Skip to content

chore(build): revise and harden TLS for cl-es #734

chore(build): revise and harden TLS for cl-es

chore(build): revise and harden TLS for cl-es #734

Workflow file for this run

name: docker build and test
on:
push:
branches:
- "**"
pull_request:
branches:
- "main"
jobs:
build:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
tag_flags: ["--exclude-tag selenium", "--tag selenium"]
steps:
- name: Check out solr
uses: actions/checkout@v4
with:
repository: freelawproject/courtlistener-solr-server
ref: main
path: courtlistener-solr-server
- name: Set up solr permissions
run: |
cd courtlistener-solr-server
sudo chown -R :1024 data
sudo chown -R :1024 solr
sudo find data -type d -exec chmod g+s {} \;
sudo find solr -type d -exec chmod g+s {} \;
sudo find data -type d -exec chmod 775 {} \;
sudo find solr -type d -exec chmod 775 {} \;
sudo find data -type f -exec chmod 664 {} \;
sudo find solr -type f -exec chmod 664 {} \;
- name: Check out CourtListener
uses: actions/checkout@v4
with:
path: courtlistener
- name: Create the .env settings file
working-directory: courtlistener/
run: cp .env.example .env.dev
- name: Update .env.dev file
working-directory: courtlistener/
run: |
echo 'SECRET_KEY=Verbal-Kint-is-Keyser-Soze' >> .env.dev
echo 'ALLOWED_HOSTS=*' >> .env.dev
- name: Echo github actor name for debugging
run: echo ${{ github.actor }}
# Build and cache docker images so tests are always run on the latest
# dependencies
- name: Set up docker Buildx
uses: docker/setup-buildx-action@v3
with:
driver-opts: network=host
- name: Prebuild docker images
uses: docker/build-push-action@v6
with:
context: ./courtlistener
file: ./courtlistener/docker/django/Dockerfile
load: true
build-args: |
BUILD_ENV=dev
cache-from: type=gha
cache-to: type=gha,mode=max
# Prepare Docker images
- name: Pull docker images
working-directory: courtlistener/docker/courtlistener
run: docker compose pull --quiet --ignore-buildable
- name: Build docker images
working-directory: courtlistener/docker/courtlistener
run: docker compose build
- name: List docker images
run: docker image ls -a --no-trunc
# Docker images are ready. Start them up.
- name: Create docker network
run: docker network create -d bridge --attachable cl_net_overlay
- name: Start docker containers
working-directory: courtlistener/docker/courtlistener
run: docker compose -f docker-compose.yml -f docker-compose.tmpfs.yml up -d --no-build --pull=never
- name: List docker containers
run: docker ps -a --no-trunc
- name: Show the docker startup logs
working-directory: courtlistener/docker/courtlistener
run: docker compose logs
# Run the checks and tests
- name: Check if migrations are missing
run: docker exec cl-django python /opt/courtlistener/manage.py makemigrations --check --dry-run
- name: Run the tests!
run: >
docker exec -e SELENIUM_DEBUG=1 -e SELENIUM_TIMEOUT=30 cl-django
python /opt/courtlistener/manage.py test
cl --verbosity=2 ${{ matrix.tag_flags }} --parallel
- name: Export selenium results from docker to host
if: failure()
run: |
# This is annoying b/c docker cp doesn't support globs. See:
# https://stackoverflow.com/q/35806102/
# https://github.com/moby/moby/issues/7710
mkdir selenium-screenshots
docker exec cl-django bash -c "mkdir /extract && mv /tmp/*-selenium.png /extract ||:"
docker cp 'cl-django:/extract' selenium-screenshots/
- name: Save selenium screenshot as Github artifacts
uses: actions/upload-artifact@master
if: failure()
with:
name: selenium-screenshots
path: selenium-screenshots/extract
if-no-files-found: ignore
# Cancel the current workflow (tests) for pull requests (head_ref) only. See:
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#example-using-a-fallback-value
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true