-
Notifications
You must be signed in to change notification settings - Fork 3
124 lines (121 loc) · 3.99 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
name: CI
on:
push:
tags:
- '*'
pull_request:
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: coursier/cache-action@v6
- name: Set up JDK 11
uses: actions/setup-java@v1
with:
java-version: 11
- name: Install sbt
uses: sbt/setup-sbt@v1
- name: Check Scala formatting
run: sbt scalafmtCheckAll scalafmtSbtCheck
- name: Run tests
run: sbt test
publish_docker:
needs: test
if: github.ref_type == 'tag'
runs-on: ubuntu-latest
strategy:
matrix:
sbtProject:
- azure
- gcp
- aws
- awsHudi
- gcpHudi
- azureHudi
- gcpBiglake
include:
- sbtProject: azure
runSnyk: true
targetDir: "modules/azure/target"
dockerSuffix: azure
dockerTagSuffix: ""
- sbtProject: gcp
runSnyk: true
targetDir: "modules/gcp/target"
dockerSuffix: gcp
dockerTagSuffix: ""
- sbtProject: aws
runSnyk: true
targetDir: "modules/aws/target"
dockerSuffix: aws
dockerTagSuffix: ""
- sbtProject: azureHudi
runSnyk: false
targetDir: "packaging/hudi/target/azure"
dockerSuffix: azure
dockerTagSuffix: "-hudi"
- sbtProject: gcpHudi
runSnyk: false
targetDir: "packaging/hudi/target/gcp"
dockerSuffix: gcp
dockerTagSuffix: "-hudi"
- sbtProject: awsHudi
runSnyk: false
targetDir: "packaging/hudi/target/aws"
dockerSuffix: aws
dockerTagSuffix: "-hudi"
- sbtProject: gcpBiglake
runSnyk: false
targetDir: "packaging/biglake/target/gcp"
dockerSuffix: gcp
dockerTagSuffix: "-biglake"
steps:
- name: Checkout Github
uses: actions/checkout@v2
- uses: coursier/cache-action@v6
- name: Set up JDK 11 for loader and streaming transformer
uses: actions/setup-java@v1
with:
java-version: 11
- name: Docker login
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Stage the Docker build
run: sbt "project ${{ matrix.sbtProject}}" docker:stage
- name: Docker metadata
id: meta
uses: docker/metadata-action@v3
with:
images: "snowplow/lake-loader-${{ matrix.dockerSuffix }}"
tags: |
type=raw,value=latest${{ matrix.dockerTagSuffix }},enable=${{ !contains(github.ref_name, 'rc') }}
type=raw,value=${{ github.ref_name }}${{ matrix.dockerTagSuffix }}
flavor: |
latest=false
- name: Set up QEMU
uses: docker/setup-qemu-action@v1
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- name: Push image
uses: docker/build-push-action@v2
with:
context: ${{ matrix.targetDir }}/docker/stage
file: ${{ matrix.targetDir }}/docker/stage/Dockerfile
platforms: linux/amd64,linux/arm64/v8
tags: ${{ steps.meta.outputs.tags }}
push: true
- name: Build local image, which is needed to run Snyk
if: ${{ !contains(github.ref_name, 'rc') && fromJSON(matrix.runSnyk) }}
run: sbt "project ${{ matrix.sbtProject }}" docker:publishLocal
- name: Run Snyk to check for vulnerabilities
uses: snyk/actions/docker@master
if: ${{ !contains(github.ref_name, 'rc') && fromJSON(matrix.runSnyk) }}
with:
image: "snowplow/lake-loader-${{ matrix.dockerSuffix }}:${{ github.ref_name }}${{ matrix.dockerTagSuffix }}"
args: "--app-vulns --org=99605b41-ca0f-42c9-a9ff-45c201a10a26"
command: monitor
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}