diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md index 6a38d38c9..01f127a77 100644 --- a/.github/ISSUE_TEMPLATE.md +++ b/.github/ISSUE_TEMPLATE.md @@ -32,6 +32,6 @@ ## Your Environment * Version used: -* Environment name and version (e.g. Python 2.7.5 with mod_wsgi 4.5.9): +* Environment name and version (e.g. Python 3.9 with mod_wsgi 4.5.9): * Server type and version: * Operating System and version: diff --git a/.github/dependabot.yml b/.github/dependabot.yml index b38df29f4..ff621e589 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -4,3 +4,11 @@ updates: directory: "/" schedule: interval: "daily" + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + - package-ecosystem: "docker" + directory: "/" + schedule: + interval: "weekly" diff --git a/.github/workflows/dockerbuild.yml b/.github/workflows/dockerbuild.yml index d6c9a1d2c..2b5c59d8a 100644 --- a/.github/workflows/dockerbuild.yml +++ b/.github/workflows/dockerbuild.yml @@ -1,68 +1,143 @@ name: Docker Build and Publish +permissions: + packages: write + on: - workflow_dispatch: push: tags: - "*.*.*" jobs: - build-and-publish: + get-version: runs-on: ubuntu-latest + outputs: + version: ${{ fromJSON(steps.meta.outputs.json).tags[0] }} steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Docker meta id: meta - uses: docker/metadata-action@v4 + uses: docker/metadata-action@v5 with: + flavor: | + latest=false images: | - ghcr.io/mapproxy/mapproxy/mapproxy + ghcr.io/${{ github.repository }}/mapproxy tags: | type=semver,pattern={{version}} + build-and-publish-ubuntu: + needs: get-version + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@v3 - name: Login to ghcr.io - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push base image - uses: docker/build-push-action@v4 + uses: docker/build-push-action@v6 with: - context: docker/ - file: ./docker/Dockerfile + file: ./Dockerfile push: true - build-args: | - MAPPROXY_VERSION=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.version'] }} target: base - tags: | - ${{ steps.meta.outputs.tags }} + tags: ${{ needs.get-version.outputs.version }} + platforms: linux/amd64,linux/arm64 - name: Build and push development image - uses: docker/build-push-action@v4 + uses: docker/build-push-action@v6 with: - context: docker/ - file: ./docker/Dockerfile + file: ./Dockerfile push: true - build-args: | - MAPPROXY_VERSION=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.version'] }} target: development - tags: | - ${{ steps.meta.outputs.tags }}-dev + tags: ${{ needs.get-version.outputs.version }}-dev + platforms: linux/amd64,linux/arm64 - name: Build and push nginx image - uses: docker/build-push-action@v4 + uses: docker/build-push-action@v6 with: - context: docker/ - file: ./docker/Dockerfile + file: ./Dockerfile push: true - build-args: | - MAPPROXY_VERSION=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.version'] }} target: nginx - tags: | - ${{ steps.meta.outputs.tags }}-nginx + tags: ${{ needs.get-version.outputs.version }}-nginx + platforms: linux/amd64,linux/arm64 + + build-and-publish-alpine: + needs: get-version + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to ghcr.io + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build and push base alpine image + uses: docker/build-push-action@v6 + with: + file: ./Dockerfile-alpine + push: true + target: base + tags: ${{ needs.get-version.outputs.version }}-alpine + platforms: linux/amd64,linux/arm64 + + - name: Build and push alpine development image + uses: docker/build-push-action@v6 + with: + file: ./Dockerfile-alpine + push: true + target: development + tags: ${{ needs.get-version.outputs.version }}-alpine-dev + platforms: linux/amd64,linux/arm64 + + - name: Build and push alpine based nginx image + uses: docker/build-push-action@v6 + with: + file: ./Dockerfile-alpine + push: true + target: nginx + tags: ${{ needs.get-version.outputs.version }}-alpine-nginx + platforms: linux/amd64,linux/arm64 + + run-trivy: + needs: + - get-version + - build-and-publish-ubuntu + runs-on: ubuntu-latest + steps: + - name: Run trivy + uses: aquasecurity/trivy-action@0.29.0 + with: + format: 'sarif' + ignore-unfixed: true + image-ref: ${{ needs.get-version.outputs.version }} + output: 'trivy-results.sarif' + severity: 'CRITICAL,HIGH' + vuln-type: 'os,library' + + - name: Upload Trivy scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: 'trivy-results.sarif' diff --git a/.github/workflows/ghpages.yml b/.github/workflows/ghpages.yml index e08b2a32d..a7a59e828 100644 --- a/.github/workflows/ghpages.yml +++ b/.github/workflows/ghpages.yml @@ -1,31 +1,52 @@ name: Build and deploy documentation on github pages on: - workflow_dispatch: push: tags: - - '*' + - "*.*.*" -jobs: +permissions: + contents: write + +jobs: build: runs-on: ubuntu-20.04 steps: - name: Checkout sources - uses: actions/checkout@v2 + uses: actions/checkout@v4 - name: Install dependencies ⏬ - run: pip install sphinx sphinx-bootstrap-theme + run: pip install sphinx sphinx-book-theme sphinx-copybutton + + - name: Run documentation build + run: sphinx-build doc/ docs -D html_context.current_version=${{ github.ref_name }} + + - name: Deploy docs to folder `latest` to GitHub Pages + uses: JamesIves/github-pages-deploy-action@v4.7.2 + with: + folder: docs + target-folder: docs/latest - - name: Run documentation build and publish 🏗️ + - name: Deploy docs to a folder named after the new tag to GitHub Pages + uses: JamesIves/github-pages-deploy-action@v4.7.2 + with: + folder: docs + target-folder: docs/${{ github.ref_name }} + + - name: Update versions config + # read existing versions from gh-pages branch, add new version, sort, dedupe and write results to config/versions.json run: | - git config --global user.name 'ghpages' - git config --global user.email 'ghpages@users.noreply.github.com' - git fetch --all - git checkout gh-pages - git pull origin gh-pages - git rebase origin/master - sphinx-build doc/ docs - git add docs - git commit -m "Automated documentation" - git push -f origin gh-pages + mkdir config + git show gh-pages:docs/config/versions.json \ + | jq -r '(. + ["${{ github.ref_name }}"])[]' \ + | sort -V \ + | uniq \ + | jq -R -s -c 'split("\n")[:-1]' \ + > config/versions.json + + - name: Deploy config folder to GitHub Pages + uses: JamesIves/github-pages-deploy-action@v4.7.2 + with: + folder: config + target-folder: docs/config diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml new file mode 100644 index 000000000..0550811b7 --- /dev/null +++ b/.github/workflows/lint.yml @@ -0,0 +1,26 @@ +name: Running mapproxy lint + +on: + workflow_dispatch: + push: + branches: + - master + pull_request: + branches: + - master + +jobs: + test: + runs-on: ubuntu-20.04 + + steps: + - name: Checkout sources + uses: actions/checkout@v4 + + - name: Use python 3.12 + uses: actions/setup-python@v5 + with: + python-version: 3.12 + + - name: flake8 Lint + uses: py-actions/flake8@v2 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 000000000..24737f094 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,49 @@ +name: Release +on: + push: + tags: + - "*.*.*" + +jobs: + build-publish-release: + runs-on: ubuntu-latest + environment: + name: pypi + url: https://pypi.org/project/MapProxy + permissions: + id-token: write # this permission is needed for trusted publishing on pypi + contents: write # this is needed to create the github release + + steps: + - name: Install packages + run: | + sudo apt update + sudo apt -y install --no-install-recommends python3-pil python3-yaml python3-pyproj libgeos-dev python3-lxml libgdal-dev python3-shapely libxml2-dev libxslt-dev + + - name: Checkout + uses: actions/checkout@v4 + + - name: Setup python + uses: actions/setup-python@v5 + + - name: Make wheel + run: | + python setup.py egg_info -b "" -D sdist bdist_wheel + + - name: Publish package to PyPI + uses: pypa/gh-action-pypi-publish@release/v1 + + - name: Grep changes + run: | + awk ' + /^[0-9]+\.[0-9]+\.[0-9]+ [0-9]{4}-[0-9]{2}-[0-9]{2}$/ { if (header_found) exit; header_found=1; skip=2} + skip { skip--; next } + /^.*$/ { print } + ' CHANGES.txt > RELEASE_NOTES.txt + + - name: Create a GitHub release page + uses: ncipollo/release-action@v1 + with: + generateReleaseNotes: true + bodyFile: RELEASE_NOTES.txt + artifacts: "dist/*.whl" diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index dfa838cbc..44c99ddaf 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -33,7 +33,7 @@ jobs: strategy: matrix: - python-version: [3.7, 3.8, 3.9, "3.10", "3.11"] + python-version: ["3.7", "3.8", "3.9", "3.10", "3.11"] env: MAPPROXY_TEST_COUCHDB: 'http://localhost:5984' @@ -52,15 +52,15 @@ jobs: sudo apt install proj-bin libgeos-dev libgdal-dev libxslt1-dev libxml2-dev build-essential python-dev libjpeg-dev zlib1g-dev libfreetype6-dev protobuf-compiler libprotoc-dev -y - name: Checkout sources - uses: actions/checkout@v2 + uses: actions/checkout@v4 - name: Use python ${{ matrix.python-version }} - uses: actions/setup-python@v2 + uses: actions/setup-python@v5 with: python-version: ${{ matrix.python-version }} - name: Cache python deps 💾 - uses: actions/cache@v2 + uses: actions/cache@v4 with: path: ~/.cache/pip key: ${{ runner.OS }}-python-${{ hashFiles('**/requirements-tests.txt') }} @@ -70,8 +70,8 @@ jobs: - name: Install dependencies ⏬ run: | + pip install . pip install -r requirements-tests.txt - if [[ ${{ matrix.python-version }} = 2.7 || ${{ matrix.python-version }} = 3.8 ]]; then pip install -U "Pillow!=8.3.0,!=8.3.1"; fi pip freeze - name: Run tests 🏗️