[delete acls] add default value for resource pattern type #500
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: ci | |
on: | |
push: | |
branches: | |
- master | |
pull_request: | |
jobs: | |
setup: | |
runs-on: ubuntu-latest | |
outputs: | |
version-tag: ${{ steps.regex-match.outputs.match }} | |
steps: | |
- uses: actions-ecosystem/action-regex-match@v2 | |
id: regex-match | |
with: | |
text: ${{ github.ref_name }} | |
regex: '^v[0-9]+(\.[0-9]+)*(-[a-zA-Z0-9-]+)?$' | |
- name: Print setup | |
run: | | |
echo github.ref=${{ github.ref }} | |
echo github.ref_name=${{ github.ref_name }} | |
echo github.ref_type=${{ github.ref_type }} | |
echo release-ref=${{ steps.regex-match.outputs.match }} | |
test010: | |
runs-on: ubuntu-latest | |
container: | |
image: cimg/go:1.19 | |
env: | |
GO111MODULE: "on" | |
KAFKA_TOPICS_TEST_ZK_ADDR: zookeeper:2181 | |
KAFKA_TOPICS_TEST_KAFKA_ADDR: kafka1:9092 | |
steps: | |
- name: Check out repository code | |
uses: actions/checkout@v3 | |
- name: Go setup | |
uses: actions/setup-go@v3 | |
with: | |
go-version: 1.19 | |
- name: Display Go version | |
run: go version | |
- name: Run tests | |
run: make test | |
env: | |
KAFKA_TOPICS_TEST_ZK_ADDR: zookeeper:2181 | |
KAFKA_TOPICS_TEST_KAFKA_ADDR: kafka1:9092 | |
services: | |
zookeeper: | |
image: bitnami/zookeeper:latest | |
ports: | |
- "2181:2181" | |
env: | |
ALLOW_ANONYMOUS_LOGIN: yes | |
kafka1: | |
image: bitnami/kafka:0.10.2.1 | |
ports: | |
- "9092:9092" | |
env: | |
KAFKA_BROKER_ID: 1 | |
KAFKA_BROKER_RACK: zone1 | |
KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181 | |
ALLOW_PLAINTEXT_LISTENER: yes | |
KAFKA_ADVERTISED_HOST_NAME: kafka1 | |
KAFKA_ADVERTISED_PORT: 9092 | |
kafka2: | |
image: bitnami/kafka:0.10.2.1 | |
ports: | |
- "9093:9092" | |
env: | |
KAFKA_BROKER_ID: 2 | |
KAFKA_BROKER_RACK: zone1 | |
KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181 | |
ALLOW_PLAINTEXT_LISTENER: yes | |
KAFKA_ADVERTISED_HOST_NAME: kafka2 | |
KAFKA_ADVERTISED_PORT: 9092 | |
kafka3: | |
image: bitnami/kafka:0.10.2.1 | |
ports: | |
- "9094:9092" | |
env: | |
KAFKA_BROKER_ID: 3 | |
KAFKA_BROKER_RACK: zone2 | |
KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181 | |
ALLOW_PLAINTEXT_LISTENER: yes | |
KAFKA_ADVERTISED_HOST_NAME: kafka3 | |
KAFKA_ADVERTISED_PORT: 9092 | |
kafka4: | |
image: bitnami/kafka:0.10.2.1 | |
ports: | |
- "9095:9092" | |
env: | |
KAFKA_BROKER_ID: 4 | |
KAFKA_BROKER_RACK: zone2 | |
KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181 | |
ALLOW_PLAINTEXT_LISTENER: yes | |
KAFKA_ADVERTISED_HOST_NAME: kafka4 | |
KAFKA_ADVERTISED_PORT: 9092 | |
kafka5: | |
image: bitnami/kafka:0.10.2.1 | |
ports: | |
- "9096:9092" | |
env: | |
KAFKA_BROKER_ID: 5 | |
KAFKA_BROKER_RACK: zone3 | |
KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181 | |
ALLOW_PLAINTEXT_LISTENER: yes | |
KAFKA_ADVERTISED_HOST_NAME: kafka5 | |
KAFKA_ADVERTISED_PORT: 9092 | |
kafka6: | |
image: bitnami/kafka:0.10.2.1 | |
ports: | |
- "9097:9092" | |
env: | |
KAFKA_BROKER_ID: 6 | |
KAFKA_BROKER_RACK: zone3 | |
KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181 | |
ALLOW_PLAINTEXT_LISTENER: yes | |
KAFKA_ADVERTISED_HOST_NAME: kafka6 | |
KAFKA_ADVERTISED_PORT: 9092 | |
test270: | |
runs-on: ubuntu-latest | |
container: | |
image: cimg/go:1.19 | |
env: | |
GO111MODULE: "on" | |
KAFKA_TOPICS_TEST_ZK_ADDR: zookeeper:2181 | |
KAFKA_TOPICS_TEST_KAFKA_ADDR: kafka1:9092 | |
steps: | |
- name: Check out repository code | |
uses: actions/checkout@v3 | |
- name: Go setup | |
uses: actions/setup-go@v3 | |
with: | |
go-version: 1.19 | |
- name: Display Go version | |
run: go version | |
- name: Run tests | |
run: make test-v2 | |
env: | |
KAFKA_TOPICS_TEST_ZK_ADDR: zookeeper:2181 | |
KAFKA_TOPICS_TEST_KAFKA_ADDR: kafka1:9092 | |
KAFKA_TOPICS_TEST_BROKER_ADMIN_SECURITY: 1 | |
services: | |
zookeeper: | |
image: bitnami/zookeeper:latest | |
ports: | |
- "2181:2181" | |
env: | |
ALLOW_ANONYMOUS_LOGIN: yes | |
kafka1: | |
image: bitnami/kafka:2.7.0 | |
ports: | |
- "9092:9092" | |
env: | |
KAFKA_CFG_BROKER_ID: 1 | |
KAFKA_CFG_BROKER_RACK: zone1 | |
KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181 | |
ALLOW_PLAINTEXT_LISTENER: yes | |
KAFKA_CFG_ADVERTISED_HOST_NAME: kafka1 | |
KAFKA_CFG_ADVERTISED_PORT: 9092 | |
KAFKA_CFG_AUTHORIZER_CLASS_NAME: kafka.security.authorizer.AclAuthorizer | |
KAFKA_CFG_ALLOW_EVERYONE_IF_NO_ACL_FOUND: true | |
kafka2: | |
image: bitnami/kafka:2.7.0 | |
ports: | |
- "9093:9092" | |
env: | |
KAFKA_CFG_BROKER_ID: 2 | |
KAFKA_CFG_BROKER_RACK: zone1 | |
KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181 | |
ALLOW_PLAINTEXT_LISTENER: yes | |
KAFKA_CFG_ADVERTISED_HOST_NAME: kafka2 | |
KAFKA_CFG_ADVERTISED_PORT: 9092 | |
KAFKA_CFG_AUTHORIZER_CLASS_NAME: kafka.security.authorizer.AclAuthorizer | |
KAFKA_CFG_ALLOW_EVERYONE_IF_NO_ACL_FOUND: true | |
kafka3: | |
image: bitnami/kafka:2.7.0 | |
ports: | |
- "9094:9092" | |
env: | |
KAFKA_CFG_BROKER_ID: 3 | |
KAFKA_CFG_BROKER_RACK: zone2 | |
KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181 | |
ALLOW_PLAINTEXT_LISTENER: yes | |
KAFKA_CFG_ADVERTISED_HOST_NAME: kafka3 | |
KAFKA_CFG_ADVERTISED_PORT: 9092 | |
KAFKA_CFG_AUTHORIZER_CLASS_NAME: kafka.security.authorizer.AclAuthorizer | |
KAFKA_CFG_ALLOW_EVERYONE_IF_NO_ACL_FOUND: true | |
kafka4: | |
image: bitnami/kafka:2.7.0 | |
ports: | |
- "9095:9092" | |
env: | |
KAFKA_CFG_BROKER_ID: 4 | |
KAFKA_CFG_BROKER_RACK: zone2 | |
KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181 | |
ALLOW_PLAINTEXT_LISTENER: yes | |
KAFKA_CFG_ADVERTISED_HOST_NAME: kafka4 | |
KAFKA_CFG_ADVERTISED_PORT: 9092 | |
KAFKA_CFG_AUTHORIZER_CLASS_NAME: kafka.security.authorizer.AclAuthorizer | |
KAFKA_CFG_ALLOW_EVERYONE_IF_NO_ACL_FOUND: true | |
kafka5: | |
image: bitnami/kafka:2.7.0 | |
ports: | |
- "9096:9092" | |
env: | |
KAFKA_CFG_BROKER_ID: 5 | |
KAFKA_CFG_BROKER_RACK: zone3 | |
KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181 | |
ALLOW_PLAINTEXT_LISTENER: yes | |
KAFKA_CFG_ADVERTISED_HOST_NAME: kafka5 | |
KAFKA_CFG_ADVERTISED_PORT: 9092 | |
KAFKA_CFG_AUTHORIZER_CLASS_NAME: kafka.security.authorizer.AclAuthorizer | |
KAFKA_CFG_ALLOW_EVERYONE_IF_NO_ACL_FOUND: true | |
kafka6: | |
image: bitnami/kafka:2.7.0 | |
ports: | |
- "9097:9092" | |
env: | |
KAFKA_CFG_BROKER_ID: 6 | |
KAFKA_CFG_BROKER_RACK: zone3 | |
KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181 | |
ALLOW_PLAINTEXT_LISTENER: yes | |
KAFKA_CFG_ADVERTISED_HOST_NAME: kafka6 | |
KAFKA_CFG_ADVERTISED_PORT: 9092 | |
KAFKA_CFG_AUTHORIZER_CLASS_NAME: kafka.security.authorizer.AclAuthorizer | |
KAFKA_CFG_ALLOW_EVERYONE_IF_NO_ACL_FOUND: true | |
test360: | |
runs-on: ubuntu-latest | |
container: | |
image: cimg/go:1.19 | |
env: | |
GO111MODULE: "on" | |
KAFKA_TOPICS_TEST_ZK_ADDR: zookeeper:2181 | |
KAFKA_TOPICS_TEST_KAFKA_ADDR: kafka1:9092 | |
steps: | |
- name: Check out repository code | |
uses: actions/checkout@v3 | |
- name: Go setup | |
uses: actions/setup-go@v3 | |
with: | |
go-version: 1.19 | |
- name: Display Go version | |
run: go version | |
- name: Run tests | |
run: make test-v2 | |
env: | |
KAFKA_TOPICS_TEST_ZK_ADDR: zookeeper:2181 | |
KAFKA_TOPICS_TEST_KAFKA_ADDR: kafka1:9092 | |
KAFKA_TOPICS_TEST_BROKER_ADMIN_SECURITY: 1 | |
services: | |
zookeeper: | |
image: bitnami/zookeeper:latest | |
ports: | |
- "2181:2181" | |
env: | |
ALLOW_ANONYMOUS_LOGIN: yes | |
kafka1: | |
image: bitnami/kafka:3.6.0 | |
ports: | |
- "9092:9092" | |
env: | |
KAFKA_CFG_BROKER_ID: 1 | |
KAFKA_CFG_BROKER_RACK: zone1 | |
KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181 | |
ALLOW_PLAINTEXT_LISTENER: yes | |
KAFKA_CFG_ADVERTISED_HOST_NAME: kafka1 | |
KAFKA_CFG_ADVERTISED_PORT: 9092 | |
KAFKA_CFG_AUTHORIZER_CLASS_NAME: kafka.security.authorizer.AclAuthorizer | |
KAFKA_CFG_ALLOW_EVERYONE_IF_NO_ACL_FOUND: true | |
kafka2: | |
image: bitnami/kafka:3.6.0 | |
ports: | |
- "9093:9092" | |
env: | |
KAFKA_CFG_BROKER_ID: 2 | |
KAFKA_CFG_BROKER_RACK: zone1 | |
KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181 | |
ALLOW_PLAINTEXT_LISTENER: yes | |
KAFKA_CFG_ADVERTISED_HOST_NAME: kafka2 | |
KAFKA_CFG_ADVERTISED_PORT: 9092 | |
KAFKA_CFG_AUTHORIZER_CLASS_NAME: kafka.security.authorizer.AclAuthorizer | |
KAFKA_CFG_ALLOW_EVERYONE_IF_NO_ACL_FOUND: true | |
kafka3: | |
image: bitnami/kafka:3.6.0 | |
ports: | |
- "9094:9092" | |
env: | |
KAFKA_CFG_BROKER_ID: 3 | |
KAFKA_CFG_BROKER_RACK: zone2 | |
KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181 | |
ALLOW_PLAINTEXT_LISTENER: yes | |
KAFKA_CFG_ADVERTISED_HOST_NAME: kafka3 | |
KAFKA_CFG_ADVERTISED_PORT: 9092 | |
KAFKA_CFG_AUTHORIZER_CLASS_NAME: kafka.security.authorizer.AclAuthorizer | |
KAFKA_CFG_ALLOW_EVERYONE_IF_NO_ACL_FOUND: true | |
kafka4: | |
image: bitnami/kafka:3.6.0 | |
ports: | |
- "9095:9092" | |
env: | |
KAFKA_CFG_BROKER_ID: 4 | |
KAFKA_CFG_BROKER_RACK: zone2 | |
KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181 | |
ALLOW_PLAINTEXT_LISTENER: yes | |
KAFKA_CFG_ADVERTISED_HOST_NAME: kafka4 | |
KAFKA_CFG_ADVERTISED_PORT: 9092 | |
KAFKA_CFG_AUTHORIZER_CLASS_NAME: kafka.security.authorizer.AclAuthorizer | |
KAFKA_CFG_ALLOW_EVERYONE_IF_NO_ACL_FOUND: true | |
kafka5: | |
image: bitnami/kafka:3.6.0 | |
ports: | |
- "9096:9092" | |
env: | |
KAFKA_CFG_BROKER_ID: 5 | |
KAFKA_CFG_BROKER_RACK: zone3 | |
KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181 | |
ALLOW_PLAINTEXT_LISTENER: yes | |
KAFKA_CFG_ADVERTISED_HOST_NAME: kafka5 | |
KAFKA_CFG_ADVERTISED_PORT: 9092 | |
