From 1145397f4ab10904287b77f48edc2f6fb6759cf2 Mon Sep 17 00:00:00 2001 From: Alok G Singh Date: Wed, 26 Jul 2023 17:11:50 +0800 Subject: [PATCH] Auto generated from templates by gromit (#692) Co-authored-by: Gromit --- .github/dependabot.yml | 2 +- .github/workflows/release.yml | 144 +++++++++++----------------------- ci/Dockerfile.std | 2 +- ci/aws/byol.pkr.hcl | 2 +- ci/goreleaser/goreleaser.yml | 127 +++++++++++++----------------- ci/install/before_install.sh | 2 +- ci/install/post_install.sh | 2 +- ci/install/post_remove.sh | 2 +- ci/install/post_trans.sh | 2 +- 9 files changed, 108 insertions(+), 177 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index b9d2b23e3..bffb4d534 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,6 +1,6 @@ # Generated by: gromit policy -# Generated on: Wed May 10 06:24:08 UTC 2023 +# Generated on: Wed Jul 26 08:25:03 UTC 2023 version: 2 updates: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 8f0626d1b..f6509fa51 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,15 +1,12 @@ - # Generated by: gromit policy -# Generated on: Wed May 10 06:24:08 UTC 2023 - +# Generated on: Wed Jul 26 08:25:03 UTC 2023 # Distribution channels covered by this workflow # - Ubuntu and Debian -# - RHEL/OL -# - tarballs +# - RHEL and AL # - docker hub # - devenv ECR -# - AWS mktplace +# - AWS mktplace (not active atm) # - Cloudsmith name: Release @@ -35,11 +32,11 @@ jobs: strategy: fail-fast: false matrix: - golang_cross: [1.19-bullseye] + golang_cross: [ 1.19-bullseye ] include: - golang_cross: 1.19-bullseye goreleaser: 'ci/goreleaser/goreleaser.yml' - rpmvers: ' el/7 el/8 el/9' + rpmvers: 'el/7 el/8 el/9 amazon/2 amazon/2023' debvers: 'ubuntu/xenial ubuntu/bionic ubuntu/focal ubuntu/jammy debian/jessie debian/buster debian/bullseye' outputs: tag: ${{ steps.targets.outputs.tag }} @@ -106,7 +103,7 @@ jobs: - uses: goreleaser/goreleaser-action@v4 with: - version: 1.18.2 + version: latest args: release --clean -f ${{ matrix.goreleaser }} ${{ !startsWith(github.ref, 'refs/tags/') && ' --snapshot' || '' }} env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -119,7 +116,6 @@ jobs: DEBVERS: ${{ matrix.debvers }} RPMVERS: ${{ matrix.rpmvers }} PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }} - - uses: actions/upload-artifact@v3 with: name: deb @@ -139,37 +135,21 @@ jobs: needs: - goreleaser runs-on: ubuntu-latest + permissions: + id-token: write # This is required for requesting the JWT + contents: read # This is required for actions/checkout steps: - name: Shallow checkout of tyk-pump uses: actions/checkout@v3 with: fetch-depth: 1 - - name: Setup Terraform - uses: hashicorp/setup-terraform@v2 - with: - cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} - terraform_wrapper: false - - name: Get AWS creds from Terraform remote state - id: aws-creds - run: | - cd ci/terraform - terraform init -input=false - terraform refresh 2>&1 >/dev/null - eval $(terraform output -json tyk-pump | jq -r 'to_entries[] | [.key,.value] | join("=")') - region=$(terraform output region | xargs) - [ -z "$key" -o -z "$secret" -o -z "$region" ] && exit 1 - echo "secret=$secret" >> $GITHUB_OUTPUT - echo "key=$key" >> $GITHUB_OUTPUT - echo "region=$region" >> $GITHUB_OUTPUT - - - name: Configure AWS