Skip to content

[Snyk] Security upgrade jinja2 from 2.11.3 to 3.1.5 #2555

[Snyk] Security upgrade jinja2 from 2.11.3 to 3.1.5

[Snyk] Security upgrade jinja2 from 2.11.3 to 3.1.5 #2555

name: build-commits
# Any change in triggers needs to be reflected in the concurrency group.
on: [pull_request]
permissions: read-all
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
cancel-in-progress: true
jobs:
build_commits:
name: Check if build works for every commit
runs-on: ubuntu-latest
timeout-minutes: 60
steps:
- name: Configure git
run: |
git config --global user.name "GitHub Actions"
git config --global user.email "github-actions@users.noreply.github.com"
- name: Install Go
uses: actions/setup-go@f6164bd8c8acb4a71fb2791a8b6c4024ff038dab
with:
go-version: 1.17.7
- name: Cache LLVM and Clang
id: cache-llvm
uses: actions/cache@937d24475381cd9c75ae6db12cb4e79714b926ed
with:
path: $HOME/.clang
key: llvm-10.0
- name: Install LLVM and Clang
uses: KyleMayes/install-llvm-action@60cc93ee15c6225007baa18ccf433d9d7f67d8a4
with:
version: "10.0"
directory: $HOME/.clang
cached: ${{ steps.cache-llvm.outputs.cache-hit }}
- name: Install ginkgo
run: |
go get github.com/onsi/ginkgo/ginkgo@v1.12.1
- name: Checkout code
uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846
with:
persist-credentials: false
ref: ${{ github.event.pull_request.head.sha }}
fetch-depth: 0
- name: Check if build works for every commit
run: |
PR_COMMITS_API_JSON=$(curl \
-H "Accept: application/vnd.github.v3+json" \
-H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
${{ github.event.pull_request.commits_url }})
PR_FIRST_SHA=$(echo "$PR_COMMITS_API_JSON" | jq -r ".[0].sha")
PR_PARENT_SHA=$(git rev-parse "${PR_FIRST_SHA}^")
git rebase --exec "make build -j $(nproc)" $PR_PARENT_SHA
- name: Check bpf code changes
uses: dorny/paths-filter@b2feaf19c27470162a626bd6fa8438ae5b263721
id: bpf-tree
with:
filters: |
src:
- 'bpf/**'
# Runs only if code under bpf/ is changed.
- name: Check if datapath build works for every commit
if: steps.bpf-tree.outputs.src == 'true'
run: |
PR_COMMITS_API_JSON=$(curl \
-H "Accept: application/vnd.github.v3+json" \
-H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
${{ github.event.pull_request.commits_url }})
PR_FIRST_SHA=$(echo "$PR_COMMITS_API_JSON" | jq -r ".[0].sha")
PR_PARENT_SHA=$(git rev-parse "${PR_FIRST_SHA}^")
git rebase --exec "make -C bpf build_all -j $(nproc)" $PR_PARENT_SHA
- name: Check test code changes
uses: dorny/paths-filter@78ab00f87740f82aec8ed8826eb4c3c851044126
id: test-tree
with:
filters: |
src:
- 'test/**'
# Runs only if code under test/ is changed.
- name: Check if ginkgo test suite build works for every commit
if: steps.test-tree.outputs.src == 'true'
run: |
PR_COMMITS_API_JSON=$(curl \
-H "Accept: application/vnd.github.v3+json" \
-H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
${{ github.event.pull_request.commits_url }})
PR_FIRST_SHA=$(echo "$PR_COMMITS_API_JSON" | jq -r ".[0].sha")
PR_PARENT_SHA=$(git rev-parse "${PR_FIRST_SHA}^")
git rebase --exec "make -C test build -j $(nproc)" $PR_PARENT_SHA
- name: Failed commit during the build
if: ${{ failure() }}
run: git --no-pager log --format=%B -n 1
- name: Send slack notification
if: ${{ !success() && (github.event_name == 'schedule' || github.event_name == 'push') }}
uses: 8398a7/action-slack@a74b761b4089b5d730d813fbedcd2ec5d394f3af
with:
status: ${{ job.status }}
fields: repo,message,commit,author,action,eventName,ref,workflow,job,took # selectable (default: repo,message)
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}