Scope rework patch #9564
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Tests | |
| on: | |
| push: | |
| branches: | |
| - stable | |
| - dev | |
| pull_request: | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.event.pull_request.number || github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| test: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| # if one python version fails, let the others finish | |
| fail-fast: false | |
| matrix: | |
| python-version: ["3.9", "3.10", "3.11", "3.12", "3.13"] | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: Set up Python | |
| uses: actions/setup-python@v6 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Set Python Version Environment Variable | |
| run: echo "PYTHON_VERSION=${{ matrix.python-version }}" | sed 's|[:/]|_|g' >> $GITHUB_ENV | |
| - name: Install dependencies | |
| run: | | |
| pip install poetry | |
| poetry install | |
| - name: Lint | |
| run: | | |
| poetry run ruff check | |
| poetry run ruff format --check | |
| - name: Run tests | |
| run: | | |
| poetry run pytest -vv --reruns 2 -o timeout_func_only=true --timeout 1200 --disable-warnings --log-cli-level=INFO --cov-config=bbot/test/coverage.cfg --cov-report xml:cov.xml --cov=bbot . | |
| - name: Upload Debug Logs | |
| if: always() | |
| uses: actions/upload-artifact@v5 | |
| with: | |
| name: pytest-debug-logs-${{ env.PYTHON_VERSION }} | |
| path: pytest_debug.log | |
| - name: Upload Code Coverage | |
| uses: codecov/codecov-action@v5 | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| files: ./cov.xml | |
| verbose: true | |
| publish_code: | |
| needs: test | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'push' && (github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/stable') | |
| continue-on-error: true | |
| steps: | |
| - uses: actions/checkout@v5 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| - name: Set up Python | |
| uses: actions/setup-python@v6 | |
| with: | |
| python-version: "3.x" | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install poetry build | |
| poetry self add "poetry-dynamic-versioning[plugin]" | |
| - name: Build Pypi package | |
| if: github.ref == 'refs/heads/stable' || github.ref == 'refs/heads/dev' | |
| run: python -m build | |
| - name: Publish Pypi package | |
| if: github.ref == 'refs/heads/stable' || github.ref == 'refs/heads/dev' | |
| uses: pypa/gh-action-pypi-publish@release/v1.13 | |
| with: | |
| password: ${{ secrets.PYPI_API_TOKEN }} | |
| - name: Get BBOT version | |
| id: version | |
| run: | | |
| FULL_VERSION=$(poetry version | cut -d' ' -f2) | |
| echo "BBOT_VERSION=$FULL_VERSION" >> $GITHUB_OUTPUT | |
| # Extract major.minor (e.g., 2.7 from 2.7.1) | |
| MAJOR_MINOR=$(echo "$FULL_VERSION" | cut -d'.' -f1-2) | |
| echo "BBOT_VERSION_MAJOR_MINOR=$MAJOR_MINOR" >> $GITHUB_OUTPUT | |
| # Extract major (e.g., 2 from 2.7.1) | |
| MAJOR=$(echo "$FULL_VERSION" | cut -d'.' -f1) | |
| echo "BBOT_VERSION_MAJOR=$MAJOR" >> $GITHUB_OUTPUT | |
| - name: Publish to Docker Hub (dev) | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/dev' | |
| uses: docker/build-push-action@v6 | |
| with: | |
| push: true | |
| context: . | |
| tags: | | |
| blacklanternsecurity/bbot:latest | |
| blacklanternsecurity/bbot:dev | |
| blacklanternsecurity/bbot:${{ steps.version.outputs.BBOT_VERSION }} | |
| blacklanternsecurity/bbot:${{ steps.version.outputs.BBOT_VERSION_MAJOR_MINOR }} | |
| blacklanternsecurity/bbot:${{ steps.version.outputs.BBOT_VERSION_MAJOR }} | |
| - name: Publish to Docker Hub (stable) | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/stable' | |
| uses: docker/build-push-action@v6 | |
| with: | |
| push: true | |
| context: . | |
| tags: | | |
| blacklanternsecurity/bbot:stable | |
| blacklanternsecurity/bbot:${{ steps.version.outputs.BBOT_VERSION }} | |
| blacklanternsecurity/bbot:${{ steps.version.outputs.BBOT_VERSION_MAJOR_MINOR }} | |
| blacklanternsecurity/bbot:${{ steps.version.outputs.BBOT_VERSION_MAJOR }} | |
| - name: Publish Full Docker Image to Docker Hub (dev) | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/dev' | |
| uses: docker/build-push-action@v6 | |
| with: | |
| push: true | |
| file: Dockerfile.full | |
| context: . | |
| tags: | | |
| blacklanternsecurity/bbot:latest-full | |
| blacklanternsecurity/bbot:dev-full | |
| blacklanternsecurity/bbot:${{ steps.version.outputs.BBOT_VERSION }}-full | |
