Fix current user authorization level (#5636) #13206
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Verify Build Workflow | |
on: | |
push: | |
paths-ignore: | |
- '.gitignore' | |
- 'LICENSE' | |
- 'README*' | |
- 'docs/**' | |
- '.github/workflows/**' | |
branches: ['2.6.x'] | |
pull_request: | |
paths-ignore: | |
- '.gitignore' | |
- 'LICENSE' | |
- 'README*' | |
- 'docs/**' | |
branches: ['2.6.x'] | |
concurrency: | |
# Only run once for latest commit per ref and cancel other (previous) runs. | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
env: | |
TESTCONTAINERS_RYUK_DISABLED: true | |
jobs: | |
build-verify: | |
name: Verify In Memory Build | |
runs-on: ubuntu-20.04 | |
if: github.repository_owner == 'Apicurio' && !contains(github.event.*.labels.*.name, 'DO NOT MERGE') | |
steps: | |
- name: Checkout Code with Ref '${{ github.ref }}' | |
uses: actions/checkout@v3 | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v3 | |
with: | |
java-version: 17 | |
distribution: 'temurin' | |
cache: 'maven' | |
# Open-Source Machine emulator that allows you to emulate multiple CPU architectures on your machine | |
- name: Set up QEMU | |
if: github.event_name == 'push' | |
uses: docker/setup-qemu-action@v1 | |
# Docker CLI plugin for extended build capabilities with BuildKit | |
- name: Set up Docker Buildx | |
if: github.event_name == 'push' | |
id: buildx | |
uses: docker/setup-buildx-action@v1 | |
- name: Inspect builder | |
if: github.event_name == 'push' | |
run: | | |
echo "Name: ${{ steps.buildx.outputs.name }}" | |
echo "Endpoint: ${{ steps.buildx.outputs.endpoint }}" | |
echo "Status: ${{ steps.buildx.outputs.status }}" | |
echo "Flags: ${{ steps.buildx.outputs.flags }}" | |
echo "Platforms: ${{ steps.buildx.outputs.platforms }}" | |
- name: Build and Test In Memory Variant | |
# if: github.ref == 'refs/heads/main' | |
run: make BUILD_FLAGS='-DskipCommitIdPlugin=false -Dmaven.wagon.httpconnectionManager.maxTotal=30 -Dmaven.wagon.http.retryHandler.count=5 --no-transfer-progress' build-in-memory | |
# - name: Build and Test In Memory Variant Without UI | |
# if: github.ref != 'refs/heads/main' | |
# run: make BUILD_FLAGS='-DskipUiBuild -Dmaven.wagon.httpconnectionManager.maxTotal=30 -Dmaven.wagon.http.retryHandler.count=5 --no-transfer-progress' build-in-memory | |
- name: Login to DockerHub Registry | |
if: github.event_name == 'push' | |
run: echo ${{ secrets.DOCKERHUB_PASSWORD }} | docker login -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin | |
- name: Build and Push In Memory Multi-arch Images to Docker.io | |
if: github.event_name == 'push' | |
run: ./.github/scripts/build-and-push-multiarch-images.sh ${GITHUB_REF#refs/heads/} docker.io mem-multiarch-images snapshot | |
- name: Login to Quay.io Registry | |
if: github.event_name == 'push' | |
run: docker login -u "${{ secrets.QUAY_USERNAME }}" -p "${{ secrets.QUAY_PASSWORD }}" quay.io | |
- name: Build and Push In Memory Multi-arch Images to Quay.io | |
if: github.event_name == 'push' | |
run: ./.github/scripts/build-and-push-multiarch-images.sh ${GITHUB_REF#refs/heads/} quay.io mem-multiarch-images snapshot | |
build-verify-sql: | |
name: Verify SQL Build | |
runs-on: ubuntu-20.04 | |
if: github.repository_owner == 'Apicurio' && !contains(github.event.*.labels.*.name, 'DO NOT MERGE') | |
steps: | |
- name: Checkout Code with Ref '${{ github.ref }}' | |
uses: actions/checkout@v3 | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v3 | |
with: | |
java-version: 17 | |
distribution: 'temurin' | |
cache: 'maven' | |
# Open-Source Machine emulator that allows you to emulate multiple CPU architectures on your machine | |
- name: Set up QEMU | |
