diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 70223c45480..33d83d602d8 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,3 +1,5 @@ +# yamllint disable rule:line-length rule:truthy +name: Release # Generated by: gromit policy # Distribution channels covered by this workflow @@ -6,8 +8,9 @@ # - docker hub # - devenv ECR # - Cloudsmith - -name: Release +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: ${{ github.event_name == 'pull_request' }} on: # Trigger release every monday at midnight for master CI images schedule: @@ -21,13 +24,14 @@ on: - 'v*' env: GOPRIVATE: github.com/TykTechnologies - VARIATION: prod + VARIATION: inverted DOCKER_BUILD_SUMMARY: false DOCKER_BUILD_RECORD_UPLOAD: false # startsWith covers pull_request_target too BASE_REF: ${{startsWith(github.event_name, 'pull_request') && github.base_ref || github.ref_name}} jobs: goreleaser: + if: github.event.pull_request.draft == false name: '${{ matrix.golang_cross }}' runs-on: ubuntu-latest-m permissions: @@ -147,7 +151,7 @@ jobs: with: context: "dist" platforms: linux/amd64,linux/arm64 - file: ci/Dockerfile.std + file: ci/Dockerfile.distroless provenance: mode=max sbom: true push: true @@ -166,17 +170,16 @@ jobs: latest=false prefix=v tags: | - type=semver,pattern={{major}} type=semver,pattern={{major}}.{{minor}} type=semver,pattern={{version}} - labels: "org.opencontainers.image.title=tyk-gateway \norg.opencontainers.image.description=Tyk Open Source API Gateway written in Go, supporting REST, GraphQL, TCP and gRPC protocols\norg.opencontainers.image.vendor=tyk.io\norg.opencontainers.image.version=${{ github.ref_name }}\n" + labels: "org.opencontainers.image.title=tyk-gateway (distroless) \norg.opencontainers.image.description=Tyk Open Source API Gateway written in Go, supporting REST, GraphQL, TCP and gRPC protocols\norg.opencontainers.image.vendor=tyk.io\norg.opencontainers.image.version=${{ github.ref_name }}\n" - name: push image to prod if: ${{ matrix.golang_cross == '1.21-bullseye' }} uses: docker/build-push-action@v6 with: context: "dist" platforms: linux/amd64,linux/arm64 - file: ci/Dockerfile.std + file: ci/Dockerfile.distroless provenance: mode=max sbom: true cache-from: type=gha @@ -205,6 +208,7 @@ jobs: !dist/*PAYG*.rpm !dist/*fips*.rpm test-controller-api: + if: github.event.pull_request.draft == false needs: - goreleaser runs-on: ubuntu-latest @@ -300,21 +304,43 @@ jobs: ./dash-bootstrap.sh http://localhost:3000 docker compose -p auto -f pro-ha.yml -f deps_pro-ha.yml -f ${{ matrix.envfiles.db }}.yml -f ${{ matrix.envfiles.cache }}.yml --env-file versions.env --profile slave-datacenter up --quiet-pull -d echo "$(cat pytest.env | grep USER_API_SECRET)" >> $GITHUB_OUTPUT + echo "ts=$(date +%s%N)" >> $GITHUB_OUTPUT - uses: actions/checkout@v4 with: repository: TykTechnologies/tyk-analytics path: tyk-analytics token: ${{ secrets.ORG_GH_TOKEN }} - fetch-depth: 1 + fetch-depth: 0 sparse-checkout: tests/api - - name: Branch for test code - id: timestamp + - name: Choosing test code branch working-directory: tyk-analytics/tests/api run: | - # Generate report id - git fetch --no-tags --depth 1 origin "refs/heads/${BASE_REF}:refs/remotes/origin/${BASE_REF}" - git switch $BASE_REF - echo "ts=$(date +%s%N)" >> $GITHUB_OUTPUT + if [[ ${{ github.event_name }} == "release" ]]; then + echo "Checking out release tag..." + TAG_NAME=${{ github.event.release.tag_name }} + git checkout "$TAG_NAME" + fi + if [[ ${{ github.event_name }} == "pull_request" ]]; then + PR_BRANCH=${{ github.event.pull_request.head.ref }} + TARGET_BRANCH=${{ github.event.pull_request.base.ref }} + echo "Looking for PR_BRANCH:$PR_BRANCH or TARGET_BRANCH:$TARGET_BRANCH..." + if git rev-parse --verify "origin/$PR_BRANCH" >/dev/null 2>&1; then + echo "PR branch $PR_BRANCH exists. Checking out..." + git checkout "$PR_BRANCH" + elif git rev-parse --verify "origin/$TARGET_BRANCH" >/dev/null 2>&1; then + echo "Target branch $TARGET_BRANCH exists. Checking out..." + git checkout "$TARGET_BRANCH" + fi + fi + if [[ ${{ github.event_name }} == "push" ]]; then + PUSH_BRANCH=${{ github.ref_name }} + echo "Looking for PUSH_BRANCH:$PUSH_BRANCH..." + if git rev-parse --verify "origin/$PUSH_BRANCH" >/dev/null 2>&1; then + echo "Push branch $PUSH_BRANCH exists. Checking out..." + git checkout "$PUSH_BRANCH" + fi + fi + echo "Current commit: $(git rev-parse HEAD)" - uses: actions/setup-python@v5 with: cache: 'pip' @@ -347,7 +373,7 @@ jobs: id: metadata_report if: always() && (steps.test_execution.conclusion != 'skipped') env: - REPORT_NAME: ${{ github.repository }}_${{ github.run_id }}_${{ github.run_attempt }}-${{steps.timestamp.outputs.ts}} + REPORT_NAME: ${{ github.repository }}_${{ github.run_id }}_${{ github.run_attempt }}-${{steps.env_up.outputs.ts}} METADATA_REPORT_PATH: metadata.toml run: | # Generate metadata report @@ -390,6 +416,7 @@ jobs: retention-days: 3 overwrite: true test-controller-distros: + if: github.event.pull_request.draft == false needs: - goreleaser runs-on: ubuntu-latest