[Main] Onboard to CRT (#12276)

This commit is contained in:
claire labry 2022-04-06 11:47:02 -04:00 committed by GitHub
parent 97a445ab2c
commit 6f7f7277d5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
14 changed files with 719 additions and 2 deletions

312
.github/workflows/build.yml vendored Normal file
View File

@ -0,0 +1,312 @@
name: build
on:
push:
branches:
- "main"
workflow_dispatch:
env:
PKG_NAME: "nomad"
GO_TAGS: "release"
jobs:
get-go-version:
runs-on: ubuntu-latest
outputs:
go-version: ${{ steps.get-go-version.outputs.go-version }}
steps:
- uses: actions/checkout@v2
- name: Determine Go version
id: get-go-version
# We use .go-version as our source of truth for current Go
# version, because "goenv" can react to it automatically.
run: |
echo "Building with Go $(cat .go-version)"
echo "::set-output name=go-version::$(cat .go-version)"
get-product-version:
runs-on: ubuntu-latest
outputs:
product-version: ${{ steps.get-product-version.outputs.product-version }}
steps:
- uses: actions/checkout@v2
- name: get product version
id: get-product-version
run: |
make version
echo "::set-output name=product-version::$(make version)"
generate-metadata-file:
needs: get-product-version
runs-on: ubuntu-latest
outputs:
filepath: ${{ steps.generate-metadata-file.outputs.filepath }}
steps:
- name: "Checkout directory"
uses: actions/checkout@v2
- name: Generate metadata file
id: generate-metadata-file
uses: hashicorp/actions-generate-metadata@v1
with:
version: ${{ needs.get-product-version.outputs.product-version }}
product: ${{ env.PKG_NAME }}
repositoryOwner: "hashicorp"
- uses: actions/upload-artifact@v2
with:
name: metadata.json
path: ${{ steps.generate-metadata-file.outputs.filepath }}
generate-ld-flags:
needs: get-product-version
runs-on: ubuntu-latest
outputs:
ldflags: ${{ steps.generate-ld-flags.outputs.ldflags }}
steps:
- uses: actions/checkout@v2
- name: "Generate ld flags"
id: generate-ld-flags
run: |
project="$(go list -m)"
sha="$(git rev-parse --short HEAD)"
echo "::set-output name=ldflags::"-s -w -X \'$project/version.Name=${{ env.PKG_NAME }}\' \
-X \'$project/version.GitDescribe=v$(make version base=1)\'""
build-other:
needs: [get-go-version, get-product-version, generate-ld-flags]
runs-on: ubuntu-latest
strategy:
matrix:
goos: [windows]
goarch: ["386", "amd64"]
fail-fast: true
name: Go ${{ needs.get-go-version.outputs.go-version }} ${{ matrix.goos }} ${{ matrix.goarch }} build
steps:
- uses: actions/checkout@v2
- name: Setup go
uses: actions/setup-go@v2
with:
go-version: ${{ needs.get-go-version.outputs.go-version }}
- name: Build dependencies
run: make deps
- name: Setup node and yarn
uses: actions/setup-node@v2
with:
node-version: "14"
cache-dependency-path: "ui/yarn.lock"
- name: Install Yarn
run: |
npm install -g yarn
- name: Build prerelease
run: make prerelease
- name: Build
env:
GOOS: ${{ matrix.goos }}
GOARCH: ${{ matrix.goarch }}
GO_TAGS: ${{ env.GO_TAGS }}
GO_LDFLAGS: ${{ needs.generate-ld-flags.outputs.ldflags }}
CGO_ENABLED: 1
run: |
make pkg/${{ matrix.goos }}_${{ matrix.goarch }}.zip
mv pkg/${{ matrix.goos }}_${{ matrix.goarch }}.zip ${{ env.PKG_NAME }}_${{ needs.get-product-version.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip
- uses: actions/upload-artifact@v2
with:
name: ${{ env.PKG_NAME }}_${{ needs.get-product-version.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip
path: ${{ env.PKG_NAME }}_${{ needs.get-product-version.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip
build-linux:
needs: [get-go-version, get-product-version, generate-ld-flags]
runs-on: ubuntu-latest
strategy:
matrix:
goos: [linux]
goarch: ["arm", "arm64", "386", "amd64"]
fail-fast: true
name: Go ${{ needs.get-go-version.outputs.go-version }} ${{ matrix.goos }} ${{ matrix.goarch }} build
steps:
- uses: actions/checkout@v2
- name: Setup go
uses: actions/setup-go@v2
with:
go-version: ${{ needs.get-go-version.outputs.go-version }}
- name: Build dependencies
run: make deps
- name: Setup node and yarn
uses: actions/setup-node@v2
with:
node-version: "14"
cache-dependency-path: "ui/yarn.lock"
- name: Install Yarn
run: |
npm install -g yarn
- name: Build prerelease
run: make prerelease
- name: Install Linux build utilties
run: |
sudo apt-get update
sudo apt-get install -y software-properties-common
sudo dpkg --add-architecture i386
sudo apt-get update
sudo apt-get install -y \
libc6-dev-i386 \
libpcre3-dev \
linux-libc-dev:i386
sudo apt-get install -y \
binutils-aarch64-linux-gnu \
binutils-arm-linux-gnueabihf \
gcc-aarch64-linux-gnu \
gcc-arm-linux-gnueabihf \
gcc-multilib-arm-linux-gnueabihf
- name: Set gcc
run: |
if [ "${{ matrix.goarch }}" == "arm" ]; then
echo "CC=arm-linux-gnueabihf-gcc" >> $GITHUB_ENV
elif [ "${{ matrix.goarch }}" == "arm64" ]; then
echo "CC=aarch64-linux-gnu-gcc" >> $GITHUB_ENV
fi
- name: Build
env:
GOOS: ${{ matrix.goos }}
GOARCH: ${{ matrix.goarch }}
GO_TAGS: ${{ env.GO_TAGS }}
GO_LDFLAGS: ${{ needs.generate-ld-flags.outputs.ldflags }}
CGO_ENABLED: 1
run: |
make pkg/${{ matrix.goos }}_${{ matrix.goarch }}.zip
mv pkg/${{ matrix.goos }}_${{ matrix.goarch }}.zip ${{ env.PKG_NAME }}_${{ needs.get-product-version.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip
- uses: actions/upload-artifact@v2
with:
name: ${{ env.PKG_NAME }}_${{ needs.get-product-version.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip
path: ${{ env.PKG_NAME }}_${{ needs.get-product-version.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip
- name: Package
uses: hashicorp/actions-packaging-linux@v1
with:
name: ${{ env.PKG_NAME }}
description: "Nomad is an easy-to-use, flexible, and performant workload orchestrator that can deploy a mix of microservice, batch, containerized, and non-containerized applications."
arch: ${{ matrix.goarch }}
version: ${{ needs.get-product-version.outputs.product-version }}
maintainer: "HashiCorp"
homepage: "https://github.com/hashicorp/nomad"
license: "MPL-2.0"
binary: "pkg/${{ matrix.goos }}_${{ matrix.goarch }}/${{ env.PKG_NAME }}"
