Address CodeQL warnings #188

Workflow file for this run

.github/workflows/build-dockerfile.yml at 4143001

	# Copyright (C) 2024 Roberto Rossini <roberros@uio.no>
	#
	# SPDX-License-Identifier: MIT

	name: Build Dockerfile

	on:
	push:
	branches: [main]
	paths:
	- ".github/workflows/cache-test-datasets.yml"
	- ".github/workflows/build-dockerfile.yml"
	- "src/**"
	- "test/**"
	- ".dockerignore"
	- ".gitignore"
	- "Dockerfile"
	- "LICENCE"
	- "pyproject.toml"
	- "README.md"
	tags:
	- "v..*"

	pull_request:
	paths:
	- ".github/workflows/cache-test-datasets.yml"
	- ".github/workflows/build-dockerfile.yml"
	- "src/**"
	- "test/**"
	- ".dockerignore"
	- ".gitignore"
	- "Dockerfile"
	- "LICENCE"
	- "pyproject.toml"
	- "README.md"

	# https://stackoverflow.com/a/72408109
	concurrency:
	group: ${{ github.workflow }}-${{ github.event.pull_request.number \|\| github.ref }}
	cancel-in-progress: true

	defaults:
	run:
	shell: bash

	permissions:
	contents: read

	jobs:
	cache-test-datasets:
	name: Cache test dataset
	uses: paulsengroup/StripePy/.github/workflows/cache-test-datasets.yml@main

	build-dockerfile:
	name: Build Dockerfile
	needs: [cache-test-datasets]
	runs-on: ubuntu-latest
	permissions:
	contents: read
	packages: write
	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- name: Generate build requirements
	run: \|
	echo hatchling > requirements.txt
	echo hatch_vcs >> requirements.txt

	- name: Setup Python
	uses: actions/setup-python@v5
	with:
	python-version: 3.12
	cache: pip

	- name: Install build requirements
	run: pip install -r requirements.txt

	- name: Restore test dataset
	uses: actions/cache/restore@v4
	with:
	key: ${{ needs.cache-test-datasets.outputs.cache-key }}
	path: test/data/
	fail-on-cache-miss: true
	enableCrossOsArchive: true

	- name: Generate build args
	id: build-args
	run: \|
	set -e
	set -u
	set -o pipefail

	BASE_IMAGE='docker.io/library/python:3.13'

	docker pull "$BASE_IMAGE"
	BASE_IMAGE_DIGEST="$(docker inspect --format='{{index .RepoDigests 0}}' "$BASE_IMAGE" \| cut -f 2 -d '@')"

	GIT_HASH="$(git rev-parse HEAD)"
	GIT_SHORT_HASH="$(git rev-parse --short HEAD)"
	CREATION_DATE="$(date --iso-8601)"
	VERSION="$(hatchling version)"

	REPO='${{ github.repository }}'
	REPO_LOWERCASE="${REPO,,}"

	CACHE_REGISTRY="ghcr.io/$REPO_LOWERCASE:buildcache"

	echo "BASE_IMAGE=$BASE_IMAGE" \| tee -a "$GITHUB_OUTPUT"
	echo "BASE_IMAGE_DIGEST=$BASE_IMAGE_DIGEST" \| tee -a "$GITHUB_OUTPUT"
	echo "GIT_HASH=$GIT_HASH" \| tee -a "$GITHUB_OUTPUT"
	echo "CREATION_DATE=$CREATION_DATE" \| tee -a "$GITHUB_OUTPUT"
	echo "VERSION=$VERSION" \| tee -a "$GITHUB_OUTPUT"
	echo "CACHE_REGISTRY_X86=$CACHE_REGISTRY-x86" \| tee -a "$GITHUB_OUTPUT"
	echo "CACHE_REGISTRY_ARM64=$CACHE_REGISTRY-arm64" \| tee -a "$GITHUB_OUTPUT"
	echo "REPO_LOWERCASE=$REPO_LOWERCASE" \| tee -a "$GITHUB_OUTPUT"

	- name: Docker meta
	id: meta
	uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1
	with:
	images: ${{ steps.build-args.outputs.REPO_LOWERCASE }},ghcr.io/${{ steps.build-args.outputs.REPO_LOWERCASE }}
	flavor: \|
	latest=true
	tags: \|
	type=semver,priority=1000,pattern={{version}}
	type=sha,priority=900
	type=ref,priority=700,event=branch
	type=ref,priority=600,event=pr

	- name: Login to DockerHub
	if: github.event_name != 'pull_request'
	uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
	with:
	username: ${{ secrets.DOCKERHUB_USERNAME }}
	password: ${{ secrets.DOCKERHUB_TOKEN }}

	- name: Login to GitHub Container Registry
	uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
	with:
	registry: ghcr.io
	username: ${{ github.repository_owner }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # 3.8.0
	with:
	platforms: linux/amd64,linux/arm64

	- name: Set up QEMU
	if: github.event_name != 'pull_request'
	uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # 3.3.0
	with:
	platforms: arm64

	- name: Build Docker image (x86)
	if: github.event_name != 'pull_request'
	uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc # v6.11.0
	with:
	context: ${{ github.workspace }}
	load: true
	push: false
	cache-from: type=registry,ref=${{ steps.build-args.outputs.CACHE_REGISTRY_X86 }}
	cache-to: type=registry,ref=${{ steps.build-args.outputs.CACHE_REGISTRY_X86 }},mode=max,compression=zstd
	tags: stripepy:x86
	platforms: linux/amd64
	build-args: \|
	BASE_IMAGE=${{ steps.build-args.outputs.BASE_IMAGE }}
	BASE_IMAGE_DIGEST=${{ steps.build-args.outputs.BASE_IMAGE_DIGEST }}
	GIT_HASH=${{ steps.build-args.outputs.GIT_HASH }}
	CREATION_DATE=${{ steps.build-args.outputs.CREATION_DATE }}
	VERSION=${{ steps.build-args.outputs.VERSION }}

	- name: Build Docker image (x86; PR)
	if: github.event_name == 'pull_request'
	uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc # v6.11.0
	with:
	context: ${{ github.workspace }}
	load: true
	push: false
	cache-from: type=registry,ref=${{ steps.build-args.outputs.CACHE_REGISTRY_X86 }}
	tags: stripepy:x86
	platforms: linux/amd64
	build-args: \|
	BASE_IMAGE=${{ steps.build-args.outputs.BASE_IMAGE }}
	BASE_IMAGE_DIGEST=${{ steps.build-args.outputs.BASE_IMAGE_DIGEST }}
	GIT_HASH=${{ steps.build-args.outputs.GIT_HASH }}
	CREATION_DATE=${{ steps.build-args.outputs.CREATION_DATE }}
	VERSION=${{ steps.build-args.outputs.VERSION }}

	- name: Test Docker image (x86)
	run: utils/devel/test_docker_image.sh stripepy:x86

	- name: Build Docker image (arm64)
	if: github.event_name != 'pull_request'
	uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc # v6.11.0
	with:
	context: ${{ github.workspace }}
	push: false
	cache-from: type=registry,ref=${{ steps.build-args.outputs.CACHE_REGISTRY_ARM64 }}
	cache-to: type=registry,ref=${{ steps.build-args.outputs.CACHE_REGISTRY_ARM64 }},mode=max,compression=zstd
	tags: stripepy:arm64
	platforms: linux/arm64
	build-args: \|
	BASE_IMAGE=${{ steps.build-args.outputs.BASE_IMAGE }}
	BASE_IMAGE_DIGEST=${{ steps.build-args.outputs.BASE_IMAGE_DIGEST }}
	GIT_HASH=${{ steps.build-args.outputs.GIT_HASH }}
	CREATION_DATE=${{ steps.build-args.outputs.CREATION_DATE }}
	VERSION=${{ steps.build-args.outputs.VERSION }}

	- name: Push image to registries
	if: github.event_name != 'pull_request'
	uses: docker/build-push-action@b32b51a8eda65d6793cd0494a773d4f6bcef32dc # v6.11.0
	with:
	context: ${{ github.workspace }}
	push: true
	cache-from: \|
	type=registry,ref=${{ steps.build-args.outputs.CACHE_REGISTRY_X86 }}
	type=registry,ref=${{ steps.build-args.outputs.CACHE_REGISTRY_ARM64 }}
	tags: ${{ steps.meta.outputs.tags }}
	platforms: linux/amd64,linux/arm64
	build-args: \|
	BASE_IMAGE=${{ steps.build-args.outputs.BASE_IMAGE }}
	BASE_IMAGE_DIGEST=${{ steps.build-args.outputs.BASE_IMAGE_DIGEST }}
	GIT_HASH=${{ steps.build-args.outputs.GIT_HASH }}
	CREATION_DATE=${{ steps.build-args.outputs.CREATION_DATE }}
	VERSION=${{ steps.build-args.outputs.VERSION }}

	build-dockerfile-status-check:
	name: Status Check (Build Dockerfile)
	if: ${{ always() }}
	runs-on: ubuntu-latest
	needs:
	- build-dockerfile

	steps:
	- name: Collect job results
	if: needs.build-dockerfile.result != 'success'
	run: exit 1

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Address CodeQL warnings #188

Workflow file

Address CodeQL warnings #188

Jobs

Run details

Workflow file for this run