Merge pull request #1115 from openziti/release-next

Release 0.28.0

.github/workflows/main.yml

@@ -5,6 +5,7 @@ on:
     branches:
       - main
       - release-v*
+      - release-next
   pull_request:
   workflow_dispatch:
 
@@ -28,6 +29,8 @@ env:
 jobs:
   mac-os-build:
     name: Build Mac OS binaries
+    # allow fors to opt-out of time-consuming macOS builds
+    if: vars.ZITI_SKIP_MACOS_BUILD != 'true'
     runs-on: macos-11
     steps:
       - name: Git Checkout
@@ -41,7 +44,7 @@ jobs:
           go-version: '1.20.x'
 
       - name: Install Ziti CI
-        uses: netfoundry/ziti-ci@v1
+        uses: openziti/ziti-ci@v1
 
       - name: Build and Test
         run: |
@@ -58,6 +61,8 @@ jobs:
 
   windows-build:
     name: Build Windows binaries
+    # allow fors to opt-out of time-consuming Windows builds
+    if: vars.ZITI_SKIP_WINDOWS_BUILD != 'true'
     runs-on: windows-2019
     steps:
       - name: Git Checkout
@@ -71,7 +76,7 @@ jobs:
           go-version: '1.20.x'
 
       - name: Install Ziti CI
-        uses: netfoundry/ziti-ci@v1
+        uses: openziti/ziti-ci@v1
 
       - name: Build and Test
         shell: bash
@@ -89,6 +94,7 @@ jobs:
 
   fablab-smoketest:
     name: Fablab Smoketest
+    # not applicable to forks
     if: github.repository_owner == 'openziti'
     runs-on: ubuntu-20.04
     steps:
@@ -103,20 +109,18 @@ jobs:
           go-version: '1.20.x'
 
       - name: Install Ziti CI
-        uses: netfoundry/ziti-ci@v1
+        uses: openziti/ziti-ci@v1
 
       - name: Build and Test
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           ziti_ci_gpg_key: ${{ secrets.ZITI_CI_GPG_KEY }}
           ziti_ci_gpg_key_id: ${{ secrets.ZITI_CI_GPG_KEY_ID }}
         run: |
-          mkdir -p dist/bin
           $(go env GOPATH)/bin/ziti-ci configure-git
           $(go env GOPATH)/bin/ziti-ci generate-build-info common/version/info_generated.go version
           pushd network-tests && go install ./... && popd
-          pushd network-tests && go build -o ../dist/bin/ ./utils/... && popd 
-          go build -tags=all,tests -o dist/bin/ ./...
+          go install -tags=all,tests ./...
 
       - name: Create Zitilab Bindings
         run: |
@@ -134,26 +138,36 @@ jobs:
           echo "ziti_version: $($(go env GOPATH)/bin/ziti-ci -q get-current-version)" >> ~/.fablab/bindings.yml
           cat ~/.fablab/bindings.yml
 
-      - name: Test Ziti Command
-        env:
-          ZITI_ROOT: dist/bin/
+      - name: Create Test Environment
         run: |
+          echo "ZITI_ROOT=$(go env GOPATH)/bin" >> "$GITHUB_ENV"
           $(go env GOPATH)/bin/simple-transfer create
           $(go env GOPATH)/bin/simple-transfer up
+
+      - name: Test Ziti Command
+        run: |
+          echo "ZITI_ROOT=$(go env GOPATH)/bin" >> "$GITHUB_ENV"
           $(go env GOPATH)/bin/simple-transfer run
+          pushd network-tests && go test -v ./tests/... && popd
 
       - name: Test Ziti Command Teardown
         if: always()
-        env:
-          ZITI_ROOT: dist/bin/
         run: |
+          echo "ZITI_ROOT=$(go env GOPATH)/bin" >> "$GITHUB_ENV"
           $(go env GOPATH)/bin/simple-transfer dispose
           $(go env GOPATH)/bin/simple-transfer clean
 
       # END linux-build-steps
 
   publish:
     name: Publish Binaries
+    # - always() allows evaluating further conditional expressions even if
+    #   needed jobs were skipped
+    if: |
+      always()
+      && (needs.mac-os-build.result == 'success' || needs.mac-os-build.result == 'skipped')
+      && (needs.windows-build.result == 'success' || needs.windows-build.result == 'skipped')
+      && (needs.fablab-smoketest.result == 'success' || needs.fablab-smoketest.result == 'skipped')
     runs-on: ubuntu-20.04
     needs: [ mac-os-build, windows-build, fablab-smoketest ]
     outputs:
@@ -175,7 +189,7 @@ jobs:
           python-version: '3.7'
 
       - name: Install Ziti CI
-        uses: netfoundry/ziti-ci@v1
+        uses: openziti/ziti-ci@v1
 
       - name: Build and Test
         env:
@@ -201,19 +215,21 @@ jobs:
           retention-days: 5
 
       - name: Download darwin release artifact
+        if: needs.mac-os-build.result == 'success'
         uses: actions/download-artifact@v3
         with:
           name: darwin-release-${{ github.run_id }}
           path: release/
 
       - name: Download windows release artifact
+        if: needs.windows-build.result == 'success'
         uses: actions/download-artifact@v3
         with:
           name: windows-release-${{ github.run_id }}
           path: release/
 
       - name: Install Jfrog CLI
-        uses: jfrog/setup-jfrog-cli@v2
+        uses: jfrog/setup-jfrog-cli@v3
         with:
           version: 1.51.1
 
@@ -276,9 +292,28 @@ jobs:
     with:
       ziti-version: ${{ needs.publish.outputs.ZITI_VERSION }}
 
-  call-publish-docker-images:
-    if: github.ref == 'refs/heads/main'
-    name: Publish Docker Images
+  call-publish-prerelease-docker-images:
+    # always() re-enables evaluating conditionals in forks even if Windows or
+    # macOS builds were skipped
+    if: |
+      always()
+      && needs.publish.result == 'success'
+      && github.ref == 'refs/heads/release-next'
+    name: Publish Pre-Release Docker Images
+    needs: publish
+    uses: ./.github/workflows/publish-docker-images.yml
+    secrets: inherit
+    with:
+      ziti-version: release-next
+
+  call-publish-release-docker-images:
+    # always() re-enables evaluating conditionals in forks even if Windows or
+    # macOS builds were skipped
+    if: |
+      always()
+      && needs.publish.result == 'success'
+      && github.ref == 'refs/heads/main'
+    name: Publish Release Docker Images
     needs: publish
     uses: ./.github/workflows/publish-docker-images.yml
     secrets: inherit

.github/workflows/publish-docker-images.yml

@@ -4,7 +4,7 @@ on:
   workflow_call:
     inputs:
       ziti-version:
-        description: 'Ziti Release Version'
+        description: 'Tag or Branch Ref to Publish'
         type: string
         required: true
 
@@ -13,6 +13,10 @@ jobs:
     runs-on: ubuntu-latest
     env:
       ZITI_VERSION: ${{ inputs.ziti-version || github.event.inputs.ziti-version }}
+      ZITI_CLI_IMAGE: ${{ vars.ZITI_CLI_IMAGE || 'docker.io/openziti/ziti-cli' }}
+      ZITI_CONTROLLER_IMAGE: ${{ vars.ZITI_CONTROLLER_IMAGE || 'docker.io/openziti/ziti-controller' }}
+      ZITI_ROUTER_IMAGE: ${{ vars.ZITI_ROUTER_IMAGE || 'docker.io/openziti/ziti-router' }}
+      ZITI_TUNNEL_IMAGE: ${{ vars.ZITI_TUNNEL_IMAGE || 'docker.io/openziti/ziti-tunnel' }}
     steps:
       - name: Checkout Workspace
         uses: actions/checkout@v3
@@ -35,16 +39,21 @@ jobs:
       - name: Login to Docker Hub
         uses: docker/login-action@v2
         with:
-          username: ${{ secrets.DOCKER_HUB_API_USER }}
+          # it is preferable to obtain the username from a var so that
+          # recurrences of the same string are not masked in CI output
+          username: ${{ vars.DOCKER_HUB_API_USER || secrets.DOCKER_HUB_API_USER }}
           password: ${{ secrets.DOCKER_HUB_API_TOKEN }}
 
       - name: Set Up Container Image Tags for Base CLI Container
         env:
-          RELEASE_REPO: openziti/ziti-cli
+          IMAGE_REPO: ${{ env.ZITI_CLI_IMAGE }}
         id: tagprep_cli
         run: |
           DOCKER_TAGS=""
-          DOCKER_TAGS="${RELEASE_REPO}:${ZITI_VERSION},${RELEASE_REPO}:latest"
+          DOCKER_TAGS="${IMAGE_REPO}:${ZITI_VERSION}"
+          if [[ "${{ github.ref }}" == "refs/heads/main" ]]; then
+            DOCKER_TAGS+=",${IMAGE_REPO}:latest"
+          fi
           echo "DEBUG: DOCKER_TAGS=${DOCKER_TAGS}"
           echo DOCKER_TAGS="${DOCKER_TAGS}" >> $GITHUB_OUTPUT
 
@@ -65,11 +74,14 @@ jobs:
 
       - name: Set Up Container Image Tags for Controller Container
         env:
-          RELEASE_REPO: openziti/ziti-controller
+          IMAGE_REPO: ${{ env. ZITI_CONTROLLER_IMAGE }}
         id: tagprep_ctrl
         run: |
           DOCKER_TAGS=""
-          DOCKER_TAGS="${RELEASE_REPO}:${ZITI_VERSION},${RELEASE_REPO}:latest"
+          DOCKER_TAGS="${IMAGE_REPO}:${ZITI_VERSION}"
+          if [[ "${{ github.ref }}" == "refs/heads/main" ]]; then
+            DOCKER_TAGS+=",${IMAGE_REPO}:latest"
+          fi
           echo "DEBUG: DOCKER_TAGS=${DOCKER_TAGS}"
           echo DOCKER_TAGS="${DOCKER_TAGS}" >> $GITHUB_OUTPUT
 
@@ -85,15 +97,19 @@ jobs:
           tags: ${{ steps.tagprep_ctrl.outputs.DOCKER_TAGS }}
           build-args: |
             ZITI_VERSION=${{ env.ZITI_VERSION }}
+            ZITI_CLI_IMAGE=${{ env.ZITI_CLI_IMAGE }}
           push: true
 
       - name: Set Up Container Image Tags for Router Container
         env:
-          RELEASE_REPO: openziti/ziti-router
+          IMAGE_REPO: ${{ env.ZITI_ROUTER_IMAGE }}
         id: tagprep_router
         run: |
           DOCKER_TAGS=""
-          DOCKER_TAGS="${RELEASE_REPO}:${ZITI_VERSION},${RELEASE_REPO}:latest"
+          DOCKER_TAGS="${IMAGE_REPO}:${ZITI_VERSION}"
+          if [[ "${{ github.ref }}" == "refs/heads/main" ]]; then
+            DOCKER_TAGS+=",${IMAGE_REPO}:latest"
+          fi
           echo "DEBUG: DOCKER_TAGS=${DOCKER_TAGS}"
           echo DOCKER_TAGS="${DOCKER_TAGS}" >> $GITHUB_OUTPUT
 
@@ -106,17 +122,21 @@ jobs:
           tags: ${{ steps.tagprep_router.outputs.DOCKER_TAGS }}
           build-args: |
             ZITI_VERSION=${{ env.ZITI_VERSION }}
+            ZITI_CLI_IMAGE=${{ env.ZITI_CLI_IMAGE }}
           push: true
 
       - name: Set Up Container Image Tags for Go Tunneler Container
         env:
-          SNAPSHOT_REPO: netfoundry/ziti-tunnel
-          RELEASE_REPO: openziti/ziti-tunnel
+          IMAGE_REPO: ${{ env.ZITI_TUNNEL_IMAGE }}
+          LEGACY_REPO: netfoundry/ziti-tunnel
         id: tagprep_tun
         run: |
           DOCKER_TAGS=""
-          for REPO in ${SNAPSHOT_REPO} ${RELEASE_REPO}; do
-            DOCKER_TAGS+=",${REPO}:${ZITI_VERSION},${REPO}:latest"
+          for REPO in ${LEGACY_REPO} ${IMAGE_REPO}; do
+            DOCKER_TAGS="${IMAGE_REPO}:${ZITI_VERSION}"
+            if [[ "${{ github.ref }}" == "refs/heads/main" ]]; then
+              DOCKER_TAGS+=",${IMAGE_REPO}:latest"
+            fi
           done
           DOCKER_TAGS=${DOCKER_TAGS#,} # drop leading comma char
           echo "DEBUG: DOCKER_TAGS=${DOCKER_TAGS}"
@@ -131,4 +151,5 @@ jobs:
           tags: ${{ steps.tagprep_tun.outputs.DOCKER_TAGS }}
           build-args: |
             ZITI_VERSION=${{ env.ZITI_VERSION }}
+            ZITI_CLI_IMAGE=${{ env.ZITI_CLI_IMAGE }}
           push: true

.github/workflows/push-quickstart.yml

@@ -8,9 +8,9 @@ jobs:
     steps:
       - uses: actions/checkout@v3
       - name: Login to Docker Hub
-        uses: docker/login-action@v1
+        uses: docker/login-action@v2
         with:
-          username: ${{ secrets.DOCKER_HUB_API_USER }}
+          username: ${{ vars.DOCKER_HUB_API_USER || secrets.DOCKER_HUB_API_USER }}
           password: ${{ secrets.DOCKER_HUB_API_TOKEN }}
       - name: Push to Docker
         run: ./quickstart/docker/pushLatestDocker.sh

ADOPTERS.md

@@ -18,9 +18,12 @@ If you're interested in getting your project added to the list either:
 
 Here's the list of projects using and adopting OpenZiti
 
-| Project Name              | Project Link                                  | Logo     | Description     |
-|---------------------------|-----------------------------------------------|----------|-----------------|
-| NetFoundry                | https://nfconsole.io/signup                   | <img src="https://netfoundry.io/logos/Logo-Dark-Backgrounds.jpg" width="100px"> | NetFoundry SaaS provides management, orchestrations, support, and SLAs for OpenZiti networks. |
-| HackBunker                | https://www.hackbunker.com/                   | <img src="https://irp.cdn-website.com/b429ad92/dms3rep/multi/hackbunker+logo+new.svg" width="100px"> | To open up a Zero Trust conversation in the C-Suite and Boardrooms of Blue-chip companies with a suite of products. |
-| DeltaSecure GmbH          | https://deltasecure.de/                       | <img src="https://deltasecure.de/wp-content/uploads/2022/10/DeltaSecure-Logo-gross-hell.png.png" width="100px"> | To provide Managed Security Operations Center services for small and medium-sized enterprises. Ziti overlay forms the basis for secure data transmission of customer data and within the SOC infrastructure. |
-| Resulticks                | https://www.resulticks.com/                   | <img src="https://www.resulticks.com/assets/platform/logos/resulticks-logo-blue.svg" width="100px"> | Resulticks Zero Trust API delivery network which forms the core of Resulticks' omnichannel marketing automation platform is built on OpenZiti to form a private dark mesh network. |
+| Project Name                     | Project Link                                  | Logo     | Description     |
+|----------------------------------|-----------------------------------------------|----------|-----------------|
+| NetFoundry                       | https://nfconsole.io/signup                   | <img src="https://netfoundry.io/logos/Logo-Dark-Backgrounds.jpg" width="100px"> | NetFoundry SaaS provides management, orchestrations, support, and SLAs for OpenZiti networks. |
+| HackBunker                       | https://www.hackbunker.com/                   | <img src="https://irp.cdn-website.com/b429ad92/dms3rep/multi/hackbunker+logo+new.svg" width="100px"> | To open up a Zero Trust conversation in the C-Suite and Boardrooms of Blue-chip companies with a suite of products. |
+| DeltaSecure GmbH                 | https://deltasecure.de/                       | <img src="https://deltasecure.de/wp-content/uploads/2022/10/DeltaSecure-Logo-gross-hell.png.png" width="100px"> | To provide Managed Security Operations Center services for small and medium-sized enterprises. Ziti overlay forms the basis for secure data transmission of customer data and within the SOC infrastructure. |
+| Resulticks                       | https://www.resulticks.com/                   | <img src="https://www.resulticks.com/assets/platform/logos/resulticks-logo-blue.svg" width="100px"> | Resulticks Zero Trust API delivery network which forms the core of Resulticks' omnichannel marketing automation platform is built on OpenZiti to form a private dark mesh network.  |
+| KubeZT - Zero Trust Kubernetes   | https://KubeZT.com/                           | <img src="https://kubezt-public.s3-us-gov-east-1.amazonaws.com/github-org-logo.png" width="100px"> | KubeZT is an on-demand Kubernetes environment that enables developers to build and deploy highly secure applications for high-compliance organizations. |
+| Analytics HQ                     | https://AnalyticsHQ.com/                      | <img src="https://ahq-public.s3-us-gov-west-1.amazonaws.com/ahq-logo.png" width="100px"> | Analytics HQ is a next-generation unified platform built for modern data management and advanced analytics. |
+| PITS Global Data Recovery Services | https://www.pitsdatarecovery.net/ | <img src="https://www.pitsdatarecovery.net/wp-content/uploads/2020/09/pits-logo.svg" width="100px"> | PITS Global Data Recovery Services is a data recovery company in the United States that offers services for recovering data from hard drives, SSDs, flash drives, RAID arrays and more.  |