Skip to content

Updates to Coraza v3.2.1 and several dependencies #817

Updates to Coraza v3.2.1 and several dependencies

Updates to Coraza v3.2.1 and several dependencies #817

Workflow file for this run

name: CI
on:
push:
branches:
- main
tags:
- "*"
paths-ignore:
- "**/*.md"
- "LICENSE"
pull_request:
workflow_dispatch:
env:
GO_VERSION: '1.20'
TINYGO_VERSION: 0.31.2
# Run e2e tests against latest two releases and latest dev
ENVOY_IMAGES: >
envoyproxy/envoy:v1.30-latest
envoyproxy/envoy:v1.29-latest
envoyproxy/envoy-dev:latest
istio/proxyv2:1.22.1
istio/proxyv2:1.21.3
jobs:
build:
name: "Build (multiphase evaluation: ${{ matrix.multiphase_eval }})"
runs-on: ubuntu-22.04
permissions:
contents: write
packages: write
strategy:
fail-fast: false # ftw runs are flaky, let's keep the two jobs running reducing re-runs
matrix:
multiphase_eval: ["true","false"]
env:
MULTIPHASE_EVAL: ${{ matrix.multiphase_eval }}
steps:
- name: Check out code
uses: actions/checkout@v3
with: # Ensure release_notes.sh can see prior commits
fetch-depth: 0
- name: Install Go
uses: actions/setup-go@v3
with:
go-version: ${{ env.GO_VERSION }}
cache: true
- name: Install TinyGo
run: |
gh release download v${TINYGO_VERSION} -p '*.linux-amd64.tar.gz' -D ~ -R github.com/tinygo-org/tinygo
tar -xf ~/tinygo${TINYGO_VERSION}.linux-amd64.tar.gz -C $HOME
echo "$HOME/tinygo/bin" >> $GITHUB_PATH
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Cache TinyGo build
uses: actions/cache@v3
with:
path: |
~/.cache/tinygo
key: ${{ runner.os }}-tinygo-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-tinygo-
- name: Run code checks
run: go run mage.go lint
- name: Build WASM filter
run: go run mage.go build
- name: Run unit tests
run: go run mage.go coverage
- name: Run e2e tests
shell: bash
run: >
for image in $ENVOY_IMAGES; do
echo "Running e2e with Envoy image $image"
ENVOY_IMAGE=$image go run mage.go e2e
done
- name: Run regression tests (ftw)
run: go run mage.go ftw
- uses: actions/upload-artifact@v3
if: success() || failure()
with:
name: ftw-envoy-logs
path: build/ftw-envoy.log
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
if: ${{ matrix.multiphase_eval=='true' }}
uses: docker/setup-buildx-action@v3
- name: Docker meta
if: ${{ matrix.multiphase_eval=='true' }}
id: meta
uses: docker/metadata-action@v4
with:
images: |
ghcr.io/${{ github.repository }}
tags: |
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}
- name: Docker meta busybox
if: ${{ matrix.multiphase_eval=='true' }}
id: meta-busybox
uses: docker/metadata-action@v4
with:
images: |
ghcr.io/${{ github.repository }}
tags: |
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}
flavor: |
suffix=-busybox
- name: Login to GHCR
if: ${{ matrix.multiphase_eval=='true' }}
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push busybox based image
if: ${{ matrix.multiphase_eval=='true' }}
uses: docker/build-push-action@v5
with:
context: .
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta-busybox.outputs.tags }}
platforms: linux/amd64,linux/arm64
labels: ${{ steps.meta-busybox.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
build-args: |
BASE_IMAGE=busybox:1.36-uclibc
- name: Build and push
if: ${{ matrix.multiphase_eval=='true' }}
uses: docker/build-push-action@v5
with:
context: .
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Create draft release
# Triggered only on tag creation and if release does not exist
if: matrix.multiphase_eval=='true' && github.event_name == 'push' && contains(github.ref, 'refs/tags/')
run: |
set +e
tag="${GITHUB_REF#refs/tags/}"
if ! gh release view ${tag}; then
echo "Release ${tag} does not exist, creating..."
./.github/workflows/release_notes.sh ${tag} > release-notes.txt
gh release create ${tag} --draft --notes-file release-notes.txt --title ${GITHUB_REF#refs/tags/}
fi
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Push build artifact to release
# Triggered only on tag creation
if: matrix.multiphase_eval=='true' && github.event_name == 'push' && contains(github.ref, 'refs/tags/')
run: |
ls build
mv build/main.wasm build/coraza-proxy-wasm.wasm
tag="${GITHUB_REF#refs/tags/}"
zip -j build/coraza-proxy-wasm-${tag}.zip build/coraza-proxy-wasm.wasm
gh release upload ${tag} ./build/coraza-proxy-wasm-${tag}.zip --clobber
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}