proxy: v2.276.0 (#13590) #354
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release | |
on: | |
push: | |
tags: | |
- "edge-*" | |
permissions: | |
contents: read | |
env: | |
GH_ANNOTATION: true | |
DOCKER_REGISTRY: ghcr.io/linkerd | |
K3D_VERSION: v5.7.5 | |
LINKERD2_PROXY_REPO: ${{ vars.LINKERD2_PROXY_REPO }} | |
jobs: | |
# TODO(ver) We should stop relying so heavily on the environment, | |
# especially the TAG variable. And it would be great to stop relying | |
# on the root-tag script altogether. | |
tag: | |
runs-on: ubuntu-24.04 | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- run: echo "tag=$(CI_FORCE_CLEAN=1 bin/root-tag)" >> "$GITHUB_OUTPUT" | |
id: tag | |
outputs: | |
tag: ${{ steps.tag.outputs.tag }} | |
docker_build: | |
name: Docker build | |
needs: [tag] | |
runs-on: ubuntu-24.04 | |
permissions: | |
id-token: write # needed for signing the images with GitHub OIDC Token | |
strategy: | |
matrix: | |
component: | |
- cli-bin | |
- controller | |
- policy-controller | |
- debug | |
- jaeger-webhook | |
- metrics-api | |
- proxy | |
- tap | |
- web | |
# policy-controller docker builds have occasionally hit a 30-minute timeout. | |
timeout-minutes: 45 | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- name: Set tag | |
run: echo 'TAG=${{ needs.tag.outputs.tag }}' >> "$GITHUB_ENV" | |
- uses: ./.github/actions/docker-build | |
id: build | |
with: | |
docker-registry: ${{ env.DOCKER_REGISTRY }} | |
docker-target: multi-arch | |
docker-push: 1 | |
docker-ghcr-username: ${{ secrets.DOCKER_GHCR_USERNAME }} | |
docker-ghcr-pat: ${{ secrets.DOCKER_GHCR_PAT }} | |
component: ${{ matrix.component }} | |
tag: ${{ needs.tag.outputs.tag }} | |
env: | |
LINKERD2_PROXY_GITHUB_TOKEN: ${{ secrets.LINKERD2_PROXY_GITHUB_TOKEN }} | |
- uses: sigstore/cosign-installer@v3 | |
- run: cosign sign '${{ steps.build.outputs.digest }}' | |
env: | |
COSIGN_YES: true | |
- name: Create artifact with CLI | |
# windows_static_cli_tests below needs this because it can't create linux containers | |
# inside windows | |
if: matrix.component == 'cli-bin' | |
env: | |
ARCHIVES: /home/runner/archives | |
DOCKER_TARGET: windows | |
run: | | |
bin/docker-pull-binaries "$TAG" | |
mkdir -p "$ARCHIVES" | |
cp -r "$PWD/target/release/linkerd2-cli-$TAG-windows.exe" "$ARCHIVES/linkerd-windows.exe" | |
# `with.path` values do not support environment variables yet, so an | |
# absolute path is used here. | |
# https://github.com/actions/upload-artifact/issues/8 | |
- name: Upload artifact | |
if: matrix.component == 'cli-bin' | |
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 | |
with: | |
name: image-archives-cli | |
path: /home/runner/archives | |
windows_static_cli_tests: | |
name: Static CLI tests (windows) | |
timeout-minutes: 30 | |
runs-on: windows-latest | |
needs: [docker_build] | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 | |
with: | |
go-version: "1.23" | |
- name: Download image archives | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 | |
with: | |
name: image-archives-cli | |
path: image-archives | |
- name: Run CLI Integration tests | |
run: go test --failfast --mod=readonly ".\test\cli" --linkerd="$PWD\image-archives\linkerd-windows.exe" --cli-tests -v | |
integration_tests: | |
name: Integration tests | |
needs: [tag, docker_build] | |
strategy: | |
matrix: | |
integration_test: | |
- cluster-domain | |
- cni-calico-deep | |
- deep | |
- viz | |
- default-policy-deny | |
- external | |
- rsa-ca | |
- helm-upgrade | |
- uninstall | |
- upgrade-edge | |
timeout-minutes: 60 | |
runs-on: ubuntu-24.04 | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 | |
with: | |
go-version: "1.23" | |
- name: Set environment variables from scripts | |
run: | | |
TAG='${{ needs.tag.outputs.tag }}' | |
CMD="$PWD/target/release/linkerd2-cli-$TAG-linux-amd64" | |
echo "CMD=$CMD" >> "$GITHUB_ENV" | |
echo "TAG=$TAG" >> "$GITHUB_ENV" | |
- name: Run integration tests | |
env: | |
LINKERD_DOCKER_REGISTRY: ${{ env.DOCKER_REGISTRY }} | |
run: | | |
bin/docker-pull-binaries "$TAG" | |
# Validate the CLI version matches the current build tag. | |
[[ "$TAG" == "$($CMD version --short --client)" ]] | |
bin/tests --images preload --name ${{ matrix.integration_test }} "$CMD" | |
choco_pack: | |
# only runs for stable tags. The conditionals are at each step level instead of the job level | |
# otherwise the jobs below that depend on this one won't run | |
name: Pack Chocolatey release | |
timeout-minutes: 30 | |
needs: [integration_tests] | |
runs-on: windows-2019 | |
steps: | |
- name: Checkout code | |
if: startsWith(github.ref, 'refs/tags/stable') | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- name: Chocolatey - update nuspec | |
if: startsWith(github.ref, 'refs/tags/stable') | |
run: | | |
$LINKERD_VERSION=$env:GITHUB_REF.Substring(17) | |
(Get-Content bin\win\linkerd.nuspec).replace('LINKERD_VERSION', "$LINKERD_VERSION") | Set-Content bin\win\linkerd.nuspec | |
- name: Chocolatey - pack | |
if: startsWith(github.ref, 'refs/tags/stable') | |
uses: crazy-max/ghaction-chocolatey@2ae99523e93879734d432250f87e2c45c379cd60 | |
with: | |
args: pack bin/win/linkerd.nuspec | |
- name: Chocolatey - upload package | |
if: startsWith(github.ref, 'refs/tags/stable') | |
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 | |
with: | |
name: choco | |
path: ./linkerd.*.nupkg | |
gh_release: | |
name: Create GH release | |
needs: | |
- tag | |
- integration_tests | |
# TODO(ver) choco packages are not produced for edge releases... | |
# - choco_pack | |
timeout-minutes: 30 | |
runs-on: ubuntu-24.04 | |
permissions: | |
contents: write | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
# - name: Download choco package | |
# if: startsWith(github.ref, 'refs/tags/stable') | |
# uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 | |
# with: | |
# name: choco | |
# path: choco | |
- name: Pull CLI binaries | |
run: DOCKER_TARGET=multi-arch bin/docker-pull-binaries '${{ needs.tag.outputs.tag }}' | |
# v=${TAG#"stable-"} | |
# mv choco/linkerd.*.nupkg "target/release/linkerd2-cli-stable-$v.nupkg" || true | |
- name: Create release | |
id: create_release | |
uses: softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda | |
with: | |
name: "${{ needs.tag.outputs.tag }}" | |
generate_release_notes: true | |
draft: false | |
prerelease: false | |
files: | | |
./target/release/linkerd2-cli-*-darwin* | |
./target/release/linkerd2-cli-*-linux-* | |
./target/release/linkerd2-cli-*-windows.* | |
./target/release/linkerd2-cli-*.nupkg | |
website_publish: | |
name: Linkerd website publish | |
needs: [gh_release] | |
if: startsWith(github.ref, 'refs/tags/stable') || startsWith(github.ref, 'refs/tags/edge') | |
timeout-minutes: 30 | |
runs-on: ubuntu-24.04 | |
permissions: | |
contents: write | |
steps: | |
- name: Create linkerd/website repository dispatch event | |
uses: peter-evans/repository-dispatch@ff45666b9427631e3450c54a1bcbee4d9ff4d7c0 | |
with: | |
token: ${{ secrets.RELEASE_TOKEN }} | |
repository: linkerd/website | |
event-type: release | |
website_publish_check: | |
name: Linkerd website publish check | |
needs: [tag, website_publish] | |
timeout-minutes: 30 | |
if: startsWith(github.ref, 'refs/tags/stable') || startsWith(github.ref, 'refs/tags/edge') | |
runs-on: ubuntu-24.04 | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- name: Set install target for stable | |
if: startsWith(github.ref, 'refs/tags/stable') | |
run: echo "INSTALL=install" >> "$GITHUB_ENV" | |
- name: Set install target for edge | |
if: startsWith(github.ref, 'refs/tags/edge') | |
run: echo "INSTALL=install-edge" >> "$GITHUB_ENV" | |
- name: Check published version | |
shell: bash | |
run: | | |
TAG='${{ needs.tag.outputs.tag }}' | |
until RES=$(bin/scurl "https://run.linkerd.io/$INSTALL" | grep "LINKERD2_VERSION=\${LINKERD2_VERSION:-$TAG}") \ | |
|| (( count++ >= 10 )) | |
do | |
sleep 30 | |
done | |
if [[ -z "$RES" ]]; then | |
echo "::error::The version '$TAG' was NOT found published in the website" | |
exit 1 | |
fi | |
chart_deploy: | |
name: Helm chart deploy | |
needs: [gh_release] | |
timeout-minutes: 30 | |
runs-on: ubuntu-24.04 | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- name: Log into GCP | |
uses: "google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f" | |
with: | |
credentials_json: ${{ secrets.LINKERD_SITE_TOKEN }} | |
- name: Edge Helm chart creation and upload | |
uses: ./.github/actions/helm-publish |