openziti · plorenz · Jun 14, 2024 · Jun 11, 2024 · Jun 13, 2024 · Jun 13, 2024
@@ -56,9 +56,8 @@ jobs:
         shell: bash
         run: |
           go install github.com/mitchellh/gox@latest
-          $(go env GOPATH)/bin/ziti-ci generate-build-info common/version/info_generated.go version ${ZITI_BASE_VERSION:+--base-version $ZITI_BASE_VERSION}
-          $(go env GOPATH)/bin/gox -cgo -os=darwin -arch=amd64 -output=$GOX_OUTPUT ./...
-          $(go env GOPATH)/bin/gox -cgo -os=darwin -arch=arm64 -output=$GOX_OUTPUT ./...
+          $(go env GOPATH)/bin/gox -ldflags "$($(go env GOPATH)/bin/ziti-ci -q go-build-flags -n)" -cgo -os=darwin -arch=amd64 -output=$GOX_OUTPUT ./...
+          $(go env GOPATH)/bin/gox -ldflags "$($(go env GOPATH)/bin/ziti-ci -q go-build-flags -n)" -cgo -os=darwin -arch=arm64 -output=$GOX_OUTPUT ./...
 
       - name: Upload artifacts
         uses: actions/upload-artifact@v4
@@ -90,8 +89,7 @@ jobs:
         shell: bash
         run: |
           go install github.com/mitchellh/gox@latest
-          $(go env GOPATH)/bin/ziti-ci generate-build-info common/version/info_generated.go version ${ZITI_BASE_VERSION:+--base-version $ZITI_BASE_VERSION}
-          $(go env GOPATH)/bin/gox -cgo -os=windows -arch=amd64 -output=$GOX_OUTPUT ./...
+          $(go env GOPATH)/bin/gox -ldflags "$($(go env GOPATH)/bin/ziti-ci -q go-build-flags -n)" -cgo -os=windows -arch=amd64 -output=$GOX_OUTPUT ./...
 
       - name: Upload artifacts
         uses: actions/upload-artifact@v4
@@ -125,9 +123,9 @@ jobs:
           $(go env GOPATH)/bin/ziti-ci configure-git
           $(go env GOPATH)/bin/ziti-ci generate-build-info common/version/info_generated.go version ${ZITI_BASE_VERSION:+--base-version $ZITI_BASE_VERSION}
           go install github.com/mitchellh/gox@latest
-          $(go env GOPATH)/bin/gox -cgo -os=linux -arch=amd64 -output=$GOX_OUTPUT ./...
-          CC=arm-linux-gnueabihf-gcc $(go env GOPATH)/bin/gox -cgo -os=linux -arch=arm -output=$GOX_OUTPUT ./...
-          CC=aarch64-linux-gnu-gcc   $(go env GOPATH)/bin/gox -cgo -os=linux -arch=arm64 -output=$GOX_OUTPUT ./...
+          $(go env GOPATH)/bin/gox -ldflags "$($(go env GOPATH)/bin/ziti-ci -q go-build-flags -n)" -cgo -os=linux -arch=amd64 -output=$GOX_OUTPUT ./...
+          CC=arm-linux-gnueabihf-gcc $(go env GOPATH)/bin/gox -ldflags "$($(go env GOPATH)/bin/ziti-ci -q go-build-flags -n)" -cgo -os=linux -arch=arm -output=$GOX_OUTPUT ./...
+          CC=aarch64-linux-gnu-gcc   $(go env GOPATH)/bin/gox -ldflags "$($(go env GOPATH)/bin/ziti-ci -q go-build-flags -n)" -cgo -os=linux -arch=arm64 -output=$GOX_OUTPUT ./...
 
       - name: Upload artifacts
         uses: actions/upload-artifact@v4
@@ -463,21 +461,8 @@ jobs:
                 -path "./release/*/linux/ziti" \
             | xargs -0 chmod -c +x
 
-      - name: Publish GitHub Release
-        # forks need to run this step with their own GPG key because ziti-ci creates the GH release 
-        if: env.ziti_ci_gpg_key_id != null && (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/release-v'))
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          ziti_ci_gpg_key: ${{ secrets.ZITI_CI_GPG_KEY }}
-          ziti_ci_gpg_key_id: ${{ secrets.ZITI_CI_GPG_KEY_ID }}
-        shell: bash
-        run: |
-          $(go env GOPATH)/bin/ziti-ci configure-git
-          $(go env GOPATH)/bin/ziti-ci tag -v -f version ${ZITI_BASE_VERSION:+--base-version $ZITI_BASE_VERSION}
-          $(go env GOPATH)/bin/ziti-ci publish-to-github --prerelease --archive-base ""
-
       # only ziti-ci computed version for release branches and {version}-{run_id} for non-release branches
-      - name: Compute the Ziti Version String used for Linux Packages and Container Image Tags
+      - name: Get next version for downstream release candidates
         id: get_version
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -495,59 +480,31 @@ jobs:
           echo "DEBUG: GITHUB_REPOSITORY=${GITHUB_REPOSITORY} GITHUB_REF=${GITHUB_REF} GITHUB_RUN_ID=${GITHUB_RUN_ID}"
           (set -x; git remote -v show;)
 
-          if [[ "${GITHUB_REF}" =~ ^refs/heads/(release-v|main$) ]]; then
-            # Set current tag as semver for release branches
-            ZITI_VERSION="$($(go env GOPATH)/bin/ziti-ci -q get-current-version)"
-
-            validateSemver "${ZITI_VERSION}"
-
-            # drop the leading 'v', if any
-            ZITI_VERSION=${ZITI_VERSION#v}
-          else
-            # compute next patch level for non-release branches
-            ZITI_VERSION="$($(go env GOPATH)/bin/ziti-ci -q get-next-version ${ZITI_BASE_VERSION:+--base-version $ZITI_BASE_VERSION})"
+          # compute next patch level for non-release branches
+          ZITI_VERSION="$($(go env GOPATH)/bin/ziti-ci -q get-next-version ${ZITI_BASE_VERSION:+--base-version $ZITI_BASE_VERSION})"
 
-            validateSemver "${ZITI_VERSION}"
+          validateSemver "${ZITI_VERSION}"
 
-            # drop the leading 'v', if any, and append run id
-            ZITI_VERSION=${ZITI_VERSION#v}-${GITHUB_RUN_ID}
-          fi
+          # drop the leading 'v', if any, and append run id
+          ZITI_VERSION=${ZITI_VERSION#v}-${GITHUB_RUN_ID}
 
           echo ZITI_VERSION="${ZITI_VERSION}" | tee -a $GITHUB_OUTPUT
 
-  call-publish-prerelease-docker-images:
+  call-publish-docker-images:
     # - !cancelled() allows evaluating further conditional expressions even if
     #   needed jobs were skipped
     if: ${{
       !cancelled()
       && needs.publish.result == 'success'
       && github.ref == 'refs/heads/release-next'
       }}
-    name: Publish Pre-Release Docker Images
+    name: Publish Release Next Docker Images
     needs: publish
     uses: ./.github/workflows/publish-docker-images.yml
     secrets: inherit
     with:
       ziti-tag: release-next
 
-  call-publish-release-docker-images:
-    # - !cancelled() allows evaluating further conditional expressions even if
-    #   needed jobs were skipped
-    if: ${{
-      !cancelled()
-      && needs.publish.result == 'success'
-      && (
-      github.ref == 'refs/heads/main'
-      || startsWith(github.ref, 'refs/heads/release-v')
-      )
-      }}
-    name: Publish Release Docker Images
-    needs: publish
-    uses: ./.github/workflows/publish-docker-images.yml
-    secrets: inherit
-    with:
-      ziti-tag: ${{ needs.publish.outputs.ZITI_VERSION }}
-
   # call on release-next and release branches to publish linux packages to
   # "testing" and "release" package repos in Artifactory
   call-publish-linux-packages:
@@ -556,13 +513,9 @@ jobs:
     if: ${{
       !cancelled()
       && needs.publish.result == 'success'
-      && (
-      github.ref == 'refs/heads/main'
-      || startsWith(github.ref, 'refs/heads/release-v')
-      || github.ref == 'refs/heads/release-next'
-      )
+      && github.ref == 'refs/heads/release-next'
       }}
-    name: Publish Linux Packages
+    name: Publish Release Next Linux Packages
     needs: publish
     uses: ./.github/workflows/publish-linux-packages.yml
     secrets: inherit

@@ -0,0 +1,257 @@
+name: release
+
+on:
+  push:
+    tags:
+      - v*
+  workflow_dispatch:
+
+env:
+  GOFLAGS: "-trimpath"
+  GOX_OUTPUT: "release/{{.Arch}}/{{.OS}}/{{.Dir}}"
+  GOX_TEST_OUTPUT: "test/{{.Arch}}/{{.OS}}/bin/{{.Dir}}"
+  gh_ci_key: ${{ secrets.GH_CI_KEY }}
+  BUILD_NUMBER: ${{ format('{0}-{1}-{2}', github.run_id, github.run_number, github.run_attempt) }}
+  ZITI_BASE_VERSION: ${{ vars.ZITI_BASE_VERSION || null }}
+
+jobs:
+  mac-os-build:
+    name: Build Mac OS binaries
+    # allow fors to opt-out of time-consuming macOS builds
+    if: vars.ZITI_SKIP_MACOS_BUILD != 'true'
+    runs-on: macos-11
+    steps:
+      - name: Git Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: ./go.mod
+
+      - name: Install Ziti CI
+        uses: openziti/ziti-ci@v1
+
+      - name: Build and Test
+        shell: bash
+        run: |
+          go install github.com/mitchellh/gox@latest
+          $(go env GOPATH)/bin/gox -ldflags "$($(go env GOPATH)/bin/ziti-ci -q -t go-build-flags)" -cgo -os=darwin -arch=amd64 -output=$GOX_OUTPUT ./...
+          $(go env GOPATH)/bin/gox -ldflags "$($(go env GOPATH)/bin/ziti-ci -q -t go-build-flags)" -cgo -os=darwin -arch=arm64 -output=$GOX_OUTPUT ./...
+
+      - name: Upload artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: darwin-release-${{ github.run_id }}
+          path: release/
+          retention-days: 5
+
+  windows-build:
+    name: Build Windows binaries
+    # allow fors to opt-out of time-consuming Windows builds
+    if: vars.ZITI_SKIP_WINDOWS_BUILD != 'true'
+    runs-on: windows-2019
+    steps:
+      - name: Git Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: ./go.mod
+
+      - name: Install Ziti CI
+        uses: openziti/ziti-ci@v1
+
+      - name: Build and Test
+        shell: bash
+        run: |
+          go install github.com/mitchellh/gox@latest
+          $(go env GOPATH)/bin/gox -ldflags "$($(go env GOPATH)/bin/ziti-ci -q -t go-build-flags)" -cgo -os=windows -arch=amd64 -output=$GOX_OUTPUT ./...
+
+      - name: Upload artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: windows-release-${{ github.run_id }}
+          path: release/
+          retention-days: 5
+
+  linux-build:
+    name: Build Linux binaries
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Git Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: ./go.mod
+
+      - name: Install Ziti CI
+        uses: openziti/ziti-ci@v1
+
+      - name: Build and Test
+        shell: bash
+        run: |
+          sudo apt-get update
+          sudo apt-get -yq install gcc-arm-linux-gnueabihf g++-arm-linux-gnueabihf gcc-aarch64-linux-gnu
+          $(go env GOPATH)/bin/ziti-ci configure-git
+          go install github.com/mitchellh/gox@latest
+          $(go env GOPATH)/bin/ziti-ci -t go-build-flags
+          $(go env GOPATH)/bin/gox -ldflags "$($(go env GOPATH)/bin/ziti-ci -q -t go-build-flags)" -cgo -os=linux -arch=amd64 -output=$GOX_OUTPUT ./...
+          CC=arm-linux-gnueabihf-gcc $(go env GOPATH)/bin/gox -ldflags "$($(go env GOPATH)/bin/ziti-ci -q -t go-build-flags)" -cgo -os=linux -arch=arm -output=$GOX_OUTPUT ./...
+          CC=aarch64-linux-gnu-gcc   $(go env GOPATH)/bin/gox -ldflags "$($(go env GOPATH)/bin/ziti-ci -q -t go-build-flags)" -cgo -os=linux -arch=arm64 -output=$GOX_OUTPUT ./...
+
+      - name: Upload artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: linux-release-${{ github.run_id }}
+          path: release/
+          retention-days: 5
+
+  tests:
+    name: Run Unit and Integration Tests
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Git Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: ./go.mod
+
+      - name: Install Ziti CI
+        uses: openziti/ziti-ci@v1
+
+      - name: Run Go Quickstart Test
+        timeout-minutes: 5
+        shell: bash
+        run: |
+          go test -v -tags "quickstart automated" ./ziti/cmd/edge/...;
+
+      - name: Run Unit and Integration Tests
+        timeout-minutes: 10
+        shell: bash
+        run: |
+          go test ./... --tags apitests
+
+  publish:
+    name: Publish Binaries
+    if: ${{
+      !cancelled()
+      && (needs.mac-os-build.result == 'success' || needs.mac-os-build.result == 'skipped')
+      && (needs.windows-build.result == 'success' || needs.windows-build.result == 'skipped')
+      }}
+    needs: [ tests, linux-build, mac-os-build, windows-build ]
+    runs-on: ubuntu-20.04
+    outputs:
+      ZITI_VERSION: ${{ steps.get_version.outputs.ZITI_VERSION }}
+    steps:
+      - name: Git Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: ./go.mod
+
+      - name: Install Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.7'
+
+      - name: Install Ziti CI
+        uses: openziti/ziti-ci@v1
+
+      - name: Download linux release artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: linux-release-${{ github.run_id }}
+          path: release/
+
+      - name: Download darwin release artifact
+        if: needs.mac-os-build.result == 'success'
+        uses: actions/download-artifact@v4
+        with:
+          name: darwin-release-${{ github.run_id }}
+          path: release/
+
+      - name: Download windows release artifact
+        if: needs.windows-build.result == 'success'
+        uses: actions/download-artifact@v4
+        with:
+          name: windows-release-${{ github.run_id }}
+          path: release/
+
+      - name: List downloaded release artifacts
+        shell: bash
+        run: |
+          ls -lAhR release/
+
+      - name: Restore execute filemode on macOS and Linux release artifacts before publishing
+        shell: bash
+        run: |
+          find  ./release \
+                -type f \
+                -print0 \
+                -path "./release/*/darwin/ziti" \
+                -o \
+                -path "./release/*/linux/ziti" \
+            | xargs -0 chmod -c +x
+
+      - name: Publish GitHub Release
+        # forks need to run this step with their own GPG key because ziti-ci creates the GH release 
+        if: env.ziti_ci_gpg_key_id != null && startsWith(github.ref, 'refs/tags/v')
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          ziti_ci_gpg_key: ${{ secrets.ZITI_CI_GPG_KEY }}
+          ziti_ci_gpg_key_id: ${{ secrets.ZITI_CI_GPG_KEY_ID }}
+        shell: bash
+        run: |
+          $(go env GOPATH)/bin/ziti-ci configure-git
+          $(go env GOPATH)/bin/ziti-ci publish-to-github -t --prerelease --archive-base ""
+
+      # only ziti-ci computed version for release branches and {version}-{run_id} for non-release branches
+      - name: Compute the Ziti Version String used for Linux Packages and Container Image Tags
+        id: get_version
+        shell: bash
+        run: |
+          # drop the leading 'v', if any
+          ZITI_VERSION=${GITHUB_REF_NAME#v}
+          echo ZITI_VERSION="${ZITI_VERSION}" | tee -a $GITHUB_OUTPUT
+
+  call-publish-docker-images:
+    # - !cancelled() allows evaluating further conditional expressions even if
+    #   needed jobs were skipped
+    if: ${{ !cancelled() && needs.publish.result == 'success' }}
+    name: Publish Release Docker Images
+    needs: publish
+    uses: ./.github/workflows/publish-docker-images.yml
+    secrets: inherit
+    with:
+      ziti-tag: ${{ needs.publish.outputs.ZITI_VERSION }}
+
+  # call on release-next and release branches to publish linux packages to
+  # "testing" and "release" package repos in Artifactory
+  call-publish-linux-packages:
+    # - !cancelled() allows evaluating further conditional expressions even if
+    #   needed jobs were skipped
+    if: ${{ !cancelled() && needs.publish.result == 'success' }}
+    name: Publish Linux Packages
+    needs: publish
+    uses: ./.github/workflows/publish-linux-packages.yml
+    secrets: inherit
+    with:
+      ziti-version: ${{ needs.publish.outputs.ZITI_VERSION }}