Core key vault firewall should not be set to "Allow public access from all networks" #9053
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: Docker build | |
on: # yamllint disable-line rule:truthy | |
pull_request: | |
branches: | |
- main | |
- 'feature/**' | |
workflow_dispatch: | |
# for each ref (branch/pr) run just the most recent, cancel | |
# other pending/running ones | |
concurrency: | |
group: "${{ github.workflow }}-${{ github.head_ref }}" | |
cancel-in-progress: true | |
jobs: | |
docker_build: | |
name: Build images | |
runs-on: ubuntu-latest | |
steps: | |
- name: Upload Event File | |
# this step is required to publish test results from forks | |
uses: actions/upload-artifact@v4 | |
with: | |
name: Event File | |
path: ${{ github.event_path }} | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- name: Filter changes | |
uses: dorny/paths-filter@v3 | |
id: filter | |
with: | |
filters: | | |
api: | |
- 'api_app/**/*' | |
api_version: | |
- 'api_app/_version.py' | |
resource_processor: | |
- 'resource_processor/**/*' | |
resource_processor_version: | |
- 'resource_processor/_version.py' | |
guacamole_server: | |
- 'templates/workspace_services/guacamole/guacamole-server/**/*' | |
guacamole_server_version: | |
- 'templates/workspace_services/guacamole/guacamole-server/docker/version.txt' | |
gitea: | |
- 'templates/shared_services/gitea/docker/**/*' | |
gitea_version: | |
- 'templates/shared_services/gitea/docker/version.txt' | |
airlock_processor: | |
- 'airlock_processor/**/*' | |
airlock_processor_version: | |
- 'airlock_processor/_version.py' | |
ui_app: | |
- 'ui/app/**/*' | |
ui_app_version: | |
- 'ui/app/package.json' | |
- name: "Stale version: api" | |
if: ${{ steps.filter.outputs.api == 'true' && | |
steps.filter.outputs.api_version == 'false' }} | |
run: echo "::error::Code update without version change" && exit 1 | |
- name: "Stale version: resource_processor" | |
if: ${{ steps.filter.outputs.resource_processor == 'true' && | |
steps.filter.outputs.resource_processor_version == 'false' }} | |
run: echo "::error::Code update without version change" && exit 1 | |
- name: "Stale version: guacamole_server" | |
if: ${{ steps.filter.outputs.guacamole_server == 'true' && | |
steps.filter.outputs.guacamole_server_version == 'false' }} | |
run: echo "::error::Code update without version change" && exit 1 | |
- name: "Stale version: gitea" | |
if: ${{ steps.filter.outputs.gitea == 'true' && | |
steps.filter.outputs.gitea_version == 'false' }} | |
run: echo "::error::Code update without version change" && exit 1 | |
- name: "Stale version: airlock_processor" | |
if: ${{ steps.filter.outputs.airlock_processor == 'true' && | |
steps.filter.outputs.airlock_processor_version == 'false' }} | |
run: echo "::error::Code update without version change" && exit 1 | |
- name: "Stale version: ui_app" | |
if: ${{ steps.filter.outputs.ui_app == 'true' && | |
steps.filter.outputs.ui_app_version == 'false' }} | |
run: echo "::error::Code update without version change" && exit 1 | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v3 | |
# Unit Tests are executed by calling the 'test-results' target in the | |
# Dockerfile's. Test runner exit codes must be swallowed (and kept) so we | |
# can output the test results. This means we have to check for failure | |
# trigger files in later steps. | |
- name: "Test image: api" | |
# test should be before build since its docker target | |
# is prior to runtime | |
if: | | |
(steps.filter.outputs.api == 'true' | |
|| github.event_name == 'workflow_dispatch') | |
uses: docker/build-push-action@v5 | |
with: | |
context: ./api_app/ | |
file: ./api_app/Dockerfile | |
outputs: type=local,dest=test-results | |
target: test-results | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
- name: "Check pytest failure file existence" | |
id: check_api_test_result | |
uses: andstor/file-existence-action@v3 | |
with: | |
files: "test-results/pytest_api_unit_failed" | |
- name: "Build image: api" | |
if: | | |
(steps.filter.outputs.api == 'true' | |
|| github.event_name == 'workflow_dispatch') | |
&& steps.check_api_test_result.outputs.files_exists == 'false' | |
uses: docker/build-push-action@v5 | |
with: | |
context: ./api_app/ | |
file: ./api_app/Dockerfile | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
- name: "Build image: resource_processor" | |
if: | | |
(steps.filter.outputs.resource_processor == 'true' | |
|| github.event_name == 'workflow_dispatch') | |
uses: docker/build-push-action@v5 | |
with: | |
context: ./resource_processor | |
file: ./resource_processor/vmss_porter/Dockerfile | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
- name: "Test image: guacamole_server" | |
if: | | |
(steps.filter.outputs.guacamole_server == 'true' | |
|| github.event_name == 'workflow_dispatch') | |
uses: docker/build-push-action@v5 | |
with: | |
context: ./templates/workspace_services/guacamole/guacamole-server | |
file: ./templates/workspace_services/guacamole/guacamole-server/docker/Dockerfile | |
outputs: type=local,dest=test-results | |
target: test-results | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
- name: "Check maven failure file existence" | |
id: check_maven_test_result | |
uses: andstor/file-existence-action@v3 | |
with: | |
files: "test-results/guacamole_package_failed" | |
- name: "Build image: guacamole_server" | |
if: | | |
(steps.filter.outputs.guacamole_server == 'true' | |
|| github.event_name == 'workflow_dispatch') | |
&& steps.check_maven_test_result.outputs.files_exists == 'false' | |
uses: docker/build-push-action@v5 | |
with: | |
context: ./templates/workspace_services/guacamole/guacamole-server | |
file: ./templates/workspace_services/guacamole/guacamole-server/docker/Dockerfile | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
- name: "Build image: gitea" | |
if: | | |
(steps.filter.outputs.gitea == 'true' | |
|| github.event_name == 'workflow_dispatch') | |
uses: docker/build-push-action@v5 | |
with: | |
context: ./templates/shared_services/gitea/docker | |
file: ./templates/shared_services/gitea/docker/Dockerfile | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
# Unit Tests are executed by calling the 'test-results' target in the | |
# Dockerfile's. Test runner exit codes must be swallowed (and kept) so we | |
# can output the test results. This means we have to check for failure | |
# trigger files in later steps. | |
- name: "Test image: airlock_processor" | |
# test should be before build since its docker target | |
# is prior to runtime | |
if: | | |
(steps.filter.outputs.airlock_processor == 'true' | |
|| github.event_name == 'workflow_dispatch') | |
uses: docker/build-push-action@v5 | |
with: | |
context: ./airlock_processor/ | |
file: ./airlock_processor/Dockerfile | |
outputs: type=local,dest=test-results | |
target: test-results | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
- name: "Check pytest failure file existence" | |
id: check_airlock_processor_test_result | |
uses: andstor/file-existence-action@v3 | |
with: | |
files: "test-results/pytest_airlock_processor_unit_failed" | |
- name: "Build image: airlock_processor" | |
if: | | |
(steps.filter.outputs.airlock_processor == 'true' | |
|| github.event_name == 'workflow_dispatch') | |
&& steps.check_airlock_processor_test_result.outputs.files_exists == 'false' | |
uses: docker/build-push-action@v5 | |
with: | |
context: ./airlock_processor/ | |
file: ./airlock_processor/Dockerfile | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
- name: Upload Unit Test Results | |
if: always() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: test-results | |
path: test-results |