Merge branch 'master' into oss-merge

.github/pull.yml

@@ -0,0 +1,6 @@
+version: "1"
+rules:
+  - base: master
+    upstream: datahub-project:master
+    mergeMethod: merge
+    mergeUnstable: true

.github/scripts/docker_helpers.sh

@@ -46,3 +46,11 @@ function get_platforms_based_on_branch {
         echo "linux/amd64"
     fi
 }
+
+function validate_github_ref_for_python_tag {
+    if [[ ! "$GITHUB_REF" =~ ^refs/tags/v ]]; then
+        echo "Error: This workflow must be triggered by a tag starting with 'v'"
+        echo "Current GITHUB_REF: $GITHUB_REF"
+        exit 1
+    fi
+}

.github/workflows/auto-approve-prs.yml

@@ -0,0 +1,19 @@
+name: Auto approve PRs, enable auto-merge from Pull App
+
+on: pull_request_target
+
+jobs:
+  auto-approve:
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+    if: github.actor == 'pull[bot]'
+    steps:
+      - uses: hmarr/auto-approve-action@v3
+  enable-auto-merge:
+    runs-on: ubuntu-latest
+    needs: auto-approve
+    steps:
+    - uses: alexwilson/enable-github-automerge-action@main
+      with:
+        merge-method: MERGE

.github/workflows/codeql.yml

@@ -0,0 +1,53 @@
+name: "CodeQL"
+
+on:
+
+# Starting with scheduled scans only, will eventually include push-to-branch and pull request
+
+  #push:
+  #  branches: [ master ]
+  #pull_request:
+    # The branches below must be a subset of the branches above
+  #  branches: [ master ]
+  schedule:
+    - cron: '0 8 * * *'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'java', 'javascript', 'python', 'typescript' ]
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v2
+      with:
+        languages: ${{ matrix.language }}
+
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v2
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 https://git.io/JvXDl
+
+    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+    #    and modify them (or add more) to build your code if your project
+    #    uses a compiled language
+
+    #- run: |
+    #   make bootstrap
+    #   make release
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v2

.github/workflows/docker-airflow-acryl.yml

@@ -0,0 +1,76 @@
+name: datahub-airflow docker acryl
+on:
+  workflow_run:
+    workflows: ["pypi-release"]
+    types:
+      - completed
+
+jobs:
+  setup:
+    runs-on: ubuntu-latest
+    outputs:
+      tag: ${{ steps.tag.outputs.tag }}
+      publish: ${{ steps.publish.outputs.publish }}
+      python_release_version: ${{ steps.python_release_version.outputs.release_version }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Validate ref format
+        run: |
+          source .github/scripts/docker_helpers.sh
+          validate_github_ref_for_python_tag
+      - name: Compute Tag
+        id: tag
+        run: |
+          echo "GITHUB_REF: $GITHUB_REF"
+          SHORT_SHA=$(git rev-parse --short "$GITHUB_SHA")
+          TAG=$(echo ${GITHUB_REF} | sed -e 's,refs/tags/,,g')
+          echo "tag=$TAG" >> $GITHUB_OUTPUT
+      - name: Check whether publishing enabled
+        id: publish
+        env:
+          ENABLE_PUBLISH: ${{ secrets.ORG_DOCKER_PASSWORD }}
+        run: |
+          echo "Enable publish: ${{ env.ENABLE_PUBLISH != '' }}"
+          echo "${{ env.ENABLE_PUBLISH != '' }}" >> $GITHUB_OUTPUT
+      - name: Compute Python Release Version
+        id: python_release_version
+        run: |
+          echo "GITHUB_REF: $GITHUB_REF"
+          SHORT_SHA=$(git rev-parse --short "$GITHUB_SHA")
+          RELEASE_VERSION=$(echo ${GITHUB_REF} | sed -e 's,refs/tags/v,,g')
+          echo "release_version=$RELEASE_VERSION" >> $GITHUB_OUTPUT
+  push_to_registries:
+    name: Build and Push Docker Image to Docker Hub
+    runs-on: ubuntu-latest
+    needs: setup
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Docker meta
+        id: docker_meta
+        uses: crazy-max/ghaction-docker-meta@v1
+        with:
+          # list of Docker images to use as base name for tags
+          images: |
+            acryldata/datahub-airflow
+          # add git short SHA as Docker tag
+          tag-custom: ${{ needs.setup.outputs.tag }}
+          tag-custom-only: true
+      - name: Login to DockerHub
+        if: ${{ needs.setup.outputs.publish == 'true' }}
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.ORG_DOCKER_PASSWORD }}
+      - name: Build and Push image
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          file: ./docker/airflow/Dockerfile
+          tags: ${{ steps.docker_meta.outputs.tags }}
+          push: ${{ needs.setup.outputs.publish == 'true' }}
+          build-args: |
+            RELEASE_VERSION=${{ needs.setup.outputs.python_release_version }}