| blacklanternsecurity/bbot:${{ steps.version.outputs.BBOT_VERSION_MAJOR_MINOR }}-full | |
| blacklanternsecurity/bbot:${{ steps.version.outputs.BBOT_VERSION_MAJOR }}-full | |
| - name: Publish Full Docker Image to Docker Hub (stable) | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/stable' | |
| uses: docker/build-push-action@v6 | |
| with: | |
| push: true | |
| file: Dockerfile.full | |
| context: . | |
| tags: | | |
| blacklanternsecurity/bbot:stable-full | |
| blacklanternsecurity/bbot:${{ steps.version.outputs.BBOT_VERSION }}-full | |
| blacklanternsecurity/bbot:${{ steps.version.outputs.BBOT_VERSION_MAJOR_MINOR }}-full | |
| blacklanternsecurity/bbot:${{ steps.version.outputs.BBOT_VERSION_MAJOR }}-full | |
| - name: Docker Hub Description | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/dev' | |
| uses: peter-evans/dockerhub-description@v5 | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| repository: blacklanternsecurity/bbot | |
| - name: Clean up old Docker Hub tags (up to 50 most recent tags plus 'latest') | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/dev' | |
| run: | | |
| # Install jq for JSON processing | |
| sudo apt-get update && sudo apt-get install -y jq | |
| IMAGE="blacklanternsecurity/bbot" | |
| # Clean up dev tags (keep 50 most recent) | |
| for tag_pattern in "rc$" "rc-full$"; do | |
| echo "Cleaning up tags ending with $tag_pattern..." | |
| tags_response=$(curl -s -H "Authorization: Bearer ${{ secrets.DOCKER_TOKEN }}" \ | |
| "https://hub.docker.com/v2/repositories/$IMAGE/tags/?page_size=100") | |
| tags_to_delete=$(echo "$tags_response" | jq -r --arg pattern "$tag_pattern" \ | |
| '.results[] | select(.name | test($pattern)) | [.last_updated, .name] | @tsv' | \ | |
| sort -r | tail -n +51 | cut -f2) | |
| for tag in $tags_to_delete; do | |
| echo "Deleting $IMAGE tag: $tag" | |
| curl -X DELETE -H "Authorization: Bearer ${{ secrets.DOCKER_TOKEN }}" \ | |
| "https://hub.docker.com/v2/repositories/$IMAGE/tags/$tag/" | |
| done | |
| echo "Cleanup completed for tags ending with $tag_pattern. Kept 50 most recent." | |
| done | |
| outputs: | |
| BBOT_VERSION: ${{ steps.version.outputs.BBOT_VERSION }} | |
| publish_docs: | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'push' && (github.ref == 'refs/heads/stable' || github.ref == 'refs/heads/dev') | |
| steps: | |
| - uses: actions/checkout@v5 | |
| with: | |
| token: ${{ secrets.BBOT_DOCS_UPDATER_PAT }} | |
| - uses: actions/setup-python@v6 | |
| with: | |
| python-version: "3.11" | |
| - run: echo "cache_id=$(date --utc '+%V')" >> $GITHUB_ENV | |
| - uses: actions/cache@v4 | |
| with: | |
| key: mkdocs-material-${{ env.cache_id }} | |
| path: .cache | |
| restore-keys: | | |
| mkdocs-material- | |
| - name: Install dependencies | |
| run: | | |
| pip install poetry | |
| poetry install --only=docs | |
| - name: Configure Git | |
| run: | | |
| git config user.name github-actions | |
| git config user.email [email protected] | |
| git fetch origin gh-pages:refs/remotes/origin/gh-pages | |
| if git show-ref --verify --quiet refs/heads/gh-pages; then | |
| git branch -f gh-pages origin/gh-pages | |
| else | |
| git branch --track gh-pages origin/gh-pages | |
| fi | |
| - name: Generate docs (stable branch) | |
| if: github.ref == 'refs/heads/stable' | |
| run: | | |
| poetry run mike deploy Stable | |
| - name: Generate docs (dev branch) | |
| if: github.ref == 'refs/heads/dev' | |
| run: | | |
| poetry run mike deploy Dev | |
| - name: Publish docs | |
| run: | | |
| git switch gh-pages | |
| git push | |
| # tag_commit: | |
| # needs: publish_code | |
| # runs-on: ubuntu-latest | |
| # if: github.event_name == 'push' && github.ref == 'refs/heads/stable' | |
| # steps: | |
| # - uses: actions/checkout@v5 | |
| # with: | |
| # ref: ${{ github.head_ref }} | |
| # fetch-depth: 0 # Fetch all history for all tags and branches | |
| # - name: Configure git | |
| # run: | | |
| # git config --local user.email "[email protected]" | |
| # git config --local user.name "GitHub Actions" | |
| # - name: Tag commit | |
| # run: | | |
| # VERSION="${{ needs.publish_code.outputs.BBOT_VERSION }}" | |
| # if [[ "${{ github.ref }}" == "refs/heads/dev" ]]; then | |
| # TAG_MESSAGE="Dev Release $VERSION" | |
| # elif [[ "${{ github.ref }}" == "refs/heads/stable" ]]; then | |
| # TAG_MESSAGE="Stable Release $VERSION" | |
| # fi | |
| # git tag -a $VERSION -m "$TAG_MESSAGE" | |
| # git push origin --tags |