ci: migrating to GitHub actions (#54)

* migrating to GHA

* removes CCI

* pulls submodule as well

* addressed Aaron's comments

Author: JBAhire

.circleci/config.yml

@@ -2,3 +2,6 @@
 
 # global
 * @hypertrace/graphql
+
+# GH action
+.github/ @aaron-steinfeld @jbahire @kotharironak @buchi-busireddy

.github/CODEOWNERS

@@ -0,0 +1,43 @@
+name: merge-publish
+on:
+  push:
+    branches:
+      - main
+  workflow_dispatch:
+
+jobs:
+  merge-publish:
+    runs-on: ubuntu-20.04
+    steps:
+       # Set fetch-depth: 0 to fetch commit history and tags for use in version calculation
+      - name: Check out code
+        uses: actions/[email protected]
+        with:
+          fetch-depth: 0
+          submodules: recursive
+      
+      - name: create checksum file
+        uses: hypertrace/actions/checksum@main
+
+      - name: Cache packages
+        uses: actions/cache@v2
+        with:
+          path: ~/.gradle
+          key: gradle-packages-${{ runner.os }}-${{ github.job }}-${{ hashFiles('**/checksum.txt') }}
+          restore-keys: |
+            gradle-packages-${{ runner.os }}-${{ github.job }}
+            gradle-packages-${{ runner.os }}
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKERHUB_READ_USER }}
+          password: ${{ secrets.DOCKERHUB_READ_TOKEN }}
+
+      - name: push docker image
+        uses: hypertrace/github-actions/gradle@main
+        with: 
+          args: dockerPushImages
+        env:
+          DOCKER_USERNAME: ${{ secrets.DOCKERHUB_PUBLISH_USER }}
+          DOCKER_PASSWORD: ${{ secrets.DOCKERHUB_PUBLISH_TOKEN }}

.github/workflows/merge-publish.yml

@@ -0,0 +1,78 @@
+name: build and validate
+on:
+  push:
+    branches:
+      - main
+  pull_request_target:
+    branches: 
+      - main
+
+jobs:
+  build:
+    runs-on: ubuntu-20.04
+    steps:
+       # Set fetch-depth: 0 to fetch commit history and tags for use in version calculation
+      - name: Check out code
+        uses: actions/[email protected]
+        with:
+          ref: ${{github.event.pull_request.head.ref}}
+          repository: ${{github.event.pull_request.head.repo.full_name}}
+          fetch-depth: 0
+          submodules: recursive
+      
+      - name: create checksum file
+        uses: hypertrace/github-actions/checksum@main
+
+      - name: Cache packages
+        uses: actions/cache@v2
+        with:
+          path: ~/.gradle
+          key: gradle-packages-${{ runner.os }}-${{ github.job }}-${{ hashFiles('**/checksum.txt') }}
+          restore-keys: |
+            gradle-packages-${{ runner.os }}-${{ github.job }}
+            gradle-packages-${{ runner.os }}
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKERHUB_READ_USER }}
+          password: ${{ secrets.DOCKERHUB_READ_TOKEN }}
+      
+      - name: Build with Gradle
+        uses: hypertrace/github-actions/gradle@main
+        with: 
+          args: build dockerBuildImages
+
+  validate-helm-charts:
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Check out code
+        uses: actions/[email protected]
+        with:
+          ref: ${{github.event.pull_request.head.ref}}
+          repository: ${{github.event.pull_request.head.repo.full_name}}
+          fetch-depth: 0
+          submodules: recursive
+
+      - name: validate charts
+        uses: hypertrace/github-actions/validate-charts@main
+
+  snyk-scan:
+    runs-on: ubuntu-20.04
+    steps:
+    # Set fetch-depth: 0 to fetch commit history and tags for use in version calculation
+      - name: Check out code
+        uses: actions/[email protected]
+        with:
+          ref: ${{github.event.pull_request.head.ref}}
+          repository: ${{github.event.pull_request.head.repo.full_name}}
+          fetch-depth: 0
+          submodules: recursive
+          
+      - name: Setup snyk
+        uses: snyk/actions/[email protected]
+      - name: Snyk test
+        run: snyk test --all-sub-projects --org=hypertrace --severity-threshold=low --policy-path=.snyk --configuration-matching='^runtimeClasspath$'
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+          GRADLE_OPTS: -Dorg.gradle.workers.max=1 # Snyk doesn't handle parallelism