Skip to content
ndc-python-lambda connector

upgrade Pythong 3.12 #112

Sign in to view logs

upgrade Pythong 3.12

upgrade Pythong 3.12 #112

Workflow file for this run

.github/workflows/ndc-python-lambda-connector.yaml at a28c87c
name: "ndc-python-lambda connector"
on:
pull_request:
branches:
- main
- test-ci/**
push:
branches:
- "main"
- test-ci/**
tags:
- v**
env:
DOCKER_REGISTRY: ghcr.io
DOCKER_IMAGE_NAME: hasura/ndc-python-lambda
jobs:
build-and-test:
name: Build and test ndc-lambda-sdk
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: "3.12"
- name: Install dependencies
run: |
python -m pip install --upgrade pip
if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
- name: Run tests
run: |
if command -v pytest &> /dev/null; then
pytest
else
echo "pytest not found, skipping tests"
fi
build-connector:
name: Build connector
runs-on: ubuntu-latest
outputs:
commit_hash: ${{ steps.get_commit_hash.outputs.commit_hash }}
sha256: ${{ steps.calculate_checksum.outputs.sha256 }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # This is important for git describe to work correctly
- uses: actions/setup-python@v5
with:
python-version: "3.12"
- name: Build connector
run: |
cd connector-definition
make build
- name: Calculate SHA256 checksum
id: calculate_checksum
run: |
SHA256=$(sha256sum ./connector-definition/dist/connector-definition.tgz | awk '{ print $1 }')
echo "sha256=$SHA256" >> $GITHUB_OUTPUT
- name: Get commit hash
id: get_commit_hash
run: |
COMMIT_HASH=$(git rev-parse HEAD)
echo "commit_hash=$COMMIT_HASH" >> $GITHUB_OUTPUT
- name: Debug information
run: |
echo "Contents of connector-definition/dist:"
ls -la connector-definition/dist
echo "Contents of connector-definition/dist/.hasura-connector:"
ls -la connector-definition/dist/.hasura-connector
- uses: actions/upload-artifact@v4
with:
name: connector-definition
path: ./connector-definition/dist
compression-level: 0 # Already compressed
build-and-push-docker:
name: Build and push Docker image
needs: build-connector
runs-on: ubuntu-latest
if: startsWith(github.ref, 'refs/tags/v')
steps:
- uses: actions/checkout@v4
- name: Set up containerd
uses: crazy-max/ghaction-setup-containerd@v3
- name: Fix containerd socket permissions
run: |
sudo chgrp docker /run/containerd/containerd.sock
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ${{ env.DOCKER_REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata (tags, labels) for Docker
id: docker-metadata
uses: docker/metadata-action@v5
with:
images: ${{ env.DOCKER_REGISTRY }}/${{ env.DOCKER_IMAGE_NAME }}
- name: Build Docker image
uses: docker/build-push-action@v6
with:
context: .
push: false
platforms: linux/amd64,linux/arm64
tags: ${{ steps.docker-metadata.outputs.tags }}
labels: ${{ steps.docker-metadata.outputs.labels }}
# Export the image to a tar so it can be imported into containerd so gokakashi can scan it
outputs: type=oci,dest=/tmp/image.tar
- name: Import docker image into containerd store
run: |
ctr images import --base-name ${{ env.DOCKER_REGISTRY }}/${{ env.DOCKER_IMAGE_NAME }} --digests --all-platforms /tmp/image.tar
- name: Get first docker tag for gokakashi
id: first-docker-tag
run: |
FIRST_TAG=$(echo "${{ steps.docker-metadata.outputs.tags }}" | head -n 1)
echo "First docker tag: $FIRST_TAG"
echo "tag=$FIRST_TAG" >> $GITHUB_OUTPUT
- name: Scan docker image with gokakashi
uses: shinobistack/gokakashi-action@v0.1.1
with:
image: ${{ steps.first-docker-tag.outputs.tag }}
labels: agentKey=${{ github.run_id }}
policy: ci-platform
server: https://gokakashi-server.hasura-app.io
token: ${{ secrets.GOKAKASHI_API_TOKEN }}
cf_client_id: ${{ secrets.CF_ACCESS_CLIENT_ID }}
cf_client_secret: ${{ secrets.CF_ACCESS_CLIENT_SECRET }}
interval: 10
retries: 8
- name: Upload Trivy report as artifact
uses: actions/upload-artifact@v4
with:
name: trivy-report
path: /tmp/trivy-report-*.json
- name: Push Docker image
uses: docker/build-push-action@v6
with:
context: .
push: true
platforms: linux/amd64,linux/arm64
tags: ${{ steps.docker-metadata.outputs.tags }}
labels: ${{ steps.docker-metadata.outputs.labels }}
release-connector:
name: Release connector
runs-on: ubuntu-latest
needs:
- build-and-test
- build-connector
- build-and-push-docker
if: startsWith(github.ref, 'refs/tags/v')
steps:
- uses: actions/checkout@v4
- name: Download connector definition
uses: actions/download-artifact@v4
with:
name: connector-definition
path: ./connector-definition/dist
- name: Get version from tag
id: get-version
run: |
echo "tagged_version=${GITHUB_REF#refs/tags/v}" >> $GITHUB_OUTPUT
shell: bash
# - uses: mindsers/changelog-reader-action@v2
# id: changelog-reader
# with:
# version: ${{ steps.get-version.outputs.tagged_version }}
# path: ./CHANGELOG.md
# - uses: softprops/action-gh-release@v1
# with:
# draft: false
# tag_name: v${{ steps.get-version.outputs.tagged_version }}
# body: ${{ steps.changelog-reader.outputs.changes }}
# files: |
# ./connector-definition/dist/connector-definition.tgz
# fail_on_unmatched_files: true
# - name: Update ndc-hub
# env:
# REGISTRY_NAME: hasura
# CONNECTOR_NAME: ndc-python-lambda
# COMMIT_HASH: ${{ needs.build-connector.outputs.commit_hash }}
# SHA256: ${{ needs.build-connector.outputs.sha256 }}
# GH_TOKEN: ${{ secrets.PAT_TOKEN }}
# run: |
# # Clone ndc-hub repository
# git clone https://github.com/hasura/ndc-hub.git
# cd ndc-hub
# # Create a new branch
# NEW_BRANCH="update-${{ env.CONNECTOR_NAME }}-connector-v${{ steps.get-version.outputs.tagged_version }}"
# git checkout -b $NEW_BRANCH
# cd registry/${{ env.REGISTRY_NAME }}/python
# # Create releases directory if it doesn't exist
# mkdir -p releases/v${{ steps.get-version.outputs.tagged_version }}
# # Create connector-packaging.json
# cat << EOF > releases/v${{ steps.get-version.outputs.tagged_version }}/connector-packaging.json
# {
# "version": "v${{ steps.get-version.outputs.tagged_version }}",
# "uri": "https://github.com/${{ github.repository }}/releases/download/v${{ steps.get-version.outputs.tagged_version }}/connector-definition.tgz",
# "checksum": {
# "type": "sha256",
# "value": "$SHA256"
# },
# "source": {
# "hash": "$COMMIT_HASH"
# }
# }
# EOF
# # Update metadata.json to remove 'packages' field if it exists and update 'latest_version'
# jq --arg version_tag "v${{ steps.get-version.outputs.tagged_version }}" \
# --arg commit_hash "$COMMIT_HASH" \
# 'if has("packages") then del(.packages) else . end |
# .overview.latest_version = $version_tag |
# if has("source_code") then
# .source_code.version += [{
# "tag": $version_tag,
# "hash": $commit_hash,
# "is_verified": false
# }]
# else
# . + {"source_code": {"version": [{
# "tag": $version_tag,
# "hash": $commit_hash,
# "is_verified": false
# }]}}
# end' \
# metadata.json > tmp.json && mv tmp.json metadata.json
# cp ../../../../README.md ./README.md
# # Commit changes
# git config user.name "GitHub Action"
# git config user.email "action@github.com"
# git add metadata.json README.md releases
# git commit -m "Update ${{ env.CONNECTOR_NAME }} connector metadata to version ${{ steps.get-version.outputs.tagged_version }}"
# # Push changes
# git push https://${{ secrets.PAT_TOKEN }}@github.com/hasura/ndc-hub.git HEAD:$NEW_BRANCH
# # Create PR using GitHub CLI
# cd ../..
# gh pr create --repo hasura/ndc-hub \
# --base main \
# --head $NEW_BRANCH \
# --title "Update ${{ env.CONNECTOR_NAME }} connector to v${{ steps.get-version.outputs.tagged_version }}" \
# --body "This PR updates the ${{ env.CONNECTOR_NAME }} connector metadata to version ${{ steps.get-version.outputs.tagged_version }}."