Skip to content

Bump golang.org/x/net from 0.17.0 to 0.23.0 #2261

Bump golang.org/x/net from 0.17.0 to 0.23.0

Bump golang.org/x/net from 0.17.0 to 0.23.0 #2261

Workflow file for this run

# Generated by: gromit policy
# Distribution channels covered by this workflow
# - Ubuntu and Debian
# - RHEL and AL
# - docker hub
# - devenv ECR
# - Cloudsmith
name: Release
on:
# Trigger release every monday at midnight for master CI images
schedule:
- cron: "0 0 * * 1"
pull_request:
push:
branches:
- master
- release-**
tags:
- 'v*'
env:
GOPRIVATE: github.com/TykTechnologies
jobs:
goreleaser:
name: '${{ matrix.golang_cross }}'
runs-on: ubuntu-latest
permissions:
id-token: write # AWS OIDC JWT
contents: read # actions/checkout
strategy:
fail-fast: false
matrix:
golang_cross:
- 1.21-bullseye
include:
- golang_cross: 1.21-bullseye
goreleaser: 'ci/goreleaser/goreleaser.yml'
cgo: 0
rpmvers: 'el/7 el/8 el/9 amazon/2 amazon/2023'
debvers: 'ubuntu/xenial ubuntu/bionic ubuntu/focal ubuntu/jammy debian/jessie debian/buster debian/bullseye debian/bookworm'
outputs:
tags: ${{ steps.metadata.outputs.tags }}
commit_author: ${{ steps.fetch-author.outputs.commit_author}}
steps:
- name: Checkout of tyk-pump
uses: actions/checkout@v4
with:
fetch-depth: 1
- name: Get commit author
id: fetch-author
run: echo "commit_author=$(git show -s --format='%ae' HEAD)" >> $GITHUB_OUTPUT
- uses: docker/setup-qemu-action@v3
- uses: docker/setup-buildx-action@v3
- name: Login to DockerHub
if: startsWith(github.ref, 'refs/tags')
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Login to Cloudsmith
if: startsWith(github.ref, 'refs/tags')
uses: docker/login-action@v3
with:
registry: docker.tyk.io
username: ${{ secrets.CLOUDSMITH_USERNAME }}
password: ${{ secrets.CLOUDSMITH_API_KEY }}
- uses: actions/cache@v4
with:
path: |
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
- name: Build
env:
NFPM_STD_PASSPHRASE: ${{ secrets.SIGNING_KEY_PASSPHRASE }}
PKG_SIGNING_KEY: ${{ secrets.SIGNING_KEY }}
PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
run: |
echo '#!/bin/sh
ci/bin/unlock-agent.sh
git config --global url."https://${{ secrets.ORG_GH_TOKEN }}@github.com".insteadOf "https://github.com"
git config --global --add safe.directory /go/src/github.com/TykTechnologies/tyk-pump
goreleaser release --clean -f ${{ matrix.goreleaser }} ${{ !startsWith(github.ref, 'refs/tags/') && ' --snapshot' || '' }}' | tee /tmp/build.sh
chmod +x /tmp/build.sh
docker run --rm --privileged -e GITHUB_TOKEN=${{ github.token }} \
-e GOPRIVATE=github.com/TykTechnologies \
-e GO111MODULE=on \
-e DEBVERS='${{ matrix.debvers }}' \
-e RPMVERS='${{ matrix.rpmvers }}' \
-e CGO_ENABLED=${{ matrix.cgo }} \
-e NFPM_STD_PASSPHRASE="$NFPM_STD_PASSPHRASE" \
-e GPG_FINGERPRINT=12B5D62C28F57592D1575BD51ED14C59E37DAC20 \
-e PKG_SIGNING_KEY="$PKG_SIGNING_KEY" \
-e PACKAGECLOUD_TOKEN=$PACKAGECLOUD_TOKEN \
-v ${{github.workspace}}:/go/src/github.com/TykTechnologies/tyk-pump \
-v /var/run/docker.sock:/var/run/docker.sock \
-v ~/.docker/config.json:/root/.docker/config.json \
-e GOCACHE=/cache/go-build \
-e GOMODCACHE=/go/pkg/mod \
-v ~/go/pkg/mod:/go/pkg/mod \
-v ~/.cache/go-build:/cache/go-build \
-v /tmp/build.sh:/tmp/build.sh \
-w /go/src/github.com/TykTechnologies/tyk-pump \
