Merge pull request #2037 from openziti/release-next

Release v1.1.2
openziti · May 30, 2024 · 82c4a71 · 82c4a71
2 parents 20abb02 + dd4ac02
commit 82c4a71
Show file tree

Hide file tree

Showing 133 changed files with 2,445 additions and 1,218 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -37,3 +37,17 @@ updates:
         - "major"
         - "minor"
         - "patch"
+
+# bump the console SPA version that is built in to the controller image
+- package-ecosystem: docker
+  directory: "/dist/docker-images/ziti-controller"
+  schedule:
+    interval: weekly
+  open-pull-requests-limit: 10
+  groups:
+    all:
+      applies-to: version-updates
+      update-types:
+        - "major"
+        - "minor"
+        - "patch"
diff --git a/.github/workflows/fablab-db-creation.yml b/.github/workflows/fablab-db-creation.yml
@@ -24,8 +24,6 @@ jobs:
     steps:
       - name: Checkout ziti
         uses: actions/checkout@v4
-        with:
-          path: ziti
 
       - name: Install Go
         id: setup-go
@@ -38,19 +36,17 @@ jobs:
 
       - name: Configure Git
         run: |
-          cd ziti
           $(go env GOPATH)/bin/ziti-ci configure-git
 
       - name: Pull ZITI_VERSION and set as $GITHUB_ENV for use with fablab
         run: |
-          cd ziti
           version="$($(go env GOPATH)/bin/ziti-ci -q get-current-version)"
           echo "Ziti Version: $version"
           echo "ZITI_VERSION=$version" >> $GITHUB_ENV
 
       - name: Build and Run
         run: |
-          cd ziti/zititest/models/db-creation
+          cd ./zititest/models/db-creation
           go build -o db-creation main.go
           echo "ZITI_ROOT=$(go env GOPATH)/bin" >> "$GITHUB_ENV"
           ./db-creation create db-creation
@@ -59,5 +55,5 @@ jobs:
       - name: Teardown
         if: always()
         run: |
-          cd ziti/zititest/models/db-creation          
+          cd ./zititest/models/db-creation          
           ./db-creation dispose
diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml
@@ -25,7 +25,7 @@ jobs:
           go-version-file: ./go.mod
 
       - name: golangci-lint
-        uses: golangci/golangci-lint-action@v4
+        uses: golangci/golangci-lint-action@v6
         with:
           # Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version
           version: v1.57.2

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -29,6 +29,7 @@ env:
   CONSUL_ENDPOINT: ${{ secrets.CONSUL_ENDPOINT }}
   CONSUL_AGENT_CERT: ${{ secrets.CONSUL_AGENT_CERT }}
   BUILD_NUMBER: ${{ format('{0}-{1}-{2}', github.run_id, github.run_number, github.run_attempt) }}
+  ZITI_BASE_VERSION: ${{ vars.ZITI_BASE_VERSION || null }}
 
 
 jobs:
@@ -55,7 +56,7 @@ jobs:
         shell: bash
         run: |
           go install github.com/mitchellh/gox@latest
-          $(go env GOPATH)/bin/ziti-ci generate-build-info common/version/info_generated.go version
+          $(go env GOPATH)/bin/ziti-ci generate-build-info common/version/info_generated.go version ${ZITI_BASE_VERSION:+--base-version $ZITI_BASE_VERSION}
           $(go env GOPATH)/bin/gox -cgo -os=darwin -arch=amd64 -output=$GOX_OUTPUT ./...
           $(go env GOPATH)/bin/gox -cgo -os=darwin -arch=arm64 -output=$GOX_OUTPUT ./...
 
@@ -89,7 +90,7 @@ jobs:
         shell: bash
         run: |
           go install github.com/mitchellh/gox@latest
-          $(go env GOPATH)/bin/ziti-ci generate-build-info common/version/info_generated.go version
+          $(go env GOPATH)/bin/ziti-ci generate-build-info common/version/info_generated.go version ${ZITI_BASE_VERSION:+--base-version $ZITI_BASE_VERSION}
           $(go env GOPATH)/bin/gox -cgo -os=windows -arch=amd64 -output=$GOX_OUTPUT ./...
 
       - name: Upload artifacts
@@ -122,7 +123,7 @@ jobs:
           sudo apt-get update
           sudo apt-get -yq install gcc-arm-linux-gnueabihf g++-arm-linux-gnueabihf gcc-aarch64-linux-gnu
           $(go env GOPATH)/bin/ziti-ci configure-git
-          $(go env GOPATH)/bin/ziti-ci generate-build-info common/version/info_generated.go version
+          $(go env GOPATH)/bin/ziti-ci generate-build-info common/version/info_generated.go version ${ZITI_BASE_VERSION:+--base-version $ZITI_BASE_VERSION}
           go install github.com/mitchellh/gox@latest
           $(go env GOPATH)/bin/gox -cgo -os=linux -arch=amd64 -output=$GOX_OUTPUT ./...
           CC=arm-linux-gnueabihf-gcc $(go env GOPATH)/bin/gox -cgo -os=linux -arch=arm -output=$GOX_OUTPUT ./...
@@ -167,7 +168,7 @@ jobs:
   fablab-smoketest:
     name: Fablab Smoketest
     # not applicable to forks. shouldn't run on release build
-    if: github.repository_owner == 'openziti' && github.ref != 'refs/heads/main'
+    if: github.repository_owner == 'openziti' && github.ref != 'refs/heads/main' && !startsWith(github.ref, 'refs/heads/release-v')
     runs-on: ubuntu-20.04
     steps:
       - name: Git Checkout
@@ -290,7 +291,7 @@ jobs:
   fablab-ha-smoketest:
     name: Fablab HA Smoketest
     # not applicable to forks. shouldn't run on release build
-    if: false && github.repository_owner == 'openziti' && github.ref != 'refs/heads/main'
+    if: false && github.repository_owner == 'openziti' && github.ref != 'refs/heads/main' && !startsWith(github.ref, 'refs/heads/release-v')
     runs-on: ubuntu-20.04
     steps:
       - name: Git Checkout
@@ -314,7 +315,7 @@ jobs:
         shell: bash
         run: |
           $(go env GOPATH)/bin/ziti-ci configure-git
-          $(go env GOPATH)/bin/ziti-ci generate-build-info common/version/info_generated.go version
+          $(go env GOPATH)/bin/ziti-ci generate-build-info common/version/info_generated.go version ${ZITI_BASE_VERSION:+--base-version $ZITI_BASE_VERSION}
           pushd zititest && go install ./... && popd
           go install -tags=all,tests ./...
 
@@ -472,34 +473,48 @@ jobs:
         shell: bash
         run: |
           $(go env GOPATH)/bin/ziti-ci configure-git
-          $(go env GOPATH)/bin/ziti-ci tag -v -f version
+          $(go env GOPATH)/bin/ziti-ci tag -v -f version ${ZITI_BASE_VERSION:+--base-version $ZITI_BASE_VERSION}
           $(go env GOPATH)/bin/ziti-ci publish-to-github --prerelease --archive-base ""
 
       # only ziti-ci computed version for release branches and {version}-{run_id} for non-release branches
-      - name: Compute the Ziti Version String for CI Jobs
+      - name: Compute the Ziti Version String used for Linux Packages and Container Image Tags
         id: get_version
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           GITHUB_REF: ${{ github.ref }}
           GITHUB_RUN_ID: ${{ github.run_id }}
         shell: bash
         run: |
-          ZITI_VERSION="$($(go env GOPATH)/bin/ziti-ci -q get-current-version)"
-          # drop the leading 'v', if any
-          ZITI_VERSION=${ZITI_VERSION#v}
-          if ! [[ "${ZITI_VERSION}" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
-            # fail the job because we could not obtain the current version from ziti-ci
-            echo "ERROR: ZITI_VERSION=${ZITI_VERSION} is not a semver"
-            exit 1
-          elif [[ "${GITHUB_REF}" =~ ^refs/heads/(release-v|main$) ]]; then
-            # Set output parameters for release branches
-            echo ZITI_VERSION="${ZITI_VERSION}" | tee -a $GITHUB_OUTPUT
+          function validateSemver() {
+            if ! [[ "${1}" =~ ^v?[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+              echo "ERROR: ${1} is not a release semver" >&2
+              return 1
+            fi
+          }
+
+          echo "DEBUG: GITHUB_REPOSITORY=${GITHUB_REPOSITORY} GITHUB_REF=${GITHUB_REF} GITHUB_RUN_ID=${GITHUB_RUN_ID}"
+          (set -x; git remote -v show;)
+
+          if [[ "${GITHUB_REF}" =~ ^refs/heads/(release-v|main$) ]]; then
+            # Set current tag as semver for release branches
+            ZITI_VERSION="$($(go env GOPATH)/bin/ziti-ci -q get-current-version)"
+
+            validateSemver "${ZITI_VERSION}"
+
+            # drop the leading 'v', if any
+            ZITI_VERSION=${ZITI_VERSION#v}
           else
-            # Append build / run number for non-release refs
-            ZITI_VERSION="${ZITI_VERSION}-${GITHUB_RUN_ID}"
-            echo ZITI_VERSION="${ZITI_VERSION}" | tee -a $GITHUB_OUTPUT
+            # compute next patch level for non-release branches
+            ZITI_VERSION="$($(go env GOPATH)/bin/ziti-ci -q get-next-version ${ZITI_BASE_VERSION:+--base-version $ZITI_BASE_VERSION})"
+
+            validateSemver "${ZITI_VERSION}"
+
+            # drop the leading 'v', if any, and append run id
+            ZITI_VERSION=${ZITI_VERSION#v}-${GITHUB_RUN_ID}
           fi
 
+          echo ZITI_VERSION="${ZITI_VERSION}" | tee -a $GITHUB_OUTPUT
+
   call-publish-prerelease-docker-images:
     # - !cancelled() allows evaluating further conditional expressions even if
     #   needed jobs were skipped

diff --git a/.github/workflows/promote-downstreams.yml b/.github/workflows/promote-downstreams.yml
@@ -0,0 +1,131 @@
+name: Promote Downstream Releases
+
+on: 
+  # may be triggered manually on a release tag that represents a prerelease to promote it to a release in the downstream package repositories and Docker Hub
+  workflow_dispatch:
+  # automatically trigger if an existing GitHub release is marked "latest"
+  release:
+    types: [released]  # this release event activity type excludes prereleases
+
+# cancel older, redundant runs of same workflow on same branch
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.ref_name }}
+  cancel-in-progress: true
+
+env:
+  RELEASE_REF: ${{ github.ref}}
+
+jobs:
+  wait_for_release:
+    name: Wait for Release Builds to Succeed
+    runs-on: ubuntu-latest
+    steps:
+      - name: Debug action
+        uses: hmarr/debug-action@v3
+
+      - name: Wait for all checks on this ref
+        uses: lewagon/wait-on-check-action@v1.3.1
+        with:
+          ref: ${{ env.RELEASE_REF }}
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          # seconds between polling the checks api for job statuses
+          wait-interval: 20
+          # confusingly, this means "pause this step until all jobs from all workflows in same run have completed"
+          running-workflow-name: Wait for Release Builds to Succeed
+
+  parse_version:
+    needs: wait_for_release
+    name: Parse Release Version
+    runs-on: ubuntu-latest
+    outputs:
+      version: ${{ steps.parse.outputs.version }}
+    steps:
+      - name: Parse Release Version
+        id: parse
+        shell: bash
+        run: |
+          if [[ "${RELEASE_REF}" =~ ^refs\/tags\/v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+            echo "RELEASE_REF=${RELEASE_REF} is a semver release ref"
+            echo "version=${RELEASE_REF#refs/tags/v}" | tee -a $GITHUB_OUTPUT
+          else
+            echo "RELEASE_REF=${RELEASE_REF} is not a semver release ref" >&2
+            exit 1
+          fi
+
+  promote_docker:
+    name: Tag Container Image ${{ matrix.image.repo }}:latest
+    needs: parse_version
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: true
+      matrix:
+        image:
+          - repo: ${{ vars.ZITI_CLI_IMAGE || 'docker.io/openziti/ziti-cli' }}
+          - repo: ${{ vars.ZITI_CONTROLLER_IMAGE || 'docker.io/openziti/ziti-controller' }}
+          - repo: ${{ vars.ZITI_ROUTER_IMAGE || 'docker.io/openziti/ziti-router' }}
+          - repo: ${{ vars.ZITI_TUNNEL_IMAGE || 'docker.io/openziti/ziti-tunnel' }}
+    steps:
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ vars.DOCKER_HUB_API_USER || secrets.DOCKER_HUB_API_USER }}
+          password: ${{ secrets.DOCKER_HUB_API_TOKEN }}
+
+      - name: Tag Latest
+        shell: bash
+        run: >
+          docker buildx imagetools create --tag
+          ${{ matrix.image.repo }}:latest
+          ${{ matrix.image.repo }}:${{ needs.parse_version.outputs.version }}
+
+  promote_artifactory:
+    name: Promote ${{ matrix.package_name }}-${{ matrix.arch.rpm }}.${{ matrix.nfpm_packager }}
+    needs: parse_version
+    strategy:
+      fail-fast: true
+      matrix:
+        package_name:
+          - openziti
+          - openziti-controller
+          - openziti-router
+        arch:
+          - deb: amd64
+            rpm: x86_64
+          - deb: arm64
+            rpm: aarch64
+          - deb: armv7
+            rpm: armv7
+        nfpm_packager:
+          - rpm
+          - deb
+    runs-on: ubuntu-latest
+    env:
+      ZITI_DEB_TEST_REPO: ${{ vars.ZITI_DEB_TEST_REPO || 'zitipax-openziti-deb-test' }}
+      ZITI_RPM_TEST_REPO: ${{ vars.ZITI_RPM_TEST_REPO || 'zitipax-openziti-rpm-test' }}
+      ZITI_DEB_PROD_REPO: ${{ vars.ZITI_DEB_PROD_REPO || 'zitipax-openziti-deb-stable' }}
+      ZITI_RPM_PROD_REPO: ${{ vars.ZITI_RPM_PROD_REPO || 'zitipax-openziti-rpm-stable' }}
+    steps:
+      - name: Configure jFrog CLI
+        uses: jfrog/setup-jfrog-cli@v4
+        env:
+          JF_ENV_1: ${{ secrets.ZITI_ARTIFACTORY_CLI_CONFIG_PACKAGE_UPLOAD }}
+
+      - name: Copy RPM from test repo to stable repo with jFrog CLI
+        if: matrix.nfpm_packager == 'rpm'
+        shell: bash
+        run: >
+          jf rt copy
+          --recursive=false
+          --flat=true
+          ${{ env.ZITI_RPM_TEST_REPO }}/redhat/${{ matrix.arch.rpm }}/${{ matrix.package_name }}-${{ needs.parse_version.outputs.version }}.${{ matrix.arch.rpm }}.rpm
+          ${{ env.ZITI_RPM_PROD_REPO }}/redhat/${{ matrix.arch.rpm }}/
+
+      - name: Copy DEB from test repo to stable repo with jFrog CLI
+        if: matrix.nfpm_packager == 'deb'
+        shell: bash
+        run: >
+          jf rt copy
+          --recursive=false
+          --flat=true
+          ${{ env.ZITI_DEB_TEST_REPO }}/pool/${{ matrix.package_name }}/${{ matrix.arch.deb }}/${{ matrix.package_name }}_${{ needs.parse_version.outputs.version }}_*.deb
+          ${{ env.ZITI_DEB_PROD_REPO }}/pool/${{ matrix.package_name }}/${{ matrix.arch.deb }}/
diff --git a/.github/workflows/publish-docker-images.yml b/.github/workflows/publish-docker-images.yml
@@ -53,9 +53,6 @@ jobs:
         run: |
           DOCKER_TAGS=""
           DOCKER_TAGS="${IMAGE_REPO}:${IMAGE_TAG}"
-          if [[ "${{ github.ref }}" == "refs/heads/main" ]]; then
-            DOCKER_TAGS+=",${IMAGE_REPO}:latest"
-          fi
           echo "DEBUG: DOCKER_TAGS=${DOCKER_TAGS}"
           echo DOCKER_TAGS="${DOCKER_TAGS}" >> $GITHUB_OUTPUT
 
@@ -83,9 +80,6 @@ jobs:
         run: |
           DOCKER_TAGS=""
           DOCKER_TAGS="${IMAGE_REPO}:${IMAGE_TAG}"
-          if [[ "${{ github.ref }}" == "refs/heads/main" ]]; then
-            DOCKER_TAGS+=",${IMAGE_REPO}:latest"
-          fi
           echo "DEBUG: DOCKER_TAGS=${DOCKER_TAGS}"
           echo DOCKER_TAGS="${DOCKER_TAGS}" >> $GITHUB_OUTPUT
 
@@ -115,9 +109,6 @@ jobs:
         run: |
           DOCKER_TAGS=""
           DOCKER_TAGS="${IMAGE_REPO}:${IMAGE_TAG}"
-          if [[ "${{ github.ref }}" == "refs/heads/main" ]]; then
-            DOCKER_TAGS+=",${IMAGE_REPO}:latest"
-          fi
           echo DOCKER_TAGS="${DOCKER_TAGS}" | tee -a $GITHUB_OUTPUT
 
       - name: Build & Push Multi-Platform Router Container Image to Hub
@@ -145,9 +136,6 @@ jobs:
           DOCKER_TAGS=""
           for REPO in ${LEGACY_REPO} ${IMAGE_REPO}; do
             DOCKER_TAGS="${IMAGE_REPO}:${IMAGE_TAG}"
-            if [[ "${{ github.ref }}" == "refs/heads/main" ]]; then
-              DOCKER_TAGS+=",${IMAGE_REPO}:latest"
-            fi
           done
           DOCKER_TAGS=${DOCKER_TAGS#,} # drop leading comma char
           echo "DEBUG: DOCKER_TAGS=${DOCKER_TAGS}"