jprdonnelly/airbyte
1
0
Fork 0
mirror of synced 2025-12-19 18:14:56 -05:00
Code Issues Packages Projects Releases Wiki Activity

chore: pin GitHub Actions to SHA1 for supply chain security (#67019)

Browse Source 
## What
- Pin all GitHub Actions to their specific SHA1 hashes to reduce supply
chain attack risk
- Replaces version tags with specific commit SHAs
- Includes version comments for easier reference
- Changes generated with the pinact tool

See internal wiki page on supply chain security for further info

## How
Used the tool pinact to pin the sha for github actions. 

## Review guide
<!--
1. `x.py`
2. `y.py`
-->

## User Impact
No impact

## Can this PR be safely reverted and rolled back?

- [x] YES 💚
- [ ] NO
This commit is contained in:
Tobias Wennergren
2025-10-07 13:14:36 -07:00
committed by GitHub
parent 79b0c93291
commit 05f1ed756b
52 changed files with 279 additions and 279 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
.github/actions/connector-image-build-push/action.yml vendored
View File

@@ -75,7 +75,7 @@ runs:
using: "composite"
steps:
- name: Install the latest version of uv
uses: astral-sh/setup-uv@v6
uses: astral-sh/setup-uv@d0cc045d04ccac9d8b7881df0226f9e82c39688e # v6.8.0
- name: Install Poe and yq
shell: bash
@@ -301,18 +301,18 @@ runs:
- name: Login to Docker Hub
if: ${{ steps.check-exists.outputs.do-publish == 'true' && inputs.docker-hub-username != '' && inputs.docker-hub-password != '' }}
uses: docker/login-action@v3
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
with:
username: ${{ inputs.docker-hub-username }}
password: ${{ inputs.docker-hub-password }}
- name: Set up Docker Buildx
if: ${{ steps.check-exists.outputs.do-build == 'true' }}
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
- name: Build connector image for testing
if: ${{ steps.check-exists.outputs.do-build == 'true' }}
uses: docker/build-push-action@v5
uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5.4.0
with:
context: ${{ steps.vars.outputs.connector-dir }}
file: docker-images/Dockerfile.${{ steps.vars.outputs.connector-type }}-connector
@@ -334,7 +334,7 @@ runs:
- name: Build and push connector image (multi-arch)
if: ${{ steps.check-exists.outputs.do-build == 'true' }}
uses: docker/build-push-action@v5
uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5.4.0
with:
context: ${{ steps.vars.outputs.connector-dir }}
file: docker-images/Dockerfile.${{ steps.vars.outputs.connector-type }}-connector
@@ -347,7 +347,7 @@ runs:
- name: Run Image Vulnerability Scan
if: ${{ steps.check-exists.outputs.do-build == 'true' }}
uses: anchore/scan-action@v6
uses: anchore/scan-action@1638637db639e0ade3258b51db49a9a137574c3e # v6.5.1
with:
image: "${{ steps.vars.outputs.connector-image-name }}"
output-format: "table"

4
.github/actions/get-dagger-engine-image/action.yml vendored
View File

@@ -20,7 +20,7 @@ runs:
- name: Restore dagger engine image cache
id: dagger-engine-image-cache-restore
uses: actions/cache/restore@v4
uses: actions/cache/restore@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
with:
path: ${{ inputs.path_to_dagger_engine_image_cache }}
key: ${{ inputs.dagger_engine_image }}
@@ -39,7 +39,7 @@ runs:
- name: Save dagger engine image cache
id: dagger-engine-image-cache-save
if: steps.dagger-engine-image-cache-restore.outputs.cache-hit != 'true'
uses: actions/cache/save@v4
uses: actions/cache/save@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
with:
path: ${{ inputs.path_to_dagger_engine_image_cache }}
key: ${{ inputs.dagger_engine_image }}

10
.github/actions/install-airbyte-ci/action.yml vendored
View File

@@ -18,7 +18,7 @@ runs:
using: "composite"
steps:
- name: Get changed files
uses: tj-actions/changed-files@v44
uses: tj-actions/changed-files@2d756ea4c53f7f6b397767d8723b3a10a9f35bf2 # v44.0.0
# When the PR is from a fork, we always install from binary, so we don't need to check for changes
if: inputs.is_fork == 'false'
id: changes
@@ -57,7 +57,7 @@ runs:
- name: Install Python 3.11
id: install-python-3-11
uses: actions/setup-python@v4
uses: actions/setup-python@7f4fc3e22c37d6ff65e88745f38bd3157c663f7c # v4.9.1
if: steps.determine-install-mode.outputs.install-mode == 'source'
with:
python-version: "3.11"
@@ -68,7 +68,7 @@ runs:
- name: Install the latest version of uv
if: steps.determine-install-mode.outputs.install-mode == 'source'
uses: astral-sh/setup-uv@v6
uses: astral-sh/setup-uv@d0cc045d04ccac9d8b7881df0226f9e82c39688e # v6.8.0
- name: Install Airbyte CI from source
id: install-airbyte-ci-source
if: steps.determine-install-mode.outputs.install-mode == 'source'
@@ -78,7 +78,7 @@ runs:
- name: Upload uv logs as artifacts on failure
if: failure()
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: uv-logs
path: /opt/uv/logs/
@@ -86,7 +86,7 @@ runs:
- name: Upload pipx logs as artifacts on failure
# E.g. /opt/pipx/logs/cmd_2025-05-01_16.46.50_1_pip_errors.log
if: failure()
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: pipx-logs
path: /opt/pipx/logs/

4
.github/actions/install-java-environment/action.yml vendored
View File

@@ -19,11 +19,11 @@ inputs:
runs:
using: "composite"
steps:
- uses: actions/setup-java@v4
- uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
with:
distribution: corretto
java-version: ${{ inputs.java_version }}
- uses: gradle/actions/setup-gradle@v3
- uses: gradle/actions/setup-gradle@d9c87d481d55275bb5441eef3fe0e46805f9ef70 # v3.5.0
with:
cache-read-only: ${{ inputs.gradle_cache_read_only }}
cache-write-only: ${{ inputs.gradle_cache_write_only }}

8
.github/actions/run-airbyte-ci/action.yml vendored
View File

@@ -120,7 +120,7 @@ runs:
uses: ./.github/actions/install-java-environment
- name: Docker login
id: docker-login
uses: docker/login-action@v3
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
if: ${{ inputs.docker_hub_username != '' && inputs.docker_hub_password != '' }}
with:
username: ${{ inputs.docker_hub_username }}
@@ -133,7 +133,7 @@ runs:
is_fork: ${{ inputs.is_fork }}
- name: Run airbyte-ci
id: run-airbyte-ci
uses: nick-fields/retry@v3
uses: nick-fields/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # v3.0.2
env:
CI: "True"
CI_GIT_USER: ${{ github.repository_owner }}
@@ -190,7 +190,7 @@ runs:
- name: Collect dagger engine logs
id: collect-dagger-engine-logs
if: always()
uses: jwalton/gh-docker-logs@v2
uses: jwalton/gh-docker-logs@2741064ab9d7af54b0b1ffb6076cf64c16f0220e # v2.2.2
with:
dest: "./dagger_engine_logs"
images: "registry.dagger.io/engine"
@@ -210,7 +210,7 @@ runs:
- name: Upload logs to GitHub
id: upload-dagger-engine-logs
if: always()
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: ${{ github.job }}_${{ steps.hash-subcommand.outputs.subcommand_hash }}_dagger_engine_logs.tgz
path: ./dagger_engine_logs.tgz

6
.github/actions/runner-prepare-for-build/action.yml vendored
View File

@@ -17,18 +17,18 @@ runs:
using: "composite"
steps:
- if: inputs.install_java == 'true'
uses: actions/setup-java@v3
uses: actions/setup-java@17f84c3641ba7b8f6deff6309fc4c864478f5d62 # v3.14.1
with:
distribution: "zulu"
java-version: "21"
- if: inputs.install_node == 'true'
uses: actions/setup-node@v3
uses: actions/setup-node@3235b876344d2a9aa001b8d1453c930bba69e610 # v3.9.1
with:
node-version: "lts/*"
- if: inputs.install_python == 'true'
uses: actions/setup-python@v4
uses: actions/setup-python@7f4fc3e22c37d6ff65e88745f38bd3157c663f7c # v4.9.1
with:
python-version: "3.9"

4
.github/actions/start-aws-runner/action.yml vendored
View File

@@ -35,7 +35,7 @@ runs:
using: "composite"
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
uses: aws-actions/configure-aws-credentials@67fbcbb121271f7775d2e7715933280b06314838 # v1.7.0
with:
aws-access-key-id: ${{ inputs.aws-access-key-id }}
aws-secret-access-key: ${{ inputs.aws-secret-access-key }}
@@ -54,7 +54,7 @@ runs:
- name: Start EC2 runner
id: start-ec2-runner
uses: airbytehq/ec2-github-runner@MSGv0.0.5
uses: airbytehq/ec2-github-runner@b671ff1f194623671b398d973a8965348391831d # MSGv0.0.5
with:
mode: start
github-token: ${{ inputs.github-token }}

6
.github/workflows/approve-regression-tests-command.yml vendored
View File

@@ -52,7 +52,7 @@ jobs:
# If comment-id is not provided, this will create a new
# comment with the job run link.
id: first-comment-action
uses: peter-evans/create-or-update-comment@v4
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
with:
comment-id: ${{ github.event.inputs.comment-id }}
issue-number: ${{ github.event.inputs.pr }}
@@ -107,7 +107,7 @@ jobs:
fi
- name: Append success comment
uses: peter-evans/create-or-update-comment@v4
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
if: success()
with:
comment-id: ${{ steps.first-comment-action.outputs.comment-id }}
@@ -116,7 +116,7 @@ jobs:
> ✅ Approving regression tests
- name: Append failure comment
uses: peter-evans/create-or-update-comment@v4
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
if: failure()
with:
comment-id: ${{ steps.first-comment-action.outputs.comment-id }}

6
.github/workflows/auto_merge.yml vendored
View File

@@ -11,15 +11,15 @@ jobs:
runs-on: ubuntu-24.04
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
- name: Set up Python
uses: actions/setup-python@v5
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
with:
python-version: "3.11"
check-latest: true
update-environment: true
- name: Install and configure Poetry
uses: snok/install-poetry@v1
uses: snok/install-poetry@76e04a911780d5b312d89783f7b1cd627778900a # v1.4.1
with:
version: 1.8.5
- name: Run auto merge

4
.github/workflows/auto_merge_notification.yml vendored
View File

@@ -14,7 +14,7 @@ jobs:
steps:
- name: Add Auto-Merge Notice
if: github.event.action == 'auto_merge_enabled'
uses: bcgov/action-pr-description-add@v2.0.0
uses: bcgov/action-pr-description-add@14338bfe0278ead273b3c1189e5aa286ff6709c4 # v2.0.0
with:
add_markdown: |
> [!IMPORTANT]
@@ -24,7 +24,7 @@ jobs:
- name: Remove Auto-Merge Notice
if: github.event.action == 'auto_merge_disabled'
uses: bcgov/action-pr-description-add@v2.0.0
uses: bcgov/action-pr-description-add@14338bfe0278ead273b3c1189e5aa286ff6709c4 # v2.0.0
with:
add_markdown: |
> [!NOTE]

2
.github/workflows/autodoc.yml vendored
View File

@@ -28,7 +28,7 @@ jobs:
steps:
# Step 1: Get the pushed code
- name: Checkout pushed code
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
with:
fetch-depth: 0 # Full history needed for comprehensive analysis

6
.github/workflows/build-connector-images-command.yml vendored
View File

@@ -43,7 +43,7 @@ jobs:
- name: Append start comment
id: append-start-comment
uses: peter-evans/create-or-update-comment@v4
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
if: success()
with:
comment-id: ${{ inputs.comment-id }}
@@ -58,7 +58,7 @@ jobs:
> [Check job output.](${{ steps.job-vars.outputs.run-url }})
- name: Repo Checkout
uses: actions/checkout@v4
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
with:
repository: ${{ inputs.repo || github.repository }}
ref: ${{ inputs.gitref || '' }}
@@ -98,7 +98,7 @@ jobs:
runs-on: ubuntu-24.04
steps:
- name: Append end comment
uses: peter-evans/create-or-update-comment@v4
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
with:
comment-id: ${{ needs.init-workflow.outputs.comment-id }}
issue-number: ${{ needs.init-workflow.outputs.pr-number }}

4
.github/workflows/bump-bulk-cdk-and-release-connectors-command.yml vendored
View File

@@ -22,7 +22,7 @@ jobs:
needs: [publish-bulk-cdk]
steps:
- name: Checkout repository
uses: actions/checkout@v4
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
with:
# Fetch all history for all tags and branches
fetch-depth: 0
@@ -72,7 +72,7 @@ jobs:
needs: [publish-connectors, bump-cdk-version]
steps:
- name: Checkout repository
uses: actions/checkout@v4
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
with:
# Fetch all history for all tags and branches
fetch-depth: 0

12
.github/workflows/bump-bulk-cdk-version-command.yml vendored
View File

@@ -40,7 +40,7 @@ jobs:
- name: Append comment with job run link
id: first-comment-action
uses: peter-evans/create-or-update-comment@v4
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
with:
comment-id: ${{ github.event.inputs.comment-id }}
issue-number: ${{ github.event.inputs.pr }}
@@ -48,16 +48,16 @@ jobs:
> Update bulk CDK version job started. Check the [job logs](${{ steps.resolve-job-vars.outputs.run-url }}) for details.
- name: Checkout Airbyte
uses: actions/checkout@v4
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
- name: Setup Java
uses: actions/setup-java@v4
uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
with:
distribution: "zulu"
java-version: "21"
- name: Setup Gradle
uses: gradle/actions/setup-gradle@v4
uses: gradle/actions/setup-gradle@748248ddd2a24f49513d8f472f81c3a07d4d50e1 # v4.4.4
- name: Run CDK version bump
run: ./gradlew :airbyte-cdk:bulk:bumpVersion --${{ github.event.inputs.bump }} --changelog "${{ github.event.inputs.changelog }}"
@@ -71,7 +71,7 @@ jobs:
git push
- name: Append success comment
uses: peter-evans/create-or-update-comment@v4
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
with:
comment-id: ${{ steps.first-comment-action.outputs.comment-id }}
reactions: hooray
@@ -79,7 +79,7 @@ jobs:
> ✅ Successfully bumped CDK version.
- name: Append failure comment
uses: peter-evans/create-or-update-comment@v4
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
if: failure()
with:
comment-id: ${{ steps.first-comment-action.outputs.comment-id }}

8
.github/workflows/bump-cdk-version-and-merge-command.yml vendored
View File

@@ -22,7 +22,7 @@ jobs:
modified_connectors: ${{ steps.export-connection-modified.outputs.modified_connectors }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
with:
# Fetch all history for all tags and branches
fetch-depth: 0
@@ -147,21 +147,21 @@ jobs:
needs: [publish-connectors]
steps:
- name: Checkout repository
uses: actions/checkout@v4
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
- name: Configure Git
run: |
git config user.name "github-actions[bot]"
git config user.email "github-actions[bot]@users.noreply.github.com"
- name: Install Python
id: install_python
uses: actions/setup-python@v5
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
with:
python-version: "3.11"
check-latest: true
update-environment: true
- name: Install Poetry
id: install_poetry
uses: snok/install-poetry@v1
uses: snok/install-poetry@76e04a911780d5b312d89783f7b1cd627778900a # v1.4.1
with:
version: 1.8.5
- name: Merge the changelog of the connectors

10
.github/workflows/bump-version-command.yml vendored
View File

@@ -60,7 +60,7 @@ jobs:
# forks if the user installs the app into their fork. Until we document this as a clear
# path, we will have to keep using the PAT.
- name: Checkout Airbyte
uses: actions/checkout@v4
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
with:
repository: ${{ steps.job-vars.outputs.repo }}
ref: ${{ steps.job-vars.outputs.branch }}
@@ -73,7 +73,7 @@ jobs:
# If comment-id is not provided, this will create a new
# comment with the job run link.
id: first-comment-action
uses: peter-evans/create-or-update-comment@v4
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
with:
comment-id: ${{ github.event.inputs.comment-id }}
issue-number: ${{ github.event.inputs.pr }}
@@ -135,7 +135,7 @@ jobs:
git push contributor HEAD:'${{ steps.job-vars.outputs.branch }}'
- name: Append success comment
uses: peter-evans/create-or-update-comment@v4
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
if: steps.git-diff.outputs.changes == 'true'
with:
comment-id: ${{ steps.first-comment-action.outputs.comment-id }}
@@ -144,7 +144,7 @@ jobs:
> ✅ Changes applied successfully. (${{ steps.commit-step.outputs.sha }})
- name: Append success comment (no-op)
uses: peter-evans/create-or-update-comment@v4
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
if: steps.git-diff.outputs.changes != 'true'
with:
comment-id: ${{ steps.first-comment-action.outputs.comment-id }}
@@ -153,7 +153,7 @@ jobs:
> 🔴 Job completed successfully (no changes, this is sus).
- name: Append failure comment
uses: peter-evans/create-or-update-comment@v4
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
if: failure()
with:
comment-id: ${{ steps.first-comment-action.outputs.comment-id }}

16
.github/workflows/cdk-connector-compatibility-test.yml vendored
View File

@@ -14,19 +14,19 @@ jobs:
runs-on: ubuntu-24.04
steps:
- name: Checkout Airbyte
uses: actions/checkout@v4
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
with:
submodules: true # Needed for airbyte-enterprise connectors (no-op otherwise)
fetch-depth: 0
- name: Setup Java
uses: actions/setup-java@v4
uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
with:
distribution: "zulu"
java-version: "21"
- name: Setup Gradle
uses: gradle/actions/setup-gradle@v4
uses: gradle/actions/setup-gradle@748248ddd2a24f49513d8f472f81c3a07d4d50e1 # v4.4.4
with:
gradle-version: "8.14"
@@ -57,12 +57,12 @@ jobs:
- name: Checkout Airbyte
if: matrix.connector
id: checkout
uses: actions/checkout@v4
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
with:
submodules: true # Needed for airbyte-enterprise connectors (no-op otherwise)
# Java deps
- uses: actions/setup-java@v4
- uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
if: matrix.connector
with:
distribution: zulu
@@ -71,14 +71,14 @@ jobs:
# The default behaviour is read-only on PR branches and read/write on master.
# See https://github.com/gradle/actions/blob/main/docs/setup-gradle.md#using-the-cache-read-only.
- uses: gradle/actions/setup-gradle@v4
- uses: gradle/actions/setup-gradle@748248ddd2a24f49513d8f472f81c3a07d4d50e1 # v4.4.4
if: matrix.connector
with:
gradle-version: "8.14"
- name: Install the latest version of uv
if: matrix.connector
uses: astral-sh/setup-uv@v6
uses: astral-sh/setup-uv@d0cc045d04ccac9d8b7881df0226f9e82c39688e # v6.8.0
- name: Install Poe
if: matrix.connector
@@ -116,7 +116,7 @@ jobs:
- name: Slack Notification on Failure
if: github.event_name == 'schedule' && failure() && (steps.run-unit-tests.outcome == 'failure' || steps.run-integration-tests.outcome == 'failure')
uses: slackapi/slack-github-action@v2.1.1
uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1
with:
token: ${{ secrets.SLACK_BOT_TOKEN_AIRBYTE_TEAM }}
method: chat.postMessage

46
.github/workflows/connector-ci-checks.yml vendored
View File

@@ -50,7 +50,7 @@ jobs:
steps:
- name: Checkout Current Branch
id: checkout
uses: actions/checkout@v4
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
with:
repository: ${{ inputs.repo || github.event.pull_request.head.repo.full_name }}
ref: ${{ inputs.gitref || github.head_ref || github.ref_name }}
@@ -78,7 +78,7 @@ jobs:
git fetch --quiet upstream master
- id: cdk-changes
uses: dorny/paths-filter@v2
uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
with:
# Note: expressions within a filter are OR'ed
filters: |
@@ -138,7 +138,7 @@ jobs:
- name: Checkout Airbyte
if: matrix.connector
id: checkout
uses: actions/checkout@v4
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
with:
repository: ${{ inputs.repo || github.event.pull_request.head.repo.full_name }}
ref: ${{ inputs.gitref || github.head_ref || github.ref_name }}
@@ -146,7 +146,7 @@ jobs:
fetch-depth: 1
# Java deps
- uses: actions/setup-java@v4
- uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
if: matrix.connector
with:
distribution: zulu
@@ -155,7 +155,7 @@ jobs:
# The default behaviour is read-only on PR branches and read/write on master.
# See https://github.com/gradle/actions/blob/main/docs/setup-gradle.md#using-the-cache-read-only.
- uses: gradle/actions/setup-gradle@v4
- uses: gradle/actions/setup-gradle@748248ddd2a24f49513d8f472f81c3a07d4d50e1 # v4.4.4
if: matrix.connector
with:
gradle-version: "8.14"
@@ -163,7 +163,7 @@ jobs:
# TODO: We can delete this step once Airbyte-CI is removed from Java integration tests.
- name: Set up Python (For Airbyte-CI)
if: matrix.connector
uses: actions/setup-python@v5
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
with:
python-version: "3.11"
check-latest: true
@@ -171,7 +171,7 @@ jobs:
- name: Install the latest version of uv
if: matrix.connector
uses: astral-sh/setup-uv@v6
uses: astral-sh/setup-uv@d0cc045d04ccac9d8b7881df0226f9e82c39688e # v6.8.0
- name: Install Poe
if: matrix.connector
@@ -203,7 +203,7 @@ jobs:
run: poe test-integration-tests
- name: Publish Test Results
uses: EnricoMi/publish-unit-test-result-action@v2
uses: EnricoMi/publish-unit-test-result-action@3a74b2957438d0b6e2e61d67b05318aa25c9e6c6 # v2.20.0
# Skip if cancelled, if no connector is specified, or if running from a fork.
if: always() && !cancelled() && matrix.connector && github.repository == 'airbytehq/airbyte'
with:
@@ -229,7 +229,7 @@ jobs:
- name: Checkout Airbyte
if: matrix.connector
id: checkout
uses: actions/checkout@v4
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
with:
repository: ${{ inputs.repo || github.event.pull_request.head.repo.full_name }}
ref: ${{ inputs.gitref || github.head_ref || github.ref_name }}
@@ -239,7 +239,7 @@ jobs:
# Python deps
- name: Set up Python
if: matrix.connector
uses: actions/setup-python@v5
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
with:
python-version: "3.11"
check-latest: true
@@ -247,13 +247,13 @@ jobs:
- name: Install and configure Poetry
if: matrix.connector
uses: snok/install-poetry@v1
uses: snok/install-poetry@76e04a911780d5b312d89783f7b1cd627778900a # v1.4.1
with:
version: 1.8.5
- name: Install the latest version of uv
if: matrix.connector
uses: astral-sh/setup-uv@v6
uses: astral-sh/setup-uv@d0cc045d04ccac9d8b7881df0226f9e82c39688e # v6.8.0
- name: Install system dependencies
if: matrix.connector
@@ -307,7 +307,7 @@ jobs:
airbyte-cdk image test
- name: Publish Test Results
uses: EnricoMi/publish-unit-test-result-action@v2
uses: EnricoMi/publish-unit-test-result-action@3a74b2957438d0b6e2e61d67b05318aa25c9e6c6 # v2.20.0
# Skip if cancelled, if no connector is specified, or if the repository is a fork.
if: always() && !cancelled() && matrix.connector && github.repository == 'airbytehq/airbyte'
with:
@@ -330,7 +330,7 @@ jobs:
steps:
- name: Checkout Airbyte
if: matrix.connector
uses: actions/checkout@v4
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
with:
repository: ${{ inputs.repo || github.event.pull_request.head.repo.full_name }}
ref: ${{ inputs.gitref || github.head_ref || github.ref_name }}
@@ -338,14 +338,14 @@ jobs:
fetch-depth: 1
# Java deps
- uses: actions/setup-java@v4
- uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
if: matrix.connector
with:
distribution: zulu
java-version: 21
cache: gradle
- uses: gradle/actions/setup-gradle@v4
- uses: gradle/actions/setup-gradle@748248ddd2a24f49513d8f472f81c3a07d4d50e1 # v4.4.4
if: matrix.connector
with:
cache-read-only: false
@@ -355,20 +355,20 @@ jobs:
# Python deps
- name: Set up Python
if: matrix.connector
uses: actions/setup-python@v5
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
with:
python-version: "3.11"
check-latest: true
update-environment: true
- name: Install and configure Poetry
if: matrix.connector
uses: snok/install-poetry@v1
uses: snok/install-poetry@76e04a911780d5b312d89783f7b1cd627778900a # v1.4.1
with:
version: 1.8.5
- name: Install the latest version of uv
if: matrix.connector
uses: astral-sh/setup-uv@v6
uses: astral-sh/setup-uv@d0cc045d04ccac9d8b7881df0226f9e82c39688e # v6.8.0
- name: Install system dependencies
if: matrix.connector
@@ -421,7 +421,7 @@ jobs:
steps:
- name: Checkout Airbyte
if: matrix.connector
uses: actions/checkout@v4
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
with:
repository: ${{ inputs.repo || github.event.pull_request.head.repo.full_name }}
ref: ${{ inputs.gitref || github.head_ref || github.ref_name }}
@@ -429,7 +429,7 @@ jobs:
fetch-depth: 0
- name: Install uv
if: matrix.connector
uses: astral-sh/setup-uv@v6
uses: astral-sh/setup-uv@d0cc045d04ccac9d8b7881df0226f9e82c39688e # v6.8.0
- name: Install Poe
if: matrix.connector
@@ -489,7 +489,7 @@ jobs:
# be available, so the following steps will be a no-op.
- name: Authenticate as GitHub App
uses: actions/create-github-app-token@v1
uses: actions/create-github-app-token@d72941d797fd3113feb6b93fd0dec494b13a2547 # v1.12.0
id: get-app-token
if: always() && !cancelled()
continue-on-error: true
@@ -501,7 +501,7 @@ jobs:
if: >
always() && !cancelled() &&
steps.get-app-token.outcome == 'success'
uses: LouisBrunner/checks-action@v2.0.0
uses: LouisBrunner/checks-action@6b626ffbad7cc56fd58627f774b9067e6118af23 # v2.0.0
with:
name: "Connector CI Checks Summary" # << Name of the 'Required' check
sha: ${{ needs.generate-matrix.outputs.commit-sha }}

16
.github/workflows/connector-image-build.yml vendored
View File

@@ -42,14 +42,14 @@ jobs:
url: https://ghcr.io/airbytehq/${{ inputs.connector }}
steps:
- name: Checkout Current Branch
uses: actions/checkout@v4
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
with:
repository: ${{ inputs.repo || github.event.pull_request.head.repo.full_name }}
ref: ${{ inputs.gitref || github.head_ref }}
fetch-depth: 1
- name: Install the latest version of uv
uses: astral-sh/setup-uv@v6
uses: astral-sh/setup-uv@d0cc045d04ccac9d8b7881df0226f9e82c39688e # v6.8.0
- name: Install Poe
run: |
@@ -74,14 +74,14 @@ jobs:
echo "image-build-num-tag=${IMAGE_PR_NUM_TAG}-build${{ github.run_number }}" | tee -a $GITHUB_OUTPUT
# Java deps
- uses: actions/setup-java@v4
- uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
if: ${{ steps.vars.outputs.connector-language == 'java' }}
with:
distribution: zulu
java-version: 21
cache: gradle
- uses: gradle/actions/setup-gradle@v4
- uses: gradle/actions/setup-gradle@748248ddd2a24f49513d8f472f81c3a07d4d50e1 # v4.4.4
if: ${{ steps.vars.outputs.connector-language == 'java' }}
with:
cache-read-only: false
@@ -95,18 +95,18 @@ jobs:
./gradlew :airbyte-integrations:connectors:${{ inputs.connector }}:distTar
- name: Log in to GHCR
uses: docker/login-action@v3
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
- name: Build Connector Image
id: build-connector-image
uses: docker/build-push-action@v5
uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5.4.0
with:
context: airbyte-integrations/connectors/${{ inputs.connector }}
file: docker-images/Dockerfile.${{ steps.vars.outputs.connector-language }}-connector
@@ -127,7 +127,7 @@ jobs:
spec
- name: Run ${{ inputs.connector }} Image Vulnerability Scan
uses: anchore/scan-action@v6
uses: anchore/scan-action@1638637db639e0ade3258b51db49a9a137574c3e # v6.5.1
with:
image: "${{ steps.vars.outputs.image-build-num-tag }}"
output-format: "table"

22
.github/workflows/connector-performance-command.yml vendored
View File

@@ -106,7 +106,7 @@ jobs:
ec2-instance-id: ${{ steps.start-ec2-runner.outputs.ec2-instance-id }}
steps:
- name: Checkout Airbyte
uses: actions/checkout@v3
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
with:
repository: ${{ inputs.repo }}
ref: ${{ inputs.gitref }}
@@ -129,7 +129,7 @@ jobs:
steps:
- name: Link comment to workflow run
if: inputs.comment-id
uses: peter-evans/create-or-update-comment@v1
uses: peter-evans/create-or-update-comment@a35cf36e5301d70b76f316e867e7788a55a31dae # v1.4.5
with:
comment-id: ${{ inputs.comment-id }}
body: |
@@ -140,7 +140,7 @@ jobs:
> :runner: ${{inputs.connector}} https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}.
- name: Search for valid connector name format
id: regex
uses: AsasInnab/regex-action@v1
uses: AsasInnab/regex-action@93439ac11aa6a032a673c8711231d8cef044daaa # v1
with:
regex_pattern: "^(connectors/)?[a-zA-Z0-9-_]+$"
regex_flags: "i" # required to be set for this plugin
@@ -155,18 +155,18 @@ jobs:
inputs.connector != 'connectors/source-mongodb-v2' }}"
run: echo "Only connectors/source-postgres, source-mysql, source-mongodb-v2 and destination-snowflake currently supported by harness" && exit 1
- name: Checkout Airbyte
uses: actions/checkout@v3
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
with:
repository: ${{ inputs.repo }}
ref: ${{ inputs.gitref }}
fetch-depth: 0 # This is to fetch the main branch in case we are running on a different branch.
- name: Install Java
uses: actions/setup-java@v3
uses: actions/setup-java@17f84c3641ba7b8f6deff6309fc4c864478f5d62 # v3.14.1
with:
distribution: "zulu"
java-version: "21"
- name: Install Python
uses: actions/setup-python@v4
uses: actions/setup-python@7f4fc3e22c37d6ff65e88745f38bd3157c663f7c # v4.9.1
with:
python-version: "3.11"
check-latest: true
@@ -210,7 +210,7 @@ jobs:
env:
GCP_GSM_CREDENTIALS: ${{ secrets.GCP_GSM_CREDENTIALS }}
- name: KIND Kubernetes Cluster Setup
uses: helm/kind-action@v1.4.0
uses: helm/kind-action@9e8295d178de23cbfbd8fa16cf844eec1d773a07 # v1.4.0
with:
config: "./tools/bin/${{ steps.which-harness.outputs.harness_type }}-kind-cluster-config.yaml"
- name: Run harness
@@ -246,7 +246,7 @@ jobs:
echo "$EOF" >> $GITHUB_OUTPUT
- name: Link comment to workflow run
if: inputs.comment-id
uses: peter-evans/create-or-update-comment@v2
uses: peter-evans/create-or-update-comment@67dcc547d311b736a8e6c5c236542148a47adc3d # v2.1.1
with:
reactions: "+1"
comment-id: ${{ inputs.comment-id }}
@@ -268,20 +268,20 @@ jobs:
if: ${{ always() }} # required to stop the runner even if the error happened in the previous jobs
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
uses: aws-actions/configure-aws-credentials@67fbcbb121271f7775d2e7715933280b06314838 # v1.7.0
with:
aws-access-key-id: ${{ secrets.SELF_RUNNER_AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.SELF_RUNNER_AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-2
- name: Checkout Airbyte
uses: actions/checkout@v3
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: Check PAT rate limits
run: |
./tools/bin/find_non_rate_limited_PAT \
${{ secrets.GH_PAT_BUILD_RUNNER_OSS }} \
${{ secrets.GH_PAT_BUILD_RUNNER_BACKUP }}
- name: Stop EC2 runner
uses: supertopher/ec2-github-runner@base64v1.0.10
uses: supertopher/ec2-github-runner@0a62b16b7a86a45725a1755884f8cee7a5068ad8 #base64v1.0.10
with:
mode: stop
github-token: ${{ env.PAT }}

