-
Notifications
You must be signed in to change notification settings - Fork 27
119 lines (116 loc) · 3.67 KB
/
continuous-integration-deb11.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
name: Continuous Integration (Debian11)
on:
push:
branches: [master]
tags:
- '*'
pull_request:
env:
SBX_ECR_REGISTRY: "769000229800.dkr.ecr.eu-west-1.amazonaws.com"
PRD_ECR_REGISTRY: "162230498103.dkr.ecr.eu-west-1.amazonaws.com"
REGION: eu-west-1
ECR_IMAGE: datahub-common-transit_model
DEBIAN_TAG_SUFFIX: deb11
jobs:
aws_creds:
name: Get ECR Access
runs-on: [self-hosted, dataeng, sandbox]
outputs:
token: ${{ steps.ecr_token.outputs.token }}
steps:
- id: ecr_token
name: Get ECR Token
run: |
echo token=$(aws ecr get-login-password --region $REGION) >> $GITHUB_OUTPUT
rustfmt:
name: Rust fmt check
needs: aws_creds
runs-on: [self-hosted, dataeng, sandbox]
container:
image: 162230498103.dkr.ecr.eu-west-1.amazonaws.com/mutable-rust-ci:latest-deb11
credentials:
username: AWS
password: ${{ needs.aws_creds.outputs.token }}
steps:
- uses: actions/checkout@v4
- name: Format
run: make format
clippy:
name: Clippy check
needs: aws_creds
runs-on: [self-hosted, dataeng, sandbox]
container:
image: 162230498103.dkr.ecr.eu-west-1.amazonaws.com/mutable-rust-ci:latest-proj9.3.0-deb11
credentials:
username: AWS
password: ${{ needs.aws_creds.outputs.token }}
steps:
- uses: actions/checkout@v4
- name: Lint
run: make lint
audit:
name: Security audit
needs: aws_creds
runs-on: [self-hosted, dataeng, sandbox]
container:
image: 162230498103.dkr.ecr.eu-west-1.amazonaws.com/mutable-rust-ci:latest-proj9.3.0-deb11
credentials:
username: AWS
password: ${{ needs.aws_creds.outputs.token }}
continue-on-error: true
steps:
- uses: actions/checkout@v4
- name: Audit
run: |
cargo audit
tests:
name: Tests
needs: aws_creds
runs-on: [self-hosted, dataeng, sandbox]
container:
image: 162230498103.dkr.ecr.eu-west-1.amazonaws.com/mutable-rust-ci:latest-proj9.3.0-deb11
credentials:
username: AWS
password: ${{ needs.aws_creds.outputs.token }}
steps:
- name: Checkout repository and submodules
uses: actions/checkout@v4
with:
submodules: recursive # for tests/NeTEx
- name: Install xmllint
run: apt update && apt install --yes libxml2-utils
- name: Run tests with and without features
run: make test
build-n-push:
needs: [rustfmt, clippy, audit, tests]
if: github.event_name == 'push'
runs-on: [self-hosted, dataeng, sandbox]
steps:
- name: CleanUp
run: |
sudo chown -R $USER .
- uses: actions/checkout@v4
with:
fetch-depth: 0
clean: false
- name: Login to Amazon ECR sandbox
env:
AWS_REGION: eu-west-1
uses: aws-actions/amazon-ecr-login@v2
- name: Login to Amazon ECR shared
env:
AWS_REGION: eu-west-1
uses: aws-actions/amazon-ecr-login@v2
with:
registries: 162230498103
- name: Build and Push to SBX ECR
if: success()
run: |
docker build -t ${SBX_ECR_REGISTRY}/${ECR_IMAGE}:latest-${DEBIAN_TAG_SUFFIX} . -f Dockerfile_deb11
docker push ${SBX_ECR_REGISTRY}/${ECR_IMAGE}:latest-${DEBIAN_TAG_SUFFIX}
- name: Push release to Prod ECR
if: success() && startsWith(github.ref, 'refs/tags/')
run: |
TAG=${GITHUB_REF_NAME}
docker tag ${SBX_ECR_REGISTRY}/${ECR_IMAGE}:latest-${DEBIAN_TAG_SUFFIX} ${PRD_ECR_REGISTRY}/${ECR_IMAGE}:${TAG}-${DEBIAN_TAG_SUFFIX}
docker push ${PRD_ECR_REGISTRY}/${ECR_IMAGE}:${TAG}-${DEBIAN_TAG_SUFFIX}