From 09a2ffed194209352c0b1c60704a46a3f30fbc66 Mon Sep 17 00:00:00 2001 From: konrad Date: Fri, 4 Oct 2024 11:47:07 +0200 Subject: [PATCH] Auto generated from templates by gromit (#418) Co-authored-by: Gromit --- .github/workflows/release.yml | 108 +++++++++++++++++++++++----------- ci/goreleaser/goreleaser.yml | 1 + 2 files changed, 76 insertions(+), 33 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 02d167c6..72a72fc0 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,3 +1,5 @@ +# yamllint disable rule:line-length rule:truthy +name: Release # Generated by: gromit policy # Distribution channels covered by this workflow @@ -6,8 +8,9 @@ # - docker hub # - devenv ECR # - Cloudsmith - -name: Release +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: ${{ github.event_name == 'pull_request' }} on: # Trigger release every monday at midnight for master CI images schedule: @@ -21,8 +24,14 @@ on: - 'v*' env: GOPRIVATE: github.com/TykTechnologies + VARIATION: inverted + DOCKER_BUILD_SUMMARY: false + DOCKER_BUILD_RECORD_UPLOAD: false + # startsWith covers pull_request_target too + BASE_REF: ${{startsWith(github.event_name, 'pull_request') && github.base_ref || github.ref_name}} jobs: goreleaser: + if: github.event.pull_request.draft == false name: '${{ matrix.golang_cross }}' runs-on: ubuntu-latest-m permissions: @@ -138,7 +147,7 @@ jobs: type=semver,pattern={{version}},prefix=v - name: push image to CI if: ${{ matrix.golang_cross == '1.21-bookworm' }} - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v6 with: context: "dist" platforms: linux/amd64,linux/arm64 @@ -161,13 +170,12 @@ jobs: latest=false prefix=v tags: | - type=semver,pattern={{major}} type=semver,pattern={{major}}.{{minor}} type=semver,pattern={{version}} labels: "org.opencontainers.image.title=tyk-identity-broker (distroless) \norg.opencontainers.image.description=Tyk Authentication Proxy for third-party login\norg.opencontainers.image.vendor=tyk.io\norg.opencontainers.image.version=${{ github.ref_name }}\n" - - name: build multiarch image + - name: push image to prod if: ${{ matrix.golang_cross == '1.21-bookworm' }} - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v6 with: context: "dist" platforms: linux/amd64,linux/arm64 @@ -179,7 +187,8 @@ jobs: push: ${{ startsWith(github.ref, 'refs/tags') }} tags: ${{ steps.tag_metadata.outputs.tags }} labels: ${{ steps.tag_metadata.outputs.labels }} - - uses: actions/upload-artifact@v4 + - name: save deb + uses: actions/upload-artifact@v4 if: ${{ matrix.golang_cross == '1.21-bookworm' }} with: name: deb @@ -187,7 +196,9 @@ jobs: path: | dist/*.deb !dist/*PAYG*.deb - - uses: actions/upload-artifact@v4 + !dist/*fips*.deb + - name: save rpm + uses: actions/upload-artifact@v4 if: ${{ matrix.golang_cross == '1.21-bookworm' }} with: name: rpm @@ -195,29 +206,47 @@ jobs: path: | dist/*.rpm !dist/*PAYG*.rpm + !dist/*fips*.rpm + test-controller-distros: + if: github.event.pull_request.draft == false + needs: + - goreleaser + runs-on: ubuntu-latest + outputs: + deb: ${{ steps.params.outputs.deb }} + rpm: ${{ steps.params.outputs.rpm }} + steps: + - name: set params + id: params + shell: bash + env: + # startsWith covers pull_request_target too + BASE_REF: ${{startsWith(github.event_name, 'pull_request') && github.base_ref || github.ref_name}} + run: | + set -eo pipefail + curl -s --retry 5 --retry-delay 10 --fail-with-body "http://tui.internal.dev.tyk.technology/v2/$VARIATION/tyk-identity-broker/$BASE_REF/${{ github.event_name}}/api/Distros.gho" | tee -a "$GITHUB_OUTPUT" + if ! [[ $VARIATION =~ prod ]];then + echo "::warning file=.github/workflows/release.yml,line=24,col=1,endColumn=8::Using test variation" + fi upgrade-deb: services: httpbin.org: image: kennethreitz/httpbin runs-on: ubuntu-latest - needs: goreleaser + needs: + - test-controller-distros strategy: - fail-fast: false + fail-fast: true matrix: arch: - amd64 - arm64 - distro: - - ubuntu:xenial - - ubuntu:bionic - - ubuntu:focal - - ubuntu:jammy - - debian:bullseye - - debian:bookworm + distro: ${{ fromJson(needs.test-controller-distros.outputs.deb) }} steps: - uses: actions/checkout@v4 with: fetch-depth: 1 + sparse-checkout: ci - uses: actions/download-artifact@v4 with: name: deb @@ -230,53 +259,66 @@ jobs: COPY tyk-identity-broker*_${TARGETARCH}.deb /tyk-identity-broker.deb RUN apt-get update && apt-get install -y curl RUN curl -fsSL https://packagecloud.io/install/repositories/tyk/tyk-identity-broker/script.deb.sh | bash && apt-get install -y tyk-identity-broker=1.1.0 - RUN dpkg -i tyk-identity-broker.deb - ' > Dockerfile + RUN dpkg -i /tyk-identity-broker.deb + + ' | tee Dockerfile - name: install on ${{ matrix.distro }} - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v6 with: context: "." platforms: linux/${{ matrix.arch }} + build-args: | + RHELARCH=${{ startsWith(matrix.arch, 'arm64') && 'aarch64' || 'x86_64' }} + cache-from: type=gha + cache-to: type=gha,mode=max file: Dockerfile push: false upgrade-rpm: services: httpbin.org: image: kennethreitz/httpbin - needs: goreleaser runs-on: ubuntu-latest + needs: + - test-controller-distros strategy: - fail-fast: false + fail-fast: true matrix: - distro: - - amazonlinux:2023 - - registry.access.redhat.com/ubi8/ubi - - registry.access.redhat.com/ubi9/ubi - - amazonlinux:2 - - registry.access.redhat.com/ubi7/ubi + arch: + - amd64 + - arm64 + distro: ${{ fromJson(needs.test-controller-distros.outputs.rpm) }} steps: - uses: actions/checkout@v4 with: fetch-depth: 1 + sparse-checkout: ci - uses: actions/download-artifact@v4 with: name: rpm + - uses: docker/setup-qemu-action@v3 - uses: docker/setup-buildx-action@v3 - name: generate dockerfile run: | echo 'FROM ${{ matrix.distro }} - COPY tyk-identity-broker*.x86_64.rpm /tyk-identity-broker.rpm + ARG RHELARCH + COPY tyk-identity-broker*.${RHELARCH}.rpm /tyk-identity-broker.rpm RUN command -v curl || yum install -y curl RUN command -v useradd || yum install -y shadow-utils RUN curl -fsSL https://packagecloud.io/install/repositories/tyk/tyk-identity-broker/script.rpm.sh | bash && yum install -y tyk-identity-broker-1.1.0-1 RUN curl https://keyserver.tyk.io/tyk.io.rpm.signing.key.2020 -o tyk-identity-broker.key && rpm --import tyk-identity-broker.key - RUN rpm --checksig tyk-identity-broker.rpm - RUN rpm -Uvh --force tyk-identity-broker.rpm - ' > Dockerfile + RUN rpm --checksig /tyk-identity-broker.rpm + RUN rpm -Uvh --force /tyk-identity-broker.rpm + + ' | tee Dockerfile - name: install on ${{ matrix.distro }} - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v6 with: context: "." + platforms: linux/${{ matrix.arch }} + build-args: | + RHELARCH=${{ startsWith(matrix.arch, 'arm64') && 'aarch64' || 'x86_64' }} + cache-from: type=gha + cache-to: type=gha,mode=max file: Dockerfile push: false sbom: diff --git a/ci/goreleaser/goreleaser.yml b/ci/goreleaser/goreleaser.yml index 7162ffc5..98064b33 100644 --- a/ci/goreleaser/goreleaser.yml +++ b/ci/goreleaser/goreleaser.yml @@ -4,6 +4,7 @@ # This project needs CGO_ENABLED=1 and the cross-compiler toolchains for # - arm64 # - amd64 +version: 2 builds: - id: std ldflags: