From add31ab65a17a6fbcb7f974787190a99397d1326 Mon Sep 17 00:00:00 2001 From: Gromit Date: Wed, 17 Jan 2024 06:35:55 +0000 Subject: [PATCH] Auto generated from templates by gromit --- .github/workflows/release.yml | 433 +++++++++++++++++-------------- ci/Dockerfile.std | 19 +- ci/aws/byol.pkr.hcl | 105 -------- ci/goreleaser/goreleaser-el7.yml | 32 +-- ci/goreleaser/goreleaser.yml | 63 +++-- ci/install/before_install.sh | 2 +- ci/install/post_install.sh | 2 +- ci/install/post_remove.sh | 2 +- ci/install/post_trans.sh | 2 +- 9 files changed, 295 insertions(+), 365 deletions(-) delete mode 100644 ci/aws/byol.pkr.hcl diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 3f796f834ffd..338565dc292f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,17 +1,18 @@ # Generated by: gromit policy -# Generated on: Fri Aug 18 08:07:54 UTC 2023 +# Generated on: Wed Jan 17 06:35:55 UTC 2024 # Distribution channels covered by this workflow # - Ubuntu and Debian # - RHEL and AL # - docker hub # - devenv ECR -# - AWS mktplace (not active atm) # - Cloudsmith name: Release - on: + # Trigger release every monday at midnight for master CI images + schedule: + - cron: "0 0 * * 1" pull_request: push: branches: @@ -19,93 +20,58 @@ on: - release-** tags: - 'v*' - env: - SLACK_CLI_TOKEN: ${{ secrets.BENDER_TOKEN }} GOPRIVATE: github.com/TykTechnologies - jobs: goreleaser: name: '${{ matrix.golang_cross }}' runs-on: ubuntu-latest - container: 'tykio/golang-cross:${{ matrix.golang_cross }}' + permissions: + id-token: write # AWS OIDC JWT + contents: read # actions/checkout strategy: fail-fast: false matrix: - golang_cross: [ 1.16-bullseye, 1.16-el7 ] + golang_cross: + - 1.16 + - 1.16-el7 include: - golang_cross: 1.16-el7 goreleaser: 'ci/goreleaser/goreleaser-el7.yml' rpmvers: 'el/7 amazon/2' debvers: 'ubuntu/xenial ubuntu/bionic debian/jessie' - - golang_cross: 1.16-bullseye + cgo: 0 + - golang_cross: 1.16 goreleaser: 'ci/goreleaser/goreleaser.yml' + cgo: 1 rpmvers: 'el/8 el/9 amazon/2023' - debvers: 'ubuntu/bionic ubuntu/focal ubuntu/jammy debian/buster debian/bullseye' + debvers: 'ubuntu/bionic ubuntu/focal ubuntu/jammy debian/buster debian/bullseye debian/bookworm' outputs: - tag: ${{ steps.targets.outputs.tag }} - + tags: ${{ steps.metadata.outputs.tags }} steps: - - name: Fix private module deps - env: - TOKEN: '${{ secrets.ORG_GH_TOKEN }}' - run: > - git config --global url."https://${TOKEN}@github.com".insteadOf "https://github.com" - - name: Checkout of tyk - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 1 - - - name: "Add Git safe.directory" - run: git config --global --add safe.directory $GITHUB_WORKSPACE - - - uses: docker/setup-qemu-action@v2 - - - uses: docker/setup-buildx-action@v2 - + - uses: docker/setup-qemu-action@v3 + - uses: docker/setup-buildx-action@v3 - name: Login to DockerHub if: startsWith(github.ref, 'refs/tags') - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: Login to Cloudsmith if: startsWith(github.ref, 'refs/tags') - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: docker.tyk.io username: ${{ secrets.CLOUDSMITH_USERNAME }} password: ${{ secrets.CLOUDSMITH_API_KEY }} - - - name: Unlock agent and set tag - id: targets - shell: bash - env: - NFPM_STD_PASSPHRASE: ${{ secrets.SIGNING_KEY_PASSPHRASE }} - GPG_FINGERPRINT: 12B5D62C28F57592D1575BD51ED14C59E37DAC20 - PKG_SIGNING_KEY: ${{ secrets.SIGNING_KEY }} + - name: Setup build run: | - ci/bin/unlock-agent.sh - current_tag=${GITHUB_REF##*/} - echo "tag=${current_tag}" >> $GITHUB_OUTPUT + echo 'ci/bin/unlock-agent.sh - - name: Delete old release assets - if: startsWith(github.ref, 'refs/tags') - uses: mknejp/delete-release-assets@v1 - with: - token: ${{ github.token }} - tag: ${{ github.ref }} - fail-if-no-assets: false - fail-if-no-release: false - assets: | - *.deb - *.rpm - *.tar.gz - *.txt.sig - *.txt - - name: Fix vendor - run: | mkdir -p /go/src go mod tidy go mod vendor @@ -115,114 +81,223 @@ jobs: find /go/src -name vendor | xargs --no-run-if-empty -d'\n' rm -rf rm -rf vendor - - uses: goreleaser/goreleaser-action@v4 + git config --global url."https://${TOKEN}@github.com".insteadOf "https://github.com" + git config --global --add safe.directory $GITHUB_WORKSPACE' | tee pre-build.sh + chmod +x pre-build.sh + - uses: actions/cache@v3 with: - version: latest - args: release --clean -f ${{ matrix.goreleaser }} ${{ !startsWith(github.ref, 'refs/tags/') && ' --snapshot' || '' }} + path: | + ~/.cache/go-build + ~/go/pkg/mod + key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} + restore-keys: | + ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} + - name: Build env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - CGO_ENABLED: 1 - GO111MODULE: off NFPM_STD_PASSPHRASE: ${{ secrets.SIGNING_KEY_PASSPHRASE }} - NFPM_PAYG_PASSPHRASE: ${{ secrets.SIGNING_KEY_PASSPHRASE }} - GPG_FINGERPRINT: 12B5D62C28F57592D1575BD51ED14C59E37DAC20 PKG_SIGNING_KEY: ${{ secrets.SIGNING_KEY }} - GOLANG_CROSS: ${{ matrix.golang_cross }} - DEBVERS: ${{ matrix.debvers }} - RPMVERS: ${{ matrix.rpmvers }} PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }} - DOCKER_CLI_EXPERIMENTAL: "enabled" + run: | + docker run --rm --privileged -e GITHUB_TOKEN=${{ github.token }} \ + -e GOPRIVATE=github.com/TykTechnologies \ + -e GO111MODULE=on \ + -e DEBVERS='${{ matrix.debvers }}' \ + -e RPMVERS='${{ matrix.rpmvers }}' \ + -e CGO_ENABLED=${{ matrix.cgo }} \ + -e NFPM_STD_PASSPHRASE="$NFPM_STD_PASSPHRASE" \ + -e GPG_FINGERPRINT=12B5D62C28F57592D1575BD51ED14C59E37DAC20 \ + -e PKG_SIGNING_KEY="$PKG_SIGNING_KEY" \ + -e PACKAGECLOUD_TOKEN=$PACKAGECLOUD_TOKEN \ + -v ${{github.workspace}}:/go/src/github.com/TykTechnologies/tyk \ + -v /var/run/docker.sock:/var/run/docker.sock \ + -v ~/.docker/config.json:/root/.docker/config.json \ + -v ~/go/pkg/mod:/go/pkg/mod \ + -v ./pre-build.sh:${{github.workspace}}/pre-build.sh \ + -w ${{github.workspace}} \ + tykio/golang-cross:${{ matrix.golang_cross }} "./pre-build.sh && goreleaser release --clean -f ${{ matrix.goreleaser }} ${{ !startsWith(github.ref, 'refs/tags/') && ' --snapshot' || '' }}" + - uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: arn:aws:iam::754489498669:role/ecr_rw_tyk + role-session-name: cipush + aws-region: eu-central-1 + # Don't mask to pass it across job boundaries + mask-aws-account-id: false + - uses: aws-actions/amazon-ecr-login@v2 + id: ecr + if: ${{ matrix.golang_cross == '1.16' }} + with: + mask-password: 'true' + - name: Docker metadata for CI + id: metadata + if: ${{ matrix.golang_cross == '1.16' }} + uses: docker/metadata-action@v5 + with: + images: ${{ steps.ecr.outputs.registry }}/tyk + flavor: | + latest=false + tags: | + type=ref,event=branch + type=ref,event=pr + type=sha,format=long + type=semver,pattern=v{{major}}.{{minor}},prefix=v + type=semver,pattern=v{{version}},prefix=v + - name: CI push + if: ${{ matrix.golang_cross == '1.16' }} + shell: bash + env: + t: ${{ steps.metadata.outputs.tags }} + build_tag: ${{ startswith(github.ref, 'refs/tags') && github.ref_name || 'v0.0.0' }} + run: | + set +e + IFS=$'\n' tags=($t) + for tag in "${tags[@]}"; do + for arch in amd64 arm64; do + docker tag tykio/tyk-gateway:${build_tag}-${arch} ${tag}-${arch} && docker push ${tag}-${arch} + done + docker manifest create ${tag} ${tag}-amd64 ${tag}-arm64 && docker manifest push ${tag} + done - uses: actions/upload-artifact@v3 + if: ${{ matrix.golang_cross == '1.16' }} with: name: deb retention-days: 1 path: | dist/*.deb !dist/*PAYG*.deb - - uses: actions/upload-artifact@v3 + if: ${{ matrix.golang_cross == '1.16' }} with: name: rpm retention-days: 1 path: | dist/*.rpm !dist/*PAYG*.rpm - ci: - needs: - - goreleaser + test-controller: + needs: goreleaser + runs-on: ubuntu-latest + container: tykio/gromit:v1.6 + outputs: + conf: ${{ steps.params.outputs.conf }} + db: ${{ steps.params.outputs.db }} + pump: ${{ steps.params.outputs.pump }} + sink: ${{ steps.params.outputs.sink }} + gd_tag: ${{ steps.params.outputs.gd_tag }} + versions: ${{ steps.params.outputs.versions }} + steps: + - name: set params + id: params + env: + REPO: ${{ github.repository }} + # Cover pull_request_target too + BASE_REF: ${{startsWith(github.event_name, 'pull_request') && github.base_ref || github.ref}} + TAGS: ${{ needs.goreleaser.outputs.tags }} + IS_PR: ${{startsWith(github.event_name, 'pull_request') && 'yes' }} + IS_TAG: ${{startsWith(github.ref, 'refs/tags') && 'yes' }} + run: gromit policy controller --loglevel debug | tee -a "$GITHUB_OUTPUT" + api-tests: + needs: test-controller runs-on: ubuntu-latest permissions: - id-token: write # This is required for requesting the JWT - contents: read # This is required for actions/checkout - + id-token: write # This is required for requesting the Github JWT + contents: read # This is required for actions/checkout + strategy: + fail-fast: false + matrix: + conf: ${{ fromJson(needs.test-controller.outputs.conf) }} + db: ${{ fromJson(needs.test-controller.outputs.db) }} + pump: ${{ fromJson(needs.test-controller.outputs.pump) }} + sink: ${{ fromJson(needs.test-controller.outputs.sink) }} + include: + - db: postgres15 + markers: "and not sql" steps: - - name: Shallow checkout of tyk - uses: actions/checkout@v3 - with: - fetch-depth: 1 - - - uses: aws-actions/configure-aws-credentials@v2 + - uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: arn:aws:iam::754489498669:role/ecr_rw_tyk role-session-name: cipush aws-region: eu-central-1 - - - name: Login to Amazon ECR - id: login-ecr - uses: aws-actions/amazon-ecr-login@v1 - - - uses: actions/download-artifact@v3 + - id: ecr + uses: aws-actions/amazon-ecr-login@v2 with: - name: deb - - - name: Docker metadata - id: metadata - uses: docker/metadata-action@v4 + mask-password: 'true' + mask-aws-account-id: 'true' + # Only ${{ github.actor }} has access + # See https://github.com/mxschmitt/action-tmate#use-registered-public-ssh-keys + - name: Setup tmate session only in debug mode + uses: mxschmitt/action-tmate@v3 + if: ${{ runner.debug == '1' }} with: - images: ${{ steps.login-ecr.outputs.registry }}/tyk - flavor: | - latest=false - prefix=v - tags: | - type=semver,pattern=v{{version}} - type=semver,pattern=v{{major}}.{{minor}} - type=semver,pattern=v{{major}} - type=ref,event=branch - - - uses: docker/setup-qemu-action@v2 - - - uses: docker/setup-buildx-action@v2 - - - name: CI build - uses: docker/build-push-action@v4 + detached: true + limit-access-to-actor: true + - name: fetch env from tyk-ci + env: + GH_TOKEN: ${{ github.token }} + run: | + gh release download v1.2 --repo github.com/TykTechnologies/tyk-ci -O env.tgz + tar xzvf env.tgz + - name: env up + shell: bash + working-directory: auto + id: env_up + env: + pull_policy: 'if_not_present' + GH_TOKEN: ${{ secrets.ORG_GH_TOKEN }} + TYK_DB_LICENSEKEY: ${{ secrets.DASH_LICENSE }} + TYK_MDCB_LICENSE: ${{ secrets.MDCB_LICENSE }} + ECR: ${{ steps.ecr.outputs.registry }} + VERSIONS: ${{ needs.test-controller.outputs.versions}} + run: "echo \"ECR=${ECR}\n$VERSIONS\ntyk_pump_image=${{matrix.pump}} \ntyk_sink_image=${{matrix.sink}} \n# base dir for config files\nconfs_dir=./pro-ha\n# pick database to use\nenv_file=local-${{ matrix.db }}.env\n\" > versions.env\nprintf '::group::versions\\n%s\\n::endgroup::' \"$(cat versions.env)\"\n# Add Tyk component config variations to $env_file\ncat confs/${{ matrix.conf }}.env >> local-${{ matrix.db }}.env\n# bring up env, the project name is important\ndocker compose -p auto -f pro-ha.yml -f deps_pro-ha.yml -f ${{ matrix.db }}.yml --env-file versions.env --profile master-datacenter up --quiet-pull -d\n./dash-bootstrap.sh http://localhost:3000\ndocker compose -p auto -f pro-ha.yml -f deps_pro-ha.yml -f ${{ matrix.db }}.yml --env-file versions.env --profile slave-datacenter up --quiet-pull -d\n" + - name: Run tests + working-directory: auto + id: test_execution + run: | + echo "### API tests ${{ matrix.db }} ${{ matrix.conf }}" >> $GITHUB_STEP_SUMMARY + if docker run --rm --network auto_default --env-file pytest.env -v ${{ github.workspace }}/reports:/app/reports \ + ${{ steps.ecr.outputs.registry }}/tyk-automated-tests:${{ needs.test-controller.outputs.gd_tag }} \ + pytest -c pytest_ci.ini --ci -m "not local and not dind ${{ matrix.markers }}" | tee tests.out; then + echo "All tests passed!" >> $GITHUB_STEP_SUMMARY + else + echo "::error title=API tests ${{ matrix.db }} ${{ matrix.conf }}::Test execution failed" + cat tests.out >> $GITHUB_STEP_SUMMARY + docker logs tyk tyk-analytics + exit 1 + fi + - name: Archive Integration tests report + if: ${{ always() }} + uses: actions/upload-artifact@v3 with: - push: true - context: "." - file: ci/Dockerfile.std - platforms: linux/amd64,linux/arm64 - tags: | - ${{ steps.metadata.outputs.tags }} - ${{ steps.login-ecr.outputs.registry }}/tyk:${{ needs.goreleaser.outputs.tag }} - ${{ steps.login-ecr.outputs.registry }}/tyk:${{ github.sha }} - - sbom: - needs: ci - uses: TykTechnologies/github-actions/.github/workflows/sbom.yaml@main - secrets: - DEPDASH_URL: ${{ secrets.DEPDASH_URL }} - DEPDASH_KEY: ${{ secrets.DEPDASH_KEY }} - ORG_GH_TOKEN: ${{ secrets.ORG_GH_TOKEN }} - - tat: - needs: ci - uses: tyklabs/tyk-pro/.github/workflows/tests.yml@v1 - permissions: - id-token: write # This is required for requesting the JWT - contents: read # This is required for actions/checkout - with: - tyk-version: ${{ github.ref_name }} - tyk-analytics-version: ${{ github.ref_name }} - + name: api-test-report + retention-days: 3 + path: ${{ github.workspace }}/reports + - name: Fetch commit author + if: ${{ steps.test_execution.outcome != 'success' && !github.event.pull_request.draft }} + run: echo "GIT_USER_EMAIL=$(git show -s --format='%ae' HEAD)" >> $GITHUB_ENV + - name: Fetch slack user + if: ${{ steps.test_execution.outcome != 'success' && !github.event.pull_request.draft }} + id: fetch_slack_user + uses: TykTechnologies/github-actions/.github/actions/github-to-slack@main + with: + github_email: ${{ env.GIT_USER_EMAIL }} + - name: Notify slack + if: ${{ steps.test_execution.outcome != 'success' && !github.event.pull_request.draft }} + uses: rtCamp/action-slack-notify@v2 + env: + SLACK_WEBHOOK: ${{ secrets.API_TEST_ALERT_SLACK_WEBHOOK }} + SLACK_COLOR: ${{ job.status }} + SLACK_TITLE: "Result: ${{ steps.test_execution.outcome }}" + SLACK_USERNAME: API INTEGRATION TESTS + SLACK_MESSAGE: "*Test*: ${{ matrix.db }}-${{ matrix.conf }}, *Author*: ${{ steps.fetch_slack_user.outputs.slack-user-name }}" + SLACK_FOOTER: "" + - name: Comment on PR + if: ${{ always() && !github.event.pull_request.draft }} + uses: mshick/add-pr-comment@v2 + with: + message: "**API tests result - ${{ matrix.db }}-${{ matrix.conf }} env: ${{ steps.test_execution.outcome }}** ${{ env.STATUS }} \nBranch used: ${{ github.ref }}\nCommit: ${{ github.event.after }} ${{ github.event.commits[0].message }}\nTriggered by: ${{ github.event_name }} (@${{ github.actor }})\n[Execution page](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }})\n" + repo-token: ${{ secrets.ORG_GH_TOKEN }} + message-id: ${{ matrix.db }}-${{ matrix.conf }} + env: + STATUS: "${{ steps.test_execution.outcome == 'success' && ':white_check_mark:' || ':no_entry_sign:' }}" upgrade-deb: if: startsWith(github.ref, 'refs/tags') services: @@ -240,21 +315,18 @@ jobs: - ubuntu:xenial - ubuntu:bionic - ubuntu:focal + - ubuntu:jammy - debian:bullseye - + - debian:bookworm steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: fetch-depth: 1 - - uses: actions/download-artifact@v3 with: name: deb - - - uses: docker/setup-qemu-action@v2 - - - uses: docker/setup-buildx-action@v2 - + - uses: docker/setup-qemu-action@v3 + - uses: docker/setup-buildx-action@v3 - name: generate dockerfile run: | echo 'FROM ${{ matrix.distro }} @@ -270,9 +342,8 @@ jobs: COPY ci/tests/api-functionality/data/api.json /opt/tyk-gateway/apps/ CMD [ "/pkg_test.sh" ] ' > Dockerfile - - name: install on ${{ matrix.distro }} - uses: docker/build-push-action@v4 + uses: docker/build-push-action@v5 with: context: "." platforms: linux/${{ matrix.arch }} @@ -280,11 +351,9 @@ jobs: push: false tags: test-${{ matrix.distro }}-${{ matrix.arch }} load: true - - name: Test the built container image with api functionality test. run: | docker run --network ${{ job.container.network }} --rm test-${{ matrix.distro }}-${{ matrix.arch }} - upgrade-rpm: if: startsWith(github.ref, 'refs/tags') services: @@ -296,23 +365,22 @@ jobs: fail-fast: false matrix: distro: - - ubi7/ubi - - ubi8/ubi - + - amazonlinux:2023 + - registry.access.redhat.com/ubi8/ubi + - registry.access.redhat.com/ubi9/ubi + - amazonlinux:2 + - registry.access.redhat.com/ubi7/ubi steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: fetch-depth: 1 - - uses: actions/download-artifact@v3 with: name: rpm - - - uses: docker/setup-buildx-action@v2 - + - uses: docker/setup-buildx-action@v3 - name: generate dockerfile run: | - echo 'FROM registry.access.redhat.com/${{ matrix.distro }} + echo 'FROM ${{ matrix.distro }} COPY tyk-gateway*.x86_64.rpm /tyk-gateway.rpm RUN yum install --allowerasing -y curl RUN curl -fsSL https://packagecloud.io/install/repositories/tyk/tyk-gateway/script.rpm.sh | bash && yum install -y tyk-gateway-3.0.8-1 @@ -326,60 +394,21 @@ jobs: COPY ci/tests/api-functionality/pkg_test.sh / CMD [ "/pkg_test.sh" ] ' > Dockerfile - - name: install on ${{ matrix.distro }} - uses: docker/build-push-action@v4 + uses: docker/build-push-action@v5 with: context: "." file: Dockerfile push: false tags: test-${{ matrix.distro }} load: true - - name: Test the built container image with api functionality test. run: | docker run --network ${{ job.container.network }} --rm test-${{ matrix.distro }} - - smoke-tests: - if: startsWith(github.ref, 'refs/tags') - needs: - - goreleaser - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v3 - with: - fetch-depth: 1 - - - name: Run tests - shell: bash - env: - GITHUB_TAG: ${{ github.ref }} - run: | - set -eaxo pipefail - if [ ! -d smoke-tests ]; then - echo "::warning No repo specific smoke tests defined" - fi - if [ ! -d ci/tests ]; then - echo "::warning No ci tests defined" - exit 0 - fi - for d in ci/tests/*/ - do - echo Attempting to test $d - if [ -d $d ] && [ -e $d/test.sh ]; then - cd $d - ./test.sh ${{ needs.goreleaser.outputs.tag }} - cd - - fi - done - for d in smoke-tests/*/ - do - echo Attempting to test $d - if [ -d $d ] && [ -e $d/test.sh ]; then - cd $d - ./test.sh ${{ needs.goreleaser.outputs.tag }} - cd - - fi - done - + sbom: + needs: goreleaser + uses: TykTechnologies/github-actions/.github/workflows/sbom.yaml@main + secrets: + DEPDASH_URL: ${{ secrets.DEPDASH_URL }} + DEPDASH_KEY: ${{ secrets.DEPDASH_KEY }} + ORG_GH_TOKEN: ${{ secrets.ORG_GH_TOKEN }} diff --git a/ci/Dockerfile.std b/ci/Dockerfile.std index 531789451588..b68e44246005 100644 --- a/ci/Dockerfile.std +++ b/ci/Dockerfile.std @@ -1,6 +1,5 @@ - # Generated by: gromit policy -# Generated on: Fri Aug 18 08:07:54 UTC 2023 +# Generated on: Wed Jan 17 06:35:55 UTC 2024 FROM debian:bullseye-slim ARG TARGETARCH @@ -9,24 +8,19 @@ ENV DEBIAN_FRONTEND=noninteractive RUN apt-get update \ && apt-get dist-upgrade -y ca-certificates -# Install curl and python3 -RUN apt-get install -y curl python3-setuptools libpython3.9 python3.9-dev \ - && curl https://bootstrap.pypa.io/get-pip.py | python3 \ - && pip3 install --only-binary ":all:" grpcio protobuf==3.20.2 && pip3 install --upgrade setuptools +# For Python plugins +RUN apt-get install -y python3-setuptools libpython3-dev python3-dev python3-grpcio # Remove some things to decrease CVE surface -RUN apt-get remove -y --allow-remove-essential --auto-remove curl libtiff5 ncurses-base \ - && rm /usr/bin/passwd && rm /usr/sbin/adduser +RUN dpkg --purge --force-remove-essential curl ncurses-base || true +RUN rm -fv /usr/bin/passwd /usr/sbin/adduser || true # Clean up caches, unwanted .a and .o files RUN rm -rf /root/.cache \ && apt-get -y autoremove \ && apt-get clean \ && rm -rf /usr/include/* \ - && find /usr/lib -type f -name '*.a' -delete \ - && find /usr/lib -type f -name '*.o' -delete -# Print included pip/python versions -RUN pip3 --version && python3 --version + && find /usr/lib -type f -name '*.a' -o -name '*.o' -delete # Comment this to test in dev COPY *${TARGETARCH}.deb / @@ -41,5 +35,4 @@ WORKDIR /opt/tyk-gateway/ # Uncomment this to test in dev # COPY tyk . ENTRYPOINT ["/opt/tyk-gateway/tyk" ] - CMD [ "--conf=/opt/tyk-gateway/tyk.conf" ] diff --git a/ci/aws/byol.pkr.hcl b/ci/aws/byol.pkr.hcl deleted file mode 100644 index ea5c01d74165..000000000000 --- a/ci/aws/byol.pkr.hcl +++ /dev/null @@ -1,105 +0,0 @@ - -# Generated by: gromit policy -# Generated on: Fri Aug 18 08:07:54 UTC 2023 - -packer { - required_plugins { - amazon = { - version = ">= 0.0.2" - source = "github.com/hashicorp/amazon" - } - } -} - -variable "flavour" { - description = "OS Flavour" - type = string -} - -variable "source_ami_owner" { - type = string -} - -variable "ami_search_string" { - type = string -} -variable "geoip_license" { - type = string - default = "${env("GEOIP_LICENSE")}" -} - -variable "region" { - type = string - default = "us-east-1" -} - -variable "version" { - type = string - default = "${env("VERSION")}" -} - -# Latest at this time -data "amazon-ami" "base-os" { - filters = { - architecture = "x86_64" - "block-device-mapping.volume-type" = "gp2" - name = "${var.ami_search_string}" - root-device-type = "ebs" - sriov-net-support = "simple" - virtualization-type = "hvm" - } - most_recent = true - owners = ["${var.source_ami_owner}"] -} - -# source blocks are generated from your builders; a source can be referenced in -# build blocks. A build block runs provisioner and post-processors on a -# source. Read the documentation for source blocks here: -# https://www.packer.io/docs/from-1.5/blocks/source -source "amazon-ebs" "byol" { - ami_name = "BYOL tyk ${var.version} (${var.flavour})" - ena_support = true - force_delete_snapshot = true - force_deregister = true - instance_type = "t3.micro" - region = "${var.region}" - source_ami = data.amazon-ami.base-os.id - sriov_support = true - ssh_username = "ec2-user" - subnet_filter { - filters = { - "tag:Class" = "build" - } - most_free = true - random = false - } - tags = { - Component = "tyk" - Flavour = "${var.flavour}" - Product = "byol" - Version = "${var.version}" - } -} - -# a build block invokes sources and runs provisioning steps on them. The -# documentation for build blocks can be found here: -# https://www.packer.io/docs/from-1.5/blocks/build -build { - sources = ["source.amazon-ebs.byol"] - provisioner "file" { - destination = "/tmp/semver.sh" - source = "utils/semver.sh" - } - provisioner "file" { - destination = "/tmp/tyk-gateway.rpm" - sources = fileset(".", "rpm/*x86_64.rpm") - } - provisioner "file" { - destination = "/tmp/10-run-tyk.conf" - source = "utils/10-run-tyk.conf" - } - provisioner "shell" { - environment_vars = ["VERSION=${var.version}" , "GEOIP_LICENSE=${var.geoip_license}"] - script = "byol/install-tyk.sh" - } -} diff --git a/ci/goreleaser/goreleaser-el7.yml b/ci/goreleaser/goreleaser-el7.yml index 6659d6b8a35d..7fd2c404bbe6 100644 --- a/ci/goreleaser/goreleaser-el7.yml +++ b/ci/goreleaser/goreleaser-el7.yml @@ -1,5 +1,5 @@ # Generated by: gromit policy -# Generated on: Wed Jul 26 07:56:17 UTC 2023 +# Generated on: Wed Jan 17 06:35:55 UTC 2024 # Check the documentation at http://goreleaser.com # This project needs CGO_ENABLED=1 and the cross-compiler toolchains for @@ -17,9 +17,6 @@ builds: - -X github.com/TykTechnologies/tyk/internal/build.BuiltBy=goreleaser goos: - linux - env: - - CGO_ENABLED=1 - - GO111MODULE=off goarch: - amd64 binary: tyk @@ -33,14 +30,26 @@ builds: - -X github.com/TykTechnologies/tyk/internal/build.BuiltBy=goreleaser env: - CC=aarch64-linux-gnu-gcc - - CGO_ENABLED=1 - - GO111MODULE=off goos: - linux goarch: - arm64 binary: tyk - + - id: std-s390x + flags: + - -tags=goplugin + ldflags: + - -X github.com/TykTechnologies/tyk/internal/build.Version={{.Version}} + - -X github.com/TykTechnologies/tyk/internal/build.Commit={{.FullCommit}} + - -X github.com/TykTechnologies/tyk/internal/build.BuildDate={{.Date}} + - -X github.com/TykTechnologies/tyk/internal/build.BuiltBy=goreleaser + env: + - CC=s390x-linux-gnu-gcc + goos: + - linux + goarch: + - s390x + binary: tyk nfpms: - id: std vendor: "Tyk Technologies Ltd" @@ -52,6 +61,7 @@ nfpms: builds: - std-linux - std-arm64 + - std-s390 formats: - deb - rpm @@ -100,7 +110,6 @@ nfpms: signature: key_file: tyk.io.signing.key type: origin - publishers: - name: tyk-gateway-unstable env: @@ -109,19 +118,12 @@ publishers: - RPMVERS={{ .Env.RPMVERS }} - DEBVERS={{ .Env.DEBVERS }} cmd: /pc.sh {{ .ArtifactPath }} - - # This disables archives archives: - format: binary allow_different_binary_count: true - -# plugin-compiler now built from a separate independent workflow -# that also takes care of the el7 plugin compiler build - checksum: disable: true - release: disable: true github: diff --git a/ci/goreleaser/goreleaser.yml b/ci/goreleaser/goreleaser.yml index cda943c3cda3..2f6410b496a9 100644 --- a/ci/goreleaser/goreleaser.yml +++ b/ci/goreleaser/goreleaser.yml @@ -1,5 +1,5 @@ # Generated by: gromit policy -# Generated on: Fri Aug 18 08:07:54 UTC 2023 +# Generated on: Wed Jan 17 06:35:55 UTC 2024 # Check the documentation at http://goreleaser.com # This project needs CGO_ENABLED=1 and the cross-compiler toolchains for @@ -16,9 +16,6 @@ builds: - -X github.com/TykTechnologies/tyk/internal/build.BuiltBy=goreleaser goos: - linux - env: - - CGO_ENABLED=1 - - GO111MODULE=off goarch: - amd64 binary: tyk @@ -31,22 +28,34 @@ builds: - -X github.com/TykTechnologies/tyk/internal/build.BuildDate={{.Date}} - -X github.com/TykTechnologies/tyk/internal/build.BuiltBy=goreleaser env: - - CGO_ENABLED=1 - - GO111MODULE=off - CC=aarch64-linux-gnu-gcc goos: - linux goarch: - arm64 binary: tyk - + - id: std-s390x + flags: + - -tags=goplugin + ldflags: + - -X github.com/TykTechnologies/tyk/internal/build.Version={{.Version}} + - -X github.com/TykTechnologies/tyk/internal/build.Commit={{.FullCommit}} + - -X github.com/TykTechnologies/tyk/internal/build.BuildDate={{.Date}} + - -X github.com/TykTechnologies/tyk/internal/build.BuiltBy=goreleaser + env: + - CC=s390x-linux-gnu-gcc + goos: + - linux + goarch: + - s390x + binary: tyk dockers: # Build tykio/tyk-gateway, docker.tyk.io/tyk-gateway/tyk-gateway (amd64) - ids: - std image_templates: - - "tykio/tyk-gateway:{{ .Tag }}-amd64" - - "docker.tyk.io/tyk-gateway/tyk-gateway:{{ .Tag }}-amd64" + - "tykio/tyk-gateway:{{.Tag}}-amd64" + - "docker.tyk.io/tyk-gateway/tyk-gateway:{{.Tag}}-amd64" build_flag_templates: - "--build-arg=PORTS=8080" - "--platform=linux/amd64" @@ -69,12 +78,11 @@ dockers: - "policies" - "coprocess" - "tyk.conf.example" - # Build gateway hybrid container amd64 - ids: - std image_templates: - - "tykio/tyk-hybrid-docker:{{ .Tag }}-amd64" + - "tykio/tyk-hybrid-docker:{{.Tag}}-amd64" build_flag_templates: - "--platform=linux/amd64" - "--label=org.opencontainers.image.created={{.Date}}" @@ -87,15 +95,14 @@ dockers: dockerfile: ci/images/hybrid/Dockerfile extra_files: - "ci/images/hybrid/" - # The plugin compiler image is built outside of goreleaser in a # plugin-compiler-build workflow. # Build tykio/tyk-gateway, docker.tyk.io/tyk-gateway/tyk-gateway (arm64) - ids: - std image_templates: - - "tykio/tyk-gateway:{{ .Tag }}-arm64" - - "docker.tyk.io/tyk-gateway/tyk-gateway:{{ .Tag }}-arm64" + - "tykio/tyk-gateway:{{.Tag}}-arm64" + - "docker.tyk.io/tyk-gateway/tyk-gateway:{{.Tag}}-arm64" build_flag_templates: - "--build-arg=PORTS=8080" - "--platform=linux/arm64" @@ -118,12 +125,11 @@ dockers: - "policies" - "coprocess" - "tyk.conf.example" - # Build gateway hybrid container arm64 - ids: - std image_templates: - - "tykio/tyk-hybrid-docker:{{ .Tag }}-arm64" + - "tykio/tyk-hybrid-docker:{{.Tag}}-arm64" build_flag_templates: - "--platform=linux/arm64" - "--label=org.opencontainers.image.created={{.Date}}" @@ -136,10 +142,8 @@ dockers: dockerfile: ci/images/hybrid/Dockerfile extra_files: - "ci/images/hybrid/" - - # The plugin compiler image is built outside of goreleaser in a - # plugin-compiler-build workflow. - + # The plugin compiler image is built outside of goreleaser in a + # plugin-compiler-build workflow. docker_manifests: - name_template: tykio/tyk-gateway:{{ .Tag }} image_templates: @@ -149,6 +153,10 @@ docker_manifests: image_templates: - tykio/tyk-gateway:{{ .Tag }}-amd64 - tykio/tyk-gateway:{{ .Tag }}-arm64 + - name_template: tykio/tyk-gateway:v{{ .Major }}{{.Prerelease}} + image_templates: + - tykio/tyk-gateway:{{ .Tag }}-amd64 + - tykio/tyk-gateway:{{ .Tag }}-arm64 - name_template: tykio/tyk-hybrid-docker:{{ .Tag }} image_templates: - tykio/tyk-hybrid-docker:{{ .Tag }}-amd64 @@ -157,7 +165,14 @@ docker_manifests: image_templates: - docker.tyk.io/tyk-gateway/tyk-gateway:{{ .Tag }}-amd64 - docker.tyk.io/tyk-gateway/tyk-gateway:{{ .Tag }}-arm64 - + - name_template: docker.tyk.io/tyk-gateway/tyk-gateway:v{{ .Major }}.{{ .Minor }}{{.Prerelease}} + image_templates: + - tykio/tyk-gateway:{{ .Tag }}-amd64 + - tykio/tyk-gateway:{{ .Tag }}-arm64 + - name_template: tykio/tyk-gateway:v{{ .Major }}{{.Prerelease}} + image_templates: + - tykio/tyk-gateway:{{ .Tag }}-amd64 + - tykio/tyk-gateway:{{ .Tag }}-arm64 nfpms: - id: std vendor: "Tyk Technologies Ltd" @@ -169,6 +184,7 @@ nfpms: builds: - std-linux - std-arm64 + - std-s390x formats: - deb - rpm @@ -217,7 +233,6 @@ nfpms: signature: key_file: tyk.io.signing.key type: origin - publishers: - name: tyk-gateway-unstable env: @@ -226,16 +241,12 @@ publishers: - RPMVERS={{ .Env.RPMVERS }} - DEBVERS={{ .Env.DEBVERS }} cmd: /pc.sh {{ .ArtifactPath }} - - # This disables archives archives: - format: binary allow_different_binary_count: true - checksum: disable: true - release: disable: true github: diff --git a/ci/install/before_install.sh b/ci/install/before_install.sh index feb1bd6ffc10..ad2d1bc8fa48 100755 --- a/ci/install/before_install.sh +++ b/ci/install/before_install.sh @@ -1,7 +1,7 @@ #!/bin/bash # Generated by: gromit policy -# Generated on: Fri Aug 18 08:07:54 UTC 2023 +# Generated on: Wed Jan 17 06:35:55 UTC 2024 echo "Creating user and group..." GROUPNAME="tyk" diff --git a/ci/install/post_install.sh b/ci/install/post_install.sh index 999f90860e29..8fff3c8d2cd3 100755 --- a/ci/install/post_install.sh +++ b/ci/install/post_install.sh @@ -2,7 +2,7 @@ # Generated by: gromit policy -# Generated on: Fri Aug 18 08:07:54 UTC 2023 +# Generated on: Wed Jan 17 06:35:55 UTC 2024 # If "True" the install directory ownership will be changed to "tyk:tyk" change_ownership="False" diff --git a/ci/install/post_remove.sh b/ci/install/post_remove.sh index 1049cdb1c25b..098c69262221 100755 --- a/ci/install/post_remove.sh +++ b/ci/install/post_remove.sh @@ -1,7 +1,7 @@ #!/bin/sh # Generated by: gromit policy -# Generated on: Fri Aug 18 08:07:54 UTC 2023 +# Generated on: Wed Jan 17 06:35:55 UTC 2024 cleanRemove() { diff --git a/ci/install/post_trans.sh b/ci/install/post_trans.sh index 2e598fcd2091..0f40684c5fc9 100644 --- a/ci/install/post_trans.sh +++ b/ci/install/post_trans.sh @@ -1,7 +1,7 @@ #!/bin/sh # Generated by: gromit policy -# Generated on: Fri Aug 18 08:07:54 UTC 2023 +# Generated on: Wed Jan 17 06:35:55 UTC 2024 if command -V systemctl >/dev/null 2>&1; then if [ ! -f /lib/systemd/system/tyk-gateway.service ]; then