[Snyk] Security upgrade jinja2 from 2.11.3 to 3.1.4 #2544
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: BPF checks | |
| # Any change in triggers needs to be reflected in the concurrency group. | |
| on: | |
| pull_request: {} | |
| push: | |
| branches: | |
| - master | |
| - ft/master/** | |
| permissions: read-all | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.event.after }} | |
| cancel-in-progress: true | |
| jobs: | |
| check_changes: | |
| name: Deduce required tests from code changes | |
| runs-on: ubuntu-latest | |
| outputs: | |
| bpf-tree: ${{ steps.changes.outputs.bpf-tree }} | |
| coccinelle: ${{ steps.changes.outputs.coccinelle }} | |
| steps: | |
| - name: Checkout code | |
| if: ${{ !github.event.pull_request }} | |
| uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 | |
| with: | |
| persist-credentials: false | |
| - name: Check code changes | |
| uses: dorny/paths-filter@b2feaf19c27470162a626bd6fa8438ae5b263721 | |
| id: changes | |
| with: | |
| filters: | | |
| bpf-tree: | |
| - 'bpf/**' | |
| coccinelle: | |
| - 'contrib/coccinelle/**' | |
| checkpatch: | |
| name: checkpatch | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 | |
| with: | |
| persist-credentials: false | |
| fetch-depth: 0 | |
| - name: Run checkpatch.pl | |
| uses: docker://quay.io/cilium/cilium-checkpatch:2f0f4f512e795d5668ea4e7ef0ba85abc75eb225@sha256:f307bf0315954e8b8c31edc1864d949bf211b0c6522346359317d757b5a6cea0 | |
| - name: Send slack notification | |
| if: ${{ !success() && (github.event_name == 'schedule' || github.event_name == 'push') }} | |
| uses: 8398a7/action-slack@a74b761b4089b5d730d813fbedcd2ec5d394f3af | |
| with: | |
| status: ${{ job.status }} | |
| fields: repo,message,commit,author,action,eventName,ref,workflow,job,took # selectable (default: repo,message) | |
| env: | |
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
| # Runs only if code under bpf/ or contrib/coccinnelle/ is changed. | |
| coccicheck: | |
| needs: check_changes | |
| if: ${{ needs.check_changes.outputs.bpf-tree == 'true' || needs.check_changes.outputs.coccinelle == 'true' }} | |
| name: coccicheck | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 | |
| with: | |
| persist-credentials: false | |
| - uses: docker://cilium/coccicheck:2.0@sha256:6f0369994c426d0bc013fc443cc6a48a0734fb35467955d10f3fc9f7cbd9c7fe | |
| with: | |
| entrypoint: ./contrib/coccinelle/check-cocci.sh | |
| - name: Send slack notification | |
| if: ${{ !success() && (github.event_name == 'schedule' || github.event_name == 'push') }} | |
| uses: 8398a7/action-slack@a74b761b4089b5d730d813fbedcd2ec5d394f3af | |
| with: | |
| status: ${{ job.status }} | |
| fields: repo,message,commit,author,action,eventName,ref,workflow,job,took # selectable (default: repo,message) | |
| env: | |
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
| # Runs only if code under bpf/ is changed. | |
| build_all: | |
| needs: check_changes | |
| if: ${{ needs.check_changes.outputs.bpf-tree == 'true' }} | |
| name: build datapath | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Install Go | |
| uses: actions/setup-go@f6164bd8c8acb4a71fb2791a8b6c4024ff038dab | |
| with: | |
| go-version: 1.17.7 | |
| - name: Cache LLVM and Clang | |
| id: cache-llvm | |
| uses: actions/cache@937d24475381cd9c75ae6db12cb4e79714b926ed | |
| with: | |
| path: $HOME/.clang | |
| key: llvm-10.0 | |
| - name: Install LLVM and Clang | |
| uses: KyleMayes/install-llvm-action@60cc93ee15c6225007baa18ccf433d9d7f67d8a4 | |
| with: | |
| version: "10.0" | |
| directory: $HOME/.clang | |
| cached: ${{ steps.cache-llvm.outputs.cache-hit }} | |
| - name: Checkout code | |
| uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 | |
| with: | |
| persist-credentials: false | |
| fetch-depth: 0 | |
| - name: Build all BPF datapath permutations | |
| env: | |
| V: 0 | |
| run: | | |
| make --quiet -C bpf build_all || (echo "Run 'make -C bpf build_all' locally to investigate build breakages"; exit 1) | |
| - name: Run BPF_PROG_TEST_RUN tests | |
| run: | | |
| make -C bpf go_prog_test || (echo "Run 'make -C bpf go_prog_test' locally to investigate failures"; exit 1) | |
| - name: Send slack notification | |
| if: ${{ !success() && (github.event_name == 'schedule' || github.event_name == 'push') }} | |
| uses: 8398a7/action-slack@a74b761b4089b5d730d813fbedcd2ec5d394f3af | |
| with: | |
| status: ${{ job.status }} | |
| fields: repo,message,commit,author,action,eventName,ref,workflow,job,took # selectable (default: repo,message) | |
| env: | |
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} |