D->M #180
D->M #180
Conversation
Draft: Add logs to help with debugging
Remove logging
Mongo7 upgrade
Convert requirements.txt to Pipfile
Add retryWrites & update release notes
fix typo in README.md
Uncomment the trivy-scan in the pr_build.yml file
SECURITY-4: Update Dependabot.yml
builds by default on Java 8. Need to look into how to bump that
Add JITPack java client build
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| runs-on: ubuntu-latest | ||
| strategy: | ||
| fail-fast: false | ||
| matrix: | ||
| include: | ||
| - python-version: '3.9.19' | ||
| mongo-version: '3.6' | ||
| - python-version: '3.9.19' | ||
| mongo-version: '7.0.4' | ||
| services: | ||
| mongo: | ||
| image: mongo:${{matrix.mongo-version}} | ||
| ports: | ||
| - 27017:27017 | ||
| options: --name mongo${{matrix.mongo-version}} | ||
|
|
||
| env: | ||
| KBASE_CI_TOKEN: ${{ secrets.KBASE_CI_TOKEN }} | ||
| # This env var is also used in the catalog test docker compose file for starting NMS | ||
| ADMIN_USER: ${{ secrets.KBASE_BOT_USER_CI }} | ||
|
|
||
| steps: | ||
| - name: Repo checkout | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Setup Python | ||
| uses: actions/setup-python@v5 | ||
| with: | ||
| python-version: ${{matrix.python-version}} | ||
|
|
||
| - name: Install dependencies and set up test config | ||
| shell: bash | ||
|
|
||
| run: | | ||
|
|
||
| # test mongo connection | ||
| curl http://localhost:27017 | ||
| returncode=$? | ||
| if [ $returncode != 0 ]; then exit $returncode; fi | ||
|
|
||
| # set HOMEDIR | ||
| export HOMEDIR=`pwd` | ||
|
|
||
| # move to parent dir to install binaries etc | ||
| cd .. | ||
|
|
||
| # setup kb-sdk | ||
| mkdir -p $(pwd)/bin | ||
| docker run ghcr.io/kbase/kb_sdk_patch-develop:br-0.0.4 genscript > $(pwd)/bin/kb-sdk | ||
| chmod 755 $(pwd)/bin/kb-sdk | ||
| export PATH=$(pwd)/bin:$PATH | ||
|
|
||
| # install catalog dependencies | ||
| cd $HOMEDIR | ||
| python -m pip install --upgrade pip | ||
| pip install pipenv | ||
| pipenv sync --system --dev | ||
|
|
||
| # setup test config | ||
| cp -n test/test.cfg.example test/test.cfg | ||
| sed -i "s#^nms-admin-token.*#nms-admin-token=$KBASE_CI_TOKEN#" test/test.cfg | ||
| sed -i "s#^method-spec-admin-users.*#method-spec-admin-users=$ADMIN_USER#" test/test.cfg | ||
|
|
||
| - name: Run tests | ||
| shell: bash | ||
| run: make test | ||
|
|
||
| - name: Upload coverage to Codecov | ||
| uses: codecov/codecov-action@v4 | ||
| with: | ||
| token: ${{ secrets.CODECOV_TOKEN }} | ||
| fail_ci_if_error: true |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium test
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 5 months ago
To fix this issue, add a permissions block at either the workflow root level (recommended for clarity and coverage) or directly to the catalog_tests job. The block should specify the minimal set of permissions required for the workflow to execute. For this workflow, only contents: read appears to be necessary, as the jobs mainly interact with repository source code and external services (Codecov, Docker, etc.), but do not interact with repository settings or write to PRs/issues. Place the following snippet under the name block (between lines 1 and 3 in the workflow) for root-level coverage, or under the catalog_tests job for per-job coverage.
| @@ -1,4 +1,6 @@ | ||
| name: KBase Catalog test | ||
| permissions: | ||
| contents: read | ||
|
|
||
| on: | ||
| pull_request: |
No description provided.