diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index a07f66adc3..5fef32969c 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -29,6 +29,7 @@ env: CONSUL_ENDPOINT: ${{ secrets.CONSUL_ENDPOINT }} CONSUL_AGENT_CERT: ${{ secrets.CONSUL_AGENT_CERT }} BUILD_NUMBER: ${{ format('{0}-{1}-{2}', github.run_id, github.run_number, github.run_attempt) }} + ZITI_BASE_VERSION: ${{ vars.ZITI_BASE_VERSION || null }} jobs: @@ -122,7 +123,7 @@ jobs: sudo apt-get update sudo apt-get -yq install gcc-arm-linux-gnueabihf g++-arm-linux-gnueabihf gcc-aarch64-linux-gnu $(go env GOPATH)/bin/ziti-ci configure-git - $(go env GOPATH)/bin/ziti-ci generate-build-info common/version/info_generated.go version + $(go env GOPATH)/bin/ziti-ci generate-build-info common/version/info_generated.go version ${ZITI_BASE_VERSION:+--base-version $ZITI_BASE_VERSION} go install github.com/mitchellh/gox@latest $(go env GOPATH)/bin/gox -cgo -os=linux -arch=amd64 -output=$GOX_OUTPUT ./... CC=arm-linux-gnueabihf-gcc $(go env GOPATH)/bin/gox -cgo -os=linux -arch=arm -output=$GOX_OUTPUT ./... @@ -472,11 +473,11 @@ jobs: shell: bash run: | $(go env GOPATH)/bin/ziti-ci configure-git - $(go env GOPATH)/bin/ziti-ci tag -v -f version + $(go env GOPATH)/bin/ziti-ci tag -v -f version ${ZITI_BASE_VERSION:+--base-version $ZITI_BASE_VERSION} $(go env GOPATH)/bin/ziti-ci publish-to-github --prerelease --archive-base "" # only ziti-ci computed version for release branches and {version}-{run_id} for non-release branches - - name: Compute the Ziti Version String for CI Jobs + - name: Compute the Ziti Version String used for Linux Packages and Container Image Tags id: get_version env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -484,22 +485,36 @@ jobs: GITHUB_RUN_ID: ${{ github.run_id }} shell: bash run: | - ZITI_VERSION="$($(go env GOPATH)/bin/ziti-ci -q get-current-version)" - # drop the leading 'v', if any - ZITI_VERSION=${ZITI_VERSION#v} - if ! [[ "${ZITI_VERSION}" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then - # fail the job because we could not obtain the current version from ziti-ci - echo "ERROR: ZITI_VERSION=${ZITI_VERSION} is not a semver" - exit 1 - elif [[ "${GITHUB_REF}" =~ ^refs/heads/(release-v|main$) ]]; then - # Set output parameters for release branches - echo ZITI_VERSION="${ZITI_VERSION}" | tee -a $GITHUB_OUTPUT + function validateSemver() { + if ! [[ "${1}" =~ ^v?[0-9]+\.[0-9]+\.[0-9]+$ ]]; then + echo "ERROR: ${1} is not a release semver" >&2 + return 1 + fi + } + + echo "DEBUG: GITHUB_REPOSITORY=${GITHUB_REPOSITORY} GITHUB_REF=${GITHUB_REF} GITHUB_RUN_ID=${GITHUB_RUN_ID}" + (set -x; git remote -v show;) + + if [[ "${GITHUB_REF}" =~ ^refs/heads/(release-v|main$) ]]; then + # Set current tag as semver for release branches + ZITI_VERSION="$($(go env GOPATH)/bin/ziti-ci -q get-current-version)" + + validateSemver "${ZITI_VERSION}" + + # drop the leading 'v', if any + ZITI_VERSION=${ZITI_VERSION#v} else - # Append build / run number for non-release refs - ZITI_VERSION="${ZITI_VERSION}-${GITHUB_RUN_ID}" - echo ZITI_VERSION="${ZITI_VERSION}" | tee -a $GITHUB_OUTPUT + # compute next patch level for non-release branches + ZITI_VERSION="$($(go env GOPATH)/bin/ziti-ci -q get-next-version)" + + validateSemver "${ZITI_VERSION}" + + # drop the leading 'v', if any, and append run id + ZITI_VERSION=${ZITI_VERSION#v}-${GITHUB_RUN_ID} fi + echo ZITI_VERSION="${ZITI_VERSION}" | tee -a $GITHUB_OUTPUT + call-publish-prerelease-docker-images: # - !cancelled() allows evaluating further conditional expressions even if # needed jobs were skipped diff --git a/.github/workflows/promote-downstreams.yml b/.github/workflows/promote-downstreams.yml new file mode 100644 index 0000000000..9183edda15 --- /dev/null +++ b/.github/workflows/promote-downstreams.yml @@ -0,0 +1,132 @@ +name: Promote Downstream Releases + +on: + # may be triggered manually on a release tag that represents a prerelease to promote it to a release in the downstream package repositories and Docker Hub + workflow_dispatch: + # automatically trigger if an existing GitHub release is marked "latest" + release: + types: [released] # this release event activity type excludes prereleases + +# cancel older, redundant runs of same workflow on same branch +concurrency: + group: ${{ github.workflow }}-${{ github.head_ref || github.ref_name }} + cancel-in-progress: true + +env: + RELEASE_REF: ${{ github.ref}} + +jobs: + wait_for_release: + name: Wait for Release Builds to Succeed + runs-on: ubuntu-latest + steps: + - name: Debug action + uses: hmarr/debug-action@v3 + + - name: Wait for all checks on this ref + uses: lewagon/wait-on-check-action@v1.3.1 + with: + ref: ${{ env.RELEASE_REF }} + repo-token: ${{ secrets.GITHUB_TOKEN }} + # seconds between polling the checks api for job statuses + wait-interval: 20 + # confusingly, this means "pause this step until all jobs from all workflows in same run have completed" + running-workflow-name: Wait for Release Builds to Succeed + + parse_version: + needs: wait_for_release + name: Parse Release Version + runs-on: ubuntu-latest + outputs: + version: ${{ steps.parse.outputs.version }} + steps: + - name: Parse Release Version + id: parse + shell: bash + run: | + if [[ "${RELEASE_REF}" =~ ^refs\/tags\/v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then + echo "RELEASE_REF=${RELEASE_REF} is a semver release ref" + echo "version=${RELEASE_REF#refs/tags/v}" | tee -a $GITHUB_OUTPUT + else + echo "RELEASE_REF=${RELEASE_REF} is not a semver release ref" >&2 + exit 1 + fi + + promote_docker: + name: Promote Container Images to Latest in Docker Hub + needs: parse_version + runs-on: ubuntu-latest + strategy: + fail-fast: true + matrix: + image: + - repo: ${{ vars.ZITI_CLI_IMAGE || 'docker.io/openziti/ziti-cli' }} + - repo: ${{ vars.ZITI_CONTROLLER_IMAGE || 'docker.io/openziti/ziti-controller' }} + - repo: ${{ vars.ZITI_ROUTER_IMAGE || 'docker.io/openziti/ziti-router' }} + - repo: ${{ vars.ZITI_TUNNEL_IMAGE || 'docker.io/openziti/ziti-tunnel' }} + steps: + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ vars.DOCKER_HUB_API_USER || secrets.DOCKER_HUB_API_USER }} + password: ${{ secrets.DOCKER_HUB_API_TOKEN }} + + - name: Tag Latest + shell: bash + run: > + docker buildx imagetools create --tag + ${{ matrix.image.repo }}:latest + ${{ matrix.image.repo }}:${{ needs.parse_version.outputs.version }} + + promote_artifactory: + name: Promote Linux Packages to Stable Repositories in Artifactory + needs: parse_version + strategy: + fail-fast: true + matrix: + package_name: + - openziti + - openziti-controller + - openziti-router + arch: + - deb: amd64 + rpm: x86_64 + - deb: arm64 + rpm: aarch64 + - deb: armv7 + rpm: armv7 + nfpm_packager: + - rpm + - deb + name: ${{ matrix.package_name }} ${{ matrix.arch.rpm }} ${{ matrix.nfpm_packager }} + runs-on: ubuntu-latest + env: + ZITI_DEB_TEST_REPO: ${{ vars.ZITI_DEB_TEST_REPO || 'zitipax-openziti-deb-test' }} + ZITI_RPM_TEST_REPO: ${{ vars.ZITI_RPM_TEST_REPO || 'zitipax-openziti-rpm-test' }} + ZITI_DEB_PROD_REPO: ${{ vars.ZITI_DEB_PROD_REPO || 'zitipax-openziti-deb-stable' }} + ZITI_RPM_PROD_REPO: ${{ vars.ZITI_RPM_PROD_REPO || 'zitipax-openziti-rpm-stable' }} + steps: + - name: Configure jFrog CLI + uses: jfrog/setup-jfrog-cli@v4 + env: + JF_ENV_1: ${{ secrets.ZITI_ARTIFACTORY_CLI_CONFIG_PACKAGE_UPLOAD }} + + - name: Copy RPM from test repo to stable repo with jFrog CLI + if: matrix.package_name == 'rpm' + shell: bash + run: > + jf rt copy + --recursive=false + --flat=true + ${{ env.ZITI_RPM_TEST_REPO }}/redhat/${{ matrix.arch.rpm }}/${{ matrix.package_name }}-${{ needs.parse_version.outputs.version }}.${{ matrix.arch.rpm }}.rpm + ${{ env.ZITI_RPM_PROD_REPO }}/redhat/${{ matrix.arch.rpm }}/ + + - name: Copy DEB from test repo to stable repo with jFrog CLI + if: matrix.package_name == 'deb' + shell: bash + run: > + jf rt copy + --recursive=false + --flat=true + ${{ env.ZITI_DEB_TEST_REPO }}/pool/${{ matrix.package_name }}/${{ matrix.arch.deb }}/${{ matrix.package_name }}_${{ needs.parse_version.outputs.version }}_*.deb + ${{ env.ZITI_DEB_PROD_REPO }}/pool/${{ matrix.package_name }}/${{ matrix.arch.deb }}/ diff --git a/.github/workflows/publish-docker-images.yml b/.github/workflows/publish-docker-images.yml index 105e13ccd6..0b01ef352c 100644 --- a/.github/workflows/publish-docker-images.yml +++ b/.github/workflows/publish-docker-images.yml @@ -53,9 +53,6 @@ jobs: run: | DOCKER_TAGS="" DOCKER_TAGS="${IMAGE_REPO}:${IMAGE_TAG}" - if [[ "${{ github.ref }}" == "refs/heads/main" ]]; then - DOCKER_TAGS+=",${IMAGE_REPO}:latest" - fi echo "DEBUG: DOCKER_TAGS=${DOCKER_TAGS}" echo DOCKER_TAGS="${DOCKER_TAGS}" >> $GITHUB_OUTPUT @@ -83,9 +80,6 @@ jobs: run: | DOCKER_TAGS="" DOCKER_TAGS="${IMAGE_REPO}:${IMAGE_TAG}" - if [[ "${{ github.ref }}" == "refs/heads/main" ]]; then - DOCKER_TAGS+=",${IMAGE_REPO}:latest" - fi echo "DEBUG: DOCKER_TAGS=${DOCKER_TAGS}" echo