From 32b8af9b88b0f2c48b9cd881ecfbbfc383ed66d7 Mon Sep 17 00:00:00 2001 From: Gromit Date: Thu, 18 Jan 2024 17:32:48 +0000 Subject: [PATCH] Auto generated from templates by gromit --- .github/workflows/del-env.yml | 21 -- .github/workflows/release.yml | 438 ++++++++++++----------- .github/workflows/sync-automation.yml | 94 ----- .github/workflows/update-config-docs.yml | 22 -- bin/dist_build.sh | 156 -------- bin/dist_push.sh | 36 -- bin/integration_build.sh | 103 ------ ci/Dockerfile.std | 19 +- ci/aws/al2.vars.json | 5 - ci/aws/byol.pkr.hcl | 105 ------ ci/aws/byol/install-tyk.sh | 35 -- ci/aws/hybrid.pkr.hcl | 104 ------ ci/aws/hybrid/install-gateway.sh | 58 --- ci/aws/hybrid/setup_hybrid.sh | 153 -------- ci/aws/hybrid/tyk_hybrid.conf | 118 ------ ci/aws/rhel.vars.json | 5 - ci/aws/utils/10-run-tyk.conf | 3 - ci/aws/utils/semver.sh | 278 -------------- ci/bin/pc.sh | 74 ++++ ci/bin/unlock-agent.sh | 3 + ci/goreleaser/goreleaser-el7.yml | 34 +- ci/goreleaser/goreleaser.yml | 42 +-- ci/image/Dockerfile | 33 -- ci/install/before_install.sh | 2 +- ci/install/post_install.sh | 2 +- ci/install/post_remove.sh | 2 +- ci/install/post_trans.sh | 2 +- 27 files changed, 351 insertions(+), 1596 deletions(-) delete mode 100644 .github/workflows/del-env.yml delete mode 100644 .github/workflows/sync-automation.yml delete mode 100644 .github/workflows/update-config-docs.yml delete mode 100755 bin/dist_build.sh delete mode 100755 bin/dist_push.sh delete mode 100755 bin/integration_build.sh delete mode 100644 ci/aws/al2.vars.json delete mode 100644 ci/aws/byol.pkr.hcl delete mode 100755 ci/aws/byol/install-tyk.sh delete mode 100644 ci/aws/hybrid.pkr.hcl delete mode 100755 ci/aws/hybrid/install-gateway.sh delete mode 100755 ci/aws/hybrid/setup_hybrid.sh delete mode 100644 ci/aws/hybrid/tyk_hybrid.conf delete mode 100644 ci/aws/rhel.vars.json delete mode 100644 ci/aws/utils/10-run-tyk.conf delete mode 100755 ci/aws/utils/semver.sh create mode 100755 ci/bin/pc.sh delete mode 100644 ci/image/Dockerfile mode change 100644 => 100755 ci/install/post_trans.sh diff --git a/.github/workflows/del-env.yml b/.github/workflows/del-env.yml deleted file mode 100644 index f101bec0d63..00000000000 --- a/.github/workflows/del-env.yml +++ /dev/null @@ -1,21 +0,0 @@ - -# Generated by: gromit policy -# Generated on: Thu May 11 05:45:42 UTC 2023 - -name: Retiring dev env - -on: - delete: - branches: - - feature/* - - integration/* - -jobs: - retire: - runs-on: ubuntu-latest - - steps: - - name: Tell gromit about deleted branch - run: | - curl -fsSL -H "Authorization: ${{secrets.GROMIT_TOKEN}}" "https://domu-kun.cloud.tyk.io/gromit/env/${GITHUB_REF##*/}" \ - -X DELETE diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 3f796f834ff..c09e55eaa44 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,17 +1,18 @@ # Generated by: gromit policy -# Generated on: Fri Aug 18 08:07:54 UTC 2023 +# Generated on: Thu Jan 18 17:32:48 UTC 2024 # Distribution channels covered by this workflow # - Ubuntu and Debian # - RHEL and AL # - docker hub # - devenv ECR -# - AWS mktplace (not active atm) # - Cloudsmith name: Release - on: + # Trigger release every monday at midnight for master CI images + schedule: + - cron: "0 0 * * 1" pull_request: push: branches: @@ -19,93 +20,70 @@ on: - release-** tags: - 'v*' - env: - SLACK_CLI_TOKEN: ${{ secrets.BENDER_TOKEN }} GOPRIVATE: github.com/TykTechnologies - jobs: goreleaser: name: '${{ matrix.golang_cross }}' runs-on: ubuntu-latest - container: 'tykio/golang-cross:${{ matrix.golang_cross }}' + permissions: + id-token: write # AWS OIDC JWT + contents: read # actions/checkout strategy: fail-fast: false matrix: - golang_cross: [ 1.16-bullseye, 1.16-el7 ] + golang_cross: + - 1.16 + - 1.16-el7 include: - golang_cross: 1.16-el7 goreleaser: 'ci/goreleaser/goreleaser-el7.yml' rpmvers: 'el/7 amazon/2' debvers: 'ubuntu/xenial ubuntu/bionic debian/jessie' - - golang_cross: 1.16-bullseye + cgo: 0 + - golang_cross: 1.16 goreleaser: 'ci/goreleaser/goreleaser.yml' + cgo: 1 rpmvers: 'el/8 el/9 amazon/2023' - debvers: 'ubuntu/bionic ubuntu/focal ubuntu/jammy debian/buster debian/bullseye' + debvers: 'ubuntu/bionic ubuntu/focal ubuntu/jammy debian/buster debian/bullseye debian/bookworm' outputs: - tag: ${{ steps.targets.outputs.tag }} - + tags: ${{ steps.metadata.outputs.tags }} steps: - - name: Fix private module deps - env: - TOKEN: '${{ secrets.ORG_GH_TOKEN }}' - run: > - git config --global url."https://${TOKEN}@github.com".insteadOf "https://github.com" - - name: Checkout of tyk - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 1 - - - name: "Add Git safe.directory" - run: git config --global --add safe.directory $GITHUB_WORKSPACE - - - uses: docker/setup-qemu-action@v2 - - - uses: docker/setup-buildx-action@v2 - + - uses: docker/setup-qemu-action@v3 + - uses: docker/setup-buildx-action@v3 - name: Login to DockerHub if: startsWith(github.ref, 'refs/tags') - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: Login to Cloudsmith if: startsWith(github.ref, 'refs/tags') - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: docker.tyk.io username: ${{ secrets.CLOUDSMITH_USERNAME }} password: ${{ secrets.CLOUDSMITH_API_KEY }} - - - name: Unlock agent and set tag - id: targets - shell: bash + - uses: actions/cache@v3 + with: + path: | + ~/.cache/go-build + ~/go/pkg/mod + key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} + restore-keys: | + ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} + - name: Build env: NFPM_STD_PASSPHRASE: ${{ secrets.SIGNING_KEY_PASSPHRASE }} - GPG_FINGERPRINT: 12B5D62C28F57592D1575BD51ED14C59E37DAC20 PKG_SIGNING_KEY: ${{ secrets.SIGNING_KEY }} + PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }} run: | + echo '#!/bin/sh ci/bin/unlock-agent.sh - current_tag=${GITHUB_REF##*/} - echo "tag=${current_tag}" >> $GITHUB_OUTPUT - - - name: Delete old release assets - if: startsWith(github.ref, 'refs/tags') - uses: mknejp/delete-release-assets@v1 - with: - token: ${{ github.token }} - tag: ${{ github.ref }} - fail-if-no-assets: false - fail-if-no-release: false - assets: | - *.deb - *.rpm - *.tar.gz - *.txt.sig - *.txt - - name: Fix vendor - run: | mkdir -p /go/src go mod tidy go mod vendor @@ -114,117 +92,209 @@ jobs: cp -r ./* /go/src/github.com/TykTechnologies/tyk find /go/src -name vendor | xargs --no-run-if-empty -d'\n' rm -rf rm -rf vendor - - - uses: goreleaser/goreleaser-action@v4 + git config --global url."https://${{ secrets.ORG_GH_TOKEN }}@github.com".insteadOf "https://github.com" + git config --global --add safe.directory /go/src/github.com/TykTechnologies/tyk + goreleaser release --clean -f ${{ matrix.goreleaser }} ${{ !startsWith(github.ref, 'refs/tags/') && ' --snapshot' || '' }}' | tee /tmp/build.sh + chmod +x /tmp/build.sh + docker run --rm --privileged -e GITHUB_TOKEN=${{ github.token }} \ + -e GOPRIVATE=github.com/TykTechnologies \ + -e GO111MODULE=on \ + -e DEBVERS='${{ matrix.debvers }}' \ + -e RPMVERS='${{ matrix.rpmvers }}' \ + -e CGO_ENABLED=${{ matrix.cgo }} \ + -e NFPM_STD_PASSPHRASE="$NFPM_STD_PASSPHRASE" \ + -e GPG_FINGERPRINT=12B5D62C28F57592D1575BD51ED14C59E37DAC20 \ + -e PKG_SIGNING_KEY="$PKG_SIGNING_KEY" \ + -e PACKAGECLOUD_TOKEN=$PACKAGECLOUD_TOKEN \ + -v ${{github.workspace}}:/go/src/github.com/TykTechnologies/tyk \ + -v /var/run/docker.sock:/var/run/docker.sock \ + -v ~/.docker/config.json:/root/.docker/config.json \ + -v ~/go/pkg/mod:/go/pkg/mod \ + -v /tmp/build.sh:/tmp/build.sh \ + -w /go/src/github.com/TykTechnologies/tyk \ + tykio/golang-cross:${{ matrix.golang_cross }} /tmp/build.sh + - uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: arn:aws:iam::754489498669:role/ecr_rw_tyk + role-session-name: cipush + aws-region: eu-central-1 + # Don't mask to pass it across job boundaries + mask-aws-account-id: false + - uses: aws-actions/amazon-ecr-login@v2 + id: ecr + if: ${{ matrix.golang_cross == '1.16' }} with: - version: latest - args: release --clean -f ${{ matrix.goreleaser }} ${{ !startsWith(github.ref, 'refs/tags/') && ' --snapshot' || '' }} + mask-password: 'true' + - name: Docker metadata for CI + id: metadata + if: ${{ matrix.golang_cross == '1.16' }} + uses: docker/metadata-action@v5 + with: + images: ${{ steps.ecr.outputs.registry }}/tyk + flavor: | + latest=false + tags: | + type=ref,event=branch + type=ref,event=pr + type=sha,format=long + type=semver,pattern=v{{major}}.{{minor}},prefix=v + type=semver,pattern=v{{version}},prefix=v + - name: CI push + if: ${{ matrix.golang_cross == '1.16' }} + shell: bash env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - CGO_ENABLED: 1 - GO111MODULE: off - NFPM_STD_PASSPHRASE: ${{ secrets.SIGNING_KEY_PASSPHRASE }} - NFPM_PAYG_PASSPHRASE: ${{ secrets.SIGNING_KEY_PASSPHRASE }} - GPG_FINGERPRINT: 12B5D62C28F57592D1575BD51ED14C59E37DAC20 - PKG_SIGNING_KEY: ${{ secrets.SIGNING_KEY }} - GOLANG_CROSS: ${{ matrix.golang_cross }} - DEBVERS: ${{ matrix.debvers }} - RPMVERS: ${{ matrix.rpmvers }} - PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }} - DOCKER_CLI_EXPERIMENTAL: "enabled" + t: ${{ steps.metadata.outputs.tags }} + build_tag: ${{ startswith(github.ref, 'refs/tags') && github.ref_name || 'v0.0.0' }} + run: | + set +e + IFS=$'\n' tags=($t) + for tag in "${tags[@]}"; do + for arch in amd64 arm64; do + docker tag tykio/tyk-gateway:${build_tag}-${arch} ${tag}-${arch} && docker push ${tag}-${arch} + done + docker manifest create ${tag} ${tag}-amd64 ${tag}-arm64 && docker manifest push ${tag} + done - uses: actions/upload-artifact@v3 + if: ${{ matrix.golang_cross == '1.16' }} with: name: deb retention-days: 1 path: | dist/*.deb !dist/*PAYG*.deb - - uses: actions/upload-artifact@v3 + if: ${{ matrix.golang_cross == '1.16' }} with: name: rpm retention-days: 1 path: | dist/*.rpm !dist/*PAYG*.rpm - ci: - needs: - - goreleaser + test-controller: + needs: goreleaser + runs-on: ubuntu-latest + container: tykio/gromit:v1.6 + outputs: + conf: ${{ steps.params.outputs.conf }} + db: ${{ steps.params.outputs.db }} + pump: ${{ steps.params.outputs.pump }} + sink: ${{ steps.params.outputs.sink }} + gd_tag: ${{ steps.params.outputs.gd_tag }} + versions: ${{ steps.params.outputs.versions }} + steps: + - name: set params + id: params + env: + REPO: ${{ github.repository }} + # Cover pull_request_target too + BASE_REF: ${{startsWith(github.event_name, 'pull_request') && github.base_ref || github.ref}} + TAGS: ${{ needs.goreleaser.outputs.tags }} + IS_PR: ${{startsWith(github.event_name, 'pull_request') && 'yes' }} + IS_TAG: ${{startsWith(github.ref, 'refs/tags') && 'yes' }} + run: gromit policy controller --loglevel debug | tee -a "$GITHUB_OUTPUT" + api-tests: + needs: test-controller runs-on: ubuntu-latest permissions: - id-token: write # This is required for requesting the JWT - contents: read # This is required for actions/checkout - + id-token: write # This is required for requesting the Github JWT + contents: read # This is required for actions/checkout + strategy: + fail-fast: false + matrix: + conf: ${{ fromJson(needs.test-controller.outputs.conf) }} + db: ${{ fromJson(needs.test-controller.outputs.db) }} + pump: ${{ fromJson(needs.test-controller.outputs.pump) }} + sink: ${{ fromJson(needs.test-controller.outputs.sink) }} + include: + - db: postgres15 + markers: "and not sql" steps: - - name: Shallow checkout of tyk - uses: actions/checkout@v3 - with: - fetch-depth: 1 - - - uses: aws-actions/configure-aws-credentials@v2 + - uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: arn:aws:iam::754489498669:role/ecr_rw_tyk role-session-name: cipush aws-region: eu-central-1 - - - name: Login to Amazon ECR - id: login-ecr - uses: aws-actions/amazon-ecr-login@v1 - - - uses: actions/download-artifact@v3 + - id: ecr + uses: aws-actions/amazon-ecr-login@v2 with: - name: deb - - - name: Docker metadata - id: metadata - uses: docker/metadata-action@v4 + mask-password: 'true' + # Only ${{ github.actor }} has access + # See https://github.com/mxschmitt/action-tmate#use-registered-public-ssh-keys + - name: Setup tmate session only in debug mode + uses: mxschmitt/action-tmate@v3 + if: ${{ runner.debug == '1' }} with: - images: ${{ steps.login-ecr.outputs.registry }}/tyk - flavor: | - latest=false - prefix=v - tags: | - type=semver,pattern=v{{version}} - type=semver,pattern=v{{major}}.{{minor}} - type=semver,pattern=v{{major}} - type=ref,event=branch - - - uses: docker/setup-qemu-action@v2 - - - uses: docker/setup-buildx-action@v2 - - - name: CI build - uses: docker/build-push-action@v4 + detached: true + limit-access-to-actor: true + - name: fetch env from tyk-ci + env: + GH_TOKEN: ${{ github.token }} + run: | + gh release download v1.2 --repo github.com/TykTechnologies/tyk-ci -O env.tgz + tar xzvf env.tgz + - name: env up + shell: bash + working-directory: auto + id: env_up + env: + pull_policy: 'if_not_present' + GH_TOKEN: ${{ secrets.ORG_GH_TOKEN }} + TYK_DB_LICENSEKEY: ${{ secrets.DASH_LICENSE }} + TYK_MDCB_LICENSE: ${{ secrets.MDCB_LICENSE }} + ECR: ${{ steps.ecr.outputs.registry }} + VERSIONS: ${{ needs.test-controller.outputs.versions}} + run: "echo \"ECR=${ECR}\n$VERSIONS\ntyk_pump_image=${{matrix.pump}} \ntyk_sink_image=${{matrix.sink}} \n# base dir for config files\nconfs_dir=./pro-ha\n# pick database to use\nenv_file=local-${{ matrix.db }}.env\n\" > versions.env\nprintf '::group::versions\\n%s\\n::endgroup::' \"$(cat versions.env)\"\n# Add Tyk component config variations to $env_file\ncat confs/${{ matrix.conf }}.env >> local-${{ matrix.db }}.env\n# bring up env, the project name is important\ndocker compose -p auto -f pro-ha.yml -f deps_pro-ha.yml -f ${{ matrix.db }}.yml --env-file versions.env --profile master-datacenter up --quiet-pull -d\n./dash-bootstrap.sh http://localhost:3000\ndocker compose -p auto -f pro-ha.yml -f deps_pro-ha.yml -f ${{ matrix.db }}.yml --env-file versions.env --profile slave-datacenter up --quiet-pull -d\n" + - name: Run tests + working-directory: auto + id: test_execution + run: | + echo "### API tests ${{ matrix.db }} ${{ matrix.conf }}" >> $GITHUB_STEP_SUMMARY + if docker run --rm --network auto_default --env-file pytest.env -v ${{ github.workspace }}/reports:/app/reports \ + ${{ steps.ecr.outputs.registry }}/tyk-automated-tests:${{ needs.test-controller.outputs.gd_tag }} \ + pytest -c pytest_ci.ini --ci -m "not local and not dind ${{ matrix.markers }}" | tee tests.out; then + echo "All tests passed!" >> $GITHUB_STEP_SUMMARY + else + echo "::error title=API tests ${{ matrix.db }} ${{ matrix.conf }}::Test execution failed" + cat tests.out >> $GITHUB_STEP_SUMMARY + docker logs tyk tyk-analytics + exit 1 + fi + - name: Archive Integration tests report + if: ${{ always() }} + uses: actions/upload-artifact@v3 with: - push: true - context: "." - file: ci/Dockerfile.std - platforms: linux/amd64,linux/arm64 - tags: | - ${{ steps.metadata.outputs.tags }} - ${{ steps.login-ecr.outputs.registry }}/tyk:${{ needs.goreleaser.outputs.tag }} - ${{ steps.login-ecr.outputs.registry }}/tyk:${{ github.sha }} - - sbom: - needs: ci - uses: TykTechnologies/github-actions/.github/workflows/sbom.yaml@main - secrets: - DEPDASH_URL: ${{ secrets.DEPDASH_URL }} - DEPDASH_KEY: ${{ secrets.DEPDASH_KEY }} - ORG_GH_TOKEN: ${{ secrets.ORG_GH_TOKEN }} - - tat: - needs: ci - uses: tyklabs/tyk-pro/.github/workflows/tests.yml@v1 - permissions: - id-token: write # This is required for requesting the JWT - contents: read # This is required for actions/checkout - with: - tyk-version: ${{ github.ref_name }} - tyk-analytics-version: ${{ github.ref_name }} - + name: api-test-report + retention-days: 3 + path: ${{ github.workspace }}/reports + - name: Fetch commit author + if: ${{ steps.test_execution.outcome != 'success' && !github.event.pull_request.draft }} + run: echo "GIT_USER_EMAIL=$(git show -s --format='%ae' HEAD)" >> $GITHUB_ENV + - name: Fetch slack user + if: ${{ steps.test_execution.outcome != 'success' && !github.event.pull_request.draft }} + id: fetch_slack_user + uses: TykTechnologies/github-actions/.github/actions/github-to-slack@main + with: + github_email: ${{ env.GIT_USER_EMAIL }} + - name: Notify slack + if: ${{ steps.test_execution.outcome != 'success' && !github.event.pull_request.draft }} + uses: rtCamp/action-slack-notify@v2 + env: + SLACK_WEBHOOK: ${{ secrets.API_TEST_ALERT_SLACK_WEBHOOK }} + SLACK_COLOR: ${{ job.status }} + SLACK_TITLE: "Result: ${{ steps.test_execution.outcome }}" + SLACK_USERNAME: API INTEGRATION TESTS + SLACK_MESSAGE: "*Test*: ${{ matrix.db }}-${{ matrix.conf }}, *Author*: ${{ steps.fetch_slack_user.outputs.slack-user-name }}" + SLACK_FOOTER: "" + - name: Comment on PR + if: ${{ always() && !github.event.pull_request.draft }} + uses: mshick/add-pr-comment@v2 + with: + message: "**API tests result - ${{ matrix.db }}-${{ matrix.conf }} env: ${{ steps.test_execution.outcome }}** ${{ env.STATUS }} \nBranch used: ${{ github.ref }}\nCommit: ${{ github.event.after }} ${{ github.event.commits[0].message }}\nTriggered by: ${{ github.event_name }} (@${{ github.actor }})\n[Execution page](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }})\n" + repo-token: ${{ secrets.ORG_GH_TOKEN }} + message-id: ${{ matrix.db }}-${{ matrix.conf }} + env: + STATUS: "${{ steps.test_execution.outcome == 'success' && ':white_check_mark:' || ':no_entry_sign:' }}" upgrade-deb: - if: startsWith(github.ref, 'refs/tags') services: httpbin.org: image: kennethreitz/httpbin @@ -240,21 +310,18 @@ jobs: - ubuntu:xenial - ubuntu:bionic - ubuntu:focal + - ubuntu:jammy - debian:bullseye - + - debian:bookworm steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: fetch-depth: 1 - - uses: actions/download-artifact@v3 with: name: deb - - - uses: docker/setup-qemu-action@v2 - - - uses: docker/setup-buildx-action@v2 - + - uses: docker/setup-qemu-action@v3 + - uses: docker/setup-buildx-action@v3 - name: generate dockerfile run: | echo 'FROM ${{ matrix.distro }} @@ -270,9 +337,8 @@ jobs: COPY ci/tests/api-functionality/data/api.json /opt/tyk-gateway/apps/ CMD [ "/pkg_test.sh" ] ' > Dockerfile - - name: install on ${{ matrix.distro }} - uses: docker/build-push-action@v4 + uses: docker/build-push-action@v5 with: context: "." platforms: linux/${{ matrix.arch }} @@ -280,13 +346,10 @@ jobs: push: false tags: test-${{ matrix.distro }}-${{ matrix.arch }} load: true - - name: Test the built container image with api functionality test. run: | docker run --network ${{ job.container.network }} --rm test-${{ matrix.distro }}-${{ matrix.arch }} - upgrade-rpm: - if: startsWith(github.ref, 'refs/tags') services: httpbin.org: image: kennethreitz/httpbin @@ -296,25 +359,25 @@ jobs: fail-fast: false matrix: distro: - - ubi7/ubi - - ubi8/ubi - + - amazonlinux:2023 + - registry.access.redhat.com/ubi8/ubi + - registry.access.redhat.com/ubi9/ubi + - amazonlinux:2 + - registry.access.redhat.com/ubi7/ubi steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: fetch-depth: 1 - - uses: actions/download-artifact@v3 with: name: rpm - - - uses: docker/setup-buildx-action@v2 - + - uses: docker/setup-buildx-action@v3 - name: generate dockerfile run: | - echo 'FROM registry.access.redhat.com/${{ matrix.distro }} + echo 'FROM ${{ matrix.distro }} COPY tyk-gateway*.x86_64.rpm /tyk-gateway.rpm - RUN yum install --allowerasing -y curl + RUN command -v curl || yum install -y curl + RUN command -v useradd || yum install -y shadow-utils RUN curl -fsSL https://packagecloud.io/install/repositories/tyk/tyk-gateway/script.rpm.sh | bash && yum install -y tyk-gateway-3.0.8-1 RUN curl https://keyserver.tyk.io/tyk.io.rpm.signing.key.2020 -o tyk-gateway.key && rpm --import tyk-gateway.key RUN rpm --checksig tyk-gateway.rpm @@ -326,60 +389,21 @@ jobs: COPY ci/tests/api-functionality/pkg_test.sh / CMD [ "/pkg_test.sh" ] ' > Dockerfile - - name: install on ${{ matrix.distro }} - uses: docker/build-push-action@v4 + uses: docker/build-push-action@v5 with: context: "." file: Dockerfile push: false tags: test-${{ matrix.distro }} load: true - - name: Test the built container image with api functionality test. run: | docker run --network ${{ job.container.network }} --rm test-${{ matrix.distro }} - - smoke-tests: - if: startsWith(github.ref, 'refs/tags') - needs: - - goreleaser - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v3 - with: - fetch-depth: 1 - - - name: Run tests - shell: bash - env: - GITHUB_TAG: ${{ github.ref }} - run: | - set -eaxo pipefail - if [ ! -d smoke-tests ]; then - echo "::warning No repo specific smoke tests defined" - fi - if [ ! -d ci/tests ]; then - echo "::warning No ci tests defined" - exit 0 - fi - for d in ci/tests/*/ - do - echo Attempting to test $d - if [ -d $d ] && [ -e $d/test.sh ]; then - cd $d - ./test.sh ${{ needs.goreleaser.outputs.tag }} - cd - - fi - done - for d in smoke-tests/*/ - do - echo Attempting to test $d - if [ -d $d ] && [ -e $d/test.sh ]; then - cd $d - ./test.sh ${{ needs.goreleaser.outputs.tag }} - cd - - fi - done - + sbom: + needs: goreleaser + uses: TykTechnologies/github-actions/.github/workflows/sbom.yaml@main + secrets: + DEPDASH_URL: ${{ secrets.DEPDASH_URL }} + DEPDASH_KEY: ${{ secrets.DEPDASH_KEY }} + ORG_GH_TOKEN: ${{ secrets.ORG_GH_TOKEN }} diff --git a/.github/workflows/sync-automation.yml b/.github/workflows/sync-automation.yml deleted file mode 100644 index 57d61235756..00000000000 --- a/.github/workflows/sync-automation.yml +++ /dev/null @@ -1,94 +0,0 @@ -# Generated by: gromit policy -# Generated on: Thu Dec 15 07:17:30 UTC 2022 - -name: Sync automation - -on: - push: - branches: - - master - paths: - - ci/** - - .github/workflows/release.yml - - .github/dependabot.yml - - .github/workflows/api-tests.yml - -jobs: - sync: - runs-on: ubuntu-latest - - strategy: - fail-fast: false - matrix: - branch: - - release-4 - - release-4.3 - - steps: - - uses: actions/checkout@v3 - with: - ref: ${{matrix.branch}} - token: ${{ secrets.ORG_GH_TOKEN }} - - - name: sync ${{matrix.branch}} from master - id: sync-changes - run: | - git config --local user.email "policy@gromit" - git config --local user.name "Bender" - git fetch origin ${{ matrix.branch }} - git fetch origin master:master - prbranch=sync/auto/${{ matrix.branch }}/${{ github.run_id }} - git checkout -b $prbranch - rm -rf ci - git restore --source master -- ci - rm -f .github/workflows/release.yml - git restore --source master -- .github/workflows/release.yml - rm -f .github/dependabot.yml - git restore --source master -- .github/dependabot.yml - rm -f .github/workflows/api-tests.yml - git restore --source master -- .github/workflows/api-tests.yml - git add -A && git commit -m "[CI]: Syncing CI changes to ${{ matrix.branch }}" - git push origin $prbranch - echo "prbranch=$prbranch" >> $GITHUB_OUTPUT - echo "::debug::Commit ${{ github.sha }} syncd for ${{matrix.branch}}" - exit 0 - - - name: Create PR from the branch. - id: create-pr - uses: actions/github-script@v6 - with: - github-token: ${{ secrets.ORG_GH_TOKEN }} - result-encoding: string - script: | - const response = await github.rest.pulls.create({ - title: '[CI] Sync automation: Syncing commits from master', - owner: context.repo.owner, - repo: context.repo.repo, - head: '${{ steps.sync-changes.outputs.prbranch }}', - base: '${{ matrix.branch }}', - body: ` PR auto generated by the CI Sync automation. - Picks the CI changes from the commit ${{ github.sha }} - on master. - Please make any additional changes required before - merging. `}); - github.rest.pulls.requestReviewers({ - owner: context.repo.owner, - repo: context.repo.repo, - pull_number: response.data.number, - team_reviewers: ['TykTechnologies/devops'] }); - github.rest.issues.addLabels({ - owner: context.repo.owner, - repo: context.repo.repo, - issue_number: response.data.number, - labels: ['sync-automation'] }); - return response.data.number - - - - name: Enable automerge for the created PR - id: enable-automerge - run: | - gh pr merge $PULL --auto --squash --subject "[CI] Sync automation: Syncing commits from master" --body "Picking CI changes from the commit $COMMIT" - env: - GITHUB_TOKEN: ${{ secrets.ORG_GH_TOKEN }} - PULL: ${{ steps.create-pr.outputs.result }} - COMMIT: ${{ github.sha }} diff --git a/.github/workflows/update-config-docs.yml b/.github/workflows/update-config-docs.yml deleted file mode 100644 index ebe2fe99571..00000000000 --- a/.github/workflows/update-config-docs.yml +++ /dev/null @@ -1,22 +0,0 @@ -# Keep the docs on tyk-docs in sync with this branch's docs - -name: Update Config docs - -on: - push: - branches: - - temporarily-suspended - paths: - - config/config.go - -jobs: - sync: - name: tyk-config-docs - runs-on: ubuntu-latest - steps: - - uses: peter-evans/repository-dispatch@v1 - with: - token: ${{ secrets.ORG_GH_TOKEN }} - repository: TykTechnologies/tyk-docs - event-type: tyk-config-docs - client-payload: '{"ref": "${{ github.ref }}", "sha": "${{ github.sha }}","repo":"gateway","branch":"${{github.ref_name}}"}' diff --git a/bin/dist_build.sh b/bin/dist_build.sh deleted file mode 100755 index 29701710101..00000000000 --- a/bin/dist_build.sh +++ /dev/null @@ -1,156 +0,0 @@ -#!/bin/bash - -# This file is deprecated in favour of .goreleaser.yml -# Automation in .g/w/release.yml - -set -ex - -: ${ORGDIR:="/go/src/github.com/TykTechnologies"} -: ${SOURCEBINPATH:="${ORGDIR}/tyk"} -: ${SIGNKEY:="12B5D62C28F57592D1575BD51ED14C59E37DAC20"} -: ${BUILDPKGS:="1"} -: ${SIGNPKGS:="1"} -: ${PKGNAME:="tyk-gateway"} -BUILDTOOLSDIR=$SOURCEBINPATH/build_tools -BUILDDIR=$SOURCEBINPATH/build -CIDIR=$SOURCEBINPATH/ci - -echo "Set version number" -: ${VERSION:=$(perl -n -e'/v(\d+).(\d+).(\d+)/'' && print "$1\.$2\.$3"' version.go)} - -if [ $BUILDPKGS == "1" ]; then - echo Configuring gpg-agent-config to accept a passphrase - mkdir ~/.gnupg && chmod 700 ~/.gnupg - cat >> ~/.gnupg/gpg-agent.conf <" - --url "https://tyk.io" - -s dir - --before-install $TEMPLATEDIR/install/before_install.sh - --after-install $TEMPLATEDIR/install/post_install.sh - --after-remove $TEMPLATEDIR/install/post_remove.sh -) -[ -z $PKGCONFLICTS ] || FPMCOMMON+=( --conflicts $PKGCONFLICTS ) -FPMRPM=( - --before-upgrade $TEMPLATEDIR/install/post_remove.sh - --after-upgrade $TEMPLATEDIR/install/post_install.sh -) - -cd $BUILDDIR -echo "Removing old packages" -rm -f *.deb -rm -f *.rpm - -for arch in ${!ARCHTGZDIRS[@]} -do - archDir=${ARCHTGZDIRS[$arch]} - echo "Creating DEB Package for $arch" - fpm "${FPMCOMMON[@]}" -C $archDir -a $arch -t deb "${CONFIGFILES[@]}" ./=/opt/tyk-gateway - echo "Creating RPM Package for $arch" - fpm "${FPMCOMMON[@]}" "${FPMRPM[@]}" -C $archDir -a $arch -t rpm "${CONFIGFILES[@]}" ./=/opt/tyk-gateway - - if [ $SIGNPKGS == "1" ]; then - echo "Signing $arch RPM" - rpm --define "%_gpg_name Team Tyk (package signing) " \ - --define "%__gpg /usr/bin/gpg" \ - --addsign *.rpm || (cat /tmp/gpg-agent.log; exit 1) - echo "Signing $arch DEB" - for i in *.deb - do - dpkg-sig --sign builder -k $SIGNKEY $i || (cat /tmp/gpg-agent.log; exit 1) - done - fi -done diff --git a/bin/dist_push.sh b/bin/dist_push.sh deleted file mode 100755 index 6e9d3c2af7b..00000000000 --- a/bin/dist_push.sh +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/bash - -# This script is only used to support the xenial builds that are triggered by Buddy -# See https://tyktech.atlassian.net/wiki/spaces/EN/pages/1180237826/Version+management+in+releng - -: ${ORGDIR:="/go/src/github.com/TykTechnologies"} -: ${SOURCEBINPATH:="${ORGDIR}/tyk"} -: ${DEBVERS:="ubuntu/xenial"} -: ${RPMVERS:=""} -: ${PKGNAME:="tyk-gateway"} - -echo "Set version number" -: ${VERSION:=$(perl -n -e'/v(\d+).(\d+).(\d+)/'' && print "$1\.$2\.$3"' version.go)} - -RELEASE_DIR="$SOURCEBINPATH/build" -export PACKAGECLOUDREPO=$PC_TARGET - -cd $RELEASE_DIR/ - -for arch in i386 amd64 arm64 -do - debName="${PKGNAME}_${VERSION}_${arch}.deb" - rpmName="$PKGNAME-$VERSION-1.${arch/amd64/x86_64}.rpm" - - for ver in $DEBVERS - do - echo "Pushing $debName to PackageCloud $ver" - package_cloud push tyk/$PACKAGECLOUDREPO/$ver $debName - done - - for ver in $RPMVERS - do - echo "Pushing $rpmName to PackageCloud $ver" - package_cloud push tyk/$PACKAGECLOUDREPO/$ver $rpmName - done -done diff --git a/bin/integration_build.sh b/bin/integration_build.sh deleted file mode 100755 index c605d2db18c..00000000000 --- a/bin/integration_build.sh +++ /dev/null @@ -1,103 +0,0 @@ -#!/bin/bash - -set -ex - -: ${SIGNKEY:="12B5D62C28F57592D1575BD51ED14C59E37DAC20"} -: ${BUILDPKGS:="1"} -: ${ARCH:=amd64} -: ${PKG_PREFIX:=tyk} -if [ $BUILDPKGS == "1" ]; then - echo Configuring gpg-agent-config to accept a passphrase - mkdir ~/.gnupg && chmod 700 ~/.gnupg - cat >> ~/.gnupg/gpg-agent.conf <" - --url "https://tyk.io" - -s dir - --before-install $TEMPLATEDIR/install/before_install.sh - --after-install $TEMPLATEDIR/install/post_install.sh - --after-remove $TEMPLATEDIR/install/post_remove.sh -) -[ -z $PKGCONFLICTS ] || FPMCOMMON+=( --conflicts $PKGCONFLICTS ) -FPMRPM=( - --before-upgrade $TEMPLATEDIR/install/post_remove.sh - --after-upgrade $TEMPLATEDIR/install/post_install.sh -) - -cd $bdir -echo "Creating DEB Package for $ARCH" -fpm "${FPMCOMMON[@]}" -a $ARCH -t deb "${CONFIGFILES[@]}" ./=/opt/${PKG_PREFIX} -echo "Creating RPM Package for $ARCH" -fpm "${FPMCOMMON[@]}" "${FPMRPM[@]}" -a $ARCH -t rpm "${CONFIGFILES[@]}" ./=/opt/${PKG_PREFIX} - -if [ $BUILDPKGS == "1" ]; then - echo "Signing $ARCH RPM" - rpm --define "%_gpg_name Team Tyk (package signing) " \ - --define "%__gpg /usr/bin/gpg" \ - --addsign *.rpm || (cat /tmp/gpg-agent.log; exit 1) - echo "Signing $ARCH DEB" - dpkg-sig --sign builder -k $SIGNKEY $i || (cat /tmp/gpg-agent.log; exit 1) -fi diff --git a/ci/Dockerfile.std b/ci/Dockerfile.std index 53178945158..64cf3367d13 100644 --- a/ci/Dockerfile.std +++ b/ci/Dockerfile.std @@ -1,6 +1,5 @@ - # Generated by: gromit policy -# Generated on: Fri Aug 18 08:07:54 UTC 2023 +# Generated on: Thu Jan 18 17:32:48 UTC 2024 FROM debian:bullseye-slim ARG TARGETARCH @@ -9,24 +8,19 @@ ENV DEBIAN_FRONTEND=noninteractive RUN apt-get update \ && apt-get dist-upgrade -y ca-certificates -# Install curl and python3 -RUN apt-get install -y curl python3-setuptools libpython3.9 python3.9-dev \ - && curl https://bootstrap.pypa.io/get-pip.py | python3 \ - && pip3 install --only-binary ":all:" grpcio protobuf==3.20.2 && pip3 install --upgrade setuptools +# For Python plugins +RUN apt-get install -y python3-setuptools libpython3-dev python3-dev python3-grpcio # Remove some things to decrease CVE surface -RUN apt-get remove -y --allow-remove-essential --auto-remove curl libtiff5 ncurses-base \ - && rm /usr/bin/passwd && rm /usr/sbin/adduser +RUN dpkg --purge --force-remove-essential curl ncurses-base || true +RUN rm -fv /usr/bin/passwd /usr/sbin/adduser || true # Clean up caches, unwanted .a and .o files RUN rm -rf /root/.cache \ && apt-get -y autoremove \ && apt-get clean \ && rm -rf /usr/include/* \ - && find /usr/lib -type f -name '*.a' -delete \ - && find /usr/lib -type f -name '*.o' -delete -# Print included pip/python versions -RUN pip3 --version && python3 --version + && find /usr/lib -type f -name '*.a' -o -name '*.o' -delete # Comment this to test in dev COPY *${TARGETARCH}.deb / @@ -41,5 +35,4 @@ WORKDIR /opt/tyk-gateway/ # Uncomment this to test in dev # COPY tyk . ENTRYPOINT ["/opt/tyk-gateway/tyk" ] - CMD [ "--conf=/opt/tyk-gateway/tyk.conf" ] diff --git a/ci/aws/al2.vars.json b/ci/aws/al2.vars.json deleted file mode 100644 index 97cbb85cc91..00000000000 --- a/ci/aws/al2.vars.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "ami_search_string": "amzn2-ami-hvm*", - "flavour": "AWSLinux", - "source_ami_owner": "amazon" -} diff --git a/ci/aws/byol.pkr.hcl b/ci/aws/byol.pkr.hcl deleted file mode 100644 index ea5c01d7416..00000000000 --- a/ci/aws/byol.pkr.hcl +++ /dev/null @@ -1,105 +0,0 @@ - -# Generated by: gromit policy -# Generated on: Fri Aug 18 08:07:54 UTC 2023 - -packer { - required_plugins { - amazon = { - version = ">= 0.0.2" - source = "github.com/hashicorp/amazon" - } - } -} - -variable "flavour" { - description = "OS Flavour" - type = string -} - -variable "source_ami_owner" { - type = string -} - -variable "ami_search_string" { - type = string -} -variable "geoip_license" { - type = string - default = "${env("GEOIP_LICENSE")}" -} - -variable "region" { - type = string - default = "us-east-1" -} - -variable "version" { - type = string - default = "${env("VERSION")}" -} - -# Latest at this time -data "amazon-ami" "base-os" { - filters = { - architecture = "x86_64" - "block-device-mapping.volume-type" = "gp2" - name = "${var.ami_search_string}" - root-device-type = "ebs" - sriov-net-support = "simple" - virtualization-type = "hvm" - } - most_recent = true - owners = ["${var.source_ami_owner}"] -} - -# source blocks are generated from your builders; a source can be referenced in -# build blocks. A build block runs provisioner and post-processors on a -# source. Read the documentation for source blocks here: -# https://www.packer.io/docs/from-1.5/blocks/source -source "amazon-ebs" "byol" { - ami_name = "BYOL tyk ${var.version} (${var.flavour})" - ena_support = true - force_delete_snapshot = true - force_deregister = true - instance_type = "t3.micro" - region = "${var.region}" - source_ami = data.amazon-ami.base-os.id - sriov_support = true - ssh_username = "ec2-user" - subnet_filter { - filters = { - "tag:Class" = "build" - } - most_free = true - random = false - } - tags = { - Component = "tyk" - Flavour = "${var.flavour}" - Product = "byol" - Version = "${var.version}" - } -} - -# a build block invokes sources and runs provisioning steps on them. The -# documentation for build blocks can be found here: -# https://www.packer.io/docs/from-1.5/blocks/build -build { - sources = ["source.amazon-ebs.byol"] - provisioner "file" { - destination = "/tmp/semver.sh" - source = "utils/semver.sh" - } - provisioner "file" { - destination = "/tmp/tyk-gateway.rpm" - sources = fileset(".", "rpm/*x86_64.rpm") - } - provisioner "file" { - destination = "/tmp/10-run-tyk.conf" - source = "utils/10-run-tyk.conf" - } - provisioner "shell" { - environment_vars = ["VERSION=${var.version}" , "GEOIP_LICENSE=${var.geoip_license}"] - script = "byol/install-tyk.sh" - } -} diff --git a/ci/aws/byol/install-tyk.sh b/ci/aws/byol/install-tyk.sh deleted file mode 100755 index 9a5ea66ba87..00000000000 --- a/ci/aws/byol/install-tyk.sh +++ /dev/null @@ -1,35 +0,0 @@ -#!/bin/bash -set -ex - -# Do this first else it will overwrite the change from yum-config-manager -sudo yum update -y - -python_pkgs="python3-libs python3-pip python3-devel" - -pip='pip3 install --only-binary ":all:" grpcio protobuf' - -# RHEL 7.7 onwards has its own Python3 that interferes with EPEL's Python -source /etc/os-release -if [[ $ID == 'rhel' ]]; then - sudo yum-config-manager --enable rhel-server-rhui-rhscl-$(rpm -E '%{rhel}')-rpms - python_pkgs='rh-python36' - cat > /tmp/pip <: error calling clean_resource_name: unhandled "clean_resource_name" call: -# there is no way to automatically upgrade the "clean_resource_name" call. -# Please manually upgrade to use custom validation rules, `replace(string, substring, replacement)` or `regex_replace(string, substring, replacement)` -# Visit https://packer.io/docs/from-1.5/variables#custom-validation-rules , https://www.packer.io/docs/from-1.5/functions/string/replace or https://www.packer.io/docs/from-1.5/functions/string/regex_replace for more infos. - -source "amazon-ebs" "Gateway" { - access_key = "{{user `aws_access_key`}}" - ami_name = "Tyk API Gateway v{{user `tyk_gw_version`}} ({{user `flavour`}}) {{isotime | clean_resource_name}}" - ena_support = true - instance_type = "t3.micro" - region = "{{user `region`}}" - secret_key = "{{user `aws_secret_key`}}" - source_ami = "{{user `source_ami`}}" - source_ami_filter { - filters = { - architecture = "x86_64" - "block-device-mapping.volume-type" = "gp2" - name = "{{user `ami_search_string`}}" - root-device-type = "ebs" - sriov-net-support = "simple" - virtualization-type = "hvm" - } - most_recent = true - owners = ["{{user `source_ami_owner`}}"] - } - sriov_support = true - ssh_username = "ec2-user" - subnet_filter { - filters = { - "tag:Class" = "build" - } - most_free = true - random = false - } - tags = { - Component = "gateway" - Flavour = "{{user `flavour`}}" - Product = "Standalone" - } -} - -# a build block invokes sources and runs provisioning steps on them. The -# documentation for build blocks can be found here: -# https://www.packer.io/docs/from-1.5/blocks/build -build { - sources = ["source.amazon-ebs.Gateway"] - - provisioner "file" { - destination = "/tmp/tyk_hybrid.conf" - source = "./hybrid/tyk_hybrid.conf" - } - provisioner "file" { - destination = "/tmp/setup_hybrid.sh" - source = "./hybrid/setup_hybrid.sh" - } - provisioner "file" { - destination = "/tmp/semver.sh" - source = "./semver.sh" - } - provisioner "file" { - destination = "/tmp/10-run-tyk.conf" - source = "./10-run-tyk.conf" - } - provisioner "shell" { - environment_vars = ["TYK_GATEWAY_VERSION=${var.tyk_gw_version}", "GEOIP_LICENSE=${var.geoip_license}"] - script = "hybrid/install-gateway.sh" - } - post-processor "manifest" { - output = "manifest.json" - strip_path = true - } -} diff --git a/ci/aws/hybrid/install-gateway.sh b/ci/aws/hybrid/install-gateway.sh deleted file mode 100755 index 95ba3ee6063..00000000000 --- a/ci/aws/hybrid/install-gateway.sh +++ /dev/null @@ -1,58 +0,0 @@ -#!/bin/bash -set -ex - -# 2.9.3.x do not follow semver and semver.sh will barf -if [[ $TYK_GATEWAY_VERSION =~ 2.9.[34].[[:digit:]] ]]; then - gwlt29="1" -else - # Python 3.4 is needed upto 2.8.x, later versions can use the latest Python - printf -v gwlt29 $(/tmp/semver.sh compare $TYK_GATEWAY_VERSION 2.9.0) -fi - -if [[ $gwlt29 == "-1" ]]; then - python_pkgs="python34-libs python34-pip python34-devel" - pip=pip3.4 - grpcio="grpcio==1.7.0" -else - python_pkgs="python3-libs python3-pip python3-devel" - pip=pip3 - grpcio="grpcio" -fi - -sudo yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-$(rpm -E '%{rhel}').noarch.rpm -sudo yum update -y -curl -s https://packagecloud.io/install/repositories/tyk/tyk-gateway/script.rpm.sh | sudo bash - -# Newest grpc requires g++ -sudo yum install -y tyk-gateway-${TYK_GATEWAY_VERSION} gcc gcc-c++ awslogs $python_pkgs -sudo amazon-linux-extras install redis4.0 - -#sudo yum install -y https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.amzn1.noarch.rpm || true - -mkdir geolite && cd geolite -curl "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-City&license_key=${GEOIP_LICENSE}&suffix=tar.gz" -o GeoLite2-City.tar.gz -tar xzf GeoLite2-City.tar.gz --strip=1 -sudo mv -v GeoLite2-City.mmdb /opt/tyk-gateway -sudo mv -v LICENSE.txt /opt/tyk-gateway/GeoLite2-City.LICENSE -cd && rm -rf geolite - -sudo $pip install $grpcio protobuf - -# Disable redis, will be enabled by setup_hybrid.sh if needed -sudo systemctl stop redis || true -sudo systemctl disable redis - -# Move scripts from ephemeral /tmp -sudo mv /tmp/setup_hybrid.sh /tmp/tyk_hybrid.conf /opt/tyk-gateway - -# Confine tyk to its own user (should eventually be done by the package) -sudo mkdir -p /etc/systemd/system/tyk-gateway.service.d -sudo mv /tmp/10-run-tyk.conf /etc/systemd/system/tyk-gateway.service.d -sudo chown -R tyk:tyk /opt/tyk-gateway -sudo chmod 660 /opt/tyk-gateway/tyk.conf -sudo mkdir -p /var/run/tyk && sudo chown tyk:tyk /var/run/tyk && sudo chmod 770 /var/run/tyk - -sudo systemctl disable tyk-gateway tyk-gateway-python - -sudo rm -f /home/ec2-user/.ssh/authorized_keys -sudo rm -f /root/.ssh/authorized_keys diff --git a/ci/aws/hybrid/setup_hybrid.sh b/ci/aws/hybrid/setup_hybrid.sh deleted file mode 100755 index 9f47b32f760..00000000000 --- a/ci/aws/hybrid/setup_hybrid.sh +++ /dev/null @@ -1,153 +0,0 @@ -#!/bin/bash -set -e - -# Init defaults -TYKPORT=8080 -TYKTYPE="default" -TYKCONF="/opt/tyk-gateway/tyk_hybrid.conf" -REDISHOST="localhost" -REDISPORT=6379 -REDISUSER="" -REDISPASS="" -REDISDB=0 -REDISUSESSL=false -BINDSLUGS=true - -# Parse options -while [[ $# -gt 0 ]] -do -key="$1" - -case $key in - -s|--secret) - SECRET="$2" - shift # past argument - shift # past value - ;; - -t|--type) - TYKTYPE="$2" - shift # past argument - shift # past value - ;; - -o|--orgid) - ORGID="$2" - shift # past argument - shift # past value - ;; - -k|--apikey) - APIKEY="$2" - shift # past argument - shift # past value - ;; - -p|--port) - TYKPORT="$2" - shift # past argument - shift # past value - ;; - -c|--conf) - TYKCONF="$2" - shift # past argument - shift # past value - ;; - --redis-host) - REDISHOST="$2" - shift # past argument - shift # past value - ;; - --redis-port) - REDISPORT="$2" - shift # past argument - shift # past value - ;; - --redis-user) - REDISUSER="$2" - shift # past argument - shift # past value - ;; - --redis-pass) - REDISPASS="$2" - shift # past argument - shift # past value - ;; - --redis-db) - REDISDB="$2" - shift # past argument - shift # past value - ;; - --redis-use-ssl) - REDISUSESSL=true - shift # past argument - ;; - --no-bind-slugs) - BINDSLUGS=false - shift # past argument - ;; - *) - echo "Script to setup Tyk Gateway for your Hybrid account" - echo "Usage: setup_hybrid.sh -o -k -s -t -p --redis-host --redis-port --redis-user --redis-pass --redis-db --redis-use-ssl(optional) --no-bind-slugs(optional)" - exit 1 - ;; -esac -done - -if [ -z $ORGID -o -z $APIKEY ]; then - echo "Both organisation ID (-o) and API key (-k) are required." - exit 1 -fi - -if [ -z $SECRET ]; then - SECRET=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 64 | head -n 1) - echo "Autogenerated node secret (keep it safe): $SECRET" -fi - -if [ $REDISHOST == "localhost" ]; then - echo "No Redis options detected, enabling local Redis server" - systemctl enable redis - systemctl start redis -fi - -echo "Enabling custom configuration" -cp /opt/tyk-gateway/tyk.conf /opt/tyk-gateway/tyk.conf.bak -if [ -s $TYKCONF ]; then - echo "Custom tyk.conf found -- using it instead of default base config" - cp $TYKCONF /opt/tyk-gateway/tyk.conf -else - echo "$TYKCONF file does not exist or is empty" - exit 1 -fi -echo "Writing custom Tyk Gateway env variables to /etc/default/tyk-gateway" -truncate -s 0 /etc/default/tyk-gateway -chmod 660 /etc/default/tyk-gateway -echo "TYK_GW_LISTENPORT=$TYKPORT" >> /etc/default/tyk-gateway -echo "TYK_GW_SECRET=\"$SECRET\"" >> /etc/default/tyk-gateway -echo "TYK_GW_STORAGE_HOST=$REDISHOST" >> /etc/default/tyk-gateway -echo "TYK_GW_STORAGE_PORT=$REDISPORT" >> /etc/default/tyk-gateway -echo "TYK_GW_STORAGE_USERNAME=\"$REDISUSER\"" >> /etc/default/tyk-gateway -echo "TYK_GW_STORAGE_PASSWORD=\"$REDISPASS\"" >> /etc/default/tyk-gateway -echo "TYK_GW_STORAGE_USESSL=$REDISUSESSL" >> /etc/default/tyk-gateway -echo "TYK_GW_SLAVEOPTIONS_RPCKEY=\"$ORGID\"" >> /etc/default/tyk-gateway -echo "TYK_GW_SLAVEOPTIONS_APIKEY=\"$APIKEY\"" >> /etc/default/tyk-gateway -echo "TYK_GW_SLAVEOPTIONS_BINDTOSLUGSINSTEADOFLISTENPATHS=$BINDSLUGS" >> /etc/default/tyk-gateway - -# Make sure we're in the original state -systemctl stop tyk-gateway tyk-gateway-python || true -systemctl disable tyk-gateway tyk-gateway-python || true - -# Launch required flavour of tyk -case $TYKTYPE in - python) - echo "Configuring and starting tyk-gateway-python..." - echo "TYK_GW_COPROCESSOPTIONS_ENABLECOPROCESS=true" >> /etc/default/tyk-gateway - systemctl enable tyk-gateway-python - systemctl start tyk-gateway-python - ;; - *) - echo "Configuring and starting tyk-gateway..." - systemctl enable tyk-gateway - systemctl start tyk-gateway - ;; -esac - -echo "Your Tyk Gateway is listening on port $TYKPORT" -echo "In case of issues please refer to the logs. You can see the logs using journalctl -u tyk-gateway." -echo "For more configuration options please check out the documentation at https://tyk.io/docs/" diff --git a/ci/aws/hybrid/tyk_hybrid.conf b/ci/aws/hybrid/tyk_hybrid.conf deleted file mode 100644 index 15f8312ea0e..00000000000 --- a/ci/aws/hybrid/tyk_hybrid.conf +++ /dev/null @@ -1,118 +0,0 @@ -{ - "listen_port": 8080, - "pid_file_location": "/var/run/tyk/tyk-gateway.pid", - "secret": "12345", - "template_path": "./templates", - "tyk_js_path": "./js/tyk.js", - "middleware_path": "./middleware", - "use_db_app_configs": false, - "app_path": "./apps/", - "storage": { - "type": "redis", - "host": "localhost", - "port": 6379, - "username": "", - "password": "", - "database": 0, - "optimisation_max_idle": 500 - }, - "enable_analytics": true, - "analytics_config": { - "type": "rpc", - "csv_dir": "/tmp", - "mongo_url": "localhost", - "mongo_db_name": "tyk_analytics", - "mongo_collection": "tyk_analytics", - "purge_delay": 10, - "ignored_ips": [], - "enable_geo_ip": true, - "geo_ip_db_path": "/opt/tyk-gateway/GeoLite2-City.mmdb", - "normalise_urls": { - "enabled": true, - "normalise_uuids": true, - "normalise_numbers": true, - "custom_patterns": [] - } - }, - "health_check": { - "enable_health_checks": false, - "health_check_value_timeouts": 60 - }, - "allow_master_keys": false, - "policies": { - "policy_source": "rpc", - "policy_record_name": "tyk_policies" - }, - "hash_keys": true, - "suppress_redis_signal_reload": false, - "use_sentry": false, - "sentry_code": "", - "enforce_org_data_age": true, - "http_server_options": { - "enable_websockets": true - }, - "monitor": { - "enable_trigger_monitors": true, - "configuration": { - "method": "POST", - "target_path": "http://cloud.tyk.io/1337/tyk/webhook", - "template_path": "templates/monitor_template.json", - "header_map": {"x-tyk-monitor-secret": "sjdkfhjKHKJHkjsdhsufdudfhjHKIHJ1"}, - "event_timeout": 10 - }, - "global_trigger_limit": 80.0, - "monitor_user_keys": false, - "monitor_org_keys": true - }, - "slave_options": { - "use_rpc": true, - "rpc_key": "", - "api_key": "", - "connection_string": "hybrid.cloud.tyk.io:9091", - "use_ssl": true, - "rpc_pool_size": 20, - "enable_rpc_cache": true, - "bind_to_slugs": true - }, - "local_session_cache": { - "disable_cached_session_state": false, - "cached_session_timeout": 5, - "cached_session_eviction": 10 - }, - "enforce_org_quotas": false, - "experimental_process_org_off_thread": true, - "enable_non_transactional_rate_limiter": true, - "enable_sentinel_rate_limiter": false, - "auth_override": { - "force_auth_provider": true, - "auth_provider": { - "name": "", - "storage_engine": "rpc", - "meta": {} - } - }, - "enable_context_vars": true, - "hostname": "", - "enable_api_segregation": false, - "control_api_hostname": "", - "enable_custom_domains": true, - "enable_jsvm": true, - "coprocess_options": { - "enable_coprocess": false - }, - "hide_generator_header": false, - "event_handlers": { - "events": {} - }, - "allow_insecure_configs": true, - "public_key_path": "", - "close_idle_connections": false, - "allow_remote_config": false, - "enable_bundle_downloader": true, - "service_discovery": { - "default_cache_timeout": 20 - }, - "close_connections": true, - "max_idle_connections_per_host": 100, - "disable_dashboard_zeroconf": true -} diff --git a/ci/aws/rhel.vars.json b/ci/aws/rhel.vars.json deleted file mode 100644 index 7ec74735545..00000000000 --- a/ci/aws/rhel.vars.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "ami_search_string": "RHEL-7.?*GA*", - "flavour": "RedHat", - "source_ami_owner": "309956199498" -} diff --git a/ci/aws/utils/10-run-tyk.conf b/ci/aws/utils/10-run-tyk.conf deleted file mode 100644 index 91a833b1282..00000000000 --- a/ci/aws/utils/10-run-tyk.conf +++ /dev/null @@ -1,3 +0,0 @@ -[Service] -User=tyk -Group=tyk \ No newline at end of file diff --git a/ci/aws/utils/semver.sh b/ci/aws/utils/semver.sh deleted file mode 100755 index 5c5ac5a232b..00000000000 --- a/ci/aws/utils/semver.sh +++ /dev/null @@ -1,278 +0,0 @@ -#!/usr/bin/env bash - -set -o errexit -o nounset -o pipefail - -NAT='0|[1-9][0-9]*' -ALPHANUM='[0-9]*[A-Za-z-][0-9A-Za-z-]*' -IDENT="$NAT|$ALPHANUM" -FIELD='[0-9A-Za-z-]+' - -SEMVER_REGEX="\ -^[vV]?\ -($NAT)\\.($NAT)\\.($NAT)\ -(\\-(${IDENT})(\\.(${IDENT}))*)?\ -(\\+${FIELD}(\\.${FIELD})*)?$" - -PROG=semver -PROG_VERSION="3.0.0" - -USAGE="\ -Usage: - $PROG bump (major|minor|patch|release|prerel |build ) - $PROG compare - $PROG get (major|minor|patch|release|prerel|build) - $PROG --help - $PROG --version - -Arguments: - A version must match the following regular expression: - \"${SEMVER_REGEX}\" - In English: - -- The version must match X.Y.Z[-PRERELEASE][+BUILD] - where X, Y and Z are non-negative integers. - -- PRERELEASE is a dot separated sequence of non-negative integers and/or - identifiers composed of alphanumeric characters and hyphens (with - at least one non-digit). Numeric identifiers must not have leading - zeros. A hyphen (\"-\") introduces this optional part. - -- BUILD is a dot separated sequence of identifiers composed of alphanumeric - characters and hyphens. A plus (\"+\") introduces this optional part. - - See definition. - - A string as defined by PRERELEASE above. - - A string as defined by BUILD above. - -Options: - -v, --version Print the version of this tool. - -h, --help Print this help message. - -Commands: - bump Bump by one of major, minor, patch; zeroing or removing - subsequent parts. \"bump prerel\" sets the PRERELEASE part and - removes any BUILD part. \"bump build\" sets the BUILD part. - \"bump release\" removes any PRERELEASE or BUILD parts. - The bumped version is written to stdout. - - compare Compare with , output to stdout the - following values: -1 if is newer, 0 if equal, 1 if - older. The BUILD part is not used in comparisons. - - get Extract given part of , where part is one of major, minor, - patch, prerel, build, or release. - -See also: - https://semver.org -- Semantic Versioning 2.0.0" - -function error { - echo -e "$1" >&2 - exit 1 -} - -function usage-help { - error "$USAGE" -} - -function usage-version { - echo -e "${PROG}: $PROG_VERSION" - exit 0 -} - -function validate-version { - local version=$1 - if [[ "$version" =~ $SEMVER_REGEX ]]; then - # if a second argument is passed, store the result in var named by $2 - if [ "$#" -eq "2" ]; then - local major=${BASH_REMATCH[1]} - local minor=${BASH_REMATCH[2]} - local patch=${BASH_REMATCH[3]} - local prere=${BASH_REMATCH[4]} - local build=${BASH_REMATCH[8]} - eval "$2=(\"$major\" \"$minor\" \"$patch\" \"$prere\" \"$build\")" - else - echo "$version" - fi - else - error "version $version does not match the semver scheme 'X.Y.Z(-PRERELEASE)(+BUILD)'. See help for more information." - fi -} - -function is-nat { - [[ "$1" =~ ^($NAT)$ ]] -} - -function is-null { - [ -z "$1" ] -} - -function order-nat { - [ "$1" -lt "$2" ] && { echo -1 ; return ; } - [ "$1" -gt "$2" ] && { echo 1 ; return ; } - echo 0 -} - -function order-string { - [[ $1 < $2 ]] && { echo -1 ; return ; } - [[ $1 > $2 ]] && { echo 1 ; return ; } - echo 0 -} - -# given two (named) arrays containing NAT and/or ALPHANUM fields, compare them -# one by one according to semver 2.0.0 spec. Return -1, 0, 1 if left array ($1) -# is less-than, equal, or greater-than the right array ($2). The longer array -# is considered greater-than the shorter if the shorter is a prefix of the longer. -# -function compare-fields { - local l="$1[@]" - local r="$2[@]" - local leftfield=( "${!l}" ) - local rightfield=( "${!r}" ) - local left - local right - - local i=$(( -1 )) - local order=$(( 0 )) - - while true - do - [ $order -ne 0 ] && { echo $order ; return ; } - - : $(( i++ )) - left="${leftfield[$i]}" - right="${rightfield[$i]}" - - is-null "$left" && is-null "$right" && { echo 0 ; return ; } - is-null "$left" && { echo -1 ; return ; } - is-null "$right" && { echo 1 ; return ; } - - is-nat "$left" && is-nat "$right" && { order=$(order-nat "$left" "$right") ; continue ; } - is-nat "$left" && { echo -1 ; return ; } - is-nat "$right" && { echo 1 ; return ; } - { order=$(order-string "$left" "$right") ; continue ; } - done -} - -# shellcheck disable=SC2206 # checked by "validate"; ok to expand prerel id's into array -function compare-version { - local order - validate-version "$1" V - validate-version "$2" V_ - - # compare major, minor, patch - - local left=( "${V[0]}" "${V[1]}" "${V[2]}" ) - local right=( "${V_[0]}" "${V_[1]}" "${V_[2]}" ) - - order=$(compare-fields left right) - [ "$order" -ne 0 ] && { echo "$order" ; return ; } - - # compare pre-release ids when M.m.p are equal - - local prerel="${V[3]:1}" - local prerel_="${V_[3]:1}" - local left=( ${prerel//./ } ) - local right=( ${prerel_//./ } ) - - # if left and right have no pre-release part, then left equals right - # if only one of left/right has pre-release part, that one is less than simple M.m.p - - [ -z "$prerel" ] && [ -z "$prerel_" ] && { echo 0 ; return ; } - [ -z "$prerel" ] && { echo 1 ; return ; } - [ -z "$prerel_" ] && { echo -1 ; return ; } - - # otherwise, compare the pre-release id's - - compare-fields left right -} - -function command-bump { - local new; local version; local sub_version; local command; - - case $# in - 2) case $1 in - major|minor|patch|release) command=$1; version=$2;; - *) usage-help;; - esac ;; - 3) case $1 in - prerel|build) command=$1; sub_version=$2 version=$3 ;; - *) usage-help;; - esac ;; - *) usage-help;; - esac - - validate-version "$version" parts - # shellcheck disable=SC2154 - local major="${parts[0]}" - local minor="${parts[1]}" - local patch="${parts[2]}" - local prere="${parts[3]}" - local build="${parts[4]}" - - case "$command" in - major) new="$((major + 1)).0.0";; - minor) new="${major}.$((minor + 1)).0";; - patch) new="${major}.${minor}.$((patch + 1))";; - release) new="${major}.${minor}.${patch}";; - prerel) new=$(validate-version "${major}.${minor}.${patch}-${sub_version}");; - build) new=$(validate-version "${major}.${minor}.${patch}${prere}+${sub_version}");; - *) usage-help ;; - esac - - echo "$new" - exit 0 -} - -function command-compare { - local v; local v_; - - case $# in - 2) v=$(validate-version "$1"); v_=$(validate-version "$2") ;; - *) usage-help ;; - esac - - set +u # need unset array element to evaluate to null - compare-version "$v" "$v_" - exit 0 -} - - -# shellcheck disable=SC2034 -function command-get { - local part version - - if [[ "$#" -ne "2" ]] || [[ -z "$1" ]] || [[ -z "$2" ]]; then - usage-help - exit 0 - fi - - part="$1" - version="$2" - - validate-version "$version" parts - local major="${parts[0]}" - local minor="${parts[1]}" - local patch="${parts[2]}" - local prerel="${parts[3]:1}" - local build="${parts[4]:1}" - local release="${major}.${minor}.${patch}" - - case "$part" in - major|minor|patch|release|prerel|build) echo "${!part}" ;; - *) usage-help ;; - esac - - exit 0 -} - -case $# in - 0) echo "Unknown command: $*"; usage-help;; -esac - -case $1 in - --help|-h) echo -e "$USAGE"; exit 0;; - --version|-v) usage-version ;; - bump) shift; command-bump "$@";; - get) shift; command-get "$@";; - compare) shift; command-compare "$@";; - *) echo "Unknown arguments: $*"; usage-help;; -esac diff --git a/ci/bin/pc.sh b/ci/bin/pc.sh new file mode 100755 index 00000000000..41322cee505 --- /dev/null +++ b/ci/bin/pc.sh @@ -0,0 +1,74 @@ +#!/bin/bash + +# Generated by: gromit policy +# Generated on: Thu Jan 18 17:32:48 UTC 2024 + +# goreleaser calls a custom publisher for each artefact packagecloud +# expects the distro version when pushing this script bridges both by +# choosing the appropriate list of distro versions from $DEBVERS and +# $RPMVERS +# $REPO, $DEBVERS and $RPMVERS are expected to be set by the +# user + +REQUIRED_VARS="PACKAGECLOUD_TOKEN REPO" + +usage() { + cat <" \ + --define "%__gpg /usr/bin/gpg" \ + --addsign $pkg + fi + ;; + *) + echo "Unknown package, not uploading" +esac + +for i in $vers; do + + [[ ! -s ${pkg} ]] && echo "File is empty or does not exists" && exit 1 + + # Yank packages first to enable tag re-use + packagecloud rm $REPO/$i $(basename $pkg) || true + packagecloud push $REPO/$i $pkg + +done diff --git a/ci/bin/unlock-agent.sh b/ci/bin/unlock-agent.sh index 6cadc55a716..79a02c74d88 100755 --- a/ci/bin/unlock-agent.sh +++ b/ci/bin/unlock-agent.sh @@ -1,5 +1,8 @@ #!/usr/bin/env bash +# Generated by: gromit policy +# Generated on: Thu Jan 18 17:32:48 UTC 2024 + # Get the GPG fingerprint with gpg --with-keygrip --list-secret-keys if [[ -z "${PKG_SIGNING_KEY}" || -z "${NFPM_STD_PASSPHRASE}" || -z "${GPG_FINGERPRINT}" ]]; then echo "No private key set, packages cannnot be signed. Set PKG_SIGNING_KEY, NFPM_STD_PASSPHRASE and GPG_FINGERPRINT" diff --git a/ci/goreleaser/goreleaser-el7.yml b/ci/goreleaser/goreleaser-el7.yml index 6659d6b8a35..bebff148d81 100644 --- a/ci/goreleaser/goreleaser-el7.yml +++ b/ci/goreleaser/goreleaser-el7.yml @@ -1,5 +1,5 @@ # Generated by: gromit policy -# Generated on: Wed Jul 26 07:56:17 UTC 2023 +# Generated on: Thu Jan 18 17:32:48 UTC 2024 # Check the documentation at http://goreleaser.com # This project needs CGO_ENABLED=1 and the cross-compiler toolchains for @@ -17,9 +17,6 @@ builds: - -X github.com/TykTechnologies/tyk/internal/build.BuiltBy=goreleaser goos: - linux - env: - - CGO_ENABLED=1 - - GO111MODULE=off goarch: - amd64 binary: tyk @@ -33,14 +30,26 @@ builds: - -X github.com/TykTechnologies/tyk/internal/build.BuiltBy=goreleaser env: - CC=aarch64-linux-gnu-gcc - - CGO_ENABLED=1 - - GO111MODULE=off goos: - linux goarch: - arm64 binary: tyk - + - id: std-s390x + flags: + - -tags=goplugin + ldflags: + - -X github.com/TykTechnologies/tyk/internal/build.Version={{.Version}} + - -X github.com/TykTechnologies/tyk/internal/build.Commit={{.FullCommit}} + - -X github.com/TykTechnologies/tyk/internal/build.BuildDate={{.Date}} + - -X github.com/TykTechnologies/tyk/internal/build.BuiltBy=goreleaser + env: + - CC=s390x-linux-gnu-gcc + goos: + - linux + goarch: + - s390x + binary: tyk nfpms: - id: std vendor: "Tyk Technologies Ltd" @@ -52,6 +61,7 @@ nfpms: builds: - std-linux - std-arm64 + - std-s390 formats: - deb - rpm @@ -100,7 +110,6 @@ nfpms: signature: key_file: tyk.io.signing.key type: origin - publishers: - name: tyk-gateway-unstable env: @@ -108,20 +117,13 @@ publishers: - REPO=tyk/tyk-gateway-unstable - RPMVERS={{ .Env.RPMVERS }} - DEBVERS={{ .Env.DEBVERS }} - cmd: /pc.sh {{ .ArtifactPath }} - - + cmd: ./ci/bin/pc.sh {{ .ArtifactPath }} # This disables archives archives: - format: binary allow_different_binary_count: true - -# plugin-compiler now built from a separate independent workflow -# that also takes care of the el7 plugin compiler build - checksum: disable: true - release: disable: true github: diff --git a/ci/goreleaser/goreleaser.yml b/ci/goreleaser/goreleaser.yml index cda943c3cda..9655bbcbdd4 100644 --- a/ci/goreleaser/goreleaser.yml +++ b/ci/goreleaser/goreleaser.yml @@ -1,5 +1,5 @@ # Generated by: gromit policy -# Generated on: Fri Aug 18 08:07:54 UTC 2023 +# Generated on: Thu Jan 18 17:32:48 UTC 2024 # Check the documentation at http://goreleaser.com # This project needs CGO_ENABLED=1 and the cross-compiler toolchains for @@ -16,9 +16,6 @@ builds: - -X github.com/TykTechnologies/tyk/internal/build.BuiltBy=goreleaser goos: - linux - env: - - CGO_ENABLED=1 - - GO111MODULE=off goarch: - amd64 binary: tyk @@ -31,22 +28,19 @@ builds: - -X github.com/TykTechnologies/tyk/internal/build.BuildDate={{.Date}} - -X github.com/TykTechnologies/tyk/internal/build.BuiltBy=goreleaser env: - - CGO_ENABLED=1 - - GO111MODULE=off - CC=aarch64-linux-gnu-gcc goos: - linux goarch: - arm64 binary: tyk - dockers: # Build tykio/tyk-gateway, docker.tyk.io/tyk-gateway/tyk-gateway (amd64) - ids: - std image_templates: - - "tykio/tyk-gateway:{{ .Tag }}-amd64" - - "docker.tyk.io/tyk-gateway/tyk-gateway:{{ .Tag }}-amd64" + - "tykio/tyk-gateway:{{.Tag}}-amd64" + - "docker.tyk.io/tyk-gateway/tyk-gateway:{{.Tag}}-amd64" build_flag_templates: - "--build-arg=PORTS=8080" - "--platform=linux/amd64" @@ -69,12 +63,11 @@ dockers: - "policies" - "coprocess" - "tyk.conf.example" - # Build gateway hybrid container amd64 - ids: - std image_templates: - - "tykio/tyk-hybrid-docker:{{ .Tag }}-amd64" + - "tykio/tyk-hybrid-docker:{{.Tag}}-amd64" build_flag_templates: - "--platform=linux/amd64" - "--label=org.opencontainers.image.created={{.Date}}" @@ -87,15 +80,14 @@ dockers: dockerfile: ci/images/hybrid/Dockerfile extra_files: - "ci/images/hybrid/" - # The plugin compiler image is built outside of goreleaser in a # plugin-compiler-build workflow. # Build tykio/tyk-gateway, docker.tyk.io/tyk-gateway/tyk-gateway (arm64) - ids: - std image_templates: - - "tykio/tyk-gateway:{{ .Tag }}-arm64" - - "docker.tyk.io/tyk-gateway/tyk-gateway:{{ .Tag }}-arm64" + - "tykio/tyk-gateway:{{.Tag}}-arm64" + - "docker.tyk.io/tyk-gateway/tyk-gateway:{{.Tag}}-arm64" build_flag_templates: - "--build-arg=PORTS=8080" - "--platform=linux/arm64" @@ -118,12 +110,11 @@ dockers: - "policies" - "coprocess" - "tyk.conf.example" - # Build gateway hybrid container arm64 - ids: - std image_templates: - - "tykio/tyk-hybrid-docker:{{ .Tag }}-arm64" + - "tykio/tyk-hybrid-docker:{{.Tag}}-arm64" build_flag_templates: - "--platform=linux/arm64" - "--label=org.opencontainers.image.created={{.Date}}" @@ -136,10 +127,8 @@ dockers: dockerfile: ci/images/hybrid/Dockerfile extra_files: - "ci/images/hybrid/" - - # The plugin compiler image is built outside of goreleaser in a - # plugin-compiler-build workflow. - + # The plugin compiler image is built outside of goreleaser in a + # plugin-compiler-build workflow. docker_manifests: - name_template: tykio/tyk-gateway:{{ .Tag }} image_templates: @@ -149,6 +138,10 @@ docker_manifests: image_templates: - tykio/tyk-gateway:{{ .Tag }}-amd64 - tykio/tyk-gateway:{{ .Tag }}-arm64 + - name_template: tykio/tyk-gateway:v{{ .Major }}{{.Prerelease}} + image_templates: + - tykio/tyk-gateway:{{ .Tag }}-amd64 + - tykio/tyk-gateway:{{ .Tag }}-arm64 - name_template: tykio/tyk-hybrid-docker:{{ .Tag }} image_templates: - tykio/tyk-hybrid-docker:{{ .Tag }}-amd64 @@ -157,7 +150,6 @@ docker_manifests: image_templates: - docker.tyk.io/tyk-gateway/tyk-gateway:{{ .Tag }}-amd64 - docker.tyk.io/tyk-gateway/tyk-gateway:{{ .Tag }}-arm64 - nfpms: - id: std vendor: "Tyk Technologies Ltd" @@ -169,6 +161,7 @@ nfpms: builds: - std-linux - std-arm64 + - std-s390x formats: - deb - rpm @@ -217,7 +210,6 @@ nfpms: signature: key_file: tyk.io.signing.key type: origin - publishers: - name: tyk-gateway-unstable env: @@ -225,17 +217,13 @@ publishers: - REPO=tyk/tyk-gateway-unstable - RPMVERS={{ .Env.RPMVERS }} - DEBVERS={{ .Env.DEBVERS }} - cmd: /pc.sh {{ .ArtifactPath }} - - + cmd: ./ci/bin/pc.sh {{ .ArtifactPath }} # This disables archives archives: - format: binary allow_different_binary_count: true - checksum: disable: true - release: disable: true github: diff --git a/ci/image/Dockerfile b/ci/image/Dockerfile deleted file mode 100644 index c267e1b7d70..00000000000 --- a/ci/image/Dockerfile +++ /dev/null @@ -1,33 +0,0 @@ -# Generated on: Fri 11 Dec 00:35:46 IST 2020 - -# Generated by: wf-gen from tyk-ci - -FROM debian:buster-slim - -RUN apt-get update \ - && apt-get dist-upgrade -y --no-install-recommends \ - wget jq curl ca-certificates apt-transport-https gnupg unzip - -RUN apt-get install -y --no-install-recommends \ - build-essential \ - python3-setuptools \ - libpython3.7 \ - python3.7-dev \ - python3-pip \ - && pip3 install protobuf==3.20.1 grpcio==1.24.0 && pip3 install --upgrade setuptools \ - && apt-get purge -y build-essential \ - && rm -rf /root/.cache - -RUN apt-get autoremove -y - -ADD tyk.tar.gz /opt/tyk - -VOLUME ["/conf"] -WORKDIR /opt/tyk - -ENTRYPOINT ["/opt/tyk/tyk" ] -CMD [ "--conf=/conf/tyk/tyk.conf" ] - -# Local Variables: -# mode: dockerfile -# End: diff --git a/ci/install/before_install.sh b/ci/install/before_install.sh index feb1bd6ffc1..c3aa0c41da0 100755 --- a/ci/install/before_install.sh +++ b/ci/install/before_install.sh @@ -1,7 +1,7 @@ #!/bin/bash # Generated by: gromit policy -# Generated on: Fri Aug 18 08:07:54 UTC 2023 +# Generated on: Thu Jan 18 17:32:48 UTC 2024 echo "Creating user and group..." GROUPNAME="tyk" diff --git a/ci/install/post_install.sh b/ci/install/post_install.sh index 999f90860e2..42f956301ce 100755 --- a/ci/install/post_install.sh +++ b/ci/install/post_install.sh @@ -2,7 +2,7 @@ # Generated by: gromit policy -# Generated on: Fri Aug 18 08:07:54 UTC 2023 +# Generated on: Thu Jan 18 17:32:48 UTC 2024 # If "True" the install directory ownership will be changed to "tyk:tyk" change_ownership="False" diff --git a/ci/install/post_remove.sh b/ci/install/post_remove.sh index 1049cdb1c25..db64c9b8e34 100755 --- a/ci/install/post_remove.sh +++ b/ci/install/post_remove.sh @@ -1,7 +1,7 @@ #!/bin/sh # Generated by: gromit policy -# Generated on: Fri Aug 18 08:07:54 UTC 2023 +# Generated on: Thu Jan 18 17:32:48 UTC 2024 cleanRemove() { diff --git a/ci/install/post_trans.sh b/ci/install/post_trans.sh old mode 100644 new mode 100755 index 2e598fcd209..963ca9e1d49 --- a/ci/install/post_trans.sh +++ b/ci/install/post_trans.sh @@ -1,7 +1,7 @@ #!/bin/sh # Generated by: gromit policy -# Generated on: Fri Aug 18 08:07:54 UTC 2023 +# Generated on: Thu Jan 18 17:32:48 UTC 2024 if command -V systemctl >/dev/null 2>&1; then if [ ! -f /lib/systemd/system/tyk-gateway.service ]; then