Merging to release-5.2: [TT-13819] Benchmark updates, session limiter workaround for test goroutine leak (#6826) #17738
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Generated by: gromit policy | |
| # Generated on: Tue Aug 15 10:02:46 UTC 2023 | |
| # Distribution channels covered by this workflow | |
| # - Ubuntu and Debian | |
| # - RHEL and AL | |
| # - docker hub | |
| # - devenv ECR | |
| # - AWS mktplace (not active atm) | |
| # - Cloudsmith | |
| name: Release | |
| on: | |
| pull_request: | |
| push: | |
| branches: | |
| - master | |
| - release-** | |
| tags: | |
| - 'v*' | |
| env: | |
| SLACK_CLI_TOKEN: ${{ secrets.BENDER_TOKEN }} | |
| GOPRIVATE: github.com/TykTechnologies | |
| jobs: | |
| goreleaser: | |
| name: '${{ matrix.golang_cross }}' | |
| runs-on: ubuntu-latest | |
| container: 'tykio/golang-cross:${{ matrix.golang_cross }}' | |
| permissions: | |
| id-token: write # AWS OIDC JWT | |
| contents: read # actions/checkout | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| golang_cross: [ 1.19-bullseye ] | |
| include: | |
| - golang_cross: 1.19-bullseye | |
| goreleaser: 'ci/goreleaser/goreleaser.yml' | |
| rpmvers: 'el/8 el/9 amazon/2023' | |
| debvers: 'ubuntu/bionic ubuntu/focal ubuntu/jammy debian/buster debian/bullseye debian/bookworm' | |
| outputs: | |
| tags: ${{ steps.metadata.outputs.tags }} | |
| steps: | |
| - name: Fix private module deps | |
| env: | |
| TOKEN: '${{ secrets.ORG_GH_TOKEN }}' | |
| run: > | |
| git config --global url."https://${TOKEN}@github.com".insteadOf "https://github.com" | |
| - name: Checkout of tyk | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 1 | |
| - name: "Add Git safe.directory" | |
| run: git config --global --add safe.directory $GITHUB_WORKSPACE | |
| - uses: docker/setup-qemu-action@v2 | |
| - uses: docker/setup-buildx-action@v2 | |
| - name: Login to DockerHub | |
| if: startsWith(github.ref, 'refs/tags') | |
| uses: docker/login-action@v2 | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| - name: Login to Cloudsmith | |
| if: startsWith(github.ref, 'refs/tags') | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: docker.tyk.io | |
| username: ${{ secrets.CLOUDSMITH_USERNAME }} | |
| password: ${{ secrets.CLOUDSMITH_API_KEY }} | |
| - name: Unlock agent | |
| env: | |
| NFPM_STD_PASSPHRASE: ${{ secrets.SIGNING_KEY_PASSPHRASE }} | |
| GPG_FINGERPRINT: 12B5D62C28F57592D1575BD51ED14C59E37DAC20 | |
| PKG_SIGNING_KEY: ${{ secrets.SIGNING_KEY }} | |
| run: | |
| ci/bin/unlock-agent.sh | |
| - uses: actions/cache@v3 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
| restore-keys: | | |
| ${{ runner.os }}-go- | |
| - uses: goreleaser/goreleaser-action@v4 | |
| with: | |
| version: latest | |
| args: release --clean -f ${{ matrix.goreleaser }} ${{ !startsWith(github.ref, 'refs/tags/') && ' --snapshot' || '' }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| CGO_ENABLED: 1 | |
| NFPM_STD_PASSPHRASE: ${{ secrets.SIGNING_KEY_PASSPHRASE }} | |
| NFPM_PAYG_PASSPHRASE: ${{ secrets.SIGNING_KEY_PASSPHRASE }} | |
| GPG_FINGERPRINT: 12B5D62C28F57592D1575BD51ED14C59E37DAC20 | |
| PKG_SIGNING_KEY: ${{ secrets.SIGNING_KEY }} | |
| GO_VERSION: ${{ matrix.go_version }} | |
| GOLANG_CROSS: ${{ matrix.golang_cross }} | |
| DEBVERS: ${{ matrix.debvers }} | |
| RPMVERS: ${{ matrix.rpmvers }} | |
| PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }} | |
| DOCKER_CLI_EXPERIMENTAL: "enabled" | |
| - uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| role-to-assume: arn:aws:iam::754489498669:role/ecr_rw_tyk | |
| role-session-name: cipush | |
| aws-region: eu-central-1 | |
| # Don't mask to pass it across job boundaries | |
| mask-aws-account-id: false | |
| - uses: aws-actions/amazon-ecr-login@v1 | |
| id: ecr | |
| with: | |
| mask-password: 'true' | |
| - name: Docker metadata for CI | |
| id: metadata | |
| uses: docker/metadata-action@v4 | |
| with: | |
| images: ${{ steps.ecr.outputs.registry }}/tyk | |
| flavor: | | |
| latest=false | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=pr | |
| type=sha,format=long | |
| type=semver,pattern=v{{major}}.{{minor}},prefix=v | |
| type=semver,pattern=v{{version}},prefix=v | |
| - name: CI push | |
| if: ${{ matrix.golang_cross == '1.19-bullseye' }} | |
| shell: bash | |
| env: | |
| t: ${{ steps.metadata.outputs.tags }} | |
| build_tag: ${{ startswith(github.ref, 'refs/tags') && github.ref_name || 'v0.0.0' }} | |
| run: | | |
| set +e | |
| IFS=$'\n' tags=($t) | |
| for tag in "${tags[@]}"; do | |
| for arch in amd64 arm64; do | |
| docker tag tykio/tyk-gateway:${build_tag}-${arch} ${tag}-${arch} && docker push ${tag}-${arch} | |
| done | |
| docker manifest create ${tag} ${tag}-amd64 ${tag}-arm64 && docker manifest push ${tag} | |
| done | |
| - uses: actions/upload-artifact@v3 | |
| with: | |
| name: deb | |
| retention-days: 1 | |
| path: | | |
| dist/*.deb | |
| !dist/*PAYG*.deb | |
| - uses: actions/upload-artifact@v3 | |
| with: | |
| name: rpm | |
| retention-days: 1 | |
| path: | | |
| dist/*.rpm | |
| !dist/*PAYG*.rpm | |
| sbom: | |
| needs: goreleaser | |
| uses: TykTechnologies/github-actions/.github/workflows/sbom.yaml@main | |
| secrets: | |
| TF_API_TOKEN: ${{ secrets.TF_API_TOKEN }} | |
| DEPDASH_URL: ${{ secrets.DEPDASH_URL }} | |
| DEPDASH_KEY: ${{ secrets.DEPDASH_KEY }} | |
| ORG_GH_TOKEN: ${{ secrets.ORG_GH_TOKEN }} | |
| api-tests: | |
| needs: goreleaser | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write # This is required for requesting the JWT | |
| contents: read # This is required for actions/checkout | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| conf: [ "sha256", "murmur64" ] | |
| db: [ "mongo44", "postgres15" ] | |
| include: | |
| - db: postgres15 | |
| markers: "and not sql" | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 1 | |
| - uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| role-to-assume: arn:aws:iam::754489498669:role/ecr_rw_tyk | |
| role-session-name: cipush | |
| aws-region: eu-central-1 | |
| - id: ecr | |
| uses: aws-actions/amazon-ecr-login@v1 | |
| with: | |
| mask-password: 'true' | |
| # Only ${{ github.actor }} has access | |
| # See https://github.com/mxschmitt/action-tmate#use-registered-public-ssh-keys | |
| - name: Setup tmate session only in debug mode | |
| uses: mxschmitt/action-tmate@v3 | |
| if: ${{ runner.debug == '1' }} | |
| with: | |
| detached: true | |
| limit-access-to-actor: true | |
| - name: env up | |
| shell: bash | |
| working-directory: ci/auto | |
| env: | |
| t: ${{ needs.goreleaser.outputs.tags }} | |
| TYK_DB_LICENSEKEY: ${{ secrets.DASH_LICENSE }} | |
| TYK_MDCB_LICENSE: ${{ secrets.MDCB_LICENSE }} | |
| run: | | |
| echo CI tags: $t | |
| tags=($t) | |
| echo First tag: ${tags[0]} | |
| echo "registry=${{ steps.ecr.outputs.registry }} | |
| tyk_image=\${registry}/tyk:${{ startsWith(github.ref_name, 'release-') && github.ref_name || 'master' }} | |
| tyk_analytics_image=\${registry}/tyk-analytics:${{ startsWith(github.ref_name, 'release-') && github.ref_name || 'master' }} | |
| tyk_sink_image=\${registry}/tyk-sink:${{ startsWith(github.ref_name, 'release-') && github.ref_name || 'master' }} | |
| tyk_pump_image=\${registry}/tyk-pump:${{ startsWith(github.ref_name, 'release-') && github.ref_name || 'master' }} | |
| # override default with just built tag | |
| tyk_image=${tags[0]} | |
| # base dir for config files | |
| confs_dir=./pro | |
| # overrides via envvars | |
| env_file=local-${{ matrix.db }}.env | |
| " > versions.env | |
| # Add Tyk component config variations to $env_file | |
| cat confs/${{ matrix.conf }}.env >> local-${{ matrix.db }}.env | |
| # bring up env | |
| docker compose -f pro.yml -f deps.yml -f ${{ matrix.db }}.yml --env-file versions.env up --quiet-pull -d | |
| - name: Run tests | |
| run: | | |
| docker run --rm --network auto_default \ | |
| 754489498669.dkr.ecr.eu-central-1.amazonaws.com/tyk-automated-tests:${{ startsWith(github.ref_name, 'release-') && github.ref_name || 'master' }} \ | |
| pytest -c pytest_ci.ini -m "not local and not mdcb and not dind ${{ matrix.markers }}" | |
