Auto generated from templates by gromit

.github/workflows/release.yml

@@ -1,5 +1,5 @@
 # Generated by: gromit policy
-# Generated on: Wed Nov 29 23:09:25 UTC 2023
+# Generated on: Sun Dec 31 17:42:11 UTC 2023
 
 # Distribution channels covered by this workflow
 # - Ubuntu and Debian
@@ -141,7 +141,7 @@ jobs:
             type=semver,pattern=v{{version}},prefix=v
 
       - name: CI push
-        if: ${{ matrix.golang_cross == '1.19-bullseye' }}
+        if: ${{ matrix.golang_cross == '1.19-bullseye' }} 
         shell: bash
         env:
           t: ${{ steps.metadata.outputs.tags }}
@@ -173,17 +173,46 @@ jobs:
           path: |
             dist/*.rpm
             !dist/*PAYG*.rpm
-  api-tests:
+
+  test-controller:
     needs: goreleaser
     runs-on: ubuntu-latest
+    container: tykio/gromit:v1.6
+    outputs:
+      conf: ${{ steps.params.outputs.conf }}
+      db: ${{ steps.params.outputs.db }}
+      pump: ${{ steps.params.outputs.pump }}
+      sink: ${{ steps.params.outputs.sink }}
+      gd_tag: ${{ steps.params.outputs.gd_tag }}
+      versions: ${{ steps.params.outputs.versions }}
+
+    steps:
+      - name: set params
+        id: params
+        env:
+          REPO: ${{ github.repository }}
+          # Cover pull_request_target too
+          BASE_REF: startsWith(github.event_name, 'pull_request') && github.base_ref || github.ref
+          TAGS: ${{ needs.goreleaser.outputs.tags }}
+          IS_PR: ${{startsWith(github.event_name, 'pull_request') && 'yes' }}
+          IS_LTSPR: ${{(startsWith(github.event_name, 'pull_request') && endsWith(github.base_ref, '-lts')) && 'yes' }}
+          IS_TAG: ${{startsWith(github.ref, 'refs/tags') && 'yes' }}
+        run: gromit policy controller --debug | tee -a "$GITHUB_OUTPUT"
+
+
+  api-tests:
+    needs: test-controller
+    runs-on: ubuntu-latest
     permissions:
-      id-token: write   # This is required for requesting the JWT
+      id-token: write   # This is required for requesting the Github JWT
       contents: read    # This is required for actions/checkout
     strategy:
       fail-fast: false
       matrix:
-        conf: [ "sha256", "murmur64" ]
-        db: [ "mongo44", "postgres15" ]
+        conf: ${{ fromJson(needs.test-controller.outputs.conf) }}
+        db: ${{ fromJson(needs.test-controller.outputs.db) }}
+
+        sink: ${{ fromJson(needs.test-controller.outputs.sink) }} 
         include:
           - db: postgres15
             markers: "and not sql"
@@ -222,33 +251,23 @@ jobs:
         working-directory: auto
         id: env_up
         env:
-          t: ${{ needs.goreleaser.outputs.tags }}
           pull_policy: 'if_not_present'
-          # default tag to use
-          default_image_tag: ${{ startsWith(github.ref_name, 'release-') && github.ref_name || 'master' }}
           GH_TOKEN: ${{ secrets.ORG_GH_TOKEN }}
           TYK_DB_LICENSEKEY: ${{ secrets.DASH_LICENSE }}
           TYK_MDCB_LICENSE: ${{ secrets.MDCB_LICENSE }}
+          ECR: ${{ steps.ecr.outputs.registry }}
+          VERSIONS: ${{ needs.test-controller.outputs.versions}}
         run: |
-          echo CI tags: $t
-          tags=($t)
-          echo First tag: ${tags[0]}
           # Start customising the env
-          echo "registry=${{ steps.ecr.outputs.registry }}
-          tyk_image=\${registry}/tyk:${default_image_tag}
-          tyk_analytics_image=\${registry}/tyk-analytics:${default_image_tag}
-          tyk_sink_image=\${registry}/tyk-sink:${default_image_tag}
-          tyk_pump_image=\${registry}/tyk-pump:${default_image_tag}
-          # override default above with just built tag
-          tyk_pump_image=${tags[0]}
-          # alfa and beta have to come after the override
-          tyk_alfa_image=\${tyk_image}
-          tyk_beta_image=\${tyk_image}
+          echo "ECR=${ECR}
+          $VERSIONS
+          tyk_sink_image=${{matrix.sink}} 
           # base dir for config files
           confs_dir=./pro-ha
           # pick database to use
           env_file=local-${{ matrix.db }}.env
           " > versions.env
+          printf '::group::versions\n%s\n::endgroup::' "$(cat versions.env)"
           # Add Tyk component config variations to $env_file
           cat confs/${{ matrix.conf }}.env >> local-${{ matrix.db }}.env
           # bring up env, the project name is important
@@ -260,15 +279,15 @@ jobs:
         working-directory: auto
         id: test_execution
         run: |
-          echo "## API tests ${{ matrix.db }} ${{ matrix.conf }}" >> $GITHUB_STEP_SUMMARY
+          echo "### API tests ${{ matrix.db }} ${{ matrix.conf }}" >> $GITHUB_STEP_SUMMARY
           if docker run --rm --network auto_default --env-file pytest.env -v ${{ github.workspace }}/reports:/app/reports \
-             ${{ steps.ecr.outputs.registry }}/tyk-automated-tests:${{ startsWith(github.ref_name, 'release-') && github.ref_name || 'master' }} \
-             pytest -c pytest_ci.ini --ci -m "not local and not dind ${{ matrix.markers }}" > tests.out; then
+             ${{ steps.ecr.outputs.registry }}/tyk-automated-tests:${{ needs.test-controller.outputs.gd_tag }} \
+             pytest -c pytest_ci.ini --ci -m "not local and not dind ${{ matrix.markers }}" | tee tests.out; then
                echo "All tests passed!" >> $GITHUB_STEP_SUMMARY
           else
                echo "::error title=API tests ${{ matrix.db }} ${{ matrix.conf }}::Test execution failed"
                cat tests.out >> $GITHUB_STEP_SUMMARY
-               docker compose -p auto -f pro-ha.yml -f deps_pro-ha.yml -f ${{ matrix.db }}.yml --env-file versions.env logs tyk tyk-analytics
+               docker logs tyk tyk-analytics
                exit 1
           fi
 
@@ -420,6 +439,7 @@ jobs:
       id-token: write   # This is required for requesting the JWT
       contents: read    # This is required for actions/checkout
     uses: ./.github/workflows/release-tests.yml
+    secrets: inherit
 
 
   sbom:

ci/Dockerfile.std

@@ -1,5 +1,6 @@
 # Generated by: gromit policy
-# Generated on: Wed Nov 29 23:09:25 UTC 2023
+# Generated on: Sun Dec 31 17:42:11 UTC 2023
+
 FROM debian:bullseye-slim
 ARG TARGETARCH
 
@@ -9,8 +10,8 @@ RUN apt-get update \
     && apt-get dist-upgrade -y ca-certificates
 
 # Remove some things to decrease CVE surface
-RUN dpkg --purge --force-remove-essential curl ncurses-base \
-	&& rm /usr/bin/passwd && rm /usr/sbin/adduser
+RUN dpkg --purge --force-remove-essential curl ncurses-base || true
+RUN rm -fv /usr/bin/passwd /usr/sbin/adduser || true
 
 # Clean up caches, unwanted .a and .o files
 RUN rm -rf /root/.cache \

ci/goreleaser/goreleaser.yml

@@ -1,5 +1,5 @@
 # Generated by: gromit policy
-# Generated on: Wed Nov 29 23:09:25 UTC 2023
+# Generated on: Sun Dec 31 17:42:11 UTC 2023
 
 # Check the documentation at http://goreleaser.com
 # This project needs CGO_ENABLED=1 and the cross-compiler toolchains for

ci/install/before_install.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 
 # Generated by: gromit policy
-# Generated on: Wed Nov 29 23:09:25 UTC 2023
+# Generated on: Sun Dec 31 17:42:11 UTC 2023
 
 echo "Creating user and group..."
 GROUPNAME="tyk"

ci/install/post_install.sh

@@ -2,7 +2,7 @@
 
 
 # Generated by: gromit policy
-# Generated on: Wed Nov 29 23:09:25 UTC 2023
+# Generated on: Sun Dec 31 17:42:11 UTC 2023
 
 # If "True" the install directory ownership will be changed to "tyk:tyk"
 change_ownership="True"

ci/install/post_remove.sh

@@ -1,7 +1,7 @@
 #!/bin/sh
 
 # Generated by: gromit policy
-# Generated on: Wed Nov 29 23:09:25 UTC 2023
+# Generated on: Sun Dec 31 17:42:11 UTC 2023
 
 
 cleanRemove() {

ci/install/post_trans.sh

@@ -1,7 +1,7 @@
 #!/bin/sh
 
 # Generated by: gromit policy
-# Generated on: Wed Nov 29 23:09:25 UTC 2023
+# Generated on: Sun Dec 31 17:42:11 UTC 2023
 
 if command -V systemctl >/dev/null 2>&1; then
     if [ ! -f /lib/systemd/system/tyk-pump.service ]; then