diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 1b9168d5b..55f3f4fac 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,5 +1,5 @@ # Generated by: gromit policy -# Generated on: Wed Nov 29 23:09:25 UTC 2023 +# Generated on: Thu Dec 21 18:02:08 UTC 2023 # Distribution channels covered by this workflow # - Ubuntu and Debian @@ -141,7 +141,7 @@ jobs: type=semver,pattern=v{{version}},prefix=v - name: CI push - if: ${{ matrix.golang_cross == '1.19-bullseye' }} + if: ${{ matrix.golang_cross == '1.19-bullseye' }} shell: bash env: t: ${{ steps.metadata.outputs.tags }} @@ -173,6 +173,89 @@ jobs: path: | dist/*.rpm !dist/*PAYG*.rpm + + test-controller: + needs: goreleaser + runs-on: ubuntu-latest + outputs: + matrix: ${{ steps.scope.outputs.matrix }} + tat_tag: ${{ steps.scope.outputs.tat_tag }} + versions: ${{ steps.scope.outputs.versions }} + + steps: + - name: set version + id: scope + env: + GW_OR_DASH: (endsWith(github.repository, 'tyk') || endsWith(github.repository, 'tyk-analytics')) && 'yes' + BASE_REF: startsWith(github.event_name, 'pull_request') && github.base_ref || github.ref + TAGS: ${{ needs.goreleaser.outputs.tags }} + # Cover pull_request_target too + PR: ${{startsWith(github.event_name, 'pull_request') && 'yes' }} + LTS_PR: ${{(startsWith(github.event_name, 'pull_request') && endsWith(github.base_ref, '-lts')) && 'yes' }} + TAG: ${{startsWith(github.ref, 'refs/tags') && 'yes' }} + shell: bash + run: | + tags=($TAGS) + if [[ $GW_OR_DASH=='yes' && PR=='yes' ]]; then + gd_tag=${BASE_REF##*/} + else + gd_tag="master" + fi + echo "tat_tag=${gd_tag}" >> "$GITHUB_OUTPUT" + echo "versions<> tee "$GITHUB_OUTPUT" + + - name: set scope + id: scope + env: + GW_OR_DASH: (endsWith(github.repository, 'tyk') || endsWith(github.repository, 'tyk-analytics')) && 'yes' + BASE_REF: startsWith(github.event_name, 'pull_request') && github.base_ref || github.ref + TAGS: ${{ needs.goreleaser.outputs.tags }} + # Cover pull_request_target too + PR: ${{startsWith(github.event_name, 'pull_request') && 'yes' }} + LTS_PR: ${{(startsWith(github.event_name, 'pull_request') && endsWith(github.base_ref, '-lts')) && 'yes' }} + TAG: ${{startsWith(github.ref, 'refs/tags') && 'yes' }} + shell: bash + run: | + # json_array() breaks when elements have spaces + json_array() { + for e in $@; do str+="\"$e\", "; done + echo ${str%, } + } + conf=("sha256" "murmur64") + db=("mongo44" "postgres15") + pump=("tykio/tyk-pump-docker-pub:v1.8" "\${ECR}/tyk-pump:master") + sink=("tykio/tyk-mdcb-docker:v2.4" "\${ECR}/tyk-sink:master") + if [[ $PR ]]; then + conf=("sha256") + pump=("\${registry}/tyk-pump:master") + sink=("\${registry}/tyk-sink:master") + fi + matrix='{ + "conf": [ %s ], + "db": [ %s ], + + "sink": [ %s ] + + "include": [ + {"db": "postgres15", "markers": "and not sql"} + ] + }' + printf "test-scope<> | tee "$GITHUB_OUTPUT" + + api-tests: needs: goreleaser runs-on: ubuntu-latest @@ -181,12 +264,7 @@ jobs: contents: read # This is required for actions/checkout strategy: fail-fast: false - matrix: - conf: [ "sha256", "murmur64" ] - db: [ "mongo44", "postgres15" ] - include: - - db: postgres15 - markers: "and not sql" + matrix: ${{ fromJson(needs.test-controller.outputs.matrix) }} steps: - uses: aws-actions/configure-aws-credentials@v4 with: @@ -222,7 +300,6 @@ jobs: working-directory: auto id: env_up env: - t: ${{ needs.goreleaser.outputs.tags }} pull_policy: 'if_not_present' # default tag to use default_image_tag: ${{ startsWith(github.ref_name, 'release-') && github.ref_name || 'master' }} @@ -230,25 +307,16 @@ jobs: TYK_DB_LICENSEKEY: ${{ secrets.DASH_LICENSE }} TYK_MDCB_LICENSE: ${{ secrets.MDCB_LICENSE }} run: | - echo CI tags: $t - tags=($t) - echo First tag: ${tags[0]} # Start customising the env - echo "registry=${{ steps.ecr.outputs.registry }} - tyk_image=\${registry}/tyk:${default_image_tag} - tyk_analytics_image=\${registry}/tyk-analytics:${default_image_tag} - tyk_sink_image=\${registry}/tyk-sink:${default_image_tag} - tyk_pump_image=\${registry}/tyk-pump:${default_image_tag} - # override default above with just built tag - tyk_pump_image=${tags[0]} - # alfa and beta have to come after the override - tyk_alfa_image=\${tyk_image} - tyk_beta_image=\${tyk_image} + echo 'ECR=${{ steps.ecr.outputs.registry }} + ${{ needs.test-controller.outputs.versions}} + + tyk_sink_image=${{matrix.sink}} # base dir for config files confs_dir=./pro-ha # pick database to use env_file=local-${{ matrix.db }}.env - " > versions.env + ' > versions.env # Add Tyk component config variations to $env_file cat confs/${{ matrix.conf }}.env >> local-${{ matrix.db }}.env # bring up env, the project name is important @@ -260,15 +328,15 @@ jobs: working-directory: auto id: test_execution run: | - echo "## API tests ${{ matrix.db }} ${{ matrix.conf }}" >> $GITHUB_STEP_SUMMARY + echo "### API tests ${{ matrix.db }} ${{ matrix.conf }}" >> $GITHUB_STEP_SUMMARY if docker run --rm --network auto_default --env-file pytest.env -v ${{ github.workspace }}/reports:/app/reports \ - ${{ steps.ecr.outputs.registry }}/tyk-automated-tests:${{ startsWith(github.ref_name, 'release-') && github.ref_name || 'master' }} \ - pytest -c pytest_ci.ini --ci -m "not local and not dind ${{ matrix.markers }}" > tests.out; then + ${{ steps.ecr.outputs.registry }}/tyk-automated-tests:${{ needs.test-controller.outputs.tat_tag }} \ + pytest -c pytest_ci.ini --ci -m "not local and not dind ${{ matrix.markers }}" | tee tests.out; then echo "All tests passed!" >> $GITHUB_STEP_SUMMARY else echo "::error title=API tests ${{ matrix.db }} ${{ matrix.conf }}::Test execution failed" cat tests.out >> $GITHUB_STEP_SUMMARY - docker compose -p auto -f pro-ha.yml -f deps_pro-ha.yml -f ${{ matrix.db }}.yml --env-file versions.env logs tyk tyk-analytics + docker logs tyk tyk-analytics exit 1 fi @@ -420,6 +488,7 @@ jobs: id-token: write # This is required for requesting the JWT contents: read # This is required for actions/checkout uses: ./.github/workflows/release-tests.yml + secrets: inherit sbom: diff --git a/ci/Dockerfile.std b/ci/Dockerfile.std index 810cda963..df5334796 100644 --- a/ci/Dockerfile.std +++ b/ci/Dockerfile.std @@ -1,5 +1,6 @@ # Generated by: gromit policy -# Generated on: Wed Nov 29 23:09:25 UTC 2023 +# Generated on: Thu Dec 21 18:02:08 UTC 2023 + FROM debian:bullseye-slim ARG TARGETARCH @@ -9,8 +10,8 @@ RUN apt-get update \ && apt-get dist-upgrade -y ca-certificates # Remove some things to decrease CVE surface -RUN dpkg --purge --force-remove-essential curl ncurses-base \ - && rm /usr/bin/passwd && rm /usr/sbin/adduser +RUN dpkg --purge --force-remove-essential curl ncurses-base || true +RUN rm -fv /usr/bin/passwd /usr/sbin/adduser || true # Clean up caches, unwanted .a and .o files RUN rm -rf /root/.cache \ diff --git a/ci/aws/byol.pkr.hcl b/ci/aws/byol.pkr.hcl index 71dc51a9f..4a4b6a022 100644 --- a/ci/aws/byol.pkr.hcl +++ b/ci/aws/byol.pkr.hcl @@ -1,6 +1,6 @@ # Generated by: gromit policy -# Generated on: Wed Nov 29 23:09:25 UTC 2023 +# Generated on: Thu Dec 21 18:02:08 UTC 2023 packer { required_plugins { diff --git a/ci/goreleaser/goreleaser.yml b/ci/goreleaser/goreleaser.yml index a581a0595..b121caea9 100644 --- a/ci/goreleaser/goreleaser.yml +++ b/ci/goreleaser/goreleaser.yml @@ -1,5 +1,5 @@ # Generated by: gromit policy -# Generated on: Wed Nov 29 23:09:25 UTC 2023 +# Generated on: Thu Dec 21 18:02:08 UTC 2023 # Check the documentation at http://goreleaser.com # This project needs CGO_ENABLED=1 and the cross-compiler toolchains for diff --git a/ci/install/before_install.sh b/ci/install/before_install.sh index 1d9d378f5..77375f377 100755 --- a/ci/install/before_install.sh +++ b/ci/install/before_install.sh @@ -1,7 +1,7 @@ #!/bin/bash # Generated by: gromit policy -# Generated on: Wed Nov 29 23:09:25 UTC 2023 +# Generated on: Thu Dec 21 18:02:08 UTC 2023 echo "Creating user and group..." GROUPNAME="tyk" diff --git a/ci/install/post_install.sh b/ci/install/post_install.sh index 4ff5aa316..f2df87c9e 100755 --- a/ci/install/post_install.sh +++ b/ci/install/post_install.sh @@ -2,7 +2,7 @@ # Generated by: gromit policy -# Generated on: Wed Nov 29 23:09:25 UTC 2023 +# Generated on: Thu Dec 21 18:02:08 UTC 2023 # If "True" the install directory ownership will be changed to "tyk:tyk" change_ownership="True" diff --git a/ci/install/post_remove.sh b/ci/install/post_remove.sh index 76f83c4fe..4772e0a3f 100755 --- a/ci/install/post_remove.sh +++ b/ci/install/post_remove.sh @@ -1,7 +1,7 @@ #!/bin/sh # Generated by: gromit policy -# Generated on: Wed Nov 29 23:09:25 UTC 2023 +# Generated on: Thu Dec 21 18:02:08 UTC 2023 cleanRemove() { diff --git a/ci/install/post_trans.sh b/ci/install/post_trans.sh index de77ca59c..930d7b95b 100644 --- a/ci/install/post_trans.sh +++ b/ci/install/post_trans.sh @@ -1,7 +1,7 @@ #!/bin/sh # Generated by: gromit policy -# Generated on: Wed Nov 29 23:09:25 UTC 2023 +# Generated on: Thu Dec 21 18:02:08 UTC 2023 if command -V systemctl >/dev/null 2>&1; then if [ ! -f /lib/systemd/system/tyk-pump.service ]; then