Skip to content
ndc-nodejs-lambda connector

Create a new 1.14.0 version that uses SDK version 7.1.0 (#56) #169

Sign in to view logs

Create a new 1.14.0 version that uses SDK version 7.1.0 (#56)

Create a new 1.14.0 version that uses SDK version 7.1.0 (#56) #169

Workflow file for this run

.github/workflows/ndc-nodejs-lambda-connector.yaml at 6e3a664
name: "ndc-nodejs-lambda connector"
on:
pull_request:
branches:
- main
- test-ci/**
push:
branches:
- 'main'
- test-ci/**
tags:
- v**
env:
DOCKER_REGISTRY: ghcr.io
DOCKER_IMAGE_NAME: hasura/ndc-nodejs-lambda
jobs:
build-npm:
name: Build ndc-lambda-sdk npm package
defaults:
run:
working-directory: ./ndc-lambda-sdk
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version-file: .nvmrc
registry-url: https://registry.npmjs.org
cache: npm
cache-dependency-path: ./ndc-lambda-sdk/package-lock.json
- run: npm ci
- run: npm run build
- run: npm test
publish-npm:
name: Publish ndc-lambda-sdk to npm
defaults:
run:
working-directory: ./ndc-lambda-sdk
needs: build-npm
runs-on: ubuntu-latest
if: ${{ startsWith(github.ref, 'refs/tags/v') }}
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version-file: .nvmrc
registry-url: https://registry.npmjs.org
cache: npm
cache-dependency-path: ./ndc-lambda-sdk/package-lock.json
- run: |
PACKAGE_VERSION=`npm version | sed -rn "2 s/.*: '([^']*)'.*/\1/g; 2 p"`
TAG=`echo "$GITHUB_REF"| sed -r "s#.*/##g"`
echo '$TAG' = "$TAG"
echo '$GITHUB_REF' = "$GITHUB_REF"
echo '$PACKAGE_VERSION' = "$PACKAGE_VERSION"
if [ "$TAG" = "v$PACKAGE_VERSION" ]
then
echo "Success! Versions match."
else
echo "Package version (v$PACKAGE_VERSION) must match tag (GITHUB_REF: $GITHUB_REF) in order to publish" 1>&2
exit 1
fi
- run: npm ci
- run: npm run build
- run: npm publish --access public
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
docker:
name: Build base docker image
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up containerd
uses: crazy-max/ghaction-setup-containerd@v3
- name: Fix containerd socket permissions
run: |
sudo chgrp docker /run/containerd/containerd.sock
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ${{ env.DOCKER_REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata (tags, labels) for Docker
id: docker-metadata
uses: docker/metadata-action@v5
with:
images: ${{ env.DOCKER_REGISTRY }}/${{ env.DOCKER_IMAGE_NAME }}
- name: Get npm package version
id: get-npm-package-version
run: |
PACKAGE_VERSION=`npm version | sed -rn "2 s/.*: '([^']*)'.*/\1/g; 2 p"`
echo "package_version=${PACKAGE_VERSION}" >> $GITHUB_OUTPUT
shell: bash
working-directory: ./ndc-lambda-sdk
- name: Build docker image
uses: docker/build-push-action@v6
with:
context: .
build-args: |
CONNECTOR_VERSION=${{ steps.get-npm-package-version.outputs.package_version }}
platforms: linux/amd64,linux/arm64
tags: ${{ steps.docker-metadata.outputs.tags }}
labels: ${{ steps.docker-metadata.outputs.labels }}
outputs: type=oci,dest=/tmp/image.tar # Export the image to a tar so it can be imported into containerd so gokakashi can scan it
- name: Import docker image into containerd store
run: |
ctr images import --base-name ${{ env.DOCKER_REGISTRY }}/${{ env.DOCKER_IMAGE_NAME }} --digests --all-platforms /tmp/image.tar
- name: Get first docker tag for gokakashi
id: first-docker-tag
run: |
FIRST_TAG=$(echo "${{ steps.docker-metadata.outputs.tags }}" | head -n 1)
echo "First docker tag: $FIRST_TAG"
echo "tag=$FIRST_TAG" >> $GITHUB_OUTPUT
- name: Scan docker image with gokakashi
uses: shinobistack/[email protected]
with:
image: ${{ steps.first-docker-tag.outputs.tag }}
labels: agentKey=${{ github.run_id }}
policy: ci-platform
server: https://gokakashi-server.hasura-app.io
token: ${{ secrets.GOKAKASHI_API_TOKEN }}
cf_client_id: ${{ secrets.CF_ACCESS_CLIENT_ID }}
cf_client_secret: ${{ secrets.CF_ACCESS_CLIENT_SECRET }}
interval: 10
retries: 8
- name: Upload Trivy report as artifact
uses: actions/upload-artifact@v4
with:
name: trivy-report
path: /tmp/trivy-report-*.json
- name: Push docker image
uses: docker/build-push-action@v6
if: ${{ startsWith(github.ref, 'refs/tags/v') }}
with:
context: .
build-args: |
CONNECTOR_VERSION=${{ steps.get-npm-package-version.outputs.package_version }}
platforms: linux/amd64,linux/arm64
tags: ${{ steps.docker-metadata.outputs.tags }}
labels: ${{ steps.docker-metadata.outputs.labels }}
push: true
release-connector:
name: Release connector
defaults:
run:
working-directory: ./connector-definition
runs-on: ubuntu-latest
needs:
- publish-npm
- docker
if: ${{ startsWith(github.ref, 'refs/tags/v') }}
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version-file: .nvmrc
registry-url: https://registry.npmjs.org
cache: npm
cache-dependency-path: ./ndc-lambda-sdk/package-lock.json
- name: Build connector definition
run: make build
- uses: actions/upload-artifact@v4
with:
name: connector-definition.tgz
path: ./connector-definition/dist/connector-definition.tgz
compression-level: 0 # Already compressed
- name: Get version from tag
id: get-version
run: |
echo "tagged_version=${GITHUB_REF#refs/tags/v}" >> $GITHUB_OUTPUT
shell: bash
- uses: mindsers/changelog-reader-action@v2
id: changelog-reader
with:
version: ${{ steps.get-version.outputs.tagged_version }}
path: ./CHANGELOG.md
- uses: softprops/action-gh-release@v1
with:
draft: false
tag_name: v${{ steps.get-version.outputs.tagged_version }}
body: ${{ steps.changelog-reader.outputs.changes }}
files: |
./connector-definition/dist/connector-definition.tgz
fail_on_unmatched_files: true