Adding back InsertOperationTest (#1018) #53
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# @author Ivan Senic | |
# @author Saurabh Verma | |
name: Release Workflow | |
# runs on | |
# * pushing new tag with 'v' prefix | |
# * manual trigger | |
on: | |
push: | |
tags: | |
- 'v*' | |
workflow_dispatch: | |
inputs: | |
skipPublish: | |
description: 'Skip publishing docker images to repositories?' | |
required: true | |
default: true | |
type: boolean | |
tag: | |
description: 'Custom release tag value.' | |
required: true | |
type: string | |
# global env vars, available in all jobs and steps | |
env: | |
MAVEN_OPTS: '-Xmx4g' | |
jobs: | |
# resolves tag value | |
# outputs the resolved release tag value in the release-tag output var | |
resolve-tag: | |
name: Resolve tag | |
runs-on: ubuntu-latest | |
outputs: | |
release-tag: ${{ steps.resolve_tag.outputs.tag }} | |
steps: | |
- name: Set reference | |
id: vars | |
run: echo "tag=${GITHUB_REF#refs/*/}" >> $GITHUB_OUTPUT | |
- name: Resolve tag | |
id: resolve_tag | |
run: | | |
TAG=${{ inputs.tag != null && inputs.tag || steps.vars.outputs.tag }} | |
echo "Resolved tag for the release $TAG" | |
echo "tag=${TAG}" >> $GITHUB_OUTPUT | |
# creates a new release if it's not existing | |
# outputs the upload URL in the release-upload-url output var | |
create-release: | |
name: Create release | |
needs: resolve-tag | |
runs-on: ubuntu-latest | |
outputs: | |
release-upload-url: ${{ steps.create_release.outputs.upload_url }} | |
steps: | |
- name: Create release | |
id: create_release | |
uses: softprops/action-gh-release@v1 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
tag_name: ${{needs.resolve-tag.outputs.release-tag}} | |
release_name: Release ${{needs.resolve-tag.outputs.release-tag}} | |
draft: false | |
prerelease: false | |
# publishes the docker image to docker hub | |
publish-image-dockerhub: | |
name: Publish docker image to docker hub | |
needs: resolve-tag | |
runs-on: ubuntu-latest | |
# matrix props: | |
strategy: | |
matrix: | |
type: [ docker, native ] | |
include: | |
- type: docker | |
profile: '' | |
exclude: | |
- type: native | |
#profile: '-Pnative' | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v3 | |
with: | |
distribution: 'temurin' | |
java-version: '17' | |
cache: maven | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
# only set version here | |
- name: Install | |
run: | | |
./mvnw -B -ntp versions:set -DremoveSnapshot versions:commit | |
# build and push OSS image to Docker hub | |
- name: Login to DockerHub | |
uses: docker/login-action@v2 | |
with: | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_TOKEN }} | |
- name: Build data-api image and push (Docker Hub) | |
if: ${{ !inputs.skipPublish }} | |
run: | | |
./mvnw -B -ntp clean package -DskipTests -Dquarkus.container-image.build=true -Dquarkus.docker.buildx.platform=linux/amd64,linux/arm64 -Dquarkus.container-image.push=true -Dquarkus.container-image.tag=${{needs.resolve-tag.outputs.release-tag}} -Dquarkus.container-image.name=data-api ${{ matrix.profile }} | |
- name: Build data-api image and push (Docker Hub) | |
if: ${{ !inputs.skipPublish }} | |
run: | | |
./mvnw -B -ntp clean package -DskipTests -Dquarkus.container-image.build=true -Dquarkus.docker.buildx.platform=linux/amd64,linux/arm64 -Dquarkus.container-image.push=true -Dquarkus.container-image.tag=${{needs.resolve-tag.outputs.release-tag}} -Dquarkus.container-image.name=jsonapi ${{ matrix.profile }} | |
# publishes the docker image to ecr | |
publish-image-ecr: | |
name: Publish docker image to ecr | |
needs: resolve-tag | |
runs-on: ubuntu-latest | |
# matrix props: | |
strategy: | |
matrix: | |
type: [ docker, native ] | |
include: | |
- type: docker | |
profile: '' | |
exclude: | |
- type: native | |
#profile: '-Pnative' | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v3 | |
with: | |
distribution: 'temurin' | |
java-version: '17' | |
cache: maven | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
# only set version here | |
- name: Install | |
run: | | |
./mvnw -B -ntp versions:set -DremoveSnapshot versions:commit | |
# build and push Astra image to Amazon ECR | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-access-key-id: ${{ secrets.ECR_ACCESS_KEY }} | |
aws-secret-access-key: ${{ secrets.ECR_SECRET_KEY }} | |
aws-region: us-east-1 | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v1 | |
with: | |
mask-password: 'true' | |
# downloads and prepares datastax assets | |
- name: Download branding assets | |
if: ${{ !inputs.skipPublish }} | |
run : | | |
curl https://www.datastax.com/favicon.ico -o ./src/main/resources/META-INF/branding/favicon.ico | |
curl https://cdn.sanity.io/files/bbnkhnhl/production/cf8b48832cfd43cdb24aec0e0d1c656e9234b620.zip -o icons.zip | |
unzip -j icons.zip 'Brand\ Icons/astra-square.png' -d ./src/main/resources/META-INF/branding/ | |
mv ./src/main/resources/META-INF/branding/astra-square.png ./src/main/resources/META-INF/branding/logo.png | |
# builds image, overwrite the build time props | |
- name: Build and push (Amazon ECR) | |
if: ${{ !inputs.skipPublish }} | |
env: | |
QUARKUS_APPLICATION_NAME: 'Astra DB Serverless Data API' | |
QUARKUS_SMALLRYE_OPENAPI_INFO_DESCRIPTION: 'The Astra DB Serverless Data API modifies and queries data stored as unstructured JSON documents in collections. See the [documentation site](https://docs.datastax.com/en/astra/astra-db-vector/api-reference/data-api.html) for additional information.' | |
QUARKUS_SMALLRYE_OPENAPI_INFO_TERMS_OF_SERVICE: 'https://www.datastax.com/legal' | |
QUARKUS_SMALLRYE_OPENAPI_INFO_CONTACT_NAME: 'DataStax' | |
QUARKUS_SMALLRYE_OPENAPI_INFO_CONTACT_URL: 'https://www.datastax.com/contact-us' | |
QUARKUS_SMALLRYE_OPENAPI_INFO_LICENSE_NAME: '' | |
QUARKUS_SMALLRYE_OPENAPI_INFO_LICENSE_URL: '' | |
run: | | |
./mvnw -B -ntp clean package -DskipTests -Dquarkus.container-image.build=true -Dquarkus.docker.buildx.platform=linux/amd64,linux/arm64 -Dquarkus.container-image.push=true -Dquarkus.container-image.registry=${{ secrets.ECR_REPOSITORY }} -Dquarkus.container-image.tag=${{needs.resolve-tag.outputs.release-tag}} ${{ matrix.profile }} | |
# signs all docker images with cosign | |
# skip whole job if we did not push images | |
sign-images: | |
name: Sign container images | |
needs: [resolve-tag, publish-image-ecr] | |
if: ${{ !inputs.skipPublish }} | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
image: [jsonapi, jsonapi-native] | |
exclude: | |
- image: jsonapi-native | |
env: | |
# not a newest version, this reflects riptano action target version | |
COSIGN_VERSION: v1.9.0 | |
steps: | |
- name: Install Cosign | |
uses: sigstore/cosign-installer@main | |
with: | |
cosign-release: ${COSIGN_VERSION} | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-access-key-id: ${{ secrets.ECR_ACCESS_KEY }} | |
aws-secret-access-key: ${{ secrets.ECR_SECRET_KEY }} | |
aws-region: us-east-1 | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v1 | |
with: | |
mask-password: 'true' | |
- name: Sign a docker image | |
shell: bash | |
env: | |
# we want to sign both v1 (as quarkus.container-image.additional-tags) and current release | |
COSIGN_IMAGE: ${{ secrets.ECR_REPOSITORY }}/stargateio/${{ matrix.image }}:${{ needs.resolve-tag.outputs.release-tag }} | |
COSIGN_IMAGE_V1: ${{ secrets.ECR_REPOSITORY }}/stargateio/${{ matrix.image }}:v1 | |
COSIGN_PRIVATE_BASE64: ${{ secrets.COSIGN_PRIVATE_BASE64}} | |
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD}} | |
COSIGN_KEY_FILE: _cosign_key_ | |
AUX_KEY: signedby | |
AUX_VALUE: stargate | |
run: | | |
echo $COSIGN_PRIVATE_BASE64 | base64 --decode > $COSIGN_KEY_FILE | |
echo "=== signing image [$COSIGN_IMAGE] ..." | |
cosign sign --key $COSIGN_KEY_FILE -a $AUX_KEY=$AUX_VALUE $COSIGN_IMAGE | |
echo "=== signing image [$COSIGN_IMAGE_V1] ..." | |
cosign sign --key $COSIGN_KEY_FILE -a $AUX_KEY=$AUX_VALUE $COSIGN_IMAGE_V1 | |
# creates a PR for bumping the versions to the next snapshot | |
# only executed if we have created the new release | |
create-pr: | |
name: Version upgrade PR | |
needs: create-release | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v3 | |
with: | |
distribution: 'temurin' | |
java-version: '17' | |
cache: maven | |
- name: Generate changelog | |
continue-on-error: true | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: ./update_changelog.sh | |
- name: Update version number | |
run: | | |
./mvnw -B -ntp release:update-versions -DautoVersionSubmodules=true versions:commit | |
./mvnw -B -ntp xml-format:xml-format fmt:format | |
- name: Version bump PR | |
uses: peter-evans/create-pull-request@v4 | |
env: | |
GITHUB_TOKEN: | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
commit-message: "Bumping version for the next data-api release" | |
title: "Bumping version for next data-api release" | |
branch-suffix: "short-commit-hash" | |
base: "main" | |