-
Notifications
You must be signed in to change notification settings - Fork 7
121 lines (104 loc) · 3.67 KB
/
build-floating.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
name: Build Floating
on:
schedule: # weekly
- cron: '0 0 * * 0'
workflow_dispatch:
jobs:
docker:
name: "${{ matrix.DEPLOYMENT_NAME }} USE_FROZEN=${{ matrix.USE_FROZEN }} ${{ matrix.CAL_VERSION }} -- Floating Build"
runs-on: ubuntu-22.04
strategy:
max-parallel: 3
fail-fast: false
matrix:
DEPLOYMENT_NAME: [ jwebbinar, roman, tike ]
USE_FROZEN: [ 0 ]
CAL_VERSION: [ none ]
FREEZE: [ 1 ]
OWNER: [ quay.io/jupyter ]
permissions:
actions: write
steps:
- name: Checkout Code
uses: actions/checkout@v4
- name: Set up Python 3.12
uses: actions/setup-python@v5
with:
python-version: 3.12
- name: Configure
shell: bash
run: |
scripts/image-configure ${{ matrix.DEPLOYMENT_NAME }} --use-frozen ${{ matrix.USE_FROZEN }} --freeze ${{ matrix.FREEZE }} --cal-version ${{ matrix.CAL_VERSION }} --owner ${{ MATRIX.owner }}
- name: Early exit for unaffected builds
shell: bash
run: |
source setup-env
if ! branch-changes-obj current https://github.com/spacetelescope/science-platform-images@main \
deployments/common deployments/${{ matrix.DEPLOYMENT_NAME }};
then
echo "This build deployment is nominally unaffected by the changes in this PR."
gh run cancel ${{ github.run_id }} || true
gh run watch ${{ github.run_id }} || true
exit 0
fi
- name: Set Up Environment
shell: bash
run: |
pip install -r requirements.txt
- name: Free Disk Space, Enlarge Swapfile
shell: bash
run: |
df -h
sudo apt clean
docker rmi $(docker image ls -aq)
docker container prune -f
sudo rm -rf "/usr/local/share/boost"
sudo rm -rf "$AGENT_TOOLSDIRECTORY"
sudo rm -rf /usr/local/lib/android # will release about 10 GB if you don't need Android
sudo rm -rf /usr/share/dotnet # will release about 20GB if you don't need .NET
sudo swapoff -a
sudo rm -f /swapfile
sudo fallocate -l 24G /swapfile
sudo chmod 0600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile
cat /proc/meminfo
df -h
- name: Image Build
shell: bash
run: |
source setup-env
scripts/image-build
df -h
docker system df
docker system prune
docker image ls
df -h
- name: Image Functional Tests
shell: bash
run: |
df -h
source setup-env
scripts/image-test
df -h
- name: Git Diffs (Frozen Version Specs)
shell: bash
run: git diff || true
# XXXX Trivy missing config to run from built image, fails
# ----- - name: Run Trivy vulnerability scanner on image
# ----- uses: aquasecurity/trivy-action@master
# ----- with:
# ----- scan-type: image
# ----- image-ref: notebook-${{ matrix.DEPLOYMENT_NAME }}
# ----- ignore-unfixed: true
# ----- format: table
# ----- vuln-type: os,library
# ----- severity: 'CRITICAL,HIGH,MEDIUM'
# Anchore obsolete
# ----- - name: Scan image
# ----- uses: anchore/scan-action@v3
# ----- with:
# ----- fail-build: false
# ----- severity-cutoff: high
# ----- output-format: table
# ----- image: notebook-${{ matrix.DEPLOYMENT_NAME }}