Skip to content

Release/0.12.0

Release/0.12.0 #215

Workflow file for this run

name: CI
on:
push:
tags:
- '*'
branches:
- master
- develop
pull_request:
jobs:
test:
runs-on: ubuntu-latest
services:
postgres:
image: postgres
ports:
- 5432:5432
env:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: iglusecret
POSTGRES_DB: testdb
POSTGRES_PORT: 5432
options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
steps:
- uses: actions/checkout@v2
- uses: coursier/cache-action@v6
- name: Set up JDK 11
uses: actions/setup-java@v1
with:
java-version: 11
- name: Run tests
run: sbt +test
- name: Check Scala formatting
if: ${{ always() }}
run: sbt scalafmtCheckAll
- name: Check assets can be published
if: ${{ always() }}
run: sbt publishLocal
github_release:
needs: test
if: startsWith(github.ref, 'refs/tags/')
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: coursier/cache-action@v6
- name: Set up JDK 11
uses: actions/setup-java@v1
with:
java-version: 11
- name: Get current version
id: ver
run: echo "::set-output name=tag::${GITHUB_REF#refs/tags/}"
- name: Assemble fat jars
run: sbt "set assembly / test := {}" assembly
- name: Create GitHub release and attach artifacts
uses: softprops/action-gh-release@v1
with:
draft: true
prerelease: ${{ contains(steps.ver.outputs.tag, 'rc') }}
name: ${{ steps.ver.outputs.tag }}
tag_name: ${{ steps.ver.outputs.tag }}
files: |
target/scala-2.12/iglu-server-${{ steps.ver.outputs.tag }}.jar
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
publish_to_docker:
needs: test
if: startsWith(github.ref, 'refs/tags/')
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: coursier/cache-action@v6
- name: Set up JDK 11
uses: actions/setup-java@v1
with:
java-version: 11
- name: Docker login
run: docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD
env:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
- name: Get current version
id: ver
run: echo "::set-output name=tag::${GITHUB_REF#refs/tags/}"
- name: Get app base directory (distroless)
id: baseDirectoryDistroless
run: |
export BASE_DIRECTORY_DISTROLESS=$(sbt "project igluServerDistroless" baseDirectory -Dsbt.log.noformat=true | sed -n '/\[info\]/ s/\[info\] //p' | tail -1 | tr -d '\n')
echo "::set-output name=directory::$BASE_DIRECTORY_DISTROLESS"
- name: Stage the Docker build
run: sbt "project igluServer" docker:stage
- name: Stage the Docker distroless build
run: sbt "project igluServerDistroless" docker:stage
- name: Docker metadata
id: meta
uses: docker/metadata-action@v3
with:
images: snowplow/iglu-server
tags: |
type=raw,value=latest,enable=${{ !contains(steps.ver.outputs.tag, 'rc') }}
type=raw,value=latest-focal,enable=${{ !contains(steps.ver.outputs.tag, 'rc') }}
type=raw,value=${{ steps.ver.outputs.tag }}
type=raw,value=${{ steps.ver.outputs.tag }}-focal
flavor: |
latest=false
- name: Docker metadata distroless
id: meta-distroless
uses: docker/metadata-action@v3
with:
images: snowplow/iglu-server
tags: |
type=raw,value=latest-distroless,enable=${{ !contains(steps.ver.outputs.tag, 'rc') }}
type=raw,value=${{ steps.ver.outputs.tag }}-distroless
flavor: |
latest=false
- name: Set up QEMU
uses: docker/setup-qemu-action@v1
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- name: Push image
uses: docker/build-push-action@v2
with:
context: target/docker/stage
platforms: linux/amd64,linux/arm64/v8
tags: ${{ steps.meta.outputs.tags }}
push: true
- name: Push distroless image
uses: docker/build-push-action@v2
with:
context: ${{ steps.baseDirectoryDistroless.outputs.directory }}/target/docker/stage
platforms: linux/amd64,linux/arm64/v8
tags: ${{ steps.meta-distroless.outputs.tags }}
push: true
- name: Build local distroless image, which is needed to run Snyk
if: ${{ !contains(steps.ver.outputs.tag, 'rc') }}
run: sbt "project igluServerDistroless" docker:publishLocal
- name: Run Snyk to check for vulnerabilities
uses: snyk/actions/docker@master
if: ${{ !contains(steps.ver.outputs.tag, 'rc') }}
with:
image: "snowplow/iglu-server:${{ steps.ver.outputs.tag }}-distroless"
args: "--app-vulns --org=data-processing-new"
command: monitor
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}