[SYSE-399 release-5.5] distroless missing from 5.5 and 5.6 (#6594)

### **User description** Reported on Slack at https://tyktech.slack.com/archives/C02JETM5S4B/p1727688424333849 Going forward, config.yaml will be updated by the squads as appropriate. ___ ### **PR Type** enhancement, configuration changes ___ ### **Description** - Enhanced the release workflow by adding concurrency control to prevent overlapping runs. - Updated the Go version used in the workflow from `1.21-bullseye` to `1.22-bullseye`. - Changed the Dockerfile used in the build process to `ci/Dockerfile.distroless` for improved security and efficiency. - Added steps to upload Playwright test reports to S3 and share the report link in the summary for better test result visibility. - Disabled specific `yamllint` rules to accommodate longer lines and truthy values. ___ ### **Changes walkthrough** 📝 <table><thead><tr><th></th><th align="left">Relevant files</th></tr></thead><tbody><tr><td><strong>Enhancement</strong></td><td><table> <tr> <td> <details> <summary><strong>release.yml</strong><dd><code>Update release workflow with concurrency and Go version changes</code></dd></summary> <hr> .github/workflows/release.yml <li>Added <code>yamllint</code> disable rules for line length and truthy.<br> <li> Introduced concurrency control for workflow runs.<br> <li> Updated Go version from <code>1.21-bullseye</code> to <code>1.22-bullseye</code>.<br> <li> Changed Dockerfile from <code>ci/Dockerfile.std</code> to <code>ci/Dockerfile.distroless</code>.<br> <li> Added steps to upload and share Playwright test reports to S3. </details> </td> <td><a href="https://github.com/TykTechnologies/tyk/pull/6594/files#diff-87db21a973eed4fef5f32b267aa60fcee5cbdf03c67fafdc2a9b553bb0b15f34">+38/-24</a>  </td> </tr> </table></td></tr></tr></tbody></table> ___ > 💡 **PR-Agent usage**: Comment `/help "your question"` on any pull request to receive relevant information --------- Co-authored-by: Gromit <policy@gromit> Co-authored-by: konrad <konrad@tyk.io>
TykTechnologies · Oct 1, 2024 · 30b2226 · 30b2226
1 parent ad816b4
commit 30b2226
Showing 1 changed file with 42 additions and 15 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -1,3 +1,5 @@
+# yamllint disable rule:line-length rule:truthy
+name: Release
 # Generated by: gromit policy
 
 # Distribution channels covered by this workflow
@@ -6,8 +8,9 @@
 # - docker hub
 # - devenv ECR
 # - Cloudsmith
-
-name: Release
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: ${{ github.event_name == 'pull_request' }}
 on:
   # Trigger release every monday at midnight for master CI images
   schedule:
@@ -21,13 +24,14 @@ on:
       - 'v*'
 env:
   GOPRIVATE: github.com/TykTechnologies
-  VARIATION: prod
+  VARIATION: inverted
   DOCKER_BUILD_SUMMARY: false
   DOCKER_BUILD_RECORD_UPLOAD: false
   # startsWith covers pull_request_target too
   BASE_REF: ${{startsWith(github.event_name, 'pull_request') && github.base_ref || github.ref_name}}
 jobs:
   goreleaser:
+    if: github.event.pull_request.draft == false
     name: '${{ matrix.golang_cross }}'
     runs-on: ubuntu-latest-m
     permissions:
@@ -147,7 +151,7 @@ jobs:
         with:
           context: "dist"
           platforms: linux/amd64,linux/arm64
-          file: ci/Dockerfile.std
+          file: ci/Dockerfile.distroless
           provenance: mode=max
           sbom: true
           push: true
@@ -166,17 +170,16 @@ jobs:
             latest=false
             prefix=v
           tags: |
-            type=semver,pattern={{major}}
             type=semver,pattern={{major}}.{{minor}}
             type=semver,pattern={{version}}
-          labels: "org.opencontainers.image.title=tyk-gateway \norg.opencontainers.image.description=Tyk Open Source API Gateway written in Go, supporting REST, GraphQL, TCP and gRPC protocols\norg.opencontainers.image.vendor=tyk.io\norg.opencontainers.image.version=${{ github.ref_name }}\n"
+          labels: "org.opencontainers.image.title=tyk-gateway  (distroless) \norg.opencontainers.image.description=Tyk Open Source API Gateway written in Go, supporting REST, GraphQL, TCP and gRPC protocols\norg.opencontainers.image.vendor=tyk.io\norg.opencontainers.image.version=${{ github.ref_name }}\n"
       - name: push image to prod
         if: ${{ matrix.golang_cross == '1.21-bullseye' }}
         uses: docker/build-push-action@v6
         with:
           context: "dist"
           platforms: linux/amd64,linux/arm64
-          file: ci/Dockerfile.std
+          file: ci/Dockerfile.distroless
           provenance: mode=max
           sbom: true
           cache-from: type=gha
@@ -205,6 +208,7 @@ jobs:
             !dist/*PAYG*.rpm
             !dist/*fips*.rpm
   test-controller-api:
+    if: github.event.pull_request.draft == false
     needs:
       - goreleaser
     runs-on: ubuntu-latest
@@ -300,21 +304,43 @@ jobs:
           ./dash-bootstrap.sh http://localhost:3000
           docker compose -p auto -f pro-ha.yml -f deps_pro-ha.yml -f ${{ matrix.envfiles.db }}.yml -f ${{ matrix.envfiles.cache }}.yml --env-file versions.env --profile slave-datacenter up --quiet-pull -d
           echo "$(cat pytest.env | grep USER_API_SECRET)" >> $GITHUB_OUTPUT
+          echo "ts=$(date +%s%N)" >> $GITHUB_OUTPUT
       - uses: actions/checkout@v4
         with:
           repository: TykTechnologies/tyk-analytics
           path: tyk-analytics
           token: ${{ secrets.ORG_GH_TOKEN }}
-          fetch-depth: 1
+          fetch-depth: 0
           sparse-checkout: tests/api
-      - name: Branch for test code
-        id: timestamp
+      - name: Choosing test code branch
         working-directory: tyk-analytics/tests/api
         run: |
-          # Generate report id
-          git fetch --no-tags --depth 1 origin "refs/heads/${BASE_REF}:refs/remotes/origin/${BASE_REF}"
-          git switch $BASE_REF
-          echo "ts=$(date +%s%N)" >> $GITHUB_OUTPUT
+          if [[ ${{ github.event_name }} == "release" ]]; then
+            echo "Checking out release tag..."
+            TAG_NAME=${{ github.event.release.tag_name }}
+            git checkout "$TAG_NAME"
+          fi
+          if [[ ${{ github.event_name }} == "pull_request" ]]; then
+            PR_BRANCH=${{ github.event.pull_request.head.ref }}
+            TARGET_BRANCH=${{ github.event.pull_request.base.ref }}
+            echo "Looking for PR_BRANCH:$PR_BRANCH or TARGET_BRANCH:$TARGET_BRANCH..."
+            if git rev-parse --verify "origin/$PR_BRANCH" >/dev/null 2>&1; then
+              echo "PR branch $PR_BRANCH exists. Checking out..."
+              git checkout "$PR_BRANCH"
+            elif git rev-parse --verify "origin/$TARGET_BRANCH" >/dev/null 2>&1; then
+              echo "Target branch $TARGET_BRANCH exists. Checking out..."
+              git checkout "$TARGET_BRANCH"
+            fi
+          fi
+          if [[ ${{ github.event_name }} == "push" ]]; then
+            PUSH_BRANCH=${{ github.ref_name }}
+            echo "Looking for PUSH_BRANCH:$PUSH_BRANCH..."
+            if git rev-parse --verify "origin/$PUSH_BRANCH" >/dev/null 2>&1; then
+              echo "Push branch $PUSH_BRANCH exists. Checking out..."
+              git checkout "$PUSH_BRANCH"
+            fi
+          fi
+          echo "Current commit: $(git rev-parse HEAD)"
       - uses: actions/setup-python@v5
         with:
           cache: 'pip'
@@ -347,7 +373,7 @@ jobs:
         id: metadata_report
         if: always() && (steps.test_execution.conclusion != 'skipped')
         env:
-          REPORT_NAME: ${{ github.repository }}_${{ github.run_id }}_${{ github.run_attempt }}-${{steps.timestamp.outputs.ts}}
+          REPORT_NAME: ${{ github.repository }}_${{ github.run_id }}_${{ github.run_attempt }}-${{steps.env_up.outputs.ts}}
           METADATA_REPORT_PATH: metadata.toml
         run: |
           # Generate metadata report
@@ -390,6 +416,7 @@ jobs:
           retention-days: 3
           overwrite: true
   test-controller-distros:
+    if: github.event.pull_request.draft == false
     needs:
       - goreleaser
     runs-on: ubuntu-latest