if: github.event_name == 'push' | |
uses: docker/setup-qemu-action@v1 | |
# Docker CLI plugin for extended build capabilities with BuildKit | |
- name: Set up Docker Buildx | |
if: github.event_name == 'push' | |
id: buildx | |
uses: docker/setup-buildx-action@v1 | |
- name: Inspect builder | |
if: github.event_name == 'push' | |
run: | | |
echo "Name: ${{ steps.buildx.outputs.name }}" | |
echo "Endpoint: ${{ steps.buildx.outputs.endpoint }}" | |
echo "Status: ${{ steps.buildx.outputs.status }}" | |
echo "Flags: ${{ steps.buildx.outputs.flags }}" | |
echo "Platforms: ${{ steps.buildx.outputs.platforms }}" | |
- name: Build and Test SQL Variant | |
# if: github.ref == 'refs/heads/main' | |
run: make BUILD_FLAGS='-DskipCommitIdPlugin=false -Dmaven.wagon.httpconnectionManager.maxTotal=30 -Dmaven.wagon.http.retryHandler.count=5 --no-transfer-progress' build-sql | |
# - name: Build and Test SQL Variant Without UI | |
# if: github.ref != 'refs/heads/main' | |
# run: make BUILD_FLAGS='-DskipUiBuild -Dmaven.wagon.httpconnectionManager.maxTotal=30 -Dmaven.wagon.http.retryHandler.count=5 --no-transfer-progress' build-sql | |
- name: Login to DockerHub Registry | |
if: github.event_name == 'push' | |
run: echo ${{ secrets.DOCKERHUB_PASSWORD }} | docker login -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin | |
- name: Build and Push SQL Multi-arch Images to Docker.io | |
if: github.event_name == 'push' | |
run: ./.github/scripts/build-and-push-multiarch-images.sh ${GITHUB_REF#refs/heads/} docker.io sql-multiarch-images snapshot | |
- name: Login to Quay.io Registry | |
if: github.event_name == 'push' | |
run: docker login -u "${{ secrets.QUAY_USERNAME }}" -p "${{ secrets.QUAY_PASSWORD }}" quay.io | |
- name: Build and Push In Memory Multi-arch Images to Quay.io | |
if: github.event_name == 'push' | |
run: ./.github/scripts/build-and-push-multiarch-images.sh ${GITHUB_REF#refs/heads/} quay.io sql-multiarch-images snapshot | |
build-verify-kafkasql: | |
name: Verify KafkaSQL Build | |
runs-on: ubuntu-20.04 | |
if: github.repository_owner == 'Apicurio' && !contains(github.event.*.labels.*.name, 'DO NOT MERGE') | |
steps: | |
- name: Checkout Code with Ref '${{ github.ref }}' | |
uses: actions/checkout@v3 | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v3 | |
with: | |
java-version: 17 | |
distribution: 'temurin' | |
cache: 'maven' | |
# Open-Source Machine emulator that allows you to emulate multiple CPU architectures on your machine | |
- name: Set up QEMU | |
if: github.event_name == 'push' | |
uses: docker/setup-qemu-action@v1 | |
# Docker CLI plugin for extended build capabilities with BuildKit | |
- name: Set up Docker Buildx | |
if: github.event_name == 'push' | |
id: buildx | |
uses: docker/setup-buildx-action@v1 | |
- name: Inspect builder | |
if: github.event_name == 'push' | |
run: | | |
echo "Name: ${{ steps.buildx.outputs.name }}" | |
echo "Endpoint: ${{ steps.buildx.outputs.endpoint }}" | |
echo "Status: ${{ steps.buildx.outputs.status }}" | |
echo "Flags: ${{ steps.buildx.outputs.flags }}" | |
echo "Platforms: ${{ steps.buildx.outputs.platforms }}" | |
- name: Build and Test KafkaSQL Variant | |
# if: github.ref == 'refs/heads/main' | |
run: make BUILD_FLAGS='-DskipCommitIdPlugin=false -Dmaven.wagon.httpconnectionManager.maxTotal=30 -Dmaven.wagon.http.retryHandler.count=5 --no-transfer-progress' build-kafkasql | |
# - name: Build and Test KafkaSQL Variant Without UI | |
# if: github.ref != 'refs/heads/main' | |
# run: make BUILD_FLAGS='-DskipUiBuild -Dmaven.wagon.httpconnectionManager.maxTotal=30 -Dmaven.wagon.http.retryHandler.count=5 --no-transfer-progress' build-kafkasql | |
- name: Login to DockerHub Registry | |
if: github.event_name == 'push' | |
run: echo ${{ secrets.DOCKERHUB_PASSWORD }} | docker login -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin | |
- name: Build and Push KafkaSQL Multi-arch Images to Docker.io | |
if: github.event_name == 'push' | |
run: ./.github/scripts/build-and-push-multiarch-images.sh ${GITHUB_REF#refs/heads/} docker.io kafkasql-multiarch-images snapshot | |
- name: Login to Quay.io Registry | |
if: github.event_name == 'push' | |
run: docker login -u "${{ secrets.QUAY_USERNAME }}" -p "${{ secrets.QUAY_PASSWORD }}" quay.io | |
- name: Build and Push KafkaSQL Multi-arch Images to Quay.io | |
if: github.event_name == 'push' | |
run: ./.github/scripts/build-and-push-multiarch-images.sh ${GITHUB_REF#refs/heads/} quay.io kafkasql-multiarch-images snapshot | |
build-mem-native-images: | |
name: Build and Test In Memory native images | |
runs-on: ubuntu-20.04 | |
if: github.repository_owner == 'Apicurio' && !contains(github.event.*.labels.*.name, 'DO NOT MERGE') | |
steps: | |
- name: Checkout Code with Ref '${{ github.ref }}' | |
uses: actions/checkout@v3 | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v3 | |
with: | |
java-version: '17' | |
distribution: 'temurin' | |
cache: 'maven' | |
- name: Workaround jackson-coreutils | |
run: | | |
# upstream issue: https://github.com/java-json-tools/jackson-coreutils/issues/59 | |
rm -rf ~/.m2/repository/com/github/java-json-tools | |
mkdir -p /tmp/coreutils-workaround | |
( cd /tmp/coreutils-workaround && mvn dependency:get -DremoteRepositories=https://repo1.maven.org/maven2 -Dartifact=com.github.java-json-tools:jackson-coreutils:2.0 ) | |
- name: Build inmemory Variant | |
# if: github.ref == 'refs/heads/main' | |
run: make SKIP_TESTS=true BUILD_FLAGS='-DskipCommitIdPlugin=false -Dmaven.wagon.httpconnectionManager.maxTotal=30 -Dmaven.wagon.http.retryHandler.count=5 --no-transfer-progress' build-in-memory | |
# - name: Build inmemory Variant Without UI | |
# if: github.ref != 'refs/heads/main' | |
# run: make SKIP_TESTS=true BUILD_FLAGS='-DskipUiBuild -Dmaven.wagon.httpconnectionManager.maxTotal=30 -Dmaven.wagon.http.retryHandler.count=5 --no-transfer-progress' build-in-memory | |
- name: Verify docs generation | |
run: | | |
if [ -n "$(git status --untracked-files=no --porcelain docs)" ]; then | |
echo "Docs needs to be regenerated. Run 'mvn clean install -pl docs -am -DskipTests' and commit the resulting files in the 'docs' folder." | |
git --no-pager diff docs | |
exit 1 | |
fi | |
- name: Build Native executables | |
# if: github.ref == 'refs/heads/main' | |
run: make SKIP_TESTS=true build-mem-native | |
# - name: Build Native executables without UI | |
# if: github.ref != 'refs/heads/main' | |
# run: make SKIP_TESTS=true BUILD_FLAGS='-DskipUiBuild' build-mem-native | |
- name: Build and Push Temporary image for testing | |
env: | |
IMAGE_REPO: ttl.sh/${{ github.sha }} | |
# maximum allowed | |
IMAGE_TAG: 1d | |
run: make build-mem-native-image push-mem-native-image | |
- name: Setup Minikube | |
uses: manusa/actions-setup-minikube@v2.7.2 | |
with: | |
minikube version: 'v1.31.1' | |
kubernetes version: 'v1.26.3' | |
github token: ${{ secrets.GITHUB_TOKEN }} | |
driver: docker | |
- name: Prepare minikube tunnel | |
run: minikube tunnel &> /dev/null & | |
- name: Run Integration Tests - inmemory | |
run: make REGISTRY_IMAGE='-Dregistry-in-memory-image=ttl.sh/${{ github.sha }}/apicurio/apicurio-registry-mem-native:1d' run-in-memory-integration-tests | |
- name: Run Integration Tests - inmemory - auth | |
run: make REGISTRY_IMAGE='-Dregistry-in-memory-image=ttl.sh/${{ github.sha }}/apicurio/apicurio-registry-mem-native:1d' run-in-memory-auth-tests | |
- name: Collect logs | |
if: failure() | |
run: ./.github/scripts/collect_logs.sh | |
- name: Upload tests logs artifacts | |
if: failure() | |
uses: actions/upload-artifact@v4.0.0 | |
with: | |
name: tests-logs | |
path: artifacts | |
- name: Build Native Images | |
env: | |
IMAGE_REPO: quay.io | |
IMAGE_TAG: 2.6.x-snapshot | |
ADDITIONAL_IMAGE_TAG: latest-snapshot | |
run: | | |
make build-mem-native-image | |
- name: Login to Quay.io Registry | |
if: github.event_name == 'push' | |
run: docker login -u "${{ secrets.QUAY_USERNAME }}" -p "${{ secrets.QUAY_PASSWORD }}" quay.io | |
- name: Push Native Images | |
env: | |
IMAGE_REPO: quay.io | |
IMAGE_TAG: 2.6.x-snapshot | |
ADDITIONAL_IMAGE_TAG: latest-snapshot | |
if: github.event_name == 'push' | |
run: | | |
make push-mem-native-image | |
- name: List All The Images | |
run: docker images | |
build-sql-native-images: | |
name: Build and Test SQL native images | |
runs-on: ubuntu-20.04 | |
if: github.repository_owner == 'Apicurio' && !contains(github.event.*.labels.*.name, 'DO NOT MERGE') | |
steps: | |
- name: Checkout Code with Ref '${{ github.ref }}' | |
uses: actions/checkout@v3 | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v3 | |
with: | |
java-version: '17' | |
distribution: 'temurin' | |
cache: 'maven' | |
- name: Workaround jackson-coreutils | |
run: | | |
# upstream issue: https://github.com/java-json-tools/jackson-coreutils/issues/59 | |
rm -rf ~/.m2/repository/com/github/java-json-tools | |
mkdir -p /tmp/coreutils-workaround | |
( cd /tmp/coreutils-workaround && mvn dependency:get -DremoteRepositories=https://repo1.maven.org/maven2 -Dartifact=com.github.java-json-tools:jackson-coreutils:2.0 ) | |
- name: Build Sql Variant | |
# if: github.ref == 'refs/heads/main' | |
run: make SKIP_TESTS=true BUILD_FLAGS='-Dmaven.javadoc.skip=true --no-transfer-progress -Dmaven.wagon.httpconnectionManager.maxTotal=30 -Dmaven.wagon.http.retryHandler.count=5' build-sql | |
# - name: Build Sql Variant Without UI | |
# if: github.ref != 'refs/heads/main' | |
# run: make SKIP_TESTS=true BUILD_FLAGS='-DskipUiBuild -Dmaven.javadoc.skip=true --no-transfer-progress -Dmaven.wagon.httpconnectionManager.maxTotal=30 -Dmaven.wagon.http.retryHandler.count=5' build-sql | |
- name: Verify docs generation | |
run: | | |
if [ -n "$(git status --untracked-files=no --porcelain docs)" ]; then | |
echo "Docs needs to be regenerated. Run 'mvn clean install -pl docs -am -DskipTests' and commit the resulting files in the 'docs' folder." | |
git --no-pager diff docs | |
exit 1 | |
fi | |
- name: Build Native executables | |
# if: github.ref == 'refs/heads/main' | |
run: make SKIP_TESTS=true build-sql-native | |
# - name: Build Native executables without UI | |
# if: github.ref != 'refs/heads/main' | |
# run: make SKIP_TESTS=true BUILD_FLAGS='-DskipUiBuild' build-sql-native | |
- name: Build and Push Temporary image for testing | |
env: | |
IMAGE_REPO: ttl.sh/${{ github.sha }} | |
# maximum allowed | |
IMAGE_TAG: 1d | |
run: make build-sql-native-image push-sql-native-image | |
- name: Setup Minikube | |
uses: manusa/actions-setup-minikube@v2.7.2 | |
with: | |
minikube version: 'v1.31.1' | |
kubernetes version: 'v1.26.3' | |
github token: ${{ secrets.GITHUB_TOKEN }} | |
driver: docker | |
- name: Prepare minikube tunnel | |
run: minikube tunnel &> /dev/null & | |
- name: Run Integration Tests - sql | |
run: make REGISTRY_IMAGE='-Dregistry-sql-image=ttl.sh/${{ github.sha }}/apicurio/apicurio-registry-sql-native:1d' run-sql-integration-tests | |
- name: Run Integration Tests - sql auth | |
run: make REGISTRY_IMAGE='-Dregistry-sql-image=ttl.sh/${{ github.sha }}/apicurio/apicurio-registry-sql-native:1d' run-sql-auth-tests | |
- name: Run Integration Tests - sql migration | |
run: make REGISTRY_IMAGE='-Dregistry-sql-image=ttl.sh/${{ github.sha }}/apicurio/apicurio-registry-sql-native:1d' run-sql-migration-integration-tests | |
- name: Run Integration Tests - sql multitenancy | |
run: make REGISTRY_IMAGE='-Dregistry-sql-image=ttl.sh/${{ github.sha }}/apicurio/apicurio-registry-sql-native:1d' run-sql-multitenancy-integration-tests | |
- name: Collect logs | |
if: failure() | |
run: ./.github/scripts/collect_logs.sh | |
- name: Upload tests logs artifacts | |
if: failure() | |
uses: actions/upload-artifact@v4.0.0 | |
with: | |
name: tests-logs | |
path: artifacts | |
- name: Build Native Images | |
env: | |
IMAGE_REPO: quay.io | |
IMAGE_TAG: 2.6.x-snapshot | |
ADDITIONAL_IMAGE_TAG: latest-snapshot | |
run: | | |
make build-sql-native-image | |
- name: Login to Quay.io Registry | |
if: github.event_name == 'push' | |
run: docker login -u "${{ secrets.QUAY_USERNAME }}" -p "${{ secrets.QUAY_PASSWORD }}" quay.io | |
- name: Push Native Images | |
env: | |
IMAGE_REPO: quay.io | |
IMAGE_TAG: 2.6.x-snapshot | |
ADDITIONAL_IMAGE_TAG: latest-snapshot | |
if: github.event_name == 'push' | |
run: | | |
make push-sql-native-image | |
- name: List All The Images | |
run: docker images | |
notify-sdk: | |
if: github.repository_owner == 'Apicurio' && github.event_name == 'push' && github.ref == 'refs/heads/main' && !contains(github.event.*.labels.*.name, 'DO NOT MERGE') | |
runs-on: ubuntu-20.04 | |
strategy: | |
matrix: | |
language: [go, js, python] | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: dorny/paths-filter@b2feaf19c27470162a626bd6fa8438ae5b263721 | |
id: changes | |
with: | |
base: main | |
filters: | | |
openapi: | |
- 'app/src/main/resources-unfiltered/META-INF/resources/api-specifications/registry/v2/openapi.json' | |
- name: Repository Dispatch | |
if: steps.changes.outputs.openapi == 'true' | |
uses: peter-evans/repository-dispatch@ce5485de42c9b2622d2ed064be479e8ed65e76f4 | |
with: | |
token: ${{ secrets.ACCESS_TOKEN }} | |
repository: Apicurio/apicurio-registry-client-sdk-${{ matrix.language }} | |
event-type: on-oas-updated | |
client-payload: '{"openapi_file_path": "app/src/main/resources-unfiltered/META-INF/resources/api-specifications/registry/v2/openapi.json"}' | |
trigger-examples-build: | |
if: github.repository_owner == 'Apicurio' && github.event_name == 'push' && github.ref == 'refs/heads/main' && !contains(github.event.*.labels.*.name, 'DO NOT MERGE') | |
runs-on: ubuntu-20.04 | |
needs: [build-verify] | |
steps: | |
- name: Repository Dispatch | |
uses: peter-evans/repository-dispatch@ce5485de42c9b2622d2ed064be479e8ed65e76f4 | |
with: | |
token: ${{ secrets.ACCESS_TOKEN }} | |
repository: Apicurio/apicurio-registry-examples | |
event-type: on-registry-updated | |
# Triggers apicurio-registry-mt-ui build whenever apicurio-registry/ui changes | |
trigger-mt-ui-build: | |
if: github.repository_owner == 'Apicurio' && github.event_name == 'push' && github.ref == 'refs/heads/main' && !contains(github.event.*.labels.*.name, 'DO NOT MERGE') | |
runs-on: ubuntu-20.04 | |
needs: [build-verify] | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: dorny/paths-filter@b2feaf19c27470162a626bd6fa8438ae5b263721 | |
id: changes | |
with: | |
base: main | |
list-files: 'csv' | |
filters: | | |
registry-ui: | |
- 'ui/**' | |
- name: Repository Dispatch | |
if: steps.changes.outputs.registry-ui == 'true' | |
uses: peter-evans/repository-dispatch@ce5485de42c9b2622d2ed064be479e8ed65e76f4 | |
with: | |
token: ${{ secrets.ACCESS_TOKEN }} | |
repository: Apicurio/apicurio-registry-mt-ui | |
event-type: on-registry-ui-update |