forked from apache/atlas
-
Notifications
You must be signed in to change notification settings - Fork 10
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
629 changed files
with
103,740 additions
and
5,367 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,100 @@ | ||
# Use `allow` to specify which dependencies to maintain | ||
|
||
version: 2 | ||
updates: | ||
- package-ecosystem: "npm" #npm | ||
directory: "/" | ||
schedule: | ||
interval: "daily" | ||
allow: | ||
# Allow direct and indirect updates for all packages | ||
- dependency-type: "all" | ||
|
||
- package-ecosystem: "composer" #composer | ||
directory: "/" | ||
schedule: | ||
interval: "daily" | ||
allow: | ||
# Allow direct and indirect updates for all packages | ||
- dependency-type: "all" | ||
|
||
- package-ecosystem: "pip" #python | ||
directory: "/" | ||
schedule: | ||
interval: "daily" | ||
allow: | ||
# Allow direct and indirect updates for all packages | ||
- dependency-type: "all" | ||
|
||
# Maintain dependencies for GitHub Actions | ||
- package-ecosystem: "github-actions" #github-actions | ||
directory: "/" | ||
schedule: | ||
interval: "daily" | ||
allow: | ||
# Allow direct and indirect updates for all packages | ||
- dependency-type: "all" | ||
|
||
- package-ecosystem: "bundler" | ||
directory: "/" | ||
schedule: | ||
interval: "daily" | ||
allow: | ||
# Allow direct and indirect updates for all packages | ||
- dependency-type: "all" | ||
|
||
- package-ecosystem: "cargo" | ||
directory: "/" | ||
schedule: | ||
interval: "daily" | ||
allow: | ||
# Allow direct and indirect updates for all packages | ||
- dependency-type: "all" | ||
|
||
- package-ecosystem: "docker" | ||
directory: "/" | ||
schedule: | ||
interval: "daily" | ||
allow: | ||
# Allow direct updates for all packages | ||
- dependency-type: "all" | ||
|
||
- package-ecosystem: "gomod" | ||
directory: "/" | ||
schedule: | ||
interval: "daily" | ||
allow: | ||
# Allow direct and indirect updates for all packages | ||
- dependency-type: "all" | ||
|
||
- package-ecosystem: "gradle" | ||
directory: "/" | ||
schedule: | ||
interval: "daily" | ||
allow: | ||
# Allow direct and indirect updates for all packages | ||
- dependency-type: "all" | ||
|
||
- package-ecosystem: "maven" | ||
directory: "/" | ||
schedule: | ||
interval: "daily" | ||
allow: | ||
# Allow direct and indirect updates for all packages | ||
- dependency-type: "all" | ||
|
||
- package-ecosystem: "pub" | ||
directory: "/" | ||
schedule: | ||
interval: "daily" | ||
allow: | ||
# Allow direct and indirect updates for all packages | ||
- dependency-type: "all" | ||
|
||
- package-ecosystem: "terraform" | ||
directory: "/" | ||
schedule: | ||
interval: "daily" | ||
allow: | ||
# Allow direct and indirect updates for all packages | ||
- dependency-type: "all" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,75 @@ | ||
# For most projects, this workflow file will not need changing; you simply need | ||
# to commit it to your repository. | ||
# | ||
# You may wish to alter this file to override the set of languages analyzed, | ||
# or to provide custom queries or build logic. | ||
# | ||
# ******** NOTE ******** | ||
# We have attempted to detect the languages in your repository. Please check | ||
# the `language` matrix defined below to confirm you have the correct set of | ||
# supported CodeQL languages. | ||
# | ||
name: "CodeQL" | ||
|
||
on: | ||
pull_request: | ||
schedule: | ||
- cron: '0 1 * * *' | ||
|
||
jobs: | ||
analyze: | ||
name: Analyze | ||
runs-on: ubuntu-latest | ||
permissions: | ||
actions: read | ||
contents: read | ||
security-events: write | ||
|
||
strategy: | ||
fail-fast: false | ||
matrix: | ||
language: ['java', 'python'] | ||
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] | ||
# Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support | ||
|
||
steps: | ||
- name: Checkout repository | ||
uses: actions/checkout@v3 | ||
- name: Use Java version | ||
uses: actions/setup-java@v3 | ||
with: | ||
distribution: 'adopt' # See 'Supported distributions' for available options | ||
java-version: '8' | ||
|
||
# Initializes the CodeQL tools for scanning. | ||
- name: Initialize CodeQL | ||
uses: github/codeql-action/init@v2 | ||
with: | ||
languages: ${{ matrix.language }} | ||
# If you wish to specify custom queries, you can do so here or in a config file. | ||
# By default, queries listed here will override any specified in a config file. | ||
# Prefix the list here with "+" to use these queries and those in the config file. | ||
|
||
# Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs | ||
# queries: security-extended,security-and-quality | ||
|
||
|
||
# Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). | ||
# If this step fails, then you should remove it and run the build manually (see below) | ||
#- name: Autobuild | ||
# uses: github/codeql-action/autobuild@v2 | ||
|
||
# ℹ️ Command-line programs to run using the OS shell. | ||
# 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun | ||
|
||
# If the Autobuild fails above, remove it and uncomment the following three lines. | ||
# modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. | ||
- name: Autobuild | ||
run: | | ||
echo "Run, Build Application using script" | ||
chmod +x ./build.sh && ./build.sh | ||
- name: Perform CodeQL Analysis | ||
uses: github/codeql-action/analyze@v2 | ||
with: | ||
category: "/language:${{matrix.language}}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
name: 'Dependency Review' | ||
on: [pull_request] | ||
permissions: | ||
contents: read | ||
jobs: | ||
dependency-review: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: 'Checkout Repository' | ||
uses: actions/checkout@v3 | ||
- name: Dependency Review | ||
uses: actions/dependency-review-action@v2 | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,199 @@ | ||
name: Build and Push Atlas Metastore docker image to ECR(deprecated as of Jan 11, 2023) | ||
|
||
on: | ||
push: | ||
branches: | ||
- xoxo/deprecating-ecr/xoxo | ||
|
||
permissions: | ||
id-token: write | ||
contents: write | ||
|
||
jobs: | ||
build: | ||
runs-on: ubuntu-latest | ||
|
||
steps: | ||
- name: Checkout Repo | ||
uses: actions/checkout@v3 | ||
with: | ||
fetch-depth: 0 | ||
|
||
- name: Get branch name | ||
run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" | ||
id: get_branch | ||
|
||
- name: Get repository name | ||
run: echo "REPOSITORY_NAME=`echo "$GITHUB_REPOSITORY" | awk -F / '{print $2}' | sed -e "s/:refs//"`" >> $GITHUB_ENV | ||
shell: bash | ||
|
||
- name: Set up JDK 1.8 | ||
uses: actions/setup-java@v1 | ||
with: | ||
java-version: 1.8 | ||
|
||
- name: Cache Maven packages | ||
uses: actions/cache@v2 | ||
with: | ||
path: ~/.m2 | ||
key: ${{ runner.os }}-m2-${{ hashFiles('**/build.sh') }} | ||
restore-keys: ${{ runner.os }}-m2 | ||
|
||
- name: Build with Maven | ||
run: | | ||
branch_name=${{ steps.get_branch.outputs.branch }} | ||
if [[ $branch_name == 'main' || $branch_name == 'master' || $branch_name == 'lineageondemand' ]] | ||
then | ||
echo "build without dashboard" | ||
chmod +x ./build.sh && ./build.sh build_without_dashboard | ||
else | ||
echo "build with dashboard" | ||
chmod +x ./build.sh && ./build.sh | ||
fi | ||
- name: Get IAM Role and Region to login into ECR | ||
id: get_ecr-details | ||
run: | | ||
branch_name=${{ steps.get_branch.outputs.branch }} | ||
if [[ $branch_name == 'main' || $branch_name == 'staging' || $branch_name == 'master' ]] | ||
then | ||
iamRole=${{ secrets.AWS_PROD_PLATFORM_ECR_ACCESS }} | ||
region='us-east-1' | ||
else | ||
iamRole=${{ secrets.AWS_DEV_PLATFORM_ECR_ACCESS }} | ||
region='ap-south-1' | ||
fi | ||
echo "##[set-output name=iamRole;]$(echo ${iamRole})" | ||
echo "##[set-output name=region;]$(echo ${region})" | ||
- name: Configure AWS credentials | ||
uses: aws-actions/configure-aws-credentials@v1 | ||
with: | ||
role-to-assume: ${{ steps.get_ecr-details.outputs.iamRole }} | ||
aws-region: ${{ steps.get_ecr-details.outputs.region }} | ||
|
||
- name: Check and create ECR Repo if it does not exist | ||
uses: nick-fields/retry@v2 | ||
id: check_and_create_repo | ||
with: | ||
timeout_minutes: 10 | ||
max_attempts: 5 | ||
command: | | ||
aws ecr describe-repositories --repository-names atlanhq/${{ github.event.repository.name }} || aws ecr create-repository --repository-name atlanhq/${{ github.event.repository.name }} --image-tag-mutability IMMUTABLE | ||
while ! $(aws ecr get-repository-policy --repository-name atlanhq/${{ github.event.repository.name }}) | ||
do | ||
aws ecr set-repository-policy --repository-name atlanhq/${{ github.event.repository.name }} --policy-text file://ecrorgcrossaccountpolicy.json | ||
registryIdfrompolicy=$(aws ecr get-repository-policy --repository-name atlanhq/${{ github.event.repository.name }} | jq -r '.registryId') | ||
registryIdfromfromecrrepo=$(aws ecr describe-repositories --repository-names atlanhq/${{ github.event.repository.name }} | jq -r '.repositories[0].registryId') | ||
echo "registryIdfrompolicy : $registryIdfrompolicy and registryIdfromfromecrrepo : $registryIdfromfromecrrepo" | ||
if [ $registryIdfrompolicy == $registryIdfromfromecrrepo ] | ||
then | ||
break | ||
fi | ||
done | ||
- name: Get Semantic Version tag | ||
id: semver_tag | ||
run: | | ||
branch_name=${{ steps.get_branch.outputs.branch }} | ||
tag=$(git tag --sort=v:refname | grep -E "^(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)-$branch_name$" | tail -1) | ||
if [[ -z $tag ]] | ||
then | ||
echo "Creating a new tag series" | ||
updated_full_tag="1.0.0-$branch_name" | ||
new_tag=1.0.0 | ||
else | ||
# echo "Current tag is $tag" | ||
patch_version=$(echo $tag | cut -d '.' -f 3 | cut -d '-' -f 1) | ||
minor_version=$(echo $tag | cut -d '.' -f 2) | ||
major_version=$(echo $tag | cut -d '.' -f 1) | ||
if [[ $patch_version == '999' && $minor_version == '999' ]] | ||
then | ||
bump_type='M' | ||
elif [[ $patch_version == '999' && $minor_version != '999' ]] | ||
then | ||
bump_type='m' | ||
else | ||
bump_type='p' | ||
fi | ||
plain_tag_value=$major_version.$minor_version.$patch_version | ||
chmod +x ./sem-ver-bump.sh | ||
new_tag=$(./sem-ver-bump.sh -$bump_type $plain_tag_value) | ||
updated_full_tag=$new_tag-$branch_name | ||
# echo "Last tag is $tag, Bumping up to $updated_full_tag" | ||
fi | ||
commit_tag=$(git describe --tags --exact-match $GITHUB_SHA 2>/dev/null || echo "no_tag_found") | ||
if [[ $commit_tag == "no_tag_found" ]] | ||
then | ||
echo "No associated tag found, tagging $GITHUB_SHA with $updated_full_tag" | ||
git tag $updated_full_tag $GITHUB_SHA | ||
git push --tags | ||
echo "##[set-output name=build;]$(echo true)" | ||
echo "##[set-output name=new_tag;]$(echo $new_tag)" | ||
echo "Image will be tagged with $new_tag" | ||
else | ||
echo "$GITHUB_SHA is already tagged with $commit_tag" | ||
IMAGE_META=$(aws ecr describe-images --repository-name=atlanhq/${{ github.event.repository.name }} --image-ids=imageTag=$commit_tag 2>/dev/null || echo "no_tag_found") | ||
if [[ $IMAGE_META == "no_tag_found" ]]; then | ||
echo "Image with specified tag does not exist, proceeding to build and push" | ||
existing_tag=$(echo $commit_tag | cut -d '-' -f 1) | ||
echo "##[set-output name=new_tag;]$(echo $existing_tag)" | ||
echo "##[set-output name=build;]$(echo true)" | ||
echo "Image will be tagged with $existing_tag" | ||
else | ||
IMAGE_TAGS="$( echo ${IMAGE_META} | jq '.imageDetails[0].imageTags[0]' -r )" | ||
echo "Image with the specified tag exists, Skipping build" | ||
existing_tag=$(echo $commit_tag | cut -d '-' -f 1) | ||
echo "##[set-output name=new_tag;]$(echo $existing_tag)" | ||
echo "##[set-output name=build;]$(echo false)" | ||
fi | ||
fi | ||
- name: Keep last 10 tags and delete rest of the old tags | ||
id: cleanup-tags | ||
run: | | ||
branch_name=${{ steps.get_branch.outputs.branch }} | ||
git tag --sort=v:refname | grep -E "^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)-$branch_name" > tagsfile | ||
cat tagsfile | ||
vars=($(awk -F= '{print $1}' tagsfile)) | ||
Npars=${#vars[@]} | ||
echo "Npars : $Npars" | ||
numberOfTagsToKeep=10 | ||
if [ $Npars -gt $numberOfTagsToKeep ] | ||
then | ||
for ((i=0; i<$Npars - $numberOfTagsToKeep; i++)); do | ||
echo "var $i : ${vars[$i]}" | ||
git push --delete origin ${vars[$i]} | ||
done | ||
fi | ||
- name: Login to Amazon ECR | ||
id: login-ecr | ||
if: steps.semver_tag.outputs.build == 'true' | ||
uses: aws-actions/amazon-ecr-login@v1 | ||
|
||
- name: Set up Buildx | ||
id: buildx | ||
if: steps.semver_tag.outputs.build == 'true' | ||
uses: docker/setup-buildx-action@v2 | ||
with: | ||
driver-opts: image=moby/buildkit:master | ||
|
||
- name: Build and push docker image | ||
id: docker_build | ||
if: steps.semver_tag.outputs.build == 'true' | ||
uses: docker/build-push-action@v3 | ||
with: | ||
context: . | ||
file: ./Dockerfile | ||
push: true | ||
tags: | | ||
${{ steps.login-ecr.outputs.registry }}/atlanhq/${{ github.event.repository.name }}:${{ steps.semver_tag.outputs.new_tag }}-${{ steps.get_branch.outputs.branch }} | ||
${{ steps.login-ecr.outputs.registry }}/atlanhq/${{ github.event.repository.name }}:${{ steps.get_branch.outputs.branch }}-${{ steps.semver_tag.outputs.new_tag }} | ||
build-args: | | ||
ACCESS_TOKEN_USR=$GITHUB_ACTOR | ||
ACCESS_TOKEN_PWD=${{ secrets.my_pat }} |
Oops, something went wrong.