[TT-9551] Fix scope issues #10442
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Generated by: gromit policy | |
| # Generated on: Wed May 10 05:25:19 UTC 2023 | |
| # Distribution channels covered by this workflow | |
| # - Ubuntu and Debian | |
| # - RHEL/OL | |
| # - tarballs | |
| # - docker hub | |
| # - devenv ECR | |
| # - AWS mktplace | |
| # - Cloudsmith | |
| name: Release | |
| on: | |
| pull_request: | |
| push: | |
| branches: | |
| - master | |
| - release-** | |
| tags: | |
| - 'v*' | |
| env: | |
| SLACK_CLI_TOKEN: ${{ secrets.BENDER_TOKEN }} | |
| GOPRIVATE: github.com/TykTechnologies | |
| jobs: | |
| goreleaser: | |
| name: '${{ matrix.golang_cross }}' | |
| runs-on: ubuntu-latest | |
| container: 'tykio/golang-cross:${{ matrix.golang_cross }}' | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| golang_cross: [ 1.19-bullseye ] | |
| include: | |
| - golang_cross: 1.19-bullseye | |
| go_version: 1.19 | |
| goreleaser: 'ci/goreleaser/goreleaser.yml' | |
| rpmvers: 'el/8 el/9' | |
| debvers: 'ubuntu/bionic ubuntu/focal ubuntu/jammy debian/buster debian/bullseye' | |
| outputs: | |
| tag: ${{ steps.targets.outputs.tag }} | |
| steps: | |
| - name: Fix private module deps | |
| env: | |
| TOKEN: '${{ secrets.ORG_GH_TOKEN }}' | |
| run: > | |
| git config --global url."https://${TOKEN}@github.com".insteadOf "https://github.com" | |
| - name: Checkout of tyk | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 1 | |
| - name: "Add Git safe.directory" | |
| run: git config --global --add safe.directory $GITHUB_WORKSPACE | |
| - uses: docker/setup-qemu-action@v2 | |
| - uses: docker/setup-buildx-action@v2 | |
| - name: Login to DockerHub | |
| if: startsWith(github.ref, 'refs/tags') | |
| uses: docker/login-action@v2 | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| - name: Login to Cloudsmith | |
| if: startsWith(github.ref, 'refs/tags') | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: docker.tyk.io | |
| username: ${{ secrets.CLOUDSMITH_USERNAME }} | |
| password: ${{ secrets.CLOUDSMITH_API_KEY }} | |
| - name: Unlock agent and set tag | |
| id: targets | |
| shell: bash | |
| env: | |
| NFPM_STD_PASSPHRASE: ${{ secrets.SIGNING_KEY_PASSPHRASE }} | |
| GPG_FINGERPRINT: 12B5D62C28F57592D1575BD51ED14C59E37DAC20 | |
| PKG_SIGNING_KEY: ${{ secrets.SIGNING_KEY }} | |
| run: | | |
| ci/bin/unlock-agent.sh | |
| current_tag=${GITHUB_REF##*/} | |
| echo "tag=${current_tag}" >> $GITHUB_OUTPUT | |
| - name: Delete old release assets | |
| if: startsWith(github.ref, 'refs/tags') | |
| uses: mknejp/delete-release-assets@v1 | |
| with: | |
| token: ${{ github.token }} | |
| tag: ${{ github.ref }} | |
| fail-if-no-assets: false | |
| fail-if-no-release: false | |
| assets: | | |
| *.deb | |
| *.rpm | |
| *.tar.gz | |
| *.txt.sig | |
| *.txt | |
| - uses: goreleaser/goreleaser-action@v4 | |
| with: | |
| version: 1.18.2 | |
| args: release --clean -f ${{ matrix.goreleaser }} ${{ !startsWith(github.ref, 'refs/tags/') && ' --snapshot' || '' }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| CGO_ENABLED: 1 | |
| NFPM_STD_PASSPHRASE: ${{ secrets.SIGNING_KEY_PASSPHRASE }} | |
| NFPM_PAYG_PASSPHRASE: ${{ secrets.SIGNING_KEY_PASSPHRASE }} | |
| GPG_FINGERPRINT: 12B5D62C28F57592D1575BD51ED14C59E37DAC20 | |
| PKG_SIGNING_KEY: ${{ secrets.SIGNING_KEY }} | |
| GO_VERSION: ${{ matrix.go_version }} | |
| GOLANG_CROSS: ${{ matrix.golang_cross }} | |
| DEBVERS: ${{ matrix.debvers }} | |
| RPMVERS: ${{ matrix.rpmvers }} | |
| PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }} | |
| DOCKER_CLI_EXPERIMENTAL: "enabled" | |
| - uses: actions/upload-artifact@v3 | |
| with: | |
| name: deb | |
| retention-days: 1 | |
| path: | | |
| dist/*.deb | |
| !dist/*PAYG*.deb | |
| - uses: actions/upload-artifact@v3 | |
| with: | |
| name: rpm | |
| retention-days: 1 | |
| path: | | |
| dist/*.rpm | |
| !dist/*PAYG*.rpm | |
| ci: | |
| needs: | |
| - goreleaser | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Shallow checkout of tyk | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 1 | |
| - name: Setup Terraform | |
| uses: hashicorp/setup-terraform@v2 | |
| with: | |
| cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} | |
| terraform_wrapper: false | |
| - name: Get AWS creds from Terraform remote state | |
| id: aws-creds | |
| run: | | |
| cd ci/terraform | |
| terraform init -input=false | |
| terraform refresh 2>&1 >/dev/null | |
| eval $(terraform output -json tyk | jq -r 'to_entries[] | [.key,.value] | join("=")') | |
| region=$(terraform output region | xargs) | |
| [ -z "$key" -o -z "$secret" -o -z "$region" ] && exit 1 | |
| echo "secret=$secret" >> $GITHUB_OUTPUT | |
| echo "key=$key" >> $GITHUB_OUTPUT | |
| echo "region=$region" >> $GITHUB_OUTPUT | |
| - name: Configure AWS credentials for use | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| aws-access-key-id: ${{ steps.aws-creds.outputs.key }} | |
| aws-secret-access-key: ${{ steps.aws-creds.outputs.secret }} | |
| aws-region: ${{ steps.aws-creds.outputs.region }} | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v1 | |
| - uses: actions/download-artifact@v3 | |
| with: | |
| name: deb | |
| - uses: docker/setup-qemu-action@v2 | |
| - uses: docker/setup-buildx-action@v2 | |
| - name: CI build | |
| uses: docker/build-push-action@v3 | |
| with: | |
| push: true | |
| context: "." | |
| file: ci/Dockerfile.std | |
| platforms: linux/amd64,linux/arm64 | |
| tags: | | |
| ${{ steps.login-ecr.outputs.registry }}/tyk:${{ needs.goreleaser.outputs.tag }} | |
| ${{ steps.login-ecr.outputs.registry }}/tyk:${{ github.sha }} | |
| - name: Tell gromit about new build | |
| id: gromit | |
| run: | | |
| # Remember to remove the true when TD-626 is fixed | |
| curl -fsSL -H "Authorization: ${{secrets.GROMIT_TOKEN}}" 'https://domu-kun.cloud.tyk.io/gromit/newbuild' \ | |
| -X POST -d '{ "repo": "${{ github.repository}}", "ref": "${{ github.ref }}", "sha": "${{ github.sha }}" }' || true | |
| - name: Tell integration channel | |
| if: ${{ failure() }} | |
| run: | | |
| colour=bad | |
| pretext=":boom: Could not add new build $${{ github.ref }} from ${{ github.repository }} to CD. Please review this run and correct it if needed. See https://github.com/TykTechnologies/tyk-ci/wiki/IntegrationEnvironment for what this is about." | |
| curl https://raw.githubusercontent.com/rockymadden/slack-cli/master/src/slack -o /tmp/slack && chmod +x /tmp/slack | |
| /tmp/slack chat send \ | |
| --actions '{"type": "button", "style": "primary", "text": "See log", "url": "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"}' \ | |
| --author 'Bender' \ | |
| --author-icon 'https://hcoop.net/~alephnull/bender/bender-arms.jpg' \ | |
| --author-link 'https://github.com/TykTechnologies/tyk-ci' \ | |
| --channel '#service-integration' \ | |
| --color $colour \ | |
| --fields '{"title": "Repo", "value": "${{ github.repository }}", "short": false}' \ | |
| --footer 'github-actions' \ | |
| --footer-icon 'https://assets-cdn.github.com/images/modules/logos_page/Octocat.png' \ | |
| --image 'https://assets-cdn.github.com/images/modules/logos_page/Octocat.png' \ | |
| --pretext "$pretext" \ | |
| --text 'Commit message: ${{ github.event.head_commit.message }}' \ | |
| --title 'Failed to add new build for CD' \ | |
| --title-link 'https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}' | |
| sbom: | |
| needs: ci | |
| uses: TykTechnologies/github-actions/.github/workflows/sbom.yaml@main | |
| secrets: | |
| TF_API_TOKEN: ${{ secrets.TF_API_TOKEN }} | |
| DEPDASH_URL: ${{ secrets.DEPDASH_URL }} | |
| DEPDASH_KEY: ${{ secrets.DEPDASH_KEY }} | |
| ORG_GH_TOKEN: ${{ secrets.ORG_GH_TOKEN }} | |
| upgrade-deb: | |
| if: startsWith(github.ref, 'refs/tags') && !github.event.pull_request.draft | |
| runs-on: ubuntu-latest | |
| needs: goreleaser | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| arch: | |
| - amd64 | |
| - arm64 | |
| distro: | |
| - ubuntu:jammy | |
| - ubuntu:bionic | |
| - ubuntu:focal | |
| - debian:bullseye | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 1 | |
| - uses: actions/download-artifact@v3 | |
| with: | |
| name: deb | |
| - uses: docker/setup-qemu-action@v2 | |
| - uses: docker/setup-buildx-action@v2 | |
| - name: generate dockerfile | |
| run: | | |
| echo 'FROM ${{ matrix.distro }} | |
| ARG TARGETARCH | |
| COPY tyk-gateway*_${TARGETARCH}.deb /tyk-gateway.deb | |
| RUN apt-get update && apt-get install -y curl | |
| RUN curl -fsSL https://packagecloud.io/install/repositories/tyk/tyk-gateway/script.deb.sh | bash && apt-get install -y tyk-gateway=3.0.8 | |
| RUN dpkg -i tyk-gateway.deb | |
| RUN apt-get install -y jq | |
| RUN /opt/tyk-gateway/install/setup.sh --listenport=8080 --redishost=localhost --redisport=6379 --domain="" | |
| COPY ci/tests/api-functionality/api_test.sh / | |
| COPY ci/tests/api-functionality/pkg_test.sh / | |
| COPY ci/tests/api-functionality/data/api.json /opt/tyk-gateway/apps/ | |
| CMD [ "/pkg_test.sh" ] | |
| ' > Dockerfile | |
| - name: install on ${{ matrix.distro }} | |
| uses: docker/build-push-action@v3 | |
| with: | |
| context: "." | |
| platforms: linux/${{ matrix.arch }} | |
| file: Dockerfile | |
| push: false | |
| tags: test-${{ matrix.distro }}-${{ matrix.arch }} | |
| load: true | |
| - name: Test the built container image with api functionality test. | |
| run: | | |
| docker run --rm test-${{ matrix.distro }}-${{ matrix.arch }} | |
| upgrade-rpm: | |
| if: startsWith(github.ref, 'refs/tags') && !github.event.pull_request.draft | |
| needs: goreleaser | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| distro: | |
| - ubi9/ubi | |
| - ubi8/ubi | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 1 | |
| - uses: actions/download-artifact@v3 | |
| with: | |
| name: rpm | |
| - uses: docker/setup-buildx-action@v2 | |
| - name: generate dockerfile | |
| run: | | |
| echo 'FROM registry.access.redhat.com/${{ matrix.distro }} | |
| COPY tyk-gateway*.x86_64.rpm /tyk-gateway.rpm | |
| RUN yum install -y curl | |
| RUN curl -fsSL https://packagecloud.io/install/repositories/tyk/tyk-gateway/script.rpm.sh | bash && yum install -y tyk-gateway-3.0.8-1 | |
| RUN curl https://keyserver.tyk.io/tyk.io.rpm.signing.key.2020 -o tyk-gateway.key && rpm --import tyk-gateway.key | |
| RUN rpm --checksig tyk-gateway.rpm | |
| RUN rpm -Uvh --force tyk-gateway.rpm | |
| RUN curl -fSL https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 --output /usr/local/bin/jq && chmod a+x /usr/local/bin/jq | |
| RUN /opt/tyk-gateway/install/setup.sh --listenport=8080 --redishost=localhost --redisport=6379 --domain="" | |
| COPY ci/tests/api-functionality/data/api.json /opt/tyk-gateway/apps/ | |
| COPY ci/tests/api-functionality/api_test.sh / | |
| COPY ci/tests/api-functionality/pkg_test.sh / | |
| CMD [ "/pkg_test.sh" ] | |
| ' > Dockerfile | |
| - name: install on ${{ matrix.distro }} | |
| uses: docker/build-push-action@v3 | |
| with: | |
| context: "." | |
| file: Dockerfile | |
| push: false | |
| tags: test-${{ matrix.distro }} | |
| load: true | |
| - name: Test the built container image with api functionality test. | |
| run: | | |
| docker run --rm test-${{ matrix.distro }} | |
| smoke-tests: | |
| if: startsWith(github.ref, 'refs/tags') && !github.event.pull_request.draft | |
| needs: | |
| - goreleaser | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 1 | |
| - name: Run tests | |
| shell: bash | |
| env: | |
| GITHUB_TAG: ${{ github.ref }} | |
| run: | | |
| set -eaxo pipefail | |
| if [ ! -d smoke-tests ]; then | |
| echo "::warning No repo specific smoke tests defined" | |
| fi | |
| if [ ! -d ci/tests ]; then | |
| echo "::warning No ci tests defined" | |
| exit 0 | |
| fi | |
| for d in ci/tests/*/ | |
| do | |
| echo Attempting to test $d | |
| if [ -d $d ] && [ -e $d/test.sh ]; then | |
| cd $d | |
| ./test.sh ${{ needs.goreleaser.outputs.tag }} | |
| cd - | |
| fi | |
| done | |
| for d in smoke-tests/*/ | |
| do | |
| echo Attempting to test $d | |
| if [ -d $d ] && [ -e $d/test.sh ]; then | |
| cd $d | |
| ./test.sh ${{ needs.goreleaser.outputs.tag }} | |
| cd - | |
| fi | |
| done | |
| # AWS updates only for stable releases | |
| aws-mktplace-byol: | |
| if: ( 'a' == 'b' ) | |
| runs-on: ubuntu-latest | |
| needs: | |
| - smoke-tests | |
| strategy: | |
| matrix: | |
| flavour: | |
| - al2 | |
| - rhel | |
| steps: | |
| - name: Checkout tyk | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 1 | |
| - uses: actions/download-artifact@v3 | |
| with: | |
| name: rpm | |
| path: aws | |
| - name: Packer build | |
| working-directory: ./ci/aws | |
| run: | | |
| export VERSION=${{ needs.goreleaser.outputs.tag }} | |
| packer validate -var-file=${{ matrix.flavour }}.vars.json byol.pkr.hcl | |
| packer build -var-file=${{ matrix.flavour }}.vars.json byol.pkr.hcl | |