add a test for the docker images

.github/workflows/cpack.yml

@@ -3,8 +3,13 @@ name: CI package
 on: 
   workflow_dispatch:
   push:
-    branches:  # ignore push to tags
-      - '**'
+    branches:
+      - main
+      - release-*
+  pull_request:
+    branches:
+      - main
+      - release-*
     paths:
       - programs/ziti-edge-tunnel/package/*
       - .github/actions/openziti-tunnel-build-action/*

.github/workflows/promote-downstreams.yml

@@ -2,15 +2,14 @@ name: Promote Downstream Releases
 
 on: 
   workflow_dispatch:
+  release:
+    types: [released]  # this release event activity type excludes prereleases
 
 # cancel older, redundant runs of same workflow on same branch
 concurrency:
   group: ${{ github.workflow }}-${{ github.head_ref || github.ref_name }}
   cancel-in-progress: true
 
-env:
-  RELEASE_REF: ${{ github.ref}}
-
 jobs:
   wait_for_release:
     name: Wait for Release Builds to Succeed
@@ -22,7 +21,7 @@ jobs:
       - name: Wait for all checks on this ref
         uses: lewagon/[email protected]
         with:
-          ref: ${{ env.RELEASE_REF }}
+          ref: ${{ github.ref }}
           repo-token: ${{ secrets.GITHUB_TOKEN }}
           # seconds between polling the checks api for job statuses
           wait-interval: 20
@@ -39,10 +38,12 @@ jobs:
       - name: Parse Release Version
         id: parse
         shell: bash
+        env:
+          RELEASE_REF: ${{ github.ref_name }}
         run: |
-          if [[ "${RELEASE_REF}" =~ ^refs\/tags\/v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+          if [[ "${RELEASE_REF}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
             echo "RELEASE_REF=${RELEASE_REF} is a semver release ref"
-            echo "version=${RELEASE_REF#refs/tags/v}" | tee -a $GITHUB_OUTPUT
+            echo "version=${RELEASE_REF#v}" | tee -a $GITHUB_OUTPUT
           else
             echo "RELEASE_REF=${RELEASE_REF} is not a semver release ref" >&2
             exit 1
@@ -83,14 +84,14 @@ jobs:
           username: ${{ vars.DOCKER_HUB_API_USER || secrets.DOCKER_HUB_API_USER }}
           password: ${{ secrets.DOCKER_HUB_API_TOKEN }}
 
-      - name: Tag Latest zti-edge-tunnel 
+      - name: Tag Latest ziti-edge-tunnel 
         shell: bash
         run: >
           docker buildx imagetools create --tag
           ${{ env.ZITI_EDGE_TUNNEL_IMAGE }}:latest
           ${{ env.ZITI_EDGE_TUNNEL_IMAGE }}:${{ needs.parse_version.outputs.version }}
 
-      - name: Tag Latest zti-host
+      - name: Tag Latest ziti-host
         shell: bash
         run: >
           docker buildx imagetools create --tag

.github/workflows/publish-containers.yml → .github/workflows/publish-container-images.yml

@@ -17,7 +17,7 @@ on:
 # no need for concurrency group in callable workflows
 
 jobs:
-  publish-containers:
+  publish-container-images:
     runs-on: ubuntu-latest
     env:
       ZITI_VERSION: ${{ inputs.ziti-version || github.event.inputs.ziti-version }}
@@ -30,8 +30,23 @@ jobs:
       - name: Checkout Workspace
         uses: actions/checkout@v4
 
+      - name: Download CMake Artifacts
+        uses: actions/download-artifact@v4
+        with:
+          pattern: linux-*
+          path: ./downloads
+          merge_multiple: false  # some artifacts have the same name and so can not be aggregated in a single directory
+
+      - name: Unpack CMake Artifacts
+        shell: bash
+        run: |
+          set -x
+          mkdir -p ./build/{arm64,amd64}/linux/
+          unzip -d ./build/arm64/linux/ ./downloads/linux-arm64/ziti-edge-tunnel-Linux_aarch64.zip
+          unzip -d ./build/amd64/linux/ ./downloads/linux-x64/ziti-edge-tunnel-Linux_x86_64.zip
+
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3
         with:
           platforms: amd64,arm64
 
@@ -45,23 +60,23 @@ jobs:
           username: ${{ vars.DOCKER_HUB_API_USER || secrets.DOCKER_HUB_API_USER }}
           password: ${{ secrets.DOCKER_HUB_API_TOKEN }}
 
-      - name: Set up Docker image tags for "run" container
+      - name: Set up Docker image tags for ziti-edge-tunnel image
         env:
           IMAGE_REPO: ${{ env.ZITI_EDGE_TUNNEL_IMAGE }}
         id: tagprep_run
         run: echo DOCKER_TAGS="${IMAGE_REPO}:unstable,${IMAGE_REPO}:${ZITI_VERSION}" | tee -a $GITHUB_OUTPUT
 
-      - name: Build & Push Multi-Platform Container Image to Hub
+      - name: Build & Push Multi-Platform ziti-edge-tunnel Container Image
         uses: docker/build-push-action@v6
         with:
           builder: ${{ steps.buildx.outputs.name }}
-          context: ${{ github.workspace }}/docker
-          file: ${{ github.workspace }}/docker/Dockerfile.base
+          context: ${{ github.workspace }}/
+          file: ${{ github.workspace }}/docker/ziti-edge-tunnel.Dockerfile
           platforms: linux/amd64,linux/arm64
           tags: ${{ steps.tagprep_run.outputs.DOCKER_TAGS }}
           build-args: |
-            ZITI_VERSION=${{ env.ZITI_VERSION }}
-            GITHUB_REPO=${{ github.repository }}
+            ARTIFACTS_DIR=./build
+            DOCKER_BUILD_DIR=./docker
           push: true
 
       - name: Set up Docker image tags for "run-host" container
@@ -70,16 +85,15 @@ jobs:
         id: tagprep_run_host
         run: echo DOCKER_TAGS="${IMAGE_REPO}:unstable,${IMAGE_REPO}:${ZITI_VERSION}" | tee -a $GITHUB_OUTPUT
 
-
-      - name: Build & Push Multi-Platform Container Image to Hub
+      - name: Build & Push Multi-Platform ziti-host Container Image
         uses: docker/build-push-action@v6
         with:
           builder: ${{ steps.buildx.outputs.name }}
-          context: ${{ github.workspace }}/docker
-          file: ${{ github.workspace }}/docker/Dockerfile.ziti-host
+          context: ${{ github.workspace }}/
+          file: ${{ github.workspace }}/docker/ziti-host.Dockerfile
           platforms: linux/amd64,linux/arm64
           tags: ${{ steps.tagprep_run_host.outputs.DOCKER_TAGS }}
           build-args: |
-            ZITI_EDGE_TUNNEL_TAG=${{ env.ZITI_VERSION }}
             ZITI_EDGE_TUNNEL_IMAGE=${{ env.ZITI_EDGE_TUNNEL_IMAGE }}
+            ZITI_EDGE_TUNNEL_TAG=${{ env.ZITI_VERSION }}
           push: true

.github/workflows/release.yml

@@ -20,7 +20,8 @@ jobs:
       - name: download
         uses: actions/download-artifact@v4
         with:
-          path: ${{ runner.workspace }}/downloads/
+          path: ${{ runner.workspace }}/downloads
+          merge_multiple: false  # some artifacts have the same name and so can not be aggregated in a single directory
 
       - name: List Release Artifacts
         run: ls -horRAS ${{runner.workspace}}/downloads/
@@ -36,10 +37,7 @@ jobs:
           # token: defaults to github.token
           fail_on_unmatched_files: true
           files: |
-            ${{ runner.workspace }}/downloads/linux-x64-static-libssl/ziti-edge-tunnel-Linux_x86_64.zip
-            ${{ runner.workspace }}/downloads/linux-arm-static-libssl/ziti-edge-tunnel-Linux_arm.zip
-            ${{ runner.workspace }}/downloads/macOS-x64/ziti-edge-tunnel-Darwin_x86_64.zip
-            ${{ runner.workspace }}/downloads/macOS-arm64/ziti-edge-tunnel-Darwin_arm64.zip
+            ${{ runner.workspace }}/downloads/**/*.zip
 
       # These final two steps are only necessary because we prefer a different
       # release artifact name than is created by CMake, and so we could change
@@ -68,22 +66,21 @@ jobs:
       - name: Get the Version String from Git Tag
         id: get_version
         env:
-          GITHUB_REF: ${{ github.ref }}
+          RELEASE_REF: ${{ github.ref_name }}
         run: |
-          ZITI_VERSION="${GITHUB_REF#refs/*/v}"
+          ZITI_VERSION="${RELEASE_REF#v}"
           if [[ "${ZITI_VERSION}" =~ ^[0-9]+\.[0-9]+\.[0-9]+(-.+)?$ ]]; then
-            echo "DEBUG: ZITI_VERSION=${ZITI_VERSION}"
-            echo ZITI_VERSION="${ZITI_VERSION}" >> $GITHUB_OUTPUT
+            echo ZITI_VERSION="${ZITI_VERSION}" | tee -a $GITHUB_OUTPUT
           else
             # fail the job because we could not obtain a valid version string from the Git ref
-            echo "ERROR: ZITI_VERSION=${ZITI_VERSION} is not a semver"
+            echo "ERROR: ZITI_VERSION=${ZITI_VERSION} is not a release semver"
             exit 1
           fi
 
-  call-publish-containers:
+  call-publish-container-images:
     name: Publish Container Images
     needs: [ release ]
-    uses: ./.github/workflows/publish-containers.yml
+    uses: ./.github/workflows/publish-container-images.yml
     secrets: inherit
     with:
       ziti-version: ${{ needs.release.outputs.ZITI_VERSION }}

.github/workflows/test-deployments.yml

@@ -0,0 +1,32 @@
+name: Test Deployments
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+      - release-v*
+  pull_request:
+    branches:
+      - main
+      - release-v*
+
+# cancel older, redundant runs of same workflow on same branch
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.ref_name }}
+  cancel-in-progress: true
+
+jobs:
+  docker-deployments:
+    name: Test Docker Deployments
+    runs-on: ubuntu-latest
+    steps:
+      - name: Full Checkout to Allow CMake to Find Version with Git
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Run the Compose Test Script
+        shell: bash
+        run: docker/docker.test.bash
+        env:
+          I_AM_ROBOT: 1

docker/compose.host.yml

@@ -0,0 +1,10 @@
+volumes:
+    ziti-host:
+
+services:
+    ziti-host:
+        image: ${ZITI_HOST_IMAGE:-openziti/ziti-host}:${ZITI_HOST_TAG:-latest}
+        volumes:
+            - ziti-host:/ziti-edge-tunnel
+        environment:
+            - ZITI_ENROLL_TOKEN