Merge pull request #2380 from openziti/tidy-deps #627
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release Quickstart Workflow | |
| on: | |
| pull_request_target: | |
| types: | |
| - closed | |
| branches: | |
| - main | |
| push: | |
| tags: | |
| - 'v*.*.*' | |
| jobs: | |
| release-quickstart: | |
| name: Release Quickstart Job | |
| # this is only run on the official upstream repo when a PR is merged to the default branch "main" or a release tag | |
| # is pushed; merges to main trigger a quickstart release with a commit SHA suffix featuring the previous ziti binary | |
| # release version, whereas release tag pushes trigger a quickstart release with the same tag name and the same ziti | |
| # binary release version | |
| if: github.repository_owner == 'openziti' | |
| && ( | |
| startsWith(github.ref_name, 'v') | |
| || (github.event.pull_request.merged == true && contains(github.event.pull_request.labels.*.name, 'quickstartrelease')) | |
| ) | |
| runs-on: ubuntu-latest | |
| env: | |
| ZITI_QUICKSTART_IMAGE: ${{ vars.ZITI_QUICKSTART_IMAGE || 'docker.io/openziti/quickstart' }} | |
| # use github.ref, not github.head_ref, because this workflow should only run on merged PRs in the target/base | |
| # branch context, not the PR source branch | |
| GITHUB_REF: ${{ github.ref }} | |
| # user github.sha, not github.pull_request.head.sha, because this workflow should only run on merged PRs in the | |
| # target/base branch, not the PR source branch | |
| GITHUB_SHA: ${{ github.sha }} | |
| steps: | |
| - name: Debug action | |
| uses: hmarr/[email protected] | |
| - name: Wait for other builds to complete | |
| uses: lewagon/[email protected] | |
| with: | |
| ref: ${{ env.GITHUB_SHA }} | |
| repo-token: ${{ secrets.GITHUB_TOKEN }} | |
| # seconds between polling the checks api for job statuses | |
| wait-interval: 20 | |
| # confusingly, this means "pause this step until all jobs from all workflows in same run have completed" | |
| running-workflow-name: Release Quickstart Job | |
| - name: Checkout Workspace | |
| uses: actions/checkout@v4 | |
| - name: Install Go | |
| id: setup-go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version-file: ./go.mod | |
| - name: Install Ziti CI | |
| uses: openziti/ziti-ci@v1 | |
| - name: Set Up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| with: | |
| platforms: amd64,arm64 | |
| - name: Set Up Docker BuildKit | |
| id: buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| # it is preferable to obtain the username from a var so that | |
| # recurrences of the same string are not masked in CI output | |
| username: ${{ vars.DOCKER_HUB_API_USER || secrets.DOCKER_HUB_API_USER }} | |
| password: ${{ secrets.DOCKER_HUB_API_TOKEN }} | |
| - name: Compute the Ziti Quickstart Version String | |
| id: get_version | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| GITHUB_REF_NAME: ${{ github.ref_name }} | |
| shell: bash | |
| run: | | |
| function validateSemver() { | |
| if ! [[ "${1}" =~ ^v?[0-9]+\.[0-9]+\.[0-9]+$ ]]; then | |
| echo "ERROR: ${1} is not a release semver" >&2 | |
| return 1 | |
| fi | |
| } | |
| if [[ "${GITHUB_REF_NAME}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then | |
| # Set output parameters for release tags | |
| echo QUICKSTART_VERSION="${GITHUB_REF_NAME}" | tee -a $GITHUB_OUTPUT | |
| elif [[ "${GITHUB_REF_NAME}" =~ ^main$ ]]; then | |
| # compute the latest release version to install in the quickstart image | |
| QUICKSTART_VERSION="$($(go env GOPATH)/bin/ziti-ci -q get-current-version ${ZITI_BASE_VERSION:+--base-version $ZITI_BASE_VERSION})" | |
| # drop the leading 'v', if any | |
| QUICKSTART_VERSION=${QUICKSTART_VERSION#v} | |
| validateSemver "${QUICKSTART_VERSION}" | |
| # Append short SHA to identify quickstart docker images shipped on merge to main | |
| QUICKSTART_VERSION="${QUICKSTART_VERSION}-$(git rev-parse --short ${GITHUB_SHA})" | |
| echo QUICKSTART_VERSION="${QUICKSTART_VERSION}" | tee -a $GITHUB_OUTPUT | |
| else | |
| echo "ERROR: Unexpected GITHUB_REF_NAME=${GITHUB_REF_NAME}" >&2 | |
| exit 1 | |
| fi | |
| # configure the env var used by the quickstart's Dockerfile to download the correct version of ziti for the | |
| # target architecture of each image build by trimming the hyphenated short sha suffix so that the preceding | |
| # release version of the ziti executable is installed in the quickstart container image | |
| ZITI_OVERRIDE_VERSION=${QUICKSTART_VERSION%-*} | |
| echo ZITI_OVERRIDE_VERSION="${ZITI_OVERRIDE_VERSION}" | tee -a $GITHUB_OUTPUT | |
| # container image tag :latest is published on merge to default branch "main" and on release tags | |
| - name: Configure Quickstart Container | |
| env: | |
| IMAGE_REPO: ${{ env.ZITI_QUICKSTART_IMAGE }} | |
| IMAGE_TAG: ${{ steps.get_version.outputs.QUICKSTART_VERSION }} | |
| id: tagprep_qs | |
| shell: bash | |
| run: | | |
| DOCKER_TAGS="${IMAGE_REPO}:${IMAGE_TAG}" | |
| DOCKER_TAGS+=",${IMAGE_REPO}:latest" | |
| echo DOCKER_TAGS="${DOCKER_TAGS}" | tee -a $GITHUB_OUTPUT | |
| - name: Build & Push Multi-Platform Quickstart Container Image to Hub | |
| uses: docker/build-push-action@v6 | |
| with: | |
| builder: ${{ steps.buildx.outputs.name }} | |
| context: ${{ github.workspace }}/quickstart/docker/image | |
| platforms: linux/amd64,linux/arm64 | |
| tags: ${{ steps.tagprep_qs.outputs.DOCKER_TAGS }} | |
| build-args: | | |
| ZITI_VERSION_OVERRIDE=${{ steps.get_version.outputs.ZITI_VERSION_OVERRIDE }} | |
| push: true | |
| - name: Configure Python | |
| shell: bash | |
| run: | | |
| pip install --requirement ./dist/cloudfront/get.openziti.io/requirements.txt | |
| python --version | |
| - name: Deploy the CloudFront Function for get.openziti.io | |
| shell: bash | |
| run: python ./dist/cloudfront/get.openziti.io/deploy-cloudfront-function.py | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| AWS_REGION: ${{ vars.AWS_REGION || secrets.AWS_REGION }} |