diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 8c8fcde..6029cee 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -14,14 +14,17 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 - name: Set up JDK 11 - uses: actions/setup-java@v2 + uses: actions/setup-java@v4 with: java-version: 11 distribution: adopt + - name: Install sbt + uses: sbt/setup-sbt@v1 + - name: Install LZO run: sudo apt-get install -y lzop liblzo2-dev @@ -39,47 +42,71 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - app: + sbtProject: - main - lzo - distroless include: - - suffix: "" - - app: lzo - run_snyk: ${{ !contains(github.ref, 'rc') }} - - app: distroless - run_snyk: ${{ !contains(github.ref, 'rc') }} + - sbtProject: main + runSnyk: false + dockerTagSuffix: "" + - sbtProject: lzo + runSnyk: true + dockerTagSuffix: "-lzo" + - sbtProject: distroless + runSnyk: true + dockerTagSuffix: "-distroless" steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 - name: Set up JDK 11 - uses: actions/setup-java@v2 + uses: actions/setup-java@v4 with: java-version: 11 distribution: adopt - - name: Install LZO - run: sudo apt-get install -y lzop liblzo2-dev + - name: Install sbt + uses: sbt/setup-sbt@v1 - name: Login to Docker Hub run: docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD env: DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} - - - name: Publish to Docker Hub - run: sbt "project ${{ matrix.app }}" docker:publish - + - name: Stage the Docker build + run: sbt "project ${{ matrix.sbtProject}}" docker:stage + - name: Docker metadata + id: meta + uses: docker/metadata-action@v3 + with: + images: snowplow/snowplow-s3-loader + tags: | + type=raw,value=latest${{ matrix.dockerTagSuffix }},enable=${{ !contains(github.ref_name, 'rc') }} + type=raw,value=${{ github.ref_name }}${{ matrix.dockerTagSuffix }} + flavor: | + latest=false + - name: Set up QEMU + uses: docker/setup-qemu-action@v1 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + - name: Push image + uses: docker/build-push-action@v2 + with: + context: modules/${{ matrix.sbtProject }}/target/docker/stage + file: modules/${{ matrix.sbtProject }}/target/docker/stage/Dockerfile + platforms: linux/amd64,linux/arm64/v8 + tags: ${{ steps.meta.outputs.tags }} + push: true - name: Build local image, which is needed to run Snyk - if: matrix.run_snyk - run: sbt "project ${{ matrix.app }}" docker:publishLocal + if: ${{ !contains(github.ref_name, 'rc') && fromJSON(matrix.runSnyk) }} + run: sbt "project ${{ matrix.sbtProject }}" docker:publishLocal - name: Run Snyk to check for vulnerabilities uses: snyk/actions/docker@master - if: matrix.run_snyk + if: ${{ !contains(github.ref_name, 'rc') && fromJSON(matrix.runSnyk) }} with: - image: "snowplow/snowplow-s3-loader:${{ github.ref_name }}-${{ matrix.app }}" - args: "--app-vulns --org=data-processing-new" + image: "snowplow/snowplow-s3-loader:${{ github.ref_name }}${{ matrix.dockerTagSuffix }}" + args: "--app-vulns --org=99605b41-ca0f-42c9-a9ff-45c201a10a26 --project-name=snowplow-s3-loader-${{ matrix.sbtProject }}" command: monitor env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} @@ -90,14 +117,17 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 - name: Set up JDK 11 - uses: actions/setup-java@v2 + uses: actions/setup-java@v4 with: java-version: 11 distribution: adopt + - name: Install sbt + uses: sbt/setup-sbt@v1 + - name: Install LZO run: sudo apt-get install -y lzop liblzo2-dev diff --git a/.github/workflows/lacework.yml b/.github/workflows/lacework.yml deleted file mode 100644 index 771b73a..0000000 --- a/.github/workflows/lacework.yml +++ /dev/null @@ -1,51 +0,0 @@ -name: lacework - -on: - push: - tags: - - '*' - -jobs: - scan: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - uses: coursier/cache-action@v3 - - name: Set up JDK - uses: actions/setup-java@v1 - with: - java-version: 11 - - name: Get current version - id: ver - run: echo "::set-output name=tag::${GITHUB_REF#refs/tags/}" - - - name: Install lacework scanner - run: | - sudo apt-get update - sudo apt-get -y install curl - curl -L https://github.com/lacework/lacework-vulnerability-scanner/releases/latest/download/lw-scanner-linux-amd64 -o lw-scanner - chmod +x lw-scanner - - - name: Build docker images - run: sbt docker:publishLocal - - - name: Scan snowplow-s3-loader focal - env: - LW_ACCESS_TOKEN: ${{ secrets.LW_ACCESS_TOKEN }} - LW_ACCOUNT_NAME: ${{ secrets.LW_ACCOUNT_NAME }} - LW_SCANNER_SAVE_RESULTS: ${{ !contains(steps.version.outputs.tag, 'rc') }} - run: ./lw-scanner image evaluate snowplow/snowplow-s3-loader ${{ steps.ver.outputs.tag }} --build-id ${{ github.run_id }} --no-pull - - - name: Scan snowplow-s3-loader distroless - env: - LW_ACCESS_TOKEN: ${{ secrets.LW_ACCESS_TOKEN }} - LW_ACCOUNT_NAME: ${{ secrets.LW_ACCOUNT_NAME }} - LW_SCANNER_SAVE_RESULTS: ${{ !contains(steps.version.outputs.tag, 'rc') }} - run: ./lw-scanner image evaluate snowplow/snowplow-s3-loader ${{ steps.ver.outputs.tag }}-distroless --build-id ${{ github.run_id }} --no-pull - - - name: Scan snowplow-s3-loader lzo - env: - LW_ACCESS_TOKEN: ${{ secrets.LW_ACCESS_TOKEN }} - LW_ACCOUNT_NAME: ${{ secrets.LW_ACCOUNT_NAME }} - LW_SCANNER_SAVE_RESULTS: ${{ !contains(steps.version.outputs.tag, 'rc') }} - run: ./lw-scanner image evaluate snowplow/snowplow-s3-loader ${{ steps.ver.outputs.tag }}-lzo --build-id ${{ github.run_id }} --no-pull