.github/workflows/docker-unified.yml

@@ -1,18 +1,11 @@
 name: Docker Build, Scan, Test
-on:
-  push:
-    branches:
-      - master
-  pull_request:
-    branches:
-      - "**"
-    types:
-      - labeled
-      - opened
-      - synchronize
-      - reopened
-  release:
-    types: [published]
+#### IMPORTANT ####
+#### THIS IS A CHANGE TO PREVENT OSS QUICKSTART INSTABILITY, DO NOT OVERWRITE THIS CHANGE IN MERGES ####
+#### IMPORTANT ####
+on: workflow_dispatch
+#### IMPORTANT ####
+#### END CHANGES ####
+#### IMPORTANT ####
 
 concurrency:
   # Using `github.run_id` (unique val) instead of `github.ref` here
@@ -22,16 +15,22 @@ concurrency:
   cancel-in-progress: true
 
 env:
-  DATAHUB_GMS_IMAGE: "acryldata/datahub-gms"
-  DATAHUB_FRONTEND_IMAGE: "acryldata/datahub-frontend-react"
-  DATAHUB_MAE_CONSUMER_IMAGE: "acryldata/datahub-mae-consumer"
-  DATAHUB_MCE_CONSUMER_IMAGE: "acryldata/datahub-mce-consumer"
-  DATAHUB_KAFKA_SETUP_IMAGE: "acryldata/datahub-kafka-setup"
-  DATAHUB_ELASTIC_SETUP_IMAGE: "acryldata/datahub-elasticsearch-setup"
-  DATAHUB_MYSQL_SETUP_IMAGE: "acryldata/datahub-mysql-setup"
-  DATAHUB_UPGRADE_IMAGE: "acryldata/datahub-upgrade"
-  DATAHUB_INGESTION_BASE_IMAGE: "acryldata/datahub-ingestion-base"
-  DATAHUB_INGESTION_IMAGE: "acryldata/datahub-ingestion"
+  #### IMPORTANT ####
+  #### THIS IS A CHANGE TO PREVENT OSS QUICKSTART INSTABILITY, DO NOT OVERWRITE THIS CHANGE IN MERGES ####
+  #### IMPORTANT ####
+  DATAHUB_GMS_IMAGE: "acryldata/acryl-datahub-gms"
+  DATAHUB_FRONTEND_IMAGE: "acryldata/acryl-datahub-frontend-react"
+  DATAHUB_MAE_CONSUMER_IMAGE: "acryldata/acryl-datahub-mae-consumer"
+  DATAHUB_MCE_CONSUMER_IMAGE: "acryldata/acryl-datahub-mce-consumer"
+  DATAHUB_KAFKA_SETUP_IMAGE: "acryldata/acryl-datahub-kafka-setup"
+  DATAHUB_ELASTIC_SETUP_IMAGE: "acryldata/acryl-datahub-elasticsearch-setup"
+  DATAHUB_MYSQL_SETUP_IMAGE: "acryldata/acryl-datahub-mysql-setup"
+  DATAHUB_UPGRADE_IMAGE: "acryldata/acryl-datahub-upgrade"
+  DATAHUB_INGESTION_BASE_IMAGE: "acryldata/acryl-datahub-ingestion-base"
+  DATAHUB_INGESTION_IMAGE: "acryldata/acryl-datahub-ingestion"
+  #### IMPORTANT ####
+  #### END CHANGES ####
+  #### IMPORTANT ####
 
 permissions:
   contents: read

.github/workflows/documentation.yml

@@ -58,7 +58,7 @@ jobs:
           ./gradlew --info docs-website:build
 
       - name: Deploy
-        if: github.event_name == 'push' && github.repository == 'datahub-project/datahub'
+        if: github.event_name == 'push' && github.repository == 'acryldata/datahub'
         uses: peaceiris/actions-gh-pages@v4
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/publish-airflow-plugin-pypi-release.yml

@@ -0,0 +1,54 @@
+name: pypi-release acryl-datahub-airflow-plugin
+on:
+  workflow_dispatch: 
+  release:
+    types: [published]
+
+jobs:
+  setup:
+    runs-on: ubuntu-latest
+    outputs:
+      tag: ${{ steps.tag.outputs.tag }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Validate ref format
+        run: |
+          source .github/scripts/docker_helpers.sh
+          validate_github_ref_for_python_tag
+      - name: Compute Tag
+        id: tag
+        run: |
+          echo "GITHUB_REF: $GITHUB_REF"
+          SHORT_SHA=$(git rev-parse --short "$GITHUB_SHA")
+          TAG=$(echo ${GITHUB_REF} | sed -e 's,refs/tags/v,,g')
+          echo "tag=$TAG" >> $GITHUB_OUTPUT
+  push_to_pypi:
+    name: Build and push python package to PyPI
+    runs-on: ubuntu-latest
+    needs: setup
+    steps:
+    - uses: actions/checkout@v4
+    - name: Set up JDK 17
+      uses: actions/setup-java@v4
+      with:
+        distribution: "zulu"
+        java-version: 17
+    - uses: actions/setup-python@v5
+      with:
+        python-version: "3.10"
+        cache: "pip"
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install setuptools wheel twine build    
+    - name: Install dependencies
+      run: ./metadata-ingestion/scripts/install_deps.sh
+    - name: Build and publish
+      env:
+        TWINE_USERNAME: ${{ secrets.TWINE_USERNAME }}
+        TWINE_PASSWORD: ${{ secrets.TWINE_PASSWORD }}
+        RELEASE_SKIP_TEST: "true"
+      run: |
+        cd metadata-ingestion-modules/airflow-plugin
+        RELEASE_VERSION=${{ needs.setup.outputs.tag }} ./scripts/release.sh

.github/workflows/publish-dagster-plugin-pypi-release.yml

@@ -0,0 +1,54 @@
+name: pypi-release acryl-datahub-dagster-plugin
+on:
+  workflow_dispatch: 
+  release:
+    types: [published]
+
+jobs:
+  setup:
+    runs-on: ubuntu-latest
+    outputs:
+      tag: ${{ steps.tag.outputs.tag }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Validate ref format
+        run: |
+          source .github/scripts/docker_helpers.sh
+          validate_github_ref_for_python_tag
+      - name: Compute Tag
+        id: tag
+        run: |
+          echo "GITHUB_REF: $GITHUB_REF"
+          SHORT_SHA=$(git rev-parse --short "$GITHUB_SHA")
+          TAG=$(echo ${GITHUB_REF} | sed -e 's,refs/tags/v,,g')
+          echo "tag=$TAG" >> $GITHUB_OUTPUT
+  push_to_pypi:
+    name: Build and push python package to PyPI
+    runs-on: ubuntu-latest
+    needs: setup
+    steps:
+    - uses: actions/checkout@v4
+    - name: Set up JDK 17
+      uses: actions/setup-java@v4
+      with:
+        distribution: "zulu"
+        java-version: 17
+    - uses: actions/setup-python@v5
+      with:
+        python-version: "3.10"
+        cache: "pip"
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install setuptools wheel twine build    
+    - name: Install dependencies
+      run: ./metadata-ingestion/scripts/install_deps.sh
+    - name: Build and publish
+      env:
+        TWINE_USERNAME: ${{ secrets.TWINE_USERNAME }}
+        TWINE_PASSWORD: ${{ secrets.TWINE_PASSWORD }}
+        RELEASE_SKIP_TEST: "true"
+      run: |
+        cd metadata-ingestion-modules/dagster-plugin
+        RELEASE_VERSION=${{ needs.setup.outputs.tag }} ./scripts/release.sh

.github/workflows/publish-datahub-jars.yml

@@ -30,13 +30,16 @@ jobs:
           echo "Enable publish: ${{ env.SIGNING_KEY != '' }}"
           echo "publish=${{ env.SIGNING_KEY != '' }}" >> $GITHUB_OUTPUT
   setup:
-    if: startsWith(github.ref, 'refs/tags/v')
     runs-on: ubuntu-latest
     outputs:
       tag: ${{ steps.tag.outputs.tag }}
     steps:
       - name: Checkout
         uses: acryldata/sane-checkout-action@v3
+      - name: Validate ref format
+        run: |
+          source .github/scripts/docker_helpers.sh
+          validate_github_ref_for_python_tag
       - name: Compute Tag
         id: tag
         run: |