[Snyk] Security upgrade jinja2 from 2.11.3 to 3.1.5 #2555
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: build-commits | |
# Any change in triggers needs to be reflected in the concurrency group. | |
on: [pull_request] | |
permissions: read-all | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event.pull_request.number }} | |
cancel-in-progress: true | |
jobs: | |
build_commits: | |
name: Check if build works for every commit | |
runs-on: ubuntu-latest | |
timeout-minutes: 60 | |
steps: | |
- name: Configure git | |
run: | | |
git config --global user.name "GitHub Actions" | |
git config --global user.email "github-actions@users.noreply.github.com" | |
- name: Install Go | |
uses: actions/setup-go@f6164bd8c8acb4a71fb2791a8b6c4024ff038dab | |
with: | |
go-version: 1.17.7 | |
- name: Cache LLVM and Clang | |
id: cache-llvm | |
uses: actions/cache@937d24475381cd9c75ae6db12cb4e79714b926ed | |
with: | |
path: $HOME/.clang | |
key: llvm-10.0 | |
- name: Install LLVM and Clang | |
uses: KyleMayes/install-llvm-action@60cc93ee15c6225007baa18ccf433d9d7f67d8a4 | |
with: | |
version: "10.0" | |
directory: $HOME/.clang | |
cached: ${{ steps.cache-llvm.outputs.cache-hit }} | |
- name: Install ginkgo | |
run: | | |
go get github.com/onsi/ginkgo/ginkgo@v1.12.1 | |
- name: Checkout code | |
uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 | |
with: | |
persist-credentials: false | |
ref: ${{ github.event.pull_request.head.sha }} | |
fetch-depth: 0 | |
- name: Check if build works for every commit | |
run: | | |
PR_COMMITS_API_JSON=$(curl \ | |
-H "Accept: application/vnd.github.v3+json" \ | |
-H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \ | |
${{ github.event.pull_request.commits_url }}) | |
PR_FIRST_SHA=$(echo "$PR_COMMITS_API_JSON" | jq -r ".[0].sha") | |
PR_PARENT_SHA=$(git rev-parse "${PR_FIRST_SHA}^") | |
git rebase --exec "make build -j $(nproc)" $PR_PARENT_SHA | |
- name: Check bpf code changes | |
uses: dorny/paths-filter@b2feaf19c27470162a626bd6fa8438ae5b263721 | |
id: bpf-tree | |
with: | |
filters: | | |
src: | |
- 'bpf/**' | |
# Runs only if code under bpf/ is changed. | |
- name: Check if datapath build works for every commit | |
if: steps.bpf-tree.outputs.src == 'true' | |
run: | | |
PR_COMMITS_API_JSON=$(curl \ | |
-H "Accept: application/vnd.github.v3+json" \ | |
-H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \ | |
${{ github.event.pull_request.commits_url }}) | |
PR_FIRST_SHA=$(echo "$PR_COMMITS_API_JSON" | jq -r ".[0].sha") | |
PR_PARENT_SHA=$(git rev-parse "${PR_FIRST_SHA}^") | |
git rebase --exec "make -C bpf build_all -j $(nproc)" $PR_PARENT_SHA | |
- name: Check test code changes | |
uses: dorny/paths-filter@78ab00f87740f82aec8ed8826eb4c3c851044126 | |
id: test-tree | |
with: | |
filters: | | |
src: | |
- 'test/**' | |
# Runs only if code under test/ is changed. | |
- name: Check if ginkgo test suite build works for every commit | |
if: steps.test-tree.outputs.src == 'true' | |
run: | | |
PR_COMMITS_API_JSON=$(curl \ | |
-H "Accept: application/vnd.github.v3+json" \ | |
-H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \ | |
${{ github.event.pull_request.commits_url }}) | |
PR_FIRST_SHA=$(echo "$PR_COMMITS_API_JSON" | jq -r ".[0].sha") | |
PR_PARENT_SHA=$(git rev-parse "${PR_FIRST_SHA}^") | |
git rebase --exec "make -C test build -j $(nproc)" $PR_PARENT_SHA | |
- name: Failed commit during the build | |
if: ${{ failure() }} | |
run: git --no-pager log --format=%B -n 1 | |
- name: Send slack notification | |
if: ${{ !success() && (github.event_name == 'schedule' || github.event_name == 'push') }} | |
uses: 8398a7/action-slack@a74b761b4089b5d730d813fbedcd2ec5d394f3af | |
with: | |
status: ${{ job.status }} | |
fields: repo,message,commit,author,action,eventName,ref,workflow,job,took # selectable (default: repo,message) | |
env: | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} |