10
.github/workflows/connectors_insights.yml vendored
View File

@@ -14,9 +14,9 @@ jobs:
timeout-minutes: 1440 # 24 hours
steps:
- name: Checkout Airbyte
uses: actions/checkout@v4
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
- name: Docker login
uses: docker/login-action@v3
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_PASSWORD }}
@@ -25,11 +25,11 @@ jobs:
with:
dagger_engine_image: "registry.dagger.io/engine:v0.9.6"
- name: Set up Python
uses: actions/setup-python@v5
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
with:
python-version: "3.11"
- name: Install Poetry
uses: snok/install-poetry@v1
uses: snok/install-poetry@76e04a911780d5b312d89783f7b1cd627778900a # v1.4.1
with:
version: 1.8.5
virtualenvs-create: true
@@ -37,7 +37,7 @@ jobs:
installer-parallel: true
- name: Load cached venv
id: cached-poetry-dependencies
uses: actions/cache@v3
uses: actions/cache@6f8efc29b200d32929f49075959781ed54ec270c # v3.5.0
with:
path: .venv
key: venv-${{ runner.os }}-${{ steps.setup-python.outputs.python-version }}-${{ hashFiles('**/poetry.lock') }}

6
.github/workflows/connectors_up_to_date.yml vendored
View File

@@ -20,7 +20,7 @@ jobs:
generated_matrix: ${{ steps.generate_matrix.outputs.generated_matrix }}
steps:
- name: Checkout Airbyte
uses: actions/checkout@v4
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
- name: Run airbyte-ci connectors list [SCHEDULED TRIGGER]
if: github.event_name == 'schedule'
id: airbyte-ci-connectors-list-scheduled
@@ -56,9 +56,9 @@ jobs:
pull-requests: write
steps:
- name: Checkout Airbyte
uses: actions/checkout@v4
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
- name: Authenticate as 'octavia-bot-hoard' GitHub App
uses: actions/create-github-app-token@v2
uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
id: get-app-token
with:
owner: "airbytehq"

64
.github/workflows/docker-connector-base-image-tests.yml vendored
View File

@@ -27,10 +27,10 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
- id: changes
uses: dorny/paths-filter@v3.0.2
uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
with:
filters: |
java-images:
@@ -57,23 +57,23 @@ jobs:
if: needs.detect-changes.outputs.java-images == 'true'
steps:
- name: Checkout code
uses: actions/checkout@v4
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
with:
fetch-depth: 1
- name: Log in to GHCR
uses: docker/login-action@v3
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
- name: Build Java Base Image
id: docker-build-java-base
uses: docker/build-push-action@v5
uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5.4.0
with:
context: .
file: docker-images/Dockerfile.java-connector-base
@@ -84,7 +84,7 @@ jobs:
ghcr.io/airbytehq/java-connector-base:draft-pr-${{ github.event.pull_request.number }}-build${{ github.run_number }}
- name: Run Java Base Image Vulnerability Scan
uses: anchore/scan-action@v6
uses: anchore/scan-action@1638637db639e0ade3258b51db49a9a137574c3e # v6.5.1
with:
image: "ghcr.io/airbytehq/java-connector-base:draft-pr-${{ github.event.pull_request.number }}-build${{ github.run_number }}"
output-format: "table"
@@ -104,23 +104,23 @@ jobs:
if: needs.detect-changes.outputs.python-images == 'true'
steps:
- name: Checkout code
uses: actions/checkout@v4
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
with:
fetch-depth: 1
- name: Log in to GHCR
uses: docker/login-action@v3
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
- name: Build Python Base Image
id: docker-build-python-base
uses: docker/build-push-action@v5
uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5.4.0
with:
context: .
file: docker-images/Dockerfile.python-connector-base
@@ -131,7 +131,7 @@ jobs:
ghcr.io/airbytehq/python-connector-base:draft-pr-${{ github.event.pull_request.number }}-build${{ github.run_number }}
- name: Run Python Base Image Vulnerability Scan
uses: anchore/scan-action@v6
uses: anchore/scan-action@1638637db639e0ade3258b51db49a9a137574c3e # v6.5.1
with:
image: "ghcr.io/airbytehq/python-connector-base:draft-pr-${{ github.event.pull_request.number }}-build${{ github.run_number }}"
output-format: "table"
@@ -158,19 +158,19 @@ jobs:
url: https://ghcr.io/airbytehq/${{ matrix.connector }}
steps:
- name: Checkout code
uses: actions/checkout@v4
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
with:
fetch-depth: 1
# Java deps
- name: Set up Java
uses: actions/setup-java@v4
uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
with:
distribution: zulu
java-version: 21
cache: gradle
- uses: gradle/actions/setup-gradle@v4
- uses: gradle/actions/setup-gradle@748248ddd2a24f49513d8f472f81c3a07d4d50e1 # v4.4.4
with:
cache-read-only: false
cache-write-only: false
@@ -182,14 +182,14 @@ jobs:
./gradlew :airbyte-integrations:connectors:${{ matrix.connector }}:distTar
- name: Log in to GHCR
uses: docker/login-action@v3
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
- name: Debug BUILD_ARGS
run: |
@@ -198,7 +198,7 @@ jobs:
- name: Build ${{ matrix.connector }} Image
id: docker-build-java-connector
uses: docker/build-push-action@v5
uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5.4.0
with:
context: airbyte-integrations/connectors/${{ matrix.connector }}
file: docker-images/Dockerfile.java-connector
@@ -219,7 +219,7 @@ jobs:
spec
- name: Setup uv
uses: astral-sh/setup-uv@v4
uses: astral-sh/setup-uv@38f3f104447c67c051c4a08e39b64a148898af3a # v4.2.0
- name: Install CDK CLI
run: |
@@ -237,7 +237,7 @@ jobs:
airbyte-cdk image test --image=ghcr.io/airbytehq/${{ matrix.connector }}:draft-pr-${{ github.event.pull_request.number }}-build${{ github.run_number }}
- name: Run ${{ matrix.connector }} Image Vulnerability Scan
uses: anchore/scan-action@v6
uses: anchore/scan-action@1638637db639e0ade3258b51db49a9a137574c3e # v6.5.1
with:
image: "ghcr.io/airbytehq/${{ matrix.connector }}:draft-pr-${{ github.event.pull_request.number }}-build${{ github.run_number }}"
output-format: "table"
@@ -263,17 +263,17 @@ jobs:
url: https://ghcr.io/airbytehq/${{ matrix.connector }}
steps:
- name: Checkout code
uses: actions/checkout@v4
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
- name: Log in to GHCR
uses: docker/login-action@v3
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
- name: Debug BUILD_ARGS
run: |
@@ -282,7 +282,7 @@ jobs:
- name: Build ${{ matrix.connector }} Image
id: docker-build-python-connector
uses: docker/build-push-action@v5
uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5.4.0
with:
context: airbyte-integrations/connectors/${{ matrix.connector }}
file: docker-images/Dockerfile.python-connector
@@ -303,7 +303,7 @@ jobs:
spec
- name: Setup uv
uses: astral-sh/setup-uv@v4
uses: astral-sh/setup-uv@38f3f104447c67c051c4a08e39b64a148898af3a # v4.2.0
- name: Install CDK CLI
run: |
@@ -321,7 +321,7 @@ jobs:
airbyte-cdk image test --image=ghcr.io/airbytehq/${{ matrix.connector }}:draft-pr-${{ github.event.pull_request.number }}-build${{ github.run_number }}
- name: Run ${{ matrix.connector }} Image Vulnerability Scan
uses: anchore/scan-action@v6
uses: anchore/scan-action@1638637db639e0ade3258b51db49a9a137574c3e # v6.5.1
with:
image: "ghcr.io/airbytehq/${{ matrix.connector }}:draft-pr-${{ github.event.pull_request.number }}-build${{ github.run_number }}"
output-format: "table"
@@ -343,19 +343,19 @@ jobs:
url: https://ghcr.io/airbytehq/${{ matrix.connector }}
steps:
- name: Checkout code
uses: actions/checkout@v4
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
with:
fetch-depth: 1
- name: Log in to GHCR
uses: docker/login-action@v3
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
- name: Debug BUILD_ARGS
run: |
@@ -363,7 +363,7 @@ jobs:
echo "CONNECTOR_NAME=${{ matrix.connector }}"
- name: Build ${{ matrix.connector }} Image
uses: docker/build-push-action@v5
uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5.4.0
with:
context: airbyte-integrations/connectors/${{ matrix.connector }}
file: docker-images/Dockerfile.manifest-only-connector
@@ -384,7 +384,7 @@ jobs:
spec
- name: Setup uv
uses: astral-sh/setup-uv@v4
uses: astral-sh/setup-uv@38f3f104447c67c051c4a08e39b64a148898af3a # v4.2.0
- name: Install CDK CLI
run: |
@@ -402,7 +402,7 @@ jobs:
airbyte-cdk image test --image=ghcr.io/airbytehq/${{ matrix.connector }}:draft-pr-${{ github.event.pull_request.number }}-build${{ github.run_number }}
- name: Run ${{ matrix.connector }} Image Vulnerability Scan
uses: anchore/scan-action@v6
uses: anchore/scan-action@1638637db639e0ade3258b51db49a9a137574c3e # v6.5.1
with:
image: "ghcr.io/airbytehq/${{ matrix.connector }}:draft-pr-${{ github.event.pull_request.number }}-build${{ github.run_number }}"
output-format: "table"

14
.github/workflows/docker-connector-image-publishing.yml vendored
View File

@@ -50,19 +50,19 @@ jobs:
url: https://${{ github.event.inputs.repository-root == 'docker.io/airbyte' && 'hub.docker.com/r/airbyte' || github.event.inputs.repository-root }}/${{ github.event.inputs.connector-type }}-connector-base
steps:
- name: Checkout code
uses: actions/checkout@v4
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
with:
fetch-depth: 1
- name: Log in to DockerHub
uses: docker/login-action@v3
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
if: ${{ github.event.inputs.repository-root == 'docker.io/airbyte' }}
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_PASSWORD }}
- name: Log in to GHCR
uses: docker/login-action@v3
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
if: ${{ github.event.inputs.repository-root == 'ghcr.io/airbytehq' }}
with:
registry: ghcr.io/airbytehq
@@ -70,7 +70,7 @@ jobs:
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
- name: Set and debug variables
id: vars
@@ -87,7 +87,7 @@ jobs:
- name: Build Base Image
id: docker-build-base
uses: docker/build-push-action@v6
uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
with:
file: ${{ steps.vars.outputs.DOCKERFILE }}
platforms: linux/amd64,linux/arm64
@@ -95,7 +95,7 @@ jobs:
push: false
- name: Run Vulnerability Scan
uses: anchore/scan-action@v6
uses: anchore/scan-action@1638637db639e0ade3258b51db49a9a137574c3e # v6.5.1
with:
image: "${{ steps.vars.outputs.FULL_IMAGE_REF }}"
output-format: "table"
@@ -108,7 +108,7 @@ jobs:
# https://docs.docker.com/build/ci/github-actions/test-before-push/
id: docker-image-publish
if: ${{ github.event.inputs.dry-run == 'false' }}
uses: docker/build-push-action@v6
uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
with:
platforms: linux/amd64,linux/arm64
file: ${{ steps.vars.outputs.DOCKERFILE }}

2
.github/workflows/docker-image-pruning.yml vendored
View File

@@ -24,7 +24,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Prune temporary GHCR images
uses: snok/container-retention-policy@v3.0.0
uses: snok/container-retention-policy@4f22ef80902ad409ed55a99dc5133cc1250a0d03 # v3.0.0
with:
account: airbytehq
token: ${{ secrets.GITHUB_TOKEN }}

16
.github/workflows/docs-build.yml vendored
View File

@@ -15,7 +15,7 @@ jobs:
# The detection method uses the GitHub REST API.
- name: Detect Changes
id: detect-changes
uses: dorny/paths-filter@v3.0.2
uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
with:
filters: |
docs:
@@ -34,7 +34,7 @@ jobs:
if: needs.detect-changes.outputs.changed == 'true'
steps:
- name: Checkout Current Branch
uses: actions/checkout@v4
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
with:
fetch-depth: 0
repository: ${{ github.event.pull_request.head.repo.full_name }}
@@ -61,13 +61,13 @@ jobs:
- name: Set Up pnpm
if: steps.check-skip.outputs.skip-build != 'true'
# pnpm is used to manage the dependencies of the documentation build.
uses: pnpm/action-setup@v4
uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
with:
version: 10.12.1
- name: Install uv
if: steps.check-skip.outputs.skip-build != 'true'
uses: astral-sh/setup-uv@v6
uses: astral-sh/setup-uv@d0cc045d04ccac9d8b7881df0226f9e82c39688e # v6.8.0
- name: Install Poe
if: steps.check-skip.outputs.skip-build != 'true'
@@ -95,13 +95,13 @@ jobs:
steps:
- name: Checkout Current Branch
uses: actions/checkout@v4.2.2
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 1
- name: Deploy to Vercel
id: deploy-vercel
uses: amondnet/vercel-action@v41.1.4
uses: amondnet/vercel-action@888da851026e0573da056b061931bcb765a915c4 # v41.1.4
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
vercel-token: ${{ secrets.VERCEL_TOKEN }}
@@ -110,7 +110,7 @@ jobs:
vercel-args: --archive=tgz
- name: Authenticate as GitHub App
uses: actions/create-github-app-token@v2.0.6
uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
id: get-app-token
with:
owner: "airbytehq"
@@ -120,7 +120,7 @@ jobs:
# If successful, post a check status with the Preview URL as its "details" link
- name: Post Custom Check with Preview URL (${{ steps.deploy-vercel.outputs.preview-url }})
uses: LouisBrunner/checks-action@v2.0.0
uses: LouisBrunner/checks-action@6b626ffbad7cc56fd58627f774b9067e6118af23 # v2.0.0
with:
name: "Vercel Preview Deployed" # << Name of the check
status: completed

4
.github/workflows/finalize_rollout.yml vendored
View File

@@ -27,12 +27,12 @@ jobs:
fi
shell: bash
- name: Checkout Airbyte
uses: actions/checkout@v4
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
# Authenticate as the GitHub App to ensure CI can run. This is necessary because
# commits created with the built-in GitHub token will not trigger workflows.
- name: Authenticate as GitHub App
uses: actions/create-github-app-token@v1
uses: actions/create-github-app-token@d72941d797fd3113feb6b93fd0dec494b13a2547 # v1.12.0
id: get-app-token
with:
owner: "airbytehq"

16
.github/workflows/format-fix-command.yml vendored
View File

@@ -48,7 +48,7 @@ jobs:
# forks if the user installs the app into their fork. Until we document this as a clear
# path, we will have to keep using the PAT.
- name: Checkout Airbyte
uses: actions/checkout@v3
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
with:
repository: ${{ steps.job-vars.outputs.repo }}
ref: ${{ steps.job-vars.outputs.branch }}
@@ -61,7 +61,7 @@ jobs:
# If comment-id is not provided, this will create a new
# comment with the job run link.
id: first-comment-action
uses: peter-evans/create-or-update-comment@v4
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
with:
comment-id: ${{ github.event.inputs.comment-id }}
issue-number: ${{ github.event.inputs.pr }}
@@ -73,19 +73,19 @@ jobs:
# Compare the below to the `format_check.yml` workflow
- name: Setup Java
uses: actions/setup-java@v3
uses: actions/setup-java@17f84c3641ba7b8f6deff6309fc4c864478f5d62 # v3.14.1
with:
distribution: "zulu"
java-version: "21"
- name: Setup Python
uses: actions/setup-python@v5
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
with:
python-version: "3.11"
cache: "pip"
check-latest: true
update-environment: true
- name: Run pre-commit
uses: pre-commit/action@v3.0.1
uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1
continue-on-error: true
id: format-fix
@@ -120,7 +120,7 @@ jobs:
git push contributor HEAD:'${{ steps.job-vars.outputs.branch }}'
- name: Append success comment
uses: peter-evans/create-or-update-comment@v4
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
if: steps.git-diff.outputs.changes == 'true'
with:
comment-id: ${{ steps.first-comment-action.outputs.comment-id }}
@@ -129,7 +129,7 @@ jobs:
> ✅ Changes applied successfully. (${{ steps.commit-step.outputs.sha }})
- name: Append success comment (no-op)
uses: peter-evans/create-or-update-comment@v4
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
if: steps.git-diff.outputs.changes != 'true'
with:
comment-id: ${{ steps.first-comment-action.outputs.comment-id }}
@@ -138,7 +138,7 @@ jobs:
> 🟦 Job completed successfully (no changes).
- name: Append failure comment
uses: peter-evans/create-or-update-comment@v4
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
if: failure()
with:
comment-id: ${{ steps.first-comment-action.outputs.comment-id }}

10
.github/workflows/format_check.yml vendored
View File

@@ -14,21 +14,21 @@ jobs:
name: "Format Check"
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
- name: Setup Java
uses: actions/setup-java@v3
uses: actions/setup-java@17f84c3641ba7b8f6deff6309fc4c864478f5d62 # v3.14.1
with:
distribution: "zulu"
java-version: "21"
- name: Setup Python
uses: actions/setup-python@v5
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
with:
python-version: "3.11"
cache: "pip"
check-latest: true
update-environment: true
- name: Run Pre-Commit
uses: pre-commit/action@v3.0.1
uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1
id: format-check
with:
extra_args: --all-files
@@ -49,7 +49,7 @@ jobs:
always() && steps.format-check.outcome == 'failure' &&
github.ref == 'refs/heads/master' &&
github.event.pull_request.head.repo.fork == false
uses: slackapi/slack-github-action@v2.1.1
uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1
with:
token: ${{ secrets.SLACK_BOT_TOKEN_AIRBYTE_TEAM }}
method: chat.postMessage

6
.github/workflows/gradle-dependency-diff.yml vendored
View File

@@ -10,11 +10,11 @@ jobs:
if: github.event.pull_request.head.repo.fork == false
steps:
- name: Checkout Code
uses: actions/checkout@v4
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
- name: Set up Java
uses: actions/setup-java@v4
uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
with:
distribution: temurin
java-version: 21
- name: Run Gradle Dependency Diff
uses: be-hase/gradle-dependency-diff-action@v2
uses: be-hase/gradle-dependency-diff-action@c6832aa3ca2594b7f25136bad88155f483d1fa04 # v2.0.0

