8383 steps :
8484 - uses : actions/checkout@v4
8585
86- - name : Set up containerd
87- uses : crazy-max/ghaction-setup-containerd@v3
88-
89- - name : Fix containerd socket permissions
90- run : |
91- sudo chgrp docker /run/containerd/containerd.sock
92-
9386 - name : Set up QEMU
9487 uses : docker/setup-qemu-action@v3
9588
@@ -109,48 +102,7 @@ jobs:
109102 with :
110103 images : ${{ env.DOCKER_REGISTRY }}/${{ env.DOCKER_IMAGE_NAME }}
111104
112- - name : Build Docker image
113- uses : docker/build-push-action@v6
114- with :
115- context : .
116- push : false
117- platforms : linux/amd64,linux/arm64
118- tags : ${{ steps.docker-metadata.outputs.tags }}
119- labels : ${{ steps.docker-metadata.outputs.labels }}
120- # Export the image to a tar so it can be imported into containerd so gokakashi can scan it
121- outputs : type=oci,dest=/tmp/image.tar
122-
123- - name : Import docker image into containerd store
124- run : |
125- ctr images import --base-name ${{ env.DOCKER_REGISTRY }}/${{ env.DOCKER_IMAGE_NAME }} --digests --all-platforms /tmp/image.tar
126-
127- name : Get first docker tag for gokakashi
128- id : first-docker-tag
129- run : |
130- FIRST_TAG=$(echo "${{ steps.docker-metadata.outputs.tags }}" | head -n 1)
131- echo "First docker tag: $FIRST_TAG"
132- echo "tag=$FIRST_TAG" >> $GITHUB_OUTPUT
133-
134- name : Scan docker image with gokakashi
135- uses :
shinobistack/[email protected] 136- with :
137- image : ${{ steps.first-docker-tag.outputs.tag }}
138- labels : agentKey=${{ github.run_id }}
139- policy : ci-platform
140- server : https://gokakashi-server.hasura-app.io
141- token : ${{ secrets.GOKAKASHI_API_TOKEN }}
142- cf_client_id : ${{ secrets.CF_ACCESS_CLIENT_ID }}
143- cf_client_secret : ${{ secrets.CF_ACCESS_CLIENT_SECRET }}
144- interval : 10
145- retries : 8
146-
147- - name : Upload Trivy report as artifact
148- uses : actions/upload-artifact@v4
149- with :
150- name : trivy-report
151- path : /tmp/trivy-report-*.json
152-
153- - name : Push Docker image
105+ - name : Build and Push Docker image
154106 uses : docker/build-push-action@v6
155107 with :
156108 context : .
@@ -194,79 +146,3 @@ jobs:
194146 files : |
195147 ./connector-definition/dist/connector-definition.tgz
196148fail_on_unmatched_files : true
197-
198- - name : Update ndc-hub
199- env :
200- REGISTRY_NAME : hasura
201- CONNECTOR_NAME : ndc-python-lambda
202- COMMIT_HASH : ${{ needs.build-connector.outputs.commit_hash }}
203- SHA256 : ${{ needs.build-connector.outputs.sha256 }}
204- GH_TOKEN : ${{ secrets.PAT_TOKEN }}
205- run : |
206- # Clone ndc-hub repository
207- git clone https://github.com/hasura/ndc-hub.git
208- cd ndc-hub
209-
210- # Create a new branch
211- NEW_BRANCH="update-${{ env.CONNECTOR_NAME }}-connector-v${{ steps.get-version.outputs.tagged_version }}"
212- git checkout -b $NEW_BRANCH
213-
214- cd registry/${{ env.REGISTRY_NAME }}/python
215-
216- # Create releases directory if it doesn't exist
217- mkdir -p releases/v${{ steps.get-version.outputs.tagged_version }}
218-
219- # Create connector-packaging.json
220- cat << EOF > releases/v${{ steps.get-version.outputs.tagged_version }}/connector-packaging.json
221- {
222- "version": "v${{ steps.get-version.outputs.tagged_version }}",
223- "uri": "https://github.com/${{ github.repository }}/releases/download/v${{ steps.get-version.outputs.tagged_version }}/connector-definition.tgz",
224- "checksum": {
225- "type": "sha256",
226- "value": "$SHA256"
227- },
228- "source": {
229- "hash": "$COMMIT_HASH"
230- },
231- "test": {
232- "test_config_path": "../../tests/test-config.json"
233- }
234- }
235- EOF
236-
237- # Update metadata.json to remove 'packages' field if it exists and update 'latest_version'
238- jq --arg version_tag "v${{ steps.get-version.outputs.tagged_version }}" \
239- --arg commit_hash "$COMMIT_HASH" \
240- 'if has("packages") then del(.packages) else . end |
241- .overview.latest_version = $version_tag |
242- if has("source_code") then
243- .source_code.version += [{
244- "tag": $version_tag,
245- "hash": $commit_hash,
246- "is_verified": false
247- }]
248- else
249- . + {"source_code": {"version": [{
250- "tag": $version_tag,
251- "hash": $commit_hash,
252- "is_verified": false
253- }]}}
254- end' \
255- metadata.json > tmp.json && mv tmp.json metadata.json
256-
257- # Commit changes
258- git config user.name "GitHub Action"
259- git config user.email "[email protected] " 260- git add metadata.json README.md releases
261- git commit -m "Update ${{ env.CONNECTOR_NAME }} connector metadata to version ${{ steps.get-version.outputs.tagged_version }}"
262-
263- # Push changes
264- git push https://${{ secrets.PAT_TOKEN }}@github.com/hasura/ndc-hub.git HEAD:$NEW_BRANCH
265-
266- # Create PR using GitHub CLI
267- cd ../..
268- gh pr create --repo hasura/ndc-hub \
269- --base main \
270- --head $NEW_BRANCH \
271- --title "Update ${{ env.CONNECTOR_NAME }} connector to v${{ steps.get-version.outputs.tagged_version }}" \
272- --body "This PR updates the ${{ env.CONNECTOR_NAME }} connector metadata to version ${{ steps.get-version.outputs.tagged_version }}."
0 commit comments