Skip to content

build(deps): bump com.nimbusds:nimbus-jose-jwt from 9.31 to 9.38 #3591

build(deps): bump com.nimbusds:nimbus-jose-jwt from 9.31 to 9.38

build(deps): bump com.nimbusds:nimbus-jose-jwt from 9.31 to 9.38 #3591

Workflow file for this run

name: CI build and push (PR)
concurrency:
group: ci-${{ github.run_id }}
cancel-in-progress: true
on:
issue_comment:
types:
- created
jobs:
check-before-build:
runs-on: ubuntu-latest
if: github.repository_owner == 'cryostatio' && github.event.issue.pull_request && (startsWith(github.event.comment.body, '/build_test') || startsWith(github.event.comment.body, '/retest'))
permissions:
pull-requests: write
steps:
- name: Fail if needs-triage label applied
if: ${{ contains(github.event.issue.labels.*.name, 'needs-triage') }}
run: exit 1
- name: Show warning if permission is denied
if: |
!(github.event.comment.author_association == 'MEMBER' || github.event.comment.author_association == 'OWNER')
&& (!contains(github.event.issue.labels.*.name, 'safe-to-test') || github.event.issue.user.name != github.event.comment.user.name)
uses: thollander/actions-comment-pull-request@v2
with:
message: |-
You do not have permission to run the /build_test command. Please ask @cryostatio/reviewers
to resolve the issue.
- name: Fail if command permission is denied
if: |
!(github.event.comment.author_association == 'MEMBER' || github.event.comment.author_association == 'OWNER')
&& (!contains(github.event.issue.labels.*.name, 'safe-to-test') || github.event.issue.user.name != github.event.comment.user.name)
run: exit 1
- name: React to comment
uses: actions/github-script@v4
with:
script: |
const {owner, repo} = context.issue
github.reactions.createForIssueComment({
owner,
repo,
comment_id: context.payload.comment.id,
content: "+1",
});
checkout-branch:
runs-on: ubuntu-latest
needs: [check-before-build]
outputs:
PR_head_ref: ${{ fromJSON(steps.comment-branch.outputs.result).ref }}
PR_head_sha: ${{ fromJSON(steps.comment-branch.outputs.result).sha }}
PR_num: ${{ fromJSON(steps.comment-branch.outputs.result).num }}
PR_repo: ${{ fromJSON(steps.comment-branch.outputs.result).repo }}
permissions:
pull-requests: read
steps:
- uses: actions/github-script@v4
id: comment-branch
with:
script: |
const result = await github.pulls.get ({
owner: context.repo.owner,
repo: context.repo.repo,
pull_number: context.issue.number
})
return { repo: result.data.head.repo.full_name, num: result.data.number, sha: result.data.head.sha, ref: result.data.head.ref }
code-analysis:
needs: [checkout-branch]
if: startsWith(github.event.comment.body, '/build_test')
uses: ./.github/workflows/ci-code-analysis.yml
with:
checkout-repo: ${{ needs.checkout-branch.outputs.PR_repo }}
checkout-ref: ${{ needs.checkout-branch.outputs.PR_head_ref }}
start-comment:
runs-on: ubuntu-latest
needs: [check-before-build]
permissions:
pull-requests: write
steps:
- name: Leave Actions Run Comment
uses: actions/github-script@v6
with:
script: |
const runURL = `https://github.com/${context.repo.owner}/${context.repo.repo}/actions/runs/${{ github.run_id }}`;
const currentTime = new Date().toLocaleString('en-US', { timeZone: 'America/Toronto' });
const commentBody = `Workflow started at ${currentTime}. [View Actions Run](${runURL}).`;
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: commentBody
});
build-image:
needs: [checkout-branch]
if: github.event.issue.pull_request && startsWith(github.event.comment.body, '/build_test')
strategy:
matrix:
arch: [amd64, arm64]
uses: ./.github/workflows/ci-build-image.yml
with:
build-arch: ${{ matrix.arch }}
checkout-repo: ${{ needs.checkout-branch.outputs.PR_repo }}
checkout-ref: ${{ needs.checkout-branch.outputs.PR_head_ref }}
push-to-ghcr:
runs-on: ubuntu-latest
needs: [checkout-branch, build-image]
strategy:
matrix:
arch: [amd64, arm64]
outputs:
amd64_image: ${{ steps.amd64_image.outputs.image }}
arm64_image: ${{ steps.arm64_image.outputs.image }}
env:
head_sha: ${{ needs.checkout-branch.outputs.PR_head_sha }}
PR_num: ${{ needs.checkout-branch.outputs.PR_num }}
permissions:
packages: write
steps:
- uses: actions/download-artifact@v3
with:
name: cryostat-${{ matrix.arch }}
- name: Load cryostat image
run: podman load -i cryostat-${{ matrix.arch }}.tar
- name: Tag cryostat image
run: podman tag cryostat ghcr.io/${{ github.repository_owner }}/cryostat:pr-${{ env.PR_num }}-${{ env.head_sha }}-linux-${{ matrix.arch }}
- name: Push PR test image to ghcr.io
id: push-to-ghcr
uses: redhat-actions/push-to-registry@v2
with:
image: cryostat
tags: pr-${{ env.PR_num }}-${{ env.head_sha }}-linux-${{ matrix.arch }}
registry: ghcr.io/${{ github.repository_owner }}
username: ${{ github.event.comment.user.login }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Store images as output amd64
if: ${{ matrix.arch == 'amd64' }}
id: amd64_image
run: echo "image=${{ steps.push-to-ghcr.outputs.registry-path }}" >> "$GITHUB_OUTPUT"
- name: Store images as output
if: ${{ matrix.arch == 'arm64' }}
id: arm64_image
run: echo "image=${{ steps.push-to-ghcr.outputs.registry-path }}" >> "$GITHUB_OUTPUT"
comment-image:
runs-on: ubuntu-latest
needs: [push-to-ghcr]
env:
amd64_image: ${{ needs.push-to-ghcr.outputs.amd64_image }}
arm64_image: ${{ needs.push-to-ghcr.outputs.arm64_image }}
permissions:
pull-requests: write
steps:
- name: Create markdown table
id: md-table
uses: petems/csv-to-md-table-action@v3.0.0
with:
csvinput: |
ARCH, IMAGE
amd64, ${{ env.amd64_image }}
arm64, ${{ env.arm64_image }}
- uses: thollander/actions-comment-pull-request@v2
with:
message: |-
${{ steps.md-table.outputs.markdown-table }}
To run smoketest:
```
# amd64
CRYOSTAT_IMAGE=${{ env.amd64_image }} sh smoketest.sh
# or arm64
CRYOSTAT_IMAGE=${{ env.arm64_image }} sh smoketest.sh
```
integration-test:
needs: [checkout-branch, push-to-ghcr]
strategy:
matrix:
arch: [amd64]
uses: ./.github/workflows/integrated-test.yml
with:
build-arch: ${{ matrix.arch }}
pr-number: ${{ github.event.issue.number }}
sha-value: ${{ needs.checkout-branch.outputs.PR_head_sha }}
retest-integration:
needs: [checkout-branch]
if: contains(github.event.comment.body, '/retest')
strategy:
matrix:
arch: [amd64]
uses: ./.github/workflows/integrated-test.yml
with:
build-arch: ${{ matrix.arch }}
pr-number: ${{ github.event.issue.number }}
sha-value: ${{ needs.checkout-branch.outputs.PR_head_sha }}
integration-test-pass:
runs-on: ubuntu-latest
needs: [integration-test, code-analysis]
permissions:
pull-requests: write
steps:
- name: Leave Actions Run Comment
uses: actions/github-script@v6
with:
script: |
const runURL = `https://github.com/${context.repo.owner}/${context.repo.repo}/actions/runs/${{ github.run_id }}`;
const commentBody = `\`/build_test\` completed successfully ✅. \n[View Actions Run](${runURL}).`;
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: commentBody
});
retest-integration-pass:
runs-on: ubuntu-latest
needs: [retest-integration]
permissions:
pull-requests: write
steps:
- name: Leave Actions Run Comment
uses: actions/github-script@v6
with:
script: |
const runURL = `https://github.com/${context.repo.owner}/${context.repo.repo}/actions/runs/${{ github.run_id }}`;
const commentBody = `\`/retest\` Integration: All tests pass ✅. \n[View Actions Run](${runURL}).`;
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: commentBody
});
comment-integration-test-fail:
if: (always() && contains(needs.*.result, 'failure'))
needs: [integration-test, code-analysis]
permissions:
pull-requests: write
runs-on: ubuntu-latest
steps:
- uses: actions/github-script@v6
with:
script: |
const runURL = `https://github.com/${context.repo.owner}/${context.repo.repo}/actions/runs/${{ github.run_id }}`;
const commentBody = `\`/build_test\` : At least one test failed ❌. \n[View Actions Run](${runURL}).`;
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: commentBody
});
comment-retest-integration-fail:
if: (always() && contains(needs.*.result, 'failure'))
needs: [retest-integration]
permissions:
pull-requests: write
runs-on: ubuntu-latest
steps:
- uses: actions/github-script@v6
with:
script: |
const runURL = `https://github.com/${context.repo.owner}/${context.repo.repo}/actions/runs/${{ github.run_id }}`;
const commentBody = `\`/retest\` Integration: At least one test failed ❌. \n[View Actions Run](${runURL}).`;
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: commentBody
});