yujunjun/datahub
2
0
Fork 0
mirror of https://github.com/datahub-project/datahub.git synced 2025-12-13 02:57:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

ci: fix publish and scan tasks and schedule (#13332)

Browse Source
This commit is contained in:
Chakru 2025-04-25 20:48:08 +05:30 committed by GitHub
parent 66e59f6ee7
commit 25a78d4960
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 15 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
.github/workflows/docker-unified.yml vendored
View File

@ -73,6 +73,7 @@ jobs:
build_runner_type: ${{ steps.set-runner.outputs.build_runner_type }} build_runner_type: ${{ steps.set-runner.outputs.build_runner_type }}
test_runner_type: ${{ steps.set-runner.outputs.test_runner_type }} test_runner_type: ${{ steps.set-runner.outputs.test_runner_type }}
test_runner_type_small: ${{ steps.set-runner.outputs.test_runner_type_small }}
use_depot_cache: ${{ steps.set-runner.outputs.use_depot_cache }} use_depot_cache: ${{ steps.set-runner.outputs.use_depot_cache }}
steps: steps:
- name: Check out the repo - name: Check out the repo
@ -105,7 +106,7 @@ jobs:
env: env:
ENABLE_PUBLISH: >- ENABLE_PUBLISH: >-
${{ ${{
github.event_name != 'pull_request' (github.event_name == 'workflow_dispatch' || github.event_name == 'schedule')
&& ( secrets.ACRYL_DOCKER_PASSWORD != '' ) && ( secrets.ACRYL_DOCKER_PASSWORD != '' )
}} }}
run: | run: |
@ -139,31 +140,19 @@ jobs:
if [[ "${{ env.DOCKER_CACHE }}" == "DEPOT" && "${{ env.DEPOT_PROJECT_ID }}" != "" ]]; then if [[ "${{ env.DOCKER_CACHE }}" == "DEPOT" && "${{ env.DEPOT_PROJECT_ID }}" != "" ]]; then
echo "build_runner_type=depot-ubuntu-24.04-4" >> "$GITHUB_OUTPUT" echo "build_runner_type=depot-ubuntu-24.04-4" >> "$GITHUB_OUTPUT"
echo "test_runner_type=depot-ubuntu-24.04-4" >> "$GITHUB_OUTPUT" echo "test_runner_type=depot-ubuntu-24.04-4" >> "$GITHUB_OUTPUT"
echo "test_runner_type_small=depot-ubuntu-24.04-small" >> "$GITHUB_OUTPUT"
echo "use_depot_cache=true" >> "$GITHUB_OUTPUT" echo "use_depot_cache=true" >> "$GITHUB_OUTPUT"
else else
echo "build_runner_type=ubuntu-latest" >> "$GITHUB_OUTPUT" echo "build_runner_type=ubuntu-latest" >> "$GITHUB_OUTPUT"
echo "test_runner_type=ubuntu-latest" >> "$GITHUB_OUTPUT" echo "test_runner_type=ubuntu-latest" >> "$GITHUB_OUTPUT"
echo "test_runner_type_small=ubuntu-latest" >> "$GITHUB_OUTPUT"
echo "use_depot_cache=false" >> "$GITHUB_OUTPUT" echo "use_depot_cache=false" >> "$GITHUB_OUTPUT"
# publishing is currently only supported via depot # publishing is currently only supported via depot
fi fi
- name: Check whether to run publishing build
id: run-publish-images
run: |
if [[ "${{ steps.set-runner.outputs.use_depot_cache }}" == 'true' &&
( "${{ steps.publish.outputs.publish }}" == 'true' ||
"${{ steps.pr-publish.outputs.pr-publish }}" == 'true' ||
"${{ github.event_name }}" == 'workflow_dispatch' ||
"${{ github.event_name }}" == 'schedule') ]]; then
echo "run_publish_images=true" >> "$GITHUB_OUTPUT"
else
echo "run_publish_images=false" >> "$GITHUB_OUTPUT"
fi
smoke_test_lint: smoke_test_lint:
name: Lint on smoke tests name: Lint on smoke tests
runs-on: depot-ubuntu-24.04 runs-on: ${{ needs.setup.outputs.test_runner_type_small }}
needs: setup needs: setup
