diff --git a/.github/actions/docker-custom-build-and-push/action.yml b/.github/actions/docker-custom-build-and-push/action.yml index 1cdb893ae33071..5d93a556d039f1 100644 --- a/.github/actions/docker-custom-build-and-push/action.yml +++ b/.github/actions/docker-custom-build-and-push/action.yml @@ -67,8 +67,8 @@ runs: TAGS=""" ${{ inputs.image_tag }} """ - echo "SINGLE_IMAGE=$(echo $IMAGES | tr '\n' ' ' | awk -F' |,' '{ print $1 }')" >> $GITHUB_OUTPUT - echo "SINGLE_TAG=$(echo $IMAGES | tr '\n' ' ' | awk -F' |,' '{ print $1 }'):$(echo $TAGS | tr '\n' ' ' | awk -F' |,' '{ print $1 }')" >> $GITHUB_OUTPUT + echo "SINGLE_IMAGE=$(echo $IMAGES | tr '\n' ' ' | awk -F' |,' '{ print $1 }')" >> "$GITHUB_OUTPUT" + echo "SINGLE_TAG=$(echo $IMAGES | tr '\n' ' ' | awk -F' |,' '{ print $1 }'):$(echo $TAGS | tr '\n' ' ' | awk -F' |,' '{ print $1 }')" >> "$GITHUB_OUTPUT" # Code for testing the build when not pushing to Docker Hub. - name: Build and Load image for testing (if not publishing) diff --git a/.github/workflows/docker-unified.yml b/.github/workflows/docker-unified.yml index 9ac200cb1dfdce..7284a5cc86a7eb 100644 --- a/.github/workflows/docker-unified.yml +++ b/.github/workflows/docker-unified.yml @@ -72,23 +72,23 @@ jobs: id: tag run: | source .github/scripts/docker_helpers.sh - echo "short_sha=${SHORT_SHA}" >> $GITHUB_OUTPUT - echo "tag=$(get_tag)" >> $GITHUB_OUTPUT - echo "slim_tag=$(get_tag_slim)" >> $GITHUB_OUTPUT - echo "full_tag=$(get_tag_full)" >> $GITHUB_OUTPUT - echo "unique_tag=$(get_unique_tag)" >> $GITHUB_OUTPUT - echo "unique_slim_tag=$(get_unique_tag_slim)" >> $GITHUB_OUTPUT - echo "unique_full_tag=$(get_unique_tag_full)" >> $GITHUB_OUTPUT - echo "python_release_version=$(get_python_docker_release_v)" >> $GITHUB_OUTPUT - echo "branch_name=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_OUTPUT - echo "repository_name=${GITHUB_REPOSITORY#*/}" >> $GITHUB_OUTPUT + echo "short_sha=${SHORT_SHA}" >> "$GITHUB_OUTPUT" + echo "tag=$(get_tag)" >> "$GITHUB_OUTPUT" + echo "slim_tag=$(get_tag_slim)" >> "$GITHUB_OUTPUT" + echo "full_tag=$(get_tag_full)" >> "$GITHUB_OUTPUT" + echo "unique_tag=$(get_unique_tag)" >> "$GITHUB_OUTPUT" + echo "unique_slim_tag=$(get_unique_tag_slim)" >> "$GITHUB_OUTPUT" + echo "unique_full_tag=$(get_unique_tag_full)" >> "$GITHUB_OUTPUT" + echo "python_release_version=$(get_python_docker_release_v)" >> "$GITHUB_OUTPUT" + echo "branch_name=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> "$GITHUB_OUTPUT" + echo "repository_name=${GITHUB_REPOSITORY#*/}" >> "$GITHUB_OUTPUT" - name: Check whether docker login is possible id: docker-login env: ENABLE_DOCKER_LOGIN: ${{ secrets.ACRYL_DOCKER_PASSWORD != '' }} run: | echo "Enable Docker Login: ${{ env.ENABLE_DOCKER_LOGIN }}" - echo "docker-login=${{ env.ENABLE_DOCKER_LOGIN }}" >> $GITHUB_OUTPUT + echo "docker-login=${{ env.ENABLE_DOCKER_LOGIN }}" >> "$GITHUB_OUTPUT" - name: Check whether publishing enabled id: publish env: @@ -99,7 +99,7 @@ jobs: }} run: | echo "Enable publish: ${{ env.ENABLE_PUBLISH }}" - echo "publish=${{ env.ENABLE_PUBLISH }}" >> $GITHUB_OUTPUT + echo "publish=${{ env.ENABLE_PUBLISH }}" >> "$GITHUB_OUTPUT" - name: Check whether PR publishing enabled id: pr-publish env: @@ -110,7 +110,7 @@ jobs: }} run: | echo "Enable PR publish: ${{ env.ENABLE_PUBLISH }}" - echo "publish=${{ env.ENABLE_PUBLISH }}" >> $GITHUB_OUTPUT + echo "publish=${{ env.ENABLE_PUBLISH }}" >> "$GITHUB_OUTPUT" - uses: ./.github/actions/ci-optimization id: ci-optimize - uses: actions/setup-python@v5 @@ -549,7 +549,7 @@ jobs: platforms: linux/amd64,linux/arm64/v8 - name: Compute DataHub Ingestion (Base) Tag id: tag - run: echo "tag=${{ needs.setup.outputs.ingestion_base_change == 'true' && needs.setup.outputs.unique_tag || 'head' }}" >> $GITHUB_OUTPUT + run: echo "tag=${{ needs.setup.outputs.ingestion_base_change == 'true' && needs.setup.outputs.unique_tag || 'head' }}" >> "$GITHUB_OUTPUT" datahub_ingestion_base_slim_build: name: Build and Push DataHub Ingestion (Base-Slim) Docker Image runs-on: ubuntu-latest @@ -591,7 +591,7 @@ jobs: platforms: linux/amd64,linux/arm64/v8 - name: Compute DataHub Ingestion (Base-Slim) Tag id: tag - run: echo "tag=${{ needs.setup.outputs.ingestion_base_change == 'true' && needs.setup.outputs.unique_slim_tag || 'head-slim' }}" >> $GITHUB_OUTPUT + run: echo "tag=${{ needs.setup.outputs.ingestion_base_change == 'true' && needs.setup.outputs.unique_slim_tag || 'head-slim' }}" >> "$GITHUB_OUTPUT" datahub_ingestion_base_full_build: name: Build and Push DataHub Ingestion (Base-Full) Docker Image runs-on: ubuntu-latest @@ -632,7 +632,7 @@ jobs: platforms: linux/amd64,linux/arm64/v8 - name: Compute DataHub Ingestion (Base-Full) Tag id: tag - run: echo "tag=${{ needs.setup.outputs.ingestion_base_change == 'true' && needs.setup.outputs.unique_full_tag || 'head' }}" >> $GITHUB_OUTPUT + run: echo "tag=${{ needs.setup.outputs.ingestion_base_change == 'true' && needs.setup.outputs.unique_full_tag || 'head' }}" >> "$GITHUB_OUTPUT" datahub_ingestion_slim_build: name: Build and Push DataHub Ingestion Docker Images @@ -687,7 +687,7 @@ jobs: platforms: linux/amd64,linux/arm64/v8 - name: Compute Tag id: tag - run: echo "tag=${{ needs.setup.outputs.ingestion_change == 'true' && needs.setup.outputs.unique_slim_tag || 'head-slim' }}" >> $GITHUB_OUTPUT + run: echo "tag=${{ needs.setup.outputs.ingestion_change == 'true' && needs.setup.outputs.unique_slim_tag || 'head-slim' }}" >> "$GITHUB_OUTPUT" datahub_ingestion_slim_scan: permissions: contents: read # for actions/checkout to fetch code @@ -717,6 +717,7 @@ jobs: severity: "CRITICAL,HIGH" ignore-unfixed: true vuln-type: "os,library" + timeout: 15m - name: Upload Trivy scan results to GitHub Security tab uses: github/codeql-action/upload-sarif@v2 with: @@ -773,7 +774,7 @@ jobs: platforms: linux/amd64,linux/arm64/v8 - name: Compute Tag (Full) id: tag - run: echo "tag=${{ needs.setup.outputs.ingestion_change == 'true' && needs.setup.outputs.unique_tag || 'head' }}" >> $GITHUB_OUTPUT + run: echo "tag=${{ needs.setup.outputs.ingestion_change == 'true' && needs.setup.outputs.unique_tag || 'head' }}" >> "$GITHUB_OUTPUT" datahub_ingestion_full_scan: permissions: contents: read # for actions/checkout to fetch code @@ -803,6 +804,7 @@ jobs: severity: "CRITICAL,HIGH" ignore-unfixed: true vuln-type: "os,library" + timeout: 15m - name: Upload Trivy scan results to GitHub Security tab uses: github/codeql-action/upload-sarif@v2 with: @@ -817,13 +819,13 @@ jobs: - id: set-matrix run: | if [ '${{ needs.setup.outputs.frontend_only }}' == 'true' ]; then - echo 'matrix=["cypress_suite1","cypress_rest"]' >> $GITHUB_OUTPUT + echo 'matrix=["cypress_suite1","cypress_rest"]' >> "$GITHUB_OUTPUT" elif [ '${{ needs.setup.outputs.ingestion_only }}' == 'true' ]; then - echo 'matrix=["no_cypress_suite0","no_cypress_suite1"]' >> $GITHUB_OUTPUT + echo 'matrix=["no_cypress_suite0","no_cypress_suite1"]' >> "$GITHUB_OUTPUT" elif [[ '${{ needs.setup.outputs.backend_change }}' == 'true' || '${{ needs.setup.outputs.smoke_test_change }}' == 'true' ]]; then - echo 'matrix=["no_cypress_suite0","no_cypress_suite1","cypress_suite1","cypress_rest"]' >> $GITHUB_OUTPUT + echo 'matrix=["no_cypress_suite0","no_cypress_suite1","cypress_suite1","cypress_rest"]' >> "$GITHUB_OUTPUT" else - echo 'matrix=[]' >> $GITHUB_OUTPUT + echo 'matrix=[]' >> "$GITHUB_OUTPUT" fi smoke_test: