-
Notifications
You must be signed in to change notification settings - Fork 13
174 lines (153 loc) · 5.88 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
name: CI Pipeline
on:
# Trigger the workflow on push or pull request,
# but only for the master and develop branch
push:
branches: [ main, develop ]
pull_request:
branches: [ main, develop ]
# Trigger on-demand
workflow_dispatch:
inputs:
signTacoFile:
description: Sign taco file artifact
type: boolean
required: false
default: false
env:
SIGNING_ENABLED: ${{ github.event.inputs.signTacoFile }}
jobs:
build:
name: JDBC Build and Test
runs-on: ubuntu-latest
steps:
- name: Check out
uses: actions/checkout@v3
- name: Set up JDK
uses: actions/setup-java@v3
with:
distribution: 'zulu'
java-version: 8
- name: Ensure executable permissions
run: chmod +x ./gradlew
- name: Build and test
run: ./gradlew build
- name: Build shadow jar
run: ./gradlew shadowJar
- name: Copy artifacts
run: |
mkdir output
mkdir output/jarfile
mkdir output/reports
mkdir output/testresults
cp build/libs/*.jar output/jarfile
cp -R build/reports output/reports
cp build/test-results/test/*.xml output/testresults
- name: Upload artifacts
uses: actions/upload-artifact@v3
with:
name: output
path: output
- name: Upload to Codecov
uses: codecov/codecov-action@v3
build-taco:
name: Assemble Tableau Connector
runs-on: ubuntu-latest
steps:
- name: Check out
uses: actions/checkout@v3
- name: Ensure executable permissions
run: chmod a+x ./tableau-connector/build.sh
- name: Get driver version
run: |
file="./gradle.properties"
MAJOR_VERSION=$(grep "MAJOR_VERSION" ${file} | cut -d'=' -f2)
MINOR_VERSION=$(grep "MINOR_VERSION" ${file} | cut -d'=' -f2)
PATCH_VERSION=$(grep "PATCH_VERSION" ${file} | cut -d'=' -f2)
echo "version=$MAJOR_VERSION.$MINOR_VERSION.$PATCH_VERSION" >> $GITHUB_ENV
- name: Assemble Tableau Connector
run: ./tableau-connector/build.sh ${{env.version}}
- name: View assembled file
run: ls -l tableau-connector/target
- name: Verify TACO filename
run: |
if [ ! -f "tableau-connector/target/neptune-jdbc-v${{env.version}}.taco" ]
then
echo "Error: The TACO file is either incorrectly named or missing from tableau-connector/target/."
echo "Contents of tableau-connector/target/:"
ls tableau-connector/target
exit 1
fi
- name: "Configure AWS credentials"
if: ${{env.SIGNING_ENABLED == 'true'}}
uses: aws-actions/configure-aws-credentials@v2
with:
role-skip-session-tagging: true
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-west-2
role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
role-external-id: ${{ secrets.AWS_ROLE_EXTERNAL_ID }}
role-duration-seconds: 3600
- name: Sign TACO file
id: sign-taco-file
shell: bash
run: |
echo "Sign is set to ${SIGNING_ENABLED}"
if [[ $SIGNING_ENABLED = "true" ]]
then
echo "Signing is enabled. Will attempt to sign"
pwd
ls -l tableau-connector/target
echo "Installing jq"
sudo apt-get install jq
# Upload unsigned .taco to S3 Bucket
echo "Obtaining version id and uploading unsigned .taco to S3 Bucket"
version_id=$( aws s3api put-object --bucket ${{ secrets.AWS_UNSIGNED_BUCKET }} --key ${{ secrets.AWS_KEY }} --body ./tableau-connector/target/neptune-jdbc-v${{env.version}}.taco --acl bucket-owner-full-control | jq '.VersionId' )
job_id=""
# Attempt to get Job ID from bucket tagging, will retry up to 3 times before exiting with a failure code.
# Will sleep for 5 seconds between retries.
echo "Attempt to get Job ID from bucket tagging, will retry up to 3 times before exiting with a failure code."
for (( i=0; i<3; i++ ))
do
# Get job ID
id=$( aws s3api get-object-tagging --bucket ${{ secrets.AWS_UNSIGNED_BUCKET }} --key ${{ secrets.AWS_KEY }} --version-id ${version_id} | jq -r '.TagSet[0].Value' )
if [ $id != "null" ]
then
job_id=$id
break
fi
echo "Will sleep for 5 seconds between retries."
sleep 5s
done
if [[ $job_id = "" ]]
then
echo "Exiting because unable to retrieve job ID"
exit 1
fi
# Poll signed S3 bucket to see if the signed artifact is there
echo "Poll signed S3 bucket to see if the signed artifact is there"
for (( i=0; i<3; i++ ))
do
aws s3api wait object-exists --bucket ${{ secrets.AWS_SIGNED_BUCKET }} --key ${{ secrets.AWS_KEY }}-${job_id}.taco
if [ $? -eq 0 ]
then
break
fi
echo "Will sleep for 5 seconds between retries."
sleep 5s
done
# Downloading signed taco from S3
echo "Downloading signed .taco from S3"
aws s3api get-object --bucket ${{ secrets.AWS_SIGNED_BUCKET }} --key ${{ secrets.AWS_KEY }}-${job_id}.taco ./tableau-connector/target/neptune-jdbc-v${{env.version}}-signed.taco
echo "Signing completed"
ls -l tableau-connector/target
else
echo "Signing will be skipped"
fi
- name: Upload build
if: always()
uses: actions/upload-artifact@v3
with:
name: neptune-jdbc-${{env.version}}-taco
path: ./tableau-connector/target/