Mercurial > p > roundup > code
annotate .github/workflows/anchore.yml @ 7894:7b0a143ac806
test: disable Python 3.13 CI xapian build. Fails with compile error.
...
libtool: compile: g++ -DHAVE_CONFIG_H
-I. -I.. -I/opt/hostedtoolcache/Python/3.13.0-alpha.6/x64/include/python3.13
-fno-strict-aliasing -Wall -Wno-unused -Wno-uninitialized
-fvisibility=hidden -g -O2 -MT xapian_wrap.lo -MD -MP -MF
.deps/xapian_wrap.Tpo -c xapian_wrap.cc -fPIC -DPIC -o
.libs/xapian_wrap.o
xapian_wrap.cc: In constructor
‘XapianSWIG_Python_Thread_Block::XapianSWIG_Python_Thread_Block()’:
xapian_wrap.cc:87:13: error: ‘PyEval_ThreadsInitialized’ was not
declared in this scope
87 | if (PyEval_ThreadsInitialized()) {
| ^~~~~~~~~~~~~~~~~~~~~~~~~
xapian_wrap.cc: In constructor
‘XapianSWIG_Python_Thread_Allow::XapianSWIG_Python_Thread_Allow()’:
xapian_wrap.cc:109:47: error: ‘PyEval_ThreadsInitialized’ was not
declared in this scope
109 | XapianSWIG_Python_Thread_Allow() :
status(PyEval_ThreadsInitialized()) {
|
^~~~~~~~~~~~~~~~~~~~~~~~~
make[3]: *** [Makefile:782: xapian_wrap.lo] Error 1
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Sat, 20 Apr 2024 14:23:32 -0400 |
| parents | a17d0abfb212 |
| children | 85c47edfc383 |
| rev | line source |
|---|---|
|
6838
3387f458ed27
add workflow - docker container security check
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
1 # This workflow uses actions that are not certified by GitHub. |
|
3387f458ed27
add workflow - docker container security check
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
2 # They are provided by a third-party and are governed by |
|
3387f458ed27
add workflow - docker container security check
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
3 # separate terms of service, privacy policy, and support |
|
3387f458ed27
add workflow - docker container security check
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
4 # documentation. |
|
3387f458ed27
add workflow - docker container security check
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
5 |
|
3387f458ed27
add workflow - docker container security check
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
6 # This workflow checks out code, builds an image, performs a container image |
|
3387f458ed27
add workflow - docker container security check
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
7 # vulnerability scan with Anchore's Grype tool, and integrates the results with GitHub Advanced Security |
|
3387f458ed27
add workflow - docker container security check
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
8 # code scanning feature. For more information on the Anchore scan action usage |
|
3387f458ed27
add workflow - docker container security check
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
9 # and parameters, see https://github.com/anchore/scan-action. For more |
|
3387f458ed27
add workflow - docker container security check
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
10 # information on Anchore's container image scanning tool Grype, see |
|
3387f458ed27
add workflow - docker container security check
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
11 # https://github.com/anchore/grype |
|
3387f458ed27
add workflow - docker container security check
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
12 name: Anchore Container Scan |
|
3387f458ed27
add workflow - docker container security check
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
13 |
|
3387f458ed27
add workflow - docker container security check
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
14 on: |
|
3387f458ed27
add workflow - docker container security check
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
15 push: |
|
3387f458ed27
add workflow - docker container security check
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
16 branches: [ "master" ] |
|
3387f458ed27
add workflow - docker container security check
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
17 pull_request: |
|
3387f458ed27
add workflow - docker container security check
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
18 # The branches below must be a subset of the branches above |
|
3387f458ed27
add workflow - docker container security check
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
19 branches: [ "master" ] |
|
3387f458ed27
add workflow - docker container security check
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
20 schedule: |
|
3387f458ed27
add workflow - docker container security check
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
21 - cron: '38 21 * * 6' |
|
3387f458ed27
add workflow - docker container security check
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
22 |
|
3387f458ed27
add workflow - docker container security check
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
23 permissions: |
|
3387f458ed27
add workflow - docker container security check
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
24 contents: read |
|
3387f458ed27
add workflow - docker container security check
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
25 |
|
6956
ca6b056b79a4
only run on most current push.
John Rouillard <rouilj@ieee.org>
parents:
6838
diff
changeset
|
26 concurrency: |
|
ca6b056b79a4
only run on most current push.
John Rouillard <rouilj@ieee.org>
parents:
6838
diff
changeset
|
27 group: ${{ github.workflow }}-${{ github.ref }} |
|
ca6b056b79a4
only run on most current push.
John Rouillard <rouilj@ieee.org>
parents:
6838
diff
changeset
|
28 cancel-in-progress: true |
|
ca6b056b79a4
only run on most current push.
John Rouillard <rouilj@ieee.org>
parents:
6838
diff
changeset
|
29 |
|
6838
3387f458ed27
add workflow - docker container security check
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
30 jobs: |
|
3387f458ed27
add workflow - docker container security check
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
31 Anchore-Build-Scan: |
|
7194
8dc5b3739367
Prevent github actions from running if commit includes 'no-github-ci'
John Rouillard <rouilj@ieee.org>
parents:
7186
diff
changeset
|
32 if: "!contains(github.event.head_commit.message, 'no-github-ci')" |
|
6838
3387f458ed27
add workflow - docker container security check
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
33 permissions: |
|
3387f458ed27
add workflow - docker container security check
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
34 contents: read # for actions/checkout to fetch code |
|
3387f458ed27
add workflow - docker container security check
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
35 security-events: write # for github/codeql-action/upload-sarif to upload SARIF results |
|
3387f458ed27
add workflow - docker container security check
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
36 actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status |
|
3387f458ed27
add workflow - docker container security check
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
37 runs-on: ubuntu-latest |
|
3387f458ed27
add workflow - docker container security check
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
38 steps: |
|
3387f458ed27
add workflow - docker container security check
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
39 - name: Checkout the code |
|
7728
a17d0abfb212
chore: update to latest actions
John Rouillard <rouilj@ieee.org>
parents:
7647
diff
changeset
|
40 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 |
|
6838
3387f458ed27
add workflow - docker container security check
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
41 - name: Build the Docker image |
|
7147
7f4d20ebae4a
another try. Use same shell that builds roundup image to update base.
John Rouillard <rouilj@ieee.org>
parents:
7146
diff
changeset
|
42 run: docker pull python:3-alpine; docker build . --file scripts/Docker/Dockerfile --tag localbuild/testimage:latest |
|
7273
6bffcc837bf7
Add list of docker to allow checking size.
John Rouillard <rouilj@ieee.org>
parents:
7270
diff
changeset
|
43 - name: List the Docker image |
|
6bffcc837bf7
Add list of docker to allow checking size.
John Rouillard <rouilj@ieee.org>
parents:
7270
diff
changeset
|
44 run: docker image ls |
|
6838
3387f458ed27
add workflow - docker container security check
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
45 - name: Run the Anchore scan action itself with GitHub Advanced Security code scanning integration enabled |
|
7728
a17d0abfb212
chore: update to latest actions
John Rouillard <rouilj@ieee.org>
parents:
7647
diff
changeset
|
46 uses: anchore/scan-action@c35e932c2a7c572bfdb1c3dbcdadb2d4fc62418d # 3.6.1 |
|
7044
619563fbe2d3
Fix version identofier for Anchore scan
John Rouillard <rouilj@ieee.org>
parents:
7043
diff
changeset
|
47 id: scan |
|
6838
3387f458ed27
add workflow - docker container security check
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
48 with: |
|
3387f458ed27
add workflow - docker container security check
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
49 image: "localbuild/testimage:latest" |
|
7116
86dae713d4c6
Try to make anchore failure fail build but upload results
John Rouillard <rouilj@ieee.org>
parents:
7046
diff
changeset
|
50 fail-build: true |
|
6838
3387f458ed27
add workflow - docker container security check
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
51 - name: Upload Anchore Scan Report |
|
7116
86dae713d4c6
Try to make anchore failure fail build but upload results
John Rouillard <rouilj@ieee.org>
parents:
7046
diff
changeset
|
52 if: always() |
|
7728
a17d0abfb212
chore: update to latest actions
John Rouillard <rouilj@ieee.org>
parents:
7647
diff
changeset
|
53 uses: github/codeql-action/upload-sarif@65c74964a9ed8c44ed9f19d4bbc5757a6a8e9ab9 # v2.16.1 |
|
6838
3387f458ed27
add workflow - docker container security check
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
54 with: |
|
7044
619563fbe2d3
Fix version identofier for Anchore scan
John Rouillard <rouilj@ieee.org>
parents:
7043
diff
changeset
|
55 sarif_file: ${{ steps.scan.outputs.sarif }} |
|
619563fbe2d3
Fix version identofier for Anchore scan
John Rouillard <rouilj@ieee.org>
parents:
7043
diff
changeset
|
56 - name: Inspect action SARIF report |
|
7116
86dae713d4c6
Try to make anchore failure fail build but upload results
John Rouillard <rouilj@ieee.org>
parents:
7046
diff
changeset
|
57 if: always() |
|
7044
619563fbe2d3
Fix version identofier for Anchore scan
John Rouillard <rouilj@ieee.org>
parents:
7043
diff
changeset
|
58 run: cat ${{ steps.scan.outputs.sarif }} |