Fix release pipelines to pick up latest Go patch TT-16060#7503
Closed
Razeen-Abdal-Rahman wants to merge 13 commits intorelease-5.8from
Closed
Fix release pipelines to pick up latest Go patch TT-16060#7503Razeen-Abdal-Rahman wants to merge 13 commits intorelease-5.8from
Razeen-Abdal-Rahman wants to merge 13 commits intorelease-5.8from
Conversation
Contributor
|
API Changes no api changes detected |
Contributor
PR Reviewer Guide 🔍Here are some key observations to aid the review process:
|
Contributor
PR Code Suggestions ✨Explore these optional code suggestions:
|
### **PR Type**
Enhancement, Tests
___
### **Description**
- Modernize release workflow and images
- Separate EE/STD builds and packaging
- Add s390x support across builds
- Externalize test orchestration actions
___
### Diagram Walkthrough
```mermaid
flowchart LR
WF[".github/workflows/release.yml updates"]
DK1["ci/Dockerfile.distroless (trixie, pkg var)"]
DK2["ci/Dockerfile.std (trixie)"]
GR["goreleaser config: EE/STD/FIPS split + publishers"]
TST["Tests via shared actions + readiness checks"]
WF -- builds/pushes EE+STD on amd64/arm64/s390x --> GR
WF -- uses BUILD_PACKAGE_NAME, tags fix --> DK1
WF -- readiness checks, container stop --> TST
DK1 -- package install from var --> GR
DK2 -- base update only --> GR
```
<details> <summary><h3> File Walkthrough</h3></summary>
<table><thead><tr><th></th><th align="left">Relevant
files</th></tr></thead><tbody><tr><td><strong>Enhancement</strong></td><td><table>
<tr>
<td>
<details>
<summary><strong>release.yml</strong><dd><code>Release workflow refactor
with EE/STD split and s390x</code>
</dd></summary>
<hr>
.github/workflows/release.yml
<ul><li>Set VARIATION to <code>prod-variation</code>.<br> <li> Expand
DEB targets (Ubuntu Noble, Debian Trixie).<br> <li> Split EE/STD image
metadata/tags and fix labels/args with
<br><code>BUILD_PACKAGE_NAME</code>.<br> <li> Add linux/s390x platform
for CI/prod images.<br> <li> Replace inline test logic with shared
actions; add gateway readiness <br>checks and clean shutdown.<br> <li>
Adjust tag push steps, permissions, and test controller setup.</ul>
</details>
</td>
<td><a
href="https://github.com/TykTechnologies/tyk/pull/7506/files#diff-87db21a973eed4fef5f32b267aa60fcee5cbdf03c67fafdc2a9b553bb0b15f34">+70/-189</a></td>
</tr>
<tr>
<td>
<details>
<summary><strong>Dockerfile.distroless</strong><dd><code>Distroless
image: trixie base and param pkg</code>
</dd></summary>
<hr>
ci/Dockerfile.distroless
<ul><li>Switch base to <code>debian:trixie-slim</code>.<br> <li> Use
<code>BUILD_PACKAGE_NAME</code> for package install.<br> <li> Remove
fips filtering; precise package copy/install.<br> <li> Align stage name
casing and copy path.</ul>
</details>
</td>
<td><a
href="https://github.com/TykTechnologies/tyk/pull/7506/files#diff-ab1e64220db8ccca1a52a505decc2beb2156d5ec3ecb7d6b8660cc3dc7e1f5bd">+6/-5</a>
</td>
</tr>
<tr>
<td>
<details>
<summary><strong>Dockerfile.std</strong><dd><code>Std image: trixie
base, drop inline install</code>
</dd></summary>
<hr>
ci/Dockerfile.std
<ul><li>Switch base to <code>debian:trixie-slim</code>.<br> <li>
Introduce <code>BUILD_PACKAGE_NAME</code> ARG (not used here yet).<br>
<li> Remove embedded .deb install section.</ul>
</details>
</td>
<td><a
href="https://github.com/TykTechnologies/tyk/pull/7506/files#diff-a3b3e9cabd877d0bd0fc8f20a9fdca7f44d102547a5fdfcd398ea01637e5dfae">+2/-5</a>
</td>
</tr>
<tr>
<td>
<details>
<summary><strong>goreleaser.yml</strong><dd><code>Goreleaser:
EE/STD/FIPS split and publishers</code>
</dd></summary>
<hr>
ci/goreleaser/goreleaser.yml
<ul><li>Reorganize builds into <code>ee-*</code>, <code>std-*</code>,
and <code>fips-amd64</code>.<br> <li> Add s390x for both EE and STD,
adjust CC per arch.<br> <li> Swap nfpms: EE package
<code>tyk-gateway-ee</code>, STD <code>tyk-gateway</code>; clarify
FIPS.<br> <li> Add separate publishers for EE, FIPS, STD; tweak archives
format.</ul>
</details>
</td>
<td><a
href="https://github.com/TykTechnologies/tyk/pull/7506/files#diff-fb944a05459e4d713bc7541efd6e721cbe992a556353c09c4eb66a8eae9b856e">+66/-48</a>
</td>
</tr>
</table></td></tr></tr></tbody></table>
</details>
___
<!---TykTechnologies/jira-linter starts here-->
### Ticket Details
<details>
<summary>
<a href="https://tyktech.atlassian.net/browse/TT-16060" title="TT-16060"
target="_blank">TT-16060</a>
</summary>
| | |
|---------|----|
| Status | In Dev |
| Summary | Fix release pipelines to pick up latest Go patch |
Generated at: 2025-11-04 16:19:13
</details>
<!---TykTechnologies/jira-linter ends here-->
Co-authored-by: Gromit <policy@gromit>
Contributor
Author
|
Added longer wait for API tests to start |
Co-authored-by: Gromit <policy@gromit>
Co-authored-by: Gromit <policy@gromit>
Contributor
Author
|
Removed longer wait time for tests and fixes issue with mismatched plugin compiler version. |
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
User description
Go version for release pipelines updated to 1.24-bookworm.
Other changes from gromit carried over:
.github/workflows/release.ymlupgrade tests (logic added for handling scenarios where no previous version is available, used for new product launches) and steps to push docker images for fipsci/Dockerfileupdated to fix bugs when building locallyci/goreleaser/goreleaser.ymlproperly imports env value for fips and adds docker builds to goreleaser for local testing, these are skipped in pipeline runsci/install/post_install.shfix reversed logic and add handling if config file doesn't existDescription
All versions of golang in the
relese.ymlfile have been updated from1.24-bullseyeto1.24-bookwormRelated Issue
Jira ticket: TT-16060
Motivation and Context
This update is required so the CI pipeline can pick up the latest Go patch, which addresses newly reported CVEs in
stdlibTypes of changes
Checklist
PR Type
Bug fix, Enhancement
Description
Switch Go cross image to 1.24-bookworm
Add FIPS image build and publishing
Fix post-install cleanup and chmod safety
Improve upgrade tests handling no previous version
Diagram Walkthrough
File Walkthrough
post_install.sh
Fix post-install cleanup and safe permissionsci/install/post_install.sh
release.yml
Release workflow updates and FIPS publishing.github/workflows/release.yml
Dockerfile.std
Standard image: install flow and cleanupci/Dockerfile.std
goreleaser.yml
GoReleaser: add docker images and manifestsci/goreleaser/goreleaser.yml
tests sections in release workflow (embedded Dockerfile generation)
Upgrade test robustness for fresh installsci/tests sections in release workflow (embedded Dockerfile generation)
Ticket Details
TT-16060
Generated at: 2025-11-05 13:30:41