remove unused files, rename clean workflow #172
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build Docker Images | |
| on: | |
| push: | |
| branches: | |
| - "main" | |
| pull_request: | |
| branches: | |
| - "main" | |
| schedule: | |
| - cron: "0 21 * * 0" | |
| concurrency: | |
| group: ${{ github.head_ref || github.ref_name }} | |
| env: | |
| # dynamic doesn't work here, only static data | |
| REPOSITORY: | |
| TIGER_DOMAIN: clad-github-builder.rit.uw.edu | |
| jobs: | |
| build-num: | |
| runs-on: self-hosted | |
| outputs: | |
| BUILD_NUM: ${{ steps.build_num.outputs.BUILD_NUM }} | |
| steps: | |
| - name: export BUILD_NUM to env | |
| id: build_num | |
| run: echo "BUILD_NUM=$(date +%Y%m%d%H%M%S)" >> "$GITHUB_OUTPUT" | |
| build-degauss-foundry: | |
| runs-on: self-hosted | |
| needs: build-num | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: import build_num | |
| run: echo "BUILD_NUM=${{ needs.build-num.outputs.BUILD_NUM }}" >> "$GITHUB_ENV" | |
| - name: print env | |
| run: env | sort | |
| - name: Build the degauss-foundry image | |
| run: docker build --load --cpu-quota $(( $(nproc --all)*100000 )) degauss-foundry --platform linux/amd64 --tag genoa-container-registry.washington.palantircloud.com/degauss-foundry:${{ env.BUILD_NUM }} | |
| - name: Run Trivy CVE vulnerability scanner | |
| uses: aquasecurity/trivy-action@0.33.1 | |
| with: | |
| image-ref: genoa-container-registry.washington.palantircloud.com/degauss-foundry:${{ env.BUILD_NUM }} | |
| format: 'table' | |
| exit-code: '1' | |
| ignore-unfixed: true | |
| timeout: '1h' | |
| vuln-type: 'os,library' | |
| severity: 'CRITICAL,HIGH,MEDIUM' | |
| - name: test container | |
| run: docker run --rm -v "${PWD}/test":/tmp ${{ env.container }} my_address_file.csv | |
| setup-postgis-states: | |
| runs-on: self-hosted | |
| needs: build-num | |
| outputs: | |
| matrix: ${{ steps.matrix.outputs.value }} | |
| steps: | |
| - id: matrix | |
| run: echo 'value=["ak", "al", "ar", "az", "ca", "co", "ct", "dc", "de", "fl", "ga", "hi", "ia", "id", "il", "in", "ks", "ky", "la", "ma", "md", "me", "mi", "mn", "mo", "ms", "mt", "nc", "nd", "ne", "nh", "nj", "nm", "nv", "ny", "oh", "ok", "or", "pa", "ri", "sc", "sd", "tn", "tx", "ut", "va", "vt", "wa", "wi", "wv", "wy", "pr"]' >> $GITHUB_OUTPUT | |
| - run: echo "${{ steps.matrix.outputs.value }}" | |
| build-postgis-states: | |
| runs-on: self-hosted | |
| needs: [build-num, setup-postgis-states] | |
| continue-on-error: true | |
| strategy: | |
| matrix: | |
| value: ${{fromJSON(needs.setup-postgis-states.outputs.matrix)}} | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: import build_num | |
| run: echo "BUILD_NUM=${{ needs.build-num.outputs.BUILD_NUM }}" >> "$GITHUB_ENV" | |
| - name: print env | |
| run: env | sort | |
| - name: Build the postgis image | |
| run: docker build --shm-size 4g --load --cpu-quota $(( $(nproc --all)*100000 )) --build-arg TIGER_DOMAIN=clad-github-builder.rit.uw.edu --build-arg state_var=${{ matrix.value }} uwpostgis-foundry --platform linux/amd64 --tag genoa-container-registry.washington.palantircloud.com/postgis-${{ matrix.value }}:${{ env.BUILD_NUM }} | |
| - name: Run Trivy CVE vulnerability scanner | |
| uses: aquasecurity/trivy-action@0.33.1 | |
| with: | |
| image-ref: genoa-container-registry.washington.palantircloud.com/postgis-${{ matrix.value }}:${{ env.BUILD_NUM }} | |
| format: 'table' | |
| exit-code: '1' | |
| ignore-unfixed: true | |
| timeout: '1h' | |
| vuln-type: 'os,library' | |
| severity: 'CRITICAL,HIGH,MEDIUM' |