Skip to content

Commit

Permalink
Auto generated from templates by gromit
Browse files Browse the repository at this point in the history
  • Loading branch information
Gromit committed Nov 29, 2024
1 parent 35f58ac commit dbe67d4
Show file tree
Hide file tree
Showing 4 changed files with 179 additions and 130 deletions.
183 changes: 108 additions & 75 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,13 +8,11 @@ name: Release
# - docker hub
# - devenv ECR
# - Cloudsmith
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: ${{ github.event_name == 'pull_request' }}

# concurrency:
# group: ${{ github.workflow }}-${{ github.ref }}
# cancel-in-progress: ${{ github.event_name == 'pull_request' }}
on:
# Trigger release every monday at midnight for master CI images
schedule:
- cron: "0 0 * * 1"
pull_request:
push:
branches:
Expand All @@ -24,7 +22,7 @@ on:
- 'v*'
env:
GOPRIVATE: github.com/TykTechnologies
VARIATION: inverted
VARIATION: prod-variation
DOCKER_BUILD_SUMMARY: false
DOCKER_BUILD_RECORD_UPLOAD: false
# startsWith covers pull_request_target too
Expand All @@ -49,7 +47,7 @@ jobs:
rpmvers: 'el/7 el/8 el/9 amazon/2 amazon/2023'
debvers: 'ubuntu/xenial ubuntu/bionic ubuntu/focal ubuntu/jammy debian/jessie debian/buster debian/bullseye debian/bookworm'
outputs:
tags: ${{ steps.ci_metadata_ee.outputs.tags }}
tags: ${{ steps.ci_metadata.outputs.tags }}
commit_author: ${{ steps.set_outputs.outputs.commit_author}}
steps:
- name: Checkout of tyk
Expand Down Expand Up @@ -130,12 +128,13 @@ jobs:
if: ${{ matrix.golang_cross == '1.22-bullseye' }}
with:
mask-password: 'true'
- name: Docker metadata for CI
id: ci_metadata_
- name: Docker metadata for ee CI
id: ci_metadata_ee
if: ${{ matrix.golang_cross == '1.22-bullseye' }}
uses: docker/metadata-action@v5
with:
images: ${{ steps.ecr.outputs.registry }}/tyk
images: |
${{ steps.ecr.outputs.registry }}/tyk-ee
flavor: |
latest=false
tags: |
Expand All @@ -145,112 +144,128 @@ jobs:
type=semver,pattern={{major}},prefix=v
type=semver,pattern={{major}}.{{minor}},prefix=v
type=semver,pattern={{version}},prefix=v
- name: push image to CI
- name: push ee image to CI
if: ${{ matrix.golang_cross == '1.22-bullseye' }}
uses: docker/build-push-action@v6
with:
context: "dist"
platforms: linux/amd64,linux/arm64
platforms: linux/amd64,linux/arm64,linux/s390x
file: ci/Dockerfile.distroless
provenance: mode=max
sbom: true
push: true
cache-from: type=gha
cache-to: type=gha,mode=max
tags: ${{ steps.ci_metadata_.outputs.tags }}
labels: ${{ steps.tag_metadata.outputs.labels }}
tags: ${{ steps.ci_metadata_ee.outputs.tags }}
labels: ${{ steps.ci_metadata_ee.outputs.labels }}
build-args: |
EDITION=
- name: Docker metadata for CI ee
id: ci_metadata_ee
if: ${{ matrix.golang_cross == '1.22-bullseye' }}
BUILD_PACKAGE_NAME=tyk-gateway-ee
- name: Docker metadata for tag push
id: tag_metadata_ee
uses: docker/metadata-action@v5
with:
images: ${{ steps.ecr.outputs.registry }}/tyk-ee
images: |
docker.tyk.io/tyk-gateway/tyk-gateway
tykio/tyk-gateway
tykio/tyk-gateway-ee
flavor: |
latest=false
prefix=v
tags: |
type=ref,event=branch
type=ref,event=pr
type=sha,format=long
type=semver,pattern={{major}},prefix=v
type=semver,pattern={{major}}.{{minor}},prefix=v
type=semver,pattern={{version}},prefix=v
- name: push image to CI ee
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{version}}
labels: |
org.opencontainers.image.title=Tyk Gateway Enterprise Edition
org.opencontainers.image.description=Tyk API Gateway Enterprise Edition written in Go, supporting REST, GraphQL, TCP and gRPC protocols
org.opencontainers.image.vendor=tyk.io
org.opencontainers.image.version=${{ github.ref_name }}
- name: push ee image to prod
if: ${{ matrix.golang_cross == '1.22-bullseye' }}
uses: docker/build-push-action@v6
with:
context: "dist"
platforms: linux/amd64,linux/arm64
platforms: linux/amd64,linux/arm64,linux/s390x
file: ci/Dockerfile.distroless
provenance: mode=max
sbom: true
push: true
cache-from: type=gha
cache-to: type=gha,mode=max
tags: ${{ steps.ci_metadata_ee.outputs.tags }}
labels: ${{ steps.tag_metadata.outputs.labels }}
push: ${{ startsWith(github.ref, 'refs/tags') }}
tags: ${{ steps.tag_metadata_ee.outputs.tags }}
labels: ${{ steps.tag_metadata_ee.outputs.labels }}
build-args: |
EDITION=-ee
- name: Docker metadata for tag push
id: tag_metadata_
BUILD_PACKAGE_NAME=tyk-gateway-ee
- name: Docker metadata for std CI
id: ci_metadata_std
if: ${{ matrix.golang_cross == '1.22-bullseye' }}
uses: docker/metadata-action@v5
with:
images: |
tykio/tyk-gateway
docker.tyk.io/tyk-gateway/tyk-gateway
${{ steps.ecr.outputs.registry }}/tyk
flavor: |
latest=false
prefix=v
tags: |
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{version}}
labels: "org.opencontainers.image.title=tyk-gateway (distroless) \norg.opencontainers.image.description=Tyk Open Source API Gateway written in Go, supporting REST, GraphQL, TCP and gRPC protocols\norg.opencontainers.image.vendor=tyk.io\norg.opencontainers.image.version=${{ github.ref_name }}\n"
- name: push image to prod
type=ref,event=branch
type=ref,event=pr
type=sha,format=long
type=semver,pattern={{major}},prefix=v
type=semver,pattern={{major}}.{{minor}},prefix=v
type=semver,pattern={{version}},prefix=v
- name: push std image to CI
if: ${{ matrix.golang_cross == '1.22-bullseye' }}
uses: docker/build-push-action@v6
with:
context: "dist"
platforms: linux/amd64,linux/arm64
platforms: linux/amd64,linux/arm64,linux/s390x
file: ci/Dockerfile.distroless
provenance: mode=max
sbom: true
push: true
cache-from: type=gha
cache-to: type=gha,mode=max
push: ${{ startsWith(github.ref, 'refs/tags') }}
tags: ${{ steps.tag_metadata_.outputs.tags }}
labels: ${{ steps.tag_metadata_.outputs.labels }}
tags: ${{ steps.ci_metadata_std.outputs.tags }}
labels: ${{ steps.ci_metadata_std.outputs.labels }}
build-args: |
EDITION=
- name: Docker metadata for tag push ee
id: tag_metadata_ee
BUILD_PACKAGE_NAME=tyk-gateway
- name: Docker metadata for tag push
id: tag_metadata_std
uses: docker/metadata-action@v5
with:
images: |
docker.tyk.io/tyk-gateway/tyk-gateway
tykio/tyk-gateway
tykio/tyk-gateway-ee
flavor: |
latest=false
prefix=v
tags: |
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{version}}
labels: "org.opencontainers.image.title=tyk-gateway Enterprise Edition (distroless) \norg.opencontainers.image.description=Tyk Open Source API Gateway written in Go, supporting REST, GraphQL, TCP and gRPC protocols\norg.opencontainers.image.vendor=tyk.io\norg.opencontainers.image.version=${{ github.ref_name }}\n"
- name: push image to prod ee
labels: |
org.opencontainers.image.title=Tyk Gateway
org.opencontainers.image.description=Tyk Open Source API Gateway written in Go, supporting REST, GraphQL, TCP and gRPC protocols
org.opencontainers.image.vendor=tyk.io
org.opencontainers.image.version=${{ github.ref_name }}
- name: push std image to prod
if: ${{ matrix.golang_cross == '1.22-bullseye' }}
uses: docker/build-push-action@v6
with:
context: "dist"
platforms: linux/amd64,linux/arm64
platforms: linux/amd64,linux/arm64,linux/s390x
file: ci/Dockerfile.distroless
provenance: mode=max
sbom: true
cache-from: type=gha
cache-to: type=gha,mode=max
push: ${{ startsWith(github.ref, 'refs/tags') }}
tags: ${{ steps.tag_metadata_ee.outputs.tags }}
labels: ${{ steps.tag_metadata_ee.outputs.labels }}
tags: ${{ steps.tag_metadata_std.outputs.tags }}
labels: ${{ steps.tag_metadata_std.outputs.labels }}
build-args: |
EDITION=-ee
BUILD_PACKAGE_NAME=tyk-gateway
- name: save deb
uses: actions/upload-artifact@v4
if: ${{ matrix.golang_cross == '1.22-bullseye' }}
Expand Down Expand Up @@ -351,6 +366,7 @@ jobs:
set -eaxo pipefail
docker run -q --rm -v ~/.docker/config.json:/root/.docker/config.json tykio/gromit policy match ${tags[0]} ${match_tag} 2>versions.env
echo '# alfa and beta have to come after the override
tyk_alfa_image=$tyk_image
tyk_beta_image=$tyk_image
ECR=${{steps.ecr.outputs.registry}}
Expand All @@ -374,9 +390,37 @@ jobs:
repository: TykTechnologies/tyk-analytics
path: tyk-analytics
token: ${{ secrets.ORG_GH_TOKEN }}
fetch-depth: 1
ref: ${{ env.BASE_REF }}
fetch-depth: 0
sparse-checkout: tests/api
- name: Choosing test code branch
working-directory: tyk-analytics/tests/api
run: |
if [[ ${{ github.event_name }} == "release" ]]; then
echo "Checking out release tag..."
TAG_NAME=${{ github.event.release.tag_name }}
git checkout "$TAG_NAME"
fi
if [[ ${{ github.event_name }} == "pull_request" ]]; then
PR_BRANCH=${{ github.event.pull_request.head.ref }}
TARGET_BRANCH=${{ github.event.pull_request.base.ref }}
echo "Looking for PR_BRANCH:$PR_BRANCH or TARGET_BRANCH:$TARGET_BRANCH..."
if git rev-parse --verify "origin/$PR_BRANCH" >/dev/null 2>&1; then
echo "PR branch $PR_BRANCH exists. Checking out..."
git checkout "$PR_BRANCH"
elif git rev-parse --verify "origin/$TARGET_BRANCH" >/dev/null 2>&1; then
echo "Target branch $TARGET_BRANCH exists. Checking out..."
git checkout "$TARGET_BRANCH"
fi
fi
if [[ ${{ github.event_name }} == "push" ]]; then
PUSH_BRANCH=${{ github.ref_name }}
echo "Looking for PUSH_BRANCH:$PUSH_BRANCH..."
if git rev-parse --verify "origin/$PUSH_BRANCH" >/dev/null 2>&1; then
echo "Push branch $PUSH_BRANCH exists. Checking out..."
git checkout "$PUSH_BRANCH"
fi
fi
echo "Current commit: $(git rev-parse HEAD)"
- uses: actions/setup-python@v5
with:
cache: 'pip'
Expand Down Expand Up @@ -405,20 +449,6 @@ jobs:
USER_API_SECRET=${{ steps.env_up.outputs.USER_API_SECRET }}
EOF
env $(cat pytest.env | xargs) $pytest -m "${{ matrix.envfiles.apimarkers }}"
- name: Upload Playwright Test Report to S3
if: failure() && steps.test_execution.outcome != 'success' && steps.env_up.outcome == 'success'
run: npm run upload_report_to_s3
env:
AWS_ACCESS_KEY_ID: ${{ secrets.UI_AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.UI_AWS_SECRET_ACCESS_KEY }}
RUN_ID: 'tyk-analytics/${{ github.run_id }}'
working-directory: tyk-analytics/tests/ui
- name: Share S3 report link into summary
if: failure() && steps.test_execution.outcome != 'success' && steps.env_up.outcome == 'success'
run: |
echo "# :clipboard: S3 UI Test REPORT: ${{ matrix.envfiles.db }}-${{ matrix.envfiles.conf }}" >> $GITHUB_STEP_SUMMARY
echo "- Status: ${{ steps.test_execution.outcome == 'success' && ':white_check_mark:' || ':no_entry_sign:' }}" >> $GITHUB_STEP_SUMMARY
echo "- [Link to report](https://tyk-qa-reports.s3.eu-central-1.amazonaws.com/tyk-analytics/${{ github.run_id }}/index.html)" >> $GITHUB_STEP_SUMMARY
- name: Generate metadata and upload test reports
id: metadata_report
if: always() && (steps.test_execution.conclusion != 'skipped')
Expand Down Expand Up @@ -516,7 +546,7 @@ jobs:
ARG TARGETARCH
COPY tyk-gateway*_${TARGETARCH}.deb /tyk-gateway.deb
RUN apt-get update && apt-get install -y curl
RUN curl -fsSL https://packagecloud.io/install/repositories/tyk/tyk-gateway/script.deb.sh | bash && apt-get install -y tyk-gateway=3.0.8
RUN curl -fsSL https://packagecloud.io/install/repositories/tyk/tyk-gateway-unstable/script.deb.sh | bash && apt-get install -y tyk-gateway=3.0.8
RUN dpkg -i /tyk-gateway.deb
RUN /opt/tyk-gateway/install/setup.sh --listenport=8080 --redishost=localhost --redisport=6379 --domain=""
Expand All @@ -538,9 +568,12 @@ jobs:
load: true
- name: Test the built container image with api functionality test.
run: |
docker run -d -p8080:8080 --network ${{ job.container.network }} --rm test-${{ matrix.distro }}-${{ matrix.arch }}
name=test-${{ matrix.distro }}-${{ matrix.arch }}
docker run -d -p8080:8080 --name=$name --network ${{ job.container.network }} --rm $name
sleep 2
./ci/tests/api-functionality/api_test.sh
sleep 2
docker stop $name || true
upgrade-rpm:
services:
httpbin.org:
Expand Down Expand Up @@ -572,8 +605,8 @@ jobs:
COPY tyk-gateway*.${RHELARCH}.rpm /tyk-gateway.rpm
RUN command -v curl || yum install -y curl
RUN command -v useradd || yum install -y shadow-utils
RUN curl -fsSL https://packagecloud.io/install/repositories/tyk/tyk-gateway/script.rpm.sh | bash && yum install -y tyk-gateway-3.0.8-1
RUN curl https://keyserver.tyk.io/tyk.io.rpm.signing.key.2020 -o tyk-gateway.key && rpm --import tyk-gateway.key
RUN curl -fsSL https://packagecloud.io/install/repositories/tyk/tyk-gateway-unstable/script.rpm.sh | bash && yum install -y tyk-gateway-3.0.8-1
RUN curl https://keyserver.tyk.io/tyk.io.rpm.signing.key.2020 -o tyk-gateway-unstable.key && rpm --import tyk-gateway-unstable.key
RUN rpm --checksig /tyk-gateway.rpm
RUN rpm -Uvh --force /tyk-gateway.rpm
Expand All @@ -595,7 +628,7 @@ jobs:
tags: test-${{ matrix.distro }}-${{ matrix.arch }}
load: true
- name: Test the built container image with api functionality test.
run: "docker run -d -p8080:8080 --network ${{ job.container.network }} --rm test-${{ matrix.distro }}-${{ matrix.arch }}\nsleep 2\n./ci/tests/api-functionality/api_test.sh \n"
run: "name=test-${{ matrix.distro }}-${{ matrix.arch }}\ndocker run -d -p8080:8080 --name=$name --network ${{ job.container.network }} --rm $name\nsleep 2\n./ci/tests/api-functionality/api_test.sh\nsleep 2\ndocker stop $name || true \n"
release-tests:
needs:
- goreleaser
Expand Down
10 changes: 5 additions & 5 deletions ci/Dockerfile.distroless
Original file line number Diff line number Diff line change
@@ -1,17 +1,17 @@
# Generated by: gromit policy

FROM debian:bookworm-slim as DEB
FROM debian:bookworm-slim AS deb
ARG TARGETARCH
ARG EDITION
ARG BUILD_PACKAGE_NAME

ENV DEBIAN_FRONTEND=noninteractive

COPY *${TARGETARCH}.deb /
RUN rm -f /*fips*.deb && dpkg -i /tyk-gateway${EDITION}_*${TARGETARCH}.deb && rm /*.deb
COPY ${BUILD_PACKAGE_NAME}*${TARGETARCH}.deb /
RUN dpkg -i /${BUILD_PACKAGE_NAME}_*${TARGETARCH}.deb && rm /*.deb

FROM gcr.io/distroless/base-debian12:latest

COPY --from=DEB /opt/tyk-gateway /opt/tyk-gateway
COPY --from=deb /opt/tyk-gateway /opt/tyk-gateway

ARG PORTS
EXPOSE $PORTS
Expand Down
5 changes: 3 additions & 2 deletions ci/Dockerfile.std
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@

FROM debian:bookworm-slim
ARG TARGETARCH
ARG BUILD_PACKAGE_NAME

ENV DEBIAN_FRONTEND=noninteractive

Expand All @@ -20,8 +21,8 @@ RUN rm -rf /root/.cache \
&& find /usr/lib -type f -name '*.a' -o -name '*.o' -delete

# Comment this to test in dev
COPY *${TARGETARCH}.deb /
RUN rm -f /*fips*.deb && dpkg -i /tyk-gateway*${TARGETARCH}.deb && rm /*.deb
COPY ${BUILD_PACKAGE_NAME}*${TARGETARCH}.deb /
RUN dpkg -i /${BUILD_PACKAGE_NAME}*${TARGETARCH}.deb && rm /*.deb

ARG PORTS

Expand Down
Loading

0 comments on commit dbe67d4

Please sign in to comment.