Merge pull request #667 from hms-dbmi/development

b32147 · web-flow · commit fa2f1353af66 · 2024-04-22T10:33:58.000-06:00
Development
diff --git a/.github/workflows/requirements-update.yml b/.github/workflows/requirements-update.yml
@@ -6,55 +6,7 @@ on:
   workflow_dispatch:
 
 jobs:
-
-  stale:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/stale@v4
-        with:
-          only-labels: dependencies,automated pr
-          stale-pr-message: 'This PR is stale because it has been open 7 days with no activity. Remove stale label or comment or this will be closed in 7 days.'
-          close-pr-message: 'This PR was closed because it has been stalled for 7 days with no activity.'
-          days-before-pr-stale: 7
-          days-before-pr-close: 7
-          delete-branch: true
-
-  build:
-    runs-on: ubuntu-latest
-
-    steps:
-    - name: Checkout
-      uses: actions/checkout@v2
-      with:
-        ref: development
-
-    - name: Setup python
-      uses: actions/setup-python@v2
-      with:
-        python-version: '3.10'
-
-    - name: Install dev Python packages
-      run: |
-        python -m pip install --upgrade pip
-        pip install -r dev-requirements.txt
-
-    - name: Check for pip-tools upgrades
-      run: |
-        pip-compile --generate-hashes \
-          --allow-unsafe \
-          --upgrade \
-          --output-file requirements.txt requirements.in
-
-    - name: Create Pull Request
-      uses: peter-evans/create-pull-request@v3
-      with:
-        token: ${{ secrets.GITHUB_TOKEN }}
-        base: development
-        branch: requirements-updates
-        branch-suffix: timestamp
-        delete-branch: true
-        commit-message: "fix(requirements): Updated Python requirements"
-        title: 'Python Requirements Updates'
-        body: >
-          This PR is auto-generated by Github Actions job [requirements-update].
-        labels: dependencies, automated pr
+  scan:
+    uses: hms-dbmi/actions/.github/workflows/requirements-update.yml@main
+    secrets:
+      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml
@@ -10,58 +10,11 @@ on:
   workflow_dispatch:
 
 jobs:
-
   scan:
-    runs-on: ubuntu-latest
-
-    steps:
-    - name: Checkout
-      uses: actions/checkout@v2
-
-    - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v1
-
-    - name: Login to DockerHub
-      uses: docker/login-action@v1
-      with:
-        username: ${{ secrets.DOCKER_HUB_USERNAME }}
-        password: ${{ secrets.DOCKER_HUB_PASSWORD }}
-
-    - name: Set image name
-      id: setimagename
-      run: |
-          echo "Image name: $GITHUB_REPOSITORY:$GITHUB_SHA"
-          echo "::set-output name=imagename::$GITHUB_REPOSITORY:$GITHUB_SHA"
-
-    - name: Build the image
-      id: buildimage
-      uses: docker/build-push-action@v2
-      with:
-        context: ./
-        file: ./Dockerfile
-        push: false
-        tags: ${{ steps.setimagename.outputs.imagename }}
-
-    - name: Check whether container scanning should be enabled
-      id: checkcontainerscanning
-      env:
-          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-      run: |
-          echo "Enable container scanning: ${{ env.SNYK_TOKEN != '' }}"
-          echo "::set-output name=enabled::${{ env.SNYK_TOKEN != '' }}"
-
-    - name: Run Snyk to check Docker image for vulnerabilities
-      uses: snyk/actions/docker@master
-      if: steps.checkcontainerscanning.outputs.enabled == 'true'
-      continue-on-error: true
-      env:
-        SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-      with:
-        image: ${{ steps.setimagename.outputs.imagename }}
-        args: --file=Dockerfile
-
-    - name: Upload result to GitHub Code Scanning
-      uses: github/codeql-action/upload-sarif@v1
-      if: steps.checkcontainerscanning.outputs.enabled == 'true'
-      with:
-        sarif_file: snyk.sarif
+    uses: hms-dbmi/actions/.github/workflows/scan.yml@main
+    secrets:
+      DOCKER_HUB_USERNAME: ${{ secrets.BLHMSDBMI_DOCKERHUB_USERNAME }}
+      DOCKER_HUB_PASSWORD: ${{ secrets.BLHMSDBMI_DOCKERHUB_PASSWORD }}
+    with:
+      repository: ${{ github.repository }}
+      commit: ${{ github.sha }}
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -1,40 +1,18 @@
-name: Test
+name: Test Image Build
 
 on:
   push:
     branches: [ master, development ]
   pull_request:
     branches: [ master, development ]
+  workflow_dispatch:
 
 jobs:
-
-  build:
-    runs-on: ubuntu-latest
-
-    steps:
-    - name: Checkout
-      uses: actions/checkout@v2
-
-    - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v1
-
-    - name: Login to DockerHub
-      uses: docker/login-action@v1
-      with:
-        username: ${{ secrets.DOCKER_HUB_USERNAME }}
-        password: ${{ secrets.DOCKER_HUB_PASSWORD }}
-
-    - name: Set image name
-      id: setimagename
-      run: |
-          echo "Image name: $GITHUB_REPOSITORY:$GITHUB_SHA"
-          echo "::set-output name=imagename::$GITHUB_REPOSITORY:$GITHUB_SHA"
-
-    - name: Build the image
-      id: buildimage
-      uses: docker/build-push-action@v2
-      with:
-        context: ./
-        file: ./Dockerfile
-        push: false
-        tags: ${{ steps.setimagename.outputs.imagename }}
+  test:
+    uses: hms-dbmi/actions/.github/workflows/test-image-build.yml@main
+    secrets:
+      DOCKER_HUB_USERNAME: ${{ secrets.BLHMSDBMI_DOCKERHUB_USERNAME }}
+      DOCKER_HUB_PASSWORD: ${{ secrets.BLHMSDBMI_DOCKERHUB_PASSWORD }}
+    with:
+      repository: ${{ github.repository }}
+      commit: ${{ github.sha }}
diff --git a/dev-requirements.txt b/dev-requirements.txt
@@ -4,9 +4,9 @@
 #
 #    pip-compile --allow-unsafe --generate-hashes --output-file=dev-requirements.txt dev-requirements.in
 #
-build==1.1.1 \
-    --hash=sha256:8ed0851ee76e6e38adce47e4bee3b51c771d86c64cf578d0c2245567ee200e73 \
-    --hash=sha256:8eea65bb45b1aac2e734ba2cc8dad3a6d97d97901a395bd0ed3e7b46953d2a31
+build==1.2.1 \
+    --hash=sha256:526263f4870c26f26c433545579475377b2b7588b6f1eac76a001e873ae3e19d \
+    --hash=sha256:75e10f767a433d9a86e50d83f418e83efc18ede923ee5ff7df93b6cb0306c5d4
     # via pip-tools
 cfgv==3.4.0 \
     --hash=sha256:b7265b1f29fd3316bfcd2b330d63d024f2bfd8bcb8b0272f8e19a504856c48f9 \
@@ -20,9 +20,9 @@ distlib==0.3.8 \
     --hash=sha256:034db59a0b96f8ca18035f36290806a9a6e6bd9d1ff91e45a7f172eb17e51784 \
     --hash=sha256:1530ea13e350031b6312d8580ddb6b27a104275a31106523b8f123787f494f64
     # via virtualenv
-filelock==3.13.1 \
-    --hash=sha256:521f5f56c50f8426f5e03ad3b281b490a87ef15bc6c526f168290f0c7148d44e \
-    --hash=sha256:57dbda9b35157b05fb3e58ee91448612eb674172fab98ee235ccb0b5bee19a1c
+filelock==3.13.4 \
+    --hash=sha256:404e5e9253aa60ad457cae1be07c0f0ca90a63931200a47d9b6a6af84fd7b45f \
+    --hash=sha256:d13f466618bfde72bd2c18255e269f72542c6e70e7bac83a0232d6b1cc5c8cf4
     # via virtualenv
 identify==2.5.35 \
     --hash=sha256:10a7ca245cfcd756a554a7288159f72ff105ad233c7c4b9c6f0f4d108f5f6791 \
@@ -44,9 +44,9 @@ platformdirs==4.2.0 \
     --hash=sha256:0614df2a2f37e1a662acbd8e2b25b92ccf8632929bc6d43467e17fe89c75e068 \
     --hash=sha256:ef0cc731df711022c174543cb70a9b5bd22e5a9337c8624ef2c2ceb8ddad8768
     # via virtualenv
-pre-commit==3.6.2 \
-    --hash=sha256:ba637c2d7a670c10daedc059f5c49b5bd0aadbccfcd7ec15592cf9665117532c \
-    --hash=sha256:c3ef34f463045c88658c5b99f38c1e297abdcc0ff13f98d3370055fbbfabc67e
+pre-commit==3.7.0 \
+    --hash=sha256:5eae9e10c2b5ac51577c3452ec0a490455c45a0533f7960f993a0d01e59decab \
+    --hash=sha256:e209d61b8acdcf742404408531f0c37d49d2c734fd7cff2d6076083d191cb060
     # via -r dev-requirements.in
 pyproject-hooks==1.0.0 \
     --hash=sha256:283c11acd6b928d2f6a7c73fa0d01cb2bdc5f07c57a2eeb6e83d5e56b97976f8 \
@@ -121,9 +121,9 @@ pip==24.0 \
     --hash=sha256:ba0d021a166865d2265246961bec0152ff124de910c5cc39f1156ce3fa7c69dc \
     --hash=sha256:ea9bd1a847e8c5774a5777bb398c19e80bcd4e2aa16a4b301b718fe6f593aba2
     # via pip-tools
-setuptools==69.2.0 \
-    --hash=sha256:0ff4183f8f42cd8fa3acea16c45205521a4ef28f73c6391d8a25e92893134f2e \
-    --hash=sha256:c21c49fb1042386df081cb5d86759792ab89efca84cf114889191cd09aacc80c
+setuptools==69.5.1 \
+    --hash=sha256:6c1fccdac05a97e598fb0ae3bbed5904ccb317337a51139dcd51453611bbb987 \
+    --hash=sha256:c636ac361bc47580504644275c9ad802c50415c7522212252c033bd15f301f32
     # via
     #   nodeenv
     #   pip-tools
diff --git a/requirements.txt b/requirements.txt
