diff --git a/.github/scripts/integ-tests.sh b/.github/scripts/integ-tests.sh new file mode 100755 index 0000000..fc0529e --- /dev/null +++ b/.github/scripts/integ-tests.sh @@ -0,0 +1,25 @@ +#!/bin/sh + +IMAGE=$1 +CONTAINER_NAME="integ-test-$(date +%s)" + +docker run -dt -p 8080:8080 \ + -e AWS_ACCESS_KEY_ID \ + -e AWS_SECRET_ACCESS_KEY \ + -e AWS_SESSION_TOKEN \ + -e AWS_REGION=us-east-1 \ + --name $CONTAINER_NAME \ + $IMAGE + +curl -s -H 'host: s3.amazonaws.com' http://localhost:8080 | grep ListAllMyBucketsResult +result=$? + +docker stop $CONTAINER_NAME +docker rm $CONTAINER_NAME + +if [ "$result" == "1" ]; then + echo "Integration tests failed" + exit 1 +fi + +exit 0 diff --git a/.github/workflows/CI.yaml b/.github/workflows/CI.yaml new file mode 100644 index 0000000..dc139c7 --- /dev/null +++ b/.github/workflows/CI.yaml @@ -0,0 +1,83 @@ +name: Continuous integration +on: + push: + branches: + - main + - "release/v*" +env: + AWS_STAGING_REGION: us-west-2 + STAGING_ECR_REGISTRY: 611364707713.dkr.ecr.us-west-2.amazonaws.com + STAGING_ECR_REPOSITORY: aws-sigv4-proxy-staging + +jobs: + build: + name: Build and publish to staging + runs-on: ubuntu-latest + outputs: + commit-short-sha: ${{ steps.staging-info.outputs.commit-short-sha }} + steps: + - uses: actions/checkout@v4 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Setup Go + uses: actions/setup-go@v5 + with: + go-version: ~1.22.4 + + - name: Build + run: | + go build -v ./cmd/aws-sigv4-proxy + + - name: Run tests + run: go test -v ./... + + - name: Configure AWS Credentials for Private ECR + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN_STAGING }} + aws-region: ${{ env.AWS_STAGING_REGION }} + + - name: Log in to AWS private ECR + uses: docker/login-action@v3 + with: + registry: ${{ env.STAGING_ECR_REGISTRY }} + + - name: Get short sha + id: staging-info + run: | + shortSha=$(git rev-parse --short ${{ github.sha }}) + echo "commit-short-sha=$shortSha" >> $GITHUB_OUTPUT + + - name: Build and push image to staging + uses: docker/build-push-action@v5 + with: + file: Dockerfile + context: . + push: true + tags: | + ${{ env.STAGING_ECR_REGISTRY }}/${{ env.STAGING_ECR_REPOSITORY }}:${{ steps.staging-info.outputs.commit-short-sha }} + platforms : linux/amd64, linux/arm64 + + integration-tests: + name: Run integration tests on image from staging + needs: build + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Configure AWS Credentials for Private ECR + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN_INTEG_TESTS }} + aws-region: ${{ env.AWS_STAGING_REGION }} + + - name: Run integration tests + run: ./github/scripts/integ-tests.sh ${{ env.STAGING_ECR_REGISTRY }}/${{ env.STAGING_ECR_REPOSITORY }}:${{ needs.build.outputs.commit-short-sha }} diff --git a/.github/workflows/CD.yaml b/.github/workflows/pr-build.yaml similarity index 96% rename from .github/workflows/CD.yaml rename to .github/workflows/pr-build.yaml index 2b7cf5b..5ea5585 100644 --- a/.github/workflows/CD.yaml +++ b/.github/workflows/pr-build.yaml @@ -1,4 +1,4 @@ -name: CD +name: Build on: [push, pull_request] diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml new file mode 100644 index 0000000..69db5d2 --- /dev/null +++ b/.github/workflows/release.yaml @@ -0,0 +1,100 @@ + +name: Release aws-sigv4-proxy + +on: + workflow_dispatch: + inputs: + dryrunMode: + description: 'Run workflow in dry-run mode (nothing will be published)' + required: true + default: 'true' + type: choice + options: + - 'true' + - 'false' + +env: + AWS_PUBLIC_ECR_REGION: us-east-1 + AWS_PRIVATE_ECR_REGION: us-west-2 + PUBLIC_REGISTRY: public.ecr.aws + STAGING_REGISTRY: 611364707713.dkr.ecr.us-west-2.amazonaws.com + RELEASE_IMAGE_NAME: aws-sigv4-proxy + STAGING_IMAGE_NAME: aws-sigv4-proxy-staging + +jobs: + release: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Get version and sha + id: release-info + run: | + echo "release-version=$(cat VERSION)" >> $GITHUB_OUTPUT + shortSha=$(git rev-parse --short ${{ github.sha }}) + echo "commit-short-sha=$shortSha" >> $GITHUB_OUTPUT + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN_RELEASE }} + aws-region: ${{ env.AWS_PUBLIC_ECR_REGION }} + + - name: Log in to AWS ECR + uses: docker/login-action@v3 + with: + registry: ${{ env.PUBLIC_REGISTRY }} + + - name: Configure AWS Credentials for Private ECR + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN_RELEASE }} + aws-region: ${{ env.AWS_PRIVATE_ECR_REGION }} + + - name: Log in to AWS private ECR + uses: docker/login-action@v3 + with: + registry: ${{ env.STAGING_REGISTRY }} + + - name: Push image to public ecr - dryrun + if: ${{ inputs.dryrunMode == 'true' }} + run: | + docker buildx imagetools create \ + --tag ${{ env.PUBLIC_REGISTRY }}/${{ env.RELEASE_IMAGE_NAME }}:latest \ + --tag ${{ env.PUBLIC_REGISTRY }}/${{ env.RELEASE_IMAGE_NAME }}:${{ steps.release-info.outputs.release-version }} \ + --tag ${{ env.PUBLIC_REGISTRY }}/${{ env.RELEASE_IMAGE_NAME }}:${{ steps.release-info.outputs.commit-short-sha }} \ + ${{ env.STAGING_REGISTRY }}/${{ env.STAGING_IMAGE_NAME }}:${{ steps.release-info.outputs.commit-short-sha }} + --dry-run + + - name: Create release - dryrun + if: ${{ inputs.dryrunMode == 'true' }} + run: | + echo gh release create --target "$GITHUB_REF_NAME" \ + --title "Release v${{ steps.release-info.outputs.release-version }}" \ + --draft \ + "v${{ steps.release-info.outputs.release-version }}" \ + + - name: Push image to public ecr + if: ${{ inputs.dryrunMode == 'false' }} + run: | + docker buildx imagetools create \ + --tag ${{ env.PUBLIC_REGISTRY }}/${{ env.RELEASE_IMAGE_NAME }}:latest \ + --tag ${{ env.PUBLIC_REGISTRY }}/${{ env.RELEASE_IMAGE_NAME }}:${{ steps.release-info.outputs.release-version }} \ + --tag ${{ env.PUBLIC_REGISTRY }}/${{ env.RELEASE_IMAGE_NAME }}:${{ steps.release-info.outputs.commit-short-sha }} \ + ${{ env.STAGING_REGISTRY }}/${{ env.STAGING_IMAGE_NAME }}:${{ steps.release-info.outputs.commit-short-sha }} + + - name: Create release + if: ${{ inputs.dryrunMode == 'false'}} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token + run: | + gh release create --target "$GITHUB_REF_NAME" \ + --title "Release v${{ steps.release-info.outputs.release-version }}" \ + --draft \ + "v${{ steps.release-info.outputs.release-version }}" \ diff --git a/RELEASING.md b/RELEASING.md new file mode 100644 index 0000000..38f080a --- /dev/null +++ b/RELEASING.md @@ -0,0 +1,9 @@ +# Instructions to release a new version + +To release a new version of the aws-sigv4-proxy, please follow these steps: + +1. Create a release branch for this minor version series, if one does not exist yet. The convention is to name this branch: `release/v` where release series has the format `..x`. Example of branch `release/v1.8.x` +2. From the release branch, update the content of the `VERSION` file in the root of this repository. The convention is to ommit the patch version if that is in 0. Example of content: `1.8` or `1.8.1`. Merge the PR that updates the `VERSION` file. Confirm that the continuous integration workflow will succeed. +3. Run the release workflow. Go to the GitHub UI in this repository and select `Actions`. Then select the `Release aws-sigv4-proxy` workflow. Select the release branch. You can optionally test with dry-run mode before releasing. +4. After the release is completed. Update the release notes for this release. +5. Merge the changes from the release branch into mainline. diff --git a/VERSION b/VERSION new file mode 100644 index 0000000..6259340 --- /dev/null +++ b/VERSION @@ -0,0 +1 @@ +1.8