chore: support IRSA for aws s3 provider #572
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Main CI | |
on: | |
push: | |
branches: | |
- "master" | |
tags: | |
- "*" | |
pull_request: | |
branches: | |
- "*" | |
env: | |
dockerhub_publish: ${{ secrets.DOCKER_PASS != '' }} | |
jobs: | |
meta: | |
runs-on: ubuntu-latest | |
outputs: | |
container_tags: ${{ steps.docker_action_meta.outputs.tags }} | |
container_labels: ${{ steps.docker_action_meta.outputs.labels }} | |
container_buildtime: ${{ fromJSON(steps.docker_action_meta.outputs.json).labels['org.opencontainers.image.created'] }} | |
container_version: ${{ fromJSON(steps.docker_action_meta.outputs.json).labels['org.opencontainers.image.version'] }} | |
container_revision: ${{ fromJSON(steps.docker_action_meta.outputs.json).labels['org.opencontainers.image.revision'] }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
submodules: false | |
persist-credentials: false | |
- name: Docker meta | |
id: docker_action_meta | |
uses: docker/metadata-action@v4.0.1 | |
with: | |
images: | | |
name=ghcr.io/${{ github.repository }}/container | |
name=andrewgaul/s3proxy,enable=${{ env.dockerhub_publish }} | |
flavor: | | |
latest=auto | |
tags: | | |
type=sha,format=long | |
type=sha | |
type=match,pattern=s3proxy-(.*),group=1 | |
type=ref,event=branch | |
type=ref,event=pr | |
type=ref,event=tag | |
labels: | | |
org.opencontainers.image.licenses=Apache-2.0 | |
runTests: | |
runs-on: ubuntu-latest | |
needs: [meta] | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: "recursive" | |
- uses: actions/setup-java@v4 | |
with: | |
distribution: "temurin" | |
java-version: "11" | |
cache: "maven" | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: "3.11" | |
cache: "pip" | |
#Run tests | |
- name: Maven Set version | |
run: | | |
mvn versions:set -DnewVersion=${{ needs.meta.outputs.version }} | |
- name: Maven Package | |
run: | | |
mvn package verify -DskipTests | |
- name: Maven Test | |
run: | | |
mvn test | |
- name: Maven Test with transient-nio2 | |
run: | | |
# TODO: run other test classes | |
mvn test -Ds3proxy.test.conf=s3proxy-transient-nio2.conf -Dtest=AwsSdkTest | |
- name: Maven Test with filesystem-nio2 | |
run: | | |
# TODO: run other test classes | |
mkdir /tmp/blobstore | |
mvn test -Ds3proxy.test.conf=s3proxy-filesystem-nio2.conf -Dtest=AwsSdkTest | |
- name: Install Azurite | |
run: npx --yes --loglevel info azurite --version | |
- name: Start Azurite | |
shell: bash | |
run: npx --yes azurite azurite-blob & | |
- name: Maven Test with Azurite | |
run: | | |
# TODO: run other test classes | |
mvn test -Ds3proxy.test.conf=s3proxy-azurite.conf -Dtest=AwsSdkTest | |
- name: Install Minio | |
run: | | |
curl -o minio https://dl.min.io/server/minio/release/linux-amd64/minio | |
chmod +x minio | |
- name: Start Minio | |
run: | | |
mkdir mnt/ | |
MINIO_SERVER_URL=http://127.0.0.1:9000 MINIO_ROOT_USER=remote-identity MINIO_ROOT_PASSWORD=remote-credential ./minio server mnt/ & | |
- name: Maven Test with Minio | |
run: | | |
# TODO: run other test classes | |
mvn test -Ds3proxy.test.conf=s3proxy-minio.conf -Dtest=AwsSdkTest | |
kill $(pidof minio) | |
- name: Install s3-tests | |
run: | | |
python -m pip install --upgrade pip | |
pip install tox tox-gh-actions | |
- name: Run s3-tests | |
run: | | |
./src/test/resources/run-s3-tests.sh | |
- name: Run s3-tests with transient-nio2 | |
run: | | |
./src/test/resources/run-s3-tests.sh s3proxy-transient-nio2.conf | |
- name: Run s3-tests with Azurite | |
run: | | |
./src/test/resources/run-s3-tests.sh s3proxy-azurite.conf | |
kill $(pidof node) | |
#Store the target | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: s3proxy | |
path: target/s3proxy | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: pom | |
path: pom.xml | |
Containerize: | |
runs-on: ubuntu-latest | |
needs: [runTests, meta] | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/download-artifact@v4 | |
with: | |
name: s3proxy | |
path: target | |
- uses: actions/download-artifact@v4 | |
with: | |
name: pom | |
path: . | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v2 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Login to DockerHub | |
uses: docker/login-action@v3 | |
if: github.event_name != 'pull_request' && env.dockerhub_publish == 'true' | |
with: | |
username: ${{ secrets.DOCKER_USER }} | |
password: ${{ secrets.DOCKER_PASS }} | |
- name: Login to GHCR | |
uses: docker/login-action@v3 | |
if: github.event_name != 'pull_request' | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build and push | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
platforms: linux/amd64,linux/arm64,linux/arm/v7 | |
push: ${{ github.event_name != 'pull_request' }} | |
tags: ${{ needs.meta.outputs.container_tags }} | |
labels: ${{ needs.meta.outputs.container_labels }} | |
build-args: | | |
BUILDTIME=${{ needs.meta.outputs.container_buildtime }} | |
VERSION=${{ needs.meta.outputs.container_version }} | |
REVISION=${{ needs.meta.outputs.container_revision }} | |
cache-from: type=gha | |
cache-to: type=gha,mode=max |