| # TODO: PR comment, using just one comment and updating, not a new comment each time | |
| upgrade-deb: | |
| if: startsWith(github.ref, 'refs/tags') | |
| services: | |
| httpbin.org: | |
| image: kennethreitz/httpbin | |
| runs-on: ubuntu-latest | |
| needs: goreleaser | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| arch: | |
| - amd64 | |
| - arm64 | |
| distro: | |
| - ubuntu:jammy | |
| - ubuntu:bionic | |
| - ubuntu:focal | |
| - debian:bullseye | |
| - debian:bookworm | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 1 | |
| - uses: actions/download-artifact@v3 | |
| with: | |
| name: deb | |
| - uses: docker/setup-qemu-action@v2 | |
| - uses: docker/setup-buildx-action@v2 | |
| - name: generate dockerfile | |
| run: | | |
| echo 'FROM ${{ matrix.distro }} | |
| ARG TARGETARCH | |
| COPY tyk-gateway*_${TARGETARCH}.deb /tyk-gateway.deb | |
| RUN apt-get update && apt-get install -y curl | |
| RUN curl -fsSL https://packagecloud.io/install/repositories/tyk/tyk-gateway/script.deb.sh | bash && apt-get install -y tyk-gateway=3.0.8 | |
| RUN dpkg -i tyk-gateway.deb | |
| RUN apt-get install -y jq | |
| RUN /opt/tyk-gateway/install/setup.sh --listenport=8080 --redishost=localhost --redisport=6379 --domain="" | |
| COPY ci/tests/api-functionality/api_test.sh / | |
| COPY ci/tests/api-functionality/pkg_test.sh / | |
| COPY ci/tests/api-functionality/data/api.json /opt/tyk-gateway/apps/ | |
| CMD [ "/pkg_test.sh" ] | |
| ' > Dockerfile | |
| - name: install on ${{ matrix.distro }} | |
| uses: docker/build-push-action@v4 | |
| with: | |
| context: "." | |
| platforms: linux/${{ matrix.arch }} | |
| file: Dockerfile | |
| push: false | |
| tags: test-${{ matrix.distro }}-${{ matrix.arch }} | |
| load: true | |
| - name: Test the built container image with api functionality test. | |
| run: | | |
| docker run --network ${{ job.container.network }} --rm test-${{ matrix.distro }}-${{ matrix.arch }} | |
| upgrade-rpm: | |
| if: startsWith(github.ref, 'refs/tags') | |
| services: | |
| httpbin.org: | |
| image: kennethreitz/httpbin | |
| needs: goreleaser | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| distro: | |
| - amazonlinux:2023 | |
| - registry.access.redhat.com/ubi9/ubi | |
| - registry.access.redhat.com/ubi8/ubi | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 1 | |
| - uses: actions/download-artifact@v3 | |
| with: | |
| name: rpm | |
| - uses: docker/setup-buildx-action@v2 | |
| - name: generate dockerfile | |
| run: | | |
| echo 'FROM ${{ matrix.distro }} | |
| COPY tyk-gateway*.x86_64.rpm /tyk-gateway.rpm | |
| RUN yum install --allowerasing -y curl | |
| RUN curl -fsSL https://packagecloud.io/install/repositories/tyk/tyk-gateway/script.rpm.sh | bash && yum install -y tyk-gateway-3.0.8-1 | |
| RUN curl https://keyserver.tyk.io/tyk.io.rpm.signing.key.2020 -o tyk-gateway.key && rpm --import tyk-gateway.key | |
| RUN rpm --checksig tyk-gateway.rpm | |
| RUN rpm -Uvh --force tyk-gateway.rpm | |
| RUN curl -fSL https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 --output /usr/local/bin/jq && chmod a+x /usr/local/bin/jq | |
| RUN /opt/tyk-gateway/install/setup.sh --listenport=8080 --redishost=localhost --redisport=6379 --domain="" | |
| COPY ci/tests/api-functionality/data/api.json /opt/tyk-gateway/apps/ | |
| COPY ci/tests/api-functionality/api_test.sh / | |
| COPY ci/tests/api-functionality/pkg_test.sh / | |
| CMD [ "/pkg_test.sh" ] | |
| ' > Dockerfile | |
| - name: install on ${{ matrix.distro }} | |
| uses: docker/build-push-action@v4 | |
| with: | |
| context: "." | |
| file: Dockerfile | |
| push: false | |
| tags: test-${{ matrix.distro }} | |
| load: true | |
| - name: Test the built container image with api functionality test. | |
| run: | | |
| docker run --network ${{ job.container.network }} --rm test-${{ matrix.distro }} | |
| release-tests: | |
| needs: | |
| - goreleaser | |
| permissions: | |
| id-token: write # This is required for requesting the JWT | |
| contents: read # This is required for actions/checkout | |
| uses: ./.github/workflows/release-tests.yml |