initial commit

Author: gregkaczan

.github/workflows/linter.yml

@@ -0,0 +1,57 @@
+---
+#################################
+#################################
+## Super Linter GitHub Actions ##
+#################################
+#################################
+name: Lint Code Base
+
+#
+# Documentation:
+# https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions
+#
+
+on: push
+
+###############
+# Set the Job #
+###############
+jobs:
+  build:
+    # Name the Job
+    name: Lint Code Base
+    # Set the agent to run on
+    runs-on: ubuntu-latest
+
+    ############################################
+    # Grant status permission for MULTI_STATUS #
+    ############################################
+    permissions:
+      contents: read
+      packages: read
+      statuses: write
+
+    ##################
+    # Load all steps #
+    ##################
+    steps:
+      ##########################
+      # Checkout the code base #
+      ##########################
+      - name: Checkout Code
+        uses: actions/checkout@v3
+        with:
+          # Full git history is needed to get a proper
+          # list of changed files within `super-linter`
+          fetch-depth: 0
+
+      ################################
+      # Run Linter against code base #
+      ################################
+      - name: Lint Code Base
+        uses: super-linter/super-linter/slim@v5
+        env:
+          VALIDATE_ALL_CODEBASE: false
+          DEFAULT_BRANCH: main
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          FILTER_REGEX_EXCLUDE: testing/.*

.github/workflows/tests.yaml

@@ -0,0 +1,54 @@
+# Running scans using latest library and the gh action on testing config and checks files.
+
+on: 
+  push:
+    branches:
+      - main
+  pull_request:
+  workflow_dispatch:
+
+jobs:
+  soda_scan_test:
+    runs-on: ubuntu-latest
+    name: Test ${{ matrix.name }}
+    env:
+      CLOUD_API_KEY_ID: ${{ secrets.CLOUD_API_KEY_ID }}
+      CLOUD_API_KEY_SECRET: ${{ secrets.CLOUD_API_KEY_SECRET }}
+      SNOWFLAKE_USER: ${{ secrets.SNOWFLAKE_USER }}
+      SNOWFLAKE_PASS: ${{ secrets.SNOWFLAKE_PASS }}
+    strategy:
+      matrix:
+        include:
+          - name: passing scan
+            data_source: reporting_api__marts
+            checks: ./testing/checks_p*.yaml
+            expected_exit_code: 0
+          - name: failing scan on check
+            data_source: reporting_api__marts
+            checks: ./testing/checks_fail_on_check.yaml
+            expected_exit_code: 2
+          - name: failing scan on error
+            data_source: MISSING_DS
+            checks: ./testing/checks_pass.yaml
+            expected_exit_code: 1
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Perform Soda Scan
+        id: soda_scan
+        continue-on-error: true
+        uses: ./
+        with:
+          # should be latest, but it is not published yet
+          soda_library_version: v1.0.4
+          configuration: ./testing/configuration.yaml
+          data_source: ${{ matrix.data_source }}
+          checks: ${{ matrix.checks }}
+      - name: Assert scan exit code
+        run: |
+          if [ "${{ env.SCAN_EXIT_CODE }}" == "${{ matrix.expected_exit_code }}" ]; then
+            echo "The Scan exited as expected."
+          else
+            echo "The Scan did not exit as expected."
+            exit 1
+          fi

.gitignore

@@ -0,0 +1,5 @@
+soda_scan_results.json
+soda_scan_results_raw.json
+*.DS_store
+.env_file
+testing/configuration_local.yaml

Dockerfile

@@ -0,0 +1,10 @@
+# This should be sodadata/soda-library:xxx
+# The version should be fixed and aligned with the version of this action.
+ARG SODA_LIBRARY_VERSION=latest
+FROM sodadata/soda-library:$SODA_LIBRARY_VERSION
+
+COPY entrypoint.sh /entrypoint.sh
+
+RUN chmod +x /entrypoint.sh
+
+ENTRYPOINT ["/entrypoint.sh"]

