Skip to content

[Snyk] Fix for 2 vulnerabilities #374

[Snyk] Fix for 2 vulnerabilities

[Snyk] Fix for 2 vulnerabilities #374

name: Continuous Integration
on: [pull_request]
env:
GDRIVE_CREDENTIALS: ${{ secrets.GDRIVE_CREDENTIALS }}
MAILCHIMP_LIST: ${{ secrets.MAILCHIMP_LIST }}
MAILCHIMP_API_KEY: ${{ secrets.MAILCHIMP_API_KEY }}
ALGOLIA_APP_ID: ${{ secrets.ALGOLIA_APP_ID }}
ALGOLIA_SEARCH_KEY: ${{ secrets.ALGOLIA_SEARCH_KEY }}
ALGOLIA_DOCS_INDEX: ${{ secrets.ALGOLIA_DOCS_INDEX }}
RASA_X_HOST: ${{ secrets.RASA_X_DOMAIN }}
RASA_X_PASSWORD: ${{ secrets.RASA_X_PASSWORD }}
RASA_X_USERNAME: ${{ secrets.RASA_X_USERNAME }}
RASA_X_HOST_SCHEMA: ${{ secrets.RASA_X_HOST_SCHEMA }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TRACKER_DB_URL: ${{ secrets.TRACKER_DB_URL }}
# Due to the issue with openssl library for Google Cloud SDK (gcloud)
# (https://github.com/GoogleCloudPlatform/github-actions/issues/128)
# we use 297.0.01 version
GCLOUD_VERSION: "297.0.1"
concurrency:
group: ci-${{ github.ref }}
cancel-in-progress: true
jobs:
check_changed_files:
name: Check for file changes
runs-on: ubuntu-20.04
outputs:
nlu: ${{ steps.changed-files.outputs.nlu }}
core: ${{ steps.changed-files.outputs.core }}
training: ${{ steps.changed-files.outputs.training }}
actions: ${{ steps.changed-files.outputs.actions }}
steps:
# Due to an issue with checking out a wrong commit, we make sure
# to checkout HEAD commit for a pull request.
# More details: https://github.com/actions/checkout/issues/299
- name: Checkout pull request HEAD commit instead of merge commit
uses: actions/checkout@v2
if: github.event_name == 'pull_request'
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Checkout git repository
uses: actions/checkout@v2
if: github.event_name != 'pull_request'
- uses: RasaHQ/pr-changed-files-filter@c4f7116a04b8a4596313469429e2ad235f59d9c4
id: changed-files
with:
token: ${{ secrets.GITHUB_TOKEN }}
filters: .github/change_filters.yml
base: ${{ github.ref }}
lint-testing:
name: Code Formatting Tests
runs-on: ubuntu-latest
steps:
- name: Checkout pull request HEAD commit instead of merge commit
uses: actions/checkout@v2
if: github.event_name == 'pull_request'
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Checkout git repository
uses: actions/checkout@v2
if: github.event_name != 'pull_request'
- name: Set up Python 3.7
uses: actions/setup-python@v1
with:
python-version: 3.7
- name: Install dependencies
run: |
python -m pip install --upgrade "pip<20"
pip install -r requirements-dev.txt
- name: Code Formatting Tests
run: |
echo "------------------------------------"
echo "/usr/bin/git log -1 --format='%H'"
/usr/bin/git log -1 --format='%H'
echo "------------------------------------"
make lint
type-testing:
name: Type Tests
runs-on: ubuntu-latest
steps:
- name: Checkout pull request HEAD commit instead of merge commit
uses: actions/checkout@v2
if: github.event_name == 'pull_request'
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Checkout git repository
uses: actions/checkout@v2
if: github.event_name != 'pull_request'
- name: Set up Python 3.7
uses: actions/setup-python@v1
with:
python-version: 3.7
- name: Install dependencies
run: |
python -m pip install --upgrade "pip<20"
pip install -r requirements-dev.txt
- name: Type Checking
run: |
pip list
make types
action-unit-tests:
needs:
- lint-testing
- type-testing
name: Custom Action Unit Tests
runs-on: ubuntu-latest
steps:
- name: Checkout pull request HEAD commit instead of merge commit
uses: actions/checkout@v2
if: github.event_name == 'pull_request'
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Checkout git repository
uses: actions/checkout@v2
if: github.event_name != 'pull_request'
- name: Set up Python 3.7
uses: actions/setup-python@v1
with:
python-version: 3.7
- name: Install dependencies
run: |
make install-dev
- name: Unit Tests
run: |
make test-actions
data-validation:
name: Data Validation
runs-on: ubuntu-latest
steps:
- name: Checkout pull request HEAD commit instead of merge commit
uses: actions/checkout@v2
if: github.event_name == 'pull_request'
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Checkout git repository
uses: actions/checkout@v2
if: github.event_name != 'pull_request'
- name: Set up Python 3.7
uses: actions/setup-python@v1
with:
python-version: 3.7
- name: Install dependencies
run: |
python -m pip install --upgrade "pip<20"
pip install -r requirements-dev.txt
- name: Rasa Data Validation
run: |
rasa data validate --debug
training-testing:
name: Test Model
runs-on: ubuntu-latest
needs:
- data-validation
- check_changed_files
if: ${{ needs.check_changed_files.outputs.training == 'true' }}
steps:
- name: Cancel Previous Runs
uses: styfle/[email protected]
with:
access_token: ${{ github.token }}
- name: Checkout pull request HEAD commit instead of merge commit
uses: actions/checkout@v2
if: github.event_name == 'pull_request'
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Checkout git repository
uses: actions/checkout@v2
if: github.event_name != 'pull_request'
- name: Set up Python 3.7
uses: actions/setup-python@v1
with:
python-version: 3.7
- name: Install dependencies
run: |
python -m pip install --upgrade "pip<20"
pip install -r requirements-dev.txt
rasa --version
- name: Cross-validate NLU model
id: cvnlu
if: contains( github.event.pull_request.labels.*.name, 'nlu_testing_required' )
run: |
rasa --version
rasa test nlu -f 3 --cross-validation --config config_nlu_testing.yml
python .github/workflows/format_results.py
- name: post cross-val results to PR
if: steps.cvnlu.outcome == 'success'
uses: amn41/comment-on-pr@comment-file-contents
continue-on-error: true
with:
msg: results.md
- name: Train Model
run: |
rasa --version
rasa train
- name: Test End 2 End Stories
if: ${{ needs.check_changed_files.outputs.core == 'true' }}
run: |
rasa --version
rasa test --stories tests/test_conversations.yml --fail-on-prediction-errors
- name: Wait for the conclusion of all other workflow runs
# upload model from PR
if: github.event_name == 'pull_request'
id: check-runs-conclusion
env:
WAIT_INTERVAL_SECS: 10
timeout-minutes: 20
run: |
while true; do
# Get a list of checks information, excluding training-testing and build-images
CHECKS_LIST=$(gh api /repos/${{ github.repository }}/commits/${{ github.event.pull_request.head.sha }}/check-runs --jq '.check_runs.[] | select(.name != "Test Model" and .name != "Build Action Server Image")')
# Get the status and conclusion of echo jobs
STATUS_LIST=$(echo $CHECKS_LIST | jq -r '.status')
CONCLUSION_LIST=$(echo $CHECKS_LIST | jq -r '.conclusion')
# Make sure all other check runs are completed
if [[ "$(echo $STATUS_LIST | tr ' ' '\n' | sort | uniq)" == "completed" ]]; then
# Check the conclusion of all other check runs
# Fail the step if there is any failture
if [[ "$(echo CONCLUSION_LIST | tr ' ' '\n' | sort | uniq)" =~ "failure" ]]; then
echo "::error:: Some check runs failed. Skip uploading model."
exit 1
else
echo "All other check runs are successed."
echo "::set-output name=upload-model::true"
exit 0
fi
fi
sleep $WAIT_INTERVAL_SECS
echo "Wait for $WAIT_INTERVAL_SECS seconds..."
done
- name: Set model name from Rasa version
if: |
github.event_name == 'pull_request' &&
steps.check-runs-conclusion.outputs.upload-model == 'true'
run: |
python -c "import rasa; open('rasaversion.txt','w+').write(rasa.__version__)"
rasa_version=`cat rasaversion.txt`
model_path=`ls models/*.tar.gz | head -n 1`
model_timestamp=$(basename "$model_path" .tar.gz)
model_name="$model_timestamp"_rasa"$rasa_version"
renamed_model_path=models/"$model_name".tar.gz
mv $model_path $renamed_model_path
echo "MODEL_NAME=${model_name}" >> $GITHUB_ENV
echo "MODEL_PATH=${renamed_model_path}" >> $GITHUB_ENV
- uses: google-github-actions/setup-gcloud@master
if: |
(github.event_name == 'pull_request' &&
contains( github.event.pull_request.labels.*.name, 'upload_model' )) ||
steps.check-runs-conclusion.outputs.upload-model == 'true'
name: Authenticate with gcloud 🎫
with:
version: "${{ env.GCLOUD_VERSION }}"
service_account_email: ${{ secrets.SARA_GKE_SERVICE_ACCOUNT_NAME }}
service_account_key: ${{ secrets.SARA_GKE_SERVICE_ACCOUNT_KEY }}
- name: Upload model to storage bucket
if: |
(github.event_name == 'pull_request' &&
contains( github.event.pull_request.labels.*.name, 'upload_model' )) ||
steps.check-runs-conclusion.outputs.upload-model == 'true'
run: gsutil cp "${MODEL_PATH}" ${{ secrets.STORAGE_BUCKET_URL }}/rasa_demo_models
build-images:
name: Build Action Server Image
needs:
- lint-testing
- type-testing
- training-testing
- check_changed_files
if: ${{ needs.check_changed_files.outputs.actions == 'true' }}
runs-on: ubuntu-latest
steps:
- name: Checkout pull request HEAD commit instead of merge commit
uses: actions/checkout@v2
if: github.event_name == 'pull_request'
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Checkout git repository
uses: actions/checkout@v2
if: github.event_name != 'pull_request'
- name: Authenticate with gcloud 🎫
uses: google-github-actions/setup-gcloud@daadedc81d5f9d3c06d2c92f49202a3cc2b919ba
with:
version: ${{ env.GCLOUD_VERSION }}
service_account_key: ${{ secrets.GCLOUD_AUTH }}
- name: Configure Docker to use Google Cloud Platform
run: |
gcloud auth configure-docker
- name: Pull Latest Image
run: |
docker pull gcr.io/replicated-test/rasa-demo:latest || true
- name: Build Image
run: |
docker build --cache-from gcr.io/replicated-test/rasa-demo:latest .