deb_depends: "openssl"
rpm_depends: "openssl"
config_dir: ".release/linux/package/"
preinstall: ".release/linux/preinst"
postremove: ".release/linux/postrm"
- name: Set Package Names
run: |
echo "RPM_PACKAGE=$(basename out/*.rpm)" >> $GITHUB_ENV
echo "DEB_PACKAGE=$(basename out/*.deb)" >> $GITHUB_ENV
- uses: actions/upload-artifact@v2
with:
name: ${{ env.RPM_PACKAGE }}
path: out/${{ env.RPM_PACKAGE }}
- uses: actions/upload-artifact@v2
with:
name: ${{ env.DEB_PACKAGE }}
path: out/${{ env.DEB_PACKAGE }}
build-darwin:
needs: [get-go-version, get-product-version, generate-ld-flags]
runs-on: macos-latest
strategy:
matrix:
goos: [darwin]
goarch: ["arm64", "amd64"]
fail-fast: true
name: Go ${{ needs.get-go-version.outputs.go-version }} ${{ matrix.goos }} ${{ matrix.goarch }} build
steps:
- uses: actions/checkout@v2
- name: Setup go
uses: actions/setup-go@v2
with:
go-version: ${{ needs.get-go-version.outputs.go-version }}
- name: Build dependencies
run: make deps
- name: Setup node and yarn
uses: actions/setup-node@v2
with:
node-version: "14"
cache-dependency-path: "ui/yarn.lock"
- name: Install Yarn
run: |
npm install -g yarn
- name: Build prerelease
run: make prerelease
- name: Build
env:
GOOS: ${{ matrix.goos }}
GOARCH: ${{ matrix.goarch }}
GO_TAGS: "${{ env.GO_TAGS }} netcgo"
GO_LDFLAGS: ${{ needs.generate-ld-flags.outputs.ldflags }}
CGO_ENABLED: 1
run: |
make pkg/${{ matrix.goos }}_${{ matrix.goarch }}.zip
mv pkg/${{ matrix.goos }}_${{ matrix.goarch }}.zip ${{ env.PKG_NAME }}_${{ needs.get-product-version.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip
- uses: actions/upload-artifact@v2
with:
name: ${{ env.PKG_NAME }}_${{ needs.get-product-version.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip
path: ${{ env.PKG_NAME }}_${{ needs.get-product-version.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip
# This placed here for when the Nomad team is ready to build docker images.
# Please reach out the RDX team for assistance or refer to the CRT Self-Serve Onboarding doc.
# build-docker-default:
# name: Docker ${{ matrix.arch }} default release build
# needs:
# - get-product-version
# - build
# runs-on: ubuntu-latest
# strategy:
# matrix:
# arch: ["arm", "arm64", "386", "amd64"]
# env:
# repo: ${{github.event.repository.name}}
# version: ${{needs.get-product-version.outputs.product-version}}
# steps:
# - uses: actions/checkout@v2
# - name: Docker Build (Action)
# uses: hashicorp/actions-docker-build@v1
# with:
# # Add smoke test here. Below is a sample smoke test that runs the built image
# # and validates the version.
# smoke_test: |
# TEST_VERSION="$(docker run "${IMAGE_NAME}" | awk '/CLI version/{print $3}')"
# if [ "${TEST_VERSION}" != "${version}" ]; then
# echo "Test FAILED"
# exit 1
# fi
# echo "Test PASSED"
# version: ${{env.version}}
# target: release-default
# arch: ${{matrix.arch}}
# tags: |
# docker.io/hashicorp/${{env.repo}}:${{env.version}}
# 986891699432.dkr.ecr.us-east-1.amazonaws.com/hashicorp/${{env.repo}}:${{env.version}}

View File

@ -0,0 +1,68 @@
name: Generate Static Assets
on:
push:
branches:
- "release/**"
env:
GO_TAGS: "release"
jobs:
get-go-version:
runs-on: ubuntu-latest
outputs:
go-version: ${{ steps.get-go-version.outputs.go-version }}
steps:
- uses: actions/checkout@v2
- name: Determine Go version
id: get-go-version
# We use .go-version as our source of truth for current Go
# version, because "goenv" can react to it automatically.
run: |
echo "Building with Go $(cat .go-version)"
echo "::set-output name=go-version::$(cat .go-version)"
generate-metadata:
runs-on: ubuntu-latest
needs: get-go-version
name: generate-metadata
steps:
- uses: actions/checkout@v2
- name: Setup go
uses: actions/setup-go@v2
with:
go-version: ${{ needs.get-go-version.outputs.go-version }}
- name: Setup node and yarn
uses: actions/setup-node@v2
with:
node-version: "14"
cache-dependency-path: "ui/yarn.lock"
- name: Install Yarn
run: |
npm install -g yarn
- uses: actions/checkout@v2
- name: Generate static assets
id: generate-static-assets
run: |
make deps
make prerelease
- name: Commit and push changes
id: commit-change-push
run: |
git add -A .
find . -name '*.generated.go' -not -path './vendor/*' -exec git add -f '{}' \;
if ! git diff-index --quiet HEAD --;
then
git config --global user.email "github-team-nomad-core@hashicorp.com"
git config --global user.name "hc-github-team-nomad-core"
git commit --message "Generate files for release"
git push origin "$(git rev-parse --abbrev-ref HEAD)"
echo "committing generated files"
else
echo "no files were updated"
fi
- name: Invoke build workflow
uses: benc-uk/workflow-dispatch@4c044c1613fabbe5250deadc65452d54c4ad4fc7
with:
workflow: build
token: ${{ secrets.ELEVATED_GITHUB_TOKEN}}

1
.go-version Normal file
View File

@ -0,0 +1 @@
1.17.7

198
.release/ci.hcl Normal file
View File

@ -0,0 +1,198 @@
schema = "1"
project "nomad" {
team = "nomad"
slack {
// #proj-nomad-releases
notification_channel = "CUYKT2A73"
}
github {
organization = "hashicorp"
repository = "nomad"
release_branches = ["main"]
}
}
event "merge" {
// "entrypoint" to use if build is not run automatically
// i.e. send "merge" complete signal to orchestrator to trigger build
}
event "build" {
depends = ["merge"]
action "build" {
organization = "hashicorp"
repository = "nomad"
workflow = "build"
}
}
event "upload-dev" {
depends = ["build"]
action "upload-dev" {
organization = "hashicorp"
repository = "crt-workflows-common"
workflow = "upload-dev"
}
notification {
on = "fail"
}
}
event "security-scan-binaries" {
depends = ["upload-dev"]
action "security-scan-binaries" {
organization = "hashicorp"
repository = "crt-workflows-common"
workflow = "security-scan-binaries"
config = "security-scan.hcl"
}
notification {
on = "fail"
}
}
event "notarize-darwin-amd64" {
depends = ["security-scan-binaries"]
action "notarize-darwin-amd64" {
organization = "hashicorp"
repository = "crt-workflows-common"
workflow = "notarize-darwin-amd64"
}
notification {
on = "fail"
}
}
event "notarize-darwin-arm64" {
depends = ["notarize-darwin-amd64"]
action "notarize-darwin-arm64" {
organization = "hashicorp"
repository = "crt-workflows-common"
workflow = "notarize-darwin-arm64"
}
notification {
on = "fail"
}
}
event "notarize-windows-386" {
depends = ["notarize-darwin-arm64"]
action "notarize-windows-386" {
organization = "hashicorp"
repository = "crt-workflows-common"
workflow = "notarize-windows-386"
}
notification {
on = "fail"
}
}
event "notarize-windows-amd64" {
depends = ["notarize-windows-386"]
action "notarize-windows-amd64" {
organization = "hashicorp"
repository = "crt-workflows-common"
workflow = "notarize-windows-amd64"
}
notification {
on = "fail"
}
}
event "sign" {
depends = ["notarize-windows-amd64"]
action "sign" {
organization = "hashicorp"
repository = "crt-workflows-common"
workflow = "sign"
}
notification {
on = "fail"
}
}
event "sign-linux-rpms" {
depends = ["sign"]
action "sign-linux-rpms" {
organization = "hashicorp"
repository = "crt-workflows-common"
workflow = "sign-linux-rpms"
}
notification {
on = "fail"
}
}
event "verify" {
depends = ["sign-linux-rpms"]
action "verify" {
organization = "hashicorp"
repository = "crt-workflows-common"
workflow = "verify"
}
notification {
on = "always"
}
}
## These are promotion and post-publish events
## they should be added to the end of the file after the verify event stanza.
event "trigger-staging" {
// This event is dispatched by the bob trigger-promotion command
// and is required - do not delete.
}
event "promote-staging" {
depends = ["trigger-staging"]
action "promote-staging" {
organization = "hashicorp"
repository = "crt-workflows-common"
workflow = "promote-staging"
}
notification {
on = "always"
}
}
event "trigger-production" {
// This event is dispatched by the bob trigger-promotion command
// and is required - do not delete.
}
event "promote-production" {
depends = ["trigger-production"]
action "promote-production" {
organization = "hashicorp"
repository = "crt-workflows-common"
workflow = "promote-production"
}
notification {
on = "always"
}
}
event "promote-production-packaging" {
depends = ["promote-production"]
action "promote-production-packaging" {
organization = "hashicorp"
repository = "crt-workflows-common"
workflow = "promote-production-packaging"
}
notification {
on = "always"
}
}

View File

@ -0,0 +1,16 @@
# Full configuration options can be found at https://www.nomadproject.io/docs/configuration
data_dir = "/opt/nomad/data"
bind_addr = "0.0.0.0"
server {
# license_path is required as of Nomad v1.1.1+
#license_path = "/etc/nomad.d/nomad.hcl"
enabled = true
bootstrap_expect = 1
}
client {
enabled = true
servers = ["127.0.0.1"]
}

View File

@ -0,0 +1,43 @@
[Unit]
Description=Nomad
Documentation=https://nomadproject.io/docs/
Wants=network-online.target
After=network-online.target
# When using Nomad with Consul it is not necessary to start Consul first. These
# lines start Consul before Nomad as an optimization to avoid Nomad logging
# that Consul is unavailable at startup.
#Wants=consul.service
#After=consul.service
[Service]
EnvironmentFile=-/etc/nomad.d/nomad.env
ExecReload=/bin/kill -HUP $MAINPID
ExecStart=/usr/bin/nomad agent -config /etc/nomad.d
KillMode=process
KillSignal=SIGINT
LimitNOFILE=65536
LimitNPROC=infinity
Restart=on-failure
RestartSec=2
## Configure unit start rate limiting. Units which are started more than
## *burst* times within an *interval* time span are not permitted to start any
## more. Use `StartLimitIntervalSec` or `StartLimitInterval` (depending on
## systemd version) to configure the checking interval and `StartLimitBurst`
## to configure how many starts per interval are allowed. The values in the
## commented lines are defaults.
# StartLimitBurst = 5
## StartLimitIntervalSec is used for systemd versions >= 230
# StartLimitIntervalSec = 10s
## StartLimitInterval is used for systemd versions < 230
# StartLimitInterval = 10s
TasksMax=infinity
OOMScoreAdjust=-1000
[Install]
WantedBy=multi-user.target

16
.release/linux/postinst Normal file
View File

@ -0,0 +1,16 @@
#!/bin/bash
mkdir -p /opt/nomad/data
chown nomad:nomad /opt/nomad/data
chown -R nomad:nomad /etc/nomad.d
if [ -d /run/systemd/system ]; then
systemctl --system daemon-reload >/dev/null || true
fi
if [[ $(nomad version) == *+ent* ]]; then
echo "
The following shall apply unless your organization has a separately signed Enterprise License Agreement or Evaluation Agreement governing your use of the software:
Software in this repository is subject to the license terms located in the software, copies of which are also available at https://eula.hashicorp.com/ClickThruELA-Global.pdf or https://www.hashicorp.com/terms-of-evaluation as applicable. Please read the license terms prior to using the software. Your installation and use of the software constitutes your acceptance of these terms. If you do not accept the terms, do not use the software.
"
fi

7
.release/linux/postrm Normal file