Skip to content

tyk-identity-broker/master SYSE-288/Final Phase: Turning off old pipelines in favour of new pipeline #601

tyk-identity-broker/master SYSE-288/Final Phase: Turning off old pipelines in favour of new pipeline

tyk-identity-broker/master SYSE-288/Final Phase: Turning off old pipelines in favour of new pipeline #601

Workflow file for this run

# Generated by: gromit policy
# Generated on: Tue Nov 21 14:33:30 UTC 2023
# Distribution channels covered by this workflow
# - Ubuntu and Debian
# - RHEL and AL
# - docker hub
# - devenv ECR
# - Cloudsmith
name: Release
on:
pull_request:
push:
branches:
- master
- release-**
tags:
- 'v*'
env:
GOPRIVATE: github.com/TykTechnologies
jobs:
goreleaser:
name: '${{ matrix.golang_cross }}'
runs-on: ubuntu-latest
container: 'tykio/golang-cross:${{ matrix.golang_cross }}'
permissions:
id-token: write # AWS OIDC JWT
contents: read # actions/checkout
strategy:
fail-fast: false
matrix:
golang_cross:
- 1.19-bullseye
include:
- golang_cross: 1.19-bullseye
goreleaser: 'ci/goreleaser/goreleaser.yml'
cgo: 0
rpmvers: 'el/7 el/8 el/9 amazon/2 amazon/2023'
debvers: 'ubuntu/xenial ubuntu/bionic ubuntu/focal ubuntu/jammy debian/jessie debian/buster debian/bullseye debian/bookworm'
outputs:
tags: ${{ steps.metadata.outputs.tags }}
steps:
- name: Fix private module deps
env:
TOKEN: '${{ secrets.ORG_GH_TOKEN }}'
run: >
git config --global url."https://${TOKEN}@github.com".insteadOf "https://github.com"
- name: Checkout of tyk-identity-broker
uses: actions/checkout@v4
with:
fetch-depth: 1
- name: "Add Git safe.directory"
run: git config --global --add safe.directory $GITHUB_WORKSPACE
- uses: docker/setup-qemu-action@v3
- uses: docker/setup-buildx-action@v3
- name: Login to DockerHub
if: startsWith(github.ref, 'refs/tags')
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Login to Cloudsmith
if: startsWith(github.ref, 'refs/tags')
uses: docker/login-action@v3
with:
registry: docker.tyk.io
username: ${{ secrets.CLOUDSMITH_USERNAME }}
password: ${{ secrets.CLOUDSMITH_API_KEY }}
- name: Unlock agent
env:
NFPM_STD_PASSPHRASE: ${{ secrets.SIGNING_KEY_PASSPHRASE }}
GPG_FINGERPRINT: 12B5D62C28F57592D1575BD51ED14C59E37DAC20
PKG_SIGNING_KEY: ${{ secrets.SIGNING_KEY }}
run:
ci/bin/unlock-agent.sh
- uses: actions/cache@v3
with:
path: |
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
- uses: goreleaser/goreleaser-action@v4
with:
version: latest
args: release --clean -f ${{ matrix.goreleaser }} ${{ !startsWith(github.ref, 'refs/tags/') && ' --snapshot' || '' }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
CGO_ENABLED: ${{ matrix.cgo }}
NFPM_STD_PASSPHRASE: ${{ secrets.SIGNING_KEY_PASSPHRASE }}
NFPM_PAYG_PASSPHRASE: ${{ secrets.SIGNING_KEY_PASSPHRASE }}
GPG_FINGERPRINT: 12B5D62C28F57592D1575BD51ED14C59E37DAC20
PKG_SIGNING_KEY: ${{ secrets.SIGNING_KEY }}
GOLANG_CROSS: ${{ matrix.golang_cross }}
DEBVERS: ${{ matrix.debvers }}
RPMVERS: ${{ matrix.rpmvers }}
PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
- uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::754489498669:role/ecr_rw_tyk
role-session-name: cipush
aws-region: eu-central-1
# Don't mask to pass it across job boundaries
mask-aws-account-id: false
- uses: aws-actions/amazon-ecr-login@v1
id: ecr
with:
mask-password: 'true'
- name: Docker metadata for CI
id: metadata
uses: docker/metadata-action@v5
with:
images: ${{ steps.ecr.outputs.registry }}/tyk-identity-broker
flavor: |
latest=false
tags: |
type=ref,event=branch
type=ref,event=pr
type=sha,format=long
type=semver,pattern=v{{major}}.{{minor}},prefix=v
type=semver,pattern=v{{version}},prefix=v
- name: CI push
shell: bash
env:
t: ${{ steps.metadata.outputs.tags }}
build_tag: ${{ startswith(github.ref, 'refs/tags') && github.ref_name || 'v0.0.0' }}
run: |
set +e
IFS=$'\n' tags=($t)
for tag in "${tags[@]}"; do
for arch in amd64 arm64; do
docker tag tykio/tyk-identity-broker:${build_tag}-${arch} ${tag}-${arch} && docker push ${tag}-${arch}
done
docker manifest create ${tag} ${tag}-amd64 ${tag}-arm64 && docker manifest push ${tag}
done
- uses: actions/upload-artifact@v3
if: ${{ matrix.golang_cross == '1.19-bullseye' }}
with:
name: deb
retention-days: 1
path: |
dist/*.deb
!dist/*PAYG*.deb
- uses: actions/upload-artifact@v3
if: ${{ matrix.golang_cross == '1.19-bullseye' }}
with:
name: rpm
retention-days: 1
path: |
dist/*.rpm
!dist/*PAYG*.rpm
upgrade-deb:
if: startsWith(github.ref, 'refs/tags')
services:
httpbin.org:
image: kennethreitz/httpbin
runs-on: ubuntu-latest
needs: goreleaser
strategy:
fail-fast: false
matrix:
arch:
- amd64
- arm64
distro:
- ubuntu:bionic
- ubuntu:focal
- ubuntu:jammy
- debian:bullseye
- debian:bookworm
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 1
- uses: actions/download-artifact@v3
with:
name: deb
- uses: docker/setup-qemu-action@v3
- uses: docker/setup-buildx-action@v3
- name: generate dockerfile
run: |
echo 'FROM ${{ matrix.distro }}
ARG TARGETARCH
COPY tyk-identity-broker*_${TARGETARCH}.deb /tyk-identity-broker.deb
RUN apt-get update && apt-get install -y curl
RUN curl -fsSL https://packagecloud.io/install/repositories/tyk/tyk-identity-broker/script.deb.sh | bash && apt-get install -y tyk-identity-broker=1.1.0
RUN dpkg -i tyk-identity-broker.deb
' > Dockerfile
- name: install on ${{ matrix.distro }}
uses: docker/build-push-action@v5
with:
context: "."
platforms: linux/${{ matrix.arch }}
file: Dockerfile
push: false
upgrade-rpm:
if: startsWith(github.ref, 'refs/tags')
services:
httpbin.org:
image: kennethreitz/httpbin
needs: goreleaser
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
distro:
- amazonlinux:2023
- registry.access.redhat.com/ubi8/ubi
- registry.access.redhat.com/ubi9/ubi
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 1
- uses: actions/download-artifact@v3
with:
name: rpm
- uses: docker/setup-buildx-action@v3
- name: generate dockerfile
run: |
echo 'FROM ${{ matrix.distro }}
COPY tyk-identity-broker*.x86_64.rpm /tyk-identity-broker.rpm
RUN yum install --allowerasing -y curl
RUN curl -fsSL https://packagecloud.io/install/repositories/tyk/tyk-identity-broker/script.rpm.sh | bash && yum install -y tyk-identity-broker-1.1.0-1
RUN curl https://keyserver.tyk.io/tyk.io.rpm.signing.key.2020 -o tyk-identity-broker.key && rpm --import tyk-identity-broker.key
RUN rpm --checksig tyk-identity-broker.rpm
RUN rpm -Uvh --force tyk-identity-broker.rpm
' > Dockerfile
- name: install on ${{ matrix.distro }}
uses: docker/build-push-action@v5
with:
context: "."
file: Dockerfile
push: false
smoke-tests:
needs:
- goreleaser
permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 1
- uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: arn:aws:iam::754489498669:role/ecr_rw_tyk
role-session-name: cipush
aws-region: eu-central-1
- id: ecr
uses: aws-actions/amazon-ecr-login@v1
with:
mask-password: 'true'
- name: Run ci/tests
shell: bash
env:
GITHUB_TAG: ${{ github.ref }} /* mdcb or dash */
run: |
set -eaxo pipefail
if [ ! -d smoke-tests ]; then
echo "::warning No repo specific smoke tests defined"
fi
if [ ! -d ci/tests ]; then
echo "::warning No ci tests defined"
exit 0
fi
for d in ci/tests/*/
do
echo Attempting to test $d
if [ -d $d ] && [ -e $d/test.sh ]; then
cd $d
./test.sh ${{ steps.ecr.outputs.registry }}/{{ .Name }}:sha-${{ github.sha }}
cd -
fi
done
for d in smoke-tests/*/
do
echo Attempting to test $d
if [ -d $d ] && [ -e $d/test.sh ]; then
cd $d
./test.sh ${{ steps.ecr.outputs.registry }}/{{ .Name }}:sha-${{ github.sha }}
cd -
fi
done
sbom:
needs: goreleaser
uses: TykTechnologies/github-actions/.github/workflows/sbom.yaml@main
secrets:
DEPDASH_URL: ${{ secrets.DEPDASH_URL }}
DEPDASH_KEY: ${{ secrets.DEPDASH_KEY }}
ORG_GH_TOKEN: ${{ secrets.ORG_GH_TOKEN }}