From 7b18dd2bab84396b8afe3c4c8a4be319f947e31e Mon Sep 17 00:00:00 2001 From: Jarvis Date: Fri, 22 May 2026 14:46:29 +0800 Subject: [PATCH 1/7] ci: add apisix-runtime release assets workflow --- .github/workflows/release-apisix-runtime.yml | 54 ++++++++++++++++++++ 1 file changed, 54 insertions(+) create mode 100644 .github/workflows/release-apisix-runtime.yml diff --git a/.github/workflows/release-apisix-runtime.yml b/.github/workflows/release-apisix-runtime.yml new file mode 100644 index 000000000..db333e3ec --- /dev/null +++ b/.github/workflows/release-apisix-runtime.yml @@ -0,0 +1,54 @@ +name: Release apisix-runtime + +on: + workflow_dispatch: + inputs: + version: + description: "apisix-runtime version to release" + required: true + +jobs: + release: + name: Release + timeout-minutes: 90 + strategy: + fail-fast: false + matrix: + platform: + - runner: ubuntu-22.04 + arch: amd64 + build_arch: linux/amd64 + - runner: ubuntu-22.04-arm + arch: arm64 + build_arch: linux/arm64/v8 + runs-on: ${{ matrix.platform.runner }} + env: + VERSION: ${{ github.event.inputs.version }} + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Install dependencies + run: | + sudo apt-get update + sudo apt-get install -y make ruby ruby-dev rubygems build-essential + + - name: Build apisix-runtime deb + run: | + make package type=deb app=apisix-runtime runtime_version=${VERSION} image_base=debian image_tag=bookworm-slim arch=${{ matrix.platform.build_arch }} + + - name: Build apisix-runtime-debug deb + run: | + make package type=deb app=apisix-runtime runtime_version=${VERSION} image_base=debian image_tag=bookworm-slim arch=${{ matrix.platform.build_arch }} build_latest=latest artifact=apisix-runtime-debug + + - name: Upload release assets + uses: softprops/action-gh-release@v2 + with: + tag_name: apisix-runtime/${{ env.VERSION }} + name: apisix-runtime/${{ env.VERSION }} + body: Release apisix-runtime ${{ env.VERSION }} + files: | + ./output/apisix-runtime_${{ env.VERSION }}-0~debianbookworm-slim_${{ matrix.platform.arch }}.deb + ./output/apisix-runtime-debug_${{ env.VERSION }}-0~debianbookworm-slim_${{ matrix.platform.arch }}.deb + fail_on_unmatched_files: true + overwrite_files: true From d769e6657b35ff1be22fe1a1c1ca85d75fe88505 Mon Sep 17 00:00:00 2001 From: Jarvis Date: Fri, 22 May 2026 14:51:26 +0800 Subject: [PATCH 2/7] ci: harden apisix-runtime release workflow --- .github/workflows/release-apisix-runtime.yml | 31 ++++++++++++-------- 1 file changed, 18 insertions(+), 13 deletions(-) diff --git a/.github/workflows/release-apisix-runtime.yml b/.github/workflows/release-apisix-runtime.yml index db333e3ec..0732d1c6f 100644 --- a/.github/workflows/release-apisix-runtime.yml +++ b/.github/workflows/release-apisix-runtime.yml @@ -7,6 +7,9 @@ on: description: "apisix-runtime version to release" required: true +permissions: + contents: write + jobs: release: name: Release @@ -26,7 +29,9 @@ jobs: VERSION: ${{ github.event.inputs.version }} steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false - name: Install dependencies run: | @@ -35,20 +40,20 @@ jobs: - name: Build apisix-runtime deb run: | - make package type=deb app=apisix-runtime runtime_version=${VERSION} image_base=debian image_tag=bookworm-slim arch=${{ matrix.platform.build_arch }} + make package type=deb app=apisix-runtime runtime_version="${VERSION}" image_base=debian image_tag=bookworm-slim arch=${{ matrix.platform.build_arch }} - name: Build apisix-runtime-debug deb run: | - make package type=deb app=apisix-runtime runtime_version=${VERSION} image_base=debian image_tag=bookworm-slim arch=${{ matrix.platform.build_arch }} build_latest=latest artifact=apisix-runtime-debug + make package type=deb app=apisix-runtime runtime_version="${VERSION}" image_base=debian image_tag=bookworm-slim arch=${{ matrix.platform.build_arch }} build_latest=latest artifact=apisix-runtime-debug - name: Upload release assets - uses: softprops/action-gh-release@v2 - with: - tag_name: apisix-runtime/${{ env.VERSION }} - name: apisix-runtime/${{ env.VERSION }} - body: Release apisix-runtime ${{ env.VERSION }} - files: | - ./output/apisix-runtime_${{ env.VERSION }}-0~debianbookworm-slim_${{ matrix.platform.arch }}.deb - ./output/apisix-runtime-debug_${{ env.VERSION }}-0~debianbookworm-slim_${{ matrix.platform.arch }}.deb - fail_on_unmatched_files: true - overwrite_files: true + env: + GH_TOKEN: ${{ github.token }} + run: | + tag="apisix-runtime/${VERSION}" + gh release view "$tag" >/dev/null 2>&1 || \ + gh release create "$tag" --title "$tag" --notes "Release apisix-runtime ${VERSION}" + gh release upload "$tag" \ + "./output/apisix-runtime_${VERSION}-0~debianbookworm-slim_${{ matrix.platform.arch }}.deb" \ + "./output/apisix-runtime-debug_${VERSION}-0~debianbookworm-slim_${{ matrix.platform.arch }}.deb" \ + --clobber From bcd2d150fcf7704ef1ad1757b87e4c6e8eae90f5 Mon Sep 17 00:00:00 2001 From: Jarvis Date: Fri, 22 May 2026 14:53:44 +0800 Subject: [PATCH 3/7] fix: support apisix-runtime debug deb packaging --- .github/workflows/release-apisix-runtime.yml | 2 +- Makefile | 2 ++ package-apisix-runtime.sh | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release-apisix-runtime.yml b/.github/workflows/release-apisix-runtime.yml index 0732d1c6f..94210aaf0 100644 --- a/.github/workflows/release-apisix-runtime.yml +++ b/.github/workflows/release-apisix-runtime.yml @@ -21,7 +21,7 @@ jobs: - runner: ubuntu-22.04 arch: amd64 build_arch: linux/amd64 - - runner: ubuntu-22.04-arm + - runner: ubuntu-24.04-arm arch: arm64 build_arch: linux/arm64/v8 runs-on: ${{ matrix.platform.runner }} diff --git a/Makefile b/Makefile index 9f1d58a89..fa1c85c66 100644 --- a/Makefile +++ b/Makefile @@ -99,6 +99,7 @@ define build_runtime --build-arg RUNTIME_VERSION=$(runtime_version) \ --build-arg IMAGE_BASE=$(image_base) \ --build-arg IMAGE_TAG=$(image_tag) \ + --build-arg BUILD_LATEST=$(build_latest) \ --build-arg CODE_PATH=$(4) \ --platform $(arch) \ -f ./dockerfiles/Dockerfile.$(2).$(3) . @@ -111,6 +112,7 @@ define build_runtime --build-arg RUNTIME_VERSION=$(runtime_version) \ --build-arg IMAGE_BASE=$(image_base) \ --build-arg IMAGE_TAG=$(image_tag) \ + --build-arg BUILD_LATEST=$(build_latest) \ --build-arg CODE_PATH=$(4) \ --load \ --cache-from=$(cache_from) \ diff --git a/package-apisix-runtime.sh b/package-apisix-runtime.sh index f63f8108c..5a82eb96e 100755 --- a/package-apisix-runtime.sh +++ b/package-apisix-runtime.sh @@ -37,5 +37,5 @@ fi if [ "$PACKAGE_TYPE" == "deb" ]; then # Rename deb file with adding $DIST section - mv /output/apisix-runtime_"${RUNTIME_VERSION}"-"${ITERATION}"_"${PACKAGE_ARCH}".deb /output/apisix-runtime_"${RUNTIME_VERSION}"-"${ITERATION}"~"${dist}"_"${PACKAGE_ARCH}".deb + mv /output/"${artifact}"_"${RUNTIME_VERSION}"-"${ITERATION}"_"${PACKAGE_ARCH}".deb /output/"${artifact}"_"${RUNTIME_VERSION}"-"${ITERATION}"~"${dist}"_"${PACKAGE_ARCH}".deb fi From 893928907ab55643bf520a13d50e0716add389a6 Mon Sep 17 00:00:00 2001 From: Jarvis Date: Fri, 22 May 2026 14:55:06 +0800 Subject: [PATCH 4/7] ci: make runtime release creation idempotent --- .github/workflows/release-apisix-runtime.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release-apisix-runtime.yml b/.github/workflows/release-apisix-runtime.yml index 94210aaf0..405917380 100644 --- a/.github/workflows/release-apisix-runtime.yml +++ b/.github/workflows/release-apisix-runtime.yml @@ -51,8 +51,10 @@ jobs: GH_TOKEN: ${{ github.token }} run: | tag="apisix-runtime/${VERSION}" - gh release view "$tag" >/dev/null 2>&1 || \ - gh release create "$tag" --title "$tag" --notes "Release apisix-runtime ${VERSION}" + if ! gh release view "$tag" >/dev/null 2>&1; then + gh release create "$tag" --title "$tag" --notes "Release apisix-runtime ${VERSION}" || \ + gh release view "$tag" >/dev/null 2>&1 + fi gh release upload "$tag" \ "./output/apisix-runtime_${VERSION}-0~debianbookworm-slim_${{ matrix.platform.arch }}.deb" \ "./output/apisix-runtime-debug_${VERSION}-0~debianbookworm-slim_${{ matrix.platform.arch }}.deb" \ From caca120616cf589b9f9730bac9e6ee03089f2532 Mon Sep 17 00:00:00 2001 From: Jarvis Date: Fri, 22 May 2026 15:01:39 +0800 Subject: [PATCH 5/7] ci: validate apisix-runtime release input --- .github/workflows/release-apisix-runtime.yml | 12 ++++++++---- Makefile | 1 + 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/.github/workflows/release-apisix-runtime.yml b/.github/workflows/release-apisix-runtime.yml index 405917380..1ab58b1b7 100644 --- a/.github/workflows/release-apisix-runtime.yml +++ b/.github/workflows/release-apisix-runtime.yml @@ -38,6 +38,13 @@ jobs: sudo apt-get update sudo apt-get install -y make ruby ruby-dev rubygems build-essential + - name: Validate version input + run: | + if [[ ! "$VERSION" =~ ^[0-9A-Za-z._-]+$ ]]; then + echo "invalid version: $VERSION" >&2 + exit 1 + fi + - name: Build apisix-runtime deb run: | make package type=deb app=apisix-runtime runtime_version="${VERSION}" image_base=debian image_tag=bookworm-slim arch=${{ matrix.platform.build_arch }} @@ -51,10 +58,7 @@ jobs: GH_TOKEN: ${{ github.token }} run: | tag="apisix-runtime/${VERSION}" - if ! gh release view "$tag" >/dev/null 2>&1; then - gh release create "$tag" --title "$tag" --notes "Release apisix-runtime ${VERSION}" || \ - gh release view "$tag" >/dev/null 2>&1 - fi + gh release view "$tag" >/dev/null gh release upload "$tag" \ "./output/apisix-runtime_${VERSION}-0~debianbookworm-slim_${{ matrix.platform.arch }}.deb" \ "./output/apisix-runtime-debug_${VERSION}-0~debianbookworm-slim_${{ matrix.platform.arch }}.deb" \ diff --git a/Makefile b/Makefile index fa1c85c66..dc67e5f8a 100644 --- a/Makefile +++ b/Makefile @@ -26,6 +26,7 @@ local_code_path=0 openresty="apisix-runtime" artifact="0" runtime_version=0 +build_latest= apisix_repo="https://github.com/apache/apisix" apisix_runtime_repo="https://github.com/api7/apisix-build-tools.git" dashboard_repo="https://github.com/apache/apisix-dashboard" From b2e758a62cfa89f8250d0a2448c1012655987e94 Mon Sep 17 00:00:00 2001 From: Jarvis Date: Fri, 22 May 2026 15:48:52 +0800 Subject: [PATCH 6/7] ci: run apisix-runtime release on publish --- .github/workflows/release-apisix-runtime.yml | 22 +++++++++++++------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/.github/workflows/release-apisix-runtime.yml b/.github/workflows/release-apisix-runtime.yml index 1ab58b1b7..2ee0647c0 100644 --- a/.github/workflows/release-apisix-runtime.yml +++ b/.github/workflows/release-apisix-runtime.yml @@ -1,6 +1,9 @@ name: Release apisix-runtime on: + release: + types: + - published workflow_dispatch: inputs: version: @@ -13,6 +16,7 @@ permissions: jobs: release: name: Release + if: github.event_name == 'workflow_dispatch' || startsWith(github.event.release.tag_name, 'apisix-runtime/') timeout-minutes: 90 strategy: fail-fast: false @@ -25,8 +29,6 @@ jobs: arch: arm64 build_arch: linux/arm64/v8 runs-on: ${{ matrix.platform.runner }} - env: - VERSION: ${{ github.event.inputs.version }} steps: - name: Checkout code uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 @@ -38,12 +40,17 @@ jobs: sudo apt-get update sudo apt-get install -y make ruby ruby-dev rubygems build-essential - - name: Validate version input + - name: Resolve release version + env: + RAW_VERSION: ${{ github.event_name == 'release' && github.event.release.tag_name || github.event.inputs.version }} run: | - if [[ ! "$VERSION" =~ ^[0-9A-Za-z._-]+$ ]]; then - echo "invalid version: $VERSION" >&2 + version="${RAW_VERSION#apisix-runtime/}" + if [[ ! "$version" =~ ^[0-9A-Za-z._-]+$ ]]; then + echo "invalid version: $version" >&2 exit 1 fi + echo "VERSION=$version" >> "$GITHUB_ENV" + echo "RELEASE_TAG=apisix-runtime/$version" >> "$GITHUB_ENV" - name: Build apisix-runtime deb run: | @@ -57,9 +64,8 @@ jobs: env: GH_TOKEN: ${{ github.token }} run: | - tag="apisix-runtime/${VERSION}" - gh release view "$tag" >/dev/null - gh release upload "$tag" \ + gh release view "$RELEASE_TAG" >/dev/null + gh release upload "$RELEASE_TAG" \ "./output/apisix-runtime_${VERSION}-0~debianbookworm-slim_${{ matrix.platform.arch }}.deb" \ "./output/apisix-runtime-debug_${VERSION}-0~debianbookworm-slim_${{ matrix.platform.arch }}.deb" \ --clobber From efa1544c16bd64673cf6822b05dae8a34a2ec4a6 Mon Sep 17 00:00:00 2001 From: Jarvis Date: Fri, 22 May 2026 15:55:08 +0800 Subject: [PATCH 7/7] ci: checkout apisix-runtime release tag --- .github/workflows/release-apisix-runtime.yml | 26 ++++++++++---------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/.github/workflows/release-apisix-runtime.yml b/.github/workflows/release-apisix-runtime.yml index 2ee0647c0..3e9f78fe2 100644 --- a/.github/workflows/release-apisix-runtime.yml +++ b/.github/workflows/release-apisix-runtime.yml @@ -18,11 +18,13 @@ jobs: name: Release if: github.event_name == 'workflow_dispatch' || startsWith(github.event.release.tag_name, 'apisix-runtime/') timeout-minutes: 90 + env: + RELEASE_TAG: ${{ github.event_name == 'release' && github.event.release.tag_name || format('apisix-runtime/{0}', github.event.inputs.version) }} strategy: fail-fast: false matrix: platform: - - runner: ubuntu-22.04 + - runner: ubuntu-24.04 arch: amd64 build_arch: linux/amd64 - runner: ubuntu-24.04-arm @@ -30,28 +32,26 @@ jobs: build_arch: linux/arm64/v8 runs-on: ${{ matrix.platform.runner }} steps: + - name: Resolve release version + run: | + version="${RELEASE_TAG#apisix-runtime/}" + if [[ "$version" == "$RELEASE_TAG" || ! "$version" =~ ^[0-9A-Za-z._-]+$ ]]; then + echo "invalid release tag: $RELEASE_TAG" >&2 + exit 1 + fi + echo "VERSION=$version" >> "$GITHUB_ENV" + - name: Checkout code uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false + ref: ${{ env.RELEASE_TAG }} - name: Install dependencies run: | sudo apt-get update sudo apt-get install -y make ruby ruby-dev rubygems build-essential - - name: Resolve release version - env: - RAW_VERSION: ${{ github.event_name == 'release' && github.event.release.tag_name || github.event.inputs.version }} - run: | - version="${RAW_VERSION#apisix-runtime/}" - if [[ ! "$version" =~ ^[0-9A-Za-z._-]+$ ]]; then - echo "invalid version: $version" >&2 - exit 1 - fi - echo "VERSION=$version" >> "$GITHUB_ENV" - echo "RELEASE_TAG=apisix-runtime/$version" >> "$GITHUB_ENV" - - name: Build apisix-runtime deb run: | make package type=deb app=apisix-runtime runtime_version="${VERSION}" image_base=debian image_tag=bookworm-slim arch=${{ matrix.platform.build_arch }}