From 23a65503eda66dc6ef367affa96ead1d39bc30a0 Mon Sep 17 00:00:00 2001 From: Jake Teo Date: Wed, 18 Jun 2025 11:21:27 +0800 Subject: [PATCH 01/18] Create build.yaml --- .github/workflows/build.yaml | 42 ++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 .github/workflows/build.yaml diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml new file mode 100644 index 0000000..de92c2d --- /dev/null +++ b/.github/workflows/build.yaml @@ -0,0 +1,42 @@ +name: build + + +on: + push: + branches: [ master ] + pull_request: + branches: [ master ] + + +env: + ACCOUNT: ${{ github.repository_owner }} + REPOSITORY: ${{ github.event.repository.name }} + + +jobs: + + build: + runs-on: ubuntu-latest + container: docker:git + permissions: + contents: read + packages: write + steps: + - uses: actions/checkout@v3 + - name: resolve paths-filter error + run: git config --global --add safe.directory /__w/${REPOSITORY}/${REPOSITORY} + - name: detect build file changes + uses: dorny/paths-filter@v2 + id: filter + with: + filters: | + buildfiles: + - Dockerfile + - requirements.txt + - tests/requirements-test.txt + - name: build & push image to registry + if: steps.filter.outputs.buildfiles == 'true' + run: | + echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u $ACCOUNT --password-stdin + docker build -t ghcr.io/${ACCOUNT}/${REPOSITORY} . + docker push ghcr.io/${ACCOUNT}/${REPOSITORY} From 83de5a4fbd6cebd556441cd44ca2985cc2b83f5d Mon Sep 17 00:00:00 2001 From: Jake Teo Date: Wed, 18 Jun 2025 11:23:47 +0800 Subject: [PATCH 02/18] Update and rename github-actions-ci.yml to test.yml --- .github/workflows/{github-actions-ci.yml => test.yml} | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) rename .github/workflows/{github-actions-ci.yml => test.yml} (96%) diff --git a/.github/workflows/github-actions-ci.yml b/.github/workflows/test.yml similarity index 96% rename from .github/workflows/github-actions-ci.yml rename to .github/workflows/test.yml index 531d4d2..f7916c0 100644 --- a/.github/workflows/github-actions-ci.yml +++ b/.github/workflows/test.yml @@ -1,12 +1,11 @@ -name: build & test +name: test on: - push: - branches: [ master ] - pull_request: - branches: [ master ] - + workflow_run: + workflows: ["Build"] + types: + - success env: ACCOUNT: ${{ github.repository_owner }} From f04d34aaab17e1a35a3ca55624742bc73d448bb2 Mon Sep 17 00:00:00 2001 From: Jake Teo Date: Wed, 18 Jun 2025 11:29:39 +0800 Subject: [PATCH 03/18] Update test.yml --- .github/workflows/test.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index f7916c0..9bf3cf1 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -7,6 +7,10 @@ on: types: - success + pull_request: + branches: + - master + env: ACCOUNT: ${{ github.repository_owner }} REPOSITORY: ${{ github.event.repository.name }} From cc05496f248b86f08c36f4ab078d9ad6b1d98e17 Mon Sep 17 00:00:00 2001 From: Jake Teo Date: Wed, 18 Jun 2025 11:30:50 +0800 Subject: [PATCH 04/18] Update test.yml --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 9bf3cf1..12ce5fe 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -3,7 +3,7 @@ name: test on: workflow_run: - workflows: ["Build"] + workflows: ["build"] types: - success From 059a85ff57b612c10fd6f013822bef8ef8571d62 Mon Sep 17 00:00:00 2001 From: Jake Teo Date: Wed, 18 Jun 2025 11:32:02 +0800 Subject: [PATCH 05/18] Update test.yml --- .github/workflows/test.yml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 12ce5fe..7ecd304 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -5,11 +5,7 @@ on: workflow_run: workflows: ["build"] types: - - success - - pull_request: - branches: - - master + - completed env: ACCOUNT: ${{ github.repository_owner }} From 48f0e9a1d8b55ccf1c7194351ac99c89146266fb Mon Sep 17 00:00:00 2001 From: Jake Teo Date: Wed, 18 Jun 2025 11:38:15 +0800 Subject: [PATCH 06/18] Update app.py --- project/app.py | 1 + 1 file changed, 1 insertion(+) diff --git a/project/app.py b/project/app.py index 8be88a3..d0af455 100644 --- a/project/app.py +++ b/project/app.py @@ -1 +1,2 @@ + # sample script From 893649f11ab7ed327839f5f217dfb3524f87bf5f Mon Sep 17 00:00:00 2001 From: Jake Teo Date: Wed, 18 Jun 2025 11:40:47 +0800 Subject: [PATCH 07/18] Update build.yaml --- .github/workflows/build.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index de92c2d..b0cd9d6 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -31,6 +31,7 @@ jobs: with: filters: | buildfiles: + - project/* - Dockerfile - requirements.txt - tests/requirements-test.txt From 27e42ceeba17a3c0265b6021ed970fa021ca4c68 Mon Sep 17 00:00:00 2001 From: Jake Teo Date: Wed, 18 Jun 2025 11:42:52 +0800 Subject: [PATCH 08/18] Update test.yml --- .github/workflows/test.yml | 36 ------------------------------------ 1 file changed, 36 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 7ecd304..0e0cdc3 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -14,40 +14,8 @@ env: jobs: - # ----------- BUILD STAGE ----------- # - - build: - runs-on: ubuntu-latest - container: docker:git - permissions: - contents: read - packages: write - steps: - - uses: actions/checkout@v3 - - name: resolve paths-filter error - run: git config --global --add safe.directory /__w/${REPOSITORY}/${REPOSITORY} - - name: detect build file changes - uses: dorny/paths-filter@v2 - id: filter - with: - filters: | - buildfiles: - - Dockerfile - - requirements.txt - - tests/requirements-test.txt - - name: build & push image to registry - if: steps.filter.outputs.buildfiles == 'true' - run: | - echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u $ACCOUNT --password-stdin - docker build -t ghcr.io/${ACCOUNT}/${REPOSITORY} . - docker push ghcr.io/${ACCOUNT}/${REPOSITORY} - - - # ----------- TESTS ----------- # - unit-test: runs-on: ubuntu-latest - needs: [build] container: image: ghcr.io/mapattacker/github-workflow-sample credentials: @@ -63,7 +31,6 @@ jobs: secrets-scan: runs-on: ubuntu-latest - needs: [build] steps: - uses: actions/checkout@v3 with: @@ -75,7 +42,6 @@ jobs: sast-scan: runs-on: ubuntu-latest - needs: [build] steps: - uses: actions/checkout@v3 - name: run sast scan @@ -86,7 +52,6 @@ jobs: dependency-scan: runs-on: ubuntu-latest - needs: [build] container: image: ghcr.io/mapattacker/github-workflow-sample credentials: @@ -98,7 +63,6 @@ jobs: license-scan: runs-on: ubuntu-latest - needs: [build] container: image: ghcr.io/mapattacker/github-workflow-sample credentials: From 502357e11b8242b5f0786c445828424e46af26ef Mon Sep 17 00:00:00 2001 From: Jake Teo Date: Wed, 18 Jun 2025 11:49:07 +0800 Subject: [PATCH 09/18] Update build.yaml --- .github/workflows/build.yaml | 26 ++------------------------ 1 file changed, 2 insertions(+), 24 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index b0cd9d6..f4c8684 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -15,29 +15,7 @@ env: jobs: - build: + dummy: runs-on: ubuntu-latest - container: docker:git - permissions: - contents: read - packages: write steps: - - uses: actions/checkout@v3 - - name: resolve paths-filter error - run: git config --global --add safe.directory /__w/${REPOSITORY}/${REPOSITORY} - - name: detect build file changes - uses: dorny/paths-filter@v2 - id: filter - with: - filters: | - buildfiles: - - project/* - - Dockerfile - - requirements.txt - - tests/requirements-test.txt - - name: build & push image to registry - if: steps.filter.outputs.buildfiles == 'true' - run: | - echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u $ACCOUNT --password-stdin - docker build -t ghcr.io/${ACCOUNT}/${REPOSITORY} . - docker push ghcr.io/${ACCOUNT}/${REPOSITORY} + - run: echo "hello" From 97cd678d6f7e13e859afac376de48f2a05ecd11a Mon Sep 17 00:00:00 2001 From: Jake Teo Date: Wed, 18 Jun 2025 11:50:04 +0800 Subject: [PATCH 10/18] Update test.yml --- .github/workflows/test.yml | 68 ++------------------------------------ 1 file changed, 3 insertions(+), 65 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 0e0cdc3..c232e94 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -6,6 +6,7 @@ on: workflows: ["build"] types: - completed + - success env: ACCOUNT: ${{ github.repository_owner }} @@ -14,70 +15,7 @@ env: jobs: - unit-test: + dummy: runs-on: ubuntu-latest - container: - image: ghcr.io/mapattacker/github-workflow-sample - credentials: - username: $ACCOUNT - password: ${{ secrets.GITHUB_TOKEN }} steps: - - uses: actions/checkout@v3 - - name: run tests - run: pytest --cov=project/ tests/unit_tests/ -v - - - # ----------- SECURITY SCANS ----------- # - - secrets-scan: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - name: run secrets scan - uses: gitleaks/gitleaks-action@v2 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - sast-scan: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - name: run sast scan - uses: AppThreat/sast-scan-action@master - with: - output: reports - type: python - - dependency-scan: - runs-on: ubuntu-latest - container: - image: ghcr.io/mapattacker/github-workflow-sample - credentials: - username: $ACCOUNT - password: ${{ secrets.GITHUB_TOKEN }} - steps: - - name: run dependency scan - run: safety check - - license-scan: - runs-on: ubuntu-latest - container: - image: ghcr.io/mapattacker/github-workflow-sample - credentials: - username: $ACCOUNT - password: ${{ secrets.GITHUB_TOKEN }} - steps: - - name: generate consolidated requirements - run: pip freeze > requirements-all.txt - - name: run license scan - id: license_check_report - uses: pilosus/action-pip-license-checker@v2 - with: - requirements: 'requirements-all.txt' - fail: 'StrongCopyleft,NetworkCopyleft,Other,Error' - - name: Print report - if: ${{ always() }} - run: echo "${{ steps.license_check_report.outputs.report }}" - + - run: echo "hello" From 5b2a36fe27b7b280ea7f5647746bab6e60ca8386 Mon Sep 17 00:00:00 2001 From: Jake Teo Date: Wed, 18 Jun 2025 11:51:07 +0800 Subject: [PATCH 11/18] Update test.yml --- .github/workflows/test.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index c232e94..8a2cdf9 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -3,10 +3,10 @@ name: test on: workflow_run: - workflows: ["build"] - types: - - completed - - success + workflows: ["build"] + types: + - completed + - success env: ACCOUNT: ${{ github.repository_owner }} From afcd1ca59dd76c15de4afe62316b90fd24fff353 Mon Sep 17 00:00:00 2001 From: Jake Teo Date: Wed, 18 Jun 2025 11:52:57 +0800 Subject: [PATCH 12/18] Update test.yml --- .github/workflows/test.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 8a2cdf9..6dfe0ed 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -6,12 +6,6 @@ on: workflows: ["build"] types: - completed - - success - -env: - ACCOUNT: ${{ github.repository_owner }} - REPOSITORY: ${{ github.event.repository.name }} - jobs: From acb20143bafb2ece0ed44411982f2d0b2206dfa6 Mon Sep 17 00:00:00 2001 From: Jake Teo Date: Wed, 18 Jun 2025 11:53:15 +0800 Subject: [PATCH 13/18] Update build.yaml --- .github/workflows/build.yaml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index f4c8684..12b4d89 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -8,11 +8,6 @@ on: branches: [ master ] -env: - ACCOUNT: ${{ github.repository_owner }} - REPOSITORY: ${{ github.event.repository.name }} - - jobs: dummy: From 817abab36af20ef16166404737144e36c20d3e9f Mon Sep 17 00:00:00 2001 From: Jake Teo Date: Wed, 18 Jun 2025 11:54:58 +0800 Subject: [PATCH 14/18] Rename test.yml to test.yaml --- .github/workflows/{test.yml => test.yaml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .github/workflows/{test.yml => test.yaml} (100%) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yaml similarity index 100% rename from .github/workflows/test.yml rename to .github/workflows/test.yaml From 5a439efd6465632b85b85d856096b68254f9302e Mon Sep 17 00:00:00 2001 From: Jake Teo Date: Wed, 18 Jun 2025 11:55:45 +0800 Subject: [PATCH 15/18] Update test.yaml --- .github/workflows/test.yaml | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 6dfe0ed..ad59414 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -1,11 +1,18 @@ name: test +# on: +# workflow_run: +# workflows: ["build"] +# types: +# - completed + on: - workflow_run: - workflows: ["build"] - types: - - completed + push: + branches: [ master ] + pull_request: + branches: [ master ] + jobs: From a10628f2585712c5e196cc63d059625f2257e584 Mon Sep 17 00:00:00 2001 From: Jake Teo Date: Wed, 18 Jun 2025 11:56:58 +0800 Subject: [PATCH 16/18] Update test.yaml --- .github/workflows/test.yaml | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index ad59414..6f9c540 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -1,17 +1,15 @@ name: test - -# on: -# workflow_run: -# workflows: ["build"] -# types: -# - completed - on: push: branches: [ master ] pull_request: branches: [ master ] + + workflow_run: + workflows: ["build"] + types: + - completed jobs: From 46b7e770fc0e9e0e60c35e74f7275d5fc5e858aa Mon Sep 17 00:00:00 2001 From: Jake Teo Date: Wed, 18 Jun 2025 11:57:42 +0800 Subject: [PATCH 17/18] Update test.yaml --- .github/workflows/test.yaml | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 6f9c540..9b6bcfa 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -1,11 +1,6 @@ name: test -on: - push: - branches: [ master ] - pull_request: - branches: [ master ] - +on: workflow_run: workflows: ["build"] types: From c0e56b114346dcc057e32f76dc98850858d680d0 Mon Sep 17 00:00:00 2001 From: Jake Teo Date: Wed, 18 Jun 2025 12:02:05 +0800 Subject: [PATCH 18/18] Update test.yaml --- .github/workflows/test.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 9b6bcfa..2d13749 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -2,9 +2,11 @@ name: test on: workflow_run: - workflows: ["build"] + workflows: [build] + branches: [test] types: - completed + jobs: