-
Notifications
You must be signed in to change notification settings - Fork 16
143 lines (125 loc) · 4.79 KB
/
pr-build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
name: build and validate
on:
schedule:
- cron: 11 11 * * 3
push:
branches:
- main
pull_request_target:
branches:
- main
jobs:
build:
runs-on: ubuntu-22.04
steps:
# Set fetch-depth: 0 to fetch commit history and tags for use in version calculation
- name: Check out code
uses: actions/checkout@v3
with:
ref: ${{github.event.pull_request.head.ref}}
repository: ${{github.event.pull_request.head.repo.full_name}}
fetch-depth: 0
- name: Login to Docker Hub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_READ_USER }}
password: ${{ secrets.DOCKERHUB_READ_TOKEN }}
- name: Build with Gradle
uses: hypertrace/github-actions/gradle@main
with:
args: build -x avroCompatibilityCheck dockerBuildImages
- name: Run Trivy vulnerability scanner for ingester
uses: hypertrace/github-actions/trivy-image-scan@main
with:
image: hypertrace/hypertrace-ingester
output-mode: github
category: hypertrace-ingester
- name: Run Trivy vulnerability scanner for span-normalizer
uses: hypertrace/github-actions/trivy-image-scan@main
with:
image: hypertrace/span-normalizer
output-mode: github
category: span-normalizer
- name: Run Trivy vulnerability scanner for raw-spans-grouper
uses: hypertrace/github-actions/trivy-image-scan@main
with:
image: hypertrace/raw-spans-grouper
output-mode: github
category: raw-spans-grouper
- name: Run Trivy vulnerability scanner for trace-enricher
uses: hypertrace/github-actions/trivy-image-scan@main
with:
image: hypertrace/hypertrace-trace-enricher
output-mode: github
category: hypertrace-trace-enricher
- name: Run Trivy vulnerability scanner for view creator
uses: hypertrace/github-actions/trivy-image-scan@main
with:
image: hypertrace/hypertrace-view-creator
output-mode: github
category: hypertrace-view-creator
- name: Run Trivy vulnerability scanner for view-generator
uses: hypertrace/github-actions/trivy-image-scan@main
with:
image: hypertrace/hypertrace-view-generator
output-mode: github
category: hypertrace-view-generator
- name: Run Trivy vulnerability scanner for metrics generator
uses: hypertrace/github-actions/trivy-image-scan@main
with:
image: hypertrace/hypertrace-metrics-generator
output-mode: github
category: hypertrace-metrics-generator
- name: Run Trivy vulnerability scanner for metrics processor
uses: hypertrace/github-actions/trivy-image-scan@main
with:
image: hypertrace/hypertrace-metrics-processor
output-mode: github
category: hypertrace-metrics-processor
- name: Run Trivy vulnerability scanner for metrics exporter
uses: hypertrace/github-actions/trivy-image-scan@main
with:
image: hypertrace/hypertrace-metrics-exporter
output-mode: github
category: hypertrace-metrics-exporter
validate-helm-charts:
runs-on: ubuntu-22.04
container:
image: hypertrace/helm-gcs-packager:0.3.1
credentials:
username: ${{ secrets.DOCKERHUB_READ_USER }}
password: ${{ secrets.DOCKERHUB_READ_TOKEN }}
# Set fetch-depth: 0 to fetch commit history and tags for use in version calculation
steps:
- name: Check out code
uses: actions/checkout@v3
with:
ref: ${{github.event.pull_request.head.ref}}
repository: ${{github.event.pull_request.head.repo.full_name}}
fetch-depth: 0
- name: validate charts
run: ./.github/workflows/helm.sh validate
validate-avros:
runs-on: ubuntu-22.04
steps:
# Set fetch-depth: 0 to fetch commit history and tags for use in version calculation
- name: Check out code
uses: actions/checkout@v3
with:
ref: ${{github.event.pull_request.head.ref}}
repository: ${{github.event.pull_request.head.repo.full_name}}
fetch-depth: 0
- name: create checksum file
uses: hypertrace/github-actions/checksum@main
- name: Cache packages
uses: actions/cache@v2
with:
path: ~/.gradle
key: gradle-packages-${{ runner.os }}-${{ github.job }}-${{ hashFiles('**/checksum.txt') }}
restore-keys: |
gradle-packages-${{ runner.os }}-${{ github.job }}
gradle-packages-${{ runner.os }}
- name: validate avros
uses: hypertrace/github-actions/gradle@main
with:
args: avroCompatibilityCheck