chore(tools): add scan_bot_traffic.py for ad-hoc abuse forensics #49
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: | |
| - master | |
| pull_request: | |
| permissions: | |
| contents: read | |
| jobs: | |
| test: | |
| name: Test | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: actions/setup-python@v6 | |
| with: | |
| python-version: '3.12' | |
| cache: pip | |
| - uses: actions/setup-node@v6 | |
| with: | |
| node-version: 22 | |
| cache: npm | |
| - uses: actions/setup-go@v5 | |
| with: | |
| go-version: '1.22' | |
| cache-dependency-path: prod/botshed/go.sum | |
| - run: sudo apt-get update && sudo apt-get install -y mandoc | |
| - run: pip install -r requirements-dev.txt | |
| - run: npm ci | |
| - run: npx playwright install --with-deps chromium | |
| - run: make tests-all | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| prod-image: | |
| name: Build prod image & check size | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - id: db | |
| # Dockerfile requires DB_NAME (pins the release asset that gets | |
| # baked in). Resolve the newest one here so this job builds the | |
| # same image the deploy pipeline would. | |
| run: | | |
| NAME=$(gh api "repos/${{ github.repository }}/releases/tags/db-latest" \ | |
| --jq '[.assets[] | select(.name | test("^explainshell-.*\\.db\\.zst$"))] | sort_by(.created_at) | last | .name') | |
| echo "name=$NAME" >> "$GITHUB_OUTPUT" | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - run: docker build -t size-check -f prod/docker/Dockerfile --build-arg DB_NAME=${{ steps.db.outputs.name }} . | |
| - name: Check image size | |
| run: | | |
| MAX_MB=800 | |
| SIZE=$(docker image inspect size-check --format '{{.Size}}') | |
| SIZE_MB=$((SIZE / 1048576)) | |
| echo "Image size: ${SIZE_MB}MB (max: ${MAX_MB}MB)" | |
| if [ "$SIZE_MB" -gt "$MAX_MB" ]; then | |
| echo "::error::Docker image size ${SIZE_MB}MB exceeds ${MAX_MB}MB limit" | |
| exit 1 | |
| fi |