Use c2cciutils - Publish to GitHub Container Registry

.dependabot/config.yml

@@ -33,6 +33,12 @@ update_configs:
     automerged_updates:
       - match:
           update_type: all
+  - package_manager: python
+    directory: /ci
+    update_schedule: live
+    automerged_updates:
+      - match:
+          update_type: all
   - package_manager: python
     directory: /docker/qgisserver/python/3.6
     update_schedule: live

.github/workflows/audit.yaml

@@ -7,7 +7,7 @@ on:
 
 jobs:
   main:
-    runs-on: ubuntu-18.04
+    runs-on: ubuntu-20.04
     name: Audit
     timeout-minutes: 10
 
@@ -17,61 +17,23 @@ jobs:
         branch:
           - '2.4'
           - '2.5'
+          - master
 
     steps:
-      - uses: actions/checkout@v1
+      - uses: actions/checkout@v2
         with:
           ref: ${{ matrix.branch }}
-      - uses: actions/setup-python@v2
-        with:
-          python-version: 3.8
 
-      - run: sudo python3 -m pip install safety
       - run: |
-          for file in $(find -name requirements.txt)
-          do
-            echo Audit ${file}
-            (
-              cd $(dirname ${file}) &&
-              safety check --full-report --file=requirements.txt\
-                --ignore=$(cat pip-cve-ignore 2> /dev/null | sed -e 's/,/ --ignore=/g' || true) \
-
-            )
-          done
+          sudo rm /etc/apt/sources.list.d/*.list
+          sudo apt update
+          sudo apt install --yes python3-wheel
 
       - uses: asdf-vm/actions/install@v1
         with:
           tool_versions: python 3.8.0
-        if: always()
-      - run: sudo python3 -m pip install pipenv
-        if: always()
-      - run: |
-          asdf install python 3.5.8
-          asdf install python 3.7.8
-          for file in $(find -name Pipfile)
-          do
-            echo Audit ${file}
-            (
-              cd $(dirname ${file}) &&
-              pipenv check --ignore=$(cat pipenv-cve-ignore 2> /dev/null || echo 0)
-            )
-          done
-        if: always()
 
-      - run: |
-          sudo npm install -g better-npm-audit npm
-          for file in $(find -name package.json)
-          do
-            echo Audit ${file}
-            cd $(dirname ${file})
-            npm install --package-lock
-            node /usr/local/lib/node_modules/better-npm-audit audit \
-              --ignore=$(cat npm-cve-ignore 2> /dev/null || true) || (
-              npm audit || true
-              npm audit fix --force
-              git diff
-              git diff-index --quiet HEAD
-            )
-            cd -
-          done
-        if: always()
+      - run: sudo python3 -m pip install --requirement=ci/requirements.txt
+
+      - name: Audit
+        run: c2cciutils-audit

.github/workflows/clean.yaml

@@ -0,0 +1,28 @@
+---
+name: Clean docker hub tags
+
+on: delete
+
+jobs:
+  clean:
+    runs-on: ubuntu-20.04
+    name: Clean docker hub tags
+    timeout-minutes: 5
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - uses: camptocamp/initialise-gopass-summon-action@v2
+        with:
+          ci-gpg-private-key: ${{secrets.CI_GPG_PRIVATE_KEY}}
+          github-gopass-ci-token: ${{secrets.GOPASS_CI_GITHUB_TOKEN}}
+          patterns: docker
+
+      - run: |
+          sudo rm /etc/apt/sources.list.d/*.list
+          sudo apt update
+          sudo apt install --yes python3-wheel
+      - run: sudo python3 -m pip install --requirement=ci/requirements.txt
+
+      - name: Clean docker hub tags
+        run: c2cciutils-clean

.github/workflows/codeql.yaml

@@ -9,6 +9,7 @@ jobs:
   CodeQL-Build:
     runs-on: ubuntu-20.04
     name: Code scanning
+    timeout-minutes: 20
 
     steps:
       - name: Checkout repository

.github/workflows/ci.yaml → .github/workflows/main.yaml

@@ -15,41 +15,31 @@ jobs:
       MAIN_BRANCH: master
       MAJOR_VERSION: 2.6
       CI: true
-      PATH: /bin:/usr/bin:/usr/local/bin:/home/runner/.local/bin
-      SUMMON_PROVIDER: /usr/local/bin/gopass
 
     steps:
       - run: df -h
       - run: docker system prune --all --force
 
-      # Versions
-      - run: docker --version
-      - run: docker-compose --version
-      - run: git --version
-      - run: python3 --version
-      - run: python3 -m pip --version
+      - uses: actions/checkout@v2
+
       - run: |
           sudo rm /etc/apt/sources.list.d/*.list
           sudo apt-get update
-          sudo apt-get install python3-wheel python3-setuptools
+          sudo apt-get install python3-wheel
+
+      - run: sudo python3 -m pip install --requirement=ci/requirements.txt
+
+      - name: Checks
+        run: c2cciutils-checks
 
-      - uses: actions/checkout@v1
       - run: scripts/get-version --auto-increment
         if: github.repository == 'camptocamp/c2cgeoportal'
 
       - run: python3 -m pip install --user --requirement=requirements.txt
 
       # Global simple lint
-      - run: make gitattributes
-        if: always()
-      - run: make eol
-        if: always()
-      - run: make codespell
-        if: always()
       - run: make yamllint
         if: always()
-      - run: make black
-        if: always()
 
       # Build images
       - run: make build-runner
@@ -73,38 +63,38 @@ jobs:
         if: failure()
       # Similar to: make tests-commons
       - run: >
-            ci/run-dc-logs docker-compose exec -T tests coverage run
-            --source=/opt/c2cgeoportal/commons/c2cgeoportal_commons
-            --module pytest --verbose --color=yes --junitxml=/tmp/commons.xml
-            /opt/c2cgeoportal/commons/tests
+          ci/run-dc-logs docker-compose exec -T tests coverage run
+          --source=/opt/c2cgeoportal/commons/c2cgeoportal_commons
+          --module pytest --verbose --color=yes --junitxml=/tmp/commons.xml
+          /opt/c2cgeoportal/commons/tests
       # Similar to: make tests-geoportal
       - run: >
-            ci/run-dc-logs docker-compose exec -T tests coverage run --append
-            --source=/opt/c2cgeoportal/geoportal/c2cgeoportal_geoportal
-            --module pytest --verbose --color=yes --junitxml=/tmp/geoportal.xml
-            /opt/c2cgeoportal/geoportal/tests
+          ci/run-dc-logs docker-compose exec -T tests coverage run --append
+          --source=/opt/c2cgeoportal/geoportal/c2cgeoportal_geoportal
+          --module pytest --verbose --color=yes --junitxml=/tmp/geoportal.xml
+          /opt/c2cgeoportal/geoportal/tests
       # Similar to: make tests-admin
       - run: >
-            ci/run-dc-logs docker-compose exec -T tests coverage run --append
-            --source=/opt/c2cgeoportal/admin/c2cgeoportal_admin
-            --module pytest --verbose --color=yes --junitxml=/tmp/admin.xml
-            /opt/c2cgeoportal/admin/tests
+          ci/run-dc-logs docker-compose exec -T tests coverage run --append
+          --source=/opt/c2cgeoportal/admin/c2cgeoportal_admin
+          --module pytest --verbose --color=yes --junitxml=/tmp/admin.xml
+          /opt/c2cgeoportal/admin/tests
       # Similar to: make tests-qgisserver
       - run: >
-            ci/run-dc-logs docker-compose exec -T qgisserver-tests coverage run
-            --source=/var/www/plugins/geomapfish_qgisserver
-            --module pytest --verbose --color=yes --junitxml=/tmp/qgis.xml
-            /src/tests/functional
+          ci/run-dc-logs docker-compose exec -T qgisserver-tests coverage run
+          --source=/var/www/plugins/geomapfish_qgisserver
+          --module pytest --verbose --color=yes --junitxml=/tmp/qgis.xml
+          /src/tests/functional
       - name: Extract tests artifacts
         run: |
-              docker-compose exec -T tests coverage report
-              docker-compose exec -T tests coverage html --directory=/tmp/coverage
-              docker-compose exec -T qgisserver-tests coverage report
-              docker-compose exec -T qgisserver-tests coverage html --directory=/tmp/coverage
-              mkdir --parent artifacts/geoportal-coverage
-              mkdir --parent artifacts/qgisserver-plugin-coverage
-              docker cp c2cgeoportal_tests_1:/tmp/coverage/ artifacts/geoportal-coverage/
-              docker cp c2cgeoportal_qgisserver-tests_1:/tmp/coverage/ artifacts/qgisserver-plugin-coverage/
+          docker-compose exec -T tests coverage report
+          docker-compose exec -T tests coverage html --directory=/tmp/coverage
+          docker-compose exec -T qgisserver-tests coverage report
+          docker-compose exec -T qgisserver-tests coverage html --directory=/tmp/coverage
+          mkdir --parent artifacts/geoportal-coverage
+          mkdir --parent artifacts/qgisserver-plugin-coverage
+          docker cp c2cgeoportal_tests_1:/tmp/coverage/ artifacts/geoportal-coverage/
+          docker cp c2cgeoportal_qgisserver-tests_1:/tmp/coverage/ artifacts/qgisserver-plugin-coverage/
         if: always()
       - run: docker-compose down
 
