Skip to content

chore(deps): bump docker/build-push-action from 5 to 7 #25

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
dependabot wants to merge 6 commits into
base: main
Choose a base branch
from
Open

chore(deps): bump docker/build-push-action from 5 to 7 #25

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
54de0cc
chore(deps): bump docker/build-push-action from 5 to 7
dependabot[bot] Apr 5, 2026
babb989
Add AgentOps fleet quality gate
donny-devops May 20, 2026
d10f420
chore(deps): bump actions/checkout from 4 to 7
dependabot[bot] Jun 21, 2026
a1ece96
Merge remote-tracking branch 'origin/agentops/fleet-gate'
donny-devops Jun 21, 2026
e1f2e16
Merge remote-tracking branch 'origin/dependabot/github_actions/action…
donny-devops Jun 21, 2026
e3729e2
Merge branch 'main' into dependabot/github_actions/docker/build-push-…
donny-devops Jun 21, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 22 additions & 0 deletions .github/workflows/agentops-fleet.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
name: AgentOps Fleet Gate

on:
push:
pull_request:
workflow_dispatch:
schedule:
- cron: '31 8 * * 1'

permissions:
contents: read
actions: read
security-events: write
pull-requests: read

jobs:
agentops:
uses: donny-devops/github-actions-templates/.github/workflows/reusable-agentops.yml@main
with:
python-version: '3.12'
node-version: '22'
run-security-audit: true
61 changes: 18 additions & 43 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,36 +6,25 @@
pull_request:
branches: [main]

env:
FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true

permissions:
contents: read

jobs:
lint:
name: Lint (ruff)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4

- uses: actions/setup-python@v5
- uses: actions/setup-python@v6
with:
python-version: "3.12"
cache: pip

- run: pip install ruff

- name: Lint with ruff
run: ruff check . --output-format=github

- name: Format check with ruff
run: ruff format --check .
- run: ruff check . --output-format=github
- run: ruff format --check .

test:
name: Test (pytest + PostgreSQL)
runs-on: ubuntu-latest
needs: lint

services:
postgres:
image: postgres:16-alpine
Expand All @@ -50,13 +39,15 @@
--health-retries 5
ports:
- 5432:5432

env:
DATABASE_URL: postgresql://testuser:testpass@localhost:5432/testdb
SECRET_KEY: test-secret

steps:
- uses: actions/checkout@v4

- uses: actions/setup-python@v5
- uses: actions/setup-python@v6
with:
python-version: "3.12"
cache: pip
Expand All @@ -67,73 +58,57 @@
pip install -r requirements.txt

- name: Run migrations
run: flask db upgrade
run: |
flask db upgrade
env:
FLASK_APP: "app:create_app()"

- name: Run pytest
run: pytest --cov=app --cov-report=xml --cov-fail-under=85 -v
run: |
pytest --cov=app --cov-report=xml --cov-fail-under=85 -v

- name: Upload coverage
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@v7
with:
name: coverage-report
path: coverage.xml
retention-days: 7

docker:
name: Build & Push Docker Image
runs-on: ubuntu-latest
needs: test
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
permissions:
contents: read
packages: write
security-events: write
if: github.event_name == 'push' && github.ref == 'refs/heads/main'

steps:
- uses: actions/checkout@v4

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@v4

Check warning on line 89 in .github/workflows/ci.yml

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

.github/workflows/ci.yml#L89 

An action sourced from a third-party repository on GitHub is not pinned to a full length commit SHA. Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release.

- name: Log in to GHCR
uses: docker/login-action@v3
uses: docker/login-action@v4

Check warning on line 92 in .github/workflows/ci.yml

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

.github/workflows/ci.yml#L92 

An action sourced from a third-party repository on GitHub is not pinned to a full length commit SHA. Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release.
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Extract metadata
id: meta
uses: docker/metadata-action@v5
uses: docker/metadata-action@v6
with:
images: ghcr.io/${{ github.repository }}
tags: |
type=sha,prefix=sha-
type=raw,value=latest

- name: Build and push
id: build
uses: docker/build-push-action@v6
uses: docker/build-push-action@v7
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
cache-from: type=gha
cache-to: type=gha,mode=max
provenance: true
sbom: true

- name: Trivy image scan
uses: aquasecurity/trivy-action@master
with:
image-ref: ghcr.io/${{ github.repository }}:latest
format: sarif
output: trivy.sarif
severity: HIGH,CRITICAL
exit-code: '0'

- name: Upload Trivy results
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: trivy.sarif
Loading