tykio/golang-cross:${{ matrix.golang_cross }} /tmp/build.sh
- uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::754489498669:role/ecr_rw_tyk
role-session-name: cipush
aws-region: eu-central-1
# Don't mask to pass it across job boundaries
mask-aws-account-id: false
- uses: aws-actions/amazon-ecr-login@v2
id: ecr
if: ${{ matrix.golang_cross == '1.21-bullseye' }}
with:
mask-password: 'true'
- name: Docker metadata for CI
id: metadata
if: ${{ matrix.golang_cross == '1.21-bullseye' }}
uses: docker/metadata-action@v5
with:
images: ${{ steps.ecr.outputs.registry }}/tyk-pump
flavor: |
latest=false
tags: |
type=ref,event=branch
type=ref,event=pr
type=sha,format=long
type=semver,pattern=v{{major}}.{{minor}},prefix=v
type=semver,pattern=v{{version}},prefix=v
- name: CI push
if: ${{ matrix.golang_cross == '1.21-bullseye' }}
shell: bash
env:
t: ${{ steps.metadata.outputs.tags }}
build_tag: ${{ startswith(github.ref, 'refs/tags') && github.ref_name || 'v0.0.0' }}
run: |
set +e
IFS=$'\n' tags=($t)
for tag in "${tags[@]}"; do
for arch in amd64 arm64; do
docker tag tykio/tyk-pump-docker-pub:${build_tag}-${arch} ${tag}-${arch} && docker push ${tag}-${arch}
done
docker manifest create ${tag} ${tag}-amd64 ${tag}-arm64 && docker manifest push ${tag}
done
- uses: actions/upload-artifact@v4
if: ${{ matrix.golang_cross == '1.21-bullseye' }}
with:
name: deb
retention-days: 1
path: |
dist/*.deb
!dist/*PAYG*.deb
- uses: actions/upload-artifact@v4
if: ${{ matrix.golang_cross == '1.21-bullseye' }}
with:
name: rpm
retention-days: 1
path: |
dist/*.rpm
!dist/*PAYG*.rpm
test-controller-api:
needs: goreleaser
runs-on: ubuntu-latest
container: tykio/gromit:v1.7
outputs:
conf: ${{ steps.params.outputs.api_conf }}
db: ${{ steps.params.outputs.api_db }}
pump: ${{ steps.params.outputs.pump }}
sink: ${{ steps.params.outputs.sink }}
gd_tag: ${{ steps.params.outputs.gd_tag }}
versions: ${{ steps.params.outputs.versions }}
steps:
- name: set params
id: params
env:
REPO: ${{ github.repository }}
# Cover pull_request_target too
BASE_REF: ${{startsWith(github.event_name, 'pull_request') && github.base_ref || github.ref}}
TAGS: ${{ needs.goreleaser.outputs.tags }}
IS_PR: ${{startsWith(github.event_name, 'pull_request') && 'yes' }}
IS_TAG: ${{startsWith(github.ref, 'refs/tags') && 'yes' }}
JOB: api
run: gromit policy controller --loglevel debug | tee -a "$GITHUB_OUTPUT"
api-tests:
needs: [goreleaser, test-controller-api]
runs-on: ubuntu-latest
permissions:
id-token: write # This is required for requesting the Github JWT
contents: read # This is required for actions/checkout
strategy:
fail-fast: false
matrix:
conf: ${{ fromJson(needs.test-controller-api.outputs.conf) }}
db: ${{ fromJson(needs.test-controller-api.outputs.db) }}
sink: ${{ fromJson(needs.test-controller-api.outputs.sink) }}
include:
- db: postgres15
markers: "and not sql"
steps:
- uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::754489498669:role/ecr_rw_tyk
role-session-name: cipush
aws-region: eu-central-1
- id: ecr
uses: aws-actions/amazon-ecr-login@v2
with:
mask-password: 'true'
# Only ${{ github.actor }} has access
# See https://github.com/mxschmitt/action-tmate#use-registered-public-ssh-keys
- name: Setup tmate session only in debug mode
uses: mxschmitt/action-tmate@v3
if: runner.debug == '1'
with:
detached: true
limit-access-to-actor: true
- name: fetch env from tyk-ci
env:
GH_TOKEN: ${{ github.token }}
run: |
gh release download --repo github.com/TykTechnologies/tyk-ci -p 'ci-env.tgz' -O env.tgz
tar xzvf env.tgz
- name: env up
shell: bash
working-directory: auto
id: env_up
env:
pull_policy: 'if_not_present'
GH_TOKEN: ${{ secrets.ORG_GH_TOKEN }}
TYK_DB_LICENSEKEY: ${{ secrets.DASH_LICENSE }}
TYK_MDCB_LICENSE: ${{ secrets.MDCB_LICENSE }}
ECR: ${{ steps.ecr.outputs.registry }}
VERSIONS: ${{ needs.test-controller-api.outputs.versions}}
run: "echo \"ECR=${ECR}\n$VERSIONS\n\ntyk_sink_image=${{matrix.sink}} \n# base dir for config files\nconfs_dir=./pro-ha\n# pick database to use\nenv_file=local-${{ matrix.db }}.env\n\" > versions.env\nprintf '::group::versions\\n%s\\n::endgroup::' \"$(cat versions.env)\"\n# Add Tyk component config variations to $env_file\ncat confs/${{ matrix.conf }}.env >> local-${{ matrix.db }}.env\n# bring up env, the project name is important\ndocker compose -p auto -f pro-ha.yml -f deps_pro-ha.yml -f ${{ matrix.db }}.yml --env-file versions.env --profile master-datacenter up --quiet-pull -d\n./dash-bootstrap.sh http://localhost:3000\ndocker compose -p auto -f pro-ha.yml -f deps_pro-ha.yml -f ${{ matrix.db }}.yml --env-file versions.env --profile slave-datacenter up --quiet-pull -d\n"
- name: Run tests
working-directory: auto
id: test_execution
run: |
set -o pipefail
echo "### API tests ${{ matrix.db }} ${{ matrix.conf }}" >> $GITHUB_STEP_SUMMARY
if docker run --rm --network auto_default --env-file pytest.env -v ${{ github.workspace }}/reports:/app/reports \
${{ steps.ecr.outputs.registry }}/tyk-automated-tests:${{ needs.test-controller-api.outputs.gd_tag }} \
pytest -c pytest_ci.ini --ci -m "not local and not dind ${{ matrix.markers }}" | tee tests.out; then
echo "All tests passed!" >> $GITHUB_STEP_SUMMARY
else
echo "::error title=API tests ${{ matrix.db }} ${{ matrix.conf }}::Test execution failed"
cat tests.out >> $GITHUB_STEP_SUMMARY
exit 1
fi
- name: Docker logs for all components
if: failure() && (steps.test_execution.outcome != 'success' || steps.env_up.outcome != 'success')
working-directory: auto
env:
pull_policy: 'if_not_present'
GH_TOKEN: ${{ secrets.ORG_GH_TOKEN }}
TYK_DB_LICENSEKEY: ${{ secrets.DASH_LICENSE }}
TYK_MDCB_LICENSE: ${{ secrets.MDCB_LICENSE }}
ECR: ${{ steps.ecr.outputs.registry }}
VERSIONS: ${{ needs.test-controller-api.outputs.versions }}
run: |
docker compose -p auto -f pro-ha.yml -f deps_pro-ha.yml -f ${{ matrix.db }}.yml --env-file versions.env --profile all logs | sort > ${{ github.workspace }}/docker-compose-api.log
echo "::group::DockerLogs"
cat ${{ github.workspace }}/docker-compose-api.log
echo "::endgroup::"
- name: Upload Artifact
uses: actions/upload-artifact@v4
if: failure() && (steps.test_execution.outcome != 'success' || steps.env_up.outcome != 'success')
with:
name: docker-compose-logs-api-${{ matrix.db }}-${{ matrix.conf }}-${{ github.run_id }}
path: ${{ github.workspace }}/docker-compose-api.log
retention-days: 3
overwrite: true
- name: Archive Integration tests report
if: always()
uses: actions/upload-artifact@v4
with:
name: api-test-report-${{ matrix.db }}-${{ matrix.conf }}-${{ github.run_id }}
retention-days: 3
path: ${{ github.workspace }}/reports
overwrite: true
- name: Fetch commit author
if: failure() && steps.test_execution.outcome != 'success' && github.event_name == 'push'
env:
USER_EMAIL: ${{ needs.goreleaser.outputs.commit_author }}
run: echo "GIT_USER_EMAIL=$USER_EMAIL" >> $GITHUB_ENV
- name: Fetch slack user
if: failure() && steps.test_execution.outcome != 'success' && github.event_name == 'push'
id: fetch_slack_user
uses: TykTechnologies/github-actions/.github/actions/github-to-slack@main
with:
github_email: ${{ env.GIT_USER_EMAIL }}
- name: Notify slack
if: failure() && steps.test_execution.outcome != 'success' && github.event_name == 'push'
uses: rtCamp/action-slack-notify@v2
env:
SLACK_WEBHOOK: ${{ secrets.API_TEST_ALERT_SLACK_WEBHOOK }}
SLACK_COLOR: ${{ job.status }}
SLACK_TITLE: "Result: ${{ steps.test_execution.outcome }}"
SLACK_USERNAME: API INTEGRATION TESTS
SLACK_MESSAGE: "*Test*: ${{ matrix.db }}-${{ matrix.conf }}, *Author*: ${{ steps.fetch_slack_user.outputs.slack-user-name }}"
SLACK_FOOTER: "<https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}|SEE EXECUTION DETAILS HERE>"
upgrade-deb:
services:
httpbin.org:
image: kennethreitz/httpbin
runs-on: ubuntu-latest
needs: goreleaser
strategy:
fail-fast: false
matrix:
arch:
- amd64
- arm64
distro:
- ubuntu:bionic
- ubuntu:focal
- ubuntu:jammy
- debian:bullseye
- debian:bookworm
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 1
- uses: actions/download-artifact@v4
with:
name: deb
- uses: docker/setup-qemu-action@v3
- uses: docker/setup-buildx-action@v3
- name: generate dockerfile
run: |
echo 'FROM ${{ matrix.distro }}
ARG TARGETARCH
COPY tyk-pump*_${TARGETARCH}.deb /tyk-pump.deb
RUN apt-get update && apt-get install -y curl
RUN curl -fsSL https://packagecloud.io/install/repositories/tyk/tyk-pump/script.deb.sh | bash && apt-get install -y tyk-pump=1.6.0
RUN dpkg -i tyk-pump.deb
' > Dockerfile
- name: install on ${{ matrix.distro }}
uses: docker/build-push-action@v5
with:
context: "."
platforms: linux/${{ matrix.arch }}
file: Dockerfile
push: false
upgrade-rpm:
services:
httpbin.org:
image: kennethreitz/httpbin
needs: goreleaser
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
distro:
- amazonlinux:2023
- registry.access.redhat.com/ubi8/ubi
- registry.access.redhat.com/ubi9/ubi
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 1
- uses: actions/download-artifact@v4
with:
name: rpm
- uses: docker/setup-buildx-action@v3
- name: generate dockerfile
run: |
echo 'FROM ${{ matrix.distro }}
COPY tyk-pump*.x86_64.rpm /tyk-pump.rpm
RUN command -v curl || yum install -y curl
RUN command -v useradd || yum install -y shadow-utils
RUN curl -fsSL https://packagecloud.io/install/repositories/tyk/tyk-pump/script.rpm.sh | bash && yum install -y tyk-pump-1.6.0-1
RUN curl https://keyserver.tyk.io/tyk.io.rpm.signing.key.2020 -o tyk-pump.key && rpm --import tyk-pump.key
RUN rpm --checksig tyk-pump.rpm
RUN rpm -Uvh --force tyk-pump.rpm
' > Dockerfile
- name: install on ${{ matrix.distro }}
uses: docker/build-push-action@v5
with:
context: "."
file: Dockerfile
push: false
sbom:
needs: goreleaser
uses: TykTechnologies/github-actions/.github/workflows/sbom.yaml@main
secrets:
DEPDASH_URL: ${{ secrets.DEPDASH_URL }}
DEPDASH_KEY: ${{ secrets.DEPDASH_KEY }}
ORG_GH_TOKEN: ${{ secrets.ORG_GH_TOKEN }}