Merge pull request #1245 from openziti/cancel-older-redundant-builds #2113
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: build | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - release-v* | |
| - release-next | |
| pull_request: | |
| workflow_dispatch: | |
| # cancel older, redundant runs of same workflow on same branch | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.head_ref || github.ref_name }} | |
| cancel-in-progress: true | |
| env: | |
| GOFLAGS: "-trimpath" | |
| GOX_OUTPUT: "release/{{.Arch}}/{{.OS}}/{{.Dir}}" | |
| GOX_TEST_OUTPUT: "test/{{.Arch}}/{{.OS}}/bin/{{.Dir}}" | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| AWS_DEFAULT_REGION: "us-east-2" | |
| gh_ci_key: ${{ secrets.GH_CI_KEY }} | |
| CONSUL_ENCRYPTION_KEY: ${{ secrets.CONSUL_ENCRYPTION_KEY }} | |
| ELASTIC_ENDPOINT: ${{ secrets.ELASTIC_ENDPOINT }} | |
| ELASTIC_USERNAME: ${{ secrets.ELASTIC_USERNAME }} | |
| ELASTIC_PASSWORD: ${{ secrets.ELASTIC_PASSWORD }} | |
| CONSUL_ENDPOINT: ${{ secrets.CONSUL_ENDPOINT }} | |
| CONSUL_AGENT_CERT: ${{ secrets.CONSUL_AGENT_CERT }} | |
| BUILD_NUMBER: ${{ format('{0}-{1}-{2}', github.run_id, github.run_number, github.run_attempt) }} | |
| jobs: | |
| mac-os-build: | |
| name: Build Mac OS binaries | |
| # allow fors to opt-out of time-consuming macOS builds | |
| if: vars.ZITI_SKIP_MACOS_BUILD != 'true' | |
| runs-on: macos-11 | |
| steps: | |
| - name: Git Checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - name: Install Go | |
| uses: actions/setup-go@v4 | |
| with: | |
| go-version: '1.20.x' | |
| - name: Install Ziti CI | |
| uses: openziti/ziti-ci@v1 | |
| - name: Build and Test | |
| run: | | |
| go install github.com/mitchellh/gox@latest | |
| $(go env GOPATH)/bin/ziti-ci generate-build-info common/version/info_generated.go version | |
| $(go env GOPATH)/bin/gox -cgo -os=darwin -arch=amd64 -output=$GOX_OUTPUT ./... | |
| - name: Upload artifacts | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: darwin-release-${{ github.run_id }} | |
| path: release/ | |
| retention-days: 5 | |
| windows-build: | |
| name: Build Windows binaries | |
| # allow fors to opt-out of time-consuming Windows builds | |
| if: vars.ZITI_SKIP_WINDOWS_BUILD != 'true' | |
| runs-on: windows-2019 | |
| steps: | |
| - name: Git Checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - name: Install Go | |
| uses: actions/setup-go@v4 | |
| with: | |
| go-version: '1.20.x' | |
| - name: Install Ziti CI | |
| uses: openziti/ziti-ci@v1 | |
| - name: Build and Test | |
| shell: bash | |
| run: | | |
| go install github.com/mitchellh/gox@latest | |
| $(go env GOPATH)/bin/ziti-ci generate-build-info common/version/info_generated.go version | |
| $(go env GOPATH)/bin/gox -cgo -os=windows -arch=amd64 -output=$GOX_OUTPUT ./... | |
| - name: Upload artifacts | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: windows-release-${{ github.run_id }} | |
| path: release/ | |
| retention-days: 5 | |
| linux-build: | |
| name: Build Linux binaries | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - name: Git Checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - name: Install Go | |
| uses: actions/setup-go@v4 | |
| with: | |
| go-version: '1.20.x' | |
| - name: Install Ziti CI | |
| uses: openziti/ziti-ci@v1 | |
| - name: Build and Test | |
| shell: bash | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get -yq install gcc-arm-linux-gnueabihf g++-arm-linux-gnueabihf gcc-aarch64-linux-gnu | |
| $(go env GOPATH)/bin/ziti-ci configure-git | |
| $(go env GOPATH)/bin/ziti-ci generate-build-info common/version/info_generated.go version | |
| go install github.com/mitchellh/gox@latest | |
| $(go env GOPATH)/bin/gox -cgo -os=linux -arch=amd64 -output=$GOX_OUTPUT ./... | |
| CC=arm-linux-gnueabihf-gcc $(go env GOPATH)/bin/gox -cgo -os=linux -arch=arm -output=$GOX_OUTPUT ./... | |
| CC=aarch64-linux-gnu-gcc $(go env GOPATH)/bin/gox -cgo -os=linux -arch=arm64 -output=$GOX_OUTPUT ./... | |
| - name: Upload artifacts | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: linux-release-${{ github.run_id }} | |
| path: release/ | |
| retention-days: 5 | |
| fablab-smoketest: | |
| name: Fablab Smoketest | |
| # not applicable to forks. shouldn't run on release build | |
| if: github.repository_owner == 'openziti' && github.ref != 'refs/heads/main' | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - name: Git Checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - name: Install Go | |
| uses: actions/setup-go@v4 | |
| with: | |
| go-version: '1.20.x' | |
| - name: Install Ziti CI | |
| uses: openziti/ziti-ci@v1 | |
| - name: Build and Test | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| ziti_ci_gpg_key: ${{ secrets.ZITI_CI_GPG_KEY }} | |
| ziti_ci_gpg_key_id: ${{ secrets.ZITI_CI_GPG_KEY_ID }} | |
| run: | | |
| $(go env GOPATH)/bin/ziti-ci configure-git | |
| $(go env GOPATH)/bin/ziti-ci generate-build-info common/version/info_generated.go version | |
| pushd zititest && go install ./... && popd | |
| go install -tags=all,tests ./... | |
| - name: Create Test Environment | |
| run: | | |
| echo "ZITI_ROOT=$(go env GOPATH)/bin" >> "$GITHUB_ENV" | |
| $(go env GOPATH)/bin/simple-transfer create -d simple-transfer-${GITHUB_RUN_NUMBER} -n simple-transfer-${GITHUB_RUN_NUMBER} -l environment=gh,ziti_version=$($(go env GOPATH)/bin/ziti-ci -q get-current-version) | |
| $(go env GOPATH)/bin/simple-transfer up | |
| - name: Test Ziti Command | |
| run: | | |
| echo "ZITI_ROOT=$(go env GOPATH)/bin" >> "$GITHUB_ENV" | |
| pushd zititest && go test -timeout 30m -v ./tests/... 2>&1 | tee test.out && popd | |
| - name: Create fablab instance archive | |
| if: always() | |
| env: | |
| FABLAB_PASSPHRASE: ${{ secrets.FABLAB_PASSPHRASE }} | |
| run: | | |
| cp $(go env GOPATH)/bin/simple-transfer simple-transfer-${GITHUB_RUN_NUMBER} | |
| cp ~/.fablab/config.yml simple-transfer-${GITHUB_RUN_NUMBER}/ | |
| tar --exclude *terraform-provider-aws* -czvf - simple-transfer-${GITHUB_RUN_NUMBER}/ | gpg --symmetric --cipher-algo aes256 --batch --quiet --passphrase ${FABLAB_PASSPHRASE} -o simple-transfer-${GITHUB_RUN_NUMBER}.tar.gz.gpg | |
| aws s3 cp ./simple-transfer-${GITHUB_RUN_NUMBER}.tar.gz.gpg s3://ziti-smoketest-fablab-instances/ | |
| - name: Test Report Generation | |
| if: always() | |
| run: | | |
| go install github.com/jstemmer/go-junit-report/v2@latest | |
| $(go env GOPATH)/bin/go-junit-report -in zititest/test.out -out test-report.xml | |
| - name: Test Summary | |
| uses: test-summary/action@v2 | |
| with: | |
| paths: | | |
| test-report.xml | |
| show: "fail, skip" | |
| if: always() | |
| # END linux-build-steps | |
