Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

tyk-identity-broker/master [SYSE-15] Release branch creation has changed #343

Merged
merged 1 commit into from
Oct 26, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Binary file added .DS_Store
Binary file not shown.
2 changes: 1 addition & 1 deletion .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@

# Generated by: gromit policy
# Generated on: Wed Jul 26 08:25:14 UTC 2023
# Generated on: Thu Oct 26 17:42:59 UTC 2023

version: 2
updates:
Expand Down
179 changes: 82 additions & 97 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
@@ -1,12 +1,11 @@
# Generated by: gromit policy
# Generated on: Wed Jul 26 08:25:14 UTC 2023
# Generated on: Thu Oct 26 17:42:59 UTC 2023

# Distribution channels covered by this workflow
# - Ubuntu and Debian
# - RHEL and AL
# - docker hub
# - devenv ECR
# - AWS mktplace (not active atm)
# - Cloudsmith

name: Release
Expand All @@ -21,25 +20,29 @@ on:
- 'v*'

env:
SLACK_CLI_TOKEN: ${{ secrets.BENDER_TOKEN }}
GOPRIVATE: github.com/TykTechnologies

jobs:
goreleaser:
name: '${{ matrix.golang_cross }}'
runs-on: ubuntu-latest
container: 'tykio/golang-cross:${{ matrix.golang_cross }}'
permissions:
id-token: write # AWS OIDC JWT
contents: read # actions/checkout
strategy:
fail-fast: false
matrix:
golang_cross: [ 1.19-bullseye ]
include:
golang_cross:
- 1.19-bullseye
include:
- golang_cross: 1.19-bullseye
goreleaser: 'ci/goreleaser/goreleaser.yml'
goreleaser: 'ci/goreleaser/goreleaser.yml'
cgo: 0
rpmvers: 'el/7 el/8 el/9 amazon/2 amazon/2023'
debvers: 'ubuntu/xenial ubuntu/bionic ubuntu/focal ubuntu/jammy debian/jessie debian/buster debian/bullseye'
debvers: 'ubuntu/xenial ubuntu/bionic ubuntu/focal ubuntu/jammy debian/jessie debian/buster debian/bullseye debian/bookworm'
outputs:
tag: ${{ steps.targets.outputs.tag }}
tags: ${{ steps.metadata.outputs.tags }}

steps:
- name: Fix private module deps
Expand Down Expand Up @@ -74,40 +77,32 @@ jobs:
username: ${{ secrets.CLOUDSMITH_USERNAME }}
password: ${{ secrets.CLOUDSMITH_API_KEY }}

- name: Unlock agent and set tag
id: targets
shell: bash
- name: Unlock agent
env:
NFPM_STD_PASSPHRASE: ${{ secrets.SIGNING_KEY_PASSPHRASE }}
GPG_FINGERPRINT: 12B5D62C28F57592D1575BD51ED14C59E37DAC20
PKG_SIGNING_KEY: ${{ secrets.SIGNING_KEY }}
run: |
run:
ci/bin/unlock-agent.sh
current_tag=${GITHUB_REF##*/}
echo "tag=${current_tag}" >> $GITHUB_OUTPUT

- name: Delete old release assets
if: startsWith(github.ref, 'refs/tags')
uses: mknejp/delete-release-assets@v1


- uses: actions/cache@v3
with:
token: ${{ github.token }}
tag: ${{ github.ref }}
fail-if-no-assets: false
fail-if-no-release: false
assets: |
*.deb
*.rpm
*.tar.gz
*.txt.sig
*.txt
path: |
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-

- uses: goreleaser/goreleaser-action@v4
with:
version: latest
args: release --clean -f ${{ matrix.goreleaser }} ${{ !startsWith(github.ref, 'refs/tags/') && ' --snapshot' || '' }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
CGO_ENABLED: 0
CGO_ENABLED: ${{ matrix.cgo }}
NFPM_STD_PASSPHRASE: ${{ secrets.SIGNING_KEY_PASSPHRASE }}
NFPM_PAYG_PASSPHRASE: ${{ secrets.SIGNING_KEY_PASSPHRASE }}
GPG_FINGERPRINT: 12B5D62C28F57592D1575BD51ED14C59E37DAC20
Expand All @@ -116,88 +111,65 @@ jobs:
DEBVERS: ${{ matrix.debvers }}
RPMVERS: ${{ matrix.rpmvers }}
PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
- uses: actions/upload-artifact@v3
with:
name: deb
retention-days: 1
path: |
dist/*.deb
!dist/*PAYG*.deb

- uses: actions/upload-artifact@v3
with:
name: rpm
retention-days: 1
path: |
dist/*.rpm
!dist/*PAYG*.rpm
ci:
needs:
- goreleaser
runs-on: ubuntu-latest
permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout

steps:
- name: Shallow checkout of tyk-identity-broker
uses: actions/checkout@v3
with:
fetch-depth: 1

- uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: arn:aws:iam::754489498669:role/ecr_rw_tyk
role-session-name: cipush
aws-region: eu-central-1
# Don't mask to pass it across job boundaries
mask-aws-account-id: false

- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1

- uses: actions/download-artifact@v3
- uses: aws-actions/amazon-ecr-login@v1
id: ecr
with:
name: deb
mask-password: 'true'

- name: Docker metadata
- name: Docker metadata for CI
id: metadata
uses: docker/metadata-action@v4
with:
images: ${{ steps.login-ecr.outputs.registry }}/tyk-identity-broker
images: ${{ steps.ecr.outputs.registry }}/tyk-identity-broker
flavor: |
latest=false
prefix=v
tags: |
type=semver,pattern=v{{version}}
type=semver,pattern=v{{major}}.{{minor}}
type=semver,pattern=v{{major}}
type=ref,event=branch

- uses: docker/setup-qemu-action@v2
type=ref,event=branch
type=ref,event=pr
type=sha,format=long
type=semver,pattern=v{{major}}.{{minor}},prefix=v
type=semver,pattern=v{{version}},prefix=v

- uses: docker/setup-buildx-action@v2
- name: CI push
shell: bash
env:
t: ${{ steps.metadata.outputs.tags }}
build_tag: ${{ startswith(github.ref, 'refs/tags') && github.ref_name || 'v0.0.0' }}
run: |
set +e
IFS=$'\n' tags=($t)
for tag in "${tags[@]}"; do
for arch in amd64 arm64; do
docker tag tykio/tyk-identity-broker:${build_tag}-${arch} ${tag}-${arch} && docker push ${tag}-${arch}
done
docker manifest create ${tag} ${tag}-amd64 ${tag}-arm64 && docker manifest push ${tag}
done

- name: CI build
uses: docker/build-push-action@v4
- uses: actions/upload-artifact@v3
with:
push: true
context: "."
file: ci/Dockerfile.std
platforms: linux/amd64,linux/arm64
tags: |
${{ steps.metadata.outputs.tags }}
${{ steps.login-ecr.outputs.registry }}/tyk-identity-broker:${{ needs.goreleaser.outputs.tag }}
${{ steps.login-ecr.outputs.registry }}/tyk-identity-broker:${{ github.sha }}
name: deb
retention-days: 1
path: |
dist/*.deb
!dist/*PAYG*.deb

sbom:
needs: ci
uses: TykTechnologies/github-actions/.github/workflows/sbom.yaml@main
secrets:
TF_API_TOKEN: ${{ secrets.TF_API_TOKEN }}
DEPDASH_URL: ${{ secrets.DEPDASH_URL }}
DEPDASH_KEY: ${{ secrets.DEPDASH_KEY }}
ORG_GH_TOKEN: ${{ secrets.ORG_GH_TOKEN }}
- uses: actions/upload-artifact@v3
with:
name: rpm
retention-days: 1
path: |
dist/*.rpm
!dist/*PAYG*.rpm

# TODO: PR comment, using just one comment and updating, not a new comment each time

upgrade-deb:
if: startsWith(github.ref, 'refs/tags')
Expand All @@ -215,7 +187,9 @@ jobs:
distro:
- ubuntu:bionic
- ubuntu:focal
- ubuntu:jammy
- debian:bullseye
- debian:bookworm

steps:
- uses: actions/checkout@v3
Expand Down Expand Up @@ -259,7 +233,9 @@ jobs:
fail-fast: false
matrix:
distro:
- ubi8/ubi
- amazonlinux:2023
- registry.access.redhat.com/ubi8/ubi
- registry.access.redhat.com/ubi9/ubi

steps:
- uses: actions/checkout@v3
Expand All @@ -274,7 +250,7 @@ jobs:

- name: generate dockerfile
run: |
echo 'FROM registry.access.redhat.com/${{ matrix.distro }}
echo 'FROM ${{ matrix.distro }}
COPY tyk-identity-broker*.x86_64.rpm /tyk-identity-broker.rpm
RUN yum install --allowerasing -y curl
RUN curl -fsSL https://packagecloud.io/install/repositories/tyk/tyk-identity-broker/script.rpm.sh | bash && yum install -y tyk-identity-broker-1.1.0-1
Expand All @@ -291,19 +267,20 @@ jobs:
push: false

smoke-tests:
if: startsWith(github.ref, 'refs/tags')
needs:
- goreleaser
permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v3
with:
fetch-depth: 1

- name: Run tests
- name: Run ci/tests
shell: bash
env:
env:
GITHUB_TAG: ${{ github.ref }}
run: |
set -eaxo pipefail
Expand Down Expand Up @@ -333,3 +310,11 @@ jobs:
fi
done


sbom:
needs: goreleaser
uses: TykTechnologies/github-actions/.github/workflows/sbom.yaml@main
secrets:
DEPDASH_URL: ${{ secrets.DEPDASH_URL }}
DEPDASH_KEY: ${{ secrets.DEPDASH_KEY }}
ORG_GH_TOKEN: ${{ secrets.ORG_GH_TOKEN }}
8 changes: 3 additions & 5 deletions ci/Dockerfile.std
Original file line number Diff line number Diff line change
@@ -1,18 +1,16 @@

# Generated by: gromit policy
# Generated on: Wed Jul 26 08:25:14 UTC 2023
# Generated on: Thu Oct 26 17:42:59 UTC 2023

FROM debian:bullseye-slim
FROM debian:bookworm-slim
ARG TARGETARCH

ENV DEBIAN_FRONTEND=noninteractive

RUN apt-get update \
&& apt-get dist-upgrade -y ca-certificates


# Remove some things to decrease CVE surface
RUN apt-get remove -y --allow-remove-essential --auto-remove curl libtiff5 ncurses-base \
RUN dpkg --purge --force-remove-essential curl libtiff5 ncurses-base \
&& rm /usr/bin/passwd && rm /usr/sbin/adduser

# Clean up caches, unwanted .a and .o files
Expand Down
2 changes: 1 addition & 1 deletion ci/aws/byol.pkr.hcl
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@

# Generated by: gromit policy
# Generated on: Wed Jul 26 08:25:14 UTC 2023
# Generated on: Thu Oct 26 17:42:59 UTC 2023

packer {
required_plugins {
Expand Down
16 changes: 11 additions & 5 deletions ci/goreleaser/goreleaser.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# Generated by: gromit policy
# Generated on: Wed Jul 26 08:25:14 UTC 2023
# Generated on: Thu Oct 26 17:42:59 UTC 2023

# Check the documentation at http://goreleaser.com
# This project needs CGO_ENABLED=1 and the cross-compiler toolchains for
Expand All @@ -14,15 +14,16 @@ builds:
goarch:
- amd64
- arm64
- s390x
binary: tyk-identity-broker

dockers:
# Build tykio/tyk-identity-broker, docker.tyk.io/tyk-identity-broker/tyk-identity-broker (amd64)
- ids:
- std
image_templates:
- "tykio/tyk-identity-broker:{{ .Tag }}-amd64"
- "docker.tyk.io/tyk-identity-broker/tyk-identity-broker:{{ .Tag }}-amd64"
- "tykio/tyk-identity-broker:{{.Tag}}-amd64"
- "docker.tyk.io/tyk-identity-broker/tyk-identity-broker:{{.Tag}}-amd64"
build_flag_templates:
- "--build-arg=PORTS=80"
- "--platform=linux/amd64"
Expand All @@ -41,8 +42,8 @@ dockers:
- ids:
- std
image_templates:
- "tykio/tyk-identity-broker:{{ .Tag }}-arm64"
- "docker.tyk.io/tyk-identity-broker/tyk-identity-broker:{{ .Tag }}-arm64"
- "tykio/tyk-identity-broker:{{.Tag}}-arm64"
- "docker.tyk.io/tyk-identity-broker/tyk-identity-broker:{{.Tag}}-arm64"
build_flag_templates:
- "--build-arg=PORTS=80"
- "--platform=linux/arm64"
Expand Down Expand Up @@ -124,6 +125,11 @@ publishers:
cmd: /pc.sh {{ .ArtifactPath }}


# This disables archives
archives:
- format: binary
allow_different_binary_count: true

checksum:
disable: true

Expand Down
2 changes: 1 addition & 1 deletion ci/install/before_install.sh
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
#!/bin/bash

# Generated by: gromit policy
# Generated on: Wed Jul 26 08:25:14 UTC 2023
# Generated on: Thu Oct 26 17:42:59 UTC 2023

echo "Creating user and group..."
GROUPNAME="tyk"
Expand Down
Loading
Loading