diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml deleted file mode 100644 index 23eb9f52f..000000000 --- a/.github/workflows/release.yml +++ /dev/null @@ -1,151 +0,0 @@ -name: release - -on: - push: - tags: - - '*' - branches: - - 'snapshot/**' - -jobs: - publish_docker: - if: startsWith(github.ref, 'refs/tags/') || startsWith(github.ref, 'refs/heads/snapshot') - runs-on: ubuntu-latest - strategy: - matrix: - app: - - pubsub - - kinesis - - kafka - - nsq - include: - - app: kinesis - run_snyk: ${{ !contains(github.ref, 'rc') }} - - app: pubsub - run_snyk: ${{ !contains(github.ref, 'rc') }} - - app: kafka - run_snyk: ${{ !contains(github.ref, 'rc') }} - - app: nsq - run_snyk: ${{ !contains(github.ref, 'rc') }} - steps: - - uses: actions/checkout@v2 - if: startsWith(github.ref, 'refs/tags/') - - name: Checkout with history for version info - uses: actions/checkout@v2 - if: startsWith(github.ref, 'refs/heads/snapshot') - with: - fetch-depth: 0 - - uses: coursier/cache-action@v6 - - name: Set up JDK 11 - uses: actions/setup-java@v1 - with: - java-version: 11 - - name: Docker login - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - - name: Get current version - if: startsWith(github.ref, 'refs/tags/') - id: ver - run: echo "::set-output name=tag::${GITHUB_REF#refs/tags/}" - - name: Get current version (snapshot) - if: startsWith(github.ref, 'refs/heads/snapshot') - id: ver-snapshot - run: | - export SNAPSHOT_VERSION=$(sbt common/version -Dsbt.log.noformat=true | grep 'SNAPSHOT' | awk '{ print $2 }') - echo "::set-output name=tag::$SNAPSHOT_VERSION" - - name: Get app package name - id: packageName - run: | - export PACKAGE_NAME=$(sbt "project ${{ matrix.app }}" dockerAlias -Dsbt.log.noformat=true | sed -n '/\[info\]/ s/\[info\] //p' | tail -1 | tr -d '\n' | cut -d":" -f1) - echo "::set-output name=package_name::$PACKAGE_NAME" - - name: Get app base directory - id: baseDirectory - run: | - export BASE_DIRECTORY=$(sbt "project ${{ matrix.app }}" baseDirectory -Dsbt.log.noformat=true | sed -n '/\[info\]/ s/\[info\] //p' | tail -1 | tr -d '\n') - echo "::set-output name=directory::$BASE_DIRECTORY" - - name: Get app base directory (distroless) - id: baseDirectoryDistroless - run: | - export BASE_DIRECTORY_DISTROLESS=$(sbt "project ${{ matrix.app }}Distroless" baseDirectory -Dsbt.log.noformat=true | sed -n '/\[info\]/ s/\[info\] //p' | tail -1 | tr -d '\n') - echo "::set-output name=directory::$BASE_DIRECTORY_DISTROLESS" - - name: Stage the Docker build - run: sbt "project ${{ matrix.app }}" docker:stage - - name: Stage the Docker distroless build - run: sbt "project ${{ matrix.app }}Distroless" docker:stage - - name: Docker metadata - id: meta - uses: docker/metadata-action@v3 - with: - images: ${{ steps.packageName.outputs.package_name }} - tags: | - type=raw,value=latest,enable=${{ !contains(steps.ver.outputs.tag, 'rc') && !contains(steps.ver-snapshot.outputs.tag, 'SNAPSHOT' )}} - type=raw,value=latest-focal,enable=${{ !contains(steps.ver.outputs.tag, 'rc') && !contains(steps.ver-snapshot.outputs.tag, 'SNAPSHOT' )}} - type=raw,value=${{ steps.ver.outputs.tag }},enable=${{ !contains(steps.ver.outputs.tag, 'SNAPSHOT') && steps.ver.outputs.tag != '' }} - type=raw,value=${{ steps.ver.outputs.tag }}-focal,enable=${{ !contains(steps.ver.outputs.tag, 'SNAPSHOT') && steps.ver.outputs.tag != '' }} - type=raw,value=${{ steps.ver-snapshot.outputs.tag }},enable=${{ contains(steps.ver-snapshot.outputs.tag, 'SNAPSHOT') }} - type=raw,value=${{ steps.ver-snapshot.outputs.tag }}-focal,enable=${{ contains(steps.ver-snapshot.outputs.tag, 'SNAPSHOT') }} - flavor: | - latest=false - - name: Docker metadata distroless - id: distroless-meta - uses: docker/metadata-action@v3 - with: - images: ${{ steps.packageName.outputs.package_name }} - tags: | - type=raw,value=latest-distroless,enable=${{ !contains(steps.ver.outputs.tag, 'rc') && !contains(steps.ver-snapshot.outputs.tag, 'SNAPSHOT' )}} - type=raw,value=${{ steps.ver.outputs.tag }}-distroless,enable=${{ !contains(steps.ver.outputs.tag, 'SNAPSHOT') && steps.ver.outputs.tag != '' }} - type=raw,value=${{ steps.ver-snapshot.outputs.tag }}-distroless,enable=${{ contains(steps.ver-snapshot.outputs.tag, 'SNAPSHOT') }} - flavor: | - latest=false - - name: Set up QEMU - uses: docker/setup-qemu-action@v1 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 - - name: Push image - uses: docker/build-push-action@v2 - with: - context: ${{ steps.baseDirectory.outputs.directory }}/target/docker/stage - file: ${{ steps.baseDirectory.outputs.directory }}/target/docker/stage/Dockerfile - platforms: linux/amd64,linux/arm64/v8 - tags: ${{ steps.meta.outputs.tags }} - push: true - - name: Push distroless image - uses: docker/build-push-action@v2 - with: - context: ${{ steps.baseDirectoryDistroless.outputs.directory }}/target/docker/stage - file: ${{ steps.baseDirectoryDistroless.outputs.directory }}/target/docker/stage/Dockerfile - platforms: linux/amd64,linux/arm64/v8 - tags: ${{ steps.distroless-meta.outputs.tags }} - push: true - - name: Build local distroless image, which is needed to run Snyk - if: matrix.run_snyk - run: sbt "project ${{ matrix.app }}Distroless" docker:publishLocal - - name: Run Snyk to check for vulnerabilities - uses: snyk/actions/docker@master - if: matrix.run_snyk - with: - image: "${{ steps.packageName.outputs.package_name }}:${{ steps.ver.outputs.tag }}-distroless" - args: "--app-vulns --org=data-processing-new" - command: monitor - env: - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - - publish_sce: - if: startsWith(github.ref, 'refs/tags/') - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - uses: coursier/cache-action@v6 - - name: Set up JDK 11 - uses: actions/setup-java@v1 - with: - java-version: 11 - - name: Deploy SCE on Maven Central - run: sbt "project common" ci-release - env: - PGP_PASSPHRASE: ${{ secrets.SONA_PGP_PASSPHRASE }} - PGP_SECRET: ${{ secrets.SONA_PGP_SECRET }} - SONATYPE_USERNAME: ${{ secrets.SONA_USER }} - SONATYPE_PASSWORD: ${{ secrets.SONA_PASS }}