Auto generated from templates by gromit (#693)

Co-authored-by: Gromit <policy@gromit>
TykTechnologies · Jul 26, 2023 · 3a75c64 · 3a75c64
1 parent 0d605ee
commit 3a75c64
Show file tree

Hide file tree

Showing 9 changed files with 112 additions and 176 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -1,6 +1,6 @@
 
 # Generated by: gromit policy
-# Generated on: Wed May 10 06:24:08 UTC 2023
+# Generated on: Wed Jul 26 09:33:14 UTC 2023
 
 version: 2
 updates:

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -1,15 +1,12 @@
-
 # Generated by: gromit policy
-# Generated on: Wed May 10 06:24:08 UTC 2023
-
+# Generated on: Wed Jul 26 09:33:14 UTC 2023
 
 # Distribution channels covered by this workflow
 # - Ubuntu and Debian
-# - RHEL/OL
-# - tarballs
+# - RHEL and AL
 # - docker hub
 # - devenv ECR
-# - AWS mktplace
+# - AWS mktplace (not active atm)
 # - Cloudsmith
 
 name: Release
@@ -35,11 +32,11 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        golang_cross: [1.19-bullseye]
+        golang_cross: [ 1.19-bullseye ]
         include:
           - golang_cross: 1.19-bullseye
             goreleaser: 'ci/goreleaser/goreleaser.yml' 
-            rpmvers: ' el/7 el/8 el/9'
+            rpmvers: 'el/7 el/8 el/9 amazon/2 amazon/2023'
             debvers: 'ubuntu/xenial ubuntu/bionic ubuntu/focal ubuntu/jammy debian/jessie debian/buster debian/bullseye'
     outputs:
       tag: ${{ steps.targets.outputs.tag }}
@@ -106,7 +103,7 @@ jobs:
 
       - uses: goreleaser/goreleaser-action@v4
         with:
-          version: 1.18.2
+          version: latest
           args: release --clean -f ${{ matrix.goreleaser }} ${{ !startsWith(github.ref, 'refs/tags/') && ' --snapshot' || '' }}
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -119,7 +116,6 @@ jobs:
           DEBVERS: ${{ matrix.debvers }}
           RPMVERS: ${{ matrix.rpmvers }}
           PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
-
       - uses: actions/upload-artifact@v3
         with:
           name: deb
@@ -139,37 +135,21 @@ jobs:
     needs:
       - goreleaser
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write   # This is required for requesting the JWT
+      contents: read    # This is required for actions/checkout
 
     steps:
       - name: Shallow checkout of tyk-pump
         uses: actions/checkout@v3
         with:
           fetch-depth: 1
-      - name: Setup Terraform
-        uses: hashicorp/setup-terraform@v2
-        with:
-          cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
-          terraform_wrapper: false
 
-      - name: Get AWS creds from Terraform remote state
-        id: aws-creds
-        run: |
-          cd ci/terraform
-          terraform init -input=false
-          terraform refresh 2>&1 >/dev/null
-          eval $(terraform output -json tyk-pump | jq -r 'to_entries[] | [.key,.value] | join("=")')
-          region=$(terraform output region | xargs)
-          [ -z "$key" -o -z "$secret" -o -z "$region" ] && exit 1
-          echo "secret=$secret" >> $GITHUB_OUTPUT
-          echo "key=$key" >> $GITHUB_OUTPUT
-          echo "region=$region" >> $GITHUB_OUTPUT
-
-      - name: Configure AWS credentials for use
-        uses: aws-actions/configure-aws-credentials@v1
+      - uses: aws-actions/configure-aws-credentials@v2
         with:
-          aws-access-key-id: ${{ steps.aws-creds.outputs.key }}
-          aws-secret-access-key: ${{ steps.aws-creds.outputs.secret }}
-          aws-region: ${{ steps.aws-creds.outputs.region }}
+          role-to-assume: arn:aws:iam::754489498669:role/ecr_rw_tyk
+          role-session-name: cipush
+          aws-region: eu-central-1
 
       - name: Login to Amazon ECR
         id: login-ecr
@@ -179,50 +159,36 @@ jobs:
         with:
           name: deb
 
+      - name: Docker metadata
+        id: metadata
+        uses: docker/metadata-action@v4
+        with:
+          images: ${{ steps.login-ecr.outputs.registry }}/tyk-pump
+          flavor: |
+            latest=false
+            prefix=v
+          tags: |
+              type=semver,pattern=v{{version}}
+              type=semver,pattern=v{{major}}.{{minor}}
+              type=semver,pattern=v{{major}}
+              type=ref,event=branch
+
       - uses: docker/setup-qemu-action@v2
 
       - uses: docker/setup-buildx-action@v2
 
       - name: CI build
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v4
         with:
           push: true
           context: "."
           file: ci/Dockerfile.std
           platforms: linux/amd64,linux/arm64
           tags: |
+            ${{ steps.metadata.outputs.tags }}
             ${{ steps.login-ecr.outputs.registry }}/tyk-pump:${{ needs.goreleaser.outputs.tag }}
             ${{ steps.login-ecr.outputs.registry }}/tyk-pump:${{ github.sha }}
 
-      - name: Tell gromit about new build
-        id: gromit
-        run: |
-          # Remember to remove the true when TD-626 is fixed
-          curl -fsSL -H "Authorization: ${{secrets.GROMIT_TOKEN}}" 'https://domu-kun.cloud.tyk.io/gromit/newbuild' \
-                 -X POST -d '{ "repo": "${{ github.repository}}", "ref": "${{ github.ref }}", "sha": "${{ github.sha }}" }' || true
-
-      - name: Tell integration channel
-        if: ${{ failure() }}
-        run: |
-          colour=bad
-          pretext=":boom: Could not add new build $${{ github.ref }} from ${{ github.repository }} to CD. Please review this run and correct it if needed. See https://github.com/TykTechnologies/tyk-ci/wiki/IntegrationEnvironment for what this is about."
-          curl https://raw.githubusercontent.com/rockymadden/slack-cli/master/src/slack -o /tmp/slack && chmod +x /tmp/slack
-          /tmp/slack chat send \
-          --actions '{"type": "button", "style": "primary", "text": "See log", "url": "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"}' \
-          --author 'Bender' \
-          --author-icon 'https://hcoop.net/~alephnull/bender/bender-arms.jpg' \
-          --author-link 'https://github.com/TykTechnologies/tyk-ci' \
-          --channel '#service-integration' \
-          --color $colour \
-          --fields '{"title": "Repo", "value": "${{ github.repository }}", "short": false}' \
-          --footer 'github-actions' \
-          --footer-icon 'https://assets-cdn.github.com/images/modules/logos_page/Octocat.png' \
-          --image 'https://assets-cdn.github.com/images/modules/logos_page/Octocat.png' \
-          --pretext "$pretext" \
-          --text 'Commit message: ${{ github.event.head_commit.message }}' \
-          --title 'Failed to add new build for CD' \
-          --title-link 'https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}'
-
   sbom:
     needs: ci
     uses: TykTechnologies/github-actions/.github/workflows/sbom.yaml@main
@@ -232,8 +198,12 @@ jobs:
       DEPDASH_KEY: ${{ secrets.DEPDASH_KEY }}
       ORG_GH_TOKEN: ${{ secrets.ORG_GH_TOKEN }}
 
+
   upgrade-deb:
-    if: startsWith(github.ref, 'refs/tags') && !github.event.pull_request.draft
+    if: startsWith(github.ref, 'refs/tags')
+    services:
+      httpbin.org:
+        image: kennethreitz/httpbin
     runs-on: ubuntu-latest
     needs: goreleaser
     strategy:
@@ -243,6 +213,7 @@ jobs:
           - amd64
           - arm64
         distro:
+          - ubuntu:jammy
           - ubuntu:bionic
           - ubuntu:focal
           - debian:bullseye
@@ -271,21 +242,25 @@ jobs:
           ' > Dockerfile
 
