From 20b6fe4509d990a1b77168c363411b5843d6c374 Mon Sep 17 00:00:00 2001 From: Gromit Date: Fri, 29 Nov 2024 10:11:50 +0000 Subject: [PATCH] Auto generated from templates by gromit --- .github/workflows/release.yml | 176 ++++++++++++++++++++-------------- ci/Dockerfile.distroless | 10 +- ci/Dockerfile.std | 5 +- ci/goreleaser/goreleaser.yml | 111 +++++++++++---------- 4 files changed, 175 insertions(+), 127 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e611642b870..5435587eb16 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -8,13 +8,11 @@ name: Release # - docker hub # - devenv ECR # - Cloudsmith -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: ${{ github.event_name == 'pull_request' }} + +# concurrency: +# group: ${{ github.workflow }}-${{ github.ref }} +# cancel-in-progress: ${{ github.event_name == 'pull_request' }} on: - # Trigger release every monday at midnight for master CI images - schedule: - - cron: "0 0 * * 1" pull_request: push: branches: @@ -24,7 +22,7 @@ on: - 'v*' env: GOPRIVATE: github.com/TykTechnologies - VARIATION: inverted + VARIATION: prod-variation DOCKER_BUILD_SUMMARY: false DOCKER_BUILD_RECORD_UPLOAD: false # startsWith covers pull_request_target too @@ -49,7 +47,7 @@ jobs: rpmvers: 'el/7 el/8 el/9 amazon/2 amazon/2023' debvers: 'ubuntu/xenial ubuntu/bionic ubuntu/focal ubuntu/jammy debian/jessie debian/buster debian/bullseye debian/bookworm' outputs: - tags: ${{ steps.ci_metadata_ee.outputs.tags }} + tags: ${{ steps.ci_metadata.outputs.tags }} commit_author: ${{ steps.set_outputs.outputs.commit_author}} steps: - name: Checkout of tyk @@ -130,12 +128,13 @@ jobs: if: ${{ matrix.golang_cross == '1.22-bullseye' }} with: mask-password: 'true' - - name: Docker metadata for CI - id: ci_metadata_ + - name: Docker metadata for ee CI + id: ci_metadata_ee if: ${{ matrix.golang_cross == '1.22-bullseye' }} uses: docker/metadata-action@v5 with: - images: ${{ steps.ecr.outputs.registry }}/tyk + images: | + ${{ steps.ecr.outputs.registry }}/tyk-ee flavor: | latest=false tags: | @@ -145,88 +144,100 @@ jobs: type=semver,pattern={{major}},prefix=v type=semver,pattern={{major}}.{{minor}},prefix=v type=semver,pattern={{version}},prefix=v - - name: push image to CI + - name: push ee image to CI if: ${{ matrix.golang_cross == '1.22-bullseye' }} uses: docker/build-push-action@v6 with: context: "dist" - platforms: linux/amd64,linux/arm64 + platforms: linux/amd64,linux/arm64,linux/s390x file: ci/Dockerfile.distroless provenance: mode=max sbom: true push: true cache-from: type=gha cache-to: type=gha,mode=max - tags: ${{ steps.ci_metadata_.outputs.tags }} - labels: ${{ steps.tag_metadata.outputs.labels }} + tags: ${{ steps.ci_metadata_ee.outputs.tags }} + labels: ${{ steps.ci_metadata_ee.outputs.labels }} build-args: | - EDITION= - - name: Docker metadata for CI ee - id: ci_metadata_ee - if: ${{ matrix.golang_cross == '1.22-bullseye' }} + BUILD_PACKAGE_NAME=tyk-gateway-ee + - name: Docker metadata for tag push + id: tag_metadata_ee uses: docker/metadata-action@v5 with: - images: ${{ steps.ecr.outputs.registry }}/tyk-ee + images: | + docker.tyk.io/tyk-gateway/tyk-gateway + + tykio/tyk-gateway + + tykio/tyk-gateway-ee flavor: | latest=false + prefix=v tags: | - type=ref,event=branch - type=ref,event=pr - type=sha,format=long - type=semver,pattern={{major}},prefix=v - type=semver,pattern={{major}}.{{minor}},prefix=v - type=semver,pattern={{version}},prefix=v - - name: push image to CI ee + type=semver,pattern={{major}}.{{minor}} + type=semver,pattern={{version}} + labels: | + org.opencontainers.image.title=Tyk Gateway Enterprise Edition + org.opencontainers.image.description=Tyk API Gateway Enterprise Edition written in Go, supporting REST, GraphQL, TCP and gRPC protocols + org.opencontainers.image.vendor=tyk.io + org.opencontainers.image.version=${{ github.ref_name }} + - name: push ee image to prod if: ${{ matrix.golang_cross == '1.22-bullseye' }} uses: docker/build-push-action@v6 with: context: "dist" - platforms: linux/amd64,linux/arm64 + platforms: linux/amd64,linux/arm64,linux/s390x file: ci/Dockerfile.distroless provenance: mode=max sbom: true - push: true cache-from: type=gha cache-to: type=gha,mode=max - tags: ${{ steps.ci_metadata_ee.outputs.tags }} - labels: ${{ steps.tag_metadata.outputs.labels }} + push: ${{ startsWith(github.ref, 'refs/tags') }} + tags: ${{ steps.tag_metadata_ee.outputs.tags }} + labels: ${{ steps.tag_metadata_ee.outputs.labels }} build-args: | - EDITION=-ee - - name: Docker metadata for tag push - id: tag_metadata_ + BUILD_PACKAGE_NAME=tyk-gateway-ee + - name: Docker metadata for std CI + id: ci_metadata_std + if: ${{ matrix.golang_cross == '1.22-bullseye' }} uses: docker/metadata-action@v5 with: images: | - tykio/tyk-gateway - docker.tyk.io/tyk-gateway/tyk-gateway + ${{ steps.ecr.outputs.registry }}/tyk flavor: | latest=false - prefix=v tags: | - type=semver,pattern={{major}}.{{minor}} - type=semver,pattern={{version}} - labels: "org.opencontainers.image.title=tyk-gateway (distroless) \norg.opencontainers.image.description=Tyk Open Source API Gateway written in Go, supporting REST, GraphQL, TCP and gRPC protocols\norg.opencontainers.image.vendor=tyk.io\norg.opencontainers.image.version=${{ github.ref_name }}\n" - - name: push image to prod + type=ref,event=branch + type=ref,event=pr + type=sha,format=long + type=semver,pattern={{major}},prefix=v + type=semver,pattern={{major}}.{{minor}},prefix=v + type=semver,pattern={{version}},prefix=v + - name: push std image to CI if: ${{ matrix.golang_cross == '1.22-bullseye' }} uses: docker/build-push-action@v6 with: context: "dist" - platforms: linux/amd64,linux/arm64 + platforms: linux/amd64,linux/arm64,linux/s390x file: ci/Dockerfile.distroless provenance: mode=max sbom: true + push: true cache-from: type=gha cache-to: type=gha,mode=max - push: ${{ startsWith(github.ref, 'refs/tags') }} - tags: ${{ steps.tag_metadata_.outputs.tags }} - labels: ${{ steps.tag_metadata_.outputs.labels }} + tags: ${{ steps.ci_metadata_std.outputs.tags }} + labels: ${{ steps.ci_metadata_std.outputs.labels }} build-args: | - EDITION= - - name: Docker metadata for tag push ee - id: tag_metadata_ee + BUILD_PACKAGE_NAME=tyk-gateway + - name: Docker metadata for tag push + id: tag_metadata_std uses: docker/metadata-action@v5 with: images: | + docker.tyk.io/tyk-gateway/tyk-gateway + + tykio/tyk-gateway + tykio/tyk-gateway-ee flavor: | latest=false @@ -234,23 +245,27 @@ jobs: tags: | type=semver,pattern={{major}}.{{minor}} type=semver,pattern={{version}} - labels: "org.opencontainers.image.title=tyk-gateway Enterprise Edition (distroless) \norg.opencontainers.image.description=Tyk Open Source API Gateway written in Go, supporting REST, GraphQL, TCP and gRPC protocols\norg.opencontainers.image.vendor=tyk.io\norg.opencontainers.image.version=${{ github.ref_name }}\n" - - name: push image to prod ee + labels: | + org.opencontainers.image.title=Tyk Gateway + org.opencontainers.image.description=Tyk Open Source API Gateway written in Go, supporting REST, GraphQL, TCP and gRPC protocols + org.opencontainers.image.vendor=tyk.io + org.opencontainers.image.version=${{ github.ref_name }} + - name: push std image to prod if: ${{ matrix.golang_cross == '1.22-bullseye' }} uses: docker/build-push-action@v6 with: context: "dist" - platforms: linux/amd64,linux/arm64 + platforms: linux/amd64,linux/arm64,linux/s390x file: ci/Dockerfile.distroless provenance: mode=max sbom: true cache-from: type=gha cache-to: type=gha,mode=max push: ${{ startsWith(github.ref, 'refs/tags') }} - tags: ${{ steps.tag_metadata_ee.outputs.tags }} - labels: ${{ steps.tag_metadata_ee.outputs.labels }} + tags: ${{ steps.tag_metadata_std.outputs.tags }} + labels: ${{ steps.tag_metadata_std.outputs.labels }} build-args: | - EDITION=-ee + BUILD_PACKAGE_NAME=tyk-gateway - name: save deb uses: actions/upload-artifact@v4 if: ${{ matrix.golang_cross == '1.22-bullseye' }} @@ -351,6 +366,7 @@ jobs: set -eaxo pipefail docker run -q --rm -v ~/.docker/config.json:/root/.docker/config.json tykio/gromit policy match ${tags[0]} ${match_tag} 2>versions.env echo '# alfa and beta have to come after the override + tyk_alfa_image=$tyk_image tyk_beta_image=$tyk_image ECR=${{steps.ecr.outputs.registry}} @@ -374,9 +390,37 @@ jobs: repository: TykTechnologies/tyk-analytics path: tyk-analytics token: ${{ secrets.ORG_GH_TOKEN }} - fetch-depth: 1 - ref: ${{ env.BASE_REF }} + fetch-depth: 0 sparse-checkout: tests/api + - name: Choosing test code branch + working-directory: tyk-analytics/tests/api + run: | + if [[ ${{ github.event_name }} == "release" ]]; then + echo "Checking out release tag..." + TAG_NAME=${{ github.event.release.tag_name }} + git checkout "$TAG_NAME" + fi + if [[ ${{ github.event_name }} == "pull_request" ]]; then + PR_BRANCH=${{ github.event.pull_request.head.ref }} + TARGET_BRANCH=${{ github.event.pull_request.base.ref }} + echo "Looking for PR_BRANCH:$PR_BRANCH or TARGET_BRANCH:$TARGET_BRANCH..." + if git rev-parse --verify "origin/$PR_BRANCH" >/dev/null 2>&1; then + echo "PR branch $PR_BRANCH exists. Checking out..." + git checkout "$PR_BRANCH" + elif git rev-parse --verify "origin/$TARGET_BRANCH" >/dev/null 2>&1; then + echo "Target branch $TARGET_BRANCH exists. Checking out..." + git checkout "$TARGET_BRANCH" + fi + fi + if [[ ${{ github.event_name }} == "push" ]]; then + PUSH_BRANCH=${{ github.ref_name }} + echo "Looking for PUSH_BRANCH:$PUSH_BRANCH..." + if git rev-parse --verify "origin/$PUSH_BRANCH" >/dev/null 2>&1; then + echo "Push branch $PUSH_BRANCH exists. Checking out..." + git checkout "$PUSH_BRANCH" + fi + fi + echo "Current commit: $(git rev-parse HEAD)" - uses: actions/setup-python@v5 with: cache: 'pip' @@ -405,20 +449,6 @@ jobs: USER_API_SECRET=${{ steps.env_up.outputs.USER_API_SECRET }} EOF env $(cat pytest.env | xargs) $pytest -m "${{ matrix.envfiles.apimarkers }}" - - name: Upload Playwright Test Report to S3 - if: failure() && steps.test_execution.outcome != 'success' && steps.env_up.outcome == 'success' - run: npm run upload_report_to_s3 - env: - AWS_ACCESS_KEY_ID: ${{ secrets.UI_AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.UI_AWS_SECRET_ACCESS_KEY }} - RUN_ID: 'tyk-analytics/${{ github.run_id }}' - working-directory: tyk-analytics/tests/ui - - name: Share S3 report link into summary - if: failure() && steps.test_execution.outcome != 'success' && steps.env_up.outcome == 'success' - run: | - echo "# :clipboard: S3 UI Test REPORT: ${{ matrix.envfiles.db }}-${{ matrix.envfiles.conf }}" >> $GITHUB_STEP_SUMMARY - echo "- Status: ${{ steps.test_execution.outcome == 'success' && ':white_check_mark:' || ':no_entry_sign:' }}" >> $GITHUB_STEP_SUMMARY - echo "- [Link to report](https://tyk-qa-reports.s3.eu-central-1.amazonaws.com/tyk-analytics/${{ github.run_id }}/index.html)" >> $GITHUB_STEP_SUMMARY - name: Generate metadata and upload test reports id: metadata_report if: always() && (steps.test_execution.conclusion != 'skipped') @@ -538,9 +568,11 @@ jobs: load: true - name: Test the built container image with api functionality test. run: | - docker run -d -p8080:8080 --network ${{ job.container.network }} --rm test-${{ matrix.distro }}-${{ matrix.arch }} + docker run -d -p8080:8080 --name=test --network ${{ job.container.network }} --rm test-${{ matrix.distro }}-${{ matrix.arch }} sleep 2 ./ci/tests/api-functionality/api_test.sh + sleep 2 + docker stop test || true upgrade-rpm: services: httpbin.org: @@ -595,7 +627,7 @@ jobs: tags: test-${{ matrix.distro }}-${{ matrix.arch }} load: true - name: Test the built container image with api functionality test. - run: "docker run -d -p8080:8080 --network ${{ job.container.network }} --rm test-${{ matrix.distro }}-${{ matrix.arch }}\nsleep 2\n./ci/tests/api-functionality/api_test.sh \n" + run: "docker run -d -p8080:8080 --name=test --network ${{ job.container.network }} --rm test-${{ matrix.distro }}-${{ matrix.arch }}\nsleep 2\n./ci/tests/api-functionality/api_test.sh\nsleep 2\ndocker stop test || true \n" release-tests: needs: - goreleaser diff --git a/ci/Dockerfile.distroless b/ci/Dockerfile.distroless index d823708f0d1..8b61aadc016 100644 --- a/ci/Dockerfile.distroless +++ b/ci/Dockerfile.distroless @@ -1,17 +1,17 @@ # Generated by: gromit policy -FROM debian:bookworm-slim as DEB +FROM debian:bookworm-slim AS deb ARG TARGETARCH -ARG EDITION +ARG BUILD_PACKAGE_NAME ENV DEBIAN_FRONTEND=noninteractive -COPY *${TARGETARCH}.deb / -RUN rm -f /*fips*.deb && dpkg -i /tyk-gateway${EDITION}_*${TARGETARCH}.deb && rm /*.deb +COPY ${BUILD_PACKAGE_NAME}*${TARGETARCH}.deb / +RUN dpkg -i /${BUILD_PACKAGE_NAME}_*${TARGETARCH}.deb && rm /*.deb FROM gcr.io/distroless/base-debian12:latest -COPY --from=DEB /opt/tyk-gateway /opt/tyk-gateway +COPY --from=deb /opt/tyk-gateway /opt/tyk-gateway ARG PORTS EXPOSE $PORTS diff --git a/ci/Dockerfile.std b/ci/Dockerfile.std index 680dfa16d0c..b7eb82951b6 100644 --- a/ci/Dockerfile.std +++ b/ci/Dockerfile.std @@ -2,6 +2,7 @@ FROM debian:bookworm-slim ARG TARGETARCH +ARG BUILD_PACKAGE_NAME ENV DEBIAN_FRONTEND=noninteractive @@ -20,8 +21,8 @@ RUN rm -rf /root/.cache \ && find /usr/lib -type f -name '*.a' -o -name '*.o' -delete # Comment this to test in dev -COPY *${TARGETARCH}.deb / -RUN rm -f /*fips*.deb && dpkg -i /tyk-gateway*${TARGETARCH}.deb && rm /*.deb +COPY ${BUILD_PACKAGE_NAME}*${TARGETARCH}.deb / +RUN dpkg -i /${BUILD_PACKAGE_NAME}*${TARGETARCH}.deb && rm /*.deb ARG PORTS diff --git a/ci/goreleaser/goreleaser.yml b/ci/goreleaser/goreleaser.yml index 8296607b48f..6deb1746f15 100644 --- a/ci/goreleaser/goreleaser.yml +++ b/ci/goreleaser/goreleaser.yml @@ -6,11 +6,12 @@ # - amd64 version: 2 builds: - - id: std + - id: ee-amd64 flags: - - -tags=ignore - - -trimpath - - -tags=goplugin + - -tags=goplugin,ee + env: + - NOP=nop # ignore this, it is jsut to avoid a complex conditional in the templates + - CC=gcc ldflags: - -X github.com/TykTechnologies/tyk/internal/build.Version={{.Version}} - -X github.com/TykTechnologies/tyk/internal/build.Commit={{.FullCommit}} @@ -21,47 +22,45 @@ builds: goarch: - amd64 binary: tyk - - id: std-arm64 + - id: ee-arm64 flags: - - -tags=ignore - - -trimpath - - -tags=goplugin + - -tags=goplugin,ee + env: + - NOP=nop # ignore this, it is jsut to avoid a complex conditional in the templates + - CC=aarch64-linux-gnu-gcc ldflags: - -X github.com/TykTechnologies/tyk/internal/build.Version={{.Version}} - -X github.com/TykTechnologies/tyk/internal/build.Commit={{.FullCommit}} - -X github.com/TykTechnologies/tyk/internal/build.BuildDate={{.Date}} - -X github.com/TykTechnologies/tyk/internal/build.BuiltBy=goreleaser - env: - - CC=aarch64-linux-gnu-gcc goos: - linux goarch: - arm64 binary: tyk - - id: std-s390x + - id: ee-s390x flags: - - -tags=ignore - - -trimpath - - -tags=goplugin + - -tags=goplugin,ee + env: + - NOP=nop # ignore this, it is jsut to avoid a complex conditional in the templates + - CC=s390x-linux-gnu-gcc ldflags: - -X github.com/TykTechnologies/tyk/internal/build.Version={{.Version}} - -X github.com/TykTechnologies/tyk/internal/build.Commit={{.FullCommit}} - -X github.com/TykTechnologies/tyk/internal/build.BuildDate={{.Date}} - -X github.com/TykTechnologies/tyk/internal/build.BuiltBy=goreleaser - env: - - CC=s390x-linux-gnu-gcc goos: - linux goarch: - s390x binary: tyk - - id: fips + - id: fips-amd64 flags: - - -tags=ignore - - -trimpath - - -tags=goplugin,fips,boringcrypto,ee + - -tags=goplugin,fips,boringcrypto env: - - GOEXPERIMENT=boringcrypto + - NOP=nop # ignore this, it is jsut to avoid a complex conditional in the templates + - CC=gcc + - $env ldflags: - -X github.com/TykTechnologies/tyk/internal/build.Version={{.Version}} - -X github.com/TykTechnologies/tyk/internal/build.Commit={{.FullCommit}} @@ -72,11 +71,13 @@ builds: goarch: - amd64 binary: tyk - - id: ee + - id: std-amd64 flags: - - -tags=ignore + - -tags=goplugin - -trimpath - - -tags=goplugin,ee + env: + - NOP=nop # ignore this, it is jsut to avoid a complex conditional in the templates + - CC=gcc ldflags: - -X github.com/TykTechnologies/tyk/internal/build.Version={{.Version}} - -X github.com/TykTechnologies/tyk/internal/build.Commit={{.FullCommit}} @@ -87,52 +88,52 @@ builds: goarch: - amd64 binary: tyk - - id: ee-arm64 + - id: std-arm64 flags: - - -tags=ignore + - -tags=goplugin - -trimpath - - -tags=goplugin,ee + env: + - NOP=nop # ignore this, it is jsut to avoid a complex conditional in the templates + - CC=aarch64-linux-gnu-gcc ldflags: - -X github.com/TykTechnologies/tyk/internal/build.Version={{.Version}} - -X github.com/TykTechnologies/tyk/internal/build.Commit={{.FullCommit}} - -X github.com/TykTechnologies/tyk/internal/build.BuildDate={{.Date}} - -X github.com/TykTechnologies/tyk/internal/build.BuiltBy=goreleaser - env: - - CC=aarch64-linux-gnu-gcc goos: - linux goarch: - arm64 binary: tyk - - id: ee-s390x + - id: std-s390x flags: - - -tags=ignore + - -tags=goplugin - -trimpath - - -tags=goplugin,ee + env: + - NOP=nop # ignore this, it is jsut to avoid a complex conditional in the templates + - CC=s390x-linux-gnu-gcc ldflags: - -X github.com/TykTechnologies/tyk/internal/build.Version={{.Version}} - -X github.com/TykTechnologies/tyk/internal/build.Commit={{.FullCommit}} - -X github.com/TykTechnologies/tyk/internal/build.BuildDate={{.Date}} - -X github.com/TykTechnologies/tyk/internal/build.BuiltBy=goreleaser - env: - - CC=s390x-linux-gnu-gcc goos: - linux goarch: - s390x binary: tyk nfpms: - - id: std + - id: ee vendor: "Tyk Technologies Ltd" homepage: "https://tyk.io" maintainer: "Tyk " - description: Tyk Open Source API Gateway written in Go, supporting REST, GraphQL, TCP and gRPC protocols - package_name: tyk-gateway + description: Tyk API Gateway Enterprise Edition written in Go, supporting REST, GraphQL, TCP and gRPC protocols + package_name: tyk-gateway-ee file_name_template: "{{ .ConventionalFileName }}" builds: - - std - - std-arm64 - - std-s390x + - ee-amd64 + - ee-arm64 + - ee-s390x formats: - deb - rpm @@ -185,11 +186,11 @@ nfpms: vendor: "Tyk Technologies Ltd" homepage: "https://tyk.io" maintainer: "Tyk " - description: Tyk Open Source API Gateway written in Go, supporting REST, GraphQL, TCP and gRPC protocols + description: Tyk Open Source API Gateway written in Go, supporting REST, GraphQL, TCP and gRPC protocols Built with boringssl package_name: tyk-gateway-fips file_name_template: "{{ .ConventionalFileName }}" builds: - - fips + - fips-amd64 formats: - deb - rpm @@ -238,17 +239,17 @@ nfpms: signature: key_file: tyk.io.signing.key type: origin - - id: ee + - id: std vendor: "Tyk Technologies Ltd" homepage: "https://tyk.io" maintainer: "Tyk " description: Tyk Open Source API Gateway written in Go, supporting REST, GraphQL, TCP and gRPC protocols - package_name: tyk-gateway-ee + package_name: tyk-gateway file_name_template: "{{ .ConventionalFileName }}" builds: - - ee - - ee-arm64 - - ee-s390x + - std-amd64 + - std-arm64 + - std-s390x formats: - deb - rpm @@ -298,7 +299,21 @@ nfpms: key_file: tyk.io.signing.key type: origin publishers: - - name: tyk-gateway-unstable + - name: ee + ids: + - ee + env: + - PACKAGECLOUD_TOKEN={{ .Env.PACKAGECLOUD_TOKEN }} + cmd: packagecloud publish --debvers "{{ .Env.DEBVERS }}" --rpmvers "{{ .Env.RPMVERS }}" tyk/tyk-ee-unstable {{ .ArtifactPath }} + - name: fips + ids: + - fips + env: + - PACKAGECLOUD_TOKEN={{ .Env.PACKAGECLOUD_TOKEN }} + cmd: packagecloud publish --debvers "{{ .Env.DEBVERS }}" --rpmvers "{{ .Env.RPMVERS }}" tyk/ {{ .ArtifactPath }} + - name: std + ids: + - std env: - PACKAGECLOUD_TOKEN={{ .Env.PACKAGECLOUD_TOKEN }} cmd: packagecloud publish --debvers "{{ .Env.DEBVERS }}" --rpmvers "{{ .Env.RPMVERS }}" tyk/tyk-gateway-unstable {{ .ArtifactPath }}