mirror of
https://github.com/python-pillow/Pillow.git
synced 2024-12-26 18:06:18 +03:00
43b185e1c1
Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much. - Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/) Signed-off-by: neilnaveen <42328488+neilnaveen@users.noreply.github.com>
96 lines
2.6 KiB
YAML
96 lines
2.6 KiB
YAML
name: Test Docker
|
|
|
|
on: [push, pull_request, workflow_dispatch]
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
build:
|
|
|
|
runs-on: ubuntu-latest
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
docker: [
|
|
# Run slower jobs first to give them a headstart and reduce waiting time
|
|
ubuntu-22.04-jammy-arm64v8,
|
|
ubuntu-22.04-jammy-ppc64le,
|
|
ubuntu-22.04-jammy-s390x,
|
|
# Then run the remainder
|
|
alpine,
|
|
amazon-2-amd64,
|
|
arch,
|
|
centos-7-amd64,
|
|
centos-stream-8-amd64,
|
|
centos-stream-9-amd64,
|
|
debian-10-buster-x86,
|
|
debian-11-bullseye-x86,
|
|
fedora-35-amd64,
|
|
fedora-36-amd64,
|
|
gentoo,
|
|
ubuntu-18.04-bionic-amd64,
|
|
ubuntu-20.04-focal-amd64,
|
|
ubuntu-22.04-jammy-amd64,
|
|
]
|
|
dockerTag: [main]
|
|
include:
|
|
- docker: "ubuntu-22.04-jammy-arm64v8"
|
|
qemu-arch: "aarch64"
|
|
- docker: "ubuntu-22.04-jammy-ppc64le"
|
|
qemu-arch: "ppc64le"
|
|
- docker: "ubuntu-22.04-jammy-s390x"
|
|
qemu-arch: "s390x"
|
|
|
|
name: ${{ matrix.docker }}
|
|
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
|
|
- name: Build system information
|
|
run: python3 .github/workflows/system-info.py
|
|
|
|
- name: Set up QEMU
|
|
if: "matrix.qemu-arch"
|
|
run: |
|
|
docker run --rm --privileged aptman/qus -s -- -p ${{ matrix.qemu-arch }}
|
|
|
|
- name: Docker pull
|
|
run: |
|
|
docker pull pythonpillow/${{ matrix.docker }}:${{ matrix.dockerTag }}
|
|
|
|
- name: Docker build
|
|
run: |
|
|
# The Pillow user in the docker container is UID 1000
|
|
sudo chown -R 1000 $GITHUB_WORKSPACE
|
|
docker run --name pillow_container -v $GITHUB_WORKSPACE:/Pillow pythonpillow/${{ matrix.docker }}:${{ matrix.dockerTag }}
|
|
sudo chown -R runner $GITHUB_WORKSPACE
|
|
|
|
- name: After success
|
|
run: |
|
|
PATH="$PATH:~/.local/bin"
|
|
docker start pillow_container
|
|
pil_path=`docker exec pillow_container /vpy3/bin/python -c 'import os, PIL;print(os.path.realpath(os.path.dirname(PIL.__file__)))'`
|
|
docker stop pillow_container
|
|
sudo mkdir -p $pil_path
|
|
sudo cp src/PIL/*.py $pil_path
|
|
.ci/after_success.sh
|
|
env:
|
|
MATRIX_DOCKER: ${{ matrix.docker }}
|
|
|
|
- name: Upload coverage
|
|
uses: codecov/codecov-action@v1
|
|
with:
|
|
flags: GHA_Docker
|
|
name: ${{ matrix.docker }}
|
|
|
|
success:
|
|
permissions:
|
|
contents: none
|
|
needs: build
|
|
runs-on: ubuntu-latest
|
|
name: Docker Test Successful
|
|
steps:
|
|
- name: Success
|
|
run: echo Docker Test Successful
|