20
.github/workflows/internal-airbyte-ci-release.yml vendored
View File

@@ -26,17 +26,17 @@ jobs:
steps:
- name: Checkout Airbyte
id: checkout_airbyte
uses: actions/checkout@v3
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
with:
ref: ${{ github.sha }} # This is required to make sure that the same commit is checked out on all runners
- name: Get short SHA
id: get_short_sha
uses: benjlevesque/short-sha@v2.2
uses: benjlevesque/short-sha@36eb8c530990ceac5ddf3c0bc32d02c677ae9706 # v2.2
- name: Install Python
id: install_python
uses: actions/setup-python@v4
uses: actions/setup-python@7f4fc3e22c37d6ff65e88745f38bd3157c663f7c # v4.9.1
with:
python-version: "3.11"
check-latest: true
@@ -44,7 +44,7 @@ jobs:
- name: Install Poetry
id: install_poetry
uses: snok/install-poetry@v1
uses: snok/install-poetry@76e04a911780d5b312d89783f7b1cd627778900a # v1.4.1
with:
version: 1.8.5
@@ -58,21 +58,21 @@ jobs:
working-directory: airbyte-ci/connectors/pipelines/
run: poetry run poe build-release-binary ${{ env.BINARY_FILE_NAME }}
- uses: actions/upload-artifact@v4
- uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: airbyte-ci-${{ matrix.os }}-${{ steps.get_short_sha.outputs.sha }}
path: airbyte-ci/connectors/pipelines/dist/${{ env.BINARY_FILE_NAME }}
- name: Authenticate to Google Cloud Dev
id: auth_dev
uses: google-github-actions/auth@v1
uses: google-github-actions/auth@3a3c4c57d294ef65efaaee4ff17b22fa88dd3c69 # v1.3.0
with:
credentials_json: "${{ secrets.METADATA_SERVICE_DEV_GCS_CREDENTIALS }}"
- name: Upload pre-release to GCS dev bucket
id: upload_pre_release_to_gcs
if: github.ref != 'refs/heads/master'
uses: google-github-actions/upload-cloud-storage@v1
uses: google-github-actions/upload-cloud-storage@e95a15f226403ed658d3e65f40205649f342ba2c # v1.0.3
with:
path: airbyte-ci/connectors/pipelines/dist/${{ env.BINARY_FILE_NAME }}
destination: ${{ env.DEV_GCS_BUCKET_NAME }}/airbyte-ci/releases/${{ matrix.os }}/${{ steps.get_short_sha.outputs.sha }}
@@ -95,14 +95,14 @@ jobs:
- name: Authenticate to Google Cloud Prod
id: auth_prod
uses: google-github-actions/auth@v1
uses: google-github-actions/auth@3a3c4c57d294ef65efaaee4ff17b22fa88dd3c69 # v1.3.0
with:
credentials_json: "${{ secrets.METADATA_SERVICE_PROD_GCS_CREDENTIALS }}"
- name: Upload version release to GCS prod bucket
id: upload_version_release_to_gcs
if: github.ref == 'refs/heads/master'
uses: google-github-actions/upload-cloud-storage@v1
uses: google-github-actions/upload-cloud-storage@e95a15f226403ed658d3e65f40205649f342ba2c # v1.0.3
with:
path: airbyte-ci/connectors/pipelines/dist/${{ env.BINARY_FILE_NAME }}
destination: ${{ env.PROD_GCS_BUCKET_NAME }}/airbyte-ci/releases/${{ matrix.os }}/${{ steps.set_version.outputs.version }}
@@ -118,7 +118,7 @@ jobs:
- name: Upload latest release to GCS prod bucket
id: upload_latest_release_to_gcs
if: github.ref == 'refs/heads/master'
uses: google-github-actions/upload-cloud-storage@v1
uses: google-github-actions/upload-cloud-storage@e95a15f226403ed658d3e65f40205649f342ba2c # v1.0.3
with:
path: airbyte-ci/connectors/pipelines/dist/${{ env.BINARY_FILE_NAME }}
destination: ${{ env.PROD_GCS_BUCKET_NAME }}/airbyte-ci/releases/${{ matrix.os }}/latest

10
.github/workflows/internal-airbyte-ci-tests.yml vendored
View File

@@ -25,9 +25,9 @@ jobs:
steps:
- name: Checkout Airbyte
if: github.event_name != 'pull_request'
uses: actions/checkout@v4
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
- id: changes
uses: dorny/paths-filter@v2
uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
with:
# Note: expressions within a filter are OR'ed
filters: |
@@ -54,12 +54,12 @@ jobs:
statuses: write
steps:
- name: Checkout Airbyte
uses: actions/checkout@v4
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
with:
fetch-depth: 0
ref: ${{ github.event.pull_request.head.ref }}
- name: Checkout Airbyte Python CDK
uses: actions/checkout@v4
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
with:
repository: airbytehq/airbyte-python-cdk
ref: main
@@ -93,7 +93,7 @@ jobs:
run: echo "commit_id=$(git rev-parse origin/${{ steps.extract_branch.outputs.branch }})" >> $GITHUB_OUTPUT
- name: Authenticate as GitHub App
uses: actions/create-github-app-token@v2
uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
id: get-app-token
with:
owner: "airbytehq"

16
.github/workflows/java-bulk-cdk-publish.yml vendored
View File

@@ -30,23 +30,23 @@ jobs:
timeout-minutes: 30
steps:
- name: Checkout Airbyte
uses: actions/checkout@v3
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: Setup Java
uses: actions/setup-java@v3
uses: actions/setup-java@17f84c3641ba7b8f6deff6309fc4c864478f5d62 # v3.14.1
with:
distribution: "zulu"
java-version: "21"
- name: Docker login
# Some tests use testcontainers which pull images from DockerHub.
uses: docker/login-action@v1
uses: docker/login-action@dd4fa0671be5250ee6f50aedf4cb05514abda2c7 # v1.14.1
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_PASSWORD }}
- name: Error if CDK Version Exists
uses: burrunan/gradle-cache-action@v1
uses: burrunan/gradle-cache-action@3bf23b8dd95e7d2bacf2470132454fe893a178a1 # v1
env:
CI: true
with:
@@ -56,7 +56,7 @@ jobs:
arguments: --scan :airbyte-cdk:bulk:checkBuildNumber
- name: Build Bulk CDK
uses: burrunan/gradle-cache-action@v1
uses: burrunan/gradle-cache-action@3bf23b8dd95e7d2bacf2470132454fe893a178a1 # v1
env:
CI: true
with:
@@ -66,7 +66,7 @@ jobs:
arguments: --scan :airbyte-cdk:bulk:bulkCdkBuild
- name: Publish Poms and Jars to CloudRepo
uses: burrunan/gradle-cache-action@v1
uses: burrunan/gradle-cache-action@3bf23b8dd95e7d2bacf2470132454fe893a178a1 # v1
env:
CI: true
CLOUDREPO_USER: ${{ secrets.CLOUDREPO_USER }}
@@ -81,7 +81,7 @@ jobs:
- name: Post failure to Slack channel
if: ${{ env.DRY_RUN == 'false' && failure() }}
uses: slackapi/slack-github-action@v1.23.0
uses: slackapi/slack-github-action@007b2c3c751a190b6f0f040e47ed024deaa72844 # v1.23.0
continue-on-error: true
with:
channel-id: C07K1P3UL6Q # The `#dev-java-cdk-releases` channel
@@ -110,7 +110,7 @@ jobs:
- name: Post success to Slack channel
if: ${{ env.DRY_RUN == 'false' && !failure() }}
uses: slackapi/slack-github-action@v1.23.0
uses: slackapi/slack-github-action@007b2c3c751a190b6f0f040e47ed024deaa72844 # v1.23.0
continue-on-error: true
with:
channel-id: C07K1P3UL6Q # The `#dev-java-cdk-releases` channel

20
.github/workflows/java-cdk-tests.yml vendored
View File

@@ -29,9 +29,9 @@ jobs:
steps:
- name: Checkout Airbyte
if: github.event_name != 'pull_request'
uses: actions/checkout@v4
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
- id: changes
uses: dorny/paths-filter@v2
uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
with:
filters: |
java:
@@ -47,9 +47,9 @@ jobs:
steps:
- name: Checkout Airbyte
if: github.event_name != 'pull_request'
uses: actions/checkout@v4
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
- id: changes-in-bulk
uses: dorny/paths-filter@v2
uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
with:
filters: |
java:
@@ -64,15 +64,15 @@ jobs:
timeout-minutes: 60
steps:
- name: Checkout Airbyte
uses: actions/checkout@v4
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
- name: Java Setup
uses: actions/setup-java@v3
uses: actions/setup-java@17f84c3641ba7b8f6deff6309fc4c864478f5d62 # v3.14.1
with:
distribution: "zulu"
java-version: "21"
# Help CDK Devs understand CDK version should be incremented on changes.
- name: Check that bulk CDK version is incremented
uses: burrunan/gradle-cache-action@v1
uses: burrunan/gradle-cache-action@3bf23b8dd95e7d2bacf2470132454fe893a178a1 # v1
env:
CI: true
with:
@@ -94,14 +94,14 @@ jobs:
timeout-minutes: 60
steps:
- name: Checkout Airbyte
uses: actions/checkout@v4
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
- name: Java Setup
uses: actions/setup-java@v3
uses: actions/setup-java@17f84c3641ba7b8f6deff6309fc4c864478f5d62 # v3.14.1
with:
distribution: "zulu"
java-version: "21"
- name: Run Java CDK Tests
uses: burrunan/gradle-cache-action@v3
uses: burrunan/gradle-cache-action@663fbad34e03c8f12b27f4999ac46e3d90f87eca # v3.0.1
env:
CI: true
with:

4
.github/workflows/jvm-connector-pr-structure.yml vendored
View File

@@ -10,12 +10,12 @@ jobs:
if: github.base_ref == 'master' && github.repository == 'airbytehq/airbyte'
steps:
- name: Check for changes in bulk CDK
uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47
uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
id: cdk-changes
with:
files: "airbyte-cdk/bulk/**/*"
- name: Check for changes in connectors
uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47
uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 # v47.0.0
id: connector-changes
with:
files: "airbyte-integrations/connectors/**/*"

2
.github/workflows/label-github-issues-by-context.yml vendored
View File

@@ -13,7 +13,7 @@ jobs:
# so we should consider moving off of this specialized action and onto a normal
# action step.
- name: Run Issue Command from workflow-actions
uses: nick-fields/private-action-loader@v3
uses: nick-fields/private-action-loader@6fa713597d3de3707f8b7a3029a5c262f32c5bca # v3.0.12
with:
pal-repo-token: "${{ secrets.GH_PAT_MAINTENANCE_OCTAVIA }}"
pal-repo-name: airbytehq/workflow-actions@production

2
.github/workflows/label-prs-by-context.yml vendored
View File

@@ -15,7 +15,7 @@ jobs:
# so we should consider moving off of this specialized action onto a normal
# action step.
- name: Run Issue Command from workflow-actions
uses: nick-fields/private-action-loader@v3
uses: nick-fields/private-action-loader@6fa713597d3de3707f8b7a3029a5c262f32c5bca # v3.0.12
with:
pal-repo-token: "${{ secrets.GH_PAT_MAINTENANCE_OCTAVIA }}"
pal-repo-name: airbytehq/workflow-actions@production

4
.github/workflows/live_tests.yml vendored
View File

@@ -52,7 +52,7 @@ jobs:
timeout-minutes: 360 # 6 hours
steps:
- name: Checkout Airbyte
uses: actions/checkout@v4
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
- name: Extract branch name [WORKFLOW DISPATCH]
shell: bash
if: github.event_name == 'workflow_dispatch'
@@ -61,7 +61,7 @@ jobs:
- name: Install Poetry
id: install_poetry
uses: snok/install-poetry@v1
uses: snok/install-poetry@76e04a911780d5b312d89783f7b1cd627778900a # v1.4.1
with:
version: 1.8.5

2
.github/workflows/metadata_service_deploy_orchestrator_dagger.yml vendored
View File

@@ -17,7 +17,7 @@ jobs:
runs-on: tooling-publish-medium
steps:
- name: Checkout Airbyte
uses: actions/checkout@v2
uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
- name: Deploy the metadata orchestrator [On merge to master]
id: metadata-orchestrator-deploy-orchestrator-pipeline-prod
if: github.event_name == 'push'

4
.github/workflows/poe-command.yml vendored
View File

@@ -43,7 +43,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Authenticate as GitHub App
uses: actions/create-github-app-token@v2
uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
id: get-app-token
with:
owner: "airbytehq"
@@ -51,7 +51,7 @@ jobs:
app-id: ${{ secrets.OCTAVIA_BOT_APP_ID }}
private-key: ${{ secrets.OCTAVIA_BOT_PRIVATE_KEY }}
- name: Run Poe Slash Command Processor
uses: aaronsteers/poe-command-processor@v1
uses: aaronsteers/poe-command-processor@04330aa7047b6b182ff280a962cbbcd99d6eb683 # v1.3.0
with:
pr: ${{ github.event.inputs.pr }}
comment-id: ${{ github.event.inputs.comment-id }}

22
.github/workflows/publish-java-cdk-command.yml vendored
View File

@@ -82,14 +82,14 @@ jobs:
steps:
- name: Link comment to Workflow Run
if: github.event.inputs.comment-id
uses: peter-evans/create-or-update-comment@v1
uses: peter-evans/create-or-update-comment@a35cf36e5301d70b76f316e867e7788a55a31dae # v1.4.5
with:
comment-id: ${{ github.event.inputs.comment-id }}
body: |
> :clock2: https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}
- name: Checkout Airbyte
uses: actions/checkout@v3
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
with:
ref: ${{ env.GITREF }}
@@ -107,20 +107,20 @@ jobs:
echo "CDK_VERSION=${cdk_version}" >> $GITHUB_ENV
- name: Setup Java
uses: actions/setup-java@v3
uses: actions/setup-java@17f84c3641ba7b8f6deff6309fc4c864478f5d62 # v3.14.1
with:
distribution: "zulu"
java-version: "21"
- name: Docker login
# Some tests use testcontainers which pull images from DockerHub.
uses: docker/login-action@v1
uses: docker/login-action@dd4fa0671be5250ee6f50aedf4cb05514abda2c7 # v1.14.1
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_PASSWORD }}
- name: Build Java CDK
uses: burrunan/gradle-cache-action@v1
uses: burrunan/gradle-cache-action@3bf23b8dd95e7d2bacf2470132454fe893a178a1 # v1
env:
CI: true
with:
@@ -133,7 +133,7 @@ jobs:
- name: Check for Existing Version
# we only check existing version if it's a manual trigger and FORCE is set to false
if: ${{ (env.FORCE != 'true') }}
uses: burrunan/gradle-cache-action@v1
uses: burrunan/gradle-cache-action@3bf23b8dd95e7d2bacf2470132454fe893a178a1 # v1
env:
CI: true
with:
@@ -145,7 +145,7 @@ jobs:
- name: Publish Poms and Jars to CloudRepo
if: ${{ env.DRY_RUN == 'false' }}
uses: burrunan/gradle-cache-action@v1
uses: burrunan/gradle-cache-action@3bf23b8dd95e7d2bacf2470132454fe893a178a1 # v1
env:
CI: true
CLOUDREPO_USER: ${{ secrets.CLOUDREPO_USER }}
@@ -160,7 +160,7 @@ jobs:
- name: Add Success Comment
if: github.event.inputs.comment-id && success()
uses: peter-evans/create-or-update-comment@v1
uses: peter-evans/create-or-update-comment@a35cf36e5301d70b76f316e867e7788a55a31dae # v1.4.5
with:
comment-id: ${{ github.event.inputs.comment-id }}
edit-mode: append
@@ -169,7 +169,7 @@ jobs:
- name: Add Failure Comment
if: github.event.inputs.comment-id && failure()
uses: peter-evans/create-or-update-comment@v1
uses: peter-evans/create-or-update-comment@a35cf36e5301d70b76f316e867e7788a55a31dae # v1.4.5
with:
comment-id: ${{ github.event.inputs.comment-id }}
edit-mode: append
@@ -178,7 +178,7 @@ jobs:
- name: "Post failure to Slack channel"
if: ${{ env.DRY_RUN == 'false' && failure() }}
uses: slackapi/slack-github-action@v1.23.0
uses: slackapi/slack-github-action@007b2c3c751a190b6f0f040e47ed024deaa72844 # v1.23.0
continue-on-error: true
with:
channel-id: C07K1P3UL6Q # The `#dev-java-cdk-releases` channel
@@ -207,7 +207,7 @@ jobs:
- name: "Post success to Slack channel"
if: ${{ env.DRY_RUN == 'false' && !failure() }}
uses: slackapi/slack-github-action@v1.23.0
uses: slackapi/slack-github-action@007b2c3c751a190b6f0f040e47ed024deaa72844 # v1.23.0
continue-on-error: true
with:
channel-id: C07K1P3UL6Q # The `#dev-java-cdk-releases` channel

10
.github/workflows/publish_connectors.yml vendored
View File

@@ -113,14 +113,14 @@ jobs:
shell: bash
run: docker buildx create --use --driver=docker-container --name builder --platform linux/amd64,linux/arm64
- uses: actions/setup-java@v4
- uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
with:
distribution: zulu
java-version: 21
cache: gradle
- name: Log in to Docker Hub
uses: docker/login-action@v3
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_PASSWORD }}
@@ -142,7 +142,7 @@ jobs:
version: 1.8.5
- name: Install the latest version of uv
uses: astral-sh/setup-uv@v6
uses: astral-sh/setup-uv@d0cc045d04ccac9d8b7881df0226f9e82c39688e # v6.8.0
- name: Install Poe
run: |
@@ -276,7 +276,7 @@ jobs:
run: poetry install --directory airbyte-ci/connectors/metadata_service/lib
- name: Install the latest version of uv
uses: astral-sh/setup-uv@v6
uses: astral-sh/setup-uv@d0cc045d04ccac9d8b7881df0226f9e82c39688e # v6.8.0
- name: Install Poe
run: |
@@ -358,7 +358,7 @@ jobs:
GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Send publish failures to connector-publish-failures channel
id: slack
uses: slackapi/slack-github-action@v1.26.0
uses: slackapi/slack-github-action@70cd7be8e40a46e8b0eced40b0de447bdb42f68e # v1.26.0
with:
# This data can be any valid JSON from a previous step in the GitHub Action
payload: |

6
.github/workflows/regression_tests.yml vendored
View File

@@ -55,14 +55,14 @@ jobs:
steps:
- name: Install Python
id: install_python
uses: actions/setup-python@v4
uses: actions/setup-python@7f4fc3e22c37d6ff65e88745f38bd3157c663f7c # v4.9.1
with:
python-version: "3.11"
check-latest: true
update-environment: true
- name: Checkout Airbyte
uses: actions/checkout@v4
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
- name: Extract branch name [WORKFLOW DISPATCH]
shell: bash
if: github.event_name == 'workflow_dispatch'
@@ -71,7 +71,7 @@ jobs:
- name: Install Poetry
id: install_poetry
uses: snok/install-poetry@v1
uses: snok/install-poetry@76e04a911780d5b312d89783f7b1cd627778900a # v1.4.1
with:
version: 1.8.5

6
.github/workflows/run-cat-tests-command.yml vendored
View File

@@ -49,7 +49,7 @@ jobs:
# If comment-id is not provided, this will create a new
# comment with the job run link.
id: first-comment-action
uses: peter-evans/create-or-update-comment@v4
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
with:
comment-id: ${{ github.event.inputs.comment-id }}
issue-number: ${{ github.event.inputs.pr }}
@@ -62,7 +62,7 @@ jobs:
>
- name: Checkout Airbyte
uses: actions/checkout@v4
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
with:
repository: ${{ steps.job-vars.outputs.repo }}
ref: ${{ steps.job-vars.outputs.branch }}
@@ -91,7 +91,7 @@ jobs:
subcommand: "connectors --modified test --only-step=acceptance"
- name: Append completion comment
uses: peter-evans/create-or-update-comment@v4
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
if: always()
with:
comment-id: ${{ steps.first-comment-action.outputs.comment-id }}

6
.github/workflows/run-connector-tests-command.yml vendored
View File

@@ -52,7 +52,7 @@ jobs:
steps:
- name: Append start comment
id: post-start-comment
uses: peter-evans/create-or-update-comment@v4
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
with:
comment-id: ${{ inputs.comment-id }}
issue-number: ${{ inputs.pr }}
@@ -95,7 +95,7 @@ jobs:
steps:
- name: Append success comment
if: needs.call-connector-ci-tests.outputs.result == 'success'
uses: peter-evans/create-or-update-comment@v4
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
with:
comment-id: ${{ needs.post-start-comment.outputs.comment-id }}
issue-number: ${{ inputs.pr }}
@@ -104,7 +104,7 @@ jobs:
- name: Append failure comment
if: needs.call-connector-ci-tests.outputs.result != 'success'
uses: peter-evans/create-or-update-comment@v4
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
with:
comment-id: ${{ needs.post-start-comment.outputs.comment-id }}
issue-number: ${{ inputs.pr }}

6
.github/workflows/slash-commands.yml vendored
View File

@@ -17,7 +17,7 @@ jobs:
echo repo="$(echo $pr_info | jq -r '.head.repo.full_name')" >> $GITHUB_OUTPUT
- name: Authenticate as GitHub App
uses: actions/create-github-app-token@v2
uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
id: get-app-token
with:
owner: "airbytehq"
@@ -27,7 +27,7 @@ jobs:
- name: Slash Command Dispatch (Workflow)
id: scd
uses: peter-evans/slash-command-dispatch@v3
uses: peter-evans/slash-command-dispatch@f996d7b7aae9059759ac55e978cff76d91853301 # v3.0.2
with:
token: ${{ steps.get-app-token.outputs.token }}
permission: write
@@ -62,7 +62,7 @@ jobs:
- name: Edit comment with error message
if: steps.scd.outputs.error-message
uses: peter-evans/create-or-update-comment@v1
uses: peter-evans/create-or-update-comment@a35cf36e5301d70b76f316e867e7788a55a31dae # v1.4.5
with:
comment-id: ${{ github.event.comment.id }}
body: |

4
.github/workflows/stale-community-issues.yaml vendored
View File

@@ -10,14 +10,14 @@ jobs:
issues: write
steps:
- name: Authenticate as GitHub App
uses: actions/create-github-app-token@v2
uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
id: get-app-token
with:
owner: "airbytehq"
repositories: "airbyte"
app-id: ${{ secrets.OCTAVIA_BOT_APP_ID }}
private-key: ${{ secrets.OCTAVIA_BOT_PRIVATE_KEY }}
- uses: actions/stale@v5
- uses: actions/stale@f7176fd3007623b69d27091f9b9d4ab7995f0a06 # v5.2.1
with:
any-of-labels: "community"
exempt-issue-labels: "frozen"

4
.github/workflows/stale-routed-issues.yaml vendored
View File

@@ -11,14 +11,14 @@ jobs:
pull-requests: write
steps:
- name: Authenticate as GitHub App
uses: actions/create-github-app-token@v2
uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
id: get-app-token
with:
owner: "airbytehq"
repositories: "airbyte"
app-id: ${{ secrets.OCTAVIA_BOT_APP_ID }}
private-key: ${{ secrets.OCTAVIA_BOT_PRIVATE_KEY }}
- uses: actions/stale@v5
- uses: actions/stale@f7176fd3007623b69d27091f9b9d4ab7995f0a06 # v5.2.1
with:
any-of-labels: "frozen"
days-before-issue-stale: 365

26
.github/workflows/test-performance-command.yml vendored
View File

@@ -39,7 +39,7 @@ jobs:
ec2-instance-id: ${{ steps.start-ec2-runner.outputs.ec2-instance-id }}
steps:
- name: Checkout Airbyte
uses: actions/checkout@v3
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
with:
repository: ${{ github.event.inputs.repo }}
ref: ${{ github.event.inputs.gitref }}
@@ -64,7 +64,7 @@ jobs:
steps:
- name: Search for valid connector name format
id: regex
uses: AsasInnab/regex-action@v1
uses: AsasInnab/regex-action@93439ac11aa6a032a673c8711231d8cef044daaa # v1
with:
regex_pattern: "^((connectors|bases)/)?[a-zA-Z0-9-_]+$"
regex_flags: "i" # required to be set for this plugin
@@ -74,23 +74,23 @@ jobs:
run: echo "The connector provided has an invalid format!" && exit 1
- name: Link comment to workflow run
if: github.event.inputs.comment-id
uses: peter-evans/create-or-update-comment@v1
uses: peter-evans/create-or-update-comment@a35cf36e5301d70b76f316e867e7788a55a31dae # v1.4.5
with:
comment-id: ${{ github.event.inputs.comment-id }}
body: |
> :clock2: ${{github.event.inputs.connector}} https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}
- name: Checkout Airbyte
uses: actions/checkout@v3
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
with:
repository: ${{ github.event.inputs.repo }}
ref: ${{ github.event.inputs.gitref }}
- name: Install Java
uses: actions/setup-java@v3
uses: actions/setup-java@17f84c3641ba7b8f6deff6309fc4c864478f5d62 # v3.14.1
with:
distribution: "zulu"
java-version: "21"
- name: Install Python
uses: actions/setup-python@v4
uses: actions/setup-python@7f4fc3e22c37d6ff65e88745f38bd3157c663f7c # v4.9.1
with:
python-version: "3.11"
check-latest: true
@@ -133,7 +133,7 @@ jobs:
GCP_GSM_CREDENTIALS: ${{ secrets.GCP_GSM_CREDENTIALS }}
- name: Archive test reports artifacts
if: github.event.inputs.comment-id && failure()
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: test-reports
path: |
@@ -147,7 +147,7 @@ jobs:
- name: Test coverage reports artifacts
if: github.event.inputs.comment-id && success()
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: test-reports
path: |
@@ -155,7 +155,7 @@ jobs:
retention-days: 3
- name: Add Success Comment
if: github.event.inputs.comment-id && success()
uses: peter-evans/create-or-update-comment@v1
uses: peter-evans/create-or-update-comment@a35cf36e5301d70b76f316e867e7788a55a31dae # v1.4.5
with:
comment-id: ${{ github.event.inputs.comment-id }}
body: |
@@ -163,7 +163,7 @@ jobs:
${{env.PYTHON_UNITTEST_COVERAGE_REPORT}}
- name: Add Failure Comment
if: github.event.inputs.comment-id && failure()
uses: peter-evans/create-or-update-comment@v1
uses: peter-evans/create-or-update-comment@a35cf36e5301d70b76f316e867e7788a55a31dae # v1.4.5
with:
comment-id: ${{ github.event.inputs.comment-id }}
body: |
@@ -180,20 +180,20 @@ jobs:
if: ${{ always() }} # required to stop the runner even if the error happened in the previous jobs
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
uses: aws-actions/configure-aws-credentials@67fbcbb121271f7775d2e7715933280b06314838 # v1.7.0
with:
aws-access-key-id: ${{ secrets.SELF_RUNNER_AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.SELF_RUNNER_AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-2
- name: Checkout Airbyte
uses: actions/checkout@v3
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: Check PAT rate limits
run: |
./tools/bin/find_non_rate_limited_PAT \
${{ secrets.GH_PAT_BUILD_RUNNER_OSS }} \
${{ secrets.GH_PAT_BUILD_RUNNER_BACKUP }}
- name: Stop EC2 runner
uses: supertopher/ec2-github-runner@base64v1.0.10
uses: supertopher/ec2-github-runner@0a62b16b7a86a45725a1755884f8cee7a5068ad8 # base64v1.0.10
with:
mode: stop
github-token: ${{ env.PAT }}

16
.github/workflows/update-connector-cdk-version-command.yml vendored
View File

@@ -36,7 +36,7 @@ jobs:
- name: Append comment with job run link
id: first-comment-action
uses: peter-evans/create-or-update-comment@v4
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
with:
comment-id: ${{ github.event.inputs.comment-id }}
issue-number: ${{ github.event.inputs.pr }}
@@ -44,7 +44,7 @@ jobs:
> Update CDK version job started for `${{ github.event.inputs.connector }}`. Check the [job logs](${{ steps.resolve-job-vars.outputs.run-url }}) for details.
- name: Checkout Airbyte
uses: actions/checkout@v4
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
with:
submodules: true # Needed for airbyte-enterprise connectors (no-op otherwise)
@@ -71,13 +71,13 @@ jobs:
fi
- name: Setup Java
uses: actions/setup-java@v4
uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
with:
distribution: "zulu"
java-version: "21"
- name: Setup Gradle
uses: gradle/actions/setup-gradle@v4
uses: gradle/actions/setup-gradle@748248ddd2a24f49513d8f472f81c3a07d4d50e1 # v4.4.4
- name: Run CDK upgrade
run: ./gradlew ":airbyte-integrations:connectors:${{ github.event.inputs.connector }}:upgradeCdk"
@@ -98,7 +98,7 @@ jobs:
git push
- name: Append success comment
uses: peter-evans/create-or-update-comment@v4
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
if: steps.git-diff.outputs.changes == 'true'
with:
comment-id: ${{ steps.first-comment-action.outputs.comment-id }}
@@ -107,7 +107,7 @@ jobs:
> ✅ Successfully updated CDK version for `${{ github.event.inputs.connector }}`.
- name: Append success comment (no-op)
uses: peter-evans/create-or-update-comment@v4
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
if: steps.git-diff.outputs.changes != 'true'
with:
comment-id: ${{ steps.first-comment-action.outputs.comment-id }}
@@ -116,7 +116,7 @@ jobs:
> ✅ CDK version for `${{ github.event.inputs.connector }}` was already up to date (no changes made).
- name: Append validation failure comment
uses: peter-evans/create-or-update-comment@v4
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
if: failure() && steps.validate-connector.outputs.error
with:
comment-id: ${{ steps.first-comment-action.outputs.comment-id }}
@@ -125,7 +125,7 @@ jobs:
> 🔴 **Validation Error**: ${{ steps.validate-connector.outputs.error }}
- name: Append failure comment
uses: peter-evans/create-or-update-comment@v4
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
if: failure() && !steps.validate-connector.outputs.error
with:
comment-id: ${{ steps.first-comment-action.outputs.comment-id }}

8
.github/workflows/upload-metadata-files.yml vendored
View File

@@ -9,15 +9,15 @@ jobs:
runs-on: ubuntu-24.04
steps:
- name: Checkout Airbyte Cloud
uses: actions/checkout@v2
uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@v44
uses: tj-actions/changed-files@2d756ea4c53f7f6b397767d8723b3a10a9f35bf2 # v44.0.0
with:
files: "airbyte-integrations/connectors/**/metadata.yaml"
- name: Setup Python 3.10
if: steps.changed-files.outputs.any_changed == 'true'
uses: actions/setup-python@v4
uses: actions/setup-python@7f4fc3e22c37d6ff65e88745f38bd3157c663f7c # v4.9.1
with:
python-version: "3.11"
check-latest: true
@@ -37,7 +37,7 @@ jobs:
done
- name: Slack Notification - Failure
if: failure()
uses: rtCamp/action-slack-notify@master
uses: rtCamp/action-slack-notify@07cbdbfd6c6190970778d8f98f11d073b2932aae # master
env:
SLACK_WEBHOOK: ${{ secrets.PUBLISH_ON_MERGE_SLACK_WEBHOOK }}
SLACK_USERNAME: Metadata Service

6
.github/workflows/welcome-message.yml vendored
View File

@@ -28,11 +28,11 @@ jobs:
runs-on: ubuntu-24.04
steps:
- name: Checkout repository
uses: actions/checkout@v4
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
- name: Render template
id: template
uses: chuhlomin/render-template@v1.4
uses: chuhlomin/render-template@f828bb5c72a3e3af89cb79808cea490166c6f1ce # v1.4
with:
# Use a different template for internal vs forks (community)
template: ${{ github.event.pull_request.head.repo.fork == true && '.github/pr-welcome-community.md' || '.github/pr-welcome-internal.md' }}
@@ -40,7 +40,7 @@ jobs:
repo_name: ${{ github.event.pull_request.head.repo.full_name }}
- name: Create comment
uses: peter-evans/create-or-update-comment@v4
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
with:
issue-number: ${{ github.event.pull_request.number }}
body: ${{ steps.template.outputs.result }}