Skip to content
Build and Test

Vulnerability scan workflow #3768

Sign in to view logs

Vulnerability scan workflow

Vulnerability scan workflow #3768

Workflow file for this run

.github/workflows/test.yml at f729ee6
name: Build and Test
concurrency:
group: ${{ github.workflow }}-${{ github.ref_name }}-${{ github.event_name }}
cancel-in-progress: true
on:
push:
tags:
- "v*.*.*-rc*"
- "v*.*-rc*"
pull_request:
merge_group:
workflow_dispatch:
inputs:
arch:
description: "Architecture to build the image for (amd64/arm64)"
type: choice
default: "amd64"
options:
- "amd64"
- "arm64"
memgraph_version:
description: "Memgraph version built into this image (format: X.Y.Z). You can leave empty if using custom download link."
type: string
required: false
memgraph_download_link:
description: "Memgraph package download link. Leave empty to use the official download link."
type: string
required: false
memgraph_ref:
type: string
description: "Memgraph submodule branch to build query modules from"
default: 'master'
memgraph_ref_update:
type: boolean
description: "Update Memgraph submodule to the latest commit"
default: true
jobs:
# setup some variables for the default memgraph download link/version
TestVariables:
if: github.ref_type != 'tag'
runs-on: ["self-hosted"]
outputs:
mage_version: ${{ steps.compute.outputs.mage_version }}
memgraph_version: ${{ steps.compute.outputs.memgraph_version }}
memgraph_commit: ${{ steps.compute.outputs.memgraph_commit }}
build_date: ${{ steps.compute.outputs.build_date }}
binary_name_base: ${{ steps.compute.outputs.binary_name_base }}
arm_binary_url: ${{ steps.compute.outputs.arm_binary_url }}
x86_binary_url: ${{ steps.compute.outputs.x86_binary_url }}
steps:
- name: Set up repository
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: eu-west-1
- name: Compute variables using Python script
id: compute
run: |
read mage_version memgraph_version memgraph_commit build_date < <(python3 scripts/daily_build_vars.py)
echo "mage_version=${mage_version}" >> $GITHUB_OUTPUT
echo "memgraph_version=${memgraph_version}" >> $GITHUB_OUTPUT
echo "memgraph_commit=${memgraph_commit}" >> $GITHUB_OUTPUT
echo "build_date=${build_date}" >> $GITHUB_OUTPUT
binary_name_base=$(python3 -c "import urllib.parse; print(urllib.parse.quote('memgraph_' + '$memgraph_version' + '-1'))")
echo "binary_name_base=${binary_name_base}" >> $GITHUB_OUTPUT
arm_binary_url="https://s3.eu-west-1.amazonaws.com/deps.memgraph.io/daily-build/memgraph/${build_date}/ubuntu-24.04-aarch64/${binary_name_base}_arm64.deb"
x86_binary_url="https://s3.eu-west-1.amazonaws.com/deps.memgraph.io/daily-build/memgraph/${build_date}/ubuntu-24.04/${binary_name_base}_amd64.deb"
echo "arm_binary_url=$arm_binary_url" >> $GITHUB_OUTPUT
echo "x86_binary_url=$x86_binary_url" >> $GITHUB_OUTPUT
# Print to console for debugging:
echo "DEBUG: mage_version=${mage_version}"
echo "DEBUG: memgraph_version=${memgraph_version}"
echo "DEBUG: memgraph_commit=${memgraph_commit}"
echo "DEBUG: build_date=${build_date}"
echo "DEBUG: binary_name_base=memgraph_${memgraph_version}-1"
RC_test:
if: github.ref_type == 'tag'
strategy:
fail-fast: false
matrix:
mg_version: ["3.1.1"]
mg_rc_version: ["rc2"]
arch: ["amd64", "arm64"]
uses: ./.github/workflows/reusable_test.yml
with:
arch: "${{ matrix.arch }}"
memgraph_ref: "v${{ matrix.mg_version }}-${{ matrix.mg_rc_version }}"
memgraph_ref_update: "false"
memgraph_download_link: "s3://deps.memgraph.io/memgraph/v${{ matrix.mg_version }}-${{ matrix.mg_rc_version }}/ubuntu-24.04${{ matrix.arch == 'arm64' && '-aarch64' || '' }}/memgraph_${{ matrix.mg_version }}-1_${{ matrix.arch }}.deb"
secrets: inherit
PR_test:
if: github.event_name == 'pull_request' || github.event_name == 'merge_group'
needs: [TestVariables]
strategy:
fail-fast: false
matrix:
arch: ["amd64","arm64"]
uses: ./.github/workflows/reusable_test.yml
with:
arch: "${{ matrix.arch }}"
memgraph_version: ${{ needs.TestVariables.outputs.memgraph_version }}
memgraph_download_link: ${{ matrix.arch == 'arm64' && needs.TestVariables.outputs.arm_binary_url || needs.TestVariables.outputs.x86_binary_url }}
memgraph_ref: ${{ needs.TestVariables.outputs.memgraph_commit }}
memgraph_ref_update: "true"
secrets: inherit
Manual_test:
if: github.event_name == 'workflow_dispatch'
needs: [TestVariables]
uses: ./.github/workflows/reusable_test.yml
with:
arch: "${{ github.event.inputs.arch }}"
memgraph_version: "${{ github.event.inputs.memgraph_version || needs.TestVariables.outputs.memgraph_version }}"
memgraph_download_link: ${{ github.event.inputs.memgraph_download_link || ( github.event.inputs.arch == 'arm64' && needs.TestVariables.outputs.arm_binary_url || needs.TestVariables.outputs.x86_binary_url ) }}
memgraph_ref: "${{ github.event.inputs.memgraph_ref || needs.TestVariables.outputs.memgraph_commit }}"
memgraph_ref_update: "${{ github.event.inputs.memgraph_ref_update }}"
secrets: inherit
Nightly_test:
if: github.event_name == 'schedule'
needs: [TestVariables]
strategy:
fail-fast: false
matrix:
arch: ["amd64", "arm64"]
uses: ./.github/workflows/reusable_test.yml
with:
arch: "${{ matrix.arch }}"
memgraph_version: ${{ needs.TestVariables.outputs.memgraph_version }}
memgraph_download_link: ${{ matrix.arch == 'arm64' && needs.TestVariables.outputs.arm_binary_url || needs.TestVariables.outputs.x86_binary_url }}
memgraph_ref: ${{ needs.TestVariables.outputs.memgraph_commit }}
memgraph_ref_update: "true"
secrets: inherit