       - name: install on ${{ matrix.distro }}
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v4
         with:
           context: "."
           platforms: linux/${{ matrix.arch }}
           file: Dockerfile
           push: false
 
   upgrade-rpm:
-    if: startsWith(github.ref, 'refs/tags') && !github.event.pull_request.draft
+    if: startsWith(github.ref, 'refs/tags')
+    services:
+      httpbin.org:
+        image: kennethreitz/httpbin
     needs: goreleaser
     runs-on: ubuntu-latest
     strategy:
       fail-fast: false
       matrix:
         distro:
+          - ubi9/ubi
           - ubi8/ubi
 
     steps:
@@ -303,22 +278,22 @@ jobs:
         run: |
           echo 'FROM registry.access.redhat.com/${{ matrix.distro }}
           COPY tyk-pump*.x86_64.rpm /tyk-pump.rpm
-          RUN yum install -y curl
+          RUN yum install --allowerasing -y curl
           RUN curl -fsSL https://packagecloud.io/install/repositories/tyk/tyk-pump/script.rpm.sh | bash && yum install -y tyk-pump-1.6.0-1
           RUN curl https://keyserver.tyk.io/tyk.io.rpm.signing.key.2020 -o tyk-pump.key && rpm --import tyk-pump.key
           RUN rpm --checksig tyk-pump.rpm
           RUN rpm -Uvh --force tyk-pump.rpm
           ' > Dockerfile
 
       - name: install on ${{ matrix.distro }}
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v4
         with:
           context: "."
           file: Dockerfile
           push: false
 
   smoke-tests:
-    if: startsWith(github.ref, 'refs/tags') && !github.event.pull_request.draft
+    if: startsWith(github.ref, 'refs/tags')
     needs:
       - goreleaser
     runs-on: ubuntu-latest
@@ -330,6 +305,8 @@ jobs:
 
       - name: Run tests
         shell: bash
+        env:
+          GITHUB_TAG: ${{ github.ref }}
         run: |
           set -eaxo pipefail
           if [ ! -d smoke-tests ]; then
@@ -358,32 +335,3 @@ jobs:
               fi
           done
 
-  # AWS updates only for stable releases
-  aws-mktplace-byol:
-    if: ( 'a' == 'b' )
-    runs-on: ubuntu-latest
-    needs:
-      - smoke-tests
-    strategy:
-      matrix:
-        flavour:
-          - al2
-          - rhel
-
-    steps:
-      - name: Checkout tyk-pump
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: 1
-
-      - uses: actions/download-artifact@v3
-        with:
-          name: rpm
-          path: aws
-
-      - name: Packer build
-        working-directory: ./ci/aws
-        run: |
-          export VERSION=${{ needs.goreleaser.outputs.tag }}
-          packer validate -var-file=${{ matrix.flavour }}.vars.json byol.pkr.hcl
-          packer build -var-file=${{ matrix.flavour }}.vars.json byol.pkr.hcl
diff --git a/ci/Dockerfile.std b/ci/Dockerfile.std
@@ -1,6 +1,6 @@
 
 # Generated by: gromit policy
-# Generated on: Wed May 10 06:24:08 UTC 2023
+# Generated on: Wed Jul 26 09:33:14 UTC 2023
 
 FROM debian:bullseye-slim
 ARG TARGETARCH

diff --git a/ci/aws/byol.pkr.hcl b/ci/aws/byol.pkr.hcl
@@ -1,6 +1,6 @@
 
 # Generated by: gromit policy
-# Generated on: Wed May 10 06:24:08 UTC 2023
+# Generated on: Wed Jul 26 09:33:14 UTC 2023
 
 packer {
   required_plugins {