credentials for use - uses: aws-actions/configure-aws-credentials@v1 + - uses: aws-actions/configure-aws-credentials@v2 with: - aws-access-key-id: ${{ steps.aws-creds.outputs.key }} - aws-secret-access-key: ${{ steps.aws-creds.outputs.secret }} - aws-region: ${{ steps.aws-creds.outputs.region }} + role-to-assume: arn:aws:iam::754489498669:role/ecr_rw_tyk + role-session-name: cipush + aws-region: eu-central-1 - name: Login to Amazon ECR id: login-ecr @@ -179,50 +159,36 @@ jobs: with: name: deb + - name: Docker metadata + id: metadata + uses: docker/metadata-action@v4 + with: + images: ${{ steps.login-ecr.outputs.registry }}/tyk-pump + flavor: | + latest=false + prefix=v + tags: | + type=semver,pattern=v{{version}} + type=semver,pattern=v{{major}}.{{minor}} + type=semver,pattern=v{{major}} + type=ref,event=branch + - uses: docker/setup-qemu-action@v2 - uses: docker/setup-buildx-action@v2 - name: CI build - uses: docker/build-push-action@v3 + uses: docker/build-push-action@v4 with: push: true context: "." file: ci/Dockerfile.std platforms: linux/amd64,linux/arm64 tags: | + ${{ steps.metadata.outputs.tags }} ${{ steps.login-ecr.outputs.registry }}/tyk-pump:${{ needs.goreleaser.outputs.tag }} ${{ steps.login-ecr.outputs.registry }}/tyk-pump:${{ github.sha }} - - name: Tell gromit about new build - id: gromit - run: | - # Remember to remove the true when TD-626 is fixed - curl -fsSL -H "Authorization: ${{secrets.GROMIT_TOKEN}}" 'https://domu-kun.cloud.tyk.io/gromit/newbuild' \ - -X POST -d '{ "repo": "${{ github.repository}}", "ref": "${{ github.ref }}", "sha": "${{ github.sha }}" }' || true - - - name: Tell integration channel - if: ${{ failure() }} - run: | - colour=bad - pretext=":boom: Could not add new build $${{ github.ref }} from ${{ github.repository }} to CD. Please review this run and correct it if needed. See https://github.com/TykTechnologies/tyk-ci/wiki/IntegrationEnvironment for what this is about." - curl https://raw.githubusercontent.com/rockymadden/slack-cli/master/src/slack -o /tmp/slack && chmod +x /tmp/slack - /tmp/slack chat send \ - --actions '{"type": "button", "style": "primary", "text": "See log", "url": "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"}' \ - --author 'Bender' \ - --author-icon 'https://hcoop.net/~alephnull/bender/bender-arms.jpg' \ - --author-link 'https://github.com/TykTechnologies/tyk-ci' \ - --channel '#service-integration' \ - --color $colour \ - --fields '{"title": "Repo", "value": "${{ github.repository }}", "short": false}' \ - --footer 'github-actions' \ - --footer-icon 'https://assets-cdn.github.com/images/modules/logos_page/Octocat.png' \ - --image 'https://assets-cdn.github.com/images/modules/logos_page/Octocat.png' \ - --pretext "$pretext" \ - --text 'Commit message: ${{ github.event.head_commit.message }}' \ - --title 'Failed to add new build for CD' \ - --title-link 'https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}' - sbom: needs: ci uses: TykTechnologies/github-actions/.github/workflows/sbom.yaml@main @@ -232,8 +198,12 @@ jobs: DEPDASH_KEY: ${{ secrets.DEPDASH_KEY }} ORG_GH_TOKEN: ${{ secrets.ORG_GH_TOKEN }} + upgrade-deb: - if: startsWith(github.ref, 'refs/tags') && !github.event.pull_request.draft + if: startsWith(github.ref, 'refs/tags') + services: + httpbin.org: + image: kennethreitz/httpbin runs-on: ubuntu-latest needs: goreleaser strategy: @@ -243,6 +213,7 @@ jobs: - amd64 - arm64 distro: + - ubuntu:jammy - ubuntu:bionic - ubuntu:focal - debian:bullseye @@ -271,7 +242,7 @@ jobs: ' > Dockerfile - name: install on ${{ matrix.distro }} - uses: docker/build-push-action@v3 + uses: docker/build-push-action@v4 with: context: "." platforms: linux/${{ matrix.arch }} @@ -279,13 +250,17 @@ jobs: push: false upgrade-rpm: - if: startsWith(github.ref, 'refs/tags') && !github.event.pull_request.draft + if: startsWith(github.ref, 'refs/tags') + services: + httpbin.org: + image: kennethreitz/httpbin needs: goreleaser runs-on: ubuntu-latest strategy: fail-fast: false matrix: distro: + - ubi9/ubi - ubi8/ubi steps: @@ -303,7 +278,7 @@ jobs: run: | echo 'FROM registry.access.redhat.com/${{ matrix.distro }} COPY tyk-pump*.x86_64.rpm /tyk-pump.rpm - RUN yum install -y curl + RUN yum install --allowerasing -y curl RUN curl -fsSL https://packagecloud.io/install/repositories/tyk/tyk-pump/script.rpm.sh | bash && yum install -y tyk-pump-1.6.0-1 RUN curl https://keyserver.tyk.io/tyk.io.rpm.signing.key.2020 -o tyk-pump.key && rpm --import tyk-pump.key RUN rpm --checksig tyk-pump.rpm @@ -311,14 +286,14 @@ jobs: ' > Dockerfile - name: install on ${{ matrix.distro }} - uses: docker/build-push-action@v3 + uses: docker/build-push-action@v4 with: context: "." file: Dockerfile push: false smoke-tests: - if: startsWith(github.ref, 'refs/tags') && !github.event.pull_request.draft + if: startsWith(github.ref, 'refs/tags') needs: - goreleaser runs-on: ubuntu-latest @@ -330,6 +305,8 @@ jobs: - name: Run tests shell: bash + env: + GITHUB_TAG: ${{ github.ref }} run: | set -eaxo pipefail if [ ! -d smoke-tests ]; then @@ -358,32 +335,3 @@ jobs: fi done - # AWS updates only for stable releases - aws-mktplace-byol: - if: ( 'a' == 'b' ) - runs-on: ubuntu-latest - needs: - - smoke-tests - strategy: - matrix: - flavour: - - al2 - - rhel - - steps: - - name: Checkout tyk-pump - uses: actions/checkout@v3 - with: - fetch-depth: 1 - - - uses: actions/download-artifact@v3 - with: - name: rpm - path: aws - - - name: Packer build - working-directory: ./ci/aws - run: | - export VERSION=${{ needs.goreleaser.outputs.tag }} - packer validate -var-file=${{ matrix.flavour }}.vars.json byol.pkr.hcl - packer build -var-file=${{ matrix.flavour }}.vars.json byol.pkr.hcl diff --git a/ci/Dockerfile.std b/ci/Dockerfile.std index 462deed07..cce463d35 100644 --- a/ci/Dockerfile.std +++ b/ci/Dockerfile.std @@ -1,6 +1,6 @@ # Generated by: gromit policy -# Generated on: Wed May 10 06:24:08 UTC 2023 +# Generated on: Wed Jul 26 08:25:03 UTC 2023 FROM debian:bullseye-slim ARG TARGETARCH diff --git a/ci/aws/byol.pkr.hcl b/ci/aws/byol.pkr.hcl index b8b5509f9..167d9afdf 100644 --- a/ci/aws/byol.pkr.hcl +++ b/ci/aws/byol.pkr.hcl @@ -1,6 +1,6 @@ # Generated by: gromit policy -# Generated on: Wed May 10 06:24:08 UTC 2023 +# Generated on: Wed Jul 26 08:25:03 UTC 2023 packer { required_plugins { diff --git a/ci/goreleaser/goreleaser.yml b/ci/goreleaser/goreleaser.yml index c2338c84e..d7666a2b4 100644 --- a/ci/goreleaser/goreleaser.yml +++ b/ci/goreleaser/goreleaser.yml @@ -1,5 +1,5 @@ # Generated by: gromit policy -# Generated on: Wed May 10 06:24:08 UTC 2023 +# Generated on: Wed Jul 26 08:25:03 UTC 2023 # Check the documentation at http://goreleaser.com # This project needs CGO_ENABLED=1 and the cross-compiler toolchains for @@ -17,60 +17,64 @@ builds: binary: tyk-pump dockers: -# Build tykio/tyk-pump-docker-pub, docker.tyk.io/tyk-pump/tyk-pump (amd64) -- ids: - - std - image_templates: - - "tykio/tyk-pump-docker-pub:{{ .Tag }}-amd64" - - "docker.tyk.io/tyk-pump/tyk-pump:{{ .Tag }}" - build_flag_templates: - - "--build-arg=PORTS=80" - - "--platform=linux/amd64" - - "--label=org.opencontainers.image.created={{.Date}}" - - "--label=org.opencontainers.image.title={{.ProjectName}}" - - "--label=org.opencontainers.image.revision={{.FullCommit}}" - - "--label=org.opencontainers.image.version={{.Version}}" - use: buildx - goarch: amd64 - goos: linux - dockerfile: ci/Dockerfile.std - extra_files: - - "ci/install/" - - "README.md" - - "LICENSE.md" - - "pump.example.conf" -# Build tykio/tyk-pump-docker-pub, docker.tyk.io/tyk-pump/tyk-pump (arm64) -- ids: - - std - image_templates: - - "tykio/tyk-pump-docker-pub:{{ .Tag }}-arm64" - - "docker.tyk.io/tyk-pump/tyk-pump:{{ .Tag }}-arm64" - build_flag_templates: - - "--build-arg=PORTS=80" - - "--platform=linux/arm64" - - "--label=org.opencontainers.image.created={{.Date}}" - - "--label=org.opencontainers.image.title={{.ProjectName}}" - - "--label=org.opencontainers.image.revision={{.FullCommit}}" - - "--label=org.opencontainers.image.version={{.Version}}" - use: buildx - goarch: arm64 - goos: linux - dockerfile: ci/Dockerfile.std - extra_files: - - "ci/install/" - - "README.md" - - "LICENSE.md" - - "pump.example.conf" - + # Build tykio/tyk-pump-docker-pub, docker.tyk.io/tyk-pump/tyk-pump (amd64) + - ids: + - std + image_templates: + - "tykio/tyk-pump-docker-pub:{{ .Tag }}-amd64" + - "docker.tyk.io/tyk-pump/tyk-pump:{{ .Tag }}-amd64" + build_flag_templates: + - "--build-arg=PORTS=80" + - "--platform=linux/amd64" + - "--label=org.opencontainers.image.created={{.Date}}" + - "--label=org.opencontainers.image.title={{.ProjectName}}" + - "--label=org.opencontainers.image.revision={{.FullCommit}}" + - "--label=org.opencontainers.image.version={{.Version}}" + use: buildx + goarch: amd64 + goos: linux + dockerfile: ci/Dockerfile.std + extra_files: + - "ci/install/" + - "README.md" + - "LICENSE.md" + - "pump.example.conf" + # Build tykio/tyk-pump-docker-pub, docker.tyk.io/tyk-pump/tyk-pump (arm64) + - ids: + - std + image_templates: + - "tykio/tyk-pump-docker-pub:{{ .Tag }}-arm64" + - "docker.tyk.io/tyk-pump/tyk-pump:{{ .Tag }}-arm64" + build_flag_templates: + - "--build-arg=PORTS=80" + - "--platform=linux/arm64" + - "--label=org.opencontainers.image.created={{.Date}}" + - "--label=org.opencontainers.image.title={{.ProjectName}}" + - "--label=org.opencontainers.image.revision={{.FullCommit}}" + - "--label=org.opencontainers.image.version={{.Version}}" + use: buildx + goarch: arm64 + goos: linux + dockerfile: ci/Dockerfile.std + extra_files: + - "ci/install/" + - "README.md" + - "LICENSE.md" + - "pump.example.conf" + docker_manifests: - name_template: tykio/tyk-pump-docker-pub:{{ .Tag }} image_templates: - - tykio/tyk-pump-docker-pub:{{ .Tag }}-amd64 - - tykio/tyk-pump-docker-pub:{{ .Tag }}-arm64 + - tykio/tyk-pump-docker-pub:{{ .Tag }}-amd64 + - tykio/tyk-pump-docker-pub:{{ .Tag }}-arm64 - name_template: tykio/tyk-pump-docker-pub:v{{ .Major }}.{{ .Minor }}{{.Prerelease}} image_templates: - - tykio/tyk-pump-docker-pub:{{ .Tag }}-amd64 - - tykio/tyk-pump-docker-pub:{{ .Tag }}-arm64 + - tykio/tyk-pump-docker-pub:{{ .Tag }}-amd64 + - tykio/tyk-pump-docker-pub:{{ .Tag }}-arm64 + - name_template: docker.tyk.io/tyk-pump/tyk-pump:{{ .Tag }} + image_templates: + - docker.tyk.io/tyk-pump/tyk-pump:{{ .Tag }}-amd64 + - docker.tyk.io/tyk-pump/tyk-pump:{{ .Tag }}-arm64 nfpms: - id: std @@ -79,6 +83,7 @@ nfpms: maintainer: "Tyk " description: Tyk Analytics Pump to move analytics data from Redis to any supported back end (multiple back ends can be written to at once). package_name: tyk-pump + file_name_template: "{{ .ConventionalFileName }}" builds: - std formats: @@ -103,17 +108,6 @@ nfpms: postinstall: "ci/install/post_install.sh" postremove: "ci/install/post_remove.sh" bindir: "/opt/tyk-pump" - overrides: - rpm: - file_name_template: '{{ .PackageName }}-{{ replace .Version "-" "~" }}-1.{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}{{ if .Mips }}_{{ .Mips }}{{ end }}' - replacements: - amd64: x86_64 - arm: aarch64 - arm64: aarch64 - deb: - file_name_template: '{{ .PackageName }}_{{ replace .Version "-" "~" }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}{{ if .Mips }}_{{ .Mips }}{{ end }}' - replacements: - arm: arm64 rpm: scripts: posttrans: ci/install/post_trans.sh @@ -133,17 +127,6 @@ publishers: - DEBVERS={{ .Env.DEBVERS }} cmd: /pc.sh {{ .ArtifactPath }} -archives: -- id: std-linux - builds: - - std - files: - - README.md - - "ci/install/*" - - "LICENSE.md" - - CHANGELOG.md - - pump.example.conf - checksum: disable: true diff --git a/ci/install/before_install.sh b/ci/install/before_install.sh index bc736fbbb..6b30c85a1 100755 --- a/ci/install/before_install.sh +++ b/ci/install/before_install.sh @@ -1,7 +1,7 @@ #!/bin/bash # Generated by: gromit policy -# Generated on: Wed May 10 06:24:08 UTC 2023 +# Generated on: Wed Jul 26 08:25:03 UTC 2023 echo "Creating user and group..." GROUPNAME="tyk" diff --git a/ci/install/post_install.sh b/ci/install/post_install.sh index ce08381ca..ea03d859c 100755 --- a/ci/install/post_install.sh +++ b/ci/install/post_install.sh @@ -2,7 +2,7 @@ # Generated by: gromit policy -# Generated on: Wed May 10 06:24:08 UTC 2023 +# Generated on: Wed Jul 26 08:25:03 UTC 2023 # If "True" the install directory ownership will be changed to "tyk:tyk" change_ownership="True" diff --git a/ci/install/post_remove.sh b/ci/install/post_remove.sh index e8745fabe..016299b1f 100755 --- a/ci/install/post_remove.sh +++ b/ci/install/post_remove.sh @@ -1,7 +1,7 @@ #!/bin/sh # Generated by: gromit policy -# Generated on: Wed May 10 06:24:08 UTC 2023 +# Generated on: Wed Jul 26 08:25:03 UTC 2023 cleanRemove() { diff --git a/ci/install/post_trans.sh b/ci/install/post_trans.sh index 213b898a3..0ccb92d6d 100644 --- a/ci/install/post_trans.sh +++ b/ci/install/post_trans.sh @@ -1,7 +1,7 @@ #!/bin/sh # Generated by: gromit policy -# Generated on: Wed May 10 06:24:08 UTC 2023 +# Generated on: Wed Jul 26 08:25:03 UTC 2023 if command -V systemctl >/dev/null 2>&1; then if [ ! -f /lib/systemd/system/tyk-pump.service ]; then