| fablab-smoketest-teardown: | |
| name: Teardown SmokeTest | |
| if: always() | |
| runs-on: ubuntu-20.04 | |
| needs: [ fablab-smoketest ] | |
| steps: | |
| - name: Sleep If Failed | |
| if: needs.fablab-smoketest.result != 'success' && needs.fablab-smoketest.result != 'skipped' | |
| run: | | |
| sleep 30m | |
| - name: Teardown Test Environment | |
| if: always() && needs.fablab-smoketest.result != 'skipped' | |
| env: | |
| FABLAB_PASSPHRASE: ${{ secrets.FABLAB_PASSPHRASE }} | |
| run: | | |
| aws s3 cp s3://ziti-smoketest-fablab-instances/simple-transfer-${GITHUB_RUN_NUMBER}.tar.gz.gpg . | |
| gpg --quiet --batch --yes --decrypt --passphrase=${FABLAB_PASSPHRASE} --output simple-transfer-${GITHUB_RUN_NUMBER}.tar.gz simple-transfer-${GITHUB_RUN_NUMBER}.tar.gz.gpg | |
| tar -xzf simple-transfer-${GITHUB_RUN_NUMBER}.tar.gz | |
| ./simple-transfer-${GITHUB_RUN_NUMBER}/simple-transfer import simple-transfer-${GITHUB_RUN_NUMBER} | |
| ./simple-transfer-${GITHUB_RUN_NUMBER}/simple-transfer dispose | |
| aws s3 rm s3://ziti-smoketest-fablab-instances/simple-transfer-${GITHUB_RUN_NUMBER}.tar.gz.gpg | |
| publish: | |
| name: Publish Binaries | |
| # - always() allows evaluating further conditional expressions even if | |
| # needed jobs were skipped | |
| if: | | |
| always() | |
| && (needs.mac-os-build.result == 'success' || needs.mac-os-build.result == 'skipped') | |
| && (needs.windows-build.result == 'success' || needs.windows-build.result == 'skipped') | |
| && (needs.fablab-smoketest.result == 'success' || needs.fablab-smoketest.result == 'skipped') | |
| runs-on: ubuntu-20.04 | |
| needs: [ linux-build, mac-os-build, windows-build, fablab-smoketest ] | |
| outputs: | |
| ZITI_VERSION: ${{ steps.get_version.outputs.ZITI_VERSION }} | |
| steps: | |
| - name: Git Checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - name: Install Go | |
| uses: actions/setup-go@v4 | |
| with: | |
| go-version: '1.20.x' | |
| - name: Install Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.7' | |
| - name: Install Ziti CI | |
| uses: openziti/ziti-ci@v1 | |
| - name: Download linux release artifact | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: linux-release-${{ github.run_id }} | |
| path: release/ | |
| - name: Download darwin release artifact | |
| if: needs.mac-os-build.result == 'success' | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: darwin-release-${{ github.run_id }} | |
| path: release/ | |
| - name: Download windows release artifact | |
| if: needs.windows-build.result == 'success' | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: windows-release-${{ github.run_id }} | |
| path: release/ | |
| - name: List downloaded release artifacts | |
| run: | | |
| ls -lAhR release/ | |
| - name: Restore execute filemode on macOS and Linux release artifacts before publishing | |
| run: | | |
| find ./release \ | |
| -type f \ | |
| -print0 \ | |
| -path "./release/*/darwin/ziti" \ | |
| -o \ | |
| -path "./release/*/linux/ziti" \ | |
| | xargs -0 chmod -c +x | |
| - name: Install Jfrog CLI | |
| uses: jfrog/setup-jfrog-cli@v3 | |
| with: | |
| version: 1.51.1 | |
| - name: Publish GitHub Release | |
| # forks need to run this step with their own GPG key because ziti-ci creates the GH release | |
| if: env.ziti_ci_gpg_key_id != null && (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/release-v')) | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| ziti_ci_gpg_key: ${{ secrets.ZITI_CI_GPG_KEY }} | |
| ziti_ci_gpg_key_id: ${{ secrets.ZITI_CI_GPG_KEY_ID }} | |
| run: | | |
| $(go env GOPATH)/bin/ziti-ci configure-git | |
| $(go env GOPATH)/bin/ziti-ci tag -v -f version | |
| $(go env GOPATH)/bin/ziti-ci publish-to-github --archive-base "" | |
| # only ziti-ci computed version for release branches and {version}-{run_id} for non-release branches | |
| - name: Compute the Ziti Version String for CI Jobs | |
| id: get_version | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| GITHUB_REF: ${{ github.ref }} | |
| GITHUB_RUN_ID: ${{ github.run_id }} | |
| run: | | |
| ZITI_VERSION="$($(go env GOPATH)/bin/ziti-ci -q get-current-version)" | |
| # drop the leading 'v', if any | |
| ZITI_VERSION=${ZITI_VERSION#v} | |
| if ! [[ "${ZITI_VERSION}" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then | |
| # fail the job because we could not obtain the current version from ziti-ci | |
| echo "ERROR: ZITI_VERSION=${ZITI_VERSION} is not a semver" | |
| exit 1 | |
| elif [[ "${GITHUB_REF}" =~ ^refs/heads/(release-v|main$) ]]; then | |
| # Set output parameters for release branches | |
| echo "DEBUG: ZITI_VERSION=${ZITI_VERSION}" | |
| echo ZITI_VERSION="${ZITI_VERSION}" >> $GITHUB_OUTPUT | |
| else | |
| # Append build / run number for non-release refs | |
| ZITI_VERSION="${ZITI_VERSION}-${GITHUB_RUN_ID}" | |
| echo "DEBUG: ZITI_VERSION=${ZITI_VERSION}" | |
| echo ZITI_VERSION="${ZITI_VERSION}" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Publish to Artifactory | |
| if: ${{ env.JFROG_API_KEY != null && github.repository == 'openziti/ziti' }} | |
| run: | | |
| $(go env GOPATH)/bin/ziti-ci publish-to-artifactory | |
| env: | |
| JFROG_API_KEY: ${{ secrets.JFROG_API_KEY }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| jenkins-smoketest: | |
| # BEGIN smoketest-job | |
| # | |
| # Any event that triggers this main workflow also triggers the smoketest | |
| # | |
| needs: publish | |
| name: Call the On-Demand Smoketest Workflow | |
| # not applicable to forks | |
| if: github.repository_owner == 'openziti' | |
| uses: ./.github/workflows/jenkins-smoketest.yml | |
| secrets: inherit | |
| with: | |
| ziti-version: ${{ needs.publish.outputs.ZITI_VERSION }} | |
| call-publish-prerelease-docker-images: | |
| # always() re-enables evaluating conditionals in forks even if Windows or | |
| # macOS builds were skipped | |
| if: | | |
| always() | |
| && needs.publish.result == 'success' | |
| && github.ref == 'refs/heads/release-next' | |
| name: Publish Pre-Release Docker Images | |
| needs: publish | |
| uses: ./.github/workflows/publish-docker-images.yml | |
| secrets: inherit | |
| with: | |
| ziti-version: release-next | |
| call-publish-release-docker-images: | |
| # always() re-enables evaluating conditionals in forks even if Windows or | |
| # macOS builds were skipped | |
| if: | | |
| always() | |
| && needs.publish.result == 'success' | |
| && github.ref == 'refs/heads/main' | |
| name: Publish Release Docker Images | |
| needs: publish | |
| uses: ./.github/workflows/publish-docker-images.yml | |
| secrets: inherit | |
| with: | |
| ziti-version: ${{ needs.publish.outputs.ZITI_VERSION }} |