Auto generated from templates by gromit

TykTechnologies · Jul 26, 2023 · 9fb57f1 · 9fb57f1
1 parent ada5f2c
commit 9fb57f1
Show file tree

Hide file tree

Showing 10 changed files with 106 additions and 280 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -1,6 +1,6 @@
 
 # Generated by: gromit policy
-# Generated on: Thu May 11 05:45:42 UTC 2023
+# Generated on: Wed Jul 26 07:56:17 UTC 2023
 
 version: 2
 updates:

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -1,15 +1,12 @@
-
 # Generated by: gromit policy
-# Generated on: Thu May 11 05:45:42 UTC 2023
-
+# Generated on: Wed Jul 26 07:56:17 UTC 2023
 
 # Distribution channels covered by this workflow
 # - Ubuntu and Debian
-# - RHEL/OL
-# - tarballs
+# - RHEL and AL
 # - docker hub
 # - devenv ECR
-# - AWS mktplace
+# - AWS mktplace (not active atm)
 # - Cloudsmith
 
 name: Release
@@ -35,18 +32,16 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        golang_cross: [ 1.16-bullseye, 1.16-el7 ]
+        golang_cross: [ 1.16, 1.16-el7 ]
         include:
           - golang_cross: 1.16-el7
-            go_version: 1.16
             goreleaser: 'ci/goreleaser/goreleaser-el7.yml'
             rpmvers: 'el/7 amazon/2'
             debvers: 'ubuntu/xenial ubuntu/bionic debian/jessie'
-          - golang_cross: 1.16-bullseye
-            go_version: 1.16
+          - golang_cross: 1.16
             goreleaser: 'ci/goreleaser/goreleaser.yml'
-            rpmvers: 'el/8'
-            debvers: 'ubuntu/focal debian/buster debian/bullseye'
+            rpmvers: 'el/8 el/9 amazon/2023'
+            debvers: 'ubuntu/bionic ubuntu/focal ubuntu/jammy debian/buster debian/bullseye'
     outputs:
       tag: ${{ steps.targets.outputs.tag }}
 
@@ -110,35 +105,23 @@ jobs:
             *.txt.sig
             *.txt
 
-      - name: Fix vendor
-        run: |
-          mkdir -p /go/src
-          go mod tidy
-          go mod vendor
-          cp -r -f vendor/* /go/src
-          mkdir -p /go/src/github.com/TykTechnologies/tyk
-          cp -r ./* /go/src/github.com/TykTechnologies/tyk
-          find /go/src -name vendor | xargs --no-run-if-empty -d'\n' rm -rf
-          rm -rf vendor
-
       - uses: goreleaser/goreleaser-action@v4
         with:
-          version: 1.18.2
+          version: latest
           args: release --clean -f ${{ matrix.goreleaser }} ${{ !startsWith(github.ref, 'refs/tags/') && ' --snapshot' || '' }}
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          CGO_ENABLED: 1
+          GO111MODULE: off
           NFPM_STD_PASSPHRASE: ${{ secrets.SIGNING_KEY_PASSPHRASE }}
           NFPM_PAYG_PASSPHRASE: ${{ secrets.SIGNING_KEY_PASSPHRASE }}
           GPG_FINGERPRINT: 12B5D62C28F57592D1575BD51ED14C59E37DAC20
           PKG_SIGNING_KEY: ${{ secrets.SIGNING_KEY }}
-          GO_VERSION: ${{ matrix.go_version }}
           GOLANG_CROSS: ${{ matrix.golang_cross }}
           DEBVERS: ${{ matrix.debvers }}
           RPMVERS: ${{ matrix.rpmvers }}
           PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
-          DOCKER_BUILDKIT: "1"
           DOCKER_CLI_EXPERIMENTAL: "enabled"
-
       - uses: actions/upload-artifact@v3
         with:
           name: deb
@@ -158,37 +141,21 @@ jobs:
     needs:
       - goreleaser
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write   # This is required for requesting the JWT
+      contents: read    # This is required for actions/checkout
 
     steps:
       - name: Shallow checkout of tyk
         uses: actions/checkout@v3
         with:
           fetch-depth: 1
-      - name: Setup Terraform
-        uses: hashicorp/setup-terraform@v2
-        with:
-          cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
-          terraform_wrapper: false
 
