[SYSE-399 release-5.5] distroless missing from 5.5 and 5.6

[alephnull]

User description

Reported on Slack at https://tyktech.slack.com/archives/C02JETM5S4B/p1727688424333849
Going forward, config.yaml will be updated by the squads as appropriate.

---

PR Type

enhancement, configuration changes

---

Description

• Enhanced the release workflow by adding concurrency control to prevent overlapping runs.
• Updated the Go version used in the workflow from 1.21-bullseye to 1.22-bullseye.
• Changed the Dockerfile used in the build process to ci/Dockerfile.distroless for improved security and efficiency.
• Added steps to upload Playwright test reports to S3 and share the report link in the summary for better test result visibility.
• Disabled specific yamllint rules to accommodate longer lines and truthy values.

---

Changes walkthrough 📝

Relevant files

Enhancement

release.yml Update release workflow with concurrency and Go version changes .github/workflows/release.yml Added yamllint disable rules for line length and truthy. Introduced concurrency control for workflow runs. Updated Go version from 1.21-bullseye to 1.22-bullseye. Changed Dockerfile from ci/Dockerfile.std to ci/Dockerfile.distroless. Added steps to upload and share Playwright test reports to S3. +38/-24

---

💡 PR-Agent usage: Comment /help "your question" on any pull request to receive relevant information

[github-actions]

API Changes

no api changes detected

[github-actions]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 4 🔵🔵🔵🔵⚪

🧪 PR contains tests

🔒 No security concerns identified

⚡ Recommended focus areas for review Configuration Consistency The PR introduces changes to the concurrency settings and Dockerfile paths which might affect the build and release process. Ensure that these changes are consistent across all environments and do not introduce any unforeseen issues. Dependency Update The Go version has been updated. This change should be thoroughly tested to ensure that it does not introduce compatibility issues with existing code and dependencies. Dockerfile Change The Dockerfile has been switched to a distroless version for some actions. This change should be reviewed to ensure it does not affect the deployment and runtime of the applications, especially in terms of missing dependencies or libraries.

[github-actions]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Score
Best practice	Improve the condition to trigger the goreleaser job to ensure it only runs for main branch non-draft pull requests Ensure that the if condition for the goreleaser job checks for both non-draft pull requests and the main branch to prevent unintended releases from feature branches. .github/workflows/release.yml [34] -if: github.event.pull_request.draft == false +if: github.event.pull_request.draft == false && github.ref == 'refs/heads/main' Suggestion importance[1-10]: 8 Why: This suggestion strengthens the release process by ensuring the goreleaser job only runs for non-draft pull requests on the main branch, preventing unintended releases from other branches. It is a significant improvement for release management.	8
	Add error handling to docker compose commands to enhance debugging capabilities Add error handling for the docker compose commands to catch and log failures which can be crucial for debugging deployment issues. .github/workflows/release.yml [303] -docker compose -p auto -f pro-ha.yml -f deps_pro-ha.yml -f ${{ matrix.envfiles.db }}.yml -f ${{ matrix.envfiles.cache }}.yml --env-file versions.env --profile master-datacenter up --quiet-pull -d +docker compose -p auto -f pro-ha.yml -f deps_pro-ha.yml -f ${{ matrix.envfiles.db }}.yml -f ${{ matrix.envfiles.cache }}.yml --env-file versions.env --profile master-datacenter up --quiet-pull -d || echo "Error during docker compose up" Suggestion importance[1-10]: 7 Why: Adding error handling to docker compose commands is a valuable enhancement for debugging, as it provides immediate feedback on failures. This is a beneficial practice for improving deployment reliability and troubleshooting.	7
Enhancement	Enhance the specificity of the concurrency group to prevent workflow conflicts Consider using a more specific condition for the concurrency group to avoid potential conflicts between different types of workflows that might have the same name but different purposes. .github/workflows/release.yml [9-11] concurrency: - group: ${{ github.workflow }}-${{ github.ref }} + group: ${{ github.workflow }}-${{ github.ref }}-${{ github.event_name }} cancel-in-progress: ${{ github.event_name == 'pull_request' }} Suggestion importance[1-10]: 7 Why: The suggestion to include the event name in the concurrency group enhances specificity, reducing the risk of conflicts between workflows with similar names but different purposes. This is a practical improvement for workflow management.	7
Maintainability	Conditionally select the Dockerfile based on the Go version to maintain consistency in builds Update the Docker build context to include a check for the distroless Dockerfile only when the matrix.golang_cross version is '1.22-bullseye' to ensure consistency across different versions. .github/workflows/release.yml [154] -file: ci/Dockerfile.distroless +file: ${{ matrix.golang_cross == '1.22-bullseye' ? 'ci/Dockerfile.distroless' : 'ci/Dockerfile.standard' }} Suggestion importance[1-10]: 6 Why: The suggestion to conditionally select the Dockerfile based on the Go version improves build consistency across different environments. However, it assumes the existence of a 'ci/Dockerfile.standard', which may not be present, slightly reducing its applicability.	6

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud