feat: support for credentials in AWS Secrets Manager (#174) #483
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: ci | |
on: | |
push: | |
branches: | |
- master | |
pull_request: | |
jobs: | |
setup: | |
runs-on: ubuntu-latest | |
outputs: | |
version-tag: ${{ steps.regex-match.outputs.match }} | |
steps: | |
- uses: actions-ecosystem/action-regex-match@v2 | |
id: regex-match | |
with: | |
text: ${{ github.ref_name }} | |
regex: '^v[0-9]+(\.[0-9]+)*(-[a-zA-Z0-9-]+)?$' | |
- name: Print setup | |
run: | | |
echo github.ref=${{ github.ref }} | |
echo github.ref_name=${{ github.ref_name }} | |
echo github.ref_type=${{ github.ref_type }} | |
echo release-ref=${{ steps.regex-match.outputs.match }} | |
test010: | |
runs-on: ubuntu-latest | |
container: | |
image: cimg/go:1.19 | |
env: | |
GO111MODULE: "on" | |
KAFKA_TOPICS_TEST_ZK_ADDR: zookeeper:2181 | |
KAFKA_TOPICS_TEST_KAFKA_ADDR: kafka1:9092 | |
steps: | |
- name: Check out repository code | |
uses: actions/checkout@v3 | |
- name: Go setup | |
uses: actions/setup-go@v3 | |
with: | |
go-version: 1.19 | |
- name: Display Go version | |
run: go version | |
- name: Run tests | |
run: make test | |
env: | |
KAFKA_TOPICS_TEST_ZK_ADDR: zookeeper:2181 | |
KAFKA_TOPICS_TEST_KAFKA_ADDR: kafka1:9092 | |
services: | |
zookeeper: | |
image: bitnami/zookeeper:latest | |
ports: | |
- "2181:2181" | |
env: | |
ALLOW_ANONYMOUS_LOGIN: yes | |
kafka1: | |
image: bitnami/kafka:0.10.2.1 | |
ports: | |
- "9092:9092" | |
env: | |
KAFKA_BROKER_ID: 1 | |
KAFKA_BROKER_RACK: zone1 | |
KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181 | |
ALLOW_PLAINTEXT_LISTENER: yes | |
KAFKA_ADVERTISED_HOST_NAME: kafka1 | |
KAFKA_ADVERTISED_PORT: 9092 | |
kafka2: | |
image: bitnami/kafka:0.10.2.1 | |
ports: | |
- "9093:9092" | |
env: | |
KAFKA_BROKER_ID: 2 | |
KAFKA_BROKER_RACK: zone1 | |
KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181 | |
ALLOW_PLAINTEXT_LISTENER: yes | |
KAFKA_ADVERTISED_HOST_NAME: kafka2 | |
KAFKA_ADVERTISED_PORT: 9092 | |
kafka3: | |
image: bitnami/kafka:0.10.2.1 | |
ports: | |
- "9094:9092" | |
env: | |
KAFKA_BROKER_ID: 3 | |
KAFKA_BROKER_RACK: zone2 | |
KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181 | |
ALLOW_PLAINTEXT_LISTENER: yes | |
KAFKA_ADVERTISED_HOST_NAME: kafka3 | |
KAFKA_ADVERTISED_PORT: 9092 | |
kafka4: | |
image: bitnami/kafka:0.10.2.1 | |
ports: | |
- "9095:9092" | |
env: | |
KAFKA_BROKER_ID: 4 | |
KAFKA_BROKER_RACK: zone2 | |
KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181 | |
ALLOW_PLAINTEXT_LISTENER: yes | |
KAFKA_ADVERTISED_HOST_NAME: kafka4 | |
KAFKA_ADVERTISED_PORT: 9092 | |
kafka5: | |
image: bitnami/kafka:0.10.2.1 | |
ports: | |
- "9096:9092" | |
env: | |
KAFKA_BROKER_ID: 5 | |
KAFKA_BROKER_RACK: zone3 | |
KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181 | |
ALLOW_PLAINTEXT_LISTENER: yes | |
KAFKA_ADVERTISED_HOST_NAME: kafka5 | |
KAFKA_ADVERTISED_PORT: 9092 | |
kafka6: | |
image: bitnami/kafka:0.10.2.1 | |
ports: | |
- "9097:9092" | |
env: | |
KAFKA_BROKER_ID: 6 | |
KAFKA_BROKER_RACK: zone3 | |
KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181 | |
ALLOW_PLAINTEXT_LISTENER: yes | |
KAFKA_ADVERTISED_HOST_NAME: kafka6 | |
KAFKA_ADVERTISED_PORT: 9092 | |
test270: | |
runs-on: ubuntu-latest | |
container: | |
image: cimg/go:1.19 | |
env: | |
GO111MODULE: "on" | |
KAFKA_TOPICS_TEST_ZK_ADDR: zookeeper:2181 | |
KAFKA_TOPICS_TEST_KAFKA_ADDR: kafka1:9092 | |
steps: | |
- name: Check out repository code | |
uses: actions/checkout@v3 | |
- name: Go setup | |
uses: actions/setup-go@v3 | |
with: | |
go-version: 1.19 | |
- name: Display Go version | |
run: go version | |
- name: Run tests | |
run: make test-v2 | |
env: | |
KAFKA_TOPICS_TEST_ZK_ADDR: zookeeper:2181 | |
KAFKA_TOPICS_TEST_KAFKA_ADDR: kafka1:9092 | |
KAFKA_TOPICS_TEST_BROKER_ADMIN_SECURITY: 1 | |
services: | |
zookeeper: | |
image: bitnami/zookeeper:latest | |
ports: | |
- "2181:2181" | |
env: | |
ALLOW_ANONYMOUS_LOGIN: yes | |
kafka1: | |
image: bitnami/kafka:2.7.0 | |
ports: | |
- "9092:9092" | |
env: | |
KAFKA_CFG_BROKER_ID: 1 | |
KAFKA_CFG_BROKER_RACK: zone1 | |
KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181 | |
ALLOW_PLAINTEXT_LISTENER: yes | |
KAFKA_CFG_ADVERTISED_HOST_NAME: kafka1 | |
KAFKA_CFG_ADVERTISED_PORT: 9092 | |
KAFKA_CFG_AUTHORIZER_CLASS_NAME: kafka.security.authorizer.AclAuthorizer | |
KAFKA_CFG_ALLOW_EVERYONE_IF_NO_ACL_FOUND: true | |
kafka2: | |
image: bitnami/kafka:2.7.0 | |
ports: | |
- "9093:9092" | |
env: | |
KAFKA_CFG_BROKER_ID: 2 | |
KAFKA_CFG_BROKER_RACK: zone1 | |
KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181 | |
ALLOW_PLAINTEXT_LISTENER: yes | |
KAFKA_CFG_ADVERTISED_HOST_NAME: kafka2 | |
KAFKA_CFG_ADVERTISED_PORT: 9092 | |
KAFKA_CFG_AUTHORIZER_CLASS_NAME: kafka.security.authorizer.AclAuthorizer | |
KAFKA_CFG_ALLOW_EVERYONE_IF_NO_ACL_FOUND: true | |
kafka3: | |
image: bitnami/kafka:2.7.0 | |
ports: | |
- "9094:9092" | |
env: | |
KAFKA_CFG_BROKER_ID: 3 | |
KAFKA_CFG_BROKER_RACK: zone2 | |
KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181 | |
ALLOW_PLAINTEXT_LISTENER: yes | |
KAFKA_CFG_ADVERTISED_HOST_NAME: kafka3 | |
KAFKA_CFG_ADVERTISED_PORT: 9092 | |
KAFKA_CFG_AUTHORIZER_CLASS_NAME: kafka.security.authorizer.AclAuthorizer | |
KAFKA_CFG_ALLOW_EVERYONE_IF_NO_ACL_FOUND: true | |
kafka4: | |
image: bitnami/kafka:2.7.0 | |
ports: | |
- "9095:9092" | |
env: | |
KAFKA_CFG_BROKER_ID: 4 | |
KAFKA_CFG_BROKER_RACK: zone2 | |
KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181 | |
ALLOW_PLAINTEXT_LISTENER: yes | |
KAFKA_CFG_ADVERTISED_HOST_NAME: kafka4 | |
KAFKA_CFG_ADVERTISED_PORT: 9092 | |
KAFKA_CFG_AUTHORIZER_CLASS_NAME: kafka.security.authorizer.AclAuthorizer | |
KAFKA_CFG_ALLOW_EVERYONE_IF_NO_ACL_FOUND: true | |
kafka5: | |
image: bitnami/kafka:2.7.0 | |
ports: | |
- "9096:9092" | |
env: | |
KAFKA_CFG_BROKER_ID: 5 | |
KAFKA_CFG_BROKER_RACK: zone3 | |
KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181 | |
ALLOW_PLAINTEXT_LISTENER: yes | |
KAFKA_CFG_ADVERTISED_HOST_NAME: kafka5 | |
KAFKA_CFG_ADVERTISED_PORT: 9092 | |
KAFKA_CFG_AUTHORIZER_CLASS_NAME: kafka.security.authorizer.AclAuthorizer | |
