Merge remote-tracking branch 'upstream/main' into HEAD #109
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: | |
| - main | |
| tags: | |
| - "*" | |
| paths-ignore: | |
| - "**/*.md" | |
| - "LICENSE" | |
| pull_request: | |
| workflow_dispatch: | |
| env: | |
| GO_VERSION: '1.20' | |
| TINYGO_VERSION: 0.31.2 | |
| # Run e2e tests against latest two releases and latest dev | |
| ENVOY_IMAGES: > | |
| envoyproxy/envoy:v1.30-latest | |
| envoyproxy/envoy:v1.29-latest | |
| envoyproxy/envoy-dev:latest | |
| istio/proxyv2:1.22.1 | |
| istio/proxyv2:1.21.3 | |
| jobs: | |
| build: | |
| name: "Build (multiphase evaluation: ${{ matrix.multiphase_eval }})" | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| contents: write | |
| packages: write | |
| strategy: | |
| fail-fast: false # ftw runs are flaky, let's keep the two jobs running reducing re-runs | |
| matrix: | |
| multiphase_eval: ["true","false"] | |
| env: | |
| MULTIPHASE_EVAL: ${{ matrix.multiphase_eval }} | |
| steps: | |
| - name: Check out code | |
| uses: actions/checkout@v3 | |
| with: # Ensure release_notes.sh can see prior commits | |
| fetch-depth: 0 | |
| - name: Install Go | |
| uses: actions/setup-go@v3 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| cache: true | |
| - name: Install TinyGo | |
| run: | | |
| gh release download v${TINYGO_VERSION} -p '*.linux-amd64.tar.gz' -D ~ -R github.com/tinygo-org/tinygo | |
| tar -xf ~/tinygo${TINYGO_VERSION}.linux-amd64.tar.gz -C $HOME | |
| echo "$HOME/tinygo/bin" >> $GITHUB_PATH | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Cache TinyGo build | |
| uses: actions/cache@v3 | |
| with: | |
| path: | | |
| ~/.cache/tinygo | |
| key: ${{ runner.os }}-tinygo-${{ hashFiles('**/go.sum') }} | |
| restore-keys: | | |
| ${{ runner.os }}-tinygo- | |
| - name: Run code checks | |
| run: go run mage.go lint | |
| - name: Build WASM filter | |
| run: go run mage.go build | |
| - name: Run unit tests | |
| run: go run mage.go coverage | |
| - name: Run e2e tests | |
| shell: bash | |
| run: > | |
| for image in $ENVOY_IMAGES; do | |
| echo "Running e2e with Envoy image $image" | |
| ENVOY_IMAGE=$image go run mage.go e2e | |
| done | |
| - name: Run regression tests (ftw) | |
| run: go run mage.go ftw | |
| - uses: actions/upload-artifact@v3 | |
| if: success() || failure() | |
| with: | |
| name: ftw-envoy-logs | |
| path: build/ftw-envoy.log | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| if: ${{ matrix.multiphase_eval=='true' }} | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Docker meta | |
| if: ${{ matrix.multiphase_eval=='true' }} | |
| id: meta | |
| uses: docker/metadata-action@v4 | |
| with: | |
| images: | | |
| ghcr.io/${{ github.repository }} | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=pr | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}} | |
| - name: Docker meta busybox | |
| if: ${{ matrix.multiphase_eval=='true' }} | |
| id: meta-busybox | |
| uses: docker/metadata-action@v4 | |
| with: | |
| images: | | |
| ghcr.io/${{ github.repository }} | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=pr | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}} | |
| flavor: | | |
| suffix=-busybox | |
| - name: Login to GHCR | |
| if: ${{ matrix.multiphase_eval=='true' }} | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build and push busybox based image | |
| if: ${{ matrix.multiphase_eval=='true' }} | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| push: ${{ github.event_name != 'pull_request' }} | |
| tags: ${{ steps.meta-busybox.outputs.tags }} | |
| platforms: linux/amd64,linux/arm64 | |
| labels: ${{ steps.meta-busybox.outputs.labels }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| build-args: | | |
| BASE_IMAGE=busybox:1.36-uclibc | |
| - name: Build and push | |
| if: ${{ matrix.multiphase_eval=='true' }} | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| push: ${{ github.event_name != 'pull_request' }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| - name: Create draft release | |
| # Triggered only on tag creation and if release does not exist | |
| if: matrix.multiphase_eval=='true' && github.event_name == 'push' && contains(github.ref, 'refs/tags/') | |
| run: | | |
| set +e | |
| tag="${GITHUB_REF#refs/tags/}" | |
| if ! gh release view ${tag}; then | |
| echo "Release ${tag} does not exist, creating..." | |
| ./.github/workflows/release_notes.sh ${tag} > release-notes.txt | |
| gh release create ${tag} --draft --notes-file release-notes.txt --title ${GITHUB_REF#refs/tags/} | |
| fi | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Push build artifact to release | |
| # Triggered only on tag creation | |
| if: matrix.multiphase_eval=='true' && github.event_name == 'push' && contains(github.ref, 'refs/tags/') | |
| run: | | |
| ls build | |
| mv build/main.wasm build/coraza-proxy-wasm.wasm | |
| tag="${GITHUB_REF#refs/tags/}" | |
| zip -j build/coraza-proxy-wasm-${tag}.zip build/coraza-proxy-wasm.wasm | |
| gh release upload ${tag} ./build/coraza-proxy-wasm-${tag}.zip --clobber | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |