')" >> $GITHUB_ENV | |
- uses: actions/cache@v3 | |
with: | |
key: mkdocs-material-${{ env.cache_id }} | |
path: .cache | |
restore-keys: | | |
mkdocs-material- | |
- name: Install dependencies | |
run: | | |
pip install poetry | |
poetry install --only=docs | |
- name: Configure Git | |
run: | | |
git config user.name github-actions | |
git config user.email [email protected] | |
git fetch origin gh-pages:refs/remotes/origin/gh-pages | |
if git show-ref --verify --quiet refs/heads/gh-pages; then | |
git branch -f gh-pages origin/gh-pages | |
else | |
git branch --track gh-pages origin/gh-pages | |
fi | |
- name: Generate docs (stable branch) | |
if: github.ref == 'refs/heads/stable' | |
run: | | |
poetry run mike deploy Stable | |
- name: Generate docs (dev branch) | |
if: github.ref == 'refs/heads/dev' | |
run: | | |
poetry run mike deploy Dev | |
- name: Publish docs | |
run: | | |
git switch gh-pages | |
git push | |
publish_code: | |
needs: update_docs | |
runs-on: ubuntu-latest | |
if: github.event_name == 'push' && (github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/stable') | |
continue-on-error: true | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Set up Python | |
uses: actions/setup-python@v4 | |
with: | |
python-version: "3.x" | |
- name: Install dependencies | |
run: | | |
python -m pip install --upgrade pip | |
pip install poetry build | |
poetry self add "poetry-dynamic-versioning[plugin]" | |
- name: Build Pypi package | |
if: github.ref == 'refs/heads/stable' || github.ref == 'refs/heads/dev' | |
run: python -m build | |
- name: Publish Pypi package | |
if: github.ref == 'refs/heads/stable' || github.ref == 'refs/heads/dev' | |
uses: pypa/gh-action-pypi-publish@release/v1.5 | |
with: | |
password: ${{ secrets.PYPI_API_TOKEN }} | |
- name: Get BBOT version | |
id: version | |
run: echo "BBOT_VERSION=$(poetry version | cut -d' ' -f2)" >> $GITHUB_OUTPUT | |
- name: Publish to Docker Hub (dev) | |
if: github.event_name == 'push' && github.ref == 'refs/heads/dev' | |
uses: elgohr/Publish-Docker-Github-Action@v5 | |
with: | |
name: blacklanternsecurity/bbot | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
tags: "latest,dev,${{ steps.version.outputs.BBOT_VERSION }}" | |
- name: Publish to Docker Hub (stable) | |
if: github.event_name == 'push' && github.ref == 'refs/heads/stable' | |
uses: elgohr/Publish-Docker-Github-Action@v5 | |
with: | |
name: blacklanternsecurity/bbot | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
tags: "stable,${{ steps.version.outputs.BBOT_VERSION }}" | |
- name: Docker Hub Description | |
if: github.event_name == 'push' && github.ref == 'refs/heads/dev' | |
uses: peter-evans/dockerhub-description@v3 | |
with: | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
repository: blacklanternsecurity/bbot | |
outputs: | |
BBOT_VERSION: ${{ steps.version.outputs.BBOT_VERSION }} | |
# tag_commit: | |
# needs: publish_code | |
# runs-on: ubuntu-latest | |
# if: github.event_name == 'push' && github.ref == 'refs/heads/stable' | |
# steps: | |
# - uses: actions/checkout@v3 | |
# with: | |
# ref: ${{ github.head_ref }} | |
# fetch-depth: 0 # Fetch all history for all tags and branches | |
# - name: Configure git | |
# run: | | |
# git config --local user.email "[email protected]" | |
# git config --local user.name "GitHub Actions" | |
# - name: Tag commit | |
# run: | | |
# VERSION="${{ needs.publish_code.outputs.BBOT_VERSION }}" | |
# if [[ "${{ github.ref }}" == "refs/heads/dev" ]]; then | |
# TAG_MESSAGE="Dev Release $VERSION" | |
# elif [[ "${{ github.ref }}" == "refs/heads/stable" ]]; then | |
# TAG_MESSAGE="Stable Release $VERSION" | |
# fi | |
# git tag -a $VERSION -m "$TAG_MESSAGE" | |
# git push origin --tags |