Build(deps): Bump pycryptodome from 3.22.0 to 3.23.0 #41
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Stage OCI container images through GitHub Actions (GHA) to GitHub Container Registry (GHCR). | |
| # The image is available per `ghcr.io/crate/cratedb-fivetran-destination`. | |
| name: "Release: OCI image" | |
| on: | |
| # Build images when merging to `main` and when running a release. | |
| push: | |
| branches: | |
| - 'main' | |
| tags: | |
| - '*' | |
| # Build images on each pull request. | |
| # Remark: Activate only when needed, it will eat a lot of resources. The alternative | |
| # is to build manually / on-demand, by using the `workflow_dispatch` feature, | |
| # available through the GHA web UI. | |
| # pull_request: | |
| # Produce a nightly image every day at 6 a.m. CEST. | |
| # schedule: | |
| # - cron: '0 4 * * *' | |
| # Allow job to be triggered manually. | |
| workflow_dispatch: | |
| # Cancel in-progress jobs when pushing to the same branch. | |
| concurrency: | |
| cancel-in-progress: true | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| # The name for the produced image at ghcr.io. | |
| env: | |
| IMAGE_NAME: "${{ github.repository }}" | |
| RECIPE_PATH: "release/oci" | |
| jobs: | |
| build_and_test: | |
| runs-on: "ubuntu-22.04" | |
| steps: | |
| - name: Acquire sources | |
| uses: actions/checkout@v4 | |
| - name: Build wheel package | |
| run: | | |
| pip install build | |
| python -m build | |
| - name: Upload wheel package | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ runner.os }}-wheel-${{ github.sha }} | |
| path: dist/*.whl | |
| retention-days: 7 | |
| - name: Run tests | |
| run: | | |
| if [[ -f ${{ env.RECIPE_PATH }}/test.yml ]]; then | |
| export DOCKER_BUILDKIT=1 | |
| export COMPOSE_DOCKER_CLI_BUILD=1 | |
| docker compose --file ${{ env.RECIPE_PATH }}/test.yml build | |
| docker compose --file ${{ env.RECIPE_PATH }}/test.yml run sut | |
| fi | |
| oci: | |
| needs: build_and_test | |
| runs-on: ubuntu-latest | |
| if: ${{ ! (startsWith(github.actor, 'dependabot') || github.event.pull_request.head.repo.fork ) }} | |
| steps: | |
| - name: Acquire sources | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Define image name and tags | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| # List of OCI images to use as base name for tags | |
| images: | | |
| ghcr.io/${{ env.IMAGE_NAME }} | |
| # Generate OCI image tags based on the following events/attributes | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=pr | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| type=schedule,pattern=nightly | |
| - name: Inspect metadata | |
| run: | | |
| echo "Tags: ${{ steps.meta.outputs.tags }}" | |
| echo "Labels: ${{ steps.meta.outputs.labels }}" | |
| - name: Install QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| with: | |
| image: tonistiigi/binfmt:qemu-v7.0.0-28 | |
| - name: Install Docker Buildx | |
| id: buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Cache OCI layers | |
| uses: actions/cache@v4 | |
| with: | |
| path: /tmp/.buildx-cache | |
| key: ${{ runner.os }}-buildx-${{ github.sha }} | |
| restore-keys: | | |
| ${{ runner.os }}-buildx- | |
| - name: Inspect builder | |
| run: | | |
| echo "Name: ${{ steps.buildx.outputs.name }}" | |
| echo "Endpoint: ${{ steps.buildx.outputs.endpoint }}" | |
| echo "Status: ${{ steps.buildx.outputs.status }}" | |
| echo "Flags: ${{ steps.buildx.outputs.flags }}" | |
| echo "Platforms: ${{ steps.buildx.outputs.platforms }}" | |
| - name: Login to GHCR | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ github.token }} | |
| - name: Build and push image | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| file: ${{ env.RECIPE_PATH }}/Dockerfile | |
| platforms: linux/amd64,linux/arm64 | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| push: true | |
| cache-from: type=local,src=/tmp/.buildx-cache | |
| cache-to: type=local,dest=/tmp/.buildx-cache-new | |
| - name: Move cache | |
| run: | | |
| rm -rf /tmp/.buildx-cache | |
| mv /tmp/.buildx-cache-new /tmp/.buildx-cache | |
| - name: Display git status | |
| run: | | |
| set -x | |
| git describe --tags --always | |
| git status |