KAFKA_CFG_ALLOW_EVERYONE_IF_NO_ACL_FOUND: true | |
kafka6: | |
image: bitnami/kafka:2.7.0 | |
ports: | |
- "9097:9092" | |
env: | |
KAFKA_CFG_BROKER_ID: 6 | |
KAFKA_CFG_BROKER_RACK: zone3 | |
KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181 | |
ALLOW_PLAINTEXT_LISTENER: yes | |
KAFKA_CFG_ADVERTISED_HOST_NAME: kafka6 | |
KAFKA_CFG_ADVERTISED_PORT: 9092 | |
KAFKA_CFG_AUTHORIZER_CLASS_NAME: kafka.security.authorizer.AclAuthorizer | |
KAFKA_CFG_ALLOW_EVERYONE_IF_NO_ACL_FOUND: true | |
snyk: | |
runs-on: ubuntu-latest | |
needs: [test010, test270] | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Run Snyk to check for vulnerabilities | |
uses: snyk/actions/golang@master | |
env: | |
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
with: | |
args: --severity-threshold=high --fail-on=upgradable | |
publish-ghcr: | |
needs: [setup, snyk] | |
runs-on: ubuntu-latest | |
if: ${{ ( github.ref_type == 'branch' ) && (( github.ref_name == 'master' ) || ( github.ref_name == 'v0' )) }} | |
steps: | |
- uses: actions/checkout@v3 | |
- name: setup env variables | |
id: vars | |
run: | | |
echo "SHORT_SHA=${GITHUB_SHA:0:8}" >> $GITHUB_ENV | |
- run: echo "publishing the image ghcr.io/segmentio/topicctl:${SHORT_SHA}" | |
- name: Log in to the Container registry | |
uses: docker/login-action@v2 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
logout: true | |
- run: echo "GHCR LOGIN SUCCESSFUL" | |
- if: ${{ github.ref_name == 'master' }} | |
name: Build and push image for master | |
run: | | |
docker context create buildx-build | |
docker buildx create --use buildx-build | |
docker buildx build \ | |
-t ghcr.io/segmentio/topicctl:${SHORT_SHA} \ | |
-t ghcr.io/segmentio/topicctl:latest \ | |
--build-arg VERSION=${SHORT_SHA} \ | |
--push \ | |
. | |
- if: ${{ github.ref_name == 'v0' }} | |
name: Build and push image for v0 | |
run: | | |
docker context create buildx-build | |
docker buildx create --use buildx-build | |
docker buildx build \ | |
-t ghcr.io/segmentio/topicctl:${SHORT_SHA} \ | |
--build-arg VERSION=${SHORT_SHA} \ | |
--push \ | |
. | |
- run: echo "GHCR PUBLISH SUCCESSFUL" | |
publish-dockerhub: | |
needs: [setup, snyk] | |
environment: CICD | |
env: | |
RELEASE_TAG: ${{ needs.setup.outputs.version-tag }} | |
runs-on: ubuntu-latest | |
if: ${{ ( github.ref_type == 'tag' ) && ( needs.setup.outputs.version-tag != '') }} | |
steps: | |
- uses: actions/checkout@v3 | |
- run: echo "publishing the release version segment/topicctl:${RELEASE_TAG}" | |
- name: Dockerhub login | |
uses: docker/login-action@v2 | |
with: | |
username: ${{ vars.DOCKERHUB_USER }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
logout: true | |
- run: echo "DOCKERHUB LOGIN SUCCESSFUL" | |
- name: Build and push image | |
run: | | |
docker context create buildx-build | |
docker buildx create --use buildx-build | |
docker buildx build \ | |
--platform=linux/amd64,linux/arm64 \ | |
-t segment/topicctl:${RELEASE_TAG} \ | |
-t segment/topicctl:latest \ | |
--build-arg VERSION=${RELEASE_TAG} \ | |
--push \ | |
. | |
- run: echo "DOCKERHUB PUBLISH SUCCESSFUL" |