README.md

@@ -0,0 +1,46 @@
+# soda-github-action
+[![GitHub Super-Linter](https://github.com/sodadata/soda-github-action/actions/workflows/linter.yml/badge.svg)](https://github.com/marketplace/actions/super-linter)
+[![.github/workflows/tests.yaml](https://github.com/sodadata/soda-github-action/actions/workflows/tests.yaml/badge.svg)](https://github.com/sodadata/soda-github-action/actions/workflows/tests.yaml)
+
+## Example usage
+
+```yaml
+- name: Soda scan
+  uses: sodadata/soda-github-action@v1
+  env:
+    SODA_CLOUD_API_KEY: ${{ secrets.SODA_CLOUD_API_KEY }}
+    SODA_CLOUD_API_SECRET: ${{ secrets.SODA_CLOUD_API_SECRET }}
+    SNOWFLAKE_USERNAME: ${{ secrets.SNOWFLAKE_USERNAME }}
+    SNOWFLAKE_PASSWORD: ${{ secrets.SNOWFLAKE_PASSWORD }}
+  with:
+    soda_library_version: v1.0.4
+    data_source: snowflake
+    configuration: ./configuration.yaml
+    checks: ./checks.yaml
+```
+Also refer to [testing files](https://github.com/sodadata/soda-github-action/tree/main/testing) and the [test workflow](https://github.com/sodadata/soda-github-action/blob/main/.github/workflows/tests.yaml) for complete example of usage.
+
+
+### Action inputs
+| Name | Description | Required | Default |
+| --- | --- | --- | --- |
+| `soda_library_version` | Version of the Soda Library used to run the scan. Either specific version like `v1.0.4` or `latest`. See [soda-library](https://hub.docker.com/r/sodadata/soda-library/tags) docker images for possible versions. Versions lower than 1.0.4 are not supported. | ✅ | - |
+| `data_source` | Data Source name to be used for the scan | ✅ | - |
+| `configuration` | Configuration file path. See [docs](https://docs.soda.io/soda-core/configuration.html) | ✅ | - |
+| `checks` | Checks file path. See [docs](https://docs.soda.io/soda-core/scan-core.html#anatomy-of-a-scan-command). Allows for using shell filename extensions. You can match multiple check files, for example: `checks: ./checks_*.yaml` or `checks: ./{check1.yaml,check2.yaml}` | ✅ | - |
+
+
+### Permissions
+When using the action in `pull_request` event, it is required to specify step's permissions as follows:
+```yaml
+permissions: 
+   pull-requests: write 
+```
+as the action posts a comment with the scan results to the PR.
+Note the comment is only created for workflows run by `pull_request` event.
+
+### Self-hosted runners caveats
+When running this action on self-hosted runners, there are some additional caveats:
+
+- Windows runners are not supported. This also means using official Windows-based images like `windows-latest` is not allowed.
+- Mac runners require Docker to be installed additionally. In other words, `macos-latest` does not come with Docker pre-installed.

action.yaml

@@ -0,0 +1,186 @@
+---
+name: 'Soda Library Github Action'
+description: 'GitHub action to run soda-library scan'
+branding:
+  icon: 'circle'
+  color: 'green'
+inputs:
+  soda_library_version:
+    description: 'Version of the Soda Library to run the scan on'
+    required: true
+
+  data_source:
+    description: 'Data Source name'
+    required: true
+
+  configuration:
+    description: 'Configuration file'
+    required: true
+
+  checks:
+    description: 'Checks file'
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    # 0. Check if required inputs are set
+    - name: Check required inputs 
+      run: |
+        [[ "${{ inputs.soda_library_version }}" ]] || { echo -e "\033[31;1;4m[Soda Library Github Action] Input: 'soda_library_version' is required\033[0m" ; exit 1; }
+        [[ "${{ inputs.data_source }}" ]] || { echo -e "\033[31;1;4m[Soda Library Github Action] Input: 'data_source' is required\033[0m" ; exit 1; }
+        [[ "${{ inputs.configuration }}" ]] || { echo -e "\033[31;1;4m[Soda Library Github Action] Input: 'configuration' is required\033[0m" ; exit 1; }
+        [[ "${{ inputs.checks }}" ]] || { echo -e "\033[31;1;4m[Soda Library Github Action] Input: 'checks' is required\033[0m" ; exit 1; }
+      shell: bash
+
+    # 1. Build docker image with a specific soda-library version for the base image
+    - name: Build the Docker image
+      run: |
+        docker build \
+        ${GITHUB_ACTION_PATH} \
+        --file ${GITHUB_ACTION_PATH}/Dockerfile \
+        -t soda_action_${{ github.sha }} \
+        --build-arg="SODA_LIBRARY_VERSION=${{ inputs.soda_library_version }}"
+      shell: bash
+
+    # 2. Need to expand the environment variables to pass to the docker run command
+    # as these variables can be configured in the workflow file and contain secrets etc.
+    - name: Expand environment variables
+      id: expand_envs
+      env:
+          BRANCH_NAME: ${{ github.event.pull_request.head.ref }}
+          PR_TITLE: ${{ github.event.pull_request.title }}
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          PR_NUMBER: ${{ github.event.pull_request.number }}
+      run: |
+        env > .env_file
+      shell: bash
+
+    # 3. Run built image to trigger the actual scan
+    - name: Run your Docker Action
+      id: soda_scan
+      run: |
+        docker run \
+        --workdir ${GITHUB_ACTION_PATH} \
+        --env-file .env_file \
+        -e "HOME" \
+        -e "GITHUB_JOB" \
+        -e "GITHUB_REF" \
+        -e "GITHUB_SHA" \
+        -e "GITHUB_REPOSITORY" \
+        -e "GITHUB_REPOSITORY_OWNER" \
+        -e "GITHUB_REPOSITORY_OWNER_ID" \
+        -e "GITHUB_RUN_ID" \
+        -e "GITHUB_RUN_NUMBER" \
+        -e "GITHUB_RETENTION_DAYS" \
+        -e "GITHUB_RUN_ATTEMPT" \
+        -e "GITHUB_REPOSITORY_ID" \
+        -e "GITHUB_ACTOR_ID" \
+        -e "GITHUB_ACTOR" \
+        -e "GITHUB_TRIGGERING_ACTOR" \
+        -e "GITHUB_HEAD_REF" \
+        -e "GITHUB_BASE_REF" \
+        -e "GITHUB_EVENT_NAME" \
+        -e "GITHUB_SERVER_URL" \
+        -e "GITHUB_API_URL" \
+        -e "GITHUB_GRAPHQL_URL" \
+        -e "GITHUB_REF_NAME" \
+        -e "GITHUB_REF_PROTECTED" \
+        -e "GITHUB_REF_TYPE" \
+        -e "GITHUB_WORKFLOW_REF" \
+        -e "GITHUB_WORKFLOW_SHA" \
+        -e "GITHUB_WORKSPACE" \
+        -e "GITHUB_ACTION" \
+        -e "GITHUB_EVENT_PATH" \
+        -e "GITHUB_ACTION_REPOSITORY" \
+        -e "GITHUB_ACTION_REF" \
+        -e "GITHUB_PATH" \
+        -e "GITHUB_ENV" \
+        -e "GITHUB_STEP_SUMMARY" \
+        -e "GITHUB_STATE" \
+        -e "GITHUB_OUTPUT" \
+        -e "GITHUB_ACTION_PATH" \
+        -e "RUNNER_OS" \
+        -e "RUNNER_ARCH" \
+        -e "RUNNER_NAME" \
+        -e "RUNNER_TOOL_CACHE" \
+        -e "RUNNER_TEMP" \
+        -e "RUNNER_WORKSPACE" \
+        -e "ACTIONS_RUNTIME_URL" \
+        -e "ACTIONS_RUNTIME_TOKEN" \
+        -e "ACTIONS_CACHE_URL" \
+        -e GITHUB_ACTIONS=true \
+        -e CI=true \
+        --rm  \
+        -v ${{ github.env}}:${{ github.env}} \
+        -v ${GITHUB_ACTION_PATH}:/tmp/action_path \
+        -v ${{ github.workspace }}:/tmp/workspace \
+        soda_action_${{ github.sha }} \
+        ${{ inputs.data_source }} \
+        "${{ inputs.configuration }}" \
+        "${{ inputs.checks }}" || true
+      shell: bash
+
+    - name: Scan results link
+      if: env.SCAN_EXIT_CODE == 0 || env.SCAN_EXIT_CODE == 2
+      run: |
+        echo -e "\033[36;1m-----------------------------\033[0m"
+        echo -e "\033[36;1m View the full scan results -> \033[0m ${{ env.SCAN_CLOUD_LINK }}"
+        echo -e "\033[36;1m-----------------------------\033[0m"
+      shell: bash
+
+    # 4. The soda-library scan results are converted to a markdown table
+    # Using newest hash from 1.0.0 version.
+    - uses: buildingcash/json-to-markdown-table-action@ce128b72e0c93612c8f02b85e0672bcb16fd9bf9
+      id: table
+      if: ${{ env.SCAN_RESULTS }}
+      with:
+        json: ${{ env.SCAN_RESULTS }}
+
+    # 5. Create the PR comment
+    # Using newest hash from 2.4.0 version.
+    - name: Comment PR on success
+      uses: thollander/actions-comment-pull-request@8c77f42bbcc27c832a3a5962c8f9a60e34b594f3
+      continue-on-error: true
+      if: env.SCAN_EXIT_CODE == 0
+      with:
+        message: |
+          🟢 Soda scan completed successfully with the following results:
+
+          ${{ steps.table.outputs.table }}
+
+          [View the full scan results](${{ env.SCAN_CLOUD_LINK }})
+
+    - name: Comment PR on failure with results
+      uses: thollander/actions-comment-pull-request@8c77f42bbcc27c832a3a5962c8f9a60e34b594f3
+      continue-on-error: true
+      if: env.SCAN_EXIT_CODE == 2
+      with:
+        message: |
+          🔴 Soda scan completed with the following results:
+
+          ${{ steps.table.outputs.table }}
+
+          [View the full scan results](${{ env.SCAN_CLOUD_LINK }})
+
+    - name: Comment PR on fatal failure
+      uses: thollander/actions-comment-pull-request@8c77f42bbcc27c832a3a5962c8f9a60e34b594f3
+      continue-on-error: true
+      if: env.SCAN_EXIT_CODE == 1 || env.SCAN_EXIT_CODE == 3
+      with:
+        message: |
+          🔴 Soda scan failed. Check logs for more details.
+
+
+    # 6. Post additional message to make it clear scan failed or not
+    - name: Fail Job if Soda Scan Failed
+      shell: bash
+      if: env.SCAN_EXIT_CODE != 0
+      run: |
+        echo -e "\033[31;1;4mSoda Scan failed\033[0m" && exit ${{ env.SCAN_EXIT_CODE }}
+
+    - name: Fail Job if Soda Scan Succeeded
+      shell: bash
+      if: env.SCAN_EXIT_CODE == 0
+      run: |
+        echo -e "\33[32;1;4mSoda Scan succeeded\033[0m"

entrypoint.sh

@@ -0,0 +1,24 @@
+#!/bin/sh
+
+python3 /tmp/action_path/scripts/create_ci_info_json.py
+
+# shellcheck disable=SC2086
+soda scan \
+  -d "$1" \
+  -c /tmp/workspace/$2 \
+  /tmp/workspace/$3 \
+  -srf soda_scan_results_raw.json \
+  --scan-type cicd \
+  -cif soda_scan_ci_info.json
+
+exit_status=$?
+
+scan_cloud_link=$(python3 /tmp/action_path/scripts/reformat_json.py soda_scan_results_raw.json)
+
+{
+  echo "SCAN_RESULTS=$(cat soda_scan_results.json)"
+  echo "SCAN_EXIT_CODE=$exit_status"
+  echo "SCAN_CLOUD_LINK=$scan_cloud_link"
+} >> "$GITHUB_ENV"
+
+exit $exit_status