[SYSE-337]: Update releng for release-4-lts #14423
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Generated by: gromit policy | |
| # Distribution channels covered by this workflow | |
| # - Ubuntu and Debian | |
| # - RHEL and AL | |
| # - docker hub | |
| # - devenv ECR | |
| # - Cloudsmith | |
| name: Release | |
| on: | |
| # Trigger release every monday at midnight for master CI images | |
| schedule: | |
| - cron: "0 0 * * 1" | |
| pull_request: | |
| push: | |
| branches: | |
| - master | |
| - release-** | |
| tags: | |
| - 'v*' | |
| env: | |
| GOPRIVATE: github.com/TykTechnologies | |
| jobs: | |
| goreleaser: | |
| name: '${{ matrix.golang_cross }}' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write # AWS OIDC JWT | |
| contents: read # actions/checkout | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| golang_cross: | |
| - 1.15 | |
| include: | |
| - golang_cross: 1.15 | |
| goreleaser: 'ci/goreleaser/goreleaser.yml' | |
| cgo: 1 | |
| rpmvers: 'el/7 el/8 el/9 amazon/2 amazon/2023' | |
| debvers: 'ubuntu/xenial ubuntu/bionic ubuntu/focal ubuntu/jammy debian/jessie debian/buster debian/bullseye debian/bookworm' | |
| outputs: | |
| tags: ${{ steps.metadata.outputs.tags }} | |
| commit_author: ${{ steps.fetch-author.outputs.commit_author}} | |
| steps: | |
| - name: Checkout of tyk | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 1 | |
| - name: Get commit author | |
| id: fetch-author | |
| run: echo "commit_author=$(git show -s --format='%ae' HEAD)" >> $GITHUB_OUTPUT | |
| - uses: docker/setup-qemu-action@v3 | |
| - uses: docker/setup-buildx-action@v3 | |
| - name: Login to DockerHub | |
| if: startsWith(github.ref, 'refs/tags') | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| - name: Login to Cloudsmith | |
| if: startsWith(github.ref, 'refs/tags') | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: docker.tyk.io | |
| username: ${{ secrets.CLOUDSMITH_USERNAME }} | |
| password: ${{ secrets.CLOUDSMITH_API_KEY }} | |
| - uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
| restore-keys: | | |
| ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
| - name: Build | |
| env: | |
| NFPM_STD_PASSPHRASE: ${{ secrets.SIGNING_KEY_PASSPHRASE }} | |
| PKG_SIGNING_KEY: ${{ secrets.SIGNING_KEY }} | |
| PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }} | |
| run: | | |
| echo '#!/bin/sh | |
| ci/bin/unlock-agent.sh | |
| mkdir -p /go/src | |
| GO111MODULE=on go mod tidy | |
| GO111MODULE=on go mod vendor | |
| cp -r -f vendor/* /go/src | |
| mkdir -p /go/src/github.com/TykTechnologies/tyk | |
| cp -r ./* /go/src/github.com/TykTechnologies/tyk | |
| find /go/src -name vendor | xargs --no-run-if-empty -d'\n' rm -rf | |
| rm -rf vendor | |
| git config --global url."https://${{ secrets.ORG_GH_TOKEN }}@github.com".insteadOf "https://github.com" | |
| git config --global --add safe.directory /go/src/github.com/TykTechnologies/tyk | |
| goreleaser release --clean -f ${{ matrix.goreleaser }} ${{ !startsWith(github.ref, 'refs/tags/') && ' --snapshot' || '' }}' | tee /tmp/build.sh | |
| chmod +x /tmp/build.sh | |
| docker run --rm --privileged -e GITHUB_TOKEN=${{ github.token }} \ | |
| -e GOPRIVATE=github.com/TykTechnologies \ | |
| -e GO111MODULE=off \ | |
| -e DEBVERS='${{ matrix.debvers }}' \ | |
| -e RPMVERS='${{ matrix.rpmvers }}' \ | |
| -e CGO_ENABLED=${{ matrix.cgo }} \ | |
| -e NFPM_STD_PASSPHRASE="$NFPM_STD_PASSPHRASE" \ | |
| -e GPG_FINGERPRINT=12B5D62C28F57592D1575BD51ED14C59E37DAC20 \ | |
| -e PKG_SIGNING_KEY="$PKG_SIGNING_KEY" \ | |
| -e PACKAGECLOUD_TOKEN=$PACKAGECLOUD_TOKEN \ | |
| -v ${{github.workspace}}:/go/src/github.com/TykTechnologies/tyk \ | |
| -v /var/run/docker.sock:/var/run/docker.sock \ | |
| -v ~/.docker/config.json:/root/.docker/config.json \ | |
| -e GOCACHE=/cache/go-build \ | |
| -e GOMODCACHE=/go/pkg/mod \ | |
| -v ~/go/pkg/mod:/go/pkg/mod \ | |
| -v ~/.cache/go-build:/cache/go-build \ | |
| -v /tmp/build.sh:/tmp/build.sh \ | |
| -w /go/src/github.com/TykTechnologies/tyk \ | |
| tykio/golang-cross:${{ matrix.golang_cross }} /tmp/build.sh | |
| - uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: arn:aws:iam::754489498669:role/ecr_rw_tyk | |
| role-session-name: cipush | |
| aws-region: eu-central-1 | |
| # Don't mask to pass it across job boundaries | |
| mask-aws-account-id: false | |
| - uses: aws-actions/amazon-ecr-login@v2 | |
| id: ecr | |
| if: ${{ matrix.golang_cross == '1.15' }} | |
| with: | |
| mask-password: 'true' | |
| - name: Docker metadata for CI | |
| id: metadata | |
| if: ${{ matrix.golang_cross == '1.15' }} | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ steps.ecr.outputs.registry }}/tyk | |
| flavor: | | |
| latest=false | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=pr | |
| type=sha,format=long | |
| type=semver,pattern=v{{major}}.{{minor}},prefix=v | |
| type=semver,pattern=v{{version}},prefix=v | |
| - name: CI push | |
| if: ${{ matrix.golang_cross == '1.15' }} | |
| shell: bash | |
| env: | |
| t: ${{ steps.metadata.outputs.tags }} | |
| build_tag: ${{ startswith(github.ref, 'refs/tags') && github.ref_name || 'v0.0.0' }} | |
| run: | | |
| set +e | |
| IFS=$'\n' tags=($t) | |
| for tag in "${tags[@]}"; do | |
| for arch in amd64 arm64; do | |
| docker tag tykio/tyk-gateway:${build_tag}-${arch} ${tag}-${arch} && docker push ${tag}-${arch} | |
| done | |
| docker manifest create ${tag} ${tag}-amd64 ${tag}-arm64 && docker manifest push ${tag} | |
| done | |
| - uses: actions/upload-artifact@v4 | |
| if: ${{ matrix.golang_cross == '1.15' }} | |
| with: | |
| name: deb | |
| retention-days: 1 | |
| path: | | |
| dist/*.deb | |
| !dist/*PAYG*.deb | |
| - uses: actions/upload-artifact@v4 | |
| if: ${{ matrix.golang_cross == '1.15' }} | |
| with: | |
| name: rpm | |
| retention-days: 1 | |
| path: | | |
| dist/*.rpm | |
| !dist/*PAYG*.rpm | |
| upgrade-deb: | |
| services: | |
| httpbin.org: | |
| image: kennethreitz/httpbin | |
| runs-on: ubuntu-latest | |
| needs: goreleaser | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| arch: | |
| - amd64 | |
| - arm64 | |
| distro: | |
| - ubuntu:bionic | |
| - ubuntu:focal | |
| - ubuntu:jammy | |
| - debian:bullseye | |
| - debian:bookworm | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 1 | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| name: deb | |
| - uses: docker/setup-qemu-action@v3 | |
| - uses: docker/setup-buildx-action@v3 | |
| - name: generate dockerfile | |
| run: | | |
| echo 'FROM ${{ matrix.distro }} | |
| ARG TARGETARCH | |
| COPY tyk-gateway*_${TARGETARCH}.deb /tyk-gateway.deb | |
| RUN apt-get update && apt-get install -y curl | |
| RUN curl -fsSL https://packagecloud.io/install/repositories/tyk/tyk-gateway/script.deb.sh | bash && apt-get install -y tyk-gateway=3.0.8 | |
| RUN dpkg -i tyk-gateway.deb | |
| RUN apt-get install -y jq | |
| RUN /opt/tyk-gateway/install/setup.sh --listenport=8080 --redishost=localhost --redisport=6379 --domain="" | |
| COPY ci/tests/api-functionality/api_test.sh / | |
| COPY ci/tests/api-functionality/pkg_test.sh / | |
| COPY ci/tests/api-functionality/data/api.json /opt/tyk-gateway/apps/ | |
| CMD [ "/pkg_test.sh" ] | |
| ' > Dockerfile | |
| - name: install on ${{ matrix.distro }} | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: "." | |
| platforms: linux/${{ matrix.arch }} | |
| file: Dockerfile | |
| push: false | |
| tags: test-${{ matrix.distro }}-${{ matrix.arch }} | |
| load: true | |
| - name: Test the built container image with api functionality test. | |
| run: | | |
| docker run --network ${{ job.container.network }} --rm test-${{ matrix.distro }}-${{ matrix.arch }} | |
| upgrade-rpm: | |
| services: | |
| httpbin.org: | |
| image: kennethreitz/httpbin | |
| needs: goreleaser | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| distro: | |
| - amazonlinux:2023 | |
| - registry.access.redhat.com/ubi8/ubi | |
| - registry.access.redhat.com/ubi9/ubi | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 1 | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| name: rpm | |
| - uses: docker/setup-buildx-action@v3 | |
| - name: generate dockerfile | |
| run: | | |
| echo 'FROM ${{ matrix.distro }} | |
| COPY tyk-gateway*.x86_64.rpm /tyk-gateway.rpm | |
| RUN command -v curl || yum install -y curl | |
| RUN command -v useradd || yum install -y shadow-utils | |
| RUN curl -fsSL https://packagecloud.io/install/repositories/tyk/tyk-gateway/script.rpm.sh | bash && yum install -y tyk-gateway-3.0.8-1 | |
| RUN curl https://keyserver.tyk.io/tyk.io.rpm.signing.key.2020 -o tyk-gateway.key && rpm --import tyk-gateway.key | |
| RUN rpm --checksig tyk-gateway.rpm | |
| RUN rpm -Uvh --force tyk-gateway.rpm | |
| RUN curl -fSL https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 --output /usr/local/bin/jq && chmod a+x /usr/local/bin/jq | |
| RUN /opt/tyk-gateway/install/setup.sh --listenport=8080 --redishost=localhost --redisport=6379 --domain="" | |
| COPY ci/tests/api-functionality/data/api.json /opt/tyk-gateway/apps/ | |
| COPY ci/tests/api-functionality/api_test.sh / | |
| COPY ci/tests/api-functionality/pkg_test.sh / | |
| CMD [ "/pkg_test.sh" ] | |
| ' > Dockerfile | |
| - name: install on ${{ matrix.distro }} | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: "." | |
| file: Dockerfile | |
| push: false | |
| tags: test-${{ matrix.distro }} | |
| load: true | |
| - name: Test the built container image with api functionality test. | |
| run: | | |
| docker run --network ${{ job.container.network }} --rm test-${{ matrix.distro }} | |
| sbom: | |
| needs: goreleaser | |
| uses: TykTechnologies/github-actions/.github/workflows/sbom.yaml@main | |
| secrets: | |
| DEPDASH_URL: ${{ secrets.DEPDASH_URL }} | |
| DEPDASH_KEY: ${{ secrets.DEPDASH_KEY }} | |
| ORG_GH_TOKEN: ${{ secrets.ORG_GH_TOKEN }} |