Skip to content
This repository has been archived by the owner on Oct 11, 2024. It is now read-only.

TT-10421 Update Tyk 5.2.3 #224

TT-10421 Update Tyk 5.2.3

TT-10421 Update Tyk 5.2.3 #224

Workflow file for this run

# Generated by: tyk-ci/wf-gen
# Generated on: Thu Sep 23 14:04:36 UTC 2021
# Generation commands:
# ./pr.zsh -repos tyk-sync -title releng: latest releng -branch releng/updates
# m4 -E -DxREPO=tyk-sync
# Distribution channels covered by this workflow
# - Ubuntu and Debian
# - RHEL/OL
# - tarballs
# - docker hub
# - devenv ECR
# - AWS mktplace
# - Cloudsmith
name: Release
on:
pull_request:
push:
branches:
- master
- release-**
- integration/**
- feature/**
- perf/**
tags:
- 'v*'
env:
SLACK_CLI_TOKEN: ${{ secrets.BENDER_TOKEN }}
jobs:
goreleaser:
runs-on: ubuntu-latest
outputs:
tag: ${{ steps.targets.outputs.tag }}
upload: ${{ steps.targets.outputs.upload }}
pc: ${{ steps.targets.outputs.pc }}
steps:
- name: Checkout of tyk-sync
uses: actions/checkout@v3.1.0
with:
fetch-depth: ${{ ! startsWith(github.ref, 'refs/tags') }}
- uses: docker/setup-qemu-action@v2
- uses: docker/setup-buildx-action@v1
- name: Login to DockerHub
if: startsWith(github.ref, 'refs/tags')
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Login to Cloudsmith
if: startsWith(github.ref, 'refs/tags')
uses: docker/login-action@v1
with:
registry: docker.tyk.io
username: ${{ secrets.CLOUDSMITH_USERNAME }}
password: ${{ secrets.CLOUDSMITH_API_KEY }}
- name: Unlock agent and set targets
id: targets
shell: bash
env:
NFPM_STD_PASSPHRASE: ${{ secrets.SIGNING_KEY_PASSPHRASE }}
GPG_FINGERPRINT: 12B5D62C28F57592D1575BD51ED14C59E37DAC20
PKG_SIGNING_KEY: ${{ secrets.SIGNING_KEY }}
run: |
bin/unlock-agent.sh
DOCKER_CFG_PATH="${DOCKER_CONFIG:-$HOME/.docker}/config.json"
jq '. + {"experimental": "enabled"}' "$DOCKER_CFG_PATH" > c.json && mv c.json "$DOCKER_CFG_PATH" || rm c.json
current_tag=${GITHUB_REF##*/}
echo "::set-output name=tag::${current_tag}"
if [[ $current_tag =~ .+-(qa|rc).* ]]; then
echo "::set-output name=upload::true"
echo "::set-output name=pc::tyk-sync-unstable"
echo "::debug file=.goreleaser.yml::Pushing to unstable repos"
# From https://semver.org/#is-there-a-suggested-regular-expression-regex-to-check-a-semver-string
# If this is a public release, the tag is of the form vX.Y.Z where X, Y, Z ∈ ℤ
elif [[ $current_tag =~ v(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*) ]]; then
echo "::set-output name=upload::true"
echo "::set-output name=pc::tyk-sync"
echo "::debug file=.goreleaser.yml::Pushing to stable repos"
else
echo "::set-output name=upload::false"
echo "::debug file=.goreleaser.yml::No uploads"
fi
- name: Delete old release assets
if: startsWith(github.ref, 'refs/tags')
uses: mknejp/delete-release-assets@v1
with:
token: ${{ github.token }}
tag: ${{ github.ref }}
fail-if-no-assets: false
fail-if-no-release: false
assets: |
*.deb
*.rpm
*.tar.gz
*.txt.sig
*.txt
- uses: goreleaser/goreleaser-action@v2
with:
version: 1.18.2
args: release --rm-dist
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
CGO_ENABLED: 0
NFPM_STD_PASSPHRASE: ${{ secrets.SIGNING_KEY_PASSPHRASE }}
NFPM_PAYG_PASSPHRASE: ${{ secrets.SIGNING_KEY_PASSPHRASE }}
GPG_FINGERPRINT: 12B5D62C28F57592D1575BD51ED14C59E37DAC20
PKG_SIGNING_KEY: ${{ secrets.SIGNING_KEY }}
- uses: actions/upload-artifact@v3
with:
name: deb
retention-days: 1
path: |
dist/*.deb
!dist/*PAYG*.deb
- uses: actions/upload-artifact@v3
with:
name: rpm
retention-days: 1
path: |
dist/*.rpm
!dist/*PAYG*.rpm
- uses: actions/upload-artifact@v3
with:
name: payg
retention-days: 1
path: dist/*PAYG*
ci:
needs:
- goreleaser
runs-on: ubuntu-latest
steps:
- name: Shallow checkout of tyk-sync
uses: actions/checkout@v3.1.0
with:
fetch-depth: 1
- name: Setup Terraform
uses: hashicorp/setup-terraform@v2.0.2
with:
cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
terraform_wrapper: false
- name: Get AWS creds from Terraform remote state
id: aws-creds
run: |
cd integration/terraform
terraform init -input=false
terraform refresh 2>&1 >/dev/null
eval $(terraform output -json tyk-sync | jq -r 'to_entries[] | [.key,.value] | join("=")')
region=$(terraform output region | xargs)
[ -z "$key" -o -z "$secret" -o -z "$region" ] && exit 1
echo "::set-output name=secret::$secret"
echo "::set-output name=key::$key"
echo "::set-output name=region::$region"
- name: Configure AWS credentials for use
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ steps.aws-creds.outputs.key }}
aws-secret-access-key: ${{ steps.aws-creds.outputs.secret }}
aws-region: ${{ steps.aws-creds.outputs.region }}
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
- uses: actions/download-artifact@v2
with:
name: deb
- uses: docker/setup-qemu-action@v2
- uses: docker/setup-buildx-action@v1
- name: CI build
uses: docker/build-push-action@v2
with:
push: true
context: "."
file: Dockerfile.std
platforms: linux/amd64,linux/arm64
tags: |
${{ steps.login-ecr.outputs.registry }}/tyk-sync:${{ needs.goreleaser.outputs.tag }}
${{ steps.login-ecr.outputs.registry }}/tyk-sync:${{ github.sha }}
- name: Tell gromit about new build
id: gromit
run: |
curl -fsSL -H "Authorization: ${{secrets.GROMIT_TOKEN}}" 'https://domu-kun.cloud.tyk.io/gromit/newbuild' \
-X POST -d '{ "repo": "${{ github.repository}}", "ref": "${{ github.ref }}", "sha": "${{ github.sha }}" }' || true
- name: Tell integration channel
if: ${{ failure() }}
run: |
colour=bad
pretext=":boom: Could not add new build $${{ github.ref }} from ${{ github.repository }} to CD. Please review this run and correct it if needed. See https://github.com/TykTechnologies/tyk-ci/wiki/IntegrationEnvironment for what this is about."
curl https://raw.githubusercontent.com/rockymadden/slack-cli/master/src/slack -o /tmp/slack && chmod +x /tmp/slack
/tmp/slack chat send \
--actions '{"type": "button", "style": "primary", "text": "See log", "url": "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"}' \
--author 'Bender' \
--author-icon 'https://hcoop.net/~alephnull/bender/bender-arms.jpg' \
--author-link 'https://github.com/TykTechnologies/tyk-ci' \
--channel '#service-integration' \
--color $colour \
--fields '{"title": "Repo", "value": "${{ github.repository }}", "short": false}' \
--footer 'github-actions' \
--footer-icon 'https://assets-cdn.github.com/images/modules/logos_page/Octocat.png' \
--image 'https://assets-cdn.github.com/images/modules/logos_page/Octocat.png' \
--pretext "$pretext" \
--text 'Commit message: ${{ github.event.head_commit.message }}' \
--title 'Failed to add new build for CD' \
--title-link 'https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}'
upgrade-deb:
runs-on: ubuntu-latest
needs: goreleaser
strategy:
fail-fast: false
matrix:
arch:
- amd64
- arm64
distro:
- ubuntu:xenial
- ubuntu:bionic
- ubuntu:focal
- debian:stretch
- debian:buster
steps:
- uses: actions/checkout@v3.1.0
with:
fetch-depth: 1
- uses: actions/download-artifact@v2
with:
name: deb
- uses: docker/setup-qemu-action@v2
- uses: docker/setup-buildx-action@v1
- name: generate dockerfile
run: |
echo 'FROM ${{ matrix.distro }}
ARG TARGETARCH
COPY tyk-sync*_${TARGETARCH}.deb /tyk-sync.deb
RUN apt-get update && apt-get install -y curl
RUN curl -fsSL https://packagecloud.io/install/repositories/tyk/tyk-sync/script.deb.sh | bash && apt-get install -y tyk-sync=1.2.0
RUN dpkg -i /tyk-sync.deb' > Dockerfile
- name: install on ${{ matrix.distro }}
uses: docker/build-push-action@v2
with:
context: "."
platforms: linux/${{ matrix.arch }}
file: Dockerfile
push: false
upgrade-rpm:
needs: goreleaser
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
distro:
- ubi7/ubi:7.9
- ubi8/ubi:8.3
steps:
- uses: actions/checkout@v3.1.0
with:
fetch-depth: 1
- uses: actions/download-artifact@v2
with:
name: rpm
- uses: docker/setup-buildx-action@v1
- name: generate dockerfile
run: |
echo 'FROM registry.access.redhat.com/${{ matrix.distro }}
COPY tyk-sync*_x86_64.rpm /tyk-sync.rpm
RUN yum install -y curl
RUN curl -s https://packagecloud.io/install/repositories/tyk/tyk-sync/script.rpm.sh | bash && yum install -y tyk-sync-1.2.0-1
RUN rpm -Uvh /tyk-sync.rpm' > Dockerfile
- name: install on ${{ matrix.distro }}
uses: docker/build-push-action@v2
with:
context: "."
file: Dockerfile
push: false
smoke-tests:
if: needs.goreleaser.outputs.upload == 'true'
needs:
- goreleaser
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3.1.0
with:
fetch-depth: 1
- name: Run tests
shell: bash
run: |
set -eaxo pipefail
if [ ! -d integration/smoke-tests ]; then
echo "::warning No smoke tests defined"
exit 0
fi
for d in integration/smoke-tests/*/
do
echo Attempting to test $d
if [ -d $d ]; then
cd $d
./test.sh ${{ needs.goreleaser.outputs.tag }}
cd -
fi
done
packagecloud:
if: needs.goreleaser.outputs.upload == 'true'
needs:
- smoke-tests
- goreleaser
runs-on: ubuntu-latest
steps:
- uses: actions/download-artifact@v2
with:
name: deb
path: dist
- uses: actions/download-artifact@v2
with:
name: rpm
path: dist
- name: Push to packagecloud
id: pc-push
uses: TykTechnologies/packagecloud-action@v1.1
env:
PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
with:
repo: tyk/${{ needs.goreleaser.outputs.pc }}
dir: dist
- name: Tell release channel
if: always()
run: |
colour=bad
pretext=":boom: Failed to push packages to ${{ needs.gorelease.outputs.pc }} for $${{ github.ref }}. Please review this run and correct it if needed."
if [[ ${{ steps.pc-push.outcome }} == "success" ]]; then
colour=good
pretext="Please review the draft release at https://github.com/${{ github.repository }}/releases and delete if not required."
fi
curl https://raw.githubusercontent.com/rockymadden/slack-cli/master/src/slack -o /tmp/slack && chmod +x /tmp/slack
/tmp/slack chat send \
--actions '{"type": "button", "style": "primary", "text": "See log", "url": "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"}' \
--author 'Bender' \
--author-icon 'https://hcoop.net/~alephnull/bender/bender-arms.jpg' \
--author-link 'https://github.com/TykTechnologies/tyk-ci' \
--channel '#service-release' \
--color $colour \
--fields '{"title": "Repo", "value": "${{ needs.goreleaser.outputs.pc }}", "short": false}' \
--footer 'github-actions' \
--footer-icon 'https://assets-cdn.github.com/images/modules/logos_page/Octocat.png' \
--image 'https://assets-cdn.github.com/images/modules/logos_page/Octocat.png' \
--pretext "$pretext" \
--text 'Commit message: ${{ github.event.head_commit.message }}' \
--title 'New version ${{ needs.goreleaser.outputs.tag }} for ${{ needs.goreleaser.outputs.pc }}' \
--title-link 'https://packagecloud.io/tyk/${{ needs.goreleaser.outputs.pc }}/'
# AWS updates only for stable releases
aws-mktplace-byol:
if: startsWith(github.ref, 'refs/tags/v3.0')
runs-on: ubuntu-latest
needs:
- smoke-tests
strategy:
matrix:
flavour:
- al2
- rhel
steps:
- name: Checkout tyk-sync
uses: actions/checkout@v3.1.0
with:
fetch-depth: 1
- uses: actions/download-artifact@v2
with:
name: rpm
path: aws
- name: Packer build
working-directory: ./aws
run: |
export VERSION=${{ needs.goreleaser.outputs.tag }}
packer validate -var-file=${{ matrix.flavour }}.vars.json byol.pkr.hcl
packer build -var-file=${{ matrix.flavour }}.vars.json byol.pkr.hcl