-
Notifications
You must be signed in to change notification settings - Fork 176
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'master' into snyk-fix-0cf274b1f5f0ce3cf691aaaa1ab4bd3b
- Loading branch information
Showing
106 changed files
with
766 additions
and
310 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -2,15 +2,7 @@ name: Build and publish to Docker Hub | |
| on: | ||
| release: | ||
| # job will automatically run after a new "release" is create on github. | ||
| types: [created] | ||
|
|
||
| # Allows you to run this workflow manually from the Actions tab | ||
| workflow_dispatch: | ||
| inputs: | ||
| dry_run: | ||
| description: 'If true, will not push the built images to docker hub.' | ||
| required: false | ||
| default: 'false' | ||
| types: [published] | ||
|
|
||
| jobs: | ||
| # this job will build, test and (potentially) push the docker images to docker hub | ||
|
|
@@ -29,6 +21,12 @@ jobs: | |
| # - Pushes images (built at BUILD PHASE) to docker hub. | ||
| docker_build_and_publish: | ||
| runs-on: ubuntu-latest | ||
| env: | ||
| github_token: ${{ secrets.TOKEN_GITHUB }} | ||
| permissions: | ||
| id-token: write | ||
| contents: write # 'write' access to repository contents | ||
| pull-requests: write # 'write' access to pull requests | ||
| steps: | ||
| # BUILD PHASE | ||
| - name: Checkout | ||
|
|
@@ -43,25 +41,19 @@ jobs: | |
| uses: docker/setup-buildx-action@v2 | ||
|
|
||
| - name: Login to DockerHub | ||
| if: ${{ !(github.event_name == 'workflow_dispatch' && github.event.inputs.dry_run == 'true') }} | ||
| uses: docker/login-action@v2 | ||
| with: | ||
| username: ${{ secrets.DOCKERHUB_USERNAME }} | ||
| password: ${{ secrets.DOCKERHUB_TOKEN }} | ||
|
|
||
| - name: Get version tag from github release | ||
| if: github.event_name == 'release' && github.event.action == 'created' | ||
| run: | | ||
| echo "opal_version_tag=${{ github.event.release.tag_name }}" >> $GITHUB_ENV | ||
| - name: Get version tag from git history | ||
| if: ${{ !(github.event_name == 'release' && github.event.action == 'created') }} | ||
| - name: Docker Compose install | ||
| run: | | ||
| echo "opal_version_tag=$(git describe --tags --abbrev=0)" >> $GITHUB_ENV | ||
| curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose | ||
| chmod +x /usr/local/bin/docker-compose | ||
| - name: Echo version tag | ||
| run: | | ||
| echo "The version tag that will be published to docker hub is: ${{ env.opal_version_tag }}" | ||
| echo "The version tag that will be published to docker hub is: ${{ github.event.release.tag_name }}" | ||
| - name: Build client for testing | ||
| id: build_client | ||
|
|
@@ -76,19 +68,6 @@ jobs: | |
| tags: | | ||
| permitio/opal-client:test | ||
| - name: Build client-standalone for testing | ||
| id: build_client_standalone | ||
| uses: docker/build-push-action@v4 | ||
| with: | ||
| file: docker/Dockerfile | ||
| push: false | ||
| target: client-standalone | ||
| cache-from: type=registry,ref=permitio/opal-client-standalone:latest | ||
| cache-to: type=inline | ||
| load: true | ||
| tags: | | ||
| permitio/opal-client-standalone:test | ||
| - name: Build server for testing | ||
| id: build_server | ||
| uses: docker/build-push-action@v4 | ||
|
|
@@ -122,7 +101,6 @@ jobs: | |
| # pushes the *same* docker images that were previously tested as part of e2e sanity test. | ||
| # each image is pushed with the versioned tag first, if it succeeds the image is pushed with the latest tag as well. | ||
| - name: Build & Push client | ||
