-
Notifications
You must be signed in to change notification settings - Fork 169
161 lines (142 loc) · 6.59 KB
/
release-quickstart.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
name: Release Quickstart Workflow
on:
pull_request_target:
types:
- closed
branches:
- main
push:
tags:
- 'v*.*.*'
jobs:
release-quickstart:
name: Release Quickstart Job
# this is only run on the official upstream repo when a PR is merged to the
# default branch "main" or a release tag is pushed or for the same
# conditions in a repo fork that overrides the container image repo to push
# to; merges to main trigger a quickstart release with a commit SHA suffix
# featuring the previous ziti binary release version, whereas release tag
# pushes trigger a quickstart release with the same tag name and the same
# ziti binary release version
if: (github.repository_owner == 'openziti' || vars.ZITI_QUICKSTART_IMAGE != '') && (
startsWith(github.ref_name, 'v') || (
github.event.pull_request.merged == true
&& contains(github.event.pull_request.labels.*.name, 'quickstartrelease')
)
)
runs-on: ubuntu-latest
env:
ZITI_QUICKSTART_IMAGE: ${{ vars.ZITI_QUICKSTART_IMAGE || 'docker.io/openziti/quickstart' }}
# use github.ref, not github.head_ref, because this workflow should only run on merged PRs in the target/base
# branch context, not the PR source branch
GITHUB_REF: ${{ github.ref }}
# use github.sha, not github.pull_request.head.sha, because this workflow should only run on merged PRs in the
# target/base branch, not the PR source branch
GITHUB_SHA: ${{ github.sha }}
steps:
- name: Debug action
uses: hmarr/[email protected]
- name: Wait for other builds to complete
uses: lewagon/[email protected]
with:
ref: ${{ env.GITHUB_SHA }}
repo-token: ${{ secrets.GITHUB_TOKEN }}
# seconds between polling the checks api for job statuses
wait-interval: 20
# confusingly, this means "pause this step until all jobs from all workflows in same run have completed"
running-workflow-name: Release Quickstart Job
- name: Checkout Workspace
uses: actions/checkout@v4
- name: Install Go
id: setup-go
uses: actions/setup-go@v5
with:
go-version-file: ./go.mod
- name: Install Ziti CI
uses: openziti/ziti-ci@v1
- name: Set Up QEMU
uses: docker/setup-qemu-action@v3
with:
platforms: amd64,arm64
- name: Set Up Docker BuildKit
id: buildx
uses: docker/setup-buildx-action@v3
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
# it is preferable to obtain the username from a var so that
# recurrences of the same string are not masked in CI output
username: ${{ vars.DOCKER_HUB_API_USER || secrets.DOCKER_HUB_API_USER }}
password: ${{ secrets.DOCKER_HUB_API_TOKEN }}
- name: Compute the Ziti Quickstart Version String
id: get_version
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITHUB_REF_NAME: ${{ github.ref_name }}
shell: bash
run: |
function validateSemver() {
if ! [[ "${1}" =~ ^v?[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "ERROR: ${1} is not a release semver" >&2
return 1
fi
}
if [[ "${GITHUB_REF_NAME}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
# Set output parameters for release tags
QUICKSTART_VERSION="${GITHUB_REF_NAME}"
elif [[ "${GITHUB_REF_NAME}" =~ ^main$ ]]; then
# compute the latest release version to install in the quickstart image
QUICKSTART_VERSION="$($(go env GOPATH)/bin/ziti-ci -q get-current-version ${ZITI_BASE_VERSION:+--base-version $ZITI_BASE_VERSION})"
validateSemver "${QUICKSTART_VERSION}"
# Append short SHA to identify quickstart docker images shipped on merge to main
QUICKSTART_VERSION="${QUICKSTART_VERSION}-$(git rev-parse --short ${GITHUB_SHA})"
else
echo "ERROR: Unexpected GITHUB_REF_NAME=${GITHUB_REF_NAME}" >&2
exit 1
fi
# configure the env var used by the quickstart's Dockerfile to
# download the correct version of ziti for the target architecture of
# each image build by trimming the hyphenated short sha suffix so that
# the preceding release version of the ziti executable is installed in
# the quickstart container image; ensure the QUICKSTART_VERSION
# (container image tag) does not have a leading 'v' and the
# ZITI_VERSION_OVERRIDE (GitHub tag ref) does have a leading 'v'
QUICKSTART_VERSION="${QUICKSTART_VERSION#v}"
echo QUICKSTART_VERSION="${QUICKSTART_VERSION}" | tee -a $GITHUB_OUTPUT
echo ZITI_VERSION_OVERRIDE=v${QUICKSTART_VERSION%-*} | tee -a $GITHUB_OUTPUT
# container image tag :latest is published on merge to default branch "main" and on release tags
- name: Configure Quickstart Container
env:
IMAGE_REPO: ${{ env.ZITI_QUICKSTART_IMAGE }}
IMAGE_TAG: ${{ steps.get_version.outputs.QUICKSTART_VERSION }}
id: tagprep_qs
shell: bash
run: |
DOCKER_TAGS="${IMAGE_REPO}:${IMAGE_TAG}"
DOCKER_TAGS+=",${IMAGE_REPO}:latest"
echo DOCKER_TAGS="${DOCKER_TAGS}" | tee -a $GITHUB_OUTPUT
- name: Build & Push Multi-Platform Quickstart Container Image to Hub
uses: docker/build-push-action@v6
with:
builder: ${{ steps.buildx.outputs.name }}
context: ${{ github.workspace }}/quickstart/docker/image
platforms: linux/amd64,linux/arm64
tags: ${{ steps.tagprep_qs.outputs.DOCKER_TAGS }}
build-args: |
ZITI_VERSION_OVERRIDE=${{ steps.get_version.outputs.ZITI_VERSION_OVERRIDE }}
GITHUB_REPO_OWNER=${{ github.repository_owner }}
GITHUB_REPO_NAME=${{ github.event.repository.name }}
push: true
- name: Configure Python
shell: bash
run: |
pip install --requirement ./dist/cloudfront/get.openziti.io/requirements.txt
python --version
- name: Deploy the CloudFront Function for get.openziti.io
if: github.repository_owner == 'openziti'
shell: bash
run: python ./dist/cloudfront/get.openziti.io/deploy-cloudfront-function.py
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_REGION: ${{ vars.AWS_REGION || secrets.AWS_REGION }}