chore(ci): branch-wise nightly image selection (#152)

* chore(ci): per-branch default nightly

* chore(ci): test release workflow

* Revert "chore(ci): test release workflow"

This reverts commit 867aa30.

.ci/Dockerfile.test-image

@@ -1,9 +1,9 @@
-# Build context for this Dockerfile MUST BE the project root (..)
-
-ARG GATEWAY_IMAGE=kong/kong:nightly-ubuntu
-FROM $GATEWAY_IMAGE
+# Build context for this Dockerfile MUST BE the project root (should be .. if this file is in ./.ci/)
 
+ARG GATEWAY_IMAGE=${GATEWAY_IMAGE}
 ARG KONG_MANAGER_BUILD_SHA1=${KONG_MANAGER_BUILD_SHA1}
+
+FROM $GATEWAY_IMAGE
 LABEL com.konghq.kong-manager.build="${KONG_MANAGER_BUILD_SHA1}"
 
 ADD ./dist /usr/local/kong/gui

.ci/docker-compose.yml

@@ -3,15 +3,17 @@ version: "3.9"
 services:
   # nosemgrep: yaml.docker-compose.security.writable-filesystem-service.writable-filesystem-service
   kong-test-image:
-    image: ${GATEWAY_TEST_IMAGE}
+    # Using a empty string as the fallback makes this env optional but still fails if not set when used
+    image: "${GATEWAY_TEST_IMAGE:- }"
     security_opt:
       - no-new-privileges:true
     build:
-      context: ${GITHUB_WORKSPACE:-..} # MUST BE the project root (.. here)
+      context: ${GITHUB_WORKSPACE:-..} # MUST BE the project root (should be .. here as we're in ./.ci/)
       dockerfile: .ci/Dockerfile.test-image # relative to the build context
       args:
-        GATEWAY_IMAGE: ${GATEWAY_IMAGE:-kong/kong:nightly-ubuntu}
-        KONG_MANAGER_BUILD_SHA1: ${KONG_MANAGER_BUILD_SHA1:-null}
+        # Using a empty string as the fallback makes this env optional but still fails if not set when used
+        GATEWAY_IMAGE: "${GATEWAY_IMAGE:- }"
+        KONG_MANAGER_BUILD_SHA1: "${KONG_MANAGER_BUILD_SHA1:-null}"
 
   # nosemgrep: yaml.docker-compose.security.writable-filesystem-service.writable-filesystem-service
   kong-db:
@@ -34,7 +36,8 @@ services:
   # nosemgrep: yaml.docker-compose.security.writable-filesystem-service.writable-filesystem-service
   kong:
     &kong
-    image: "${GATEWAY_IMAGE:-kong/kong:nightly-ubuntu}"
+    # Using a empty string as the fallback makes this env optional but still fails if not set when used
+    image: "${GATEWAY_IMAGE:- }"
     security_opt:
       - no-new-privileges:true
     hostname: kong

.github/actions/select-gateway-image/action.yml

@@ -0,0 +1,37 @@
+name: Select Gateway image
+description:
+
+inputs:
+  current-image:
+    description: If this optional input is not empty, the action will select the provided image.
+  enterprise:
+    description: Whether or not to use enterprise Gateway images.
+    default: 'false' # a string instead of a boolean
+
+outputs:
+  image:
+    value: ${{ steps.select-image.outputs.image }}
+
+runs:
+  using: composite
+  steps:
+    - name: Select image
+      id: select-image
+      shell: bash
+      env:
+        DEFAULT_GATEWAY_IMAGE: |-
+          ${{ format('{0}', inputs.enterprise) == 'true' && 'kong/kong-gateway-internal:nightly-ubuntu' || 'kong/kong:nightly-ubuntu' }}
+      run: |
+        GATEWAY_IMAGE="${{ inputs.current-image }}"
+
+        if [[ -z "${{ env.DEFAULT_GATEWAY_IMAGE }}" ]]; then
+          echo "fatal: DEFAULT_GATEWAY_IMAGE is not set."
+          exit 1
+        fi
+
+        if [[ -z "$GATEWAY_IMAGE" ]]; then
+          GATEWAY_IMAGE="${{ env.DEFAULT_GATEWAY_IMAGE }}"
+        fi
+
+        echo "image=$GATEWAY_IMAGE" >> $GITHUB_OUTPUT
+        echo "Selected Gateway image: $GATEWAY_IMAGE"

.github/workflows/.reusable_e2e_tests_ee.yml

@@ -10,13 +10,11 @@ on:
         default: http://localhost:8002
       gateway-image:
         type: string
-        default: kong/kong:nightly-ubuntu
       retries:
         type: number
         default: 0
 
 env:
-  GATEWAY_IMAGE: ${{ inputs.gateway-image }}
   NPM_TOKEN: ${{ secrets.NPM_TOKEN_PRIVATE_READ }}
 
 jobs:
@@ -64,15 +62,30 @@ jobs:
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
+      - name: Log in to Docker Hub
+        timeout-minutes: 1
+        uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
+        with:
+          username: ${{ secrets.DOCKER_PULL_USER }}
+          password: ${{ secrets.DOCKER_PULL_PASSWORD }}
+
+      - name: Select Gateway image
+        id: select-gateway-image
+        uses: ./.github/actions/select-gateway-image
+        with:
+          current-image: ${{ inputs.gateway-image }}
+          enterprise: true
+
       - name: Start Kong
         timeout-minutes: 10
         working-directory: ${{ github.workspace }}
+        env:
+          GATEWAY_IMAGE: ${{ steps.select-gateway-image.outputs.image }}
         run: |
-          echo "Using image: $GATEWAY_IMAGE"
-          docker_compose_exit_code=0
-          docker compose -f .ci/docker-compose.yml up -d kong --wait || docker_compose_exit_code=$?
+          _compose_exit=0
+          docker compose -f .ci/docker-compose.yml up -d kong --wait || _compose_exit=$?
           docker compose -f .ci/docker-compose.yml logs
-          exit $compose_exit
+          exit $_compose_exit
 
       - name: Run E2E tests - EE
         timeout-minutes: 10

.github/workflows/.reusable_e2e_tests_oss.yml

@@ -10,13 +10,11 @@ on:
         default: http://localhost:8002
       gateway-image:
         type: string
-        default: kong/kong:nightly-ubuntu
       retries:
         type: number
         default: 0
 
 env:
-  GATEWAY_IMAGE: ${{ inputs.gateway-image }}
   NPM_TOKEN: ${{ secrets.NPM_TOKEN_PRIVATE_READ }}
 
 jobs:
@@ -75,15 +73,22 @@ jobs:
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
+      - name: Select Gateway image
+        id: select-gateway-image
+        uses: ./.github/actions/select-gateway-image
+        with:
+          current-image: ${{ inputs.gateway-image }}
+
       - name: Start Kong
         timeout-minutes: 10
         working-directory: ${{ github.workspace }}
+        env:
+          GATEWAY_IMAGE: ${{ inputs.gateway-image }}
         run: |
-          echo "Using image: $GATEWAY_IMAGE"
-          docker_compose_exit_code=0
-          docker compose -f .ci/docker-compose.yml up -d kong --wait || docker_compose_exit_code=$?
+          _compose_exit=0
+          docker compose -f .ci/docker-compose.yml up -d kong --wait || _compose_exit=$?
           docker compose -f .ci/docker-compose.yml logs
-          exit $compose_exit
+          exit $_compose_exit
 
       - name: Run E2E tests - OSS
         timeout-minutes: 10

.github/workflows/.reusable_test_image.yml

@@ -1,7 +1,6 @@
 # This is a reusable workflow
 
 # This workflow builds the test image for testing purposes and pushes it to ghcr.io
-# The test images are built with `kong/kong:nightly-ubuntu` (as default) as the base image
 
 name: Build and Push Test Image to GHCR
 
@@ -11,19 +10,14 @@ on:
       gateway-image:
         description: Name of the Gateway image (base) to use
         type: string
-        default: kong/kong:nightly-ubuntu
-      image-name:
-        description: Name of the Gateway test image being built
-        type: string
-        default: kong-manager
+      enterprise:
+        description: Whether or not to use enterprise Gateway images
+        type: boolean
+        default: false
     outputs:
-      gateway-test-image:
+      image:
         description: Name of the Gateway test image being built
-        value: ${{ jobs.build-and-push-test-image.outputs.image-name }}
-
-env:
-  GATEWAY_IMAGE: ${{ inputs.gateway-image }} # Important for the "Build image" step. Do not delete.
-  GATEWAY_TEST_IMAGE: ghcr.io/kong/${{ inputs.image-name }}:${{ github.sha }}
+        value: ${{ jobs.build-and-push-test-image.outputs.image }}
 
 jobs:
   build-and-push-test-image:
@@ -33,7 +27,7 @@ jobs:
       contents: read
       packages: write
     outputs:
-      image-name: ${{ env.GATEWAY_TEST_IMAGE }}
+      image: ${{ steps.build-and-push.outputs.image }}
 
     steps:
       - name: Checkout source code
@@ -48,14 +42,15 @@ jobs:
       - name: Unpack assets
         run: tar xzvf ./assets.tar.gz
 
-      - name: Set KONG_MANAGER_BUILD_SHA1
-        run: |
-          KONG_MANAGER_BUILD_SHA1=$(cat dist/build.sha1)
-          echo "KONG_MANAGER_BUILD_SHA1=${KONG_MANAGER_BUILD_SHA1}" >> $GITHUB_ENV
-          echo "KONG_MANAGER_BUILD_SHA1 = ${KONG_MANAGER_BUILD_SHA1}"
+      - name: Select Gateway image
+        id: select-gateway-image
+        uses: ./.github/actions/select-gateway-image
+        with:
+          current-image: ${{ inputs.gateway-image }}
+          enterprise: ${{ format('{0}', inputs.enterprise) }} # ensure it is a string
 
       - name: Log in to Docker Hub
-        if: ${{ inputs.image-name == 'kong-manager-ee' }}
+        if: ${{ format('{0}', inputs.enterprise) == 'true' }}
         timeout-minutes: 1
         uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
         with:
@@ -70,10 +65,15 @@ jobs:
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Build image
-        run: |
-          docker compose -f .ci/docker-compose.yml build kong-test-image
+      - name: Build and push image
+        id: build-and-push
+        env:
+          GATEWAY_IMAGE: ${{ steps.select-gateway-image.outputs.image }}
+          GATEWAY_TEST_IMAGE: |-
+            ghcr.io/kong/${{ format('{0}', inputs.enterprise) == 'true' && 'kong-admin-kong-ee' || 'kong-manager' }}:${{ github.sha }}
 
-      - name: Push image
         run: |
+          export KONG_MANAGER_BUILD_SHA1=$(cat dist/build.sha1)
+          docker compose -f .ci/docker-compose.yml build kong-test-image
           docker compose -f .ci/docker-compose.yml push kong-test-image
+          echo "image=$GATEWAY_TEST_IMAGE" >> $GITHUB_OUTPUT

.github/workflows/release.yml

@@ -22,32 +22,29 @@ jobs:
     uses: ./.github/workflows/.reusable_test_image.yml
     needs: build
     secrets: inherit
-    with:
-      gateway-image: kong/kong:nightly-ubuntu
 
   build-and-push-test-image-ee:
     name: Build and Push Test Image to GHCR - EE
     uses: ./.github/workflows/.reusable_test_image.yml
     needs: build
     secrets: inherit
     with:
-      gateway-image: kong/kong-gateway-internal:nightly-ubuntu
-      image-name: kong-manager-ee
+      enterprise: true
 
   e2e-tests-oss:
     name: E2E Tests - OSS
     needs: build-and-push-test-image-oss
     uses: ./.github/workflows/.reusable_e2e_tests_oss.yml
     with:
-      gateway-image: ${{ needs.build-and-push-test-image-oss.outputs.gateway-test-image }}
+      gateway-image: ${{ needs.build-and-push-test-image-oss.outputs.image }}
     secrets: inherit
 
   e2e-tests-ee:
     name: E2E Tests - EE
     needs: build-and-push-test-image-ee
     uses: ./.github/workflows/.reusable_e2e_tests_ee.yml
     with:
-      gateway-image: ${{ needs.build-and-push-test-image-ee.outputs.gateway-test-image }}
+      gateway-image: ${{ needs.build-and-push-test-image-ee.outputs.image }}
     secrets: inherit
 
   release:

.github/workflows/test.yml

@@ -18,30 +18,27 @@ jobs:
     uses: ./.github/workflows/.reusable_test_image.yml
     needs: build
     secrets: inherit
-    with:
-      gateway-image: kong/kong:nightly-ubuntu
 
   build-and-push-test-image-ee:
     name: Build and Push Test Image to GHCR - EE
     uses: ./.github/workflows/.reusable_test_image.yml
     needs: build
     secrets: inherit
     with:
-      gateway-image: kong/kong-gateway-internal:nightly-ubuntu
-      image-name: kong-manager-ee
+      enterprise: true
 
   e2e-tests-oss:
     name: E2E Tests - OSS
     needs: build-and-push-test-image-oss
     uses: ./.github/workflows/.reusable_e2e_tests_oss.yml
     with:
-      gateway-image: ${{ needs.build-and-push-test-image-oss.outputs.gateway-test-image }}
+      gateway-image: ${{ needs.build-and-push-test-image-oss.outputs.image }}
     secrets: inherit
 
   e2e-tests-ee:
     name: E2E Tests - EE
     needs: build-and-push-test-image-ee
     uses: ./.github/workflows/.reusable_e2e_tests_ee.yml
     with:
-      gateway-image: ${{ needs.build-and-push-test-image-ee.outputs.gateway-test-image }}
+      gateway-image: ${{ needs.build-and-push-test-image-ee.outputs.image }}
     secrets: inherit