Skip to content
Deploy to staging

tls: Verify vhost when tls.verify is enabled #194

Sign in to view logs

tls: Verify vhost when tls.verify is enabled

tls: Verify vhost when tls.verify is enabled #194

Workflow file for this run

.github/workflows/staging-build.yaml at 73e72bd
---
name: Deploy to staging
on:
push:
tags:
- '*'
workflow_dispatch:
inputs:
version:
description: Version of Fluent Bit to build
required: true
default: master
target:
description: Only build a specific Linux target, intended for debug/test/quick builds only.
required: false
default: ""
ignore_failing_targets:
description: Optionally ignore any failing builds in the matrix and continue.
type: boolean
required: false
default: false
# We do not want a new staging build to run whilst we are releasing the current staging build.
# We also do not want multiples to run for the same version.
concurrency: staging-build-release
jobs:
# This job strips off the `v` at the start of any tag provided.
# It then provides this metadata for the other jobs to use.
staging-build-get-meta:
name: Get metadata to build
runs-on: ubuntu-latest
outputs:
version: ${{ steps.formatted_version.outputs.replaced }}
steps:
- run: |
echo "Version: ${{ inputs.version || github.ref_name }}"
shell: bash
# This step is to consolidate the three different triggers into a single "version"
# 1. If manual dispatch - use the version provided.
# 2. If cron/regular build - use master.
# 3. If tag trigger, use that tag.
- name: Get the version
id: get_version
run: |
VERSION="${INPUT_VERSION}"
if [ -z "${VERSION}" ]; then
echo "Defaulting to master"
VERSION=master
fi
echo "VERSION=$VERSION" >> $GITHUB_OUTPUT
shell: bash
env:
# Use the dispatch variable in preference, if empty use the context ref_name which should
# only ever be a tag or the master branch for cron builds.
INPUT_VERSION: ${{ inputs.version || github.ref_name }}
# String the 'v' prefix for tags.
- uses: frabert/[email protected]
id: formatted_version
with:
pattern: '[v]*(.*)$'
string: "${{ steps.get_version.outputs.VERSION }}"
replace-with: '$1'
flags: 'g'
staging-build-images:
needs: staging-build-get-meta
uses: ./.github/workflows/call-build-images.yaml
with:
version: ${{ needs.staging-build-get-meta.outputs.version }}
ref: ${{ inputs.version || github.ref_name }}
registry: ghcr.io
username: ${{ github.actor }}
image: ${{ github.repository }}/staging
environment: staging
secrets:
token: ${{ secrets.GITHUB_TOKEN }}
cosign_private_key: ${{ secrets.COSIGN_PRIVATE_KEY }}
cosign_private_key_password: ${{ secrets.COSIGN_PASSWORD }}
staging-build-upload-schema-s3:
needs:
- staging-build-get-meta
- staging-build-images
runs-on: ubuntu-latest
environment: staging
steps:
- name: Download the schema generated by call-build-images
# We may have no schema so ignore that failure
continue-on-error: true
uses: actions/download-artifact@v4
with:
name: fluent-bit-schema-${{ needs.staging-build-get-meta.outputs.version }}
path: artifacts/
- name: Display structure of downloaded files
run: |
ls -R artifacts/
shell: bash
- name: Push schema to S3 bucket
# We may have no schema so ignore that failure
continue-on-error: true
run: |
aws s3 sync "artifacts/" "s3://${AWS_S3_BUCKET}/${DEST_DIR}" --no-progress
env:
DEST_DIR: "${{ needs.staging-build-get-meta.outputs.version }}/"
AWS_REGION: "us-east-1"
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET_STAGING }}
staging-build-generate-matrix:
name: Staging build matrix
runs-on: ubuntu-latest
outputs:
build-matrix: ${{ steps.set-matrix.outputs.build-matrix }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
# Set up the list of target to build so we can pass the JSON to the reusable job
- uses: ./.github/actions/generate-package-build-matrix
id: set-matrix
with:
ref: ${{ inputs.version || github.ref_name }}
target: ${{ inputs.target || '' }}
staging-build-packages:
needs:
- staging-build-get-meta
- staging-build-generate-matrix
uses: ./.github/workflows/call-build-linux-packages.yaml
with:
version: ${{ needs.staging-build-get-meta.outputs.version }}
ref: ${{ inputs.version || github.ref_name }}
build_matrix: ${{ needs.staging-build-generate-matrix.outputs.build-matrix }}
environment: staging
ignore_failing_targets: ${{ inputs.ignore_failing_targets || false }}
secrets:
token: ${{ secrets.GITHUB_TOKEN }}
bucket: ${{ secrets.AWS_S3_BUCKET_STAGING }}
access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
gpg_private_key_passphrase: ${{ secrets.GPG_PRIVATE_KEY_PASSPHRASE }}
staging-build-windows-packages:
needs:
- staging-build-get-meta
uses: ./.github/workflows/call-build-windows.yaml
with:
version: ${{ needs.staging-build-get-meta.outputs.version }}
ref: ${{ inputs.version || github.ref_name }}
environment: staging
secrets:
token: ${{ secrets.GITHUB_TOKEN }}
bucket: ${{ secrets.AWS_S3_BUCKET_STAGING }}
access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
staging-build-macos-packages:
needs:
- staging-build-get-meta
uses: ./.github/workflows/call-build-macos.yaml
with:
version: ${{ needs.staging-build-get-meta.outputs.version }}
ref: ${{ inputs.version || github.ref_name }}
environment: staging
secrets:
token: ${{ secrets.GITHUB_TOKEN }}
bucket: ${{ secrets.AWS_S3_BUCKET_STAGING }}
access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}