Fix security vulnerabilities in Python and Node.js dependencies for non-deprecated components #95
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: SVG Depth Map Handler | |
| on: | |
| push: | |
| branches: [ main ] | |
| tags: [ "handler-svg-depth-map-[0-9]+.[0-9]+.[0-9]+" ] | |
| paths: [ "handlers/svg-depth-map/**" ] | |
| pull_request: | |
| branches: [ main ] | |
| paths: [ "handlers/svg-depth-map/**" ] | |
| workflow_run: | |
| workflows: [ "Schemas (Trigger)" ] | |
| types: | |
| - completed | |
| workflow_dispatch: | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: shared-reality-lab/image-handler-svg-depth-map | |
| jobs: | |
| lint: | |
| name: PEP 8 style check. | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.x' | |
| - name: Install flake8 | |
| run: pip install flake8 | |
| - name: Check with flake8 | |
| run: python -m flake8 ./handlers/svg-depth-map --show-source | |
| build-and-push-image: | |
| name: Build and Push to Registry | |
| needs: lint | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v3 | |
| with: | |
| submodules: true | |
| - name: Log into GHCR | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Get Correct Tags | |
| run: | | |
| if [[ ${{ github.ref }} =~ ^refs/tags/handler-svg-depth-map-[0-9]+\.[0-9]+\.[0-9]+$ ]]; then | |
| echo "TAGGED=true" >> $GITHUB_ENV | |
| else | |
| echo "TAGGED=false" >> $GITHUB_ENV | |
| fi | |
| - name: Get timestamp | |
| run: echo "timestamp=$(date -u +'%Y-%m-%dT%H.%M')" >> $GITHUB_ENV | |
| - name: Extract metadata | |
| id: meta | |
| uses: docker/metadata-action@v4 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| flavor: | | |
| latest=${{ env.TAGGED }} | |
| tags: | | |
| type=match,enable=${{ env.TAGGED }},priority=300,pattern=handler-svg-depth-map-(\d+.\d+.\d+),group=1 | |
| type=raw,priority=200,value=unstable | |
| type=raw,priority=100,value=${{ env.timestamp }} | |
| labels: | | |
| org.opencontainers.image.title=IMAGE Handler Depth Map SVG | |
| org.opencontainers.image.description=Handler to create SVG renderings from depth map generated from the scene for debug purposes. | |
| org.opencontainers.image.authors=IMAGE Project <image@cim.mcgill.ca> | |
| org.opencontainers.image.licenses=AGPL-3.0-or-later | |
| maintainer=IMAGE Project <image@cim.mcgill.ca> | |
| - name: Build and push | |
| uses: docker/build-push-action@v3 | |
| with: | |
| context: . | |
| file: ./handlers/svg-depth-map/Dockerfile | |
| push: ${{ github.event_name != 'pull_request' }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} |