Merge branch 'feat/stop-editor-scrolling-to-top' of https://github.co…

…m/puridach-w/superset into feat/stop-editor-scrolling-to-top

.github/CODEOWNERS

@@ -4,12 +4,6 @@
 
 /superset/migrations/ @apache/superset-committers
 
-# Notify Preset team when ephemeral env settings are changed
-
-.github/workflows/ecs-task-definition.json @robdiciuccio @craig-rueda @rusackas @eschutho @dpgaspar @nytai @mistercrunch
-.github/workflows/docker-ephemeral-env.yml @robdiciuccio @craig-rueda @rusackas @eschutho @dpgaspar @nytai @mistercrunch
-.github/workflows/ephemeral*.yml @robdiciuccio @craig-rueda @rusackas @eschutho @dpgaspar @nytai @mistercrunch
-
 # Notify some committers of changes in the components
 
 /superset-frontend/src/components/Select/ @michael-s-molina @geido @kgabryje
@@ -26,4 +20,4 @@
 
 # Notify PMC members of changes to GitHub Actions
 
-/.github/ @villebro @geido @eschutho @rusackas @betodealmeida @nytai @mistercrunch @craig-rueda @john-bodley @kgabryje
+/.github/ @villebro @geido @eschutho @rusackas @betodealmeida @nytai @mistercrunch @craig-rueda @john-bodley @kgabryje @dpgaspar

.github/workflows/check_db_migration_confict.yml

@@ -3,6 +3,12 @@ on:
   push:
     paths:
       - "superset/migrations/**"
+    branches:
+      - 'master'
+  pull_request:
+    paths:
+      - "superset/migrations/**"
+    types: [synchronize, opened, reopened, ready_for_review]
 
 jobs:
   check_db_migration_conflict:

.github/workflows/docker-release.yml

@@ -22,21 +22,29 @@ jobs:
     if: needs.config.outputs.has-secrets
     name: docker-release
     runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        target: ["dev", "lean", "lean310", "websocket", "dockerize"]
+        platform: ["linux/amd64", "linux/arm64"]
+      fail-fast: false
     steps:
       - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           persist-credentials: false
           submodules: recursive
           ref: ${{ github.ref }}
+
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v3
+
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
-      - shell: bash
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build Docker Image
         env:
           DOCKERHUB_USER: ${{ secrets.DOCKERHUB_USER }}
           DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
         run: |
           GITHUB_RELEASE_TAG_NAME="${{ github.event.release.tag_name }}"
-          ./scripts/docker_build_push.sh "$GITHUB_RELEASE_TAG_NAME"
+          ./scripts/docker_build_push.sh "$GITHUB_RELEASE_TAG_NAME" ${{ matrix.target }} ${{ matrix.platform }}

.github/workflows/docker.yml

@@ -8,43 +8,56 @@ on:
     types: [synchronize, opened, reopened, ready_for_review]
 
 jobs:
-  config:
-    runs-on: "ubuntu-latest"
-    outputs:
-      has-secrets: ${{ steps.check.outputs.has-secrets }}
-    steps:
-      - name: "Check for secrets"
-        id: check
-        shell: bash
-        run: |
-          if [ -n "${{ (secrets.DOCKERHUB_USER != '' && secrets.DOCKERHUB_TOKEN != '') || '' }}" ]; then
-            echo "has-secrets=1" >> "$GITHUB_OUTPUT"
-            echo "has secrets!"
-          else
-            echo "has-secrets=0" >> "$GITHUB_OUTPUT"
-            echo "no secrets!"
-          fi
-
   docker-build:
-    needs: config
-    if: needs.config.outputs.has-secrets
     name: docker-build
     runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        target: ["dev", "lean", "lean310", "websocket", "dockerize"]
+        platform: ["linux/amd64", "linux/arm64"]
+        exclude:
+          # disabling because slow! no python wheels for arm/py39 and
+          # QEMU is slow!
+          - target: "dev"
+            platform: "linux/arm64"
+          - target: "lean"
+            platform: "linux/arm64"
+      fail-fast: false
     steps:
       - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           persist-credentials: false
+
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v3
+
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
-      - shell: bash
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build Docker Image
+        shell: bash
         env:
           DOCKERHUB_USER: ${{ secrets.DOCKERHUB_USER }}
           DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
         run: |
-          ./scripts/docker_build_push.sh
+          ./scripts/docker_build_push.sh "" ${{ matrix.target }} ${{ matrix.platform }}
+
+
+  ephemeral-docker-build:
+    name: docker-build
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
 
       - name: Build ephemeral env image
         if: github.event_name == 'pull_request'
@@ -54,7 +67,7 @@ jobs:
           echo ${{ github.event.pull_request.number }} > ./build/PR-NUM
           docker buildx build --target ci \
             --load \
-            --cache-from=type=local,src=/tmp/superset \
+            --cache-from=type=registry,ref=apache/superset:lean \
             -t ${{ github.sha }} \
             -t "pr-${{ github.event.pull_request.number }}" \
             --platform linux/amd64 \
@@ -64,7 +77,7 @@ jobs:
 
       - name: Upload build artifacts
         if: github.event_name == 'pull_request'
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: build
           path: build/

.github/workflows/ephemeral-env.yml

@@ -79,6 +79,80 @@ jobs:
           })
           core.setFailed(errMsg)
 
+  docker_ephemeral_env:
+    needs: config
+    if: needs.config.outputs.has-secrets
+    name: Push ephemeral env Docker image to ECR
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: "Download artifact"
+        uses: actions/[email protected]
+        with:
+          script: |
+            const artifacts = await github.actions.listWorkflowRunArtifacts({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                run_id: ${{ github.event.workflow_run.id }},
+            });
+
+            core.info('*** artifacts')
+            core.info(JSON.stringify(artifacts))
+
+            const matchArtifact = artifacts.data.artifacts.filter((artifact) => {
+              return artifact.name === "build";
+            });
+
+            if (!matchArtifact.length) {
+              return core.setFailed("Build artifacts not found");
+            }
+
+            const download = await github.actions.downloadArtifact({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                artifact_id: matchArtifact[0].id,
+                archive_format: 'zip',
+            });
+            var fs = require('fs');
+            fs.writeFileSync('${{github.workspace}}/build.zip', Buffer.from(download.data));
+
+      - run: unzip build.zip
+
+      - name: Display downloaded files (debug)
+        run: ls -la
+
+      - name: Get SHA
+        id: get-sha
+        run: echo "::set-output name=sha::$(cat ./SHA)"
+
+      - name: Get PR
+        id: get-pr
+        run: echo "::set-output name=num::$(cat ./PR-NUM)"
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: us-west-2
+
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v1
+
+      - name: Load, tag and push image to ECR
+        id: push-image
+        env:
+          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+          ECR_REPOSITORY: superset-ci
+          SHA: ${{ steps.get-sha.outputs.sha }}
+          IMAGE_TAG: pr-${{ steps.get-pr.outputs.num }}
+        run: |
+          docker load < $SHA.tar.gz
+          docker tag $SHA $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
+          docker tag $SHA $ECR_REGISTRY/$ECR_REPOSITORY:$SHA
+          docker push -a $ECR_REGISTRY/$ECR_REPOSITORY
+
   ephemeral_env_up:
     needs: ephemeral_env_comment
     if: needs.ephemeral_env_comment.outputs.slash-command == 'up'

.github/workflows/latest-release-tag.yml

@@ -22,6 +22,11 @@ jobs:
       run: |
         source ./scripts/tag_latest_release.sh $(echo ${{ github.event.release.tag_name }}) --dry-run
 
+    - name: Configure Git
+      run: |
+        git config user.name "$GITHUB_ACTOR"
+        git config user.email "[email protected]"
+
     - name: Run latest-tag
       uses: ./.github/actions/latest-tag
       if: (! ${{ steps.latest-tag.outputs.SKIP_TAG }} )

.github/workflows/license-check.yml

@@ -2,9 +2,10 @@ name: License Check
 
 on:
   push:
-    branches-ignore:
-      - "dependabot/**"
+    branches:
+      - 'master'
   pull_request:
+    types: [synchronize, opened, reopened, ready_for_review]
 
 jobs:
   config: