unicef · saxix · Jun 20, 2024 · Jun 20, 2024 · Jun 20, 2024 · Jun 21, 2024
diff --git a/.github/actions/docker_build/action.yml b/.github/actions/docker_build/action.yml
@@ -43,13 +43,13 @@ outputs:
     value: ${{ steps.meta.outputs.version }}
   created:
     description: 'True if new image has been created'
-    value: ${{ !steps.image_status.outputs.updated }}
+    value: ${{ steps.status.outputs.created }}
   digest:
     description: 'Built image digest'
-    value: ${{ !steps.build_push.outputs.digest }}
+    value: ${{ steps.build_push.outputs.digest }}
   imageId:
     description: 'Built image ID'
-    value: ${{ !steps.build_push.outputs.imageId }}
+    value: ${{ steps.build_push.outputs.imageId }}
 
 
 runs:
@@ -164,8 +164,8 @@ runs:
       with:
         context: .
         tags: ${{ steps.meta.outputs.tags }}
-        labels: "${{ steps.meta.outputs.labels }}\na=1\nb=2"
-        annotations: "${{ steps.meta.outputs.annotations }}\nchecksum=${{ inputs.checksum }}"
+        labels: "${{ steps.meta.outputs.labels }}\nchecksum=${{ inputs.code_checksum }}\ndistro=${{ inputs.target }}"
+        annotations: "${{ steps.meta.outputs.annotations }}\nchecksum=${{ inputs.code_checksum }}\ndistro=${{ inputs.target }}"
         target: ${{ inputs.target }}
         file: ./docker/Dockerfile
         platforms: linux/amd64
@@ -178,11 +178,16 @@ runs:
             GITHUB_SERVER_URL=${{ github.server_url }}
             GITHUB_REPOSITORY=${{ github.repository }}
             BUILD_DATE=${{ env.BUILD_DATE }}
+            DISTRO=${{ inputs.target }}
             CHECKSUM=${{ inputs.code_checksum }}
             VERSION=${{ steps.meta.outputs.version }}
             SOURCE_COMMIT=${{ steps.last_commit.outputs.last_commit_short_sha }}
     - name: Status
+      id: status
       if: (steps.image_status.outputs.updated != 'true' || inputs.rebuild == 'true') && inputs.dryrun != 'true'
       shell: bash
       run: |
+        echo "${{ toJSON(steps.build_push.outputs) }}"        
+        regctl image inspect -p linux/amd64 ${{ steps.image_name.outputs.name }}
         echo "::notice:: Image ${{ steps.meta.outputs.tags }} successfully built and pushed"
+        echo "created=true" >> $GITHUB_OUTPUT
diff --git a/.github/file-filters.yml b/.github/file-filters.yml
@@ -1,6 +1,7 @@
 # This is used by the action https://github.com/dorny/paths-filter
 docker: &docker
-  - added|modified: './docker/**'
+  - added|modified: './docker/**/*'
+  - added|modified: './docker/*'
 
 dependencies: &dependencies
   - 'pdm.lock'

diff --git a/.github/workflows/delete_image.yml b/.github/workflows/delete_image.yml
@@ -5,35 +5,45 @@ jobs:
     if: github.event.ref_type == 'branch'
     runs-on: ubuntu-latest
     steps:
-      - name: Docker meta
-        id: meta
-        uses: docker/metadata-action@v5
-
-      - name: Delete Test Docker Image
-        shell: bash
+      - name: Install regctl
+        uses: regclient/actions/regctl-installer@main
+      - name: regctl login
+        uses: regclient/actions/regctl-login@main
+        with:
+          registry: docker.io
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - shell: bash
         run: |
-          name="${{vars.DOCKER_IMAGE}}:test-${{steps.meta.outputs.version}}"
-          registry="https://registry-1.docker.io"
-          curl -v -sSL -X DELETE "http://${registry}/v2/${name}/manifests/$(
-              curl -sSL -I \
-                  -H "Accept: application/vnd.docker.distribution.manifest.v2+json" \
-                  "http://${registry}/v2/${name}/manifests/$(
-                      curl -sSL "http://${registry}/v2/${name}/tags/list" | jq -r '.tags[0]'
-                  )" \
-              | awk '$1 == "Docker-Content-Digest:" { print $2 }' \
-              | tr -d $'\r' \
-          )"
-      - name: Delete linked Docker Image
-        shell: bash
-        run: |
-          name="${{vars.DOCKER_IMAGE}}:${{steps.meta.outputs.version}}"
-          registry="https://registry-1.docker.io"
-          curl -v -sSL -X DELETE "http://${registry}/v2/${name}/manifests/$(
-              curl -sSL -I \
-                  -H "Accept: application/vnd.docker.distribution.manifest.v2+json" \
-                  "http://${registry}/v2/${name}/manifests/$(
-                      curl -sSL "http://${registry}/v2/${name}/tags/list" | jq -r '.tags[0]'
-                  )" \
-              | awk '$1 == "Docker-Content-Digest:" { print $2 }' \
-              | tr -d $'\r' \
-          )"
+          ref="${{github.event.ref}}"
+          tag=$(echo $ref | sed -e "s#refs/heads/##g" | sed -e s#/#-##g)
+          name="${{vars.DOCKER_IMAGE}}:test-${{github.event.ref}}"          
+          echo "Delete $name" 
+#      - name: Delete Test Docker Image
+#        shell: bash
+#        run: |
+#          name="${{vars.DOCKER_IMAGE}}:test-${{github.event.ref}}"
+#          registry="https://registry-1.docker.io"
+#          curl -v -sSL -X DELETE "http://${registry}/v2/${name}/manifests/$(
+#              curl -sSL -I \
+#                  -H "Accept: application/vnd.docker.distribution.manifest.v2+json" \
+#                  "http://${registry}/v2/${name}/manifests/$(
+#                      curl -sSL "http://${registry}/v2/${name}/tags/list" | jq -r '.tags[0]'
+#                  )" \
+#              | awk '$1 == "Docker-Content-Digest:" { print $2 }' \
+#              | tr -d $'\r' \
+#          )"
+#      - name: Delete linked Docker Image
+#        shell: bash
+#        run: |
+#          name="${{vars.DOCKER_IMAGE}}:${{github.event.ref}}"
+#          registry="https://registry-1.docker.io"
+#          curl -v -sSL -X DELETE "http://${registry}/v2/${name}/manifests/$(
+#              curl -sSL -I \
+#                  -H "Accept: application/vnd.docker.distribution.manifest.v2+json" \
+#                  "http://${registry}/v2/${name}/manifests/$(
+#                      curl -sSL "http://${registry}/v2/${name}/tags/list" | jq -r '.tags[0]'
+#                  )" \
+#              | awk '$1 == "Docker-Content-Digest:" { print $2 }' \
+#              | tr -d $'\r' \
+#          )"
diff --git a/.github/workflows/dump.yml b/.github/workflows/dump.yml
@@ -0,0 +1,87 @@
+name: "[DEBUG] Dump"
+
+on:
+  check_run:
+  create:
+  delete:
+  discussion:
+  discussion_comment:
+  fork:
+  issues:
+  issue_comment:
+  milestone:
+  pull_request:
+  pull_request_review_comment:
+  pull_request_review:
+  push:
+  release:
+  workflow_dispatch:
+
+
+jobs:
+  dump:
+    name: "[DEBUG] Echo Full Context"
+    if: ${{ contains(github.event.head_commit.message, 'ci:debug') }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Dump Env vars
+        run: |
+            echo "====== ENVIRONMENT ================="
+            env | sort
+            echo "===================================="
+      - name: Dump GitHub context
+        env:
+          GITHUB_CONTEXT: ${{ toJSON(github) }}
+        run: |
+            echo "====== GITHUB_CONTEXT =============="
+            echo "$GITHUB_CONTEXT"
+            echo "===================================="
+      - name: Dump job context
+        env:
+          JOB_CONTEXT: ${{ toJSON(job) }}
+        run: |
+          echo "====== JOB_CONTEXT =============="
+          echo "$JOB_CONTEXT"
+          echo "===================================="
+      - name: Dump steps context
+        env:
+          STEPS_CONTEXT: ${{ toJSON(steps) }}
+        run: |
+          echo "====== STEPS_CONTEXT =============="
+          echo "$STEPS_CONTEXT"
+          echo "===================================="
+      - name: Dump runner context
+        env:
+          RUNNER_CONTEXT: ${{ toJSON(runner) }}
+        run: |
+          echo "====== RUNNER_CONTEXT =============="
+          echo "$RUNNER_CONTEXT"
+          echo "===================================="
+      - name: Dump strategy context
+        env:
+          STRATEGY_CONTEXT: ${{ toJSON(strategy) }}
+        run: |
+          echo "====== STRATEGY_CONTEXT =============="
+          echo "$STRATEGY_CONTEXT"
+          echo "===================================="
+      - name: Dump matrix context
+        env:
+          MATRIX_CONTEXT: ${{ toJSON(matrix) }}
+        run: |
+          echo "====== MATRIX_CONTEXT =============="
+          echo "$MATRIX_CONTEXT"
+          echo "===================================="
+      - name: Dump vars context
+        env:
+          VARS_CONTEXT: ${{ toJSON(vars) }}
+        run: |
+          echo "====== VARS =============="
+          echo "$VARS_CONTEXT"
+          echo "===================================="
+      - name: Dump env context
+        env:
+          ENV_CONTEXT: ${{ toJSON(env) }}
+        run: |
+          echo "====== ENV =============="
+          echo "$ENV_CONTEXT"
+          echo "===================================="
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
@@ -3,12 +3,15 @@ on:
   push:
     branches:
       - develop
-#      - master
-#      - staging
-#      - releases/*
-  pull_request:
-    branches: [develop, master]
-    types: [synchronize, opened, reopened, ready_for_review]
+      - master
+      - staging
+      - release/*
+      - feature/*
+      - bugfix/*
+      - hotfix/*
+#  pull_request:
+#    branches: [develop, master]
+#    types: [synchronize, opened, reopened, ready_for_review]
 
 defaults:
   run:
@@ -49,7 +52,7 @@ jobs:
     if: github.event.pull_request.draft == false && needs.changes.outputs.lint
     steps:
       - uses: actions/checkout@v4
-      - uses: actions/setup-python@v2
+      - uses: actions/setup-python@v5
         with:
           python-version: '3.12'
       - name: Install requirements
@@ -66,7 +69,7 @@ jobs:
     if: github.event.pull_request.draft == false && needs.changes.outputs.lint
     steps:
       - uses: actions/checkout@v4
-      - uses: actions/setup-python@v2
+      - uses: actions/setup-python@v5
         with:
           python-version: '3.12'
       - name: Install requirements
@@ -79,7 +82,7 @@ jobs:
     if: github.event.pull_request.draft == false && needs.changes.outputs.lint
     steps:
       - uses: actions/checkout@v4
-      - uses: actions/setup-python@v2
+      - uses: actions/setup-python@v5
         with:
           python-version: '3.12'
       - name: Install requirements

diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
@@ -3,12 +3,15 @@ on:
   push:
     branches:
       - develop
-#      - master
-#      - staging
-#      - releases/*
-  pull_request:
-    branches: [develop, master]
-    types: [synchronize, opened, reopened, ready_for_review]
+      - master
+      - staging
+      - release/*
+      - feature/*
+      - bugfix/*
+      - hotfix/*
+#  pull_request:
+#    branches: [develop, master]
+#    types: [synchronize, opened, reopened, ready_for_review]
 
 defaults:
   run:
@@ -61,7 +64,7 @@ jobs:
           # Github token of the repository (automatically created by Github)
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information.
           # File or directory to run bandit on
-          # path: # optional, default is .
+          path: src # optional, default is .
           # Report only issues of a given severity level or higher. Can be LOW, MEDIUM or HIGH. Default is UNDEFINED (everything)
           # level: # optional, default is UNDEFINED
           # Report only issues of a given confidence level or higher. Can be LOW, MEDIUM or HIGH. Default is UNDEFINED (everything)