-      - name: Get AWS creds from Terraform remote state
-        id: aws-creds
-        run: |
-          cd ci/terraform
-          terraform init -input=false
-          terraform refresh 2>&1 >/dev/null
-          eval $(terraform output -json tyk | jq -r 'to_entries[] | [.key,.value] | join("=")')
-          region=$(terraform output region | xargs)
-          [ -z "$key" -o -z "$secret" -o -z "$region" ] && exit 1
-          echo "secret=$secret" >> $GITHUB_OUTPUT
-          echo "key=$key" >> $GITHUB_OUTPUT
-          echo "region=$region" >> $GITHUB_OUTPUT
-
-      - name: Configure AWS credentials for use
-        uses: aws-actions/configure-aws-credentials@v2
+      - uses: aws-actions/configure-aws-credentials@v2
         with:
-          aws-access-key-id: ${{ steps.aws-creds.outputs.key }}
-          aws-secret-access-key: ${{ steps.aws-creds.outputs.secret }}
-          aws-region: ${{ steps.aws-creds.outputs.region }}
+          role-to-assume: arn:aws:iam::754489498669:role/ecr_rw_tyk
+          role-session-name: cipush
+          aws-region: eu-central-1
 
       - name: Login to Amazon ECR
         id: login-ecr
@@ -198,6 +165,20 @@ jobs:
         with:
           name: deb
 
+      - name: Docker metadata
+        id: metadata
+        uses: docker/metadata-action@v4
+        with:
+          images: ${{ steps.login-ecr.outputs.registry }}/tyk
+          flavor: |
+            latest=false
+            prefix=v
+          tags: |
+              type=semver,pattern=v{{version}}
+              type=semver,pattern=v{{major}}.{{minor}}
+              type=semver,pattern=v{{major}}
+              type=ref,event=branch
+
       - uses: docker/setup-qemu-action@v2
 
       - uses: docker/setup-buildx-action@v2
@@ -210,38 +191,10 @@ jobs:
           file: ci/Dockerfile.std
           platforms: linux/amd64,linux/arm64
           tags: |
+            ${{ steps.metadata.outputs.tags }}
             ${{ steps.login-ecr.outputs.registry }}/tyk:${{ needs.goreleaser.outputs.tag }}
             ${{ steps.login-ecr.outputs.registry }}/tyk:${{ github.sha }}
 
-      - name: Tell gromit about new build
-        id: gromit
-        run: |
-          # Remember to remove the true when TD-626 is fixed
-          curl -fsSL -H "Authorization: ${{secrets.GROMIT_TOKEN}}" 'https://domu-kun.cloud.tyk.io/gromit/newbuild' \
-                 -X POST -d '{ "repo": "${{ github.repository}}", "ref": "${{ github.ref }}", "sha": "${{ github.sha }}" }' || true
-
-      - name: Tell integration channel
-        if: ${{ failure() }}
-        run: |
-          colour=bad
-          pretext=":boom: Could not add new build $${{ github.ref }} from ${{ github.repository }} to CD. Please review this run and correct it if needed. See https://github.com/TykTechnologies/tyk-ci/wiki/IntegrationEnvironment for what this is about."
-          curl https://raw.githubusercontent.com/rockymadden/slack-cli/master/src/slack -o /tmp/slack && chmod +x /tmp/slack
-          /tmp/slack chat send \
-          --actions '{"type": "button", "style": "primary", "text": "See log", "url": "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"}' \
-          --author 'Bender' \
-          --author-icon 'https://hcoop.net/~alephnull/bender/bender-arms.jpg' \
-          --author-link 'https://github.com/TykTechnologies/tyk-ci' \
-          --channel '#service-integration' \
-          --color $colour \
-          --fields '{"title": "Repo", "value": "${{ github.repository }}", "short": false}' \
-          --footer 'github-actions' \
-          --footer-icon 'https://assets-cdn.github.com/images/modules/logos_page/Octocat.png' \
-          --image 'https://assets-cdn.github.com/images/modules/logos_page/Octocat.png' \
-          --pretext "$pretext" \
-          --text 'Commit message: ${{ github.event.head_commit.message }}' \
-          --title 'Failed to add new build for CD' \
-          --title-link 'https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}'
-
   sbom:
     needs: ci
     uses: TykTechnologies/github-actions/.github/workflows/sbom.yaml@main
@@ -251,8 +204,21 @@ jobs:
       DEPDASH_KEY: ${{ secrets.DEPDASH_KEY }}
       ORG_GH_TOKEN: ${{ secrets.ORG_GH_TOKEN }}
 
+  tat:
+    needs: ci
+    uses: tyklabs/tyk-pro/.github/workflows/tests.yml@v1
+    permissions:
+      id-token: write   # This is required for requesting the JWT
+      contents: read    # This is required for actions/checkout
+    with:
+      tyk-version: ${{ github.ref_name }}
+      tyk-analytics-version: ${{ github.ref_name }}
+
   upgrade-deb:
     if: startsWith(github.ref, 'refs/tags')
+    services:
+      httpbin.org:
+        image: kennethreitz/httpbin
     runs-on: ubuntu-latest
     needs: goreleaser
     strategy:
@@ -308,10 +274,13 @@ jobs:
 
       - name: Test the built container image with api functionality test.
         run: |
-          docker run --rm test-${{ matrix.distro }}-${{ matrix.arch }}
+          docker run --network ${{ job.container.network }} --rm test-${{ matrix.distro }}-${{ matrix.arch }}
 
   upgrade-rpm:
-    if: startsWith(github.ref, 'refs/tags') && !github.event.pull_request.draft
+    if: startsWith(github.ref, 'refs/tags')
+    services:
+      httpbin.org:
+        image: kennethreitz/httpbin
     needs: goreleaser
     runs-on: ubuntu-latest
     strategy:
@@ -320,7 +289,6 @@ jobs:
         distro:
           - ubi7/ubi
           - ubi8/ubi
-          - amazonlinux:2
 
     steps:
       - uses: actions/checkout@v3
@@ -337,7 +305,7 @@ jobs:
         run: |
           echo 'FROM registry.access.redhat.com/${{ matrix.distro }}
           COPY tyk-gateway*.x86_64.rpm /tyk-gateway.rpm
-          RUN yum install -y curl
+          RUN yum install --allowerasing -y curl
           RUN curl -fsSL https://packagecloud.io/install/repositories/tyk/tyk-gateway/script.rpm.sh | bash && yum install -y tyk-gateway-3.0.8-1
           RUN curl https://keyserver.tyk.io/tyk.io.rpm.signing.key.2020 -o tyk-gateway.key && rpm --import tyk-gateway.key
           RUN rpm --checksig tyk-gateway.rpm
@@ -361,10 +329,10 @@ jobs:
 
       - name: Test the built container image with api functionality test.
         run: |
-          docker run --rm test-${{ matrix.distro }}
+          docker run --network ${{ job.container.network }} --rm test-${{ matrix.distro }}
 
   smoke-tests:
-    if: startsWith(github.ref, 'refs/tags') && !github.event.pull_request.draft
+    if: startsWith(github.ref, 'refs/tags')
     needs:
       - goreleaser
     runs-on: ubuntu-latest
@@ -375,9 +343,9 @@ jobs:
           fetch-depth: 1
 
       - name: Run tests
+        shell: bash
         env:
           GITHUB_TAG: ${{ github.ref }}
-        shell: bash
         run: |
           set -eaxo pipefail
           if [ ! -d smoke-tests ]; then
@@ -406,34 +374,3 @@ jobs:
               fi
           done
 
-  # AWS updates only for stable releases
-  aws-mktplace-byol:
-    if: ( 'a' == 'b' )
-    runs-on: ubuntu-latest
-    needs:
-      - smoke-tests
-    strategy:
-      matrix:
-        flavour:
-          - al2
-          - rhel
-
-    steps:
-      - name: Checkout tyk
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: 1
-
-      - uses: actions/download-artifact@v3
-        with:
-          name: rpm
-          path: aws
-
-      - name: Packer build
-        working-directory: ./ci/aws
-        run: |
-          export VERSION=${{ needs.goreleaser.outputs.tag }}
-          packer validate -var-file=${{ matrix.flavour }}.vars.json byol.pkr.hcl
-          packer build -var-file=${{ matrix.flavour }}.vars.json byol.pkr.hcl
-
-
diff --git a/ci/Dockerfile.std b/ci/Dockerfile.std
@@ -1,6 +1,6 @@
 
 # Generated by: gromit policy
-# Generated on: Thu May 11 05:45:42 UTC 2023
+# Generated on: Wed Jul 26 07:56:17 UTC 2023
 
 FROM debian:bullseye-slim
 ARG TARGETARCH

diff --git a/ci/aws/byol.pkr.hcl b/ci/aws/byol.pkr.hcl
@@ -1,6 +1,6 @@
 
 # Generated by: gromit policy
-# Generated on: Thu May 11 05:45:42 UTC 2023
+# Generated on: Wed Jul 26 07:56:17 UTC 2023
 
 packer {
   required_plugins {