KAFKA_CFG_AUTHORIZER_CLASS_NAME: kafka.security.authorizer.AclAuthorizer | |
KAFKA_CFG_ALLOW_EVERYONE_IF_NO_ACL_FOUND: true | |
kafka6: | |
image: bitnami/kafka:3.6.0 | |
ports: | |
- "9097:9092" | |
env: | |
KAFKA_CFG_BROKER_ID: 6 | |
KAFKA_CFG_BROKER_RACK: zone3 | |
KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181 | |
ALLOW_PLAINTEXT_LISTENER: yes | |
KAFKA_CFG_ADVERTISED_HOST_NAME: kafka6 | |
KAFKA_CFG_ADVERTISED_PORT: 9092 | |
KAFKA_CFG_AUTHORIZER_CLASS_NAME: kafka.security.authorizer.AclAuthorizer | |
KAFKA_CFG_ALLOW_EVERYONE_IF_NO_ACL_FOUND: true | |
snyk: | |
runs-on: ubuntu-latest | |
needs: [test010, test270, test360] | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Run Snyk to check for vulnerabilities | |
uses: snyk/actions/golang@master | |
env: | |
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
with: | |
args: --severity-threshold=high --fail-on=upgradable | |
publish-ghcr: | |
needs: [setup, snyk] | |
runs-on: ubuntu-latest | |
if: ${{ ( github.ref_type == 'branch' ) && (( github.ref_name == 'master' ) || ( github.ref_name == 'v0' )) }} | |
steps: | |
- uses: actions/checkout@v3 | |
- name: setup env variables | |
id: vars | |
run: | | |
echo "SHORT_SHA=${GITHUB_SHA:0:8}" >> $GITHUB_ENV | |
- run: echo "publishing the image ghcr.io/segmentio/topicctl:${SHORT_SHA}" | |
- name: Log in to the Container registry | |
uses: docker/login-action@v2 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
logout: true | |
- run: echo "GHCR LOGIN SUCCESSFUL" | |
- if: ${{ github.ref_name == 'master' }} | |
name: Build and push image for master | |
run: | | |
docker context create buildx-build | |
docker buildx create --use buildx-build | |
docker buildx build \ | |
-t ghcr.io/segmentio/topicctl:${SHORT_SHA} \ | |
-t ghcr.io/segmentio/topicctl:latest \ | |
--build-arg VERSION=${SHORT_SHA} \ | |
--push \ | |
. | |
- if: ${{ github.ref_name == 'v0' }} | |
name: Build and push image for v0 | |
run: | | |
docker context create buildx-build | |
docker buildx create --use buildx-build | |
docker buildx build \ | |
-t ghcr.io/segmentio/topicctl:${SHORT_SHA} \ | |
--build-arg VERSION=${SHORT_SHA} \ | |
--push \ | |
. | |
- run: echo "GHCR PUBLISH SUCCESSFUL" | |
publish-dockerhub: | |
needs: [setup, snyk] | |
environment: CICD | |
env: | |
RELEASE_TAG: ${{ needs.setup.outputs.version-tag }} | |
runs-on: ubuntu-latest | |
if: ${{ ( github.ref_type == 'tag' ) && ( needs.setup.outputs.version-tag != '') }} | |
steps: | |
- uses: actions/checkout@v3 | |
- run: echo "publishing the release version segment/topicctl:${RELEASE_TAG}" | |
- name: Dockerhub login | |
uses: docker/login-action@v2 | |
with: | |
username: ${{ vars.DOCKERHUB_USER }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
logout: true | |
- run: echo "DOCKERHUB LOGIN SUCCESSFUL" | |
- name: Build and push image | |
run: | | |
docker context create buildx-build | |
docker buildx create --use buildx-build | |
docker buildx build \ | |
--platform=linux/amd64,linux/arm64 \ | |
-t segment/topicctl:${RELEASE_TAG} \ | |
-t segment/topicctl:latest \ | |
--build-arg VERSION=${RELEASE_TAG} \ | |
--push \ | |
. | |
- run: echo "DOCKERHUB PUBLISH SUCCESSFUL" |