luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity

ci: build s390x (#18118) 

Co-authored-by: Dan Bond <danbond@protonmail.com>
This commit is contained in:
hc-github-team-consul-core 2023-07-12 19:00:22 -05:00 committed by GitHub
parent 61b9465035
commit ebab3dbe4e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 230 additions and 117 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
.github/workflows/build-distros.yml vendored
View File

@ -2,7 +2,7 @@
# It is aimed at checking new commits don't introduce any breaking build changes. # It is aimed at checking new commits don't introduce any breaking build changes.
name: build-distros name: build-distros
on: on:
pull_request: pull_request:
push: push:
branches: branches:
@ -15,6 +15,7 @@ permissions:
env: env:
GOTAGS: ${{ endsWith(github.repository, '-enterprise') && 'consulent' || '' }} GOTAGS: ${{ endsWith(github.repository, '-enterprise') && 'consulent' || '' }}
GOPRIVATE: github.com/hashicorp # Required for enterprise deps
jobs: jobs:
setup: setup:
@ -26,13 +27,13 @@ jobs:
compute-large: ${{ steps.setup-outputs.outputs.compute-large }} compute-large: ${{ steps.setup-outputs.outputs.compute-large }}
compute-xl: ${{ steps.setup-outputs.outputs.compute-xl }} compute-xl: ${{ steps.setup-outputs.outputs.compute-xl }}
steps: steps:
- uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0 - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- id: setup-outputs - id: setup-outputs
name: Setup outputs name: Setup outputs
run: ./.github/scripts/get_runner_classes.sh run: ./.github/scripts/get_runner_classes.sh
check-go-mod: check-go-mod:
needs: needs:
- setup - setup
uses: ./.github/workflows/reusable-check-go-mod.yml uses: ./.github/workflows/reusable-check-go-mod.yml
with: with:
@ -42,21 +43,21 @@ jobs:
elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
build-386: build-386:
needs: needs:
- setup - setup
- check-go-mod - check-go-mod
env: env:
XC_OS: "freebsd linux windows" XC_OS: "freebsd linux windows"
runs-on: ${{ fromJSON(needs.setup.outputs.compute-xl) }} runs-on: ${{ fromJSON(needs.setup.outputs.compute-xl) }}
steps: steps:
- uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0 - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
# NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos. # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
- name: Setup Git - name: Setup Git
if: ${{ endsWith(github.repository, '-enterprise') }} if: ${{ endsWith(github.repository, '-enterprise') }}
run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com" run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com"
- uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # pin@v3.5.0 - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
with: with:
go-version-file: 'go.mod' go-version-file: 'go.mod'
- name: Build - name: Build
@ -67,20 +68,20 @@ jobs:
build-amd64: build-amd64:
needs: needs:
- setup - setup
- check-go-mod - check-go-mod
env: env:
XC_OS: "darwin freebsd linux solaris windows" XC_OS: "darwin freebsd linux solaris windows"
runs-on: ${{ fromJSON(needs.setup.outputs.compute-xl) }} runs-on: ${{ fromJSON(needs.setup.outputs.compute-xl) }}
steps: steps:
- uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0 - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
# NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos. # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
- name: Setup Git - name: Setup Git
if: ${{ endsWith(github.repository, '-enterprise') }} if: ${{ endsWith(github.repository, '-enterprise') }}
run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com" run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com"
- uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # pin@v3.5.0 - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
with: with:
go-version-file: 'go.mod' go-version-file: 'go.mod'
- name: Build - name: Build
@ -91,22 +92,22 @@ jobs:
build-arm: build-arm:
needs: needs:
- setup - setup
- check-go-mod - check-go-mod
runs-on: ${{ fromJSON(needs.setup.outputs.compute-xl) }} runs-on: ${{ fromJSON(needs.setup.outputs.compute-xl) }}
env: env:
CGO_ENABLED: 1 CGO_ENABLED: 1
GOOS: linux GOOS: linux
steps: steps:
- uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0 - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
# NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos. # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
- name: Setup Git - name: Setup Git
if: ${{ endsWith(github.repository, '-enterprise') }} if: ${{ endsWith(github.repository, '-enterprise') }}
run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com" run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com"
- uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # pin@v3.5.0
- uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
with: with:
go-version-file: 'go.mod' go-version-file: 'go.mod'
- run: | - run: |
@ -116,6 +117,26 @@ jobs:
- run: CC=arm-linux-gnueabihf-gcc GOARCH=arm GOARM=6 go build -tags "${{ env.GOTAGS }}" - run: CC=arm-linux-gnueabihf-gcc GOARCH=arm GOARM=6 go build -tags "${{ env.GOTAGS }}"
- run: CC=aarch64-linux-gnu-gcc GOARCH=arm64 go build -tags "${{ env.GOTAGS }}" - run: CC=aarch64-linux-gnu-gcc GOARCH=arm64 go build -tags "${{ env.GOTAGS }}"
build-s390x:
if: ${{ endsWith(github.repository, '-enterprise') }}
needs:
- setup
- check-go-mod
runs-on: ${{ fromJSON(needs.setup.outputs.compute-xl) }}
steps:
- uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
# NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
- name: Setup Git
run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com"
- uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
with:
go-version-file: 'go.mod'
- name: Build
run: GOOS=linux GOARCH=s390x CGO_ENABLED=0 go build -tags "${{ env.GOTAGS }}"
# This is job is required for branch protection as a required gihub check # This is job is required for branch protection as a required gihub check
# because GitHub actions show up as checks at the job level and not the # because GitHub actions show up as checks at the job level and not the
# workflow level. This is currently a feature request: # workflow level. This is currently a feature request:
@ -125,18 +146,18 @@ jobs:
# - be placed after the fanout of a workflow so that everything fans back in # - be placed after the fanout of a workflow so that everything fans back in
# to this job. # to this job.
# - "need" any job that is part of the fan out / fan in # - "need" any job that is part of the fan out / fan in
# - implement the if logic because we have conditional jobs # - implement the if logic because we have conditional jobs
# (go-test-enteprise) that this job needs and this would potentially get # (go-test-enteprise) that this job needs and this would potentially get
# skipped if a previous job got skipped. So we use the if clause to make # skipped if a previous job got skipped. So we use the if clause to make
# sure it does not get skipped. # sure it does not get skipped.
build-distros-success: build-distros-success:
needs: needs:
- setup - setup
- check-go-mod - check-go-mod
- build-386 - build-386
- build-amd64 - build-amd64
- build-arm - build-arm
- build-s390x
runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }} runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }}
if: ${{ always() }} if: ${{ always() }}
steps: steps:

106
.github/workflows/build.yml vendored
View File

@ -14,6 +14,7 @@ on:
env: env:
PKG_NAME: consul PKG_NAME: consul
METADATA: oss METADATA: oss
GOPRIVATE: github.com/hashicorp # Required for enterprise deps
jobs: jobs:
set-product-version: set-product-version:
@ -25,7 +26,7 @@ jobs:
pre-version: ${{ steps.set-product-version.outputs.prerelease-product-version }} pre-version: ${{ steps.set-product-version.outputs.prerelease-product-version }}
shared-ldflags: ${{ steps.shared-ldflags.outputs.shared-ldflags }} shared-ldflags: ${{ steps.shared-ldflags.outputs.shared-ldflags }}
steps: steps:
- uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0 - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: set product version - name: set product version
id: set-product-version id: set-product-version
uses: hashicorp/actions-set-product-version@v1 uses: hashicorp/actions-set-product-version@v1
@ -56,6 +57,7 @@ jobs:
echo "Product Date: ${{ needs.set-product-version.outputs.product-date }}" echo "Product Date: ${{ needs.set-product-version.outputs.product-date }}"
echo "Prerelease Version: ${{ needs.set-product-version.outputs.pre-version }}" echo "Prerelease Version: ${{ needs.set-product-version.outputs.pre-version }}"
echo "Ldflags: ${{ needs.set-product-version.outputs.shared-ldflags }}" echo "Ldflags: ${{ needs.set-product-version.outputs.shared-ldflags }}"
generate-metadata-file: generate-metadata-file:
needs: set-product-version needs: set-product-version
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -63,7 +65,7 @@ jobs:
filepath: ${{ steps.generate-metadata-file.outputs.filepath }} filepath: ${{ steps.generate-metadata-file.outputs.filepath }}
steps: steps:
- name: 'Checkout directory' - name: 'Checkout directory'
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0 uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: Generate metadata file - name: Generate metadata file
id: generate-metadata-file id: generate-metadata-file
uses: hashicorp/actions-generate-metadata@v1 uses: hashicorp/actions-generate-metadata@v1
@ -71,7 +73,7 @@ jobs:
version: ${{ needs.set-product-version.outputs.product-version }} version: ${{ needs.set-product-version.outputs.product-version }}
product: ${{ env.PKG_NAME }} product: ${{ env.PKG_NAME }}
- uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # pin@3.1.2 - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
with: with:
name: metadata.json name: metadata.json
path: ${{ steps.generate-metadata-file.outputs.filepath }} path: ${{ steps.generate-metadata-file.outputs.filepath }}
@ -95,10 +97,10 @@ jobs:
name: Go ${{ matrix.go }} ${{ matrix.goos }} ${{ matrix.goarch }} build name: Go ${{ matrix.go }} ${{ matrix.goos }} ${{ matrix.goarch }} build
steps: steps:
- uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0 - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: Setup with node and yarn - name: Setup with node and yarn
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # pin@v3.6.0 uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
with: with:
node-version: '14' node-version: '14'
cache: 'yarn' cache: 'yarn'
@ -160,18 +162,69 @@ jobs:
echo "RPM_PACKAGE=$(basename out/*.rpm)" >> $GITHUB_ENV echo "RPM_PACKAGE=$(basename out/*.rpm)" >> $GITHUB_ENV
echo "DEB_PACKAGE=$(basename out/*.deb)" >> $GITHUB_ENV echo "DEB_PACKAGE=$(basename out/*.deb)" >> $GITHUB_ENV
- uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # pin@3.1.2 - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
if: ${{ matrix.goos == 'linux' }} if: ${{ matrix.goos == 'linux' }}
with: with:
name: ${{ env.RPM_PACKAGE }} name: ${{ env.RPM_PACKAGE }}
path: out/${{ env.RPM_PACKAGE }} path: out/${{ env.RPM_PACKAGE }}
- uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # pin@3.1.2 - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
if: ${{ matrix.goos == 'linux' }} if: ${{ matrix.goos == 'linux' }}
with: with:
name: ${{ env.DEB_PACKAGE }} name: ${{ env.DEB_PACKAGE }}
path: out/${{ env.DEB_PACKAGE }} path: out/${{ env.DEB_PACKAGE }}
build-s390x:
needs: set-product-version
if: ${{ endsWith(github.repository, '-enterprise') }}
runs-on: ubuntu-latest
strategy:
matrix:
include:
- {go: "1.20.4", goos: "linux", goarch: "s390x"}
fail-fast: true
name: Go ${{ matrix.go }} ${{ matrix.goos }} ${{ matrix.goarch }} build
steps:
- uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: Setup with node and yarn
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
with:
node-version: '14'
cache: 'yarn'
cache-dependency-path: 'ui/yarn.lock'
- name: Build UI
run: |
CONSUL_VERSION=${{ needs.set-product-version.outputs.product-version }}
CONSUL_DATE=${{ needs.set-product-version.outputs.product-date }}
CONSUL_BINARY_TYPE=${CONSUL_BINARY_TYPE}
CONSUL_COPYRIGHT_YEAR=$(git show -s --format=%cd --date=format:%Y HEAD)
echo "consul_version is ${CONSUL_VERSION}"
echo "consul_date is ${CONSUL_DATE}"
echo "consul binary type is ${CONSUL_BINARY_TYPE}"
echo "consul copyright year is ${CONSUL_COPYRIGHT_YEAR}"
cd ui && make && cd ..
rm -rf agent/uiserver/dist
mv ui/packages/consul-ui/dist agent/uiserver/
- name: Go Build
env:
PRODUCT_VERSION: ${{ needs.set-product-version.outputs.product-version }}
PRERELEASE_VERSION: ${{ needs.set-product-version.outputs.pre-version }}
CGO_ENABLED: "0"
GOLDFLAGS: "${{needs.set-product-version.outputs.shared-ldflags}}"
uses: hashicorp/actions-go-build@v0.1.7
with:
product_name: ${{ env.PKG_NAME }}
product_version: ${{ needs.set-product-version.outputs.product-version }}
go_version: ${{ matrix.go }}
os: ${{ matrix.goos }}
arch: ${{ matrix.goarch }}
reproducible: report
instructions: |-
go build -ldflags="$GOLDFLAGS" -o "$BIN_PATH" -trimpath -buildvcs=false
build-darwin: build-darwin:
needs: set-product-version needs: set-product-version
runs-on: macos-latest runs-on: macos-latest
@ -184,10 +237,10 @@ jobs:
name: Go ${{ matrix.go }} ${{ matrix.goos }} ${{ matrix.goarch }} build name: Go ${{ matrix.go }} ${{ matrix.goos }} ${{ matrix.goarch }} build
steps: steps:
- uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0 - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: Setup with node and yarn - name: Setup with node and yarn
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # pin@v3.6.0 uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
with: with:
node-version: '14' node-version: '14'
cache: 'yarn' cache: 'yarn'
@ -235,7 +288,7 @@ jobs:
version: ${{needs.set-product-version.outputs.product-version}} version: ${{needs.set-product-version.outputs.product-version}}
steps: steps:
- uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0 - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
# Strip everything but MAJOR.MINOR from the version string and add a `-dev` suffix # Strip everything but MAJOR.MINOR from the version string and add a `-dev` suffix
# This naming convention will be used ONLY for per-commit dev images # This naming convention will be used ONLY for per-commit dev images
@ -269,7 +322,7 @@ jobs:
version: ${{needs.set-product-version.outputs.product-version}} version: ${{needs.set-product-version.outputs.product-version}}
steps: steps:
- uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0 - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- uses: hashicorp/actions-docker-build@v1 - uses: hashicorp/actions-docker-build@v1
with: with:
version: ${{env.version}} version: ${{env.version}}
@ -289,7 +342,7 @@ jobs:
version: ${{needs.set-product-version.outputs.product-version}} version: ${{needs.set-product-version.outputs.product-version}}
steps: steps:
- uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0 - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
# Strip everything but MAJOR.MINOR from the version string and add a `-dev` suffix # Strip everything but MAJOR.MINOR from the version string and add a `-dev` suffix
# This naming convention will be used ONLY for per-commit dev images # This naming convention will be used ONLY for per-commit dev images
@ -318,7 +371,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
strategy: strategy:
matrix: matrix:
arch: ["386", "amd64", "arm", "arm64"] arch: ["386", "amd64", "arm", "arm64", "s390x"]
fail-fast: true fail-fast: true
env: env:
version: ${{ needs.set-product-version.outputs.product-version }} version: ${{ needs.set-product-version.outputs.product-version }}
@ -326,21 +379,24 @@ jobs:
name: Verify ${{ matrix.arch }} linux binary name: Verify ${{ matrix.arch }} linux binary
steps: steps:
- uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0 - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
if: ${{ endsWith(github.repository, '-enterprise') || matrix.arch != 's390x' }}
- name: Download ${{ matrix.arch }} zip - name: Download ${{ matrix.arch }} zip
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # pin@v3.0.2 if: ${{ endsWith(github.repository, '-enterprise') || matrix.arch != 's390x' }}
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with: with:
name: ${{ env.zip_name }} name: ${{ env.zip_name }}
- name: Set up QEMU - name: Set up QEMU
uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # pin@v2.1.0 uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2.1.0
if: ${{ matrix.arch == 'arm' || matrix.arch == 'arm64' }} if: ${{ matrix.arch == 'arm' || matrix.arch == 'arm64' }}
with: with:
# this should be a comma-separated string as opposed to an array # this should be a comma-separated string as opposed to an array
platforms: arm,arm64 platforms: arm,arm64
- name: Run verification for ${{ matrix.arch }} binary - name: Run verification for ${{ matrix.arch }} binary
if: ${{ endsWith(github.repository, '-enterprise') || matrix.arch != 's390x' }}
run: .github/scripts/verify_artifact.sh ${{ env.zip_name }} v${{ env.version }} run: .github/scripts/verify_artifact.sh ${{ env.zip_name }} v${{ env.version }}
verify-darwin: verify-darwin:
@ -356,10 +412,10 @@ jobs:
name: Verify amd64 darwin binary name: Verify amd64 darwin binary
steps: steps:
- uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0 - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: Download amd64 darwin zip - name: Download amd64 darwin zip
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # pin@v3.0.2 uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with: with:
name: ${{ env.zip_name }} name: ${{ env.zip_name }}
@ -383,7 +439,7 @@ jobs:
name: Verify ${{ matrix.arch }} debian package name: Verify ${{ matrix.arch }} debian package
steps: steps:
- uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0 - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: Set package version - name: Set package version
run: | run: |
@ -394,12 +450,12 @@ jobs:
echo "pkg_name=consul_${{ env.pkg_version }}-1_${{ matrix.arch }}.deb" >> $GITHUB_ENV echo "pkg_name=consul_${{ env.pkg_version }}-1_${{ matrix.arch }}.deb" >> $GITHUB_ENV
- name: Download workflow artifacts - name: Download workflow artifacts
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # pin@v3.0.2 uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with: with:
name: ${{ env.pkg_name }} name: ${{ env.pkg_name }}
- name: Set up QEMU - name: Set up QEMU
uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # pin@v2.1.0 uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2.1.0
with: with:
platforms: all platforms: all
@ -420,7 +476,7 @@ jobs:
name: Verify ${{ matrix.arch }} rpm name: Verify ${{ matrix.arch }} rpm
steps: steps:
- uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0 - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- name: Set package version - name: Set package version
run: | run: |
@ -431,12 +487,12 @@ jobs:
echo "pkg_name=consul-${{ env.pkg_version }}-1.${{ matrix.arch }}.rpm" >> $GITHUB_ENV echo "pkg_name=consul-${{ env.pkg_version }}-1.${{ matrix.arch }}.rpm" >> $GITHUB_ENV
- name: Download workflow artifacts - name: Download workflow artifacts
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # pin@v3.0.2 uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with: with:
name: ${{ env.pkg_name }} name: ${{ env.pkg_name }}
- name: Set up QEMU - name: Set up QEMU
uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # pin@v2.1.0 uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2.1.0
with: with:
platforms: all platforms: all

170
.github/workflows/go-tests.yml vendored
View File

@ -1,6 +1,6 @@
name: go-tests name: go-tests
on: on:
pull_request: pull_request:
branches-ignore: branches-ignore:
- stable-website - stable-website
@ -15,12 +15,13 @@ on:
# Push events on the main branch # Push events on the main branch
- main - main
- release/** - release/**
permissions: permissions:
contents: read contents: read
env: env:
TEST_RESULTS: /tmp/test-results TEST_RESULTS: /tmp/test-results
GOPRIVATE: github.com/hashicorp # Required for enterprise deps
jobs: jobs:
setup: setup:
@ -32,13 +33,13 @@ jobs:
compute-large: ${{ steps.setup-outputs.outputs.compute-large }} compute-large: ${{ steps.setup-outputs.outputs.compute-large }}
compute-xl: ${{ steps.setup-outputs.outputs.compute-xl }} compute-xl: ${{ steps.setup-outputs.outputs.compute-xl }}
steps: steps:
- uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0 - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
- id: setup-outputs - id: setup-outputs
name: Setup outputs name: Setup outputs
run: ./.github/scripts/get_runner_classes.sh run: ./.github/scripts/get_runner_classes.sh
check-go-mod: check-go-mod:
needs: needs:
- setup - setup
uses: ./.github/workflows/reusable-check-go-mod.yml uses: ./.github/workflows/reusable-check-go-mod.yml
with: with:
@ -48,16 +49,16 @@ jobs:
elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
check-generated-protobuf: check-generated-protobuf:
needs: needs:
- setup - setup
runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }} runs-on: ${{ fromJSON(needs.setup.outputs.compute-medium) }}
steps: steps:
- uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0 - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
# NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos. # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
- name: Setup Git - name: Setup Git
if: ${{ endsWith(github.repository, '-enterprise') }} if: ${{ endsWith(github.repository, '-enterprise') }}
run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com" run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com"
- uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # pin@v3.5.0 - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
with: with:
go-version-file: 'go.mod' go-version-file: 'go.mod'
- run: make proto-tools - run: make proto-tools
@ -74,18 +75,18 @@ jobs:
name: "Protobuf Lint" name: "Protobuf Lint"
- name: Notify Slack - name: Notify Slack
if: ${{ failure() }} if: ${{ failure() }}
run: .github/scripts/notify_slack.sh run: .github/scripts/notify_slack.sh
check-generated-deep-copy: check-generated-deep-copy:
needs: needs:
- setup - setup
runs-on: ${{ fromJSON(needs.setup.outputs.compute-large) }} runs-on: ${{ fromJSON(needs.setup.outputs.compute-large) }}
steps: steps:
- uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0 - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
# NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos. # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
- name: Setup Git - name: Setup Git
if: ${{ endsWith(github.repository, '-enterprise') }} if: ${{ endsWith(github.repository, '-enterprise') }}
run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com" run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com"
- uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # pin@v3.5.0 - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
with: with:
go-version-file: 'go.mod' go-version-file: 'go.mod'
- run: make --always-make deep-copy - run: make --always-make deep-copy
@ -99,19 +100,19 @@ jobs:
run: .github/scripts/notify_slack.sh run: .github/scripts/notify_slack.sh
lint-enums: lint-enums:
needs: needs:
- setup - setup
runs-on: ${{ fromJSON(needs.setup.outputs.compute-large) }} runs-on: ${{ fromJSON(needs.setup.outputs.compute-large) }}
steps: steps:
- uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0 - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
# NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos. # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
- name: Setup Git - name: Setup Git
if: ${{ endsWith(github.repository, '-enterprise') }} if: ${{ endsWith(github.repository, '-enterprise') }}
run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com" run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com"
- uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # pin@v3.5.0 - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
with: with:
go-version-file: 'go.mod' go-version-file: 'go.mod'
- run: go install github.com/reillywatson/enumcover/cmd/enumcover@master && enumcover ./... - run: go install github.com/reillywatson/enumcover/cmd/enumcover@master && enumcover ./...
- name: Notify Slack - name: Notify Slack
if: ${{ failure() }} if: ${{ failure() }}
run: .github/scripts/notify_slack.sh run: .github/scripts/notify_slack.sh
@ -121,11 +122,11 @@ jobs:
- setup - setup
runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }} runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }}
steps: steps:
- uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0 - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
# NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos. # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
- name: Setup Git - name: Setup Git
run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com" run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com"
- uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # pin@v3.5.0 - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
with: with:
go-version-file: 'go.mod' go-version-file: 'go.mod'
- run: make lint-container-test-deps - run: make lint-container-test-deps
@ -134,16 +135,16 @@ jobs:
run: .github/scripts/notify_slack.sh run: .github/scripts/notify_slack.sh
lint-consul-retry: lint-consul-retry:
needs: needs:
- setup - setup
runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }} runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }}
steps: steps:
- uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0 - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
# NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos. # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
- name: Setup Git - name: Setup Git
if: ${{ endsWith(github.repository, '-enterprise') }} if: ${{ endsWith(github.repository, '-enterprise') }}
run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com" run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com"
- uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # pin@v3.5.0 - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
with: with:
go-version-file: 'go.mod' go-version-file: 'go.mod'
- run: go install github.com/hashicorp/lint-consul-retry@master && lint-consul-retry - run: go install github.com/hashicorp/lint-consul-retry@master && lint-consul-retry
@ -152,8 +153,8 @@ jobs:
run: .github/scripts/notify_slack.sh run: .github/scripts/notify_slack.sh
lint: lint:
needs: needs:
- setup - setup
uses: ./.github/workflows/reusable-lint.yml uses: ./.github/workflows/reusable-lint.yml
with: with:
runs-on: ${{ needs.setup.outputs.compute-xl }} runs-on: ${{ needs.setup.outputs.compute-xl }}
@ -162,8 +163,8 @@ jobs:
elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
lint-32bit: lint-32bit:
needs: needs:
- setup - setup
uses: ./.github/workflows/reusable-lint.yml uses: ./.github/workflows/reusable-lint.yml
with: with:
go-arch: "386" go-arch: "386"
@ -174,20 +175,33 @@ jobs:
# create a development build # create a development build
dev-build: dev-build:
needs: needs:
- setup - setup
uses: ./.github/workflows/reusable-dev-build.yml uses: ./.github/workflows/reusable-dev-build.yml
with: with:
runs-on: ${{ needs.setup.outputs.compute-xl }} runs-on: ${{ needs.setup.outputs.compute-xl }}
repository-name: ${{ github.repository }} repository-name: ${{ github.repository }}
secrets: secrets:
elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
dev-build-s390x:
if: ${{ endsWith(github.repository, '-enterprise') }}
needs:
- setup
uses: ./.github/workflows/reusable-dev-build.yml
with:
uploaded-binary-name: 'consul-bin-s390x'
runs-on: ${{ needs.setup.outputs.compute-xl }}
go-arch: "s390x"
repository-name: ${{ github.repository }}
secrets:
elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
# dev-build-arm64: # dev-build-arm64:
# # only run on enterprise because GHA does not have arm64 runners in OSS # # only run on enterprise because GHA does not have arm64 runners in OSS
# if: ${{ endsWith(github.repository, '-enterprise') }} # if: ${{ endsWith(github.repository, '-enterprise') }}
# needs: # needs:
# - setup # - setup
# uses: ./.github/workflows/reusable-dev-build.yml # uses: ./.github/workflows/reusable-dev-build.yml
# with: # with:
# uploaded-binary-name: 'consul-bin-arm64' # uploaded-binary-name: 'consul-bin-arm64'
@ -200,8 +214,8 @@ jobs:
# go-test-arm64: # go-test-arm64:
# # only run on enterprise because GHA does not have arm64 runners in OSS # # only run on enterprise because GHA does not have arm64 runners in OSS
# if: ${{ endsWith(github.repository, '-enterprise') }} # if: ${{ endsWith(github.repository, '-enterprise') }}
# needs: # needs:
# - setup # - setup
# - dev-build-arm64 # - dev-build-arm64
# uses: ./.github/workflows/reusable-unit-split.yml # uses: ./.github/workflows/reusable-unit-split.yml
# with: # with:
@ -217,8 +231,8 @@ jobs:
# datadog-api-key: "${{ !endsWith(github.repository, '-enterprise') && secrets.DATADOG_API_KEY || '' }}" # datadog-api-key: "${{ !endsWith(github.repository, '-enterprise') && secrets.DATADOG_API_KEY || '' }}"
go-test-oss: go-test-oss:
needs: needs:
- setup - setup
- dev-build - dev-build
uses: ./.github/workflows/reusable-unit-split.yml uses: ./.github/workflows/reusable-unit-split.yml
with: with:
@ -229,7 +243,7 @@ jobs:
go-tags: "" go-tags: ""
permissions: permissions:
id-token: write # NOTE: this permission is explicitly required for Vault auth. id-token: write # NOTE: this permission is explicitly required for Vault auth.
contents: read contents: read
secrets: secrets:
elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
consul-license: ${{secrets.CONSUL_LICENSE}} consul-license: ${{secrets.CONSUL_LICENSE}}
@ -237,8 +251,8 @@ jobs:
go-test-enterprise: go-test-enterprise:
if: ${{ endsWith(github.repository, '-enterprise') }} if: ${{ endsWith(github.repository, '-enterprise') }}
needs: needs:
- setup - setup
- dev-build - dev-build
uses: ./.github/workflows/reusable-unit-split.yml uses: ./.github/workflows/reusable-unit-split.yml
with: with:
@ -249,15 +263,15 @@ jobs:
go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}" go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}"
permissions: permissions:
id-token: write # NOTE: this permission is explicitly required for Vault auth. id-token: write # NOTE: this permission is explicitly required for Vault auth.
contents: read contents: read
secrets: secrets:
elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
consul-license: ${{secrets.CONSUL_LICENSE}} consul-license: ${{secrets.CONSUL_LICENSE}}
datadog-api-key: "${{ !endsWith(github.repository, '-enterprise') && secrets.DATADOG_API_KEY || '' }}" datadog-api-key: "${{ !endsWith(github.repository, '-enterprise') && secrets.DATADOG_API_KEY || '' }}"
go-test-race: go-test-race:
needs: needs:
- setup - setup
- dev-build - dev-build
uses: ./.github/workflows/reusable-unit.yml uses: ./.github/workflows/reusable-unit.yml
with: with:
@ -269,15 +283,15 @@ jobs:
go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}" go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}"
permissions: permissions:
id-token: write # NOTE: this permission is explicitly required for Vault auth. id-token: write # NOTE: this permission is explicitly required for Vault auth.
contents: read contents: read
secrets: secrets:
elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
consul-license: ${{secrets.CONSUL_LICENSE}} consul-license: ${{secrets.CONSUL_LICENSE}}
datadog-api-key: "${{ !endsWith(github.repository, '-enterprise') && secrets.DATADOG_API_KEY || '' }}" datadog-api-key: "${{ !endsWith(github.repository, '-enterprise') && secrets.DATADOG_API_KEY || '' }}"
go-test-32bit: go-test-32bit:
needs: needs:
- setup - setup
- dev-build - dev-build
uses: ./.github/workflows/reusable-unit.yml uses: ./.github/workflows/reusable-unit.yml
with: with:
@ -289,7 +303,28 @@ jobs:
go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}" go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}"
permissions: permissions:
id-token: write # NOTE: this permission is explicitly required for Vault auth. id-token: write # NOTE: this permission is explicitly required for Vault auth.
contents: read contents: read
secrets:
elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
consul-license: ${{secrets.CONSUL_LICENSE}}
datadog-api-key: "${{ !endsWith(github.repository, '-enterprise') && secrets.DATADOG_API_KEY || '' }}"
go-test-s390x:
if: ${{ endsWith(github.repository, '-enterprise') }}
needs:
- setup
- dev-build-s390x
uses: ./.github/workflows/reusable-unit.yml
with:
uploaded-binary-name: 'consul-bin-s390x'
directory: .
go-test-flags: 'export GO_TEST_FLAGS="-short"'
runs-on: ${{ needs.setup.outputs.compute-xl }}
repository-name: ${{ github.repository }}
go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}"
permissions:
id-token: write # NOTE: this permission is explicitly required for Vault auth.
contents: read
secrets: secrets:
elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
consul-license: ${{secrets.CONSUL_LICENSE}} consul-license: ${{secrets.CONSUL_LICENSE}}
@ -307,7 +342,7 @@ jobs:
go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}" go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}"
permissions: permissions:
id-token: write # NOTE: this permission is explicitly required for Vault auth. id-token: write # NOTE: this permission is explicitly required for Vault auth.
contents: read contents: read
secrets: secrets:
elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
consul-license: ${{secrets.CONSUL_LICENSE}} consul-license: ${{secrets.CONSUL_LICENSE}}
@ -325,15 +360,15 @@ jobs:
go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}" go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}"
permissions: permissions:
id-token: write # NOTE: this permission is explicitly required for Vault auth. id-token: write # NOTE: this permission is explicitly required for Vault auth.
contents: read contents: read
secrets: secrets:
elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
consul-license: ${{secrets.CONSUL_LICENSE}} consul-license: ${{secrets.CONSUL_LICENSE}}
datadog-api-key: "${{ !endsWith(github.repository, '-enterprise') && secrets.DATADOG_API_KEY || '' }}" datadog-api-key: "${{ !endsWith(github.repository, '-enterprise') && secrets.DATADOG_API_KEY || '' }}"
go-test-api-1-19: go-test-api-1-19:
needs: needs:
- setup - setup
- dev-build - dev-build
uses: ./.github/workflows/reusable-unit.yml uses: ./.github/workflows/reusable-unit.yml
with: with:
@ -343,15 +378,15 @@ jobs:
go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}" go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}"
permissions: permissions:
id-token: write # NOTE: this permission is explicitly required for Vault auth. id-token: write # NOTE: this permission is explicitly required for Vault auth.
contents: read contents: read
secrets: secrets:
elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
consul-license: ${{secrets.CONSUL_LICENSE}} consul-license: ${{secrets.CONSUL_LICENSE}}
datadog-api-key: "${{ !endsWith(github.repository, '-enterprise') && secrets.DATADOG_API_KEY || '' }}" datadog-api-key: "${{ !endsWith(github.repository, '-enterprise') && secrets.DATADOG_API_KEY || '' }}"
go-test-api-1-20: go-test-api-1-20:
needs: needs:
- setup - setup
- dev-build - dev-build
uses: ./.github/workflows/reusable-unit.yml uses: ./.github/workflows/reusable-unit.yml
with: with:
@ -361,15 +396,15 @@ jobs:
go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}" go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}"
permissions: permissions:
id-token: write # NOTE: this permission is explicitly required for Vault auth. id-token: write # NOTE: this permission is explicitly required for Vault auth.
contents: read contents: read
secrets: secrets:
elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
consul-license: ${{secrets.CONSUL_LICENSE}} consul-license: ${{secrets.CONSUL_LICENSE}}
datadog-api-key: "${{ !endsWith(github.repository, '-enterprise') && secrets.DATADOG_API_KEY || '' }}" datadog-api-key: "${{ !endsWith(github.repository, '-enterprise') && secrets.DATADOG_API_KEY || '' }}"
go-test-sdk-1-19: go-test-sdk-1-19:
needs: needs:
- setup - setup
- dev-build - dev-build
uses: ./.github/workflows/reusable-unit.yml uses: ./.github/workflows/reusable-unit.yml
with: with:
@ -379,15 +414,15 @@ jobs:
go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}" go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}"
permissions: permissions:
id-token: write # NOTE: this permission is explicitly required for Vault auth. id-token: write # NOTE: this permission is explicitly required for Vault auth.
contents: read contents: read
secrets: secrets:
elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
consul-license: ${{secrets.CONSUL_LICENSE}} consul-license: ${{secrets.CONSUL_LICENSE}}
datadog-api-key: "${{ !endsWith(github.repository, '-enterprise') && secrets.DATADOG_API_KEY || '' }}" datadog-api-key: "${{ !endsWith(github.repository, '-enterprise') && secrets.DATADOG_API_KEY || '' }}"
go-test-sdk-1-20: go-test-sdk-1-20:
needs: needs:
- setup - setup
- dev-build - dev-build
uses: ./.github/workflows/reusable-unit.yml uses: ./.github/workflows/reusable-unit.yml
with: with:
@ -397,7 +432,7 @@ jobs:
go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}" go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}"
permissions: permissions:
id-token: write # NOTE: this permission is explicitly required for Vault auth. id-token: write # NOTE: this permission is explicitly required for Vault auth.
contents: read contents: read
secrets: secrets:
elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
consul-license: ${{secrets.CONSUL_LICENSE}} consul-license: ${{secrets.CONSUL_LICENSE}}
@ -417,13 +452,13 @@ jobs:
# - be placed after the fanout of a workflow so that everything fans back in # - be placed after the fanout of a workflow so that everything fans back in
# to this job. # to this job.
# - "need" any job that is part of the fan out / fan in # - "need" any job that is part of the fan out / fan in
# - implement the if logic because we have conditional jobs # - implement the if logic because we have conditional jobs
# (go-test-enteprise) that this job needs and this would potentially get # (go-test-enteprise) that this job needs and this would potentially get
# skipped if a previous job got skipped. So we use the if clause to make # skipped if a previous job got skipped. So we use the if clause to make
# sure it does not get skipped. # sure it does not get skipped.
go-tests-success: go-tests-success:
needs: needs:
- setup - setup
- check-generated-deep-copy - check-generated-deep-copy
- check-generated-protobuf - check-generated-protobuf
@ -435,7 +470,7 @@ jobs:
- lint-32bit - lint-32bit
# - go-test-arm64 # - go-test-arm64
- go-test-enterprise - go-test-enterprise
- go-test-oss - go-test-oss
- go-test-race - go-test-race
- go-test-envoyextensions - go-test-envoyextensions
- go-test-troubleshoot - go-test-troubleshoot
@ -444,6 +479,7 @@ jobs:
- go-test-sdk-1-19 - go-test-sdk-1-19
- go-test-sdk-1-20 - go-test-sdk-1-20
- go-test-32bit - go-test-32bit
- go-test-s390x
runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }} runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }}
if: ${{ always() }} if: ${{ always() }}
steps: steps:

8
.github/workflows/reusable-dev-build.yml vendored
View File

@ -1,4 +1,4 @@
name: reusable-dev-build name: reusable-dev-build
on: on:
workflow_call: workflow_call:
@ -25,12 +25,12 @@ jobs:
build: build:
runs-on: ${{ fromJSON(inputs.runs-on) }} runs-on: ${{ fromJSON(inputs.runs-on) }}
steps: steps:
- uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0 - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
# NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos. # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
- name: Setup Git - name: Setup Git
if: ${{ endsWith(inputs.repository-name, '-enterprise') }} if: ${{ endsWith(inputs.repository-name, '-enterprise') }}
run: git config --global url."https://${{ secrets.elevated-github-token }}:@github.com".insteadOf "https://github.com" run: git config --global url."https://${{ secrets.elevated-github-token }}:@github.com".insteadOf "https://github.com"
- uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # pin@v3.5.0 - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
with: with:
go-version-file: 'go.mod' go-version-file: 'go.mod'
- name: Build - name: Build
@ -38,7 +38,7 @@ jobs:
GOARCH: ${{ inputs.goarch }} GOARCH: ${{ inputs.goarch }}
run: make dev run: make dev
# save dev build to pass to downstream jobs # save dev build to pass to downstream jobs
- uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # pin@v3.1.2 - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
with: with:
name: ${{inputs.uploaded-binary-name}} name: ${{inputs.uploaded-binary-name}}
path: ./bin/consul path: ./bin/consul