if: ${{ needs.setup.outputs.smoke_test_change == 'true' }} if: ${{ needs.setup.outputs.smoke_test_change == 'true' }}
steps: steps:
@ -244,13 +233,13 @@ jobs:
password: ${{ secrets.ACRYL_DOCKER_PASSWORD }} password: ${{ secrets.ACRYL_DOCKER_PASSWORD }}
- name: Build all Images (For Smoke tests) - name: Build all Images (For Smoke tests)
if: ${{ needs.setup.outputs.run_publish_images == 'false' }} if: ${{ needs.setup.outputs.publish != 'true' && needs.setup.outputs.pr-publish != 'true' }}
# If not publishing, just a subset of images required for smoke tests is sufficient. # If not publishing, just a subset of images required for smoke tests is sufficient.
run: | run: |
./gradlew :docker:buildImagesQuickStartDebugConsumers -Ptag=${{ needs.setup.outputs.tag }} -PpythonDockerVersion=${{ needs.setup.outputs.python_release_version }} -PdockerRegistry=${{ env.DOCKER_REGISTRY }} ./gradlew :docker:buildImagesQuickStartDebugConsumers -Ptag=${{ needs.setup.outputs.tag }} -PpythonDockerVersion=${{ needs.setup.outputs.python_release_version }} -PdockerRegistry=${{ env.DOCKER_REGISTRY }}
- name: Build all Images (Publish) - name: Build all Images (Publish)
if: ${{ needs.setup.outputs.run_publish_images == 'true'}} if: ${{ needs.setup.outputs.publish == 'true' || needs.setup.outputs.pr-publish == 'true' }}
run: | run: |
./gradlew :docker:buildImagesAll -PmatrixBuild=true -Ptag=${{ needs.setup.outputs.tag }} -PshaTag=${{ needs.setup.outputs.short_sha }} -PpythonDockerVersion=${{ needs.setup.outputs.python_release_version }} -PdockerRegistry=${{ env.DOCKER_REGISTRY }} -PdockerPush=true ./gradlew :docker:buildImagesAll -PmatrixBuild=true -Ptag=${{ needs.setup.outputs.tag }} -PshaTag=${{ needs.setup.outputs.short_sha }} -PpythonDockerVersion=${{ needs.setup.outputs.python_release_version }} -PdockerRegistry=${{ env.DOCKER_REGISTRY }} -PdockerPush=true
@ -280,14 +269,20 @@ jobs:
scan_images: scan_images:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
name: Scan images for vulnerabilities name: Scan images for vulnerabilities
runs-on: depot-ubuntu-24.04 runs-on: depot-ubuntu-24.04
needs: [setup, base_build] needs: [setup, base_build]
if: ${{ needs.setup.outputs.run_publish_images == 'true' }} if: ${{ needs.setup.outputs.publish == 'true' || needs.setup.outputs.pr-publish == 'true' }}
strategy: strategy:
fail-fast: false fail-fast: false
matrix: ${{ fromJson(needs.base_build.outputs.matrix) }} matrix: ${{ fromJson(needs.base_build.outputs.matrix) }}
steps: steps:
- name: Checkout # adding checkout step just to make trivy upload happy
uses: acryldata/sane-checkout-action@v3
- id: download_image - id: download_image
name: Download images from depot name: Download images from depot
if: ${{ needs.setup.outputs.use_depot_cache == 'true' }} if: ${{ needs.setup.outputs.use_depot_cache == 'true' }}
@ -316,7 +311,7 @@ jobs:
sarif_file: "trivy-results.sarif" sarif_file: "trivy-results.sarif"
smoke_test_matrix: smoke_test_matrix:
runs-on: ${{ needs.setup.outputs.test_runner_type }} runs-on: ${{ needs.setup.outputs.test_runner_type_small }}
needs: setup needs: setup
if: ${{ (github.event_name == 'pull_request' || github.event_name == 'push') }} if: ${{ (github.event_name == 'pull_request' || github.event_name == 'push') }}
outputs: outputs: