Merge pull request #2259 from openziti/release-next

finalize default branch switch to main
openziti · Jul 25, 2024 · 3ab88d4 · 3ab88d4
2 parents 94013fe + 6f6163a
commit 3ab88d4
Show file tree

Hide file tree

Showing 83 changed files with 5,595 additions and 2,979 deletions.
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -13,7 +13,7 @@ name: "CodeQL"
 
 on:
   push:
-    branches: [ "release-next", "*codeql*" ]
+    branches: [ "main", "*codeql*" ]
   schedule:
     - cron: '36 20 * * 3'
 

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -5,7 +5,6 @@ on:
     branches:
       - main
       - release-v*
-      - release-next
   pull_request:
   workflow_dispatch:
 
@@ -480,7 +479,7 @@ jobs:
           echo "DEBUG: GITHUB_REPOSITORY=${GITHUB_REPOSITORY} GITHUB_REF=${GITHUB_REF} GITHUB_RUN_ID=${GITHUB_RUN_ID}"
           (set -x; git remote -v show;)
 
-          # compute next patch level for non-release branches
+          # compute next release candidate version on non-release branches
           ZITI_VERSION="$($(go env GOPATH)/bin/ziti-ci -q get-next-version ${ZITI_BASE_VERSION:+--base-version $ZITI_BASE_VERSION})"
 
           validateSemver "${ZITI_VERSION}"
@@ -496,26 +495,25 @@ jobs:
     if: ${{
       !cancelled()
       && needs.publish.result == 'success'
-      && github.ref == 'refs/heads/release-next'
+      && github.ref == 'refs/heads/main'
       }}
-    name: Publish Release Next Docker Images
+    name: Publish Release Candidate Docker Images
     needs: publish
     uses: ./.github/workflows/publish-docker-images.yml
     secrets: inherit
     with:
-      ziti-tag: release-next
+      ziti-tag: main
 
-  # call on release-next and release branches to publish linux packages to
-  # "testing" and "release" package repos in Artifactory
+  # call on default branch "main" to publish linux packages to "testing" package repos in Artifactory
   call-publish-linux-packages:
     # - !cancelled() allows evaluating further conditional expressions even if
     #   needed jobs were skipped
     if: ${{
       !cancelled()
       && needs.publish.result == 'success'
-      && github.ref == 'refs/heads/release-next'
+      && github.ref == 'refs/heads/main'
       }}
-    name: Publish Release Next Linux Packages
+    name: Publish Release Candidate Linux Packages
     needs: publish
     uses: ./.github/workflows/publish-linux-packages.yml
     secrets: inherit

diff --git a/.github/workflows/publish-docker-images.yml b/.github/workflows/publish-docker-images.yml
@@ -51,10 +51,8 @@ jobs:
         id: tagprep_cli
         shell: bash
         run: |
-          DOCKER_TAGS=""
           DOCKER_TAGS="${IMAGE_REPO}:${IMAGE_TAG}"
-          echo "DEBUG: DOCKER_TAGS=${DOCKER_TAGS}"
-          echo DOCKER_TAGS="${DOCKER_TAGS}" >> $GITHUB_OUTPUT
+          echo DOCKER_TAGS="${DOCKER_TAGS}" | tee -a $GITHUB_OUTPUT
 
       # this is the base image into which is stuffed the Linux binary for each
       # arch that was downloaded in ./release/, hence the need to specify the
@@ -78,10 +76,8 @@ jobs:
         id: tagprep_ctrl
         shell: bash
         run: |
-          DOCKER_TAGS=""
           DOCKER_TAGS="${IMAGE_REPO}:${IMAGE_TAG}"
-          echo "DEBUG: DOCKER_TAGS=${DOCKER_TAGS}"
-          echo DOCKER_TAGS="${DOCKER_TAGS}" >> $GITHUB_OUTPUT
+          echo DOCKER_TAGS="${DOCKER_TAGS}" | tee -a $GITHUB_OUTPUT
 
       # This is a use-case image based on the minimal CLI image. It needs the
       # ZITI_CLI_TAG env var so it can build from the versioned image that
@@ -107,7 +103,6 @@ jobs:
         id: tagprep_router
         shell: bash
         run: |
-          DOCKER_TAGS=""
           DOCKER_TAGS="${IMAGE_REPO}:${IMAGE_TAG}"
           echo DOCKER_TAGS="${DOCKER_TAGS}" | tee -a $GITHUB_OUTPUT
 
@@ -129,17 +124,11 @@ jobs:
         env:
           IMAGE_REPO: ${{ env.ZITI_TUNNEL_IMAGE }}
           IMAGE_TAG: ${{ env.ZITI_CLI_TAG }}
-          LEGACY_REPO: netfoundry/ziti-tunnel
         id: tagprep_tun
         shell: bash
         run: |
-          DOCKER_TAGS=""
-          for REPO in ${LEGACY_REPO} ${IMAGE_REPO}; do
-            DOCKER_TAGS="${IMAGE_REPO}:${IMAGE_TAG}"
-          done
-          DOCKER_TAGS=${DOCKER_TAGS#,} # drop leading comma char
-          echo "DEBUG: DOCKER_TAGS=${DOCKER_TAGS}"
-          echo DOCKER_TAGS="${DOCKER_TAGS}" >> $GITHUB_OUTPUT
+          DOCKER_TAGS="${IMAGE_REPO}:${IMAGE_TAG}"
+          echo DOCKER_TAGS="${DOCKER_TAGS}" | tee -a $GITHUB_OUTPUT
 
       - name: Build & Push Multi-Platform Go Tunneler Container Image to Hub
         uses: docker/build-push-action@v6

diff --git a/.github/workflows/release-quickstart.yml b/.github/workflows/release-quickstart.yml
@@ -5,21 +5,19 @@ on:
       - closed
     branches:
       - main
-      - release-v*
-      - release-next
+  push:
+    tags:
+      - 'v*.*.*'
 
 jobs:
   release-quickstart:
     name: Release Quickstart Job
-    # when the ref is release-next the label "quickstartrelease" must be present on the PR for this job to run, and when
-    # the ref is a release branch the label is not required
-    if: |
-      github.repository_owner == 'openziti'
-      && github.event.pull_request.merged == true
-      && (
-        github.ref != 'refs/heads/release-next'
-        || contains(github.event.pull_request.labels.*.name, 'quickstartrelease')
-      )
+    # this is only run on the official upstream repo when a PR is merged to the default branch "main" or a release tag
+    # is pushed; merges to main trigger a quickstart release with a commit SHA suffix featuring the previous ziti binary
+    # release version, whereas release tag pushes trigger a quickstart release with the same tag name and the same ziti
+    # binary release version
+    if: github.repository_owner == 'openziti' 
+        && ( github.event.pull_request.merged == true || startsWith(github.ref_name, 'v') )
     runs-on: ubuntu-latest
     env:
       ZITI_QUICKSTART_IMAGE: ${{ vars.ZITI_QUICKSTART_IMAGE || 'docker.io/openziti/quickstart' }}
@@ -76,48 +74,56 @@ jobs:
         id: get_version
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_REF_NAME: ${{ github.ref_name }}
         shell: bash
         run: |
-          QUICKSTART_VERSION="$($(go env GOPATH)/bin/ziti-ci -q get-current-version)"
-          # drop the leading 'v', if any
-          QUICKSTART_VERSION=${QUICKSTART_VERSION#v}
-          if ! [[ "${QUICKSTART_VERSION}" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
-            # fail the job because we could not obtain the current version from ziti-ci
-            echo "ERROR: QUICKSTART_VERSION=${QUICKSTART_VERSION} is not a semver"
-            exit 1
-          elif [[ "${GITHUB_REF}" =~ ^refs/heads/(release-v|main$) ]]; then
-            # Set output parameters for release branches
-            echo "DEBUG: QUICKSTART_VERSION=${QUICKSTART_VERSION}"
-            echo QUICKSTART_VERSION="${QUICKSTART_VERSION}" >> $GITHUB_OUTPUT
-          else
-            # Append short sha for non-Ziti-release refs to identify quickstart docker images
-            # shipped from release-next
+          function validateSemver() {
+            if ! [[ "${1}" =~ ^v?[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+              echo "ERROR: ${1} is not a release semver" >&2
+              return 1
+            fi
+          }
+
+          if [[ "${GITHUB_REF_NAME}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+            # Set output parameters for release tags
+            echo QUICKSTART_VERSION="${GITHUB_REF_NAME}" | tee -a $GITHUB_OUTPUT
+
+          elif [[ "${GITHUB_REF_NAME}" =~ ^main$ ]]; then
+            # compute the latest release version to install in the quickstart image
+            QUICKSTART_VERSION="$($(go env GOPATH)/bin/ziti-ci -q get-current-version ${ZITI_BASE_VERSION:+--base-version $ZITI_BASE_VERSION})"
+
+            # drop the leading 'v', if any
+            QUICKSTART_VERSION=${QUICKSTART_VERSION#v}
+
+            validateSemver "${QUICKSTART_VERSION}"
+
+            # Append short SHA to identify quickstart docker images shipped on merge to main
             QUICKSTART_VERSION="${QUICKSTART_VERSION}-$(git rev-parse --short ${GITHUB_SHA})"
-            echo "DEBUG: QUICKSTART_VERSION=${QUICKSTART_VERSION}"
-            echo QUICKSTART_VERSION="${QUICKSTART_VERSION}" >> $GITHUB_OUTPUT
+
+            echo QUICKSTART_VERSION="${QUICKSTART_VERSION}" | tee -a $GITHUB_OUTPUT
+
+          else
+            echo "ERROR: Unexpected GITHUB_REF_NAME=${GITHUB_REF_NAME}" >&2
+            exit 1
           fi
 
           # configure the env var used by the quickstart's Dockerfile to download the correct version of ziti for the
           # target architecture of each image build by trimming the hyphenated short sha suffix so that the preceding
           # release version of the ziti executable is installed in the quickstart container image
           ZITI_OVERRIDE_VERSION=${QUICKSTART_VERSION%-*}
-          echo "DEBUG: ZITI_OVERRIDE_VERSION=${ZITI_OVERRIDE_VERSION}"
-          echo ZITI_OVERRIDE_VERSION="${ZITI_OVERRIDE_VERSION}" >> $GITHUB_OUTPUT
+          echo ZITI_OVERRIDE_VERSION="${ZITI_OVERRIDE_VERSION}" | tee -a $GITHUB_OUTPUT
 
-      # This container differs in that :latest is pushed from branch release-next in addition to main and hotfix
-      # branches like releasev1.2.x. See https://github.com/openziti/ziti/issues/898
+      # container image tag :latest is published on merge to default branch "main" and on release tags
       - name: Configure Quickstart Container
         env:
           IMAGE_REPO: ${{ env.ZITI_QUICKSTART_IMAGE }}
           IMAGE_TAG:  ${{ steps.get_version.outputs.QUICKSTART_VERSION }}
         id: tagprep_qs
         shell: bash
         run: |
-          DOCKER_TAGS=""
           DOCKER_TAGS="${IMAGE_REPO}:${IMAGE_TAG}"
           DOCKER_TAGS+=",${IMAGE_REPO}:latest"
-          echo "DEBUG: DOCKER_TAGS=${DOCKER_TAGS}"
-          echo DOCKER_TAGS="${DOCKER_TAGS}" >> $GITHUB_OUTPUT
+          echo DOCKER_TAGS="${DOCKER_TAGS}" | tee -a $GITHUB_OUTPUT
 
       - name: Build & Push Multi-Platform Quickstart Container Image to Hub
         uses: docker/build-push-action@v6

diff --git a/.github/workflows/release-validation.yml b/.github/workflows/release-validation.yml
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -3,7 +3,7 @@ name: release
 on:
   push:
     tags:
-      - v*
+      - 'v*.*.*'
   workflow_dispatch:
 
 env:
@@ -248,8 +248,7 @@ jobs:
     with:
       ziti-tag: ${{ needs.publish.outputs.ZITI_VERSION }}
 
-  # call on release-next and release branches to publish linux packages to
-  # "testing" and "release" package repos in Artifactory
+  # call on release tags to publish linux packages to "release" package repos in Artifactory
   call-publish-linux-packages:
     # - !cancelled() allows evaluating further conditional expressions even if
     #   needed jobs were skipped