Skip to content

feat: support entitlement, ingest events #3426

feat: support entitlement, ingest events

feat: support entitlement, ingest events #3426

Workflow file for this run

name: CI
on:
push:
branches: [main]
pull_request:
permissions:
contents: read
env:
DAGGER_VERSION: 0.12.0
jobs:
build:
name: Build
runs-on: ${{ github.actor == 'dependabot[bot]' && 'ubuntu-latest' || 'ubuntu-latest-large' }}
steps:
- name: Checkout repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Set up Nix
uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27
with:
extra_nix_config: |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
- name: Set up magic Nix cache
uses: DeterminateSystems/magic-nix-cache-action@b46e247b898aa56e6d2d2e728dc6df6c84fdb738 # v7
- name: Prepare Nix shell
run: nix develop --impure .#ci
- name: Build Server
run: nix develop --impure .#ci -c make build-server
- name: Build Sink Worker
run: nix develop --impure .#ci -c make build-sink-worker
test:
name: Test
runs-on: ${{ github.actor == 'dependabot[bot]' && 'ubuntu-latest' || 'ubuntu-latest-large' }}
steps:
# Required as a workaround for Dagger to properly detect Git metadata
- name: Checkout repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Free Disk Space
uses: jlumbroso/[email protected]
if: github.actor == 'dependabot[bot]'
with:
# Runs quick, run rm in background
tool-cache: true
# These run slower as use apt to uninstall packages
# Turned on by default, so we disable them
android: false
dotnet: false
haskell: false
large-packages: false
docker-images: false
swap-storage: false
- name: Run pipeline
uses: dagger/dagger-for-github@a35fcbab332e24b39bedb0d88c8c791ce7201f2b # v6.3.0
with:
verb: call
module: github.com/${{ github.repository }}@${{ github.ref }}
args: --ref ${{ github.ref }} test
cloud-token: ${{ secrets.DAGGER_CLOUD_TOKEN }}
version: ${{ env.DAGGER_VERSION }}
- name: Export Dagger Engine logs
id: export-dagger-engine-logs
run: docker logs $(docker container list --all --filter 'name=^dagger-engine-*' --format '{{.Names}}') > engine.stdout.log 2> engine.stderr.log
if: always()
continue-on-error: true
- name: Upload Dagger Engine logs as artifact
uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
if: always() && steps.export-dagger-engine-logs.outcome == 'success'
with:
name: "[${{ github.job }}] Dagger Engine logs"
path: |
engine.stdout.log
engine.stderr.log
retention-days: 14
lint:
name: Lint
runs-on: ${{ github.actor == 'dependabot[bot]' && 'ubuntu-latest' || 'ubuntu-latest-large' }}
steps:
# Required as a workaround for Dagger to properly detect Git metadata
- name: Checkout repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Free Disk Space
uses: jlumbroso/[email protected]
if: github.actor == 'dependabot[bot]'
with:
# Runs quick, run rm in background
tool-cache: true
# These run slower as use apt to uninstall packages
# Turned on by default, so we disable them
android: false
dotnet: false
haskell: false
large-packages: false
docker-images: false
swap-storage: false
- name: Run pipeline
uses: dagger/dagger-for-github@a35fcbab332e24b39bedb0d88c8c791ce7201f2b # v6.3.0
with:
verb: call
module: github.com/${{ github.repository }}@${{ github.ref }}
args: --ref ${{ github.ref }} lint all
cloud-token: ${{ secrets.DAGGER_CLOUD_TOKEN }}
version: ${{ env.DAGGER_VERSION }}
- name: Export Dagger Engine logs
id: export-dagger-engine-logs
run: docker logs $(docker container list --all --filter 'name=^dagger-engine-*' --format '{{.Names}}') > engine.stdout.log 2> engine.stderr.log
if: always()
continue-on-error: true
- name: Upload Dagger Engine logs as artifact
uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
if: always() && steps.export-dagger-engine-logs.outcome == 'success'
with:
name: "[${{ github.job }}] Dagger Engine logs"
path: |
engine.stdout.log
engine.stderr.log
retention-days: 14
commit-hooks:
name: Commit hooks
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
fetch-depth: 0
- name: Free disk space
uses: ./.github/actions/free-disk-space
- name: Set up Nix
uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27
with:
extra_nix_config: |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
- name: Set up magic Nix cache
uses: DeterminateSystems/magic-nix-cache-action@b46e247b898aa56e6d2d2e728dc6df6c84fdb738 # v7
- name: Prepare Nix shell
run: nix develop --impure .#ci
- name: Pre-commit hooks
run: nix develop --impure .#ci -c pre-commit run -a
- name: Check commit messages
run: nix develop --impure .#ci -c pre-commit run --hook-stage manual
dev:
name: Developer environment
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Set up Nix
uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27
with:
extra_nix_config: |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
