Skip to content

[Snyk] Security upgrade werkzeug from 2.2.3 to 3.0.6 #19

[Snyk] Security upgrade werkzeug from 2.2.3 to 3.0.6

[Snyk] Security upgrade werkzeug from 2.2.3 to 3.0.6 #19

Workflow file for this run

name: Docker
on:
push:
branches:
- 'master'
pull_request:
types: [synchronize, opened, reopened, ready_for_review]
jobs:
config:
runs-on: "ubuntu-latest"
outputs:
has-secrets: ${{ steps.check.outputs.has-secrets }}
steps:
- name: "Check for secrets"
id: check
shell: bash
run: |
if [ -n "${{ (secrets.DOCKERHUB_USER != '' && secrets.DOCKERHUB_TOKEN != '') || '' }}" ]; then
echo "has-secrets=1" >> "$GITHUB_OUTPUT"
echo "has secrets!"
else
echo "has-secrets=0" >> "$GITHUB_OUTPUT"
echo "no secrets!"
fi
docker-build:
needs: config
if: needs.config.outputs.has-secrets
name: docker-build
runs-on: ubuntu-latest
steps:
- name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
uses: actions/checkout@v3
with:
persist-credentials: false
- name: Set up QEMU
uses: docker/setup-qemu-action@v1
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- shell: bash
env:
DOCKERHUB_USER: ${{ secrets.DOCKERHUB_USER }}
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
run: |
./scripts/docker_build_push.sh
- name: Build ephemeral env image
if: github.event_name == 'pull_request'
run: |
mkdir -p ./build
echo ${{ github.sha }} > ./build/SHA
echo ${{ github.event.pull_request.number }} > ./build/PR-NUM
docker buildx build --target ci \
--load \
--cache-from=type=local,src=/tmp/superset \
-t ${{ github.sha }} \
-t "pr-${{ github.event.pull_request.number }}" \
--platform linux/amd64 \
--label "build_actor=${GITHUB_ACTOR}" \
.
docker save ${{ github.sha }} | gzip > ./build/${{ github.sha }}.tar.gz
- name: Upload build artifacts
if: github.event_name == 'pull_request'
uses: actions/upload-artifact@v3
with:
name: build
path: build/