From 5a9989e8da9695290954f555c67a35ffdd9a0656 Mon Sep 17 00:00:00 2001 From: Laurentiu Ghiur Date: Tue, 23 Jan 2024 18:22:37 +0200 Subject: [PATCH] Release 4.0.16 update (#5962) Co-authored-by: Leonid Bugaev Co-authored-by: Tit Petric Co-authored-by: maciej <39672152+maciejwojciechowski@users.noreply.github.com> Co-authored-by: Tit Petric Co-authored-by: Ilija Bojanovic Co-authored-by: Sredny M Co-authored-by: Matias <83959431+mativm02@users.noreply.github.com> Co-authored-by: Tyk-ITS Account <92926870+Tyk-ITS@users.noreply.github.com> Co-authored-by: Zaid Albirawi Co-authored-by: Jeffy Mathew Co-authored-by: Tomas Buchaillot Co-authored-by: Alok G Singh Co-authored-by: Alok G Singh --- .github/workflows/release.yml | 95 ++------------------- ci/aws/hybrid/tyk_hybrid.conf | 1 + ci/image/Dockerfile | 2 +- ci/images/hybrid/Dockerfile | 7 +- ci/images/hybrid/tyk/tyk.conf | 1 + ci/images/hybrid/tyk/tyk.conf.example | 1 + ci/install/data/tyk.standalone.conf | 1 + ci/tests/plugin-compiler/docker-compose.yml | 2 +- ci/tests/plugin-compiler/test.sh | 18 ---- ci/tests/plugin-compiler/testplugin/go.mod | 2 +- ci/tests/plugin-compiler/testplugin/go.sum | 4 + ci/tests/plugin-compiler/testplugin/main.go | 1 - ci/tests/python-plugins/docker-compose.yml | 12 --- ci/tests/python-plugins/src/tyk.conf | 1 + ci/tests/python-plugins/test.sh | 2 +- gateway/version.go | 2 +- 16 files changed, 26 insertions(+), 126 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e52e703ec40..54221f78b85 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -169,6 +169,9 @@ jobs: ci: needs: - goreleaser + permissions: + id-token: write # AWS OIDC JWT + contents: read # actions/checkout runs-on: ubuntu-latest steps: @@ -177,31 +180,13 @@ jobs: with: fetch-depth: 1 - - name: Setup Terraform - uses: hashicorp/setup-terraform@v2 - with: - cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} - terraform_wrapper: false - - - name: Get AWS creds from Terraform remote state - id: aws-creds - run: | - cd ci/terraform - terraform init -input=false - terraform refresh 2>&1 >/dev/null - eval $(terraform output -json tyk | jq -r 'to_entries[] | [.key,.value] | join("=")') - region=$(terraform output region | xargs) - [ -z "$key" -o -z "$secret" -o -z "$region" ] && exit 1 - echo "secret=$secret" >> $GITHUB_OUTPUT - echo "key=$key" >> $GITHUB_OUTPUT - echo "region=$region" >> $GITHUB_OUTPUT - - name: Configure AWS credentials for use - uses: aws-actions/configure-aws-credentials@v2 + uses: aws-actions/configure-aws-credentials@v4 with: - aws-access-key-id: ${{ steps.aws-creds.outputs.key }} - aws-secret-access-key: ${{ steps.aws-creds.outputs.secret }} - aws-region: ${{ steps.aws-creds.outputs.region }} + role-to-assume: arn:aws:iam::754489498669:role/ecr_rw_tyk + role-session-name: cipush + aws-region: eu-central-1 + mask-aws-account-id: false - name: Login to Amazon ECR id: login-ecr @@ -226,35 +211,6 @@ jobs: ${{ steps.login-ecr.outputs.registry }}/tyk:${{ needs.goreleaser.outputs.tag }} ${{ steps.login-ecr.outputs.registry }}/tyk:${{ github.sha }} - - name: Tell gromit about new build - id: gromit - run: | - # Remember to remove the true when TD-626 is fixed - curl -fsSL -H "Authorization: ${{secrets.GROMIT_TOKEN}}" 'https://domu-kun.cloud.tyk.io/gromit/newbuild' \ - -X POST -d '{ "repo": "${{ github.repository}}", "ref": "${{ github.ref }}", "sha": "${{ github.sha }}" }' || true - - - name: Tell integration channel - if: ${{ failure() }} - run: | - colour=bad - pretext=":boom: Could not add new build $${{ github.ref }} from ${{ github.repository }} to CD. Please review this run and correct it if needed. See https://github.com/TykTechnologies/tyk-ci/wiki/IntegrationEnvironment for what this is about." - curl https://raw.githubusercontent.com/rockymadden/slack-cli/master/src/slack -o /tmp/slack && chmod +x /tmp/slack - /tmp/slack chat send \ - --actions '{"type": "button", "style": "primary", "text": "See log", "url": "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"}' \ - --author 'Bender' \ - --author-icon 'https://hcoop.net/~alephnull/bender/bender-arms.jpg' \ - --author-link 'https://github.com/TykTechnologies/tyk-ci' \ - --channel '#service-integration' \ - --color $colour \ - --fields '{"title": "Repo", "value": "${{ github.repository }}", "short": false}' \ - --footer 'github-actions' \ - --footer-icon 'https://assets-cdn.github.com/images/modules/logos_page/Octocat.png' \ - --image 'https://assets-cdn.github.com/images/modules/logos_page/Octocat.png' \ - --pretext "$pretext" \ - --text 'Commit message: ${{ github.event.head_commit.message }}' \ - --title 'Failed to add new build for CD' \ - --title-link 'https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}' - sbom: needs: ci uses: TykTechnologies/github-actions/.github/workflows/sbom.yaml@main @@ -265,7 +221,6 @@ jobs: ORG_GH_TOKEN: ${{ secrets.ORG_GH_TOKEN }} upgrade-deb: - if: startsWith(github.ref, 'refs/tags') runs-on: ubuntu-latest needs: goreleaser strategy: @@ -417,37 +372,3 @@ jobs: cd - fi done - - - # AWS updates only for stable releases - aws-mktplace-byol: - if: ( 'a' == 'b' ) - runs-on: ubuntu-latest - needs: - - smoke-tests - strategy: - matrix: - flavour: - - al2 - - rhel - - steps: - - name: Checkout tyk - uses: actions/checkout@v3 - with: - fetch-depth: 1 - - - uses: actions/download-artifact@v3 - with: - name: rpm - path: aws - - - name: Packer build - working-directory: ./ci/aws - run: | - export VERSION=${{ needs.goreleaser.outputs.tag }} - packer validate -var-file=${{ matrix.flavour }}.vars.json byol.pkr.hcl - packer build -var-file=${{ matrix.flavour }}.vars.json byol.pkr.hcl - - - diff --git a/ci/aws/hybrid/tyk_hybrid.conf b/ci/aws/hybrid/tyk_hybrid.conf index 15f8312ea0e..74e5681548e 100644 --- a/ci/aws/hybrid/tyk_hybrid.conf +++ b/ci/aws/hybrid/tyk_hybrid.conf @@ -38,6 +38,7 @@ "enable_health_checks": false, "health_check_value_timeouts": 60 }, + "optimisations_use_async_session_write": true, "allow_master_keys": false, "policies": { "policy_source": "rpc", diff --git a/ci/image/Dockerfile b/ci/image/Dockerfile index b92380b5a45..f7edc79d98c 100644 --- a/ci/image/Dockerfile +++ b/ci/image/Dockerfile @@ -14,7 +14,7 @@ RUN apt-get install -y --no-install-recommends \ libpython3.7 \ python3.7-dev \ python3-pip \ - && pip3 install protobuf==3.20.1 grpcio==1.24.0 \ + && pip3 install protobuf grpcio==1.24.0 \ && apt-get purge -y build-essential \ && rm -rf /root/.cache RUN apt-get autoremove -y diff --git a/ci/images/hybrid/Dockerfile b/ci/images/hybrid/Dockerfile index d55789e92c4..7727a6835af 100644 --- a/ci/images/hybrid/Dockerfile +++ b/ci/images/hybrid/Dockerfile @@ -1,15 +1,16 @@ -FROM debian:bullseye-slim +FROM debian:buster-slim ARG TARGETARCH LABEL Description="Tyk Hybrid Gateway image" Vendor="Tyk" RUN apt-get update \ && apt-get dist-upgrade -y --no-install-recommends redis-server nginx \ - python3-setuptools libpython3-dev curl ca-certificates \ + python3-setuptools libpython3.7 python3.7-dev curl ca-certificates \ && curl https://bootstrap.pypa.io/get-pip.py | python3 \ - && pip3 install --only-binary ":all:" grpcio protobuf==3.20.1 \ + && pip3 install --only-binary ":all:" grpcio protobuf \ && apt-get autoremove -y \ && rm -rf /usr/include/* && rm /usr/lib/*-linux-gnu/*.a && rm /usr/lib/*-linux-gnu/*.o \ + && rm /usr/lib/python3.7/config-3.7m-*-linux-gnu/*.a \ && rm -rf /root/.cache \ && rm -rf /var/lib/apt/lists/* diff --git a/ci/images/hybrid/tyk/tyk.conf b/ci/images/hybrid/tyk/tyk.conf index ab880c714ad..2e6f9980eff 100644 --- a/ci/images/hybrid/tyk/tyk.conf +++ b/ci/images/hybrid/tyk/tyk.conf @@ -38,6 +38,7 @@ "enable_health_checks": false, "health_check_value_timeouts": 60 }, + "optimisations_use_async_session_write": true, "allow_master_keys": false, "policies": { "policy_source": "rpc", diff --git a/ci/images/hybrid/tyk/tyk.conf.example b/ci/images/hybrid/tyk/tyk.conf.example index 445975a90cd..7d5cf8fd89f 100644 --- a/ci/images/hybrid/tyk/tyk.conf.example +++ b/ci/images/hybrid/tyk/tyk.conf.example @@ -30,6 +30,7 @@ "enable_health_checks": false, "health_check_value_timeouts": 60 }, + "optimisations_use_async_session_write": true, "allow_master_keys": false, "policies": { "policy_source": "mongo", diff --git a/ci/install/data/tyk.standalone.conf b/ci/install/data/tyk.standalone.conf index 6c62f7a2673..b651439e9c0 100644 --- a/ci/install/data/tyk.standalone.conf +++ b/ci/install/data/tyk.standalone.conf @@ -30,6 +30,7 @@ "enable_health_checks": false, "health_check_value_timeouts": 60 }, + "optimisations_use_async_session_write": true, "enable_non_transactional_rate_limiter": true, "enable_sentinel_rate_limiter": false, "enable_redis_rolling_limiter": false, diff --git a/ci/tests/plugin-compiler/docker-compose.yml b/ci/tests/plugin-compiler/docker-compose.yml index 53fa1973989..7e5f3fc9587 100644 --- a/ci/tests/plugin-compiler/docker-compose.yml +++ b/ci/tests/plugin-compiler/docker-compose.yml @@ -6,7 +6,7 @@ services: gw: image: tykio/tyk-gateway:${tag} volumes: - - ./testplugin/testplugin_${plugin_version}_${plugin_os}_${plugin_arch}.so:/opt/tyk-gateway/middleware/testplugin.so + - ./testplugin/testplugin.so:/opt/tyk-gateway/middleware/testplugin.so - ./testplugin/apidef.json:/opt/tyk-gateway/apps/testplugin.json ports: - "0.0.0.0:8080:8080" diff --git a/ci/tests/plugin-compiler/test.sh b/ci/tests/plugin-compiler/test.sh index a963c8395cd..e71bfa30003 100755 --- a/ci/tests/plugin-compiler/test.sh +++ b/ci/tests/plugin-compiler/test.sh @@ -25,25 +25,7 @@ trap "$compose down" EXIT rm -fv testplugin/*.so || true docker run --rm -v `pwd`/testplugin:/plugin-source tykio/tyk-plugin-compiler:${tag} testplugin.so - -# This ensures correct paths when running by hand -TYK_GW_PATH=$(readlink -f $(dirname $(readlink -f $0))/../../..) -# Get version from source code (will not include rc tags - same as ci/images/plugin-compiler build.sh) -TYK_GW_VERSION=$(perl -n -e'/v(\d+).(\d+).(\d+)/'' && print "v$1\.$2\.$3"' $TYK_GW_PATH/gateway/version.go) - -# if params were not sent, then attempt to get them from env vars -if [[ $GOOS == "" ]] && [[ $GOARCH == "" ]]; then - GOOS=$(go env GOOS) - GOARCH=$(go env GOARCH) -fi - -# pass plugin params -export plugin_version=${TYK_GW_VERSION} -export plugin_os=${GOOS} -export plugin_arch=${GOARCH} - $compose up -d - sleep 2 # Wait for init curl -vvv http://localhost:8080/goplugin/headers curl http://localhost:8080/goplugin/headers | jq -e '.headers.Foo == "Bar"' || { $compose logs gw; exit 1; } diff --git a/ci/tests/plugin-compiler/testplugin/go.mod b/ci/tests/plugin-compiler/testplugin/go.mod index ccb018a2e43..78e97cc4c83 100644 --- a/ci/tests/plugin-compiler/testplugin/go.mod +++ b/ci/tests/plugin-compiler/testplugin/go.mod @@ -1,6 +1,6 @@ module github.com/TykTechnologies/tyk/ci/tests/plugin-compiler/testplugin -go 1.16 +go 1.15 require ( github.com/HdrHistogram/hdrhistogram-go v1.1.0 // indirect diff --git a/ci/tests/plugin-compiler/testplugin/go.sum b/ci/tests/plugin-compiler/testplugin/go.sum index 5fa0195df1a..2682897cc63 100644 --- a/ci/tests/plugin-compiler/testplugin/go.sum +++ b/ci/tests/plugin-compiler/testplugin/go.sum @@ -361,6 +361,7 @@ github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnIn github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s= github.com/square/go-jose v2.4.1+incompatible/go.mod h1:7MxpAF/1WTVUu8Am+T5kNy+t0902CaLWM4Z745MkOa8= github.com/streadway/amqp v0.0.0-20190404075320-75d898a42a94/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= +github.com/stretchr/objx v0.1.0 h1:4G4v2dO3VZwixGIRoQ5Lfboy6nUhCyYzaqnIAPPhYs4= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1 h1:2vfRuCMp5sSVIDSqO8oNnWJq7mPa6KVP3iPIwFBuy8A= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= @@ -438,6 +439,7 @@ golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190125153040-c74c464bbbf2/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= +golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136 h1:A1gGSx58LAGVHUUsOf7IiR0u8Xb6W51gRwfDBhkdcaw= golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY= golang.org/x/image v0.0.0-20180708004352-c73c2afc3b81/go.mod h1:ux5Hcp/YLpHSI86hEcLt0YII63i6oz57MZXIpbrjZUs= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= @@ -547,7 +549,9 @@ golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gonum.org/v1/gonum v0.0.0-20180816165407-929014505bf4/go.mod h1:Y+Yx5eoAFn32cQvJDxZx5Dpnq+c3wtXuadVZAcxbbBo= +gonum.org/v1/gonum v0.8.2 h1:CCXrcPKiGGotvnN6jfUsKk4rRqm7q09/YbKb5xCEvtM= gonum.org/v1/gonum v0.8.2/go.mod h1:oe/vMfY3deqTw+1EZJhuvEW2iwGF1bW9wwu7XCu0+v0= +gonum.org/v1/netlib v0.0.0-20190313105609-8cb42192e0e0 h1:OE9mWmgKkjJyEmDAAtGMPjXu+YNeGvK9VTSHY6+Qihc= gonum.org/v1/netlib v0.0.0-20190313105609-8cb42192e0e0/go.mod h1:wa6Ws7BG/ESfp6dHfk7C6KdzKA7wR7u/rKwOGE66zvw= gonum.org/v1/plot v0.0.0-20190515093506-e2840ee46a6b/go.mod h1:Wt8AAjI+ypCyYX3nZBvf6cAIx93T+c/OS2HFAYskSZc= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= diff --git a/ci/tests/plugin-compiler/testplugin/main.go b/ci/tests/plugin-compiler/testplugin/main.go index c1112dd4d25..69e5c387530 100644 --- a/ci/tests/plugin-compiler/testplugin/main.go +++ b/ci/tests/plugin-compiler/testplugin/main.go @@ -15,7 +15,6 @@ import ( var logger = log.Get() // AddFooBarHeader adds custom "Foo: Bar" header to the request -// //nolint:deadcode func AddFooBarHeader(rw http.ResponseWriter, r *http.Request) { r.Header.Add("Foo", "Bar") diff --git a/ci/tests/python-plugins/docker-compose.yml b/ci/tests/python-plugins/docker-compose.yml index 8d04b12f08c..fa47a23c85e 100644 --- a/ci/tests/python-plugins/docker-compose.yml +++ b/ci/tests/python-plugins/docker-compose.yml @@ -4,12 +4,6 @@ services: image: redis ports: - "0.0.0.0:6379:6379" - healthcheck: - test: [ "CMD", "redis-cli", "--raw", "incr", "ping" ] - interval: 5s - retries: 10 - start_period: 2s - timeout: 10s bundler: build: @@ -26,9 +20,3 @@ services: - "0.0.0.0:8080:8080" environment: - TYK_LOGLEVEL=debug - wait: - image: hello-world:linux - depends_on: - redis: - condition: service_healthy - diff --git a/ci/tests/python-plugins/src/tyk.conf b/ci/tests/python-plugins/src/tyk.conf index 34358d93f95..d92f1529724 100644 --- a/ci/tests/python-plugins/src/tyk.conf +++ b/ci/tests/python-plugins/src/tyk.conf @@ -55,6 +55,7 @@ "enable_health_checks": false, "health_check_value_timeouts": 0 }, + "optimisations_use_async_session_write": false, "allow_master_keys": true, "hash_keys": true, "hash_key_function": "murmur64", diff --git a/ci/tests/python-plugins/test.sh b/ci/tests/python-plugins/test.sh index 9eef8fd7504..e7258f97abd 100755 --- a/ci/tests/python-plugins/test.sh +++ b/ci/tests/python-plugins/test.sh @@ -18,6 +18,6 @@ EOF export tag=$1 docker-compose build && docker-compose up -d -sleep 10 +sleep 4 # Wait to start curl http://localhost:8080/pyplugin/headers | jq -e '.headers.Foo == "Bar"' docker-compose down diff --git a/gateway/version.go b/gateway/version.go index c9d1ee54596..c57ff4149d3 100644 --- a/gateway/version.go +++ b/gateway/version.go @@ -1,3 +1,3 @@ package gateway -const VERSION = "v4.0.0" +const VERSION = "v4.0.15"