develop(actions): Configured Actions to use shared workflows from 'hm…

…s-dbmi/actions'
hms-dbmi · Apr 9, 2024 · e94bb73 · e94bb73
1 parent a773998
commit e94bb73
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 142 deletions.
diff --git a/.github/workflows/requirements-update.yml b/.github/workflows/requirements-update.yml
@@ -6,55 +6,7 @@ on:
   workflow_dispatch:
 
 jobs:
-
-  stale:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/stale@v4
-        with:
-          only-labels: dependencies,automated pr
-          stale-pr-message: 'This PR is stale because it has been open 7 days with no activity. Remove stale label or comment or this will be closed in 7 days.'
-          close-pr-message: 'This PR was closed because it has been stalled for 7 days with no activity.'
-          days-before-pr-stale: 7
-          days-before-pr-close: 7
-          delete-branch: true
-
-  build:
-    runs-on: ubuntu-latest
-
-    steps:
-    - name: Checkout
-      uses: actions/checkout@v2
-      with:
-        ref: development
-
-    - name: Setup python
-      uses: actions/setup-python@v2
-      with:
-        python-version: '3.12'
-
-    - name: Install dev Python packages
-      run: |
-        python -m pip install --upgrade pip
-        pip install -r dev-requirements.txt
-
-    - name: Check for pip-tools upgrades
-      run: |
-        pip-compile --generate-hashes \
-          --allow-unsafe \
-          --upgrade \
-          --output-file requirements.txt requirements.in
-
-    - name: Create Pull Request
-      uses: peter-evans/create-pull-request@v3
-      with:
-        token: ${{ secrets.GITHUB_TOKEN }}
-        base: development
-        branch: requirements-updates
-        branch-suffix: timestamp
-        delete-branch: true
-        commit-message: "fix(requirements): Updated Python requirements"
-        title: 'Python Requirements Updates'
-        body: >
-          This PR is auto-generated by Github Actions job [requirements-update].
-        labels: dependencies, automated pr
+  scan:
+    uses: hms-dbmi/actions/.github/workflows/requirements-update.yml@main
+    secrets:
+      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml
@@ -10,58 +10,12 @@ on:
   workflow_dispatch:
 
 jobs:
-
   scan:
-    runs-on: ubuntu-latest
-
-    steps:
-    - name: Checkout
-      uses: actions/checkout@v2
-
-    - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v1
-
-    - name: Login to DockerHub
-      uses: docker/login-action@v1
-      with:
-        username: ${{ secrets.DOCKER_HUB_USERNAME }}
-        password: ${{ secrets.DOCKER_HUB_PASSWORD }}
-
-    - name: Set image name
-      id: setimagename
-      run: |
-          echo "Image name: $GITHUB_REPOSITORY:$GITHUB_SHA"
-          echo "::set-output name=imagename::$GITHUB_REPOSITORY:$GITHUB_SHA"
-
-    - name: Build the image
-      id: buildimage
-      uses: docker/build-push-action@v2
-      with:
-        context: ./
-        file: ./Dockerfile
-        push: false
-        tags: ${{ steps.setimagename.outputs.imagename }}
-
-    - name: Check whether container scanning should be enabled
-      id: checkcontainerscanning
-      env:
-          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-      run: |
-          echo "Enable container scanning: ${{ env.SNYK_TOKEN != '' }}"
-          echo "::set-output name=enabled::${{ env.SNYK_TOKEN != '' }}"
-
-    - name: Run Snyk to check Docker image for vulnerabilities
-      uses: snyk/actions/docker@master
-      if: steps.checkcontainerscanning.outputs.enabled == 'true'
-      continue-on-error: true
-      env:
-        SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-      with:
-        image: ${{ steps.setimagename.outputs.imagename }}
-        args: --file=Dockerfile
-
-    - name: Upload result to GitHub Code Scanning
-      uses: github/codeql-action/upload-sarif@v1
-      if: steps.checkcontainerscanning.outputs.enabled == 'true'
-      with:
-        sarif_file: snyk.sarif
+    uses: hms-dbmi/actions/.github/workflows/scan.yml@main
+    secrets:
+      DOCKER_HUB_USERNAME: ${{ secrets.DOCKER_HUB_USERNAME }}
+      DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }}
+      SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+    with:
+      repository: ${{ github.repository }}
+      commit: ${{ github.sha }}
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -1,44 +1,18 @@
-name: Test
+name: Test Image Build
 
 on:
   push:
     branches: [ master, development ]
   pull_request:
     branches: [ master, development ]
-    paths:
-      - 'requirements.in'
-      - 'requirements.txt'
-      - 'Dockerfile'
+  workflow_dispatch:
 
 jobs:
-
-  build:
-    runs-on: ubuntu-latest
-
-    steps:
-    - name: Checkout
-      uses: actions/checkout@v2
-
-    - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v1
-
-    - name: Login to DockerHub
-      uses: docker/login-action@v1
-      with:
-        username: ${{ secrets.DOCKER_HUB_USERNAME }}
-        password: ${{ secrets.DOCKER_HUB_PASSWORD }}
-
-    - name: Set image name
-      id: setimagename
-      run: |
-          echo "Image name: $GITHUB_REPOSITORY:$GITHUB_SHA"
-          echo "::set-output name=imagename::$GITHUB_REPOSITORY:$GITHUB_SHA"
-
-    - name: Build the image
-      id: buildimage
-      uses: docker/build-push-action@v2
-      with:
-        context: ./
-        file: ./Dockerfile
-        push: false
-        tags: ${{ steps.setimagename.outputs.imagename }}
+  test:
+    uses: hms-dbmi/actions/.github/workflows/test-image-build.yml@main
+    secrets:
+      DOCKER_HUB_USERNAME: ${{ secrets.DOCKER_HUB_USERNAME }}
+      DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }}
+    with:
+      repository: ${{ github.repository }}
+      commit: ${{ github.sha }}