From 7fe5315d68e04fce64b5bebf4e2d7feec44f8546 Mon Sep 17 00:00:00 2001 From: Blair Drummond Date: Thu, 27 May 2021 22:29:31 -0400 Subject: [PATCH 1/2] add test and scan for docker images --- .github/workflows/test.yml | 61 ++++++++++++++++++++++++++++++++++++++ Dockerfile | 4 +-- 2 files changed, 63 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index bcb241d376..d7bbf8b638 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -28,3 +28,64 @@ jobs: run: | pytest -n auto -m "not serial" pytest -m "serial" + + test-docker: + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + platform: + - linux/386 + - linux/amd64 + - linux/arm/v6 + - linux/arm/v7 + - linux/arm64 + - linux/ppc64le + - linux/s390x + + steps: + - uses: actions/checkout@v2 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v1 + + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v1 + + - name: Available platforms + run: echo ${{ steps.buildx.outputs.platforms }} + + - name: Build and push to Local registry + id: build-image + run: | + docker buildx build \ + --file Dockerfile . \ + --tag $REPO:${COMMIT_SHA} \ + --build-arg VERSION=${COMMIT_SHA} \ + --platform ${{ matrix.platform }} \ + --load + echo "::set-output name=image_name::$REPO:${COMMIT_SHA}" + env: + COMMIT_SHA: ${{ github.sha }} + REPO: datasetteproject/datasette + + - name: Test Docker image + run: | + docker run -v `pwd`:/mnt --platform ${{ matrix.platform }} \ + ${{ steps.build-image.outputs.image_name }} bash -c ' + pip install "pytest>=5.2.2,<6.3.0" \ + "pytest-xdist>=2.2.1,<2.3" \ + "pytest-asyncio>=0.10,<0.16" \ + "beautifulsoup4>=4.8.1,<4.10.0" \ + "black==21.5b1" \ + "pytest-timeout>=1.4.2,<1.5" \ + "trustme>=0.7,<0.8" \ + && cd /mnt && pytest' + + # Scan image for vulnerabilities + - uses: Azure/container-scan@v0 + with: + image-name: ${{ steps.build-image.outputs.image_name }} + severity-threshold: CRITICAL + run-quality-checks: false diff --git a/Dockerfile b/Dockerfile index 7c56cf56b7..84da122caa 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,7 +8,7 @@ ARG VERSION # which we need in order to install a more recent release # of libsqlite3-mod-spatialite from the sid distribution RUN apt-get update && \ - apt-get -y --no-install-recommends install software-properties-common && \ + apt-get -y --no-install-recommends install git software-properties-common && \ add-apt-repository "deb http://httpredir.debian.org/debian sid main" && \ apt-get update && \ apt-get -t sid install -y --no-install-recommends libsqlite3-mod-spatialite && \ @@ -17,7 +17,7 @@ RUN apt-get update && \ rm -rf /var/lib/apt && \ rm -rf /var/lib/dpkg/info/* -RUN pip install https://github.com/simonw/datasette/archive/refs/tags/${VERSION}.zip && \ +RUN pip install git+git://github.com/simonw/datasette.git@${VERSION} && \ find /usr/local/lib -name '__pycache__' | xargs rm -r && \ rm -rf /root/.cache/pip From 56cba8fb837cd938c2f9d7423ee43d62a81c8f7c Mon Sep 17 00:00:00 2001 From: Blair Drummond Date: Thu, 27 May 2021 22:45:31 -0400 Subject: [PATCH 2/2] add gcc in the docker-test step --- .github/workflows/test.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index d7bbf8b638..2fa7e2c0cc 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -74,6 +74,7 @@ jobs: run: | docker run -v `pwd`:/mnt --platform ${{ matrix.platform }} \ ${{ steps.build-image.outputs.image_name }} bash -c ' + apt-get update --yes && apt-get install --yes gcc && \ pip install "pytest>=5.2.2,<6.3.0" \ "pytest-xdist>=2.2.1,<2.3" \ "pytest-asyncio>=0.10,<0.16" \