DOCKER_TAGS="${DOCKER_TAGS}" >> $GITHUB_OUTPUT @@ -115,9 +109,6 @@ jobs: run: | DOCKER_TAGS="" DOCKER_TAGS="${IMAGE_REPO}:${IMAGE_TAG}" - if [[ "${{ github.ref }}" == "refs/heads/main" ]]; then - DOCKER_TAGS+=",${IMAGE_REPO}:latest" - fi echo DOCKER_TAGS="${DOCKER_TAGS}" | tee -a $GITHUB_OUTPUT - name: Build & Push Multi-Platform Router Container Image to Hub @@ -145,9 +136,6 @@ jobs: DOCKER_TAGS="" for REPO in ${LEGACY_REPO} ${IMAGE_REPO}; do DOCKER_TAGS="${IMAGE_REPO}:${IMAGE_TAG}" - if [[ "${{ github.ref }}" == "refs/heads/main" ]]; then - DOCKER_TAGS+=",${IMAGE_REPO}:latest" - fi done DOCKER_TAGS=${DOCKER_TAGS#,} # drop leading comma char echo "DEBUG: DOCKER_TAGS=${DOCKER_TAGS}" diff --git a/.github/workflows/publish-linux-packages.yml b/.github/workflows/publish-linux-packages.yml index dce5509739..f27352f6e2 100644 --- a/.github/workflows/publish-linux-packages.yml +++ b/.github/workflows/publish-linux-packages.yml @@ -4,7 +4,7 @@ on: workflow_call: inputs: ziti-version: - description: generated by 'ziti-ci get-current-version' + description: generated by ziti-ci type: string required: true @@ -44,9 +44,7 @@ jobs: GOARCH: ${{ matrix.arch.goreleaser }} MINIMUM_SYSTEMD_VERSION: 232 ZITI_DEB_TEST_REPO: ${{ vars.ZITI_DEB_TEST_REPO || 'zitipax-openziti-deb-test' }} - ZITI_DEB_PROD_REPO: ${{ vars.ZITI_DEB_PROD_REPO || 'zitipax-openziti-deb-stable' }} ZITI_RPM_TEST_REPO: ${{ vars.ZITI_RPM_TEST_REPO || 'zitipax-openziti-rpm-test' }} - ZITI_RPM_PROD_REPO: ${{ vars.ZITI_RPM_PROD_REPO || 'zitipax-openziti-rpm-stable' }} steps: - name: Checkout Workspace uses: actions/checkout@v4 @@ -93,7 +91,7 @@ jobs: JF_ENV_1: ${{ secrets.ZITI_ARTIFACTORY_CLI_CONFIG_PACKAGE_UPLOAD }} - name: Upload RPM to Artifactory testing repo - if: github.ref == 'refs/heads/release-next' && matrix.nfpm_packager == 'rpm' + if: matrix.nfpm_packager == 'rpm' shell: bash run: > jf rt upload @@ -102,19 +100,8 @@ jobs: --recursive=false --flat=true - - name: Upload RPM to Artifactory release repo - if: (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/release-v')) - && matrix.nfpm_packager == 'rpm' - shell: bash - run: > - jf rt upload - ./release/${{ matrix.package_name }}*.rpm - ${{ env.ZITI_RPM_PROD_REPO }}/redhat/${{ matrix.arch.rpm }}/ - --recursive=false - --flat=true - - name: Upload DEB to Artifactory testing repo - if: github.ref == 'refs/heads/release-next' && matrix.nfpm_packager == 'deb' + if: matrix.nfpm_packager == 'deb' shell: bash run: > jf rt upload @@ -123,15 +110,3 @@ jobs: --deb=debian/main/${{ matrix.arch.deb }} --recursive=false --flat=true - - - name: Upload DEB to Artifactory release repo - if: (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/release-v')) - && matrix.nfpm_packager == 'deb' - shell: bash - run: > - jf rt upload - ./release/${{ matrix.package_name }}*.deb - ${{ env.ZITI_DEB_PROD_REPO }}/pool/${{ matrix.package_name }}/${{ matrix.arch.deb }}/ - --deb=debian/main/${{ matrix.arch.deb }} - --recursive=false - --flat=true