chore: fixes Wasm path for EnvoyExample, removes detached #729
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: | |
| - main | |
| tags: | |
| - "*" | |
| paths-ignore: | |
| - "**/*.md" | |
| - "LICENSE" | |
| pull_request: | |
| workflow_dispatch: | |
| env: | |
| GO_VERSION: '1.20' | |
| TINYGO_VERSION: 0.30.0 | |
| # Run e2e tests against latest two releases and latest dev | |
| ENVOY_IMAGES: > | |
| envoyproxy/envoy:v1.27-latest | |
| envoyproxy/envoy:v1.26-latest | |
| envoyproxy/envoy-dev:latest | |
| istio/proxyv2:1.18.2 | |
| istio/proxyv2:1.19.0 | |
| jobs: | |
| build: | |
| name: "Build (multiphase evaluation: ${{ matrix.multiphase_eval }})" | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| contents: write | |
| packages: write | |
| strategy: | |
| matrix: | |
| multiphase_eval: ["true","false"] | |
| env: | |
| MULTIPHASE_EVAL: ${{ matrix.multiphase_eval }} | |
| steps: | |
| - name: Check out code | |
| uses: actions/checkout@v3 | |
| with: # Ensure release_notes.sh can see prior commits | |
| fetch-depth: 0 | |
| - name: Install Go | |
| uses: actions/setup-go@v3 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| cache: true | |
| - name: Install TinyGo | |
| run: | | |
| gh release download v${TINYGO_VERSION} -p '*.linux-amd64.tar.gz' -D ~ -R github.com/tinygo-org/tinygo | |
| tar -xf ~/tinygo${TINYGO_VERSION}.linux-amd64.tar.gz -C $HOME | |
| echo "$HOME/tinygo/bin" >> $GITHUB_PATH | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Cache TinyGo build | |
| uses: actions/cache@v3 | |
| with: | |
| path: | | |
| ~/.cache/tinygo | |
| key: ${{ runner.os }}-tinygo-${{ hashFiles('**/go.sum') }} | |
| restore-keys: | | |
| ${{ runner.os }}-tinygo- | |
| - name: Run code checks | |
| run: go run mage.go lint | |
| - name: Build WASM filter | |
| run: go run mage.go build | |
| - name: Run unit tests | |
| run: go run mage.go coverage | |
| - name: Check Envoy example is spinning up | |
| run: | | |
| ENVOY_CONTAINER_NAME="envoy-envoy-1" | |
| go run mage.go runEnvoyExample & | |
| TIMEOUT=5 | |
| while [ $TIMEOUT -gt 0 ]; do | |
| exit_code=$(docker inspect -f '{{.State.ExitCode}}' $ENVOY_CONTAINER_NAME) | |
| if [ $exit_code -ne 0 ]; then | |
| echo "Envoy example failed to start" | |
| exit 1 | |
| fi | |
| sleep 1 # Wait for 1 second before checking again for up to TIMEOUT times | |
| ((TIMEOUT--)) | |
| done | |
| - name: Run e2e tests | |
| shell: bash | |
| run: > | |
| for image in $ENVOY_IMAGES; do | |
| echo "Running e2e with Envoy image $image" | |
| ENVOY_IMAGE=$image go run mage.go e2e | |
| done | |
| - name: Run regression tests (ftw) | |
| run: go run mage.go ftw | |
| - uses: actions/upload-artifact@v3 | |
| if: success() || failure() | |
| with: | |
| name: ftw-envoy-logs | |
| path: build/ftw-envoy.log | |
| - name: Set up Docker Buildx | |
| if: ${{ matrix.multiphase_eval=='true' }} | |
| uses: docker/setup-buildx-action@v2 | |
| - name: Docker meta | |
| if: ${{ matrix.multiphase_eval=='true' }} | |
| id: meta | |
| uses: docker/metadata-action@v4 | |
| with: | |
| images: | | |
| ghcr.io/${{ github.repository }} | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=pr | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}} | |
| - name: Docker meta busybox | |
| if: ${{ matrix.multiphase_eval=='true' }} | |
| id: meta-busybox | |
| uses: docker/metadata-action@v4 | |
| with: | |
| images: | | |
| ghcr.io/${{ github.repository }} | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=pr | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}} | |
| flavor: | | |
| suffix=-busybox | |
| - name: Login to GHCR | |
| if: ${{ matrix.multiphase_eval=='true' }} | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build and push busybox based image | |
| if: ${{ matrix.multiphase_eval=='true' }} | |
| uses: docker/build-push-action@v3 | |
| with: | |
| context: . | |
| push: ${{ github.event_name != 'pull_request' }} | |
| tags: ${{ steps.meta-busybox.outputs.tags }} | |
| labels: ${{ steps.meta-busybox.outputs.labels }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| build-args: | | |
| BASE_IMAGE=busybox:1.36-uclibc | |
| - name: Build and push | |
| if: ${{ matrix.multiphase_eval=='true' }} | |
| uses: docker/build-push-action@v3 | |
| with: | |
| context: . | |
| push: ${{ github.event_name != 'pull_request' }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| - name: Create draft release | |
| # Triggered only on tag creation | |
| if: matrix.multiphase_eval=='true' && github.event_name == 'push' && contains(github.ref, 'refs/tags/') | |
| run: | | |
| ls build | |
| mv build/main.wasm build/coraza-proxy-wasm.wasm | |
| tag="${GITHUB_REF#refs/tags/}" | |
| zip -j build/coraza-proxy-wasm-${tag}.zip build/coraza-proxy-wasm.wasm | |
| ./.github/workflows/release_notes.sh ${tag} > release-notes.txt | |
| gh release create ${tag} --draft --notes-file release-notes.txt --title ${GITHUB_REF#refs/tags/} ./build/coraza-proxy-wasm-${tag}.zip | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |