Skip to content

Fix edge cases in New Search around model filtering (#50937) #2

Fix edge cases in New Search around model filtering (#50937)

Fix edge cases in New Search around model filtering (#50937) #2

Workflow file for this run

name: Build + Docker Uberjar
on:
push:
branches:
- "master"
- metabot-v3-second-try
paths-ignore:
# config files
- ".**"
# documentation
- 'docs/**'
- "**.md"
# this covers both BE and FE unit tests, as well as E2E tests
- '**test/**'
- "**_test.clj"
- "**/frontend/**.unit.*"
workflow_dispatch:
inputs:
commit:
description: 'Optional full-length commit SHA-1 hash'
jobs:
build:
name: Build MB ${{ matrix.edition }}
runs-on: ubuntu-22.04
timeout-minutes: 40
strategy:
matrix:
edition: [ee, oss]
env:
MB_EDITION: ${{ matrix.edition }}
INTERACTIVE: false
steps:
- name: Check out the code
uses: actions/checkout@v4
with:
ref: ${{ github.event.inputs.commit }}
- name: Prepare front-end environment
uses: ./.github/actions/prepare-frontend
- name: Prepare back-end environment
uses: ./.github/actions/prepare-backend
with:
m2-cache-key: uberjar
# Build with Java 11 so they compiled code doesn't try to use Java >11 classes... see
# https://metaboat.slack.com/archives/C5XHN8GLW/p1731517744549619?thread_ts=1731504670.951389&cid=C5XHN8GLW
java-version: 11
- name: Build
run: ./bin/build.sh
- name: Prepare uberjar artifact
uses: ./.github/actions/prepare-uberjar-artifact
with:
name: metabase-${{ matrix.edition }}-${{ github.sha }}-uberjar
check_jar_health:
runs-on: ubuntu-22.04
name: Is ${{ matrix.edition }} (java ${{ matrix.java-version }}) healthy?
needs: build
timeout-minutes: 10
strategy:
matrix:
edition: [ee, oss]
java-version: [11, 17, 21]
steps:
- name: Prepare JRE (Java Run-time Environment)
uses: actions/setup-java@v4
with:
java-package: jre
java-version: ${{ matrix.java-version }}
distribution: 'temurin'
- run: java -version
- uses: actions/download-artifact@v4
name: Retrieve uberjar artifact
with:
name: metabase-${{ matrix.edition }}-${{ github.sha }}-uberjar
- name: Launch uberjar
run: >-
java --add-opens java.base/java.nio=ALL-UNNAMED -jar ./target/uberjar/metabase.jar &
- name: Wait for Metabase to start
run: while ! curl 'http://localhost:3000/api/health' | grep '{"status":"ok"}'; do sleep 1; done
containerize_test_and_push_container:
runs-on: ubuntu-22.04
name: Containerize ${{ matrix.edition }}
needs: check_jar_health
strategy:
matrix:
edition: [ee, oss, ee-extra]
services:
registry:
image: registry:2
ports:
- 5000:5000
permissions:
id-token: write
contents: read
security-events: write
steps:
- name: Extract and clean branch name
shell: bash
run: echo "branch=$(echo $GITHUB_REF_NAME | sed 's/[^-._a-zA-Z0-9]/-/g')" >> $GITHUB_OUTPUT
id: extract_branch
- name: Verify the intended tag of the container image
run: echo "Container image will be tagged as ${{ steps.extract_branch.outputs.branch }}-${{ matrix.edition }}"
- name: Check out the code (Dockerfile needed)
uses: actions/checkout@v4
with:
ref: ${{ github.event.inputs.commit }}
- name: Download uploaded artifacts to insert into container
if: ${{ matrix.edition != 'ee-extra' }}
uses: actions/download-artifact@v4
with:
name: metabase-${{ matrix.edition }}-${{ github.sha }}-uberjar
path: bin/docker/
- name: Download uploaded artifacts to insert into container
if: ${{ matrix.edition == 'ee-extra' }}
uses: actions/download-artifact@v4
with:
name: metabase-ee-${{ github.sha }}-uberjar
path: bin/docker/
- name: Move the ${{ matrix.edition }} uberjar to the context dir
run: mv bin/docker/target/uberjar/metabase.jar bin/docker/.
- name: Add partner drivers to the container
if: ${{ matrix.edition == 'ee-extra' }}
uses: ./.github/actions/build-ee-extra
with:
iam-role: ${{ secrets.METABASE_EE_EXTRA_IAM_ROLE }}
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v2.5.0
with:
driver-opts: network=host
- name: Build ${{ matrix.edition }} container
uses: docker/build-push-action@v3
with:
context: bin/docker/.
platforms: linux/amd64
network: host
tags: localhost:5000/metabase-dev:${{ steps.extract_branch.outputs.branch }}-${{ matrix.edition }}
build-args: |
GIT_COMMIT_SHA=${{ github.sha }}
no-cache: true
push: true
- name: Launch ${{ matrix.edition }} container
run: docker run --rm -dp 3000:3000 localhost:5000/metabase-dev:${{ steps.extract_branch.outputs.branch }}-${{ matrix.edition }}
timeout-minutes: 5
- name: Is Docker running?
run: docker ps
- name: Wait for Metabase to start and reach 100% health
run: while ! curl -s 'http://localhost:3000/api/health' | grep '{"status":"ok"}'; do sleep 1; done
timeout-minutes: 3
- name: Login to Docker Hub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Retag and push images if master (ee)
if: ${{ (github.ref_name == 'master') && matrix.edition == 'ee' }}
run: docker tag localhost:5000/metabase-dev:${{ steps.extract_branch.outputs.branch }}-ee ${{ github.repository_owner }}/metabase-enterprise-head:latest && docker push ${{ github.repository_owner }}/metabase-enterprise-head:latest
# TODO: remove when we're done testing metabot
- name: Retag and push images if metabot-v3-second-try (ee)
if: ${{ (github.ref_name == 'metabot-v3-second-try') && matrix.edition == 'ee' }}
run: docker tag localhost:5000/metabase-dev:${{ steps.extract_branch.outputs.branch }}-ee ${{ github.repository_owner }}/metabase-enterprise-head:metabot && docker push ${{ github.repository_owner }}/metabase-enterprise-head:metabot
- name: Retag and push images if master (oss)
if: ${{ (github.ref_name == 'master') && matrix.edition == 'oss' }}
run: docker tag localhost:5000/metabase-dev:${{ steps.extract_branch.outputs.branch }}-oss ${{ github.repository_owner }}/metabase-head:latest && docker push ${{ github.repository_owner }}/metabase-head:latest
- name: Retag and push images if master (ee-extra)
if: ${{ (github.ref_name == 'master') && matrix.edition == 'ee-extra' }}
run: docker tag localhost:5000/metabase-dev:${{ steps.extract_branch.outputs.branch }}-ee-extra ${{ secrets.METABASE_EE_EXTRA_CONTAINER_REGISTRY }}/metabase-enterprise-head:latest && docker push ${{ secrets.METABASE_EE_EXTRA_CONTAINER_REGISTRY }}/metabase-enterprise-head:latest
- name: Retag and push images if dev branch
if: ${{ !(startsWith(github.ref_name,'master') || startsWith(github.ref_name,'backport')) && matrix.edition == 'ee' }}
run: docker tag localhost:5000/metabase-dev:${{ steps.extract_branch.outputs.branch }}-ee ${{ github.repository_owner }}/metabase-dev:${{ steps.extract_branch.outputs.branch }} && docker push ${{ github.repository_owner }}/metabase-dev:${{ steps.extract_branch.outputs.branch }}
- name: Run Trivy vulnerability scanner if master (ee)
if: ${{ (github.ref_name == 'master') && matrix.edition == 'ee' }}
uses: aquasecurity/trivy-action@0.28.0
env:
TRIVY_OFFLINE_SCAN: true
with:
image-ref: docker.io/${{ github.repository_owner }}/metabase-enterprise-head:latest
format: sarif
output: trivy-results.sarif
version: "v0.57.1"
- name: Run Trivy vulnerability scanner if master (oss)
if: ${{ (github.ref_name == 'master') && matrix.edition == 'oss' }}
uses: aquasecurity/trivy-action@0.28.0
env:
TRIVY_OFFLINE_SCAN: true
with:
image-ref: docker.io/${{ github.repository_owner }}/metabase-head:latest
format: sarif
output: trivy-results.sarif
version: "v0.57.1"
- name: Run Trivy vulnerability scanner if dev branch
if: ${{ !(startsWith(github.ref_name,'master') || startsWith(github.ref_name,'backport')) && matrix.edition == 'ee' }}
uses: aquasecurity/trivy-action@0.28.0
env:
TRIVY_OFFLINE_SCAN: true
with:
version: "v0.57.1"
image-ref: docker.io/${{ github.repository_owner }}/metabase-dev:${{ steps.extract_branch.outputs.branch }}
format: sarif
output: trivy-results.sarif
- name: Upload Trivy scan results to GitHub Security tab if master (ee)
if: ${{ (github.ref_name == 'master') && matrix.edition == 'ee' }}
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: 'trivy-results.sarif'
- name: Upload Trivy scan results to GitHub Security tab if master (oss)
if: ${{ (github.ref_name == 'master') && matrix.edition == 'oss' }}
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: 'trivy-results.sarif'
- name: Upload Trivy scan results to GitHub Security tab if dev branch
if: ${{ !(startsWith(github.ref_name,'master') || startsWith(github.ref_name,'backport')) && matrix.edition == 'ee' }}
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: 'trivy-results.sarif'
containerize_multi_arch:
runs-on: ubuntu-22.04
name: Containerize multi-arch ${{ matrix.edition }}
needs: check_jar_health
strategy:
matrix:
edition: [ee, oss]
services:
registry:
image: registry:2
ports:
- 5000:5000
steps:
- name: Extract and clean branch name
shell: bash
run: echo "branch=$(echo $GITHUB_REF_NAME | sed 's/[^-._a-zA-Z0-9]/-/g')" >> $GITHUB_OUTPUT
id: extract_branch
- name: Verify the intended tag of the container image
run: echo "Container image will be tagged as ${{ steps.extract_branch.outputs.branch }}-${{ matrix.edition }}"
- name: Check out the code (Dockerfile needed)
uses: actions/checkout@v4
with:
ref: ${{ github.event.inputs.commit }}
- name: Download uploaded artifacts to insert into container
uses: actions/download-artifact@v4
with:
name: metabase-${{ matrix.edition }}-${{ github.sha }}-uberjar
path: bin/docker/
- name: Move the ${{ matrix.edition }} uberjar to the context dir
run: mv bin/docker/target/uberjar/metabase.jar bin/docker/.
# We need it for multi-arch build
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
with:
platforms: 'arm64'
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v2.5.0
with:
driver-opts: network=host
# Build experimental ubuntu-based images only for master
- name: Build ${{ matrix.edition }} Ubuntu based multi-arch container
uses: docker/build-push-action@v3
with:
context: bin/docker/.
platforms: linux/amd64,linux/arm64
file: bin/docker/Dockerfile_ubuntu
network: host
tags: localhost:5000/metabase-dev:${{ steps.extract_branch.outputs.branch }}-${{ matrix.edition }}-ubuntu
build-args: |
GIT_COMMIT_SHA=${{ github.sha }}
no-cache: true
push: true
- name: Launch ${{ matrix.edition }} Ubuntu based container
run: docker run --rm -dp 3001:3000 localhost:5000/metabase-dev:${{ steps.extract_branch.outputs.branch }}-${{ matrix.edition }}-ubuntu
timeout-minutes: 5
- name: Is Docker with Ubuntu running?
run: docker ps
- name: Wait for Ubuntu-based Metabase container to start and reach 100% health
run: while ! curl -s 'http://localhost:3001/api/health' | grep '{"status":"ok"}'; do sleep 1; done
timeout-minutes: 3
- name: Login to Docker Hub
if: ${{ github.ref_name == 'master' }}
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
# Push experimental ubuntu image only for versions based on a master
- name: Install regctl
if: ${{ github.ref_name == 'master' }}
uses: regclient/actions/regctl-installer@main
with:
release: 'v0.4.7'
- name: Switch regctl to point to localhost:5000 via http
if: ${{ github.ref_name == 'master' }}
run: regctl registry set --tls disabled localhost:5000
- name: Retag and push ubuntu-based images if master (ee)
if: ${{ (matrix.edition == 'ee') && (github.ref_name == 'master') }}
run: regctl image copy localhost:5000/metabase-dev:${{ steps.extract_branch.outputs.branch }}-ee-ubuntu ${{ github.repository_owner }}/metabase-enterprise-head:latest-ubuntu
- name: Retag and push ubuntu-based images if master (oss)
if: ${{ (matrix.edition == 'oss') && (github.ref_name == 'master') }}
run: regctl image copy localhost:5000/metabase-dev:${{ steps.extract_branch.outputs.branch }}-oss-ubuntu ${{ github.repository_owner }}/metabase-head:latest-ubuntu