@@ -119,10 +109,10 @@ jobs:
 
       # Documentation
       - run: >
-            docker build --tag=camptocamp/geomapfish-doc
-            --build-arg=MAJOR_VERSION=${MAJOR_VERSION}
-            --build-arg=MAIN_BRANCH=${MAIN_BRANCH}
-            doc
+          docker build --tag=camptocamp/geomapfish-doc
+          --build-arg=MAJOR_VERSION=${MAJOR_VERSION}
+          --build-arg=MAIN_BRANCH=${MAIN_BRANCH}
+          doc
 
       - name: Extract documentation
         run: ci/extract-documentation artifacts/documentations/
@@ -154,13 +144,6 @@ jobs:
       - run: ci/test-upgrade 25 ${HOME}/workspace
       - run: ci/test-upgrade cleanup ${HOME}/workspace
 
-      - name: Init Git
-        run: |
-            git remote set-url origin https://${GITHUB_ACTOR}:${{ secrets.GITHUB_TOKEN }}@${REPO_URL}
-            git config user.email "<ci@camptocamp.com>"
-            git config user.name "Continuous integration"
-        env:
-          REPO_URL: github.com/camptocamp/c2cgeoportal
       - run: make build-tools
       - run: make build-runner
       - run: make build-config
@@ -171,17 +154,8 @@ jobs:
           github-gopass-ci-token: ${{secrets.GOPASS_CI_GITHUB_TOKEN}}
         if: github.repository == 'camptocamp/c2cgeoportal'
 
-      - name: Publish to Docker hub and Pypi
-        run: |
-          summon --yaml '
-            DOCKER_USERNAME: !var gs/ci/dockerhub/username
-            DOCKER_PASSWORD: !var gs/ci/dockerhub/password
-            PYPI_USERNAME: !var gs/ci/pypi/username
-            PYPI_PASSWORD: !var gs/ci/pypi/password
-          ' ci/publish --geoportal
-        env:
-          GITHUB_TOKEN: ${{ secrets.GOPASS_CI_GITHUB_TOKEN }}
-        if: github.repository == 'camptocamp/c2cgeoportal'
+      - name: Publish
+        run: c2cciutils-publish
 
       - name: Notify demo
         run: >

.github/workflows/qgis.yaml

@@ -26,11 +26,23 @@ jobs:
       MAIN_BRANCH: master
       MAJOR_VERSION: 2.6
       CI: true
-      PATH: /bin:/usr/bin:/usr/local/bin:/home/runner/.local/bin
-      SUMMON_PROVIDER: /usr/local/bin/gopass
 
     steps:
-      - uses: actions/checkout@v1
+      - uses: actions/checkout@v2
+
+      - uses: camptocamp/initialise-gopass-summon-action@v2
+        with:
+          ci-gpg-private-key: ${{secrets.CI_GPG_PRIVATE_KEY}}
+          github-gopass-ci-token: ${{secrets.GOPASS_CI_GITHUB_TOKEN}}
+          patterns: docker
+        if: github.repository == 'camptocamp/c2cgeoportal'
+
+      - run: |
+          sudo rm /etc/apt/sources.list.d/*.list
+          sudo apt update
+          sudo apt install --yes python3-wheel
+
+      - run: sudo python3 -m pip install --requirement=ci/requirements.txt
 
       - run: docker pull camptocamp/geomapfish:${{ env.MAJOR_VERSION }}
       - run: docker tag camptocamp/geomapfish:${{ env.MAJOR_VERSION }} camptocamp/geomapfish
@@ -62,9 +74,5 @@ jobs:
         if: github.repository == 'camptocamp/c2cgeoportal'
 
       - name: Publish
-        run: |
-          summon --yaml '
-            DOCKER_USERNAME: !var gs/ci/dockerhub/username
-            DOCKER_PASSWORD: !var gs/ci/dockerhub/password
-          ' ci/publish --qgisserver ${{ matrix.version }}
+        run: c2cciutils-publish --group=qgis-${{ matrix.version }}
         if: github.repository == 'camptocamp/c2cgeoportal'

.github/workflows/rebase.yaml

@@ -11,6 +11,8 @@ jobs:
   auto-rebase:
     name: Automatic Rebase
     runs-on: ubuntu-20.04
+    timeout-minutes: 5
+
     steps:
       - uses: camptocamp/AutoRebase@master
         with: