Release 4.0.16 update

.github/workflows/release.yml

@@ -169,6 +169,9 @@ jobs:
   ci:
     needs:
       - goreleaser
+    permissions:
+      id-token: write   # AWS OIDC JWT
+      contents: read    # actions/checkout
     runs-on: ubuntu-latest
 
     steps:
@@ -177,31 +180,13 @@ jobs:
         with:
           fetch-depth: 1
 
-      - name: Setup Terraform
-        uses: hashicorp/setup-terraform@v2
-        with:
-          cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
-          terraform_wrapper: false
-
-      - name: Get AWS creds from Terraform remote state
-        id: aws-creds
-        run: |
-          cd ci/terraform
-          terraform init -input=false
-          terraform refresh 2>&1 >/dev/null
-          eval $(terraform output -json tyk | jq -r 'to_entries[] | [.key,.value] | join("=")')
-          region=$(terraform output region | xargs)
-          [ -z "$key" -o -z "$secret" -o -z "$region" ] && exit 1
-          echo "secret=$secret" >> $GITHUB_OUTPUT
-          echo "key=$key" >> $GITHUB_OUTPUT
-          echo "region=$region" >> $GITHUB_OUTPUT
-
       - name: Configure AWS credentials for use
-        uses: aws-actions/configure-aws-credentials@v2
+        uses: aws-actions/configure-aws-credentials@v4
         with:
-          aws-access-key-id: ${{ steps.aws-creds.outputs.key }}
-          aws-secret-access-key: ${{ steps.aws-creds.outputs.secret }}
-          aws-region: ${{ steps.aws-creds.outputs.region }}
+          role-to-assume: arn:aws:iam::754489498669:role/ecr_rw_tyk
+          role-session-name: cipush
+          aws-region: eu-central-1
+          mask-aws-account-id: false
 
       - name: Login to Amazon ECR
         id: login-ecr
@@ -226,35 +211,6 @@ jobs:
             ${{ steps.login-ecr.outputs.registry }}/tyk:${{ needs.goreleaser.outputs.tag }}
             ${{ steps.login-ecr.outputs.registry }}/tyk:${{ github.sha }}
 
-      - name: Tell gromit about new build
-        id: gromit
-        run: |
-          # Remember to remove the true when TD-626 is fixed
-          curl -fsSL -H "Authorization: ${{secrets.GROMIT_TOKEN}}" 'https://domu-kun.cloud.tyk.io/gromit/newbuild' \
-                 -X POST -d '{ "repo": "${{ github.repository}}", "ref": "${{ github.ref }}", "sha": "${{ github.sha }}" }' || true
-
-      - name: Tell integration channel
-        if: ${{ failure() }}
-        run: |
-          colour=bad
-          pretext=":boom: Could not add new build $${{ github.ref }} from ${{ github.repository }} to CD. Please review this run and correct it if needed. See https://github.com/TykTechnologies/tyk-ci/wiki/IntegrationEnvironment for what this is about."
-          curl https://raw.githubusercontent.com/rockymadden/slack-cli/master/src/slack -o /tmp/slack && chmod +x /tmp/slack
-          /tmp/slack chat send \
-          --actions '{"type": "button", "style": "primary", "text": "See log", "url": "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"}' \
-          --author 'Bender' \
-          --author-icon 'https://hcoop.net/~alephnull/bender/bender-arms.jpg' \
-          --author-link 'https://github.com/TykTechnologies/tyk-ci' \
-          --channel '#service-integration' \
-          --color $colour \
-          --fields '{"title": "Repo", "value": "${{ github.repository }}", "short": false}' \
-          --footer 'github-actions' \
-          --footer-icon 'https://assets-cdn.github.com/images/modules/logos_page/Octocat.png' \
-          --image 'https://assets-cdn.github.com/images/modules/logos_page/Octocat.png' \
-          --pretext "$pretext" \
-          --text 'Commit message: ${{ github.event.head_commit.message }}' \
-          --title 'Failed to add new build for CD' \
-          --title-link 'https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}'
-
   sbom:
     needs: ci
     uses: TykTechnologies/github-actions/.github/workflows/sbom.yaml@main
@@ -265,7 +221,6 @@ jobs:
       ORG_GH_TOKEN: ${{ secrets.ORG_GH_TOKEN }}
 
   upgrade-deb:
-    if: startsWith(github.ref, 'refs/tags')
     runs-on: ubuntu-latest
     needs: goreleaser
     strategy:
@@ -417,37 +372,3 @@ jobs:
                   cd -
               fi
           done
-
-
-  # AWS updates only for stable releases
-  aws-mktplace-byol:
-    if: ( 'a' == 'b' )
-    runs-on: ubuntu-latest
-    needs:
-      - smoke-tests
-    strategy:
-      matrix:
-        flavour:
-          - al2
-          - rhel
-
-    steps:
-      - name: Checkout tyk
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: 1
-
-      - uses: actions/download-artifact@v3
-        with:
-          name: rpm
-          path: aws
-
-      - name: Packer build
-        working-directory: ./ci/aws
-        run: |
-          export VERSION=${{ needs.goreleaser.outputs.tag }}
-          packer validate -var-file=${{ matrix.flavour }}.vars.json byol.pkr.hcl
-          packer build -var-file=${{ matrix.flavour }}.vars.json byol.pkr.hcl
-
-
-

ci/aws/hybrid/tyk_hybrid.conf

@@ -38,6 +38,7 @@
         "enable_health_checks": false,
         "health_check_value_timeouts": 60
     },
+    "optimisations_use_async_session_write": true,
     "allow_master_keys": false,
     "policies": {
       "policy_source": "rpc",

ci/image/Dockerfile

@@ -14,7 +14,7 @@ RUN apt-get install -y --no-install-recommends \
         libpython3.7 \
         python3.7-dev \
         python3-pip \
-        && pip3 install protobuf==3.20.1 grpcio==1.24.0 \
+        && pip3 install protobuf grpcio==1.24.0 \
         && apt-get purge -y build-essential \
         && rm -rf /root/.cache
 RUN apt-get autoremove -y 

ci/images/hybrid/Dockerfile

@@ -1,15 +1,16 @@
-FROM debian:bullseye-slim
+FROM debian:buster-slim
 ARG TARGETARCH
 
 LABEL Description="Tyk Hybrid Gateway image" Vendor="Tyk"
 
 RUN apt-get update \
  && apt-get dist-upgrade -y --no-install-recommends redis-server nginx \
-            python3-setuptools libpython3-dev curl ca-certificates  \
+            python3-setuptools libpython3.7 python3.7-dev curl ca-certificates  \
  && curl https://bootstrap.pypa.io/get-pip.py | python3 \
- && pip3 install --only-binary ":all:" grpcio protobuf==3.20.1 \
+ && pip3 install --only-binary ":all:" grpcio protobuf \
  && apt-get autoremove -y \
  && rm -rf /usr/include/* && rm /usr/lib/*-linux-gnu/*.a && rm /usr/lib/*-linux-gnu/*.o \
+ && rm /usr/lib/python3.7/config-3.7m-*-linux-gnu/*.a \
  && rm -rf /root/.cache \
  && rm -rf /var/lib/apt/lists/*
 

ci/images/hybrid/tyk/tyk.conf

@@ -38,6 +38,7 @@
     "enable_health_checks": false,
     "health_check_value_timeouts": 60
   },
+  "optimisations_use_async_session_write": true,
   "allow_master_keys": false,
   "policies": {
     "policy_source": "rpc",

ci/images/hybrid/tyk/tyk.conf.example

@@ -30,6 +30,7 @@
     "enable_health_checks": false,
     "health_check_value_timeouts": 60
   },
+  "optimisations_use_async_session_write": true,
   "allow_master_keys": false,
   "policies": {
     	"policy_source": "mongo",

ci/install/data/tyk.standalone.conf

@@ -30,6 +30,7 @@
     "enable_health_checks": false,
     "health_check_value_timeouts": 60
   },
+  "optimisations_use_async_session_write": true,
   "enable_non_transactional_rate_limiter": true,
   "enable_sentinel_rate_limiter": false,
   "enable_redis_rolling_limiter": false,

ci/tests/plugin-compiler/docker-compose.yml

@@ -6,7 +6,7 @@ services:
   gw:
     image: tykio/tyk-gateway:${tag}
     volumes:
-      - ./testplugin/testplugin_${plugin_version}_${plugin_os}_${plugin_arch}.so:/opt/tyk-gateway/middleware/testplugin.so
+      - ./testplugin/testplugin.so:/opt/tyk-gateway/middleware/testplugin.so
       - ./testplugin/apidef.json:/opt/tyk-gateway/apps/testplugin.json
     ports:
       - "0.0.0.0:8080:8080"

ci/tests/plugin-compiler/test.sh

@@ -25,25 +25,7 @@ trap "$compose down" EXIT
 
 rm -fv testplugin/*.so || true
 docker run --rm -v `pwd`/testplugin:/plugin-source tykio/tyk-plugin-compiler:${tag} testplugin.so
-
-# This ensures correct paths when running by hand
-TYK_GW_PATH=$(readlink -f $(dirname $(readlink -f $0))/../../..)
-# Get version from source code (will not include rc tags - same as ci/images/plugin-compiler build.sh)
-TYK_GW_VERSION=$(perl -n -e'/v(\d+).(\d+).(\d+)/'' && print "v$1\.$2\.$3"' $TYK_GW_PATH/gateway/version.go)
-
-# if params were not sent, then attempt to get them from env vars
-if [[ $GOOS == "" ]] && [[ $GOARCH == "" ]]; then
-    GOOS=$(go env GOOS)
-    GOARCH=$(go env GOARCH)
-fi
-
-# pass plugin params
-export plugin_version=${TYK_GW_VERSION}
-export plugin_os=${GOOS}
-export plugin_arch=${GOARCH}
-
 $compose up -d
-
 sleep 2 # Wait for init
 curl -vvv http://localhost:8080/goplugin/headers
 curl http://localhost:8080/goplugin/headers | jq -e '.headers.Foo == "Bar"' || { $compose logs gw; exit 1; }

ci/tests/plugin-compiler/testplugin/go.mod

@@ -1,6 +1,6 @@
 module github.com/TykTechnologies/tyk/ci/tests/plugin-compiler/testplugin
 
-go 1.16
+go 1.15
 
 require (
 	github.com/HdrHistogram/hdrhistogram-go v1.1.0 // indirect

ci/tests/plugin-compiler/testplugin/go.sum

@@ -361,6 +361,7 @@ github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnIn
 github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s=
 github.com/square/go-jose v2.4.1+incompatible/go.mod h1:7MxpAF/1WTVUu8Am+T5kNy+t0902CaLWM4Z745MkOa8=
 github.com/streadway/amqp v0.0.0-20190404075320-75d898a42a94/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw=
+github.com/stretchr/objx v0.1.0 h1:4G4v2dO3VZwixGIRoQ5Lfboy6nUhCyYzaqnIAPPhYs4=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1 h1:2vfRuCMp5sSVIDSqO8oNnWJq7mPa6KVP3iPIwFBuy8A=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
@@ -438,6 +439,7 @@ golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190125153040-c74c464bbbf2/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136 h1:A1gGSx58LAGVHUUsOf7IiR0u8Xb6W51gRwfDBhkdcaw=
 golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY=
 golang.org/x/image v0.0.0-20180708004352-c73c2afc3b81/go.mod h1:ux5Hcp/YLpHSI86hEcLt0YII63i6oz57MZXIpbrjZUs=
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
@@ -547,7 +549,9 @@ golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gonum.org/v1/gonum v0.0.0-20180816165407-929014505bf4/go.mod h1:Y+Yx5eoAFn32cQvJDxZx5Dpnq+c3wtXuadVZAcxbbBo=
+gonum.org/v1/gonum v0.8.2 h1:CCXrcPKiGGotvnN6jfUsKk4rRqm7q09/YbKb5xCEvtM=
 gonum.org/v1/gonum v0.8.2/go.mod h1:oe/vMfY3deqTw+1EZJhuvEW2iwGF1bW9wwu7XCu0+v0=
+gonum.org/v1/netlib v0.0.0-20190313105609-8cb42192e0e0 h1:OE9mWmgKkjJyEmDAAtGMPjXu+YNeGvK9VTSHY6+Qihc=
 gonum.org/v1/netlib v0.0.0-20190313105609-8cb42192e0e0/go.mod h1:wa6Ws7BG/ESfp6dHfk7C6KdzKA7wR7u/rKwOGE66zvw=
 gonum.org/v1/plot v0.0.0-20190515093506-e2840ee46a6b/go.mod h1:Wt8AAjI+ypCyYX3nZBvf6cAIx93T+c/OS2HFAYskSZc=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=

ci/tests/plugin-compiler/testplugin/main.go

@@ -15,7 +15,6 @@ import (
 var logger = log.Get()
 
 // AddFooBarHeader adds custom "Foo: Bar" header to the request
-//
 //nolint:deadcode
 func AddFooBarHeader(rw http.ResponseWriter, r *http.Request) {
 	r.Header.Add("Foo", "Bar")

ci/tests/python-plugins/docker-compose.yml

@@ -4,12 +4,6 @@ services:
     image: redis
     ports:
       - "0.0.0.0:6379:6379"
-    healthcheck:
-      test: [ "CMD", "redis-cli", "--raw", "incr", "ping" ]
-      interval: 5s
-      retries: 10
-      start_period: 2s
-      timeout: 10s
 
   bundler:
     build:
@@ -26,9 +20,3 @@ services:
       - "0.0.0.0:8080:8080"
     environment:
       - TYK_LOGLEVEL=debug
-  wait:
-    image: hello-world:linux
-    depends_on:
-        redis:
-            condition: service_healthy
-

ci/tests/python-plugins/src/tyk.conf

@@ -55,6 +55,7 @@
         "enable_health_checks": false,
         "health_check_value_timeouts": 0
     },
+    "optimisations_use_async_session_write": false,
     "allow_master_keys": true,
     "hash_keys": true,
     "hash_key_function": "murmur64",

ci/tests/python-plugins/test.sh

@@ -18,6 +18,6 @@ EOF
 export tag=$1
 
 docker-compose build && docker-compose up -d
-sleep 10
+sleep 4 # Wait to start
 curl http://localhost:8080/pyplugin/headers | jq -e '.headers.Foo == "Bar"'
 docker-compose down

gateway/version.go

@@ -1,3 +1,3 @@
 package gateway
 
-const VERSION = "v4.0.0"
+const VERSION = "v4.0.15"