Skip to content

Commit

Permalink
Auto generated from templates by gromit
Browse files Browse the repository at this point in the history
  • Loading branch information
Gromit committed Oct 17, 2023
1 parent 7af2a45 commit 4cc487b
Show file tree
Hide file tree
Showing 9 changed files with 151 additions and 85 deletions.
2 changes: 1 addition & 1 deletion .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@

# Generated by: gromit policy
# Generated on: Wed Jul 26 08:25:03 UTC 2023
# Generated on: Tue Oct 17 12:04:09 UTC 2023

version: 2
updates:
Expand Down
206 changes: 134 additions & 72 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
@@ -1,12 +1,11 @@
# Generated by: gromit policy
# Generated on: Wed Jul 26 08:25:03 UTC 2023
# Generated on: Tue Oct 17 12:04:09 UTC 2023

# Distribution channels covered by this workflow
# - Ubuntu and Debian
# - RHEL and AL
# - docker hub
# - devenv ECR
# - AWS mktplace (not active atm)
# - Cloudsmith

name: Release
Expand All @@ -29,6 +28,9 @@ jobs:
name: '${{ matrix.golang_cross }}'
runs-on: ubuntu-latest
container: 'tykio/golang-cross:${{ matrix.golang_cross }}'
permissions:
id-token: write # AWS OIDC JWT
contents: read # actions/checkout
strategy:
fail-fast: false
matrix:
Expand All @@ -37,9 +39,9 @@ jobs:
- golang_cross: 1.19-bullseye
goreleaser: 'ci/goreleaser/goreleaser.yml'
rpmvers: 'el/7 el/8 el/9 amazon/2 amazon/2023'
debvers: 'ubuntu/xenial ubuntu/bionic ubuntu/focal ubuntu/jammy debian/jessie debian/buster debian/bullseye'
debvers: 'ubuntu/xenial ubuntu/bionic ubuntu/focal ubuntu/jammy debian/jessie debian/buster debian/bullseye debian/bookworm'
outputs:
tag: ${{ steps.targets.outputs.tag }}
tags: ${{ steps.metadata.outputs.tags }}

steps:
- name: Fix private module deps
Expand Down Expand Up @@ -74,32 +76,22 @@ jobs:
username: ${{ secrets.CLOUDSMITH_USERNAME }}
password: ${{ secrets.CLOUDSMITH_API_KEY }}

- name: Unlock agent and set tag
id: targets
shell: bash
- name: Unlock agent
env:
NFPM_STD_PASSPHRASE: ${{ secrets.SIGNING_KEY_PASSPHRASE }}
GPG_FINGERPRINT: 12B5D62C28F57592D1575BD51ED14C59E37DAC20
PKG_SIGNING_KEY: ${{ secrets.SIGNING_KEY }}
run: |
run:
ci/bin/unlock-agent.sh
current_tag=${GITHUB_REF##*/}
echo "tag=${current_tag}" >> $GITHUB_OUTPUT

- name: Delete old release assets
if: startsWith(github.ref, 'refs/tags')
uses: mknejp/delete-release-assets@v1
- uses: actions/cache@v3
with:
token: ${{ github.token }}
tag: ${{ github.ref }}
fail-if-no-assets: false
fail-if-no-release: false
assets: |
*.deb
*.rpm
*.tar.gz
*.txt.sig
*.txt
path: |
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
- uses: goreleaser/goreleaser-action@v4
with:
Expand All @@ -116,6 +108,49 @@ jobs:
DEBVERS: ${{ matrix.debvers }}
RPMVERS: ${{ matrix.rpmvers }}
PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
- uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: arn:aws:iam::754489498669:role/ecr_rw_tyk
role-session-name: cipush
aws-region: eu-central-1
# Don't mask to pass it across job boundaries
mask-aws-account-id: false

- uses: aws-actions/amazon-ecr-login@v1
id: ecr
with:
mask-password: 'true'

- name: Docker metadata for CI
id: metadata
uses: docker/metadata-action@v4
with:
images: ${{ steps.ecr.outputs.registry }}/tyk-pump
flavor: |
latest=false
tags: |
type=ref,event=branch
type=ref,event=pr
type=sha
type=sha,format=long,prefix=
type=semver,pattern=v{{major}}.{{minor}}
type=semver,pattern=v{{version}}
- name: CI push
shell: bash
env:
t: ${{ steps.metadata.outputs.tags }}
build_tag: ${{ startswith(github.ref, 'refs/tags') && github.ref_name || 'v0.0.0' }}
run: |
set +e
IFS=$'\n' tags=($t)
for tag in "${tags[@]}"; do
for arch in amd64 arm64; do
docker tag tykio/tyk-pump-docker-pub:${build_tag}-${arch} ${tag}-${arch} && docker push ${tag}-${arch}
done
docker manifest create ${tag} ${tag}-amd64 ${tag}-arm64 && docker manifest push ${tag}
done
- uses: actions/upload-artifact@v3
with:
name: deb
Expand All @@ -131,17 +166,23 @@ jobs:
path: |
dist/*.rpm
!dist/*PAYG*.rpm
ci:
needs:
- goreleaser
api-tests:
needs: goreleaser
runs-on: ubuntu-latest
permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout
strategy:
fail-fast: false
matrix:
conf: [ "sha256", "murmur64" ]
db: [ "mongo44", "postgres15" ]
include:
- db: postgres15
markers: "and not sql"

steps:
- name: Shallow checkout of tyk-pump
uses: actions/checkout@v3
- uses: actions/checkout@v3
with:
fetch-depth: 1

Expand All @@ -151,53 +192,64 @@ jobs:
role-session-name: cipush
aws-region: eu-central-1

- name: Login to Amazon ECR
id: login-ecr
- id: ecr
uses: aws-actions/amazon-ecr-login@v1

- uses: actions/download-artifact@v3
with:
name: deb
mask-password: 'true'

- name: Docker metadata
id: metadata
uses: docker/metadata-action@v4
# Only ${{ github.actor }} has access
# See https://github.com/mxschmitt/action-tmate#use-registered-public-ssh-keys
- name: Setup tmate session only in debug mode
uses: mxschmitt/action-tmate@v3
if: ${{ runner.debug == '1' }}
with:
images: ${{ steps.login-ecr.outputs.registry }}/tyk-pump
flavor: |
latest=false
prefix=v
tags: |
type=semver,pattern=v{{version}}
type=semver,pattern=v{{major}}.{{minor}}
type=semver,pattern=v{{major}}
type=ref,event=branch
- uses: docker/setup-qemu-action@v2

- uses: docker/setup-buildx-action@v2
detached: true
limit-access-to-actor: true

- name: CI build
uses: docker/build-push-action@v4
with:
push: true
context: "."
file: ci/Dockerfile.std
platforms: linux/amd64,linux/arm64
tags: |
${{ steps.metadata.outputs.tags }}
${{ steps.login-ecr.outputs.registry }}/tyk-pump:${{ needs.goreleaser.outputs.tag }}
${{ steps.login-ecr.outputs.registry }}/tyk-pump:${{ github.sha }}
- name: env up
shell: bash
env:
t: ${{ needs.goreleaser.outputs.tags }}
# gw and dash use the same branch names
gw_dash_image_tag: ${{ ( (github.repository == 'TykTechnologies/tyk' || github.repository == 'TykTechnologies/tyk-analytics') && startsWith(github.ref_name, 'release-') ) && github.ref_name || 'master' }}
pump_image_tag: ${{ ( github.repository == 'TykTechnologies/tyk-pump' && startsWith(github.ref_name, 'release-') ) && github.ref_name || 'master' }}
sink_image_tag: ${{ ( github.repository == 'TykTechnologies/tyk-sink' && startsWith(github.ref_name, 'release-') ) && github.ref_name || 'master' }}
GH_TOKEN: ${{ secrets.ORG_GH_TOKEN }}
TYK_DB_LICENSEKEY: ${{ secrets.DASH_LICENSE }}
TYK_MDCB_LICENSE: ${{ secrets.MDCB_LICENSE }}
run: |
echo CI tags: $t
tags=($t)
echo First tag: ${tags[0]}
# Get the ci test env in a temp dir
cd $(mktemp -d autoXXX)
gh release download v1 --pattern '*.tgz' -R TykTechnologies/tyk-ci
tar --strip-components=1 -xvf ci-env.tgz
# Start customising the env
echo "registry=${{ steps.ecr.outputs.registry }}
tyk_image=\${registry}/tyk:${gw_dash_image_tag}
tyk_analytics_image=\${registry}/tyk-analytics:${gw_dash_image_tag}
tyk_sink_image=\${registry}/tyk-sink:${sink_image_tag}
tyk_pump_image=\${registry}/tyk-pump:${pump_image_tag}
# override default above with just built tag
tyk_pump_image=${tags[0]}
# base dir for config files
confs_dir=./pro
# pick database to use
env_file=local-${{ matrix.db }}.env
" > versions.env
# Add Tyk component config variations to $env_file
cat confs/${{ matrix.conf }}.env >> local-${{ matrix.db }}.env
# bring up env, project name explicitly set as the network name depends on it
docker compose -p auto -f pro.yml -f deps.yml -f ${{ matrix.db }}.yml --env-file versions.env up --quiet-pull -d
sbom:
needs: ci
uses: TykTechnologies/github-actions/.github/workflows/sbom.yaml@main
secrets:
TF_API_TOKEN: ${{ secrets.TF_API_TOKEN }}
DEPDASH_URL: ${{ secrets.DEPDASH_URL }}
DEPDASH_KEY: ${{ secrets.DEPDASH_KEY }}
ORG_GH_TOKEN: ${{ secrets.ORG_GH_TOKEN }}
- name: Run tests
run: |
docker run --rm --network auto_default \
${{ steps.ecr.outputs.registry }}/tyk-automated-tests:${{ startsWith(github.ref_name, 'release-') && github.ref_name || 'master' }} \
pytest -c pytest_ci.ini -m "not local and not mdcb and not dind ${{ matrix.markers }}"
# TODO: PR comment, using just one comment and updating, not a new comment each time

upgrade-deb:
if: startsWith(github.ref, 'refs/tags')
Expand All @@ -213,10 +265,11 @@ jobs:
- amd64
- arm64
distro:
- ubuntu:jammy
- ubuntu:bionic
- ubuntu:focal
- ubuntu:jammy
- debian:bullseye
- debian:bookworm

steps:
- uses: actions/checkout@v3
Expand Down Expand Up @@ -260,8 +313,9 @@ jobs:
fail-fast: false
matrix:
distro:
- ubi9/ubi
- ubi8/ubi
- amazonlinux:2023
- registry.access.redhat.com/ubi8/ubi
- registry.access.redhat.com/ubi9/ubi

steps:
- uses: actions/checkout@v3
Expand All @@ -276,7 +330,7 @@ jobs:

- name: generate dockerfile
run: |
echo 'FROM registry.access.redhat.com/${{ matrix.distro }}
echo 'FROM ${{ matrix.distro }}
COPY tyk-pump*.x86_64.rpm /tyk-pump.rpm
RUN yum install --allowerasing -y curl
RUN curl -fsSL https://packagecloud.io/install/repositories/tyk/tyk-pump/script.rpm.sh | bash && yum install -y tyk-pump-1.6.0-1
Expand Down Expand Up @@ -335,3 +389,11 @@ jobs:
fi
done
sbom:
needs: goreleaser
uses: TykTechnologies/github-actions/.github/workflows/sbom.yaml@main
secrets:
DEPDASH_URL: ${{ secrets.DEPDASH_URL }}
DEPDASH_KEY: ${{ secrets.DEPDASH_KEY }}
ORG_GH_TOKEN: ${{ secrets.ORG_GH_TOKEN }}
3 changes: 1 addition & 2 deletions ci/Dockerfile.std
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@

# Generated by: gromit policy
# Generated on: Wed Jul 26 08:25:03 UTC 2023
# Generated on: Tue Oct 17 12:04:09 UTC 2023

FROM debian:bullseye-slim
ARG TARGETARCH
Expand Down
2 changes: 1 addition & 1 deletion ci/aws/byol.pkr.hcl
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@

# Generated by: gromit policy
# Generated on: Wed Jul 26 08:25:03 UTC 2023
# Generated on: Tue Oct 17 12:04:09 UTC 2023

packer {
required_plugins {
Expand Down
15 changes: 10 additions & 5 deletions ci/goreleaser/goreleaser.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# Generated by: gromit policy
# Generated on: Wed Jul 26 08:25:03 UTC 2023
# Generated on: Tue Oct 17 12:04:09 UTC 2023

# Check the documentation at http://goreleaser.com
# This project needs CGO_ENABLED=1 and the cross-compiler toolchains for
Expand All @@ -21,8 +21,8 @@ dockers:
- ids:
- std
image_templates:
- "tykio/tyk-pump-docker-pub:{{ .Tag }}-amd64"
- "docker.tyk.io/tyk-pump/tyk-pump:{{ .Tag }}-amd64"
- "tykio/tyk-pump-docker-pub:{{.Tag}}-amd64"
- "docker.tyk.io/tyk-pump/tyk-pump:{{.Tag}}-amd64"
build_flag_templates:
- "--build-arg=PORTS=80"
- "--platform=linux/amd64"
Expand All @@ -43,8 +43,8 @@ dockers:
- ids:
- std
image_templates:
- "tykio/tyk-pump-docker-pub:{{ .Tag }}-arm64"
- "docker.tyk.io/tyk-pump/tyk-pump:{{ .Tag }}-arm64"
- "tykio/tyk-pump-docker-pub:{{.Tag}}-arm64"
- "docker.tyk.io/tyk-pump/tyk-pump:{{.Tag}}-arm64"
build_flag_templates:
- "--build-arg=PORTS=80"
- "--platform=linux/arm64"
Expand Down Expand Up @@ -128,6 +128,11 @@ publishers:
cmd: /pc.sh {{ .ArtifactPath }}


# This disables archives
archives:
- format: binary
allow_different_binary_count: true

checksum:
disable: true

Expand Down
2 changes: 1 addition & 1 deletion ci/install/before_install.sh
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
#!/bin/bash

# Generated by: gromit policy
# Generated on: Wed Jul 26 08:25:03 UTC 2023
# Generated on: Tue Oct 17 12:04:09 UTC 2023

echo "Creating user and group..."
GROUPNAME="tyk"
Expand Down
2 changes: 1 addition & 1 deletion ci/install/post_install.sh
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@


# Generated by: gromit policy
# Generated on: Wed Jul 26 08:25:03 UTC 2023
# Generated on: Tue Oct 17 12:04:09 UTC 2023

# If "True" the install directory ownership will be changed to "tyk:tyk"
change_ownership="True"
Expand Down
2 changes: 1 addition & 1 deletion ci/install/post_remove.sh
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
#!/bin/sh

# Generated by: gromit policy
# Generated on: Wed Jul 26 08:25:03 UTC 2023
# Generated on: Tue Oct 17 12:04:09 UTC 2023


cleanRemove() {
Expand Down
Loading

0 comments on commit 4cc487b

Please sign in to comment.