kafka

1
# Licensed to the Apache Software Foundation (ASF) under one or more
2
# contributor license agreements.  See the NOTICE file distributed with
3
# this work for additional information regarding copyright ownership.
4
# The ASF licenses this file to You under the Apache License, Version 2.0
5
# (the "License"); you may not use this file except in compliance with
6
# the License.  You may obtain a copy of the License at
7
#
8
#    http://www.apache.org/licenses/LICENSE-2.0
9
#
10
# Unless required by applicable law or agreed to in writing, software
11
# distributed under the License is distributed on an "AS IS" BASIS,
12
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
# See the License for the specific language governing permissions and
14
# limitations under the License.
15

16
name: Docker Official Image Build Test
17

18
on:
19
  workflow_dispatch:
20
    inputs:
21
      image_type:
22
        type: choice
23
        description: Docker image type to build and test
24
        options: 
25
          - "jvm"
26
      kafka_version:
27
        description: Kafka version for the docker official image. This should be >=3.7.0
28
        required: true
29

30
jobs:
31
  build:
32
    runs-on: ubuntu-latest
33
    steps:
34
    - uses: actions/checkout@v4
35
    - name: Set up Python 3.10
36
      uses: actions/setup-python@v5
37
      with:
38
        python-version: "3.10"
39
    - name: Install dependencies
40
      run: |
41
        python -m pip install --upgrade pip
42
        pip install -r docker/requirements.txt
43
    - name: Build image and run tests
44
      working-directory: ./docker
45
      env:
46
        IMAGE_TYPE: ${{ github.event.inputs.image_type }}
47
        KAFKA_VERSION: ${{ github.event.inputs.kafka_version }}
48
      run: |
49
        python docker_official_image_build_test.py kafka/test -tag=test -type=$IMAGE_TYPE -v=$KAFKA_VERSION
50
    - name: Run CVE scan
51
      uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # v0.24.0
52
      with:
53
        image-ref: 'kafka/test:test'
54
        format: 'table'
55
        severity: 'CRITICAL,HIGH'
56
        output: scan_report_${{ github.event.inputs.image_type }}.txt
57
        exit-code: '1'
58
    - name: Upload test report
59
      if: always()
60
      uses: actions/upload-artifact@v4
61
      with:
62
        name: report_${{ github.event.inputs.image_type }}.html
63
        path: docker/test/report_${{ github.event.inputs.image_type }}.html
64
    - name: Upload CVE scan report
65
      if: always()
66
      uses: actions/upload-artifact@v4
67
      with:
68
        name: scan_report_${{ github.event.inputs.image_type }}.txt
69
        path: scan_report_${{ github.event.inputs.image_type }}.txt
70