| if: ${{ !(github.event_name == 'workflow_dispatch' && github.event.inputs.dry_run == 'true') }} | ||
| id: build_push_client | ||
| uses: docker/build-push-action@v4 | ||
| with: | ||
|
|
@@ -134,10 +112,9 @@ jobs: | |
| cache-to: type=inline | ||
| tags: | | ||
| permitio/opal-client:latest | ||
| permitio/opal-client:${{ env.opal_version_tag }} | ||
| permitio/opal-client:${{ github.event.release.tag_name }} | ||
| - name: Build client-standalone | ||
| if: ${{ !(github.event_name == 'workflow_dispatch' && github.event.inputs.dry_run == 'true') }} | ||
| id: build_push_client_standalone | ||
| uses: docker/build-push-action@v4 | ||
| with: | ||
|
|
@@ -149,10 +126,9 @@ jobs: | |
| cache-to: type=inline | ||
| tags: | | ||
| permitio/opal-client-standalone:latest | ||
| permitio/opal-client-standalone:${{ env.opal_version_tag }} | ||
| permitio/opal-client-standalone:${{ github.event.release.tag_name }} | ||
| - name: Build server | ||
| if: ${{ !(github.event_name == 'workflow_dispatch' && github.event.inputs.dry_run == 'true') }} | ||
| id: build_push_server | ||
| uses: docker/build-push-action@v4 | ||
| with: | ||
|
|
@@ -164,4 +140,92 @@ jobs: | |
| cache-to: type=inline | ||
| tags: | | ||
| permitio/opal-server:latest | ||
| permitio/opal-server:${{ env.opal_version_tag }} | ||
| permitio/opal-server:${{ github.event.release.tag_name }} | ||
| - name: Build & Push client cedar | ||
| id: build_push_client_cedar | ||
| uses: docker/build-push-action@v4 | ||
| with: | ||
| file: docker/Dockerfile | ||
| platforms: linux/amd64,linux/arm64 | ||
| push: true | ||
| target: client-cedar | ||
| cache-from: type=registry,ref=permitio/opal-client-cedar:latest | ||
| cache-to: type=inline | ||
| tags: | | ||
| permitio/opal-client-cedar:latest | ||
| permitio/opal-client-cedar:${{ github.event.release.tag_name }} | ||
| - name: Python setup | ||
| uses: actions/setup-python@v5 | ||
| with: | ||
| python-version: '3.11.8' | ||
|
|
||
| # This is the root file representing the package for all the sub-packages. | ||
| - name: Bump version - packaging__.py | ||
| run: | | ||
| version_tag=${{ github.event.release.tag_name }} | ||
| version_tag=${version_tag#v} # Remove the leading 'v' | ||
| version_tuple=$(echo $version_tag | sed 's/\./, /g') | ||
| sed -i "s/VERSION = (.*/VERSION = (${version_tuple})/" packages/__packaging__.py | ||
| cat packages/__packaging__.py | ||
| - name: Cleanup setup.py and Build every sub-packages | ||
| run: | | ||
| pip install wheel | ||
| cd packages/opal-common/ ; rm -rf *.egg-info build/ dist/ | ||
| python setup.py sdist bdist_wheel | ||
| cd ../.. | ||
| cd packages/opal-client/ ; rm -rf *.egg-info build/ dist/ | ||
| python setup.py sdist bdist_wheel | ||
| cd ../.. | ||
| cd packages/opal-server/ ; rm -rf *.egg-info build/ dist/ | ||
| python setup.py sdist bdist_wheel | ||
| cd ../.. | ||
| # Upload package distributions to the release - All assets in one step | ||
| - name: Upload assets to release | ||
| uses: shogo82148/[email protected] | ||
| with: | ||
| upload_url: ${{ github.event.release.upload_url }} | ||
| asset_path: | | ||
| packages/opal-common/dist/* | ||
| packages/opal-client/dist/* | ||
| packages/opal-server/dist/* | ||
| # Publish package distributions to PyPI | ||
| - name: Publish package distributions to PyPI - Opal-Common | ||
| uses: pypa/gh-action-pypi-publish@release/v1 | ||
| with: | ||
| password: ${{ secrets.PYPI_TOKEN }} | ||
| packages-dir: packages/opal-common/dist/ | ||
| # For Test only ! | ||
| # password: ${{ secrets.TEST_PYPI_TOKEN }} | ||
| # repository-url: https://test.pypi.org/legacy/ | ||
| env: | ||
| name: pypi | ||
| url: https://pypi.org/p/opal-common/ | ||
|
|
||
| - name: Publish package distributions to PyPI - Opal-Client | ||
| uses: pypa/gh-action-pypi-publish@release/v1 | ||
| with: | ||
| password: ${{ secrets.PYPI_TOKEN }} | ||
| packages-dir: packages/opal-client/dist/ | ||
| # For Test only ! | ||
| # password: ${{ secrets.TEST_PYPI_TOKEN }} | ||
| # repository-url: https://test.pypi.org/legacy/ | ||
| env: | ||
| name: pypi | ||
| url: https://pypi.org/p/opal-client/ | ||
|
|
||
| - name: Publish package distributions to PyPI - Opal-Server | ||
| uses: pypa/gh-action-pypi-publish@release/v1 | ||
| with: | ||
| password: ${{ secrets.PYPI_TOKEN }} | ||
| packages-dir: packages/opal-server/dist/ | ||
| # For Test only ! | ||
| # password: ${{ secrets.TEST_PYPI_TOKEN }} | ||
| # repository-url: https://test.pypi.org/legacy/ | ||
| env: | ||
| name: pypi | ||
| url: https://pypi.org/p/opal-server/ | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,65 @@ | ||
| name: Sync branch to OPAL Plus | ||
|
|
||
| on: | ||
| push: | ||
| branches: | ||
| - master | ||
| workflow_dispatch: | ||
|
|
||
| jobs: | ||
| sync: | ||
| name: Sync branch to OPAL Plus | ||
| if: github.repository == 'permitio/opal' | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Set up Git configuration | ||
| run: | | ||
| git config --global user.name 'github-actions[bot]' | ||
| git config --global user.email 'github-actions[bot]@users.noreply.github.com' | ||
| - name: Get Token | ||
| id: get_workflow_token | ||
| uses: peter-murray/workflow-application-token-action@v1 | ||
| with: | ||
| application_id: ${{ secrets.APPLICATION_ID }} | ||
| application_private_key: ${{ secrets.APPLICATION_PRIVATE_KEY }} | ||
|
|
||
| - name: Checkout permitio/opal repository | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| repository: permitio/opal | ||
| ref: ${{ github.ref_name }} | ||
| path: opal | ||
| fetch-depth: 0 | ||
|
|
||
| - name: Checkout permitio/opal-plus repository | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| repository: permitio/opal-plus | ||
| path: opal-plus | ||
| token: ${{ steps.get_workflow_token.outputs.token }} | ||
|
|
||
| - name: Create public-${{ github.ref_name }} branch in opal repository | ||
| working-directory: opal | ||
| run: | | ||
| git checkout -b public-${{ github.ref_name }} | ||
| - name: Rebase opal-plus/public-${{ github.ref_name }} onto opal/${{ github.ref_name }} | ||
| working-directory: opal-plus | ||
| run: | | ||
| git remote add opal ../opal | ||
| git fetch opal | ||
| git checkout public-${{ github.ref_name }} | ||
| git rebase opal/${{ github.ref_name }} | ||
| - name: Push changes to opal-plus/public-${{ github.ref_name }} branch | ||
| working-directory: opal-plus | ||
| run: | | ||
| git push origin public-${{ github.ref_name }} | ||
| - name: Create Pull Request for opal-plus | ||
| working-directory: opal-plus | ||
| run: | | ||
| gh pr create --repo permitio/opal-plus --assignee "$GITHUB_ACTOR" --reviewer "$GITHUB_ACTOR" --base master --head public-${{ github.ref_name }} --title "Sync changes from public OPAL repository" --body "This PR synchronizes changes from the public OPAL repository to the private OPAL Plus repository." | ||
| env: | ||
| GITHUB_TOKEN: ${{ steps.get_workflow_token.outputs.token }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Submodule cedar-agent
updated
35 files
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.