Merge pull request #139 from leeebai/2.0.0 #3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build + Docker Uberjar | |
on: | |
push: | |
paths-ignore: | |
- 'docs/**' | |
- 'frontend/test/**' | |
- 'enterprise/frontend/test/**' | |
- ".**" | |
- "test*" | |
jobs: | |
build: | |
name: Build MB ${{ matrix.edition }} | |
runs-on: ubuntu-20.04 | |
timeout-minutes: 40 | |
strategy: | |
matrix: | |
edition: [ee, oss] | |
env: | |
MB_EDITION: ${{ matrix.edition }} | |
INTERACTIVE: false | |
steps: | |
- name: Check out the code | |
uses: actions/checkout@v3 | |
- name: Prepare front-end environment | |
uses: ./.github/actions/prepare-frontend | |
- name: Prepare back-end environment | |
uses: ./.github/actions/prepare-backend | |
- name: Build | |
run: ./bin/build | |
- name: Prepare uberjar artifact | |
uses: ./.github/actions/prepare-uberjar-artifact | |
check_jar_health: | |
runs-on: ubuntu-20.04 | |
name: Is ${{ matrix.edition }} (java ${{ matrix.java-version }}) healthy? | |
needs: build | |
timeout-minutes: 10 | |
strategy: | |
matrix: | |
edition: [ee, oss] | |
java-version: [11, 17] | |
steps: | |
- name: Prepare JRE (Java Run-time Environment) | |
uses: actions/setup-java@v3 | |
with: | |
java-package: jre | |
java-version: ${{ matrix.java-version }} | |
distribution: 'temurin' | |
- run: java -version | |
- uses: actions/download-artifact@v2 | |
name: Retrieve uberjar artifact | |
with: | |
name: metabase-${{ matrix.edition }}-uberjar | |
- name: Launch uberjar | |
run: java -jar ./target/uberjar/metabase.jar & | |
- name: Wait for Metabase to start | |
run: while ! curl -s 'http://localhost:3000/api/health' | grep '{"status":"ok"}'; do sleep 1; done | |
containerize_test_and_push_container: | |
runs-on: ubuntu-20.04 | |
name: Containerize ${{ matrix.edition }} | |
needs: check_jar_health | |
strategy: | |
matrix: | |
edition: [ee, oss] | |
services: | |
registry: | |
image: registry:2 | |
ports: | |
- 5000:5000 | |
steps: | |
- name: Extract and clean branch name | |
shell: bash | |
run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/} | sed 's/[^-._a-zA-Z0-9]/-/g')" | |
id: extract_branch | |
- name: Check out the code (Dockerfile needed) | |
uses: actions/checkout@v3 | |
- name: Download uploaded artifacts to insert into container | |
uses: actions/download-artifact@v2 | |
with: | |
name: metabase-${{ matrix.edition }}-uberjar | |
path: bin/docker/ | |
- name: Move the ${{ matrix.edition }} uberjar to the context dir | |
run: mv bin/docker/target/uberjar/metabase.jar bin/docker/. | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v1 | |
with: | |
driver-opts: network=host | |
- name: Build ${{ matrix.edition }} container | |
uses: docker/build-push-action@v2 | |
with: | |
context: bin/docker/. | |
platforms: linux/amd64 | |
network: host | |
tags: localhost:5000/metabase-dev:${{ steps.extract_branch.outputs.branch }}-${{ matrix.edition }} | |
no-cache: true | |
push: true | |
- name: Launch ${{ matrix.edition }} container | |
run: docker run --rm -dp 3000:3000 localhost:5000/metabase-dev:${{ steps.extract_branch.outputs.branch }}-${{ matrix.edition }} | |
timeout-minutes: 5 | |
- name: Is Docker running? | |
run: docker ps | |
- name: Wait for Metabase to start and reach 100% health | |
run: while ! curl -s 'http://localhost:3000/api/health' | grep '{"status":"ok"}'; do sleep 1; done | |
timeout-minutes: 1 | |
- name: Login to Docker Hub | |
uses: docker/login-action@v1 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Retag and push images if master or main (ee) | |
if: ${{ (github.ref_name == 'master' || github.ref_name == 'main') && matrix.edition == 'ee' }} | |
run: docker tag localhost:5000/metabase-dev:${{ steps.extract_branch.outputs.branch }}-ee metabase/metabase-enterprise-head:latest && docker push metabase/metabase-enterprise-head:latest | |
- name: Retag and push images if master or main (oss) | |
if: ${{ (github.ref_name == 'master' || github.ref_name == 'main') && matrix.edition == 'oss' }} | |
run: docker tag localhost:5000/metabase-dev:${{ steps.extract_branch.outputs.branch }}-oss metabase/metabase-head:latest && docker push metabase/metabase-head:latest | |
- name: Retag and push images if branch | |
if: ${{ !(startsWith(github.ref_name,'master') || startsWith(github.ref_name,'main') || startsWith(github.ref_name,'backport')) && matrix.edition == 'ee' }} | |
run: docker tag localhost:5000/metabase-dev:${{ steps.extract_branch.outputs.branch }}-ee metabase/metabase-dev:${{ steps.extract_branch.outputs.branch }} && docker push metabase/metabase-dev:${{ steps.extract_branch.outputs.branch }} | |
- name: Run Trivy vulnerability scanner if master or main (ee) | |
if: ${{ (github.ref_name == 'master' || github.ref_name == 'main') && matrix.edition == 'ee' }} | |
uses: aquasecurity/trivy-action@master | |
with: | |
image-ref: docker.io/metabase/metabase-enterprise-head:latest | |
format: sarif | |
output: trivy-results.sarif | |
- name: Run Trivy vulnerability scanner if master or main (oss) | |
if: ${{ (github.ref_name == 'master' || github.ref_name == 'main') && matrix.edition == 'oss' }} | |
uses: aquasecurity/trivy-action@master | |
with: | |
image-ref: docker.io/metabase/metabase-head:latest | |
format: sarif | |
output: trivy-results.sarif | |
- name: Run Trivy vulnerability scanner if dev branch | |
if: ${{ !(startsWith(github.ref_name,'master') || startsWith(github.ref_name,'main') || startsWith(github.ref_name,'backport')) && matrix.edition == 'ee' }} | |
uses: aquasecurity/trivy-action@master | |
with: | |
image-ref: docker.io/metabase/metabase-dev:${{ steps.extract_branch.outputs.branch }} | |
format: sarif | |
output: trivy-results.sarif | |
- name: Upload Trivy scan results to GitHub Security tab if master or main (ee) | |
if: ${{ (github.ref_name == 'master' || github.ref_name == 'main') && matrix.edition == 'ee' }} | |
uses: github/codeql-action/upload-sarif@v2 | |
with: | |
sarif_file: 'trivy-results.sarif' | |
- name: Upload Trivy scan results to GitHub Security tab if master or main (oss) | |
if: ${{ (github.ref_name == 'master' || github.ref_name == 'main') && matrix.edition == 'oss' }} | |
uses: github/codeql-action/upload-sarif@v2 | |
with: | |
sarif_file: 'trivy-results.sarif' | |
- name: Upload Trivy scan results to GitHub Security tab if dev branch | |
if: ${{ !(startsWith(github.ref_name,'master') || startsWith(github.ref_name,'main') || startsWith(github.ref_name,'backport')) && matrix.edition == 'ee' }} | |
uses: github/codeql-action/upload-sarif@v2 | |
with: | |
sarif_file: 'trivy-results.sarif' |