Skip to content

Encrypt cached sudo password #5777

Encrypt cached sudo password

Encrypt cached sudo password #5777

Workflow file for this run

name: tests
on:
push:
branches:
- stable
- dev
pull_request:
concurrency:
group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: psf/black@stable
with:
options: "--check"
- name: Install Python 3
uses: actions/setup-python@v4
with:
python-version: "3.x"
- name: Install dependencies
run: |
pip install flake8
- name: flake8
run: |
flake8 --select F,E722 --ignore F403,F405,F541 --per-file-ignores="*/__init__.py:F401,F403"
test:
needs: lint
runs-on: ubuntu-latest
strategy:
# if one python version fails, let the others finish
fail-fast: false
matrix:
python-version: ["3.9", "3.10", "3.11", "3.12"]
steps:
- uses: actions/checkout@v3
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: ${{ matrix.python-version }}
- name: Install dependencies
run: |
pip install poetry
poetry install
- name: Run tests
run: |
poetry run pytest --exitfirst --reruns 2 -o timeout_func_only=true --timeout 1200 --disable-warnings --log-cli-level=DEBUG --cov-config=bbot/test/coverage.cfg --cov-report xml:cov.xml --cov=bbot .
- name: Upload Code Coverage
uses: codecov/codecov-action@v3
with:
token: ${{ secrets.CODECOV_TOKEN }}
files: ./cov.xml
verbose: true
update_docs:
needs: test
runs-on: ubuntu-latest
if: github.event_name == 'push' && (github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/stable')
steps:
- uses: actions/checkout@v3
with:
token: ${{ secrets.BBOT_DOCS_UPDATER_PAT }}
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: "3.x"
- name: Install dependencies
run: |
pip install poetry
poetry install
- name: Generate docs
run: |
poetry run bbot/scripts/docs.py
- name: Commit docs
uses: EndBug/add-and-commit@v9
continue-on-error: true
with:
add: '["*.md", "docs/data/chord_graph/*.json"]'
author_name: "BBOT Docs Autopublish"
author_email: [email protected]
message: "Refresh module docs"
publish_docs:
needs: update_docs
runs-on: ubuntu-latest
if: github.event_name == 'push' && (github.ref == 'refs/heads/stable' || github.ref == 'refs/heads/dev')
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
with:
python-version: "3.x"
- run: echo "cache_id=$(date --utc '+%V')" >> $GITHUB_ENV
- uses: actions/cache@v3
with:
key: mkdocs-material-${{ env.cache_id }}
path: .cache
restore-keys: |
mkdocs-material-
- name: Install dependencies
run: |
pip install poetry
poetry install --only=docs
- name: Configure Git
run: |
git config user.name github-actions
git config user.email [email protected]
git fetch origin gh-pages:refs/remotes/origin/gh-pages
if git show-ref --verify --quiet refs/heads/gh-pages; then
git branch -f gh-pages origin/gh-pages
else
git branch --track gh-pages origin/gh-pages
fi
- name: Generate docs (stable branch)
if: github.ref == 'refs/heads/stable'
run: |
poetry run mike deploy Stable
- name: Generate docs (dev branch)
if: github.ref == 'refs/heads/dev'
run: |
poetry run mike deploy Dev
- name: Publish docs
run: |
git switch gh-pages
git push
publish_code:
needs: update_docs
runs-on: ubuntu-latest
if: github.event_name == 'push' && (github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/stable')
continue-on-error: true
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: "3.x"
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install poetry build
poetry self add "poetry-dynamic-versioning[plugin]"
- name: Build Pypi package
if: github.ref == 'refs/heads/stable' || github.ref == 'refs/heads/dev'
run: python -m build
- name: Publish Pypi package
if: github.ref == 'refs/heads/stable' || github.ref == 'refs/heads/dev'
uses: pypa/gh-action-pypi-publish@release/v1.5
with:
password: ${{ secrets.PYPI_API_TOKEN }}
- name: Get BBOT version
id: version
run: echo "BBOT_VERSION=$(poetry version | cut -d' ' -f2)" >> $GITHUB_OUTPUT
- name: Publish to Docker Hub (dev)
if: github.event_name == 'push' && github.ref == 'refs/heads/dev'
uses: elgohr/Publish-Docker-Github-Action@v5
with:
name: blacklanternsecurity/bbot
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
tags: "latest,dev,${{ steps.version.outputs.BBOT_VERSION }}"
- name: Publish to Docker Hub (stable)
if: github.event_name == 'push' && github.ref == 'refs/heads/stable'
uses: elgohr/Publish-Docker-Github-Action@v5
with:
name: blacklanternsecurity/bbot
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
tags: "stable,${{ steps.version.outputs.BBOT_VERSION }}"
- name: Docker Hub Description
if: github.event_name == 'push' && github.ref == 'refs/heads/dev'
uses: peter-evans/dockerhub-description@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
repository: blacklanternsecurity/bbot
outputs:
BBOT_VERSION: ${{ steps.version.outputs.BBOT_VERSION }}
# tag_commit:
# needs: publish_code
# runs-on: ubuntu-latest
# if: github.event_name == 'push' && github.ref == 'refs/heads/stable'
# steps:
# - uses: actions/checkout@v3
# with:
# ref: ${{ github.head_ref }}
# fetch-depth: 0 # Fetch all history for all tags and branches
# - name: Configure git
# run: |
# git config --local user.email "[email protected]"
# git config --local user.name "GitHub Actions"
# - name: Tag commit
# run: |
# VERSION="${{ needs.publish_code.outputs.BBOT_VERSION }}"
# if [[ "${{ github.ref }}" == "refs/heads/dev" ]]; then
# TAG_MESSAGE="Dev Release $VERSION"
# elif [[ "${{ github.ref }}" == "refs/heads/stable" ]]; then
# TAG_MESSAGE="Stable Release $VERSION"
# fi
# git tag -a $VERSION -m "$TAG_MESSAGE"
# git push origin --tags