Skip to content

Commit

Permalink
Auto generated from templates by gromit (#692)
Browse files Browse the repository at this point in the history
Co-authored-by: Gromit <policy@gromit>
  • Loading branch information
alephnull and Gromit authored Jul 26, 2023
1 parent 9cfce6e commit 1145397
Show file tree
Hide file tree
Showing 9 changed files with 108 additions and 177 deletions.
2 changes: 1 addition & 1 deletion .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@

# Generated by: gromit policy
# Generated on: Wed May 10 06:24:08 UTC 2023
# Generated on: Wed Jul 26 08:25:03 UTC 2023

version: 2
updates:
Expand Down
144 changes: 46 additions & 98 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
@@ -1,15 +1,12 @@

# Generated by: gromit policy
# Generated on: Wed May 10 06:24:08 UTC 2023

# Generated on: Wed Jul 26 08:25:03 UTC 2023

# Distribution channels covered by this workflow
# - Ubuntu and Debian
# - RHEL/OL
# - tarballs
# - RHEL and AL
# - docker hub
# - devenv ECR
# - AWS mktplace
# - AWS mktplace (not active atm)
# - Cloudsmith

name: Release
Expand All @@ -35,11 +32,11 @@ jobs:
strategy:
fail-fast: false
matrix:
golang_cross: [1.19-bullseye]
golang_cross: [ 1.19-bullseye ]
include:
- golang_cross: 1.19-bullseye
goreleaser: 'ci/goreleaser/goreleaser.yml'
rpmvers: ' el/7 el/8 el/9'
rpmvers: 'el/7 el/8 el/9 amazon/2 amazon/2023'
debvers: 'ubuntu/xenial ubuntu/bionic ubuntu/focal ubuntu/jammy debian/jessie debian/buster debian/bullseye'
outputs:
tag: ${{ steps.targets.outputs.tag }}
Expand Down Expand Up @@ -106,7 +103,7 @@ jobs:
- uses: goreleaser/goreleaser-action@v4
with:
version: 1.18.2
version: latest
args: release --clean -f ${{ matrix.goreleaser }} ${{ !startsWith(github.ref, 'refs/tags/') && ' --snapshot' || '' }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Expand All @@ -119,7 +116,6 @@ jobs:
DEBVERS: ${{ matrix.debvers }}
RPMVERS: ${{ matrix.rpmvers }}
PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}

- uses: actions/upload-artifact@v3
with:
name: deb
Expand All @@ -139,37 +135,21 @@ jobs:
needs:
- goreleaser
runs-on: ubuntu-latest
permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout

steps:
- name: Shallow checkout of tyk-pump
uses: actions/checkout@v3
with:
fetch-depth: 1
- name: Setup Terraform
uses: hashicorp/setup-terraform@v2
with:
cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
terraform_wrapper: false

- name: Get AWS creds from Terraform remote state
id: aws-creds
run: |
cd ci/terraform
terraform init -input=false
terraform refresh 2>&1 >/dev/null
eval $(terraform output -json tyk-pump | jq -r 'to_entries[] | [.key,.value] | join("=")')
region=$(terraform output region | xargs)
[ -z "$key" -o -z "$secret" -o -z "$region" ] && exit 1
echo "secret=$secret" >> $GITHUB_OUTPUT
echo "key=$key" >> $GITHUB_OUTPUT
echo "region=$region" >> $GITHUB_OUTPUT
- name: Configure AWS credentials for use
uses: aws-actions/configure-aws-credentials@v1
- uses: aws-actions/configure-aws-credentials@v2
with:
aws-access-key-id: ${{ steps.aws-creds.outputs.key }}
aws-secret-access-key: ${{ steps.aws-creds.outputs.secret }}
aws-region: ${{ steps.aws-creds.outputs.region }}
role-to-assume: arn:aws:iam::754489498669:role/ecr_rw_tyk
role-session-name: cipush
aws-region: eu-central-1

- name: Login to Amazon ECR
id: login-ecr
Expand All @@ -179,50 +159,36 @@ jobs:
with:
name: deb

- name: Docker metadata
id: metadata
uses: docker/metadata-action@v4
with:
images: ${{ steps.login-ecr.outputs.registry }}/tyk-pump
flavor: |
latest=false
prefix=v
tags: |
type=semver,pattern=v{{version}}
type=semver,pattern=v{{major}}.{{minor}}
type=semver,pattern=v{{major}}
type=ref,event=branch
- uses: docker/setup-qemu-action@v2

- uses: docker/setup-buildx-action@v2

- name: CI build
uses: docker/build-push-action@v3
uses: docker/build-push-action@v4
with:
push: true
context: "."
file: ci/Dockerfile.std
platforms: linux/amd64,linux/arm64
tags: |
${{ steps.metadata.outputs.tags }}
${{ steps.login-ecr.outputs.registry }}/tyk-pump:${{ needs.goreleaser.outputs.tag }}
${{ steps.login-ecr.outputs.registry }}/tyk-pump:${{ github.sha }}
- name: Tell gromit about new build
id: gromit
run: |
# Remember to remove the true when TD-626 is fixed
curl -fsSL -H "Authorization: ${{secrets.GROMIT_TOKEN}}" 'https://domu-kun.cloud.tyk.io/gromit/newbuild' \
-X POST -d '{ "repo": "${{ github.repository}}", "ref": "${{ github.ref }}", "sha": "${{ github.sha }}" }' || true
- name: Tell integration channel
if: ${{ failure() }}
run: |
colour=bad
pretext=":boom: Could not add new build $${{ github.ref }} from ${{ github.repository }} to CD. Please review this run and correct it if needed. See https://github.com/TykTechnologies/tyk-ci/wiki/IntegrationEnvironment for what this is about."
curl https://raw.githubusercontent.com/rockymadden/slack-cli/master/src/slack -o /tmp/slack && chmod +x /tmp/slack
/tmp/slack chat send \
--actions '{"type": "button", "style": "primary", "text": "See log", "url": "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"}' \
--author 'Bender' \
--author-icon 'https://hcoop.net/~alephnull/bender/bender-arms.jpg' \
--author-link 'https://github.com/TykTechnologies/tyk-ci' \
--channel '#service-integration' \
--color $colour \
--fields '{"title": "Repo", "value": "${{ github.repository }}", "short": false}' \
--footer 'github-actions' \
--footer-icon 'https://assets-cdn.github.com/images/modules/logos_page/Octocat.png' \
--image 'https://assets-cdn.github.com/images/modules/logos_page/Octocat.png' \
--pretext "$pretext" \
--text 'Commit message: ${{ github.event.head_commit.message }}' \
--title 'Failed to add new build for CD' \
--title-link 'https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}'
sbom:
needs: ci
uses: TykTechnologies/github-actions/.github/workflows/sbom.yaml@main
Expand All @@ -232,8 +198,12 @@ jobs:
DEPDASH_KEY: ${{ secrets.DEPDASH_KEY }}
ORG_GH_TOKEN: ${{ secrets.ORG_GH_TOKEN }}


upgrade-deb:
if: startsWith(github.ref, 'refs/tags') && !github.event.pull_request.draft
if: startsWith(github.ref, 'refs/tags')
services:
httpbin.org:
image: kennethreitz/httpbin
runs-on: ubuntu-latest
needs: goreleaser
strategy:
Expand All @@ -243,6 +213,7 @@ jobs:
- amd64
- arm64
distro:
- ubuntu:jammy
- ubuntu:bionic
- ubuntu:focal
- debian:bullseye
Expand Down Expand Up @@ -271,21 +242,25 @@ jobs:
' > Dockerfile
- name: install on ${{ matrix.distro }}
uses: docker/build-push-action@v3
uses: docker/build-push-action@v4
with:
context: "."
platforms: linux/${{ matrix.arch }}
file: Dockerfile
push: false

upgrade-rpm:
if: startsWith(github.ref, 'refs/tags') && !github.event.pull_request.draft
if: startsWith(github.ref, 'refs/tags')
services:
httpbin.org:
image: kennethreitz/httpbin
needs: goreleaser
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
distro:
- ubi9/ubi
- ubi8/ubi

steps:
Expand All @@ -303,22 +278,22 @@ jobs:
run: |
echo 'FROM registry.access.redhat.com/${{ matrix.distro }}
COPY tyk-pump*.x86_64.rpm /tyk-pump.rpm
RUN yum install -y curl
RUN yum install --allowerasing -y curl
RUN curl -fsSL https://packagecloud.io/install/repositories/tyk/tyk-pump/script.rpm.sh | bash && yum install -y tyk-pump-1.6.0-1
RUN curl https://keyserver.tyk.io/tyk.io.rpm.signing.key.2020 -o tyk-pump.key && rpm --import tyk-pump.key
RUN rpm --checksig tyk-pump.rpm
RUN rpm -Uvh --force tyk-pump.rpm
' > Dockerfile
- name: install on ${{ matrix.distro }}
uses: docker/build-push-action@v3
uses: docker/build-push-action@v4
with:
context: "."
file: Dockerfile
push: false

smoke-tests:
if: startsWith(github.ref, 'refs/tags') && !github.event.pull_request.draft
if: startsWith(github.ref, 'refs/tags')
needs:
- goreleaser
runs-on: ubuntu-latest
Expand All @@ -330,6 +305,8 @@ jobs:

- name: Run tests
shell: bash
env:
GITHUB_TAG: ${{ github.ref }}
run: |
set -eaxo pipefail
if [ ! -d smoke-tests ]; then
Expand Down Expand Up @@ -358,32 +335,3 @@ jobs:
fi
done
# AWS updates only for stable releases
aws-mktplace-byol:
if: ( 'a' == 'b' )
runs-on: ubuntu-latest
needs:
- smoke-tests
strategy:
matrix:
flavour:
- al2
- rhel

steps:
- name: Checkout tyk-pump
uses: actions/checkout@v3
with:
fetch-depth: 1

- uses: actions/download-artifact@v3
with:
name: rpm
path: aws

- name: Packer build
working-directory: ./ci/aws
run: |
export VERSION=${{ needs.goreleaser.outputs.tag }}
packer validate -var-file=${{ matrix.flavour }}.vars.json byol.pkr.hcl
packer build -var-file=${{ matrix.flavour }}.vars.json byol.pkr.hcl
2 changes: 1 addition & 1 deletion ci/Dockerfile.std
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@

# Generated by: gromit policy
# Generated on: Wed May 10 06:24:08 UTC 2023
# Generated on: Wed Jul 26 08:25:03 UTC 2023

FROM debian:bullseye-slim
ARG TARGETARCH
Expand Down
2 changes: 1 addition & 1 deletion ci/aws/byol.pkr.hcl
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@

# Generated by: gromit policy
# Generated on: Wed May 10 06:24:08 UTC 2023
# Generated on: Wed Jul 26 08:25:03 UTC 2023

packer {
required_plugins {
Expand Down
Loading

0 comments on commit 1145397

Please sign in to comment.