Skip to content

fix: Dockerfile to reduce vulnerabilities #41

fix: Dockerfile to reduce vulnerabilities

fix: Dockerfile to reduce vulnerabilities #41

name: CI
on: [push]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-python@v1
with:
python-version: 3.11
- uses: actions/cache@v1
with:
path: ~/.cache/pip
key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }}
restore-keys: |
${{ runner.os }}-pip-
- name: Install dependencies
run: |
export ACCEPT_EULA=Y
sudo apt-get update
python -m pip install --upgrade pip
sudo apt-get install -y python3-pip libgdal-dev locales
sudo apt-get install -y libspatialindex-dev
sudo apt-get install -y coinor-cbc
export CPLUS_INCLUDE_PATH=/usr/include/gdal
export C_INCLUDE_PATH=/usr/include/gdal
sudo apt-get install ca-certificates
export CURL_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
pip install GDAL==3.4.1
pip install -e '.[dev]'
- name: Install jupyter kernel
run: python -m ipykernel install --user --name genet
- name: Unit tests
run: pytest
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: eu-west-1
- name: Push zip to S3
env:
AWS_S3_CODE_BUCKET: ${{ secrets.AWS_S3_CODE_BUCKET }}
run: |
echo $GITHUB_REPOSITORY
echo $GITHUB_SHA
echo $GITHUB_SHA > release
if test "$GITHUB_REF" = "refs/heads/main"; then
echo "Branch is main - no need to make a release name..."
else
echo "Making a release name for non-main branch..."
branch=`echo $GITHUB_REF | awk -F '/' '{print $3}'`
release_name=`echo $GITHUB_ACTOR-$branch`
echo "Release name: $release_name"
echo $release_name > release_name
fi
zip -r app.zip .
repo_slug=`echo $GITHUB_REPOSITORY | awk -F '/' '{print $2}'`
echo $repo_slug
aws s3 cp app.zip "s3://$AWS_S3_CODE_BUCKET/$repo_slug.zip"
- name: Send build success notification
if: success()
uses: rtCamp/[email protected]
env:
SLACK_MESSAGE: ${{ github.repository }} build ${{ github.run_number }} launched by ${{ github.actor }} has succeeded
SLACK_TITLE: Build Success
SLACK_CHANNEL: city-modelling-feeds
SLACK_USERNAME: GitHub Build Bot
SLACK_ICON: https://slack-files2.s3-us-west-2.amazonaws.com/avatars/2017-12-19/288981919427_f45f04edd92902a96859_512.png
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
- name: Send build failure notification
if: failure()
uses: rtCamp/[email protected]
env:
SLACK_COLOR: '#FF0000'
SLACK_MESSAGE: ${{ github.repository }} build ${{ github.run_number }} launched by ${{ github.actor }} has failed
SLACK_TITLE: Build Failure!
SLACK_CHANNEL: city-modelling-feeds
SLACK_USERNAME: GitHub Build Bot
SLACK_ICON: https://slack-files2.s3-us-west-2.amazonaws.com/avatars/2017-12-19/288981919427_f45f04edd92902a96859_512.png
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}