Skip to content

Bump the third-party group across 1 directory with 7 updates #756

Bump the third-party group across 1 directory with 7 updates

Bump the third-party group across 1 directory with 7 updates #756

name: Release Quickstart Workflow
on:
pull_request_target:
types:
- closed
branches:
- main
push:
tags:
- 'v*.*.*'
jobs:
release-quickstart:
name: Release Quickstart Job
# this is only run on the official upstream repo when a PR is merged to the
# default branch "main" or a release tag is pushed or for the same
# conditions in a repo fork that overrides the container image repo to push
# to; merges to main trigger a quickstart release with a commit SHA suffix
# featuring the previous ziti binary release version, whereas release tag
# pushes trigger a quickstart release with the same tag name and the same
# ziti binary release version
if: (github.repository_owner == 'openziti' || vars.ZITI_QUICKSTART_IMAGE != '') && (
startsWith(github.ref_name, 'v') || (
github.event.pull_request.merged == true
&& contains(github.event.pull_request.labels.*.name, 'quickstartrelease')
)
)
runs-on: ubuntu-latest
env:
ZITI_QUICKSTART_IMAGE: ${{ vars.ZITI_QUICKSTART_IMAGE || 'docker.io/openziti/quickstart' }}
# use github.ref, not github.head_ref, because this workflow should only run on merged PRs in the target/base
# branch context, not the PR source branch
GITHUB_REF: ${{ github.ref }}
# use github.sha, not github.pull_request.head.sha, because this workflow should only run on merged PRs in the
# target/base branch, not the PR source branch
GITHUB_SHA: ${{ github.sha }}
steps:
- name: Debug action
uses: hmarr/[email protected]
- name: Wait for other builds to complete
uses: lewagon/[email protected]
with:
ref: ${{ env.GITHUB_SHA }}
repo-token: ${{ secrets.GITHUB_TOKEN }}
# seconds between polling the checks api for job statuses
wait-interval: 20
# confusingly, this means "pause this step until all jobs from all workflows in same run have completed"
running-workflow-name: Release Quickstart Job
- name: Checkout Workspace
uses: actions/checkout@v4
- name: Install Go
id: setup-go
uses: actions/setup-go@v5
with:
go-version-file: ./go.mod
- name: Install Ziti CI
uses: openziti/ziti-ci@v1
- name: Set Up QEMU
uses: docker/setup-qemu-action@v3
with:
platforms: amd64,arm64
- name: Set Up Docker BuildKit
id: buildx
uses: docker/setup-buildx-action@v3
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
# it is preferable to obtain the username from a var so that
# recurrences of the same string are not masked in CI output
username: ${{ vars.DOCKER_HUB_API_USER || secrets.DOCKER_HUB_API_USER }}
password: ${{ secrets.DOCKER_HUB_API_TOKEN }}
- name: Compute the Ziti Quickstart Version String
id: get_version
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITHUB_REF_NAME: ${{ github.ref_name }}
shell: bash
run: |
function validateSemver() {
if ! [[ "${1}" =~ ^v?[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "ERROR: ${1} is not a release semver" >&2
return 1
fi
}
if [[ "${GITHUB_REF_NAME}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
# Set output parameters for release tags
QUICKSTART_VERSION="${GITHUB_REF_NAME}"
elif [[ "${GITHUB_REF_NAME}" =~ ^main$ ]]; then
# compute the latest release version to install in the quickstart image
QUICKSTART_VERSION="$($(go env GOPATH)/bin/ziti-ci -q get-current-version ${ZITI_BASE_VERSION:+--base-version $ZITI_BASE_VERSION})"
validateSemver "${QUICKSTART_VERSION}"
# Append short SHA to identify quickstart docker images shipped on merge to main
QUICKSTART_VERSION="${QUICKSTART_VERSION}-$(git rev-parse --short ${GITHUB_SHA})"
else
echo "ERROR: Unexpected GITHUB_REF_NAME=${GITHUB_REF_NAME}" >&2
exit 1
fi
# configure the env var used by the quickstart's Dockerfile to
# download the correct version of ziti for the target architecture of
# each image build by trimming the hyphenated short sha suffix so that
# the preceding release version of the ziti executable is installed in
# the quickstart container image; ensure the QUICKSTART_VERSION
# (container image tag) does not have a leading 'v' and the
# ZITI_VERSION_OVERRIDE (GitHub tag ref) does have a leading 'v'
QUICKSTART_VERSION="${QUICKSTART_VERSION#v}"
echo QUICKSTART_VERSION="${QUICKSTART_VERSION}" | tee -a $GITHUB_OUTPUT
echo ZITI_VERSION_OVERRIDE=v${QUICKSTART_VERSION%-*} | tee -a $GITHUB_OUTPUT
# container image tag :latest is published on merge to default branch "main" and on release tags
- name: Configure Quickstart Container
env:
IMAGE_REPO: ${{ env.ZITI_QUICKSTART_IMAGE }}
IMAGE_TAG: ${{ steps.get_version.outputs.QUICKSTART_VERSION }}
id: tagprep_qs
shell: bash
run: |
DOCKER_TAGS="${IMAGE_REPO}:${IMAGE_TAG}"
DOCKER_TAGS+=",${IMAGE_REPO}:latest"
echo DOCKER_TAGS="${DOCKER_TAGS}" | tee -a $GITHUB_OUTPUT
- name: Build & Push Multi-Platform Quickstart Container Image to Hub
uses: docker/build-push-action@v6
with:
builder: ${{ steps.buildx.outputs.name }}
context: ${{ github.workspace }}/quickstart/docker/image
platforms: linux/amd64,linux/arm64
tags: ${{ steps.tagprep_qs.outputs.DOCKER_TAGS }}
build-args: |
ZITI_VERSION_OVERRIDE=${{ steps.get_version.outputs.ZITI_VERSION_OVERRIDE }}
GITHUB_REPO_OWNER=${{ github.repository_owner }}
GITHUB_REPO_NAME=${{ github.event.repository.name }}
push: true
- name: Configure Python
shell: bash
run: |
pip install --requirement ./dist/cloudfront/get.openziti.io/requirements.txt
python --version
- name: Deploy the CloudFront Function for get.openziti.io
if: github.repository_owner == 'openziti'
shell: bash
run: python ./dist/cloudfront/get.openziti.io/deploy-cloudfront-function.py
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_REGION: ${{ vars.AWS_REGION || secrets.AWS_REGION }}