- name: Set up magic Nix cache
uses: DeterminateSystems/magic-nix-cache-action@b46e247b898aa56e6d2d2e728dc6df6c84fdb738 # v7
- name: Check
run: nix flake check --impure
- name: Dev shell
run: nix develop --impure
artifacts:
name: Artifacts
uses: ./.github/workflows/artifacts.yaml
with:
publish: ${{ github.event_name == 'push' }}
permissions:
contents: read
packages: write
id-token: write
security-events: write
dependency-review:
name: Dependency review
runs-on: ubuntu-latest
if: github.event_name == 'pull_request'
steps:
- name: Checkout repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Dependency Review
uses: actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c # v4.3.4
fossa-scan:
name: FOSSA Scan
runs-on: ubuntu-latest
if: github.event_name == 'push'
steps:
- name: Checkout repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Run FOSSA Scan
uses: fossas/fossa-action@47ef11b1e1e3812e88dae436ccbd2d0cbd1adab0 # v1.3.3
with:
api-key: ${{secrets.FOSSA_API_KEY}}
quickstart:
name: Quickstart
runs-on: ${{ github.actor == 'dependabot[bot]' && 'ubuntu-latest' || 'ubuntu-latest-large' }}
steps:
- name: Checkout repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Launch Docker Compose
run: docker compose -f docker-compose.yaml -f docker-compose.ci.yaml up -d
working-directory: quickstart
- name: Wait for worker to become ready
run: curl --retry 10 --retry-max-time 120 --retry-all-errors http://localhost:10000/healthz
- name: Run tests
uses: dagger/dagger-for-github@a35fcbab332e24b39bedb0d88c8c791ce7201f2b # v6.3.0
with:
verb: call
args: --source .:default quickstart-test --service tcp://localhost:8888 --port 8888
cloud-token: ${{ secrets.DAGGER_CLOUD_TOKEN }}
version: ${{ env.DAGGER_VERSION }}
- name: Cleanup Docker Compose
run: docker compose -f docker-compose.yaml -f docker-compose.ci.yaml down -v
working-directory: quickstart
if: always()
e2e:
name: E2E
runs-on: ${{ github.actor == 'dependabot[bot]' && 'ubuntu-latest' || 'ubuntu-latest-large' }}
steps:
# Required as a workaround for Dagger to properly detect Git metadata
- name: Checkout repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Free Disk Space
uses: jlumbroso/[email protected]
if: github.actor == 'dependabot[bot]'
with:
# Runs quick, run rm in background
tool-cache: true
# These run slower as use apt to uninstall packages
# Turned on by default, so we disable them
android: false
dotnet: false
haskell: false
large-packages: false
docker-images: false
swap-storage: false
- name: Run pipeline
uses: dagger/dagger-for-github@a35fcbab332e24b39bedb0d88c8c791ce7201f2b # v6.3.0
with:
verb: call
module: github.com/${{ github.repository }}@${{ github.ref }}
args: --ref ${{ github.ref }} etoe
cloud-token: ${{ secrets.DAGGER_CLOUD_TOKEN }}
version: ${{ env.DAGGER_VERSION }}
- name: Export Dagger Engine logs
id: export-dagger-engine-logs
run: docker logs $(docker container list --all --filter 'name=^dagger-engine-*' --format '{{.Names}}') > engine.stdout.log 2> engine.stderr.log
if: always()
continue-on-error: true
- name: Upload Dagger Engine logs as artifact
uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
if: always() && steps.export-dagger-engine-logs.outcome == 'success'
with:
name: "[${{ github.job }}] Dagger Engine logs"
path: |
engine.stdout.log
engine.stderr.log
retention-days: 14
dagger:
name: CI
runs-on: ${{ github.actor == 'dependabot[bot]' && 'ubuntu-latest' || 'ubuntu-latest-large' }}
steps:
# Required as a workaround for Dagger to properly detect Git metadata
- name: Checkout repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Free Disk Space
uses: jlumbroso/[email protected]
if: github.actor == 'dependabot[bot]'
with:
# Runs quick, run rm in background
tool-cache: true
# These run slower as use apt to uninstall packages
# Turned on by default, so we disable them
android: false
dotnet: false
haskell: false
large-packages: false
docker-images: false
swap-storage: false
- name: Run pipeline
uses: dagger/dagger-for-github@a35fcbab332e24b39bedb0d88c8c791ce7201f2b # v6.3.0
timeout-minutes: 40
with:
verb: call
module: github.com/${{ github.repository }}@${{ github.ref }}
args: --ref ${{ github.ref }} ci
cloud-token: ${{ secrets.DAGGER_CLOUD_TOKEN }}
version: ${{ env.DAGGER_VERSION }}
- name: Export Dagger Engine logs
id: export-dagger-engine-logs
run: docker logs $(docker container list --all --filter 'name=^dagger-engine-*' --format '{{.Names}}') > engine.stdout.log 2> engine.stderr.log
if: always()
continue-on-error: true
- name: Upload Dagger Engine logs as artifact
uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
if: always() && steps.export-dagger-engine-logs.outcome == 'success'
with:
name: "[${{ github.job }}] Dagger Engine logs"
path: |
engine.stdout.log
engine.stderr.log
retention-days: 14