Skip to content

build(DOCKER): add backports, pin dependencies #51

build(DOCKER): add backports, pin dependencies

build(DOCKER): add backports, pin dependencies #51

Workflow file for this run

---
name: smtp-github-workflow-push
on:
push:
schedule:
- cron: "0 6 * * 1"
workflow_dispatch:
# secrets:
# REGISTRY_USERNAME:
# description: "Sets the username that will be used to log in to the registry."
# REGISTRY_PASSWORD:
# description: "Sets the password that will be used to log in to the registry."
# SLACK_WEBHOOK:
# description: "Optional, enables Slack notifications."
# required: false
jobs:
configuration:
uses: cicd-tools-org/cicd-tools/.github/workflows/job-00-generic-read_json_file.yml@master
with:
JSON_FILE_PATH: ".github/config/workflows/workflow-push.json"
start:
secrets:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
uses: cicd-tools-org/cicd-tools/.github/workflows/job-00-generic-notification.yml@master
with:
NOTIFICATION_EMOJI: ":vertical_traffic_light:"
NOTIFICATION_MESSAGE: "Workflow has started!"
security:
needs: [configuration]
secrets:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
uses: cicd-tools-org/cicd-tools/.github/workflows/job-10-generic-security_scan_credentials.yml@master
with:
EXTRA_BINARY_ARGS: ${{ fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_trufflehog_extra_scan_args }}
VERBOSE_NOTIFICATIONS: ${{ fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_verbose_notifications }}
markdown_links:
needs: [configuration]
secrets:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
uses: cicd-tools-org/cicd-tools/.github/workflows/job-30-generic-markdown_links.yml@master
with:
CONFIG_FILE: ".github/config/actions/gaurav-nelson-github-action-markdown-link-check.json"
VERBOSE_NOTIFICATIONS: ${{ fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_verbose_notifications }}
pre-commit_hooks:
needs: [configuration]
secrets:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
uses: cicd-tools-org/cicd-tools/.github/workflows/job-50-poetry-test_basic_precommit_hooks.yml@master
with:
CHECK_CREDENTIALS: true
CHECK_TOML: true
CHECK_WORKFLOW: true
CONCURRENCY: ${{ fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_concurrency_limit }}
PYTHON_VERSIONS: ${{ toJSON(fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_python_versions) }}
VERBOSE_NOTIFICATIONS: ${{ fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_verbose_notifications }}
commit_lint:
needs: [configuration]
secrets:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
uses: cicd-tools-org/cicd-tools/.github/workflows/job-80-poetry-rev_range_command.yml@master
with:
COMMAND: |
poetry run cz check --rev-range "${PUSHED_COMMIT_REV_RANGE}"
COMMAND_NAME: "Commit Message Lint"
CONCURRENCY: ${{ fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_concurrency_limit }}
PYTHON_VERSIONS: ${{ toJSON(fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_python_versions) }}
REV_RANGE: ${{ fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_commitizen_rev_range }}
VERBOSE_NOTIFICATIONS: ${{ fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_verbose_notifications }}
commit_spell_check:
needs: [configuration]
secrets:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
uses: cicd-tools-org/cicd-tools/.github/workflows/job-80-poetry-rev_range_command.yml@master
with:
COMMAND: |
CICD_COMMIT_MESSAGES_FILE="$(mktemp XXXXXXXX.git_history_file)"
git log --pretty=format:%s "${PUSHED_COMMIT_REV_RANGE}" > "${CICD_COMMIT_MESSAGES_FILE}"
poetry run pre-commit run --hook-stage commit-msg spelling-commit-message --commit-msg-filename "${CICD_COMMIT_MESSAGES_FILE}"
COMMAND_NAME: "Commit Message Spelling"
CONCURRENCY: ${{ fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_concurrency_limit }}
PYTHON_VERSIONS: ${{ toJSON(fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_python_versions) }}
REV_RANGE: ${{ fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_commit_spelling_rev_range }}
VERBOSE_NOTIFICATIONS: ${{ fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_verbose_notifications }}
docker_container_lint:
needs: [configuration]
secrets:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
uses: cicd-tools-org/cicd-tools/.github/workflows/job-80-container-dockerfile_linter.yml@master
with:
VERBOSE_NOTIFICATIONS: ${{ fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_verbose_notifications }}
json_schema_lint:
needs: [configuration]
secrets:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
uses: cicd-tools-org/cicd-tools/.github/workflows/job-80-poetry-precommit_commit_stage_hook.yml@master
with:
CONCURRENCY: ${{ fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_concurrency_limit }}
PRECOMMIT_HOOK_ID: "check-jsonschema"
PRECOMMIT_HOOK_NAME: "Workflow Config JSON Schema Linting"
PYTHON_VERSIONS: ${{ toJSON(fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_python_versions) }}
VERBOSE_NOTIFICATIONS: ${{ fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_verbose_notifications }}
markdown_lint:
needs: [configuration]
secrets:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
uses: cicd-tools-org/cicd-tools/.github/workflows/job-80-poetry-precommit_commit_stage_hook.yml@master
with:
CONCURRENCY: ${{ fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_concurrency_limit }}
PRECOMMIT_HOOK_ID: "lint-markdown"
PRECOMMIT_HOOK_NAME: "Markdown Linting"
PYTHON_VERSIONS: ${{ toJSON(fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_python_versions) }}
VERBOSE_NOTIFICATIONS: ${{ fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_verbose_notifications }}
markdown_spelling:
needs: [configuration]
secrets:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
uses: cicd-tools-org/cicd-tools/.github/workflows/job-80-poetry-precommit_commit_stage_hook.yml@master
with:
CONCURRENCY: ${{ fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_concurrency_limit }}
PRECOMMIT_HOOK_ID: "spelling-markdown"
PRECOMMIT_HOOK_NAME: "Markdown Spelling"
PYTHON_VERSIONS: ${{ toJSON(fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_python_versions) }}
VERBOSE_NOTIFICATIONS: ${{ fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_verbose_notifications }}
shell_lint:
needs: [configuration]
secrets:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
strategy:
fail-fast: true
matrix:
hook:
- id: "format-shell"
name: "Shell Formatting"
- id: "lint-shell"
name: "Shell Linting"
max-parallel: ${{ fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_concurrency_limit }}
uses: cicd-tools-org/cicd-tools/.github/workflows/job-80-poetry-precommit_commit_stage_hook.yml@master
with:
CONCURRENCY: ${{ fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_concurrency_limit }}
PRECOMMIT_HOOK_ID: ${{ matrix.hook.id }}
PRECOMMIT_HOOK_NAME: ${{ matrix.hook.name }}
PYTHON_VERSIONS: ${{ toJSON(fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_python_versions) }}
VERBOSE_NOTIFICATIONS: ${{ fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_verbose_notifications }}
toml_lint:
needs: [configuration]
secrets:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
uses: cicd-tools-org/cicd-tools/.github/workflows/job-80-poetry-precommit_commit_stage_hook.yml@master
with:
CONCURRENCY: ${{ fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_concurrency_limit }}
PRECOMMIT_HOOK_ID: "format-toml"
PRECOMMIT_HOOK_NAME: "TOML Formatting"
PYTHON_VERSIONS: ${{ toJSON(fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_python_versions) }}
VERBOSE_NOTIFICATIONS: ${{ fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_verbose_notifications }}
workflow_lint:
needs: [configuration]
secrets:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
strategy:
fail-fast: true
matrix:
hook:
- id: "lint-github-workflow"
name: "Workflow Linting"
- id: "lint-github-workflow-header"
name: "Workflow Header Linting"
max-parallel: ${{ fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_concurrency_limit }}
uses: cicd-tools-org/cicd-tools/.github/workflows/job-80-poetry-precommit_commit_stage_hook.yml@master
with:
CONCURRENCY: ${{ fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_concurrency_limit }}
PRECOMMIT_HOOK_ID: ${{ matrix.hook.id }}
PRECOMMIT_HOOK_NAME: ${{ matrix.hook.name }}
PYTHON_VERSIONS: ${{ toJSON(fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_python_versions) }}
VERBOSE_NOTIFICATIONS: ${{ fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_verbose_notifications }}
yaml_lint:
needs: [configuration]
secrets:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
uses: cicd-tools-org/cicd-tools/.github/workflows/job-80-poetry-precommit_commit_stage_hook.yml@master
with:
CONCURRENCY: ${{ fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_concurrency_limit }}
PRECOMMIT_HOOK_ID: "yamllint"
PRECOMMIT_HOOK_NAME: "YAML Linting"
PYTHON_VERSIONS: ${{ toJSON(fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_python_versions) }}
VERBOSE_NOTIFICATIONS: ${{ fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_verbose_notifications }}
scan_container_aws:
if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/dev'
permissions:
security-events: write
needs: [commit_lint, commit_spell_check, configuration, docker_container_lint, json_schema_lint, markdown_links, markdown_lint, markdown_spelling, pre-commit_hooks, security, shell_lint, start, toml_lint, workflow_lint, yaml_lint]
secrets:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
uses: cicd-tools-org/cicd-tools/.github/workflows/job-10-container-security_scan_container.yml@master
with:
BUILD_ARGS: |
PROVIDER=aws
IMAGE_NAME: "docker.io/niallbyrne/smtp-aws"
REGISTRY: "docker.io"
VERBOSE_NOTIFICATIONS: ${{ fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_verbose_notifications }}
scan_container_cloudflare:
if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/dev'
permissions:
security-events: write
needs: [commit_lint, commit_spell_check, configuration, docker_container_lint, json_schema_lint, markdown_links, markdown_lint, markdown_spelling, pre-commit_hooks, security, shell_lint, start, toml_lint, workflow_lint, yaml_lint]
secrets:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
uses: cicd-tools-org/cicd-tools/.github/workflows/job-10-container-security_scan_container.yml@master
with:
BUILD_ARGS: |
PROVIDER=cloudflare
IMAGE_NAME: "docker.io/niallbyrne/smtp-cloudflare"
REGISTRY: "docker.io"
VERBOSE_NOTIFICATIONS: ${{ fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_verbose_notifications }}
push_container_aws:
if: github.ref == 'refs/heads/master'
needs: [configuration, scan_container_aws]
permissions:
packages: write
secrets:
REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }}
REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
uses: cicd-tools-org/cicd-tools/.github/workflows/job-95-container-push.yml@master
with:
BUILD_ARGS: |
PROVIDER=aws
IMAGE_NAME: "docker.io/niallbyrne/smtp-aws"
IMAGE_LATEST: true
REGISTRY: "docker.io"
VERBOSE_NOTIFICATIONS: true
push_container_cloudflare:
if: github.ref == 'refs/heads/master'
needs: [configuration, scan_container_cloudflare]
permissions:
packages: write
secrets:
REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }}
REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
uses: cicd-tools-org/cicd-tools/.github/workflows/job-95-container-push.yml@master
with:
BUILD_ARGS: |
PROVIDER=cloudflare
IMAGE_NAME: "docker.io/niallbyrne/smtp-cloudflare"
IMAGE_LATEST: true
REGISTRY: "docker.io"
VERBOSE_NOTIFICATIONS: true
create_release:
permissions:
contents: write
needs: [configuration, push_container_aws, push_container_cloudflare]
secrets:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
uses: cicd-tools-org/cicd-tools/.github/workflows/job-99-poetry-create_release.yml@master
with:
JSON_APPENDED_CONTENT: ${{ toJSON(fromJSON(needs.configuration.outputs.JSON_FILE_DATA).ci_extra_release_content) }}
success_master:
if: github.ref == 'refs/heads/master'
needs: [push_container_aws, push_container_cloudflare]
secrets:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
uses: cicd-tools-org/cicd-tools/.github/workflows/job-00-generic-notification.yml@master
with:
NOTIFICATION_EMOJI: ":checkered_flag:"
NOTIFICATION_MESSAGE: "Workflow has completed successfully!"
success_dev:
if: github.ref == 'refs/heads/dev'
needs: [scan_container_aws, scan_container_cloudflare]
secrets:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
uses: cicd-tools-org/cicd-tools/.github/workflows/job-00-generic-notification.yml@master
with:
NOTIFICATION_EMOJI: ":checkered_flag:"
NOTIFICATION_MESSAGE: "Workflow has completed successfully!"
success_other:
if: github.ref != 'refs/heads/master' && github.ref != 'refs/heads/dev'
needs: [commit_lint, commit_spell_check, configuration, docker_container_lint, json_schema_lint, markdown_links, markdown_lint, markdown_spelling, pre-commit_hooks, security, shell_lint, start, toml_lint, workflow_lint, yaml_lint]
secrets:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
uses: cicd-tools-org/cicd-tools/.github/workflows/job-00-generic-notification.yml@master
with:
NOTIFICATION_EMOJI: ":checkered_flag:"
NOTIFICATION_MESSAGE: "Workflow has completed successfully!"