chore(deps): update dependency django-celery-beat to v2.8.0 #2
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Docker container CI | ||
| on: | ||
| workflow_call: | ||
| inputs: | ||
| variant: | ||
| required: true | ||
| type: string | ||
| secrets: | ||
| DOCKERHUB_ACCESS_TOKEN: | ||
| description: Docker Hub access token | ||
| DOCKERHUB_USERNAME: | ||
| description: Docker Hub username | ||
| GITHUB_TOKEN: | ||
| description: GitHub token | ||
| permissions: | ||
| contents: read | ||
| jobs: | ||
| revisions: | ||
| runs-on: ubuntu-24.04 | ||
| outputs: | ||
| weblate_sha: ${{ steps.get_sha.outputs.sha }} | ||
| weblate_date: ${{ steps.get_date.outputs.date }} | ||
| steps: | ||
| - id: get_sha | ||
| run: echo "sha=$(git ls-remote --quiet https://github.com/WeblateOrg/weblate.git HEAD | awk '{print $1}')" >> "$GITHUB_OUTPUT" | ||
| - id: get_date | ||
| run: echo "date=$(date --iso-8601=ns)" >> "$GITHUB_OUTPUT" | ||
| build: | ||
| needs: | ||
| - revisions | ||
| uses: ./.github/workflows/container-build.yml | ||
| with: | ||
| variant: ${{ inputs.variant }} | ||
| architecture: amd64 | ||
| weblate_sha: ${{needs.revisions.outputs.weblate_sha}} | ||
| weblate_date: ${{needs.revisions.outputs.weblate_date}} | ||
| buildx: | ||
| needs: | ||
| - revisions | ||
| uses: ./.github/workflows/container-build.yml | ||
| with: | ||
| variant: ${{ inputs.variant }} | ||
| architecture: arm64 | ||
| weblate_sha: ${{needs.revisions.outputs.weblate_sha}} | ||
| weblate_date: ${{needs.revisions.outputs.weblate_date}} | ||
| test-basic: | ||
| needs: | ||
| - revisions | ||
| - build | ||
| uses: ./.github/workflows/container-test.yml | ||
| with: | ||
| variant: ${{ inputs.variant }} | ||
| test: basic | ||
| weblate_sha: ${{needs.revisions.outputs.weblate_sha}} | ||
| weblate_date: ${{needs.revisions.outputs.weblate_date}} | ||
| test-novolume: | ||
| needs: | ||
| - revisions | ||
| - build | ||
| uses: ./.github/workflows/container-test.yml | ||
| with: | ||
| variant: ${{ inputs.variant }} | ||
| test: read-write | ||
| weblate_sha: ${{needs.revisions.outputs.weblate_sha}} | ||
| weblate_date: ${{needs.revisions.outputs.weblate_date}} | ||
| test-localtime: | ||
| needs: | ||
| - revisions | ||
| - build | ||
| uses: ./.github/workflows/container-test.yml | ||
| with: | ||
| variant: ${{ inputs.variant }} | ||
| test: localtime | ||
| weblate_sha: ${{needs.revisions.outputs.weblate_sha}} | ||
| weblate_date: ${{needs.revisions.outputs.weblate_date}} | ||
| test-saml: | ||
| needs: | ||
| - revisions | ||
| - build | ||
| uses: ./.github/workflows/container-test.yml | ||
| with: | ||
| variant: ${{ inputs.variant }} | ||
| test: saml | ||
| weblate_sha: ${{needs.revisions.outputs.weblate_sha}} | ||
| weblate_date: ${{needs.revisions.outputs.weblate_date}} | ||
| test-split: | ||
| needs: | ||
| - revisions | ||
| - build | ||
| uses: ./.github/workflows/container-test.yml | ||
| with: | ||
| variant: ${{ inputs.variant }} | ||
| test: split | ||
| weblate_sha: ${{needs.revisions.outputs.weblate_sha}} | ||
| weblate_date: ${{needs.revisions.outputs.weblate_date}} | ||
| test-single-celery: | ||
| needs: | ||
| - revisions | ||
| - build | ||
| uses: ./.github/workflows/container-test.yml | ||
| with: | ||
| variant: ${{ inputs.variant }} | ||
| test: celery-single | ||
| weblate_sha: ${{needs.revisions.outputs.weblate_sha}} | ||
| weblate_date: ${{needs.revisions.outputs.weblate_date}} | ||
| test-ssl: | ||
| needs: | ||
| - revisions | ||
| - build | ||
| uses: ./.github/workflows/container-test.yml | ||
| with: | ||
| variant: ${{ inputs.variant }} | ||
| test: basic | ||
| port: 4443 | ||
| protocol: https | ||
| weblate_sha: ${{needs.revisions.outputs.weblate_sha}} | ||
| weblate_date: ${{needs.revisions.outputs.weblate_date}} | ||
| anchore: | ||
| runs-on: ubuntu-24.04 | ||
| name: Anchore Container Scan | ||
| needs: | ||
| - revisions | ||
| - build | ||
| permissions: | ||
| security-events: write | ||
| env: | ||
| MATRIX_ARCHITECTURE: linux/amd64 | ||
| steps: | ||
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | ||
| with: | ||
| persist-credentials: false | ||
| - name: Expose GitHub Runtime | ||
| uses: crazy-max/ghaction-github-runtime@3cb05d89e1f492524af3d41a1c98c83bc3025124 # v3.1.0 | ||
| - name: Set up Docker Buildx | ||
| uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 | ||
| with: | ||
| # renovate: datasource=github-releases depName=docker/buildx | ||
| version: v0.23.0 | ||
| - uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1 | ||
| with: | ||
| name: Docker cache amd64 | ||
| path: /tmp/.buildx-cache/linux/amd64 | ||
| - name: Adjust bleeding edge image | ||
| if: inputs.variant == 'bleeding' | ||
| run: .github/bin/bleeding "$WEBLATE_SHA" "$WEBLATE_DATE" | ||
| env: | ||
| WEBLATE_SHA: ${{ needs.revisions.outputs.weblate_sha }} | ||
| WEBLATE_DATE: ${{ needs.revisions.outputs.weblate_date }} | ||
| - name: Build the Docker image | ||
| run: .github/bin/docker-build load | ||
| - name: List Docker images | ||
| run: docker image ls --all | ||
| - name: Checkout the code | ||
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | ||
| with: | ||
| persist-credentials: false | ||
| - name: Anchore scan action | ||
| uses: anchore/scan-action@7c05671ae9be166aeb155bad2d7df9121823df32 # v6.1.0 | ||
| id: scan | ||
| with: | ||
| image: weblate/weblate:test | ||
| fail-build: false | ||
| - name: Upload Anchore Scan Report | ||
| uses: github/codeql-action/upload-sarif@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15 | ||
| with: | ||
| sarif_file: ${{ steps.scan.outputs.sarif }} | ||
| trivy: | ||
| runs-on: ubuntu-24.04 | ||
| name: Trivy Container Scan | ||
| needs: | ||
| - revisions | ||
| - build | ||
| permissions: | ||
| security-events: write | ||
| env: | ||
| MATRIX_ARCHITECTURE: linux/amd64 | ||
| steps: | ||
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | ||
| with: | ||
| persist-credentials: false | ||
| - name: Expose GitHub Runtime | ||
| uses: crazy-max/ghaction-github-runtime@3cb05d89e1f492524af3d41a1c98c83bc3025124 # v3.1.0 | ||
| - name: Set up Docker Buildx | ||
| uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 | ||
| with: | ||
| # renovate: datasource=github-releases depName=docker/buildx | ||
| version: v0.23.0 | ||
| - uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1 | ||
| with: | ||
| name: Docker cache amd64 | ||
| path: /tmp/.buildx-cache/linux/amd64 | ||
| - name: Adjust bleeding edge image | ||
| if: inputs.variant == 'bleeding' | ||
| run: .github/bin/bleeding "$WEBLATE_SHA" "$WEBLATE_DATE" | ||
| env: | ||
| WEBLATE_SHA: ${{ needs.revisions.outputs.weblate_sha }} | ||
| WEBLATE_DATE: ${{ needs.revisions.outputs.weblate_date }} | ||
| - name: Build the Docker image | ||
| run: .github/bin/docker-build load | ||
| - name: List Docker images | ||
| run: docker image ls --all | ||
| - name: Checkout the code | ||
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | ||
| with: | ||
| persist-credentials: false | ||
| - name: Run Trivy vulnerability scanner | ||
| uses: aquasecurity/trivy-action@6c175e9c4083a92bbca2f9724c8a5e33bc2d97a5 # 0.30.0 | ||
| with: | ||
| image-ref: weblate/weblate:test | ||
| format: sarif | ||
| output: trivy-results.sarif | ||
| severity: CRITICAL,HIGH | ||
| - name: Upload Trivy scan results to GitHub Security tab | ||
| uses: github/codeql-action/upload-sarif@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15 | ||
| with: | ||
| sarif_file: trivy-results.sarif | ||
| - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 | ||
| with: | ||
| name: Trivy scan SARIF | ||
| path: trivy-results.sarif | ||
| merge: | ||
| runs-on: ubuntu-24.04 | ||
| name: Merge images, ${{ inputs.variant }} | ||
| needs: | ||
| - build | ||
| - buildx | ||
| - revisions | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | ||
| with: | ||
| persist-credentials: false | ||
| - name: Set up QEMU | ||
| uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 | ||
| with: | ||
| platforms: all | ||
| - name: Expose GitHub Runtime | ||
| uses: crazy-max/ghaction-github-runtime@3cb05d89e1f492524af3d41a1c98c83bc3025124 # v3.1.0 | ||
| - name: Set up Docker Buildx | ||
| uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 | ||
| with: | ||
| # renovate: datasource=github-releases depName=docker/buildx | ||
| version: v0.23.0 | ||
| - uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1 | ||
| with: | ||
| name: Docker cache amd64 | ||
| path: /tmp/.buildx-cache/linux/amd64 | ||
| - uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1 | ||
| with: | ||
| name: Docker cache arm64 | ||
| path: /tmp/.buildx-cache/linux/arm64 | ||
| - name: Adjust bleeding edge image | ||
| if: inputs.variant == 'bleeding' | ||
| run: .github/bin/bleeding "$WEBLATE_SHA" "$WEBLATE_DATE" | ||
| env: | ||
| WEBLATE_SHA: ${{ needs.revisions.outputs.weblate_sha }} | ||
| WEBLATE_DATE: ${{ needs.revisions.outputs.weblate_date }} | ||
| - name: Configure Docker build | ||
| run: .github/bin/get-buildx-args | ||
| - name: Merge the Docker images | ||
| run: .github/bin/docker-build | ||
| tests-all: | ||
| runs-on: ubuntu-24.04 | ||
| name: Tests, ${{ inputs.variant }} | ||
| needs: | ||
| - test-basic | ||
| - test-saml | ||
| - test-split | ||
| - test-single-celery | ||
| - test-novolume | ||
| - test-ssl | ||
| - test-localtime | ||
| steps: | ||
| # This is dependency only job to collect all test results | ||
| - run: echo | ||
| lint-all: | ||
| runs-on: ubuntu-24.04 | ||
| name: Lint, ${{ inputs.variant }} | ||
| needs: | ||
| - anchore | ||
| - trivy | ||
| steps: | ||
| # This is dependency only job to collect all lint results | ||
| - run: echo | ||
| push_dockerhub: | ||
| runs-on: ubuntu-24.04 | ||
| name: Publish to Docker Hub, ${{ inputs.variant }} | ||
| needs: | ||
| - tests-all | ||
| - lint-all | ||
| - merge | ||
| - revisions | ||
| if: ${{ (startsWith(github.ref, 'refs/tags/') || (github.ref == 'refs/heads/main')) && github.repository == 'WeblateOrg/docker' }} | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | ||
| with: | ||
| persist-credentials: false | ||
| - name: Set up QEMU | ||
| uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 | ||
| with: | ||
| platforms: all | ||
| - name: Expose GitHub Runtime | ||
| uses: crazy-max/ghaction-github-runtime@3cb05d89e1f492524af3d41a1c98c83bc3025124 # v3.1.0 | ||
| - name: Set up Docker Buildx | ||
| uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 | ||
| with: | ||
| # renovate: datasource=github-releases depName=docker/buildx | ||
| version: v0.23.0 | ||
| - uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1 | ||
| with: | ||
| name: Docker cache amd64 | ||
| path: /tmp/.buildx-cache/linux/amd64 | ||
| - uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1 | ||
| with: | ||
| name: Docker cache arm64 | ||
| path: /tmp/.buildx-cache/linux/arm64 | ||
| - name: DockerHub login | ||
| run: echo "${{ secrets.DOCKERHUB_ACCESS_TOKEN }}" | docker login --username "${{ secrets.DOCKERHUB_USERNAME }}" --password-stdin | ||
| - name: Adjust bleeding edge image | ||
| if: inputs.variant == 'bleeding' | ||
| run: .github/bin/bleeding "$WEBLATE_SHA" "$WEBLATE_DATE" | ||
| env: | ||
| WEBLATE_SHA: ${{ needs.revisions.outputs.weblate_sha }} | ||
| WEBLATE_DATE: ${{ needs.revisions.outputs.weblate_date }} | ||
| - name: Configure Docker build | ||
| run: .github/bin/get-buildx-args "publish-$WEBLATE_VARIANT" | ||
| env: | ||
| WEBLATE_VARIANT: ${{ inputs.variant }} | ||
| - name: Publish the Docker images | ||
| run: .github/bin/docker-build "publish-$WEBLATE_VARIANT" | ||
| env: | ||
| WEBLATE_VARIANT: ${{ inputs.variant }} | ||
| push_github: | ||
| runs-on: ubuntu-24.04 | ||
| name: Publish to GitHub, ${{ inputs.variant }} | ||
| permissions: | ||
| packages: write | ||
| needs: | ||
| - tests-all | ||
| - lint-all | ||
| - merge | ||
| - revisions | ||
| if: ${{ (startsWith(github.ref, 'refs/tags/') || (github.ref == 'refs/heads/main')) && github.repository == 'WeblateOrg/docker' }} | ||
| env: | ||
| DOCKER_IMAGE: ghcr.io/weblateorg/weblate | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | ||
| with: | ||
| persist-credentials: false | ||
| - name: Set up QEMU | ||
| uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 | ||
| with: | ||
| platforms: all | ||
| - name: Expose GitHub Runtime | ||
| uses: crazy-max/ghaction-github-runtime@3cb05d89e1f492524af3d41a1c98c83bc3025124 # v3.1.0 | ||
| - name: Set up Docker Buildx | ||
| uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 | ||
| with: | ||
| # renovate: datasource=github-releases depName=docker/buildx | ||
| version: v0.23.0 | ||
| - uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1 | ||
| with: | ||
| name: Docker cache amd64 | ||
| path: /tmp/.buildx-cache/linux/amd64 | ||
| - uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1 | ||
| with: | ||
| name: Docker cache arm64 | ||
| path: /tmp/.buildx-cache/linux/arm64 | ||
| - name: Login to GitHub Container Registry | ||
| if: ${{ github.event_name != 'pull_request'}} | ||
| uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 | ||
| with: | ||
| registry: ghcr.io | ||
| username: ${{ github.actor }} | ||
| password: ${{ secrets.GITHUB_TOKEN }} | ||
| - name: Adjust bleeding edge image | ||
| if: inputs.variant == 'bleeding' | ||
| run: .github/bin/bleeding "$WEBLATE_SHA" "$WEBLATE_DATE" | ||
| env: | ||
| WEBLATE_SHA: ${{ needs.revisions.outputs.weblate_sha }} | ||
| WEBLATE_DATE: ${{ needs.revisions.outputs.weblate_date }} | ||
| - name: Configure Docker build | ||
| run: .github/bin/get-buildx-args "publish-$WEBLATE_VARIANT" | ||
| env: | ||
| WEBLATE_VARIANT: ${{ inputs.variant }} | ||
| - name: Publish the Docker images | ||
| run: .github/bin/docker-build "publish-$WEBLATE_VARIANT" | ||
| env: | ||
| WEBLATE_VARIANT: ${{ inputs.variant }} | ||
