Merge pull request #88 from lensesio-dev/feat/elastic-ssl #54
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish New Release | |
| on: | |
| push: | |
| tags: | |
| - "*" | |
| workflow_dispatch: | |
| jobs: | |
| validate-tag: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| draft_release: ${{ steps.get_tag.outputs.draft_release }} | |
| tag: ${{ steps.get_tag.outputs.tag }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Get tag, release mode | |
| shell: bash | |
| id: get_tag | |
| run: | | |
| if [[ ${GITHUB_REF##*/} =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; | |
| then | |
| draft_release=false | |
| elif [[ ${GITHUB_REF##*/} =~ ^[0-9]+\.[0-9]+\.[0-9]+(-(alpha|beta|rc)(\.[0-9]+)?)?(\+[A-Za-z0-9.]+)?$ ]]; | |
| then | |
| draft_release=true | |
| else | |
| echo "Exiting, github ref needs to be a tag with format x.y.z or x.y.z-(alpha|beta|rc)" | |
| exit 1 | |
| fi | |
| echo "draft_release=$draft_release" >> $GITHUB_OUTPUT | |
| echo "tag=${GITHUB_REF##*/}" >> $GITHUB_OUTPUT | |
| build: | |
| needs: | |
| - validate-tag | |
| uses: ./.github/workflows/build.yml | |
| with: | |
| version: ${{ needs.validate-tag.outputs.tag }} | |
| secrets: inherit | |
| antivirus-scan-initialization: | |
| timeout-minutes: 15 | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install and Update Antivirus Software | |
| run: | | |
| # Install ClamAV | |
| sudo apt-get update | |
| sudo apt-get install -y clamav | |
| sudo systemctl stop clamav-freshclam | |
| sudo freshclam || exit 0 | |
| - name: Run Antivirus Scan for Source Code | |
| run: | | |
| clamscan --recursive --alert-broken --alert-encrypted \ | |
| --alert-encrypted-archive --alert-exceeds-max --detect-pua . | |
| - name: Cache Antivirus Database | |
| uses: actions/cache/save@v4 | |
| with: | |
| path: /var/lib/clamav | |
| key: clamav-database-${{ github.run_id }} | |
| antivirus-scan: | |
| needs: | |
| - build | |
| - antivirus-scan-initialization | |
| timeout-minutes: 30 | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| module: ${{fromJSON(needs.build.outputs.publish_modules)}} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Restore assembly | |
| uses: actions/cache/restore@v4 | |
| with: | |
| path: ~/**/target/libs/*.jar | |
| key: assembly-${{ matrix.module }}-${{ github.run_id }} | |
| fail-on-cache-miss: true | |
| - name: Install Antivirus Software | |
| run: | | |
| # Install ClamAV and prepare database directory to be restored | |
| sudo apt-get update && sudo apt-get install -y clamav | |
| sudo systemctl stop clamav-freshclam | |
| sudo chmod 777 /var/lib/clamav | |
| - name: Restore Antivirus Database | |
| uses: actions/cache/restore@v4 | |
| with: | |
| path: /var/lib/clamav | |
| key: clamav-database-${{ github.run_id }} | |
| - name: Run Antivirus Scan | |
| run: | | |
| clamscan --recursive --alert-broken --alert-encrypted \ | |
| --alert-encrypted-archive --alert-exceeds-max \ | |
| --include-pua=Unix --include-pua=Java \ | |
| --max-scansize=1000m --max-filesize=500m --max-files=100000 \ | |
| kafka-connect-${{ matrix.module }} | |
| create-release: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - validate-tag | |
| - build | |
| - antivirus-scan | |
| strategy: | |
| # Avoid parallel uploads | |
| max-parallel: 1 | |
| # GitHub will NOT cancel all in-progress and queued jobs in the matrix if any job in the matrix fails, which could create inconsistencies. | |
| # If any matrix job fails, the job will be marked as failure | |
| fail-fast: false | |
| matrix: | |
| module: ${{fromJSON(needs.build.outputs.publish_modules)}} | |
| env: | |
| DRAFT_RELEASE: '${{ needs.validate-tag.outputs.draft_release }}' | |
| TAG: ${{ needs.validate-tag.outputs.tag }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| cache: 'sbt' | |
| - name: Uncache assembly | |
| uses: actions/cache/restore@v4 | |
| with: | |
| path: | | |
| ~/**/target/libs/*.jar | |
| key: assembly-${{ matrix.module }}-${{ github.run_id }} | |
| fail-on-cache-miss: true | |
| - name: Package Connector | |
| shell: bash | |
| # It's BASH so we have to use find instead of globbed (**) cp for subdirs with depth >1 | |
| run: | | |
| FOLDER=kafka-connect-${{ matrix.module }}-${{ env.TAG }} | |
| mkdir -p $FOLDER | |
| find . -type f -path "*/target/libs/*.jar" -exec cp "{}" $FOLDER/ \; | |
| cp LICENSE $FOLDER/ | |
| zip -r "$FOLDER.zip" $FOLDER/ | |
| - name: Upload binaries to release | |
| uses: svenstaro/upload-release-action@v2 | |
| with: | |
| file: kafka-connect-${{ matrix.module }}-${{ env.TAG }}.zip | |
| asset_name: "kafka-connect-${{ matrix.module }}-${{ env.TAG }}.zip" | |
| release_name: 'Stream Reactor ${{ env.TAG }}' | |
| prerelease: ${{ env.DRAFT_RELEASE }} |