Skip to content
Builds

Fix KERNEL_POD_NAME substitution to avoid SSTI #194

Sign in to view logs

Fix KERNEL_POD_NAME substitution to avoid SSTI

Fix KERNEL_POD_NAME substitution to avoid SSTI #194

Workflow file for this run

.github/workflows/build.yml at bcf9cdf
name: Builds
on:
push:
pull_request:
jobs:
build:
runs-on: ${{ matrix.os }}
env:
ASYNC_TEST_TIMEOUT: 60
KERNEL_LAUNCH_TIMEOUT: 120
CONDA_HOME: /usr/share/miniconda
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest]
python-version: ["3.9", "3.10", "3.11"]
steps:
- name: Checkout
uses: actions/checkout@v4
with:
clean: true
- uses: jupyterlab/maintainer-tools/.github/actions/base-setup@v1
- name: Display dependency info
run: |
python --version
pip --version
conda --version
- name: Add SBT launcher
uses: sbt/setup-sbt@v1
- name: Install Python dependencies
run: |
pip install ".[test]"
- name: Build and install Jupyter Enterprise Gateway
uses: nick-invision/[email protected]
with:
timeout_minutes: 10
max_attempts: 2
command: |
make clean dist enterprise-gateway-demo test-install-wheel
- name: Log current Python dependencies version
run: |
pip freeze
- name: Run unit tests
uses: nick-invision/[email protected]
with:
timeout_minutes: 3
max_attempts: 1
command: |
make test
- name: Run integration tests
run: |
# Run integration tests with debug output
make itest-yarn-debug
- name: Collect logs
if: success() || failure()
run: |
python --version
pip --version
pip list
echo "==== Docker Container Logs ===="
docker logs itest-yarn
echo "==== Docker Container Status ===="
docker ps -a
echo "==== Enterprise Gateway Log ===="
docker exec -it itest-yarn cat /usr/local/share/jupyter/enterprise-gateway.log || true
- name: Run linters
run: |
make lint
- name: Bump versions
run: |
pipx run tbump --dry-run --no-tag --no-push 100.100.100rc0
link_check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: jupyterlab/maintainer-tools/.github/actions/base-setup@v1
with:
python_version: "3.11"
- name: Install Python dependencies
run: |
pip install ".[test]"
- uses: jupyterlab/maintainer-tools/.github/actions/check-links@v1
with:
ignore_links: "http://my-gateway-server.com:8888"
build_docs:
runs-on: windows-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Base Setup
uses: jupyterlab/maintainer-tools/.github/actions/base-setup@v1
with:
python_version: "3.11"
- name: Build Docs
run: make docs
test_minimum_versions:
name: Test Minimum Versions
timeout-minutes: 20
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: jupyterlab/maintainer-tools/.github/actions/base-setup@v1
with:
python_version: "3.9"
- name: Install dependencies with minimum versions
run: |
pip install ".[test]"
- name: Run the unit tests
run: |
pytest -vv -W default || pytest -vv -W default --lf
make_sdist:
name: Make SDist
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- uses: actions/checkout@v4
- uses: jupyterlab/maintainer-tools/.github/actions/base-setup@v1
with:
python_version: "3.11"
- uses: jupyterlab/maintainer-tools/.github/actions/make-sdist@v1
test_sdist:
runs-on: ubuntu-latest
needs: [make_sdist]
name: Install from SDist and Test
timeout-minutes: 20
steps:
- uses: jupyterlab/maintainer-tools/.github/actions/base-setup@v1
with:
python_version: "3.11"
- uses: jupyterlab/maintainer-tools/.github/actions/test-sdist@v1
python_tests_check: # This job does nothing and is only used for the branch protection
if: always()
needs:
- build
- link_check
- test_minimum_versions
- build_docs
- test_sdist
runs-on: ubuntu-latest
steps:
- name: Decide whether the needed jobs succeeded or failed
uses: re-actors/alls-green@release/v1
with:
jobs: ${{ toJSON(needs) }}