Skip to content

Linter fixes for the crypto and encoding k6 modules #2639

Linter fixes for the crypto and encoding k6 modules

Linter fixes for the crypto and encoding k6 modules #2639

Workflow file for this run

name: Build
on:
workflow_dispatch:
inputs:
k6_version:
description: 'The version of the release, it must use the semantic versioning format with the v prefix. It is a development release so it is suggested to append a build metadata (e.g. v0.38.0-dev).'
required: true
go_version:
description: 'Go version for building binaries'
default: '1.x'
required: true
push:
branches:
- master
tags:
- v*
pull_request:
defaults:
run:
shell: bash
env:
APP_NAME: "k6"
# We'll push to two DockerHub repos at once; `loadimpact/k6` repo is required for backwards compatibility
LI_DOCKER_IMAGE_ID: "loadimpact/k6"
DOCKER_IMAGE_ID: "grafana/k6"
GHCR_IMAGE_ID: ${{ github.repository }}
DEFAULT_GO_VERSION: "1.21.x"
jobs:
configure:
runs-on: ubuntu-latest
outputs:
k6_version: ${{ steps.get_k6_version.outputs.k6_version }}
go_version: ${{ steps.get_go_version.outputs.go_version }}
steps:
- name: Checkout code
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Get the k6 version
id: get_k6_version
run: |
set -x # Show exactly what commands are executed
if [[ "${{ github.event_name }}" == "workflow_dispatch" ]] && [[ "${{ github.event.inputs.k6_version }}" != "" ]]; then
VERSION="${{ github.event.inputs.k6_version }}"
echo "Building custom dev build with version '${VERSION}' from manual workflow_dispatch..."
elif [[ "${GITHUB_REF}" =~ ^refs/tags/v.+$ ]]; then
VERSION="${GITHUB_REF##*/}"
echo "Building real version tag '${GITHUB_REF}', parsed '${VERSION}' as the actual version..."
else
VERSION="$(git describe --tags --always --long --dirty)"
echo "Building a non-version ref '${GITHUB_REF}', use '${VERSION}' as the version instead..."
fi
echo "VERSION=${VERSION}"
echo "k6_version=${VERSION}" >> $GITHUB_OUTPUT
- name: Get the used Go version
id: get_go_version
run: |
set -x # Show exactly what commands are executed
if [[ "${{ github.event_name }}" == "workflow_dispatch" ]] && [[ "${{ github.event.inputs.go_version }}" != "" ]]; then
GO_VERSION="${{ github.event.inputs.go_version }}"
echo "Using custom Go version '${GO_VERSION}' from manual workflow_dispatch..."
else
GO_VERSION="${DEFAULT_GO_VERSION}"
echo "Using the default Go version '${GO_VERSION}'..."
fi
echo "GO_VERSION=${GO_VERSION}"
echo "go_version=${GO_VERSION}" >> $GITHUB_OUTPUT
build:
runs-on: ubuntu-latest
needs: [configure]
env:
VERSION: ${{ needs.configure.outputs.k6_version }}
steps:
- name: Checkout code
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Install Go
uses: actions/setup-go@v3
with:
go-version: ${{ needs.configure.outputs.go_version }}
check-latest: true
- name: Install nfpm (dep and rpm package builder)
run: |
go install github.com/goreleaser/nfpm/v2/cmd/[email protected]
- name: Install goversioninfo (.syso file creator)
run: |
go install github.com/josephspurrier/goversioninfo/cmd/[email protected]
- name: Generate Windows binary metadata (.syso files)
run: |
IFS=. read -a version_parts <<< "${VERSION#v}"
IFS=- read -a version_patch <<< "${version_parts[2]}"
# Need a blank versioninfo.json for the CLI overrides to work.
echo '{}' > versioninfo.json
set -x
goversioninfo -64 \
-platform-specific=true \
-charset="1200" \
-company="Raintank Inc. d.b.a. Grafana Labs" \
-copyright="© Raintank Inc. d.b.a. Grafana Labs. Licensed under AGPL." \
-description="A modern load testing tool, using Go and JavaScript" \
-icon=packaging/k6.ico \
-internal-name="k6" \
-original-name="k6.exe" \
-product-name="k6" \
-translation="0x0409" \
-ver-major="${version_parts[0]}" \
-ver-minor="${version_parts[1]}" \
-ver-patch="${version_patch[0]}" \
-special-build=$(IFS='-'; echo "${version_patch[*]:1}";) \
-product-version="${VERSION#v}"
set +x
ls -lah | grep -i syso
- name: Build
run: |
go version
./build-release.sh "dist" "${VERSION}"
- name: Upload artifacts
uses: actions/upload-artifact@v3
with:
name: binaries
path: dist/
retention-days: 7
build-docker:
runs-on: ubuntu-latest
needs: [configure]
env:
VERSION: ${{ needs.configure.outputs.k6_version }}
steps:
- name: Checkout code
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Build
run: |
docker buildx create \
--name multibuilder \
--platform linux/amd64,linux/arm64 \
--bootstrap --use
docker buildx build \
--target release \
--platform linux/amd64,linux/arm64 \
-t $DOCKER_IMAGE_ID .
- name: Check
run: |
docker buildx build --load -t $DOCKER_IMAGE_ID .
# Assert that simple cases works for the new built image
docker run $DOCKER_IMAGE_ID version
docker run $DOCKER_IMAGE_ID --help
docker run $DOCKER_IMAGE_ID help
docker run $DOCKER_IMAGE_ID run --help
docker run $DOCKER_IMAGE_ID inspect --help
docker run $DOCKER_IMAGE_ID status --help
docker run $DOCKER_IMAGE_ID stats --help
docker run $DOCKER_IMAGE_ID scale --help
docker run $DOCKER_IMAGE_ID pause --help
docker run $DOCKER_IMAGE_ID resume --help
- name: Log into registries (ghcr.io and Docker Hub)
if: ${{ github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/v') }}
run: |
# Log into GitHub Container Registry
echo "${{ secrets.GITHUB_TOKEN }}" | docker login https://ghcr.io -u ${{ github.actor }} --password-stdin
# Log into Docker Hub Registry
echo "${{ secrets.DOCKER_PASS }}" | docker login -u "${{ secrets.DOCKER_USER }}" --password-stdin
- name: Publish k6:master images
if: ${{ github.ref == 'refs/heads/master' }}
run: |
echo "Publish $GHCR_IMAGE_ID:master* images"
docker buildx build --push \
--target release \
--platform linux/amd64,linux/arm64 \
-t $DOCKER_IMAGE_ID:master \
-t ghcr.io/$GHCR_IMAGE_ID:master .
docker buildx build --push \
--target with-browser \
--platform linux/amd64,linux/arm64 \
-t $DOCKER_IMAGE_ID:master-with-browser \
-t ghcr.io/$GHCR_IMAGE_ID:master-with-browser .
# LoadImpact images are deprecated, we don't build arm64 for it.
docker buildx build --push \
--target legacy \
--platform linux/amd64 \
-t $LI_DOCKER_IMAGE_ID:master .
- name: Publish tagged version images
if: ${{ startsWith(github.ref, 'refs/tags/v') }}
run: |
VERSION="${VERSION#v}"
echo "Publish $GHCR_IMAGE_ID:$VERSION images"
docker buildx build --push \
--target release \
--platform linux/amd64,linux/arm64 \
-t $DOCKER_IMAGE_ID:$VERSION \
-t ghcr.io/$GHCR_IMAGE_ID:$VERSION .
docker buildx build --push \
--target with-browser \
--platform linux/amd64,linux/arm64 \
-t $DOCKER_IMAGE_ID:$VERSION-with-browser \
-t ghcr.io/$GHCR_IMAGE_ID:$VERSION-with-browser .
# LoadImpact images are deprecated, we don't build arm64 for it.
docker buildx build --push \
--target legacy \
--platform linux/amd64 \
-t $LI_DOCKER_IMAGE_ID:$VERSION .
# We also want to tag the latest stable version as latest
if [[ ! "$VERSION" =~ (RC|rc) ]]; then
echo "Publish $GHCR_IMAGE_ID:latest"
docker buildx build --push \
--target release \
--platform linux/amd64,linux/arm64 \
-t $DOCKER_IMAGE_ID:latest \
-t ghcr.io/$GHCR_IMAGE_ID:latest .
docker buildx build --push \
--target with-browser \
--platform linux/amd64,linux/arm64 \
-t $DOCKER_IMAGE_ID:latest-with-browser \
-t ghcr.io/$GHCR_IMAGE_ID:latest-with-browser .
# LoadImpact images are deprecated, we don't build arm64 for it.
docker buildx build --push \
--target legacy \
--platform linux/amd64 \
-t $LI_DOCKER_IMAGE_ID:latest .
fi
package-windows:
runs-on: windows-2019
defaults:
run:
shell: pwsh
needs: [configure, build]
env:
VERSION: ${{ needs.configure.outputs.k6_version }}
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Install pandoc
uses: crazy-max/ghaction-chocolatey@90deb87d9fbf0bb2f022b91e3bf11b4441cddda5 # v2.1.0
with:
args: install -y pandoc
- name: Install wix tools
run: |
curl -Lso wix311-binaries.zip https://github.com/wixtoolset/wix3/releases/download/wix3112rtm/wix311-binaries.zip
Expand-Archive -Path .\wix311-binaries.zip -DestinationPath .\wix311\
echo "$pwd\wix311" | Out-File -FilePath $env:GITHUB_PATH -Append
- name: Download binaries
uses: actions/download-artifact@v3
with:
name: binaries
path: dist
- name: Unzip Windows binary
run: |
Expand-Archive -Path ".\dist\k6-$env:VERSION-windows-amd64.zip" -DestinationPath .\packaging\
move .\packaging\k6-$env:VERSION-windows-amd64\k6.exe .\packaging\
rmdir .\packaging\k6-$env:VERSION-windows-amd64\
- name: Add signtool to PATH
run: echo "${env:ProgramFiles(x86)}\Windows Kits\10\bin\x64" | Out-File -FilePath $env:GITHUB_PATH -Append
- name: Create the MSI package
run: |
$env:VERSION = $env:VERSION -replace 'v(\d+\.\d+\.\d+).*','$1'
pandoc -s -f markdown -t rtf -o packaging\LICENSE.rtf LICENSE.md
cd .\packaging
candle.exe -arch x64 "-dVERSION=$env:VERSION" k6.wxs
light.exe -ext WixUIExtension k6.wixobj
- name: Sign Windows binary and .msi package
# GH secrets are unavaileble when building from project forks, so this
# will fail for external PRs, even if we wanted to do it. And we don't.
# We are only going to sign packages that are built from master or a
# version tag, or manually triggered dev builds, so we have enough
# assurance that package signing works, but don't sign every PR build.
if: ${{ github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/v') || github.event_name == 'workflow_dispatch' }}
run: |
# Convert base64 certificate to PFX
$bytes = [Convert]::FromBase64String("${{ secrets.WIN_SIGN_CERT }}")
[IO.File]::WriteAllBytes("k6.pfx", $bytes)
# Sign the Windows binary
signtool sign /f k6.pfx /p "${{ secrets.WIN_SIGN_PASS }}" /tr "http://timestamp.digicert.com" /td sha256 /fd sha256 "packaging\k6.exe"
# Sign the MSI package
signtool sign /f k6.pfx /p "${{ secrets.WIN_SIGN_PASS }}" /tr "http://timestamp.digicert.com" /td sha256 /fd sha256 "packaging\k6.msi"
# Cleanup signing artifacts
del k6.pfx
- name: Rename MSI package
# To keep it consistent with the other artifacts
run: move "packaging\k6.msi" "packaging\k6-$env:VERSION-windows-amd64.msi"
- name: Upload artifacts
uses: actions/upload-artifact@v3
with:
name: binaries-windows
path: |
packaging/k6-*.msi
retention-days: 7
# Disabled until #1997 and #1998 are addressed.
# publish-macos:
# runs-on: macos-latest
# needs: [configure, build]
# if: ${{ startsWith(github.ref, 'refs/tags/v') && github.event_name != 'workflow_dispatch' }}
# env:
# VERSION: ${{ needs.configure.outputs.k6_version }}
# HOMEBREW_GITHUB_API_TOKEN: ${{ secrets.HOMEBREW_GITHUB_API_TOKEN }}
# steps:
# - name: Download source code archive
# run: curl -fsSL "${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/archive/${VERSION}.tar.gz" -o "${VERSION}.tar.gz"
# - name: Set up Homebrew
# uses: Homebrew/actions/setup-homebrew@2eb78889a50ba021d744837934f1af2d8c4458ec
# - name: Create version bump PR
# run: |
# brew bump-formula-pr k6 \
# --url="${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/archive/${VERSION}.tar.gz" \
# --sha256="$(shasum -a 256 ${VERSION}.tar.gz | cut -d' ' -f1)"
publish-github:
runs-on: ubuntu-latest
needs: [configure, build, package-windows]
if: ${{ startsWith(github.ref, 'refs/tags/v') && github.event_name != 'workflow_dispatch' }}
env:
VERSION: ${{ needs.configure.outputs.k6_version }}
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Download binaries
uses: actions/download-artifact@v3
with:
name: binaries
path: dist
- name: Download Windows binaries
uses: actions/download-artifact@v3
with:
name: binaries-windows
path: dist
- name: Generate checksum file
run: cd dist && sha256sum * > "k6-${VERSION}-checksums.txt"
- name: Anchore SBOM Action
continue-on-error: true
uses: anchore/[email protected]
with:
artifact-name: k6-${{ env.VERSION }}-spdx.json
upload-release-assets: false
output-file: dist/k6-${{ env.VERSION }}-spdx.json
- name: Create release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
set -x
assets=()
for asset in ./dist/*; do
assets+=("$asset")
done
gh release create "$VERSION" "${assets[@]}" --target "$GITHUB_SHA" -F "./release notes/${VERSION}.md"
publish-packages:
runs-on: ubuntu-latest
needs: [configure, build, package-windows]
if: ${{ startsWith(github.ref, 'refs/tags/v') && github.event_name != 'workflow_dispatch' }}
env:
VERSION: ${{ needs.configure.outputs.k6_version }}
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Download binaries
uses: actions/download-artifact@v3
with:
name: binaries
path: dist
- name: Download Windows binaries
uses: actions/download-artifact@v3
with:
name: binaries-windows
path: dist
- name: Rename binaries
# To be consistent with the filenames used in dl.k6.io
run: |
mv "dist/k6-$VERSION-windows-amd64.msi" "dist/k6-$VERSION-amd64.msi"
mv "dist/k6-$VERSION-linux-amd64.rpm" "dist/k6-$VERSION-amd64.rpm"
mv "dist/k6-$VERSION-linux-amd64.deb" "dist/k6-$VERSION-amd64.deb"
- name: Setup docker-compose environment
run: |
cat > packaging/.env <<EOF
AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION=us-east-1
AWS_CF_DISTRIBUTION="${{ secrets.AWS_CF_DISTRIBUTION }}"
PGP_SIGN_KEY_PASSPHRASE=${{ secrets.PGP_SIGN_KEY_PASSPHRASE }}
EOF
echo "${{ secrets.PGP_SIGN_KEY }}" > packaging/sign-key.gpg
- name: Publish packages
run: |
echo "${{ secrets.GITHUB_TOKEN }}" | docker login https://ghcr.io -u ${{ github.actor }} --password-stdin
cd packaging
docker-compose pull packager
docker-compose run --rm packager