From 149fde3f7d3f5bbc0b0387da58c3f074d46ee11f Mon Sep 17 00:00:00 2001 From: Asutosh <1187055+asutosh@users.noreply.github.com> Date: Wed, 20 Dec 2023 18:43:26 +0530 Subject: [PATCH] [SYSE-304]: Update release engineering code (#131) - Updates all the releng code to follow the current structure that is templated using gromit.(with the ci/ directory hierarchy and everything) - Removes all the bits that are not relevant to the CLI app(service files, post install, pre install scripts for packages etc.) - Fixes all the upgrade tests that were out of date. - The version injection wasn't working correctly because the current VERSION string cmd.VERSION was a const so not injectable at build time, changes this to a var. - Updates the Dockerfile to use a non-root user as sonarcloud was complaining - should not be an issue running as a non-root/non-system user as it's just a cli app. --- .github/workflows/del-env.yml | 24 -- .github/workflows/release.yml | 322 ++++----------------------- Dockerfile.slim | 16 -- Dockerfile.std | 26 --- aws/byol.pkr.hcl | 121 ---------- Dockerfile => ci/Dockerfile.std | 12 +- {bin => ci/bin}/unlock-agent.sh | 0 .goreleaser.yml => ci/goreleaser.yml | 103 +++------ cmd/version.go | 2 +- install/before_install.sh | 17 -- integration/terraform/outputs.tf | 28 --- utils/dist_build.sh | 92 -------- utils/dist_push.sh | 29 --- 13 files changed, 82 insertions(+), 710 deletions(-) delete mode 100644 .github/workflows/del-env.yml delete mode 100644 Dockerfile.slim delete mode 100644 Dockerfile.std delete mode 100644 aws/byol.pkr.hcl rename Dockerfile => ci/Dockerfile.std (59%) rename {bin => ci/bin}/unlock-agent.sh (100%) rename .goreleaser.yml => ci/goreleaser.yml (59%) delete mode 100644 install/before_install.sh delete mode 100644 integration/terraform/outputs.tf delete mode 100755 utils/dist_build.sh delete mode 100644 utils/dist_push.sh diff --git a/.github/workflows/del-env.yml b/.github/workflows/del-env.yml deleted file mode 100644 index 5871e82..0000000 --- a/.github/workflows/del-env.yml +++ /dev/null @@ -1,24 +0,0 @@ -# Generated by: tyk-ci/wf-gen -# Generated on: Thu Sep 23 14:04:37 UTC 2021 - -# Generation commands: -# ./pr.zsh -repos tyk-sync -title releng: latest releng -branch releng/updates -# m4 -E -DxREPO=tyk-sync - -name: Retiring dev env - -on: - delete: - branches: - - feature/* - - integration/* - -jobs: - retire: - runs-on: ubuntu-latest - - steps: - - name: Tell gromit about deleted branch - run: | - curl -fsSL -H "Authorization: ${{secrets.GROMIT_TOKEN}}" "https://domu-kun.cloud.tyk.io/gromit/env/${GITHUB_REF##*/}" \ - -X DELETE diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 72bb4a6..eba0a5e 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -22,44 +22,42 @@ on: branches: - master - release-** - - integration/** - - feature/** - - perf/** tags: - 'v*' - -env: - SLACK_CLI_TOKEN: ${{ secrets.BENDER_TOKEN }} jobs: goreleaser: runs-on: ubuntu-latest - + container: tykio/golang-cross:1.19-bullseye + env: + debvers: 'ubuntu/bionic ubuntu/focal ubuntu/jammy debian/bullseye debian/bookworm' + rpmvers: 'el/8 el/9 amazon/2023' outputs: tag: ${{ steps.targets.outputs.tag }} - upload: ${{ steps.targets.outputs.upload }} - pc: ${{ steps.targets.outputs.pc }} steps: - name: Checkout of tyk-sync - uses: actions/checkout@v3.1.0 + uses: actions/checkout@v4 with: - fetch-depth: ${{ ! startsWith(github.ref, 'refs/tags') }} + fetch-depth: 1 - - uses: docker/setup-qemu-action@v2 + - name: Set git dafe.directory + run: git config --global --add safe.directory $GITHUB_WORKSPACE + + - uses: docker/setup-qemu-action@v3 - - uses: docker/setup-buildx-action@v1 + - uses: docker/setup-buildx-action@v3 - name: Login to DockerHub if: startsWith(github.ref, 'refs/tags') - uses: docker/login-action@v1 + uses: docker/login-action@v3 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: Login to Cloudsmith if: startsWith(github.ref, 'refs/tags') - uses: docker/login-action@v1 + uses: docker/login-action@v3 with: registry: docker.tyk.io username: ${{ secrets.CLOUDSMITH_USERNAME }} @@ -73,52 +71,21 @@ jobs: GPG_FINGERPRINT: 12B5D62C28F57592D1575BD51ED14C59E37DAC20 PKG_SIGNING_KEY: ${{ secrets.SIGNING_KEY }} run: | - bin/unlock-agent.sh - DOCKER_CFG_PATH="${DOCKER_CONFIG:-$HOME/.docker}/config.json" - jq '. + {"experimental": "enabled"}' "$DOCKER_CFG_PATH" > c.json && mv c.json "$DOCKER_CFG_PATH" || rm c.json - current_tag=${GITHUB_REF##*/} - echo "::set-output name=tag::${current_tag}" - if [[ $current_tag =~ .+-(qa|rc).* ]]; then - echo "::set-output name=upload::true" - echo "::set-output name=pc::tyk-sync-unstable" - echo "::debug file=.goreleaser.yml::Pushing to unstable repos" - # From https://semver.org/#is-there-a-suggested-regular-expression-regex-to-check-a-semver-string - # If this is a public release, the tag is of the form vX.Y.Z where X, Y, Z ∈ ℤ - elif [[ $current_tag =~ v(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*) ]]; then - echo "::set-output name=upload::true" - echo "::set-output name=pc::tyk-sync" - echo "::debug file=.goreleaser.yml::Pushing to stable repos" - else - echo "::set-output name=upload::false" - echo "::debug file=.goreleaser.yml::No uploads" - fi - - - name: Delete old release assets - if: startsWith(github.ref, 'refs/tags') - uses: mknejp/delete-release-assets@v1 - with: - token: ${{ github.token }} - tag: ${{ github.ref }} - fail-if-no-assets: false - fail-if-no-release: false - assets: | - *.deb - *.rpm - *.tar.gz - *.txt.sig - *.txt - - - uses: goreleaser/goreleaser-action@v2 + ci/bin/unlock-agent.sh + + - uses: goreleaser/goreleaser-action@v5 with: version: latest - args: release --rm-dist + args: release --clean -f ci/goreleaser.yml ${{ !startsWith(github.ref, 'refs/tags/') && ' --snapshot' || '' }} env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - CGO_ENABLED: 0 NFPM_STD_PASSPHRASE: ${{ secrets.SIGNING_KEY_PASSPHRASE }} NFPM_PAYG_PASSPHRASE: ${{ secrets.SIGNING_KEY_PASSPHRASE }} GPG_FINGERPRINT: 12B5D62C28F57592D1575BD51ED14C59E37DAC20 PKG_SIGNING_KEY: ${{ secrets.SIGNING_KEY }} + RPMVERS: ${{ env.rpmvers }} + DEBVERS: ${{ env.debvers }} + PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }} - uses: actions/upload-artifact@v3 with: @@ -126,7 +93,6 @@ jobs: retention-days: 1 path: | dist/*.deb - !dist/*PAYG*.deb - uses: actions/upload-artifact@v3 with: @@ -134,101 +100,7 @@ jobs: retention-days: 1 path: | dist/*.rpm - !dist/*PAYG*.rpm - - - uses: actions/upload-artifact@v3 - with: - name: payg - retention-days: 1 - path: dist/*PAYG* - - ci: - needs: - - goreleaser - runs-on: ubuntu-latest - - steps: - - name: Shallow checkout of tyk-sync - uses: actions/checkout@v3.1.0 - with: - fetch-depth: 1 - - name: Setup Terraform - uses: hashicorp/setup-terraform@v2.0.2 - with: - cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} - terraform_wrapper: false - - - name: Get AWS creds from Terraform remote state - id: aws-creds - run: | - cd integration/terraform - terraform init -input=false - terraform refresh 2>&1 >/dev/null - eval $(terraform output -json tyk-sync | jq -r 'to_entries[] | [.key,.value] | join("=")') - region=$(terraform output region | xargs) - [ -z "$key" -o -z "$secret" -o -z "$region" ] && exit 1 - echo "::set-output name=secret::$secret" - echo "::set-output name=key::$key" - echo "::set-output name=region::$region" - - - name: Configure AWS credentials for use - uses: aws-actions/configure-aws-credentials@v1 - with: - aws-access-key-id: ${{ steps.aws-creds.outputs.key }} - aws-secret-access-key: ${{ steps.aws-creds.outputs.secret }} - aws-region: ${{ steps.aws-creds.outputs.region }} - - - name: Login to Amazon ECR - id: login-ecr - uses: aws-actions/amazon-ecr-login@v1 - - - uses: actions/download-artifact@v2 - with: - name: deb - - - uses: docker/setup-qemu-action@v2 - - - uses: docker/setup-buildx-action@v1 - - - name: CI build - uses: docker/build-push-action@v2 - with: - push: true - context: "." - file: Dockerfile.std - platforms: linux/amd64,linux/arm64 - tags: | - ${{ steps.login-ecr.outputs.registry }}/tyk-sync:${{ needs.goreleaser.outputs.tag }} - ${{ steps.login-ecr.outputs.registry }}/tyk-sync:${{ github.sha }} - - - name: Tell gromit about new build - id: gromit - run: | - curl -fsSL -H "Authorization: ${{secrets.GROMIT_TOKEN}}" 'https://domu-kun.cloud.tyk.io/gromit/newbuild' \ - -X POST -d '{ "repo": "${{ github.repository}}", "ref": "${{ github.ref }}", "sha": "${{ github.sha }}" }' || true - - - name: Tell integration channel - if: ${{ failure() }} - run: | - colour=bad - pretext=":boom: Could not add new build $${{ github.ref }} from ${{ github.repository }} to CD. Please review this run and correct it if needed. See https://github.com/TykTechnologies/tyk-ci/wiki/IntegrationEnvironment for what this is about." - curl https://raw.githubusercontent.com/rockymadden/slack-cli/master/src/slack -o /tmp/slack && chmod +x /tmp/slack - /tmp/slack chat send \ - --actions '{"type": "button", "style": "primary", "text": "See log", "url": "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"}' \ - --author 'Bender' \ - --author-icon 'https://hcoop.net/~alephnull/bender/bender-arms.jpg' \ - --author-link 'https://github.com/TykTechnologies/tyk-ci' \ - --channel '#service-integration' \ - --color $colour \ - --fields '{"title": "Repo", "value": "${{ github.repository }}", "short": false}' \ - --footer 'github-actions' \ - --footer-icon 'https://assets-cdn.github.com/images/modules/logos_page/Octocat.png' \ - --image 'https://assets-cdn.github.com/images/modules/logos_page/Octocat.png' \ - --pretext "$pretext" \ - --text 'Commit message: ${{ github.event.head_commit.message }}' \ - --title 'Failed to add new build for CD' \ - --title-link 'https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}' upgrade-deb: runs-on: ubuntu-latest @@ -240,24 +112,24 @@ jobs: - amd64 - arm64 distro: - - ubuntu:xenial - ubuntu:bionic - ubuntu:focal - - debian:stretch - - debian:buster + - ubuntu:jammy + - debian:bullseye + - debian:bookworm steps: - - uses: actions/checkout@v3.1.0 + - uses: actions/checkout@v4 with: fetch-depth: 1 - - uses: actions/download-artifact@v2 + - uses: actions/download-artifact@v3 with: name: deb - uses: docker/setup-qemu-action@v2 - - uses: docker/setup-buildx-action@v1 + - uses: docker/setup-buildx-action@v3 - name: generate dockerfile run: | @@ -270,7 +142,7 @@ jobs: RUN dpkg -i /tyk-sync.deb' > Dockerfile - name: install on ${{ matrix.distro }} - uses: docker/build-push-action@v2 + uses: docker/build-push-action@v5 with: context: "." platforms: linux/${{ matrix.arch }} @@ -284,149 +156,37 @@ jobs: fail-fast: false matrix: distro: - - ubi7/ubi:7.9 - - ubi8/ubi:8.3 + - amazonlinux:2023 + - registry.access.redhat.com/ubi8/ubi + - registry.access.redhat.com/ubi9/ubi steps: - - uses: actions/checkout@v3.1.0 + - uses: actions/checkout@v4 with: fetch-depth: 1 - - uses: actions/download-artifact@v2 + - uses: actions/download-artifact@v3 with: name: rpm - - uses: docker/setup-buildx-action@v1 + - uses: docker/setup-buildx-action@v3 - name: generate dockerfile run: | - echo 'FROM registry.access.redhat.com/${{ matrix.distro }} - COPY tyk-sync*_x86_64.rpm /tyk-sync.rpm - RUN yum install -y curl + echo 'FROM ${{ matrix.distro }} + COPY tyk-sync*.x86_64.rpm /tyk-sync.rpm + RUN yum install --allowerasing -y curl RUN curl -s https://packagecloud.io/install/repositories/tyk/tyk-sync/script.rpm.sh | bash && yum install -y tyk-sync-1.2.0-1 - RUN rpm -Uvh /tyk-sync.rpm' > Dockerfile + RUN curl https://keyserver.tyk.io/tyk.io.rpm.signing.key.2020 -o tyk-sync.key && rpm --import tyk-sync.key + RUN rpm --checksig tyk-sync.rpm + + RUN rpm -Uvh --force tyk-sync.rpm' > Dockerfile - name: install on ${{ matrix.distro }} - uses: docker/build-push-action@v2 + uses: docker/build-push-action@v5 with: context: "." file: Dockerfile push: false - smoke-tests: - if: needs.goreleaser.outputs.upload == 'true' - needs: - - goreleaser - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v3.1.0 - with: - fetch-depth: 1 - - - name: Run tests - shell: bash - run: | - set -eaxo pipefail - if [ ! -d integration/smoke-tests ]; then - echo "::warning No smoke tests defined" - exit 0 - fi - for d in integration/smoke-tests/*/ - do - echo Attempting to test $d - if [ -d $d ]; then - cd $d - ./test.sh ${{ needs.goreleaser.outputs.tag }} - cd - - fi - done - - - packagecloud: - if: needs.goreleaser.outputs.upload == 'true' - needs: - - smoke-tests - - goreleaser - runs-on: ubuntu-latest - - steps: - - uses: actions/download-artifact@v2 - with: - name: deb - path: dist - - - uses: actions/download-artifact@v2 - with: - name: rpm - path: dist - - - name: Push to packagecloud - id: pc-push - uses: TykTechnologies/packagecloud-action@v1.1 - env: - PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }} - with: - repo: tyk/${{ needs.goreleaser.outputs.pc }} - dir: dist - - - name: Tell release channel - if: always() - run: | - colour=bad - pretext=":boom: Failed to push packages to ${{ needs.gorelease.outputs.pc }} for $${{ github.ref }}. Please review this run and correct it if needed." - if [[ ${{ steps.pc-push.outcome }} == "success" ]]; then - colour=good - pretext="Please review the draft release at https://github.com/${{ github.repository }}/releases and delete if not required." - fi - - curl https://raw.githubusercontent.com/rockymadden/slack-cli/master/src/slack -o /tmp/slack && chmod +x /tmp/slack - /tmp/slack chat send \ - --actions '{"type": "button", "style": "primary", "text": "See log", "url": "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"}' \ - --author 'Bender' \ - --author-icon 'https://hcoop.net/~alephnull/bender/bender-arms.jpg' \ - --author-link 'https://github.com/TykTechnologies/tyk-ci' \ - --channel '#service-release' \ - --color $colour \ - --fields '{"title": "Repo", "value": "${{ needs.goreleaser.outputs.pc }}", "short": false}' \ - --footer 'github-actions' \ - --footer-icon 'https://assets-cdn.github.com/images/modules/logos_page/Octocat.png' \ - --image 'https://assets-cdn.github.com/images/modules/logos_page/Octocat.png' \ - --pretext "$pretext" \ - --text 'Commit message: ${{ github.event.head_commit.message }}' \ - --title 'New version ${{ needs.goreleaser.outputs.tag }} for ${{ needs.goreleaser.outputs.pc }}' \ - --title-link 'https://packagecloud.io/tyk/${{ needs.goreleaser.outputs.pc }}/' - - # AWS updates only for stable releases - aws-mktplace-byol: - if: startsWith(github.ref, 'refs/tags/v3.0') - runs-on: ubuntu-latest - needs: - - smoke-tests - strategy: - matrix: - flavour: - - al2 - - rhel - - steps: - - name: Checkout tyk-sync - uses: actions/checkout@v3.1.0 - with: - fetch-depth: 1 - - - uses: actions/download-artifact@v2 - with: - name: rpm - path: aws - - - name: Packer build - working-directory: ./aws - run: | - export VERSION=${{ needs.goreleaser.outputs.tag }} - packer validate -var-file=${{ matrix.flavour }}.vars.json byol.pkr.hcl - packer build -var-file=${{ matrix.flavour }}.vars.json byol.pkr.hcl - - - diff --git a/Dockerfile.slim b/Dockerfile.slim deleted file mode 100644 index 88d8e8c..0000000 --- a/Dockerfile.slim +++ /dev/null @@ -1,16 +0,0 @@ -# Generated by: tyk-ci/wf-gen -# Generated on: Thu Sep 23 14:04:36 UTC 2021 - -# Generation commands: -# ./pr.zsh -repos tyk-sync -title releng: latest releng -branch releng/updates -# m4 -E -DxREPO=tyk-sync - -FROM gcr.io/distroless/static-debian10 -WORKDIR /opt/tyk-sync -COPY tyk-sync . - -ARG PORTS -EXPOSE $PORTS - -ENTRYPOINT ["/opt/tyk-sync/tyk-sync" ] -CMD [ "--conf=/opt/tyk-sync/tyk-sync.conf" ] diff --git a/Dockerfile.std b/Dockerfile.std deleted file mode 100644 index 117b482..0000000 --- a/Dockerfile.std +++ /dev/null @@ -1,26 +0,0 @@ -# Generated by: tyk-ci/wf-gen -# Generated on: Thu Sep 23 14:04:36 UTC 2021 - -# Generation commands: -# ./pr.zsh -repos tyk-sync -title releng: latest releng -branch releng/updates -# m4 -E -DxREPO=tyk-sync - -FROM debian:buster-slim -ARG TARGETARCH - -RUN apt-get update \ - && apt-get dist-upgrade -y ca-certificates - - - -COPY *${TARGETARCH}.deb / -RUN dpkg -i /tyk-sync*${TARGETARCH}.deb && rm /*.deb - -ARG PORTS - -EXPOSE $PORTS - -WORKDIR /opt/tyk-sync/ - -ENTRYPOINT ["/opt/tyk-sync/tyk-sync" ] -CMD [ "--conf=/opt/tyk-sync/tyk-sync.conf" ] diff --git a/aws/byol.pkr.hcl b/aws/byol.pkr.hcl deleted file mode 100644 index 2fc8d11..0000000 --- a/aws/byol.pkr.hcl +++ /dev/null @@ -1,121 +0,0 @@ -# Generated by: tyk-ci/wf-gen -# Generated on: Thu Sep 23 14:04:36 UTC 2021 - -# Generation commands: -# ./pr.zsh -repos tyk-sync -title releng: latest releng -branch releng/updates -# m4 -E -DxREPO=tyk-sync - -variable "aws_access_key" { - type = string - default = "${env("AWS_ACCESS_KEY_ID")}" - sensitive = true -} - -variable "aws_secret_key" { - type = string - default = "${env("AWS_SECRET_ACCESS_KEY")}" - sensitive = true -} - -variable "flavour" { - description = "OS Flavour" - type = string -} - -variable "source_ami_owner" { - type = string -} - -variable "ami_search_string" { - type = string -} - - - -variable "region" { - type = string - default = "us-east-1" -} - -variable "version" { - type = string - default = "${env("VERSION")}" -} - -# "timestamp" template function replacement -locals { - timestamp = regex_replace(timestamp(), "[- TZ:]", "") - extn_map = { - AWSLinux = "deb" - Redhat = "rpm" - } -} - -# source blocks are generated from your builders; a source can be referenced in -# build blocks. A build block runs provisioner and post-processors on a -# source. Read the documentation for source blocks here: -# https://www.packer.io/docs/from-1.5/blocks/source -source "amazon-ebs" "byol" { - access_key = "${var.aws_access_key}" - ami_name = "BYOL tyk-sync ${var.version} (${var.flavour})" - ami_regions = "${var.destination_regions}" - ena_support = true - force_delete_snapshot = true - force_deregister = true - instance_type = "t3.micro" - region = "${var.region}" - secret_key = "${var.aws_secret_key}" - source_ami = "${var.source_ami}" - source_ami_filter { - filters = { - architecture = "x86_64" - "block-device-mapping.volume-type" = "gp2" - name = "${var.ami_search_string}" - root-device-type = "ebs" - sriov-net-support = "simple" - virtualization-type = "hvm" - } - most_recent = true - owners = ["${var.source_ami_owner}"] - } - sriov_support = true - ssh_username = "ec2-user" - subnet_filter { - filters = { - "tag:Class" = "build" - } - most_free = true - random = false - } - tags = { - Component = "tyk-sync" - Flavour = "${var.flavour}" - Product = "byol" - Version = "${var.version}" - } -} - -# a build block invokes sources and runs provisioning steps on them. The -# documentation for build blocks can be found here: -# https://www.packer.io/docs/from-1.5/blocks/build -build { - sources = ["source.amazon-ebs.byol"] - - - provisioner "file" { - destination = "/tmp/semver.sh" - source = "utils/semver.sh" - } - provisioner "file" { - destination = "/tyk-sync.${lookup(local.extn_map, var.flavour)}" - source = "deb/*amd64.deb" - } - provisioner "file" { - destination = "/tmp/10-run-tyk.conf" - source = "utils/10-run-tyk.conf" - } - provisioner "shell" { - environment_vars = ["VERSION=${var.version}" ] - script = "byol/install-tyk-sync.sh" - } -} diff --git a/Dockerfile b/ci/Dockerfile.std similarity index 59% rename from Dockerfile rename to ci/Dockerfile.std index 074d35d..3a248d0 100644 --- a/Dockerfile +++ b/ci/Dockerfile.std @@ -1,14 +1,20 @@ -FROM debian:buster-slim +FROM debian:bookworm-slim RUN apt-get update \ && apt-get dist-upgrade -y \ - curl ca-certificates apt-transport-https debian-archive-keyring gnupg \ - && apt-get purge -y gnupg \ + curl ca-certificates apt-transport-https debian-archive-keyring gnupg + +RUN adduser --no-create-home --disabled-login tyk + +RUN rm -fv /usr/bin/passwd /usr/bin/adduser || true + +RUN apt-get purge -y gnupg \ && apt-get autoremove -y \ && rm -rf /root/.cache COPY tyk-sync /opt/tyk-sync/tyk-sync WORKDIR /opt/tyk-sync +USER tyk ENTRYPOINT ["./tyk-sync"] diff --git a/bin/unlock-agent.sh b/ci/bin/unlock-agent.sh similarity index 100% rename from bin/unlock-agent.sh rename to ci/bin/unlock-agent.sh diff --git a/.goreleaser.yml b/ci/goreleaser.yml similarity index 59% rename from .goreleaser.yml rename to ci/goreleaser.yml index bac1f4c..1f4db94 100644 --- a/.goreleaser.yml +++ b/ci/goreleaser.yml @@ -16,32 +16,25 @@ builds: - id: std ldflags: - - -X main.VERSION={{.Version}} -X main.commit={{.FullCommit}} -X main.buildDate={{.Date}} -X main.builtBy=goreleaser + - -X github.com/TykTechnologies/tyk-sync/cmd.VERSION={{.Version}} goos: - linux - darwin + - windows goarch: - amd64 - arm64 - # static builds strip symbols and do not allow plugins - - id: static-amd64 - ldflags: - - -s -w -X main.VERSION={{.Version}} -X main.commit={{.FullCommit}} -X main.buildDate={{.Date}} -X main.builtBy=goreleaser - goos: - - linux - goarch: - - amd64 + env: + - CGO_ENABLED=0 dockers: -# Build tykio/xDH_REPO, cloudsmith/xCOMPATIBILITY_NAME (amd64) - ids: - std image_templates: - "tykio/tyk-sync:{{ .Tag }}-amd64" - "docker.tyk.io/tyk-sync/tyk-sync:{{ .Tag }}" build_flag_templates: - - "--build-arg=PORTS=80" - "--platform=linux/amd64" - "--label=org.opencontainers.image.created={{.Date}}" - "--label=org.opencontainers.image.title={{.ProjectName}}" @@ -50,9 +43,8 @@ dockers: use: buildx goarch: amd64 goos: linux - dockerfile: Dockerfile.std + dockerfile: ci/Dockerfile.std extra_files: - - "install/" - "README.md" # Build tykio/xDH_REPO, cloudsmith/xCOMPATIBILITY_NAME (arm64) @@ -62,7 +54,6 @@ dockers: - "tykio/tyk-sync:{{ .Tag }}-arm64" - "docker.tyk.io/tyk-sync/tyk-sync:{{ .Tag }}-arm64" build_flag_templates: - - "--build-arg=PORTS=80" - "--platform=linux/arm64" - "--label=org.opencontainers.image.created={{.Date}}" - "--label=org.opencontainers.image.title={{.ProjectName}}-arm64" @@ -71,30 +62,10 @@ dockers: use: buildx goarch: arm64 goos: linux - dockerfile: Dockerfile.std + dockerfile: ci/Dockerfile.std extra_files: - - "install/" - "README.md" -- ids: - - static-amd64 - image_templates: - - "tykio/tyk-sync:s{{ .Version }}" - - "tykio/tyk-sync:s{{ .Major }}.{{ .Minor }}" - - "docker.tyk.io/tyk-sync/tyk-sync:s{{ .Version }}" - - "docker.tyk.io/tyk-sync/tyk-sync:s{{ .Major }}.{{ .Minor }}" - build_flag_templates: - - "--build-arg=PORTS=80" - - "--label=org.opencontainers.image.created={{.Date}}" - - "--label=org.opencontainers.image.title={{.ProjectName}}-slim" - - "--label=org.opencontainers.image.revision={{.FullCommit}}" - - "--label=org.opencontainers.image.version={{.Version}}" - goarch: amd64 - goos: linux - dockerfile: Dockerfile.slim - extra_files: - - "install/" - - "README.md" docker_manifests: @@ -113,10 +84,14 @@ nfpms: vendor: "Tyk Technologies Ltd" homepage: "https://tyk.io" maintainer: "Tyk " - description: + description: |- + Tyk Sync is a command line tool and library to manage and + synchronise a Tyk installation with your version control system (VCS). package_name: tyk-sync + file_name_template: "{{ .ConventionalFileName }}" + bindir: /opt/tyk-sync + section: utils builds: - - std formats: - deb @@ -124,19 +99,6 @@ nfpms: contents: - src: "README.md" dst: "/opt/share/docs/tyk-sync/README.md" - - src: "install/*" - dst: "/opt/tyk-sync/install" - scripts: - preinstall: "install/before_install.sh" - bindir: "/opt/tyk-sync" - overrides: - rpm: - replacements: - amd64: x86_64 - arm: aarch64 - deb: - replacements: - arm: arm64 rpm: signature: key_file: tyk.io.signing.key @@ -144,33 +106,30 @@ nfpms: signature: key_file: tyk.io.signing.key type: origin - - - -archives: -- id: std-linux - builds: - - - std - files: - - README.md - - "install/*" - -- id: static-amd64 - name_template: "{{ .ProjectName }}_{{ .Version }}_static_{{ .Os }}_{{ .Arch }}" - builds: - - static-amd64 - files: - - README.md - - + lintian_overrides: + - changelog-file-missing-in-native-package + +publishers: + - name: tyk-sync-unstable + env: + - PACKAGECLOUD_TOKEN={{ .Env.PACKAGECLOUD_TOKEN }} + - REPO=tyk/tyk-sync-unstable + - RPMVERS={{ .Env.RPMVERS }} + - DEBVERS={{ .Env.DEBVERS }} + cmd: /pc.sh {{ .ArtifactPath }} checksum: disable: false -signs: +archives: - id: std - artifacts: checksum + builds: + - std + format_overrides: + - goos: windows + format: zip + files: + - README.md changelog: sort: asc diff --git a/cmd/version.go b/cmd/version.go index 2dca2ea..a10797b 100644 --- a/cmd/version.go +++ b/cmd/version.go @@ -6,7 +6,7 @@ import ( "github.com/spf13/cobra" ) -const VERSION = "1.4.2" +var VERSION = "1.4.2" func init() { RootCmd.AddCommand(versionCmd) diff --git a/install/before_install.sh b/install/before_install.sh deleted file mode 100644 index 6aca56f..0000000 --- a/install/before_install.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash - -# Generated by: tyk-ci/wf-gen -# Generated on: Thu Sep 23 14:04:37 UTC 2021 - -# Generation commands: -# ./pr.zsh -repos tyk-sync -title releng: latest releng -branch releng/updates -# m4 -E -DxREPO=tyk-sync - - -echo "Creating user and group..." -GROUPNAME="tyk" -USERNAME="tyk" - -getent group "$GROUPNAME" >/dev/null || groupadd -r "$GROUPNAME" -getent passwd "$USERNAME" >/dev/null || useradd -r -g "$GROUPNAME" -M -s /sbin/nologin -c "Tyk service user" "$USERNAME" - diff --git a/integration/terraform/outputs.tf b/integration/terraform/outputs.tf deleted file mode 100644 index 1bb47c1..0000000 --- a/integration/terraform/outputs.tf +++ /dev/null @@ -1,28 +0,0 @@ -# Generated by: tyk-ci/wf-gen -# Generated on: Thu Sep 23 14:04:37 UTC 2021 - -# Generation commands: -# ./pr.zsh -repos tyk-sync -title releng: latest releng -branch releng/updates -# m4 -E -DxREPO=tyk-sync - - -data "terraform_remote_state" "integration" { - backend = "remote" - - config = { - organization = "Tyk" - workspaces = { - name = "base-prod" - } - } -} - -output "tyk-sync" { - value = data.terraform_remote_state.integration.outputs.tyk-sync - description = "ECR creds for tyk-sync repo" -} - -output "region" { - value = data.terraform_remote_state.integration.outputs.region - description = "Region in which the env is running" -} diff --git a/utils/dist_build.sh b/utils/dist_build.sh deleted file mode 100755 index 24840cc..0000000 --- a/utils/dist_build.sh +++ /dev/null @@ -1,92 +0,0 @@ -#!/bin/bash - -set -ex - -: ${ORGDIR:="/src/github.com/TykTechnologies"} -: ${SIGNKEY:="12B5D62C28F57592D1575BD51ED14C59E37DAC20"} -: ${BUILDPKGS:="1"} -: ${SIGNPKGS:="1"} -TYK_IB_SRC_DIR=$ORGDIR/tyk-sync -BUILDTOOLSDIR=$TYK_IB_SRC_DIR/build_tools - -if [ $BUILDPKGS == "1" ]; then - echo Configuring gpg-agent-config to accept a passphrase - mkdir ~/.gnupg && chmod 700 ~/.gnupg - cat >> ~/.gnupg/gpg-agent.conf <" - --url "https://tyk.io" - -s dir - -C $BUILD_DIR -) - -for arch in i386 amd64 arm64 -do - echo "Creating $arch Tarball" - cd $TYK_IB_SRC_DIR - mv tyk-sync_linux_${arch/i386/386} $BUILD_DIR/tyk-sync - cd $RELEASE_DIR - tar -pczf $RELEASE_DIR/tyk-sync-$arch-$VERSION.tar.gz $BUILD/ - - if [ $BUILDPKGS == "1" ]; then - echo "Building $arch packages" - fpm "${FPMCOMMON[@]}" -a $arch -t deb ./=/opt/tyk-sync - fpm "${FPMCOMMON[@]}" -a $arch -t rpm ./=/opt/tyk-sync - - if [ $SIGNPKGS == "1" ]; then - echo "Signing $arch RPM" - rpm --define "%_gpg_name Team Tyk (package signing) " \ - --define "%__gpg /usr/bin/gpg" \ - --addsign *.rpm || (cat /tmp/gpg-agent.log; exit 1) - echo "Signing $arch DEB" - for i in *.deb - do - dpkg-sig --sign builder -k $SIGNKEY $i || (cat /tmp/gpg-agent.log; exit 1) - done - fi - - fi -done diff --git a/utils/dist_push.sh b/utils/dist_push.sh deleted file mode 100644 index 39a274f..0000000 --- a/utils/dist_push.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash -: ${ORGDIR:="/src/github.com/TykTechnologies"} -: ${SOURCEBINPATH:="${ORGDIR}/tyk-sync"} -: ${DEBVERS:="ubuntu/xenial ubuntu/bionic debian/jessie debian/stretch debian/buster"} -: ${RPMVERS:="el/6 el/7"} -: ${PKGNAME:="tyk-sync"} - -RELEASE_DIR="$SOURCEBINPATH/build" -export PACKAGECLOUDREPO=$PC_TARGET - -cd $RELEASE_DIR/ - -for arch in i386 amd64 arm64 -do - debName="${PKGNAME}_${VERSION}_${arch}.deb" - rpmName="${PKGNAME}-$VERSION-1.${arch/amd64/x86_64}.rpm" - - for ver in $DEBVERS - do - echo "Pushing $debName to PackageCloud $ver" - package_cloud push tyk/$PACKAGECLOUDREPO/$ver $debName - done - - for ver in $RPMVERS - do - echo "Pushing $rpmName to PackageCloud $ver" - package_cloud push tyk/$PACKAGECLOUDREPO/$ver $rpmName - done -done