111 lines
3.9 KiB
YAML
111 lines
3.9 KiB
YAML
---
|
|
name: build_vault
|
|
|
|
# This workflow is intended to be called by the build workflow for each Vault
|
|
# binary that needs to be built and packaged. The ci make targets that are
|
|
# utilized automatically determine build metadata and handle building and
|
|
# packing vault.
|
|
|
|
on:
|
|
workflow_call:
|
|
inputs:
|
|
cgo-enabled:
|
|
type: string
|
|
default: 0
|
|
create-packages:
|
|
type: boolean
|
|
default: true
|
|
goos:
|
|
required: true
|
|
type: string
|
|
goarch:
|
|
required: true
|
|
type: string
|
|
go-tags:
|
|
type: string
|
|
package-name:
|
|
type: string
|
|
default: vault
|
|
vault-version:
|
|
type: string
|
|
required: true
|
|
web-ui-cache-key:
|
|
type: string
|
|
required: true
|
|
|
|
jobs:
|
|
build:
|
|
runs-on: custom-linux-xl-vault-latest
|
|
name: Vault ${{ inputs.goos }} ${{ inputs.goarch }} v${{ inputs.vault-version }}
|
|
steps:
|
|
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
|
|
- uses: ./.github/actions/set-up-go
|
|
with:
|
|
github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
|
|
- name: Restore UI from cache
|
|
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
|
|
with:
|
|
# Restore the UI asset from the UI build workflow. Never use a partial restore key.
|
|
enableCrossOsArchive: true
|
|
fail-on-cache-miss: true
|
|
path: http/web_ui
|
|
key: ${{ inputs.web-ui-cache-key }}
|
|
- name: Build Vault
|
|
env:
|
|
GO_TAGS: ${{ inputs.go-tags }}
|
|
CGO_ENABLED: ${{ inputs.cgo-enabled }}
|
|
GOARCH: ${{ inputs.goarch }}
|
|
GOOS: ${{ inputs.goos }}
|
|
VERSION: ${{ inputs.vault-version }}
|
|
run:
|
|
make ci-build
|
|
- name: Determine artifact basename
|
|
env:
|
|
GOARCH: ${{ inputs.goarch }}
|
|
GOOS: ${{ inputs.goos }}
|
|
VERSION: ${{ inputs.vault-version }}
|
|
run: echo "ARTIFACT_BASENAME=$(make ci-get-artifact-basename)" >> "$GITHUB_ENV"
|
|
- name: Bundle Vault
|
|
env:
|
|
BUNDLE_PATH: out/${{ env.ARTIFACT_BASENAME }}.zip
|
|
run: make ci-bundle
|
|
- uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
|
|
with:
|
|
name: ${{ env.ARTIFACT_BASENAME }}.zip
|
|
path: out/${{ env.ARTIFACT_BASENAME }}.zip
|
|
if-no-files-found: error
|
|
- if: ${{ inputs.create-packages }}
|
|
uses: hashicorp/actions-packaging-linux@v1
|
|
with:
|
|
name: ${{ github.event.repository.name }}
|
|
description: Vault is a tool for secrets management, encryption as a service, and privileged access management.
|
|
arch: ${{ inputs.goarch }}
|
|
version: ${{ inputs.vault-version }}
|
|
maintainer: HashiCorp
|
|
homepage: https://github.com/hashicorp/vault
|
|
license: MPL-2.0
|
|
binary: dist/${{ inputs.package-name }}
|
|
deb_depends: openssl
|
|
rpm_depends: openssl
|
|
config_dir: .release/linux/package/
|
|
preinstall: .release/linux/preinst
|
|
postinstall: .release/linux/postinst
|
|
postremove: .release/linux/postrm
|
|
- if: ${{ inputs.create-packages }}
|
|
name: Determine package file names
|
|
run: |
|
|
echo "RPM_PACKAGE=$(basename out/*.rpm)" >> "$GITHUB_ENV"
|
|
echo "DEB_PACKAGE=$(basename out/*.deb)" >> "$GITHUB_ENV"
|
|
- if: ${{ inputs.create-packages }}
|
|
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
|
|
with:
|
|
name: ${{ env.RPM_PACKAGE }}
|
|
path: out/${{ env.RPM_PACKAGE }}
|
|
if-no-files-found: error
|
|
- if: ${{ inputs.create-packages }}
|
|
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
|
|
with:
|
|
name: ${{ env.DEB_PACKAGE }}
|
|
path: out/${{ env.DEB_PACKAGE }}
|
|
if-no-files-found: error
|