policy match uses tyk-ee #1695
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# goreleaser knows not to publish when the trigger is _not_ a tag | |
name: Release | |
on: | |
pull_request: | |
push: | |
tags: | |
- v* | |
branches: | |
- master | |
jobs: | |
goreleaser: | |
runs-on: ubuntu-latest | |
permissions: | |
id-token: write | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Set up Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: "1.22" | |
- uses: docker/setup-buildx-action@v3 | |
- run: make test | |
- uses: docker/login-action@v3 | |
if: startsWith(github.ref, 'refs/tags/') | |
with: | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
- uses: goreleaser/goreleaser-action@v6 | |
with: | |
version: '~> v2' | |
args: release --clean ${{ !startsWith(github.ref, 'refs/tags/') && '--snapshot' || '' }} | |
env: | |
GITHUB_TOKEN: ${{ secrets.ORG_GH_TOKEN }} | |
- name: find amd64 linux binary | |
id: binary | |
run: | | |
path=$(jq -rc '.[] | select((.type=="Binary") and (.goos=="linux") and .goarch=="amd64") | .path' dist/artifacts.json) | |
echo "path=${path}" >> $GITHUB_OUTPUT | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: binary-amd64 | |
path: ${{ steps.binary.outputs.path }} | |
retention-days: 1 | |
doctor: | |
needs: goreleaser | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
repo: [tyk, tyk-analytics, tyk-pump, tyk-identity-broker, tyk-sink, portal, tyk-pro] | |
include: | |
- owner: TykTechnologies | |
- repo: tyk-pro | |
owner: tyklabs | |
steps: | |
- name: checkout ${{matrix.repo}}/${{matrix.branch}} | |
uses: actions/checkout@v4 | |
with: | |
repository: ${{ matrix.owner }}/${{ matrix.repo }} | |
ref: ${{ matrix.branch }} | |
token: ${{ secrets.ORG_GH_TOKEN }} | |
path: ${{ matrix.repo }} | |
fetch-depth: 1 | |
- uses: actions/download-artifact@v4 | |
id: download | |
with: | |
name: binary-amd64 | |
- name: prepare gromit | |
id: gromit | |
run: | | |
gromit="${{ steps.download.outputs.download-path }}/gromit" | |
chmod +x $gromit | |
echo "bin=${gromit}" >> "$GITHUB_OUTPUT" | |
- name: update ${{ matrix.repo }} | |
if: ${{ (github.event_name == 'push' && github.ref_name == 'master') || endsWith(github.head_ref, 'releng') }} | |
env: | |
GITHUB_TOKEN: ${{ matrix.repo == 'tyk-pro' && secrets.TYKLABS_TOKEN || secrets.ORG_GH_TOKEN }} | |
run: | | |
set -eo pipefail | |
${{ steps.gromit.outputs.bin }} policy sync ${{ matrix.repo }} | |
echo "## :hospital: ℞ ${{ matrix.repo }}" >> $GITHUB_STEP_SUMMARY | |
cd ${{ matrix.repo }} && for b in $(git for-each-ref --format '%(refname:short)' refs/heads); do | |
echo -e "<details>\n <summary> ${{ matrix.repo }} $b </summary>\n" | |
echo '```diff' | |
git diff origin/${b} $b | |
echo -e '```\n</details>' | |
done | tee -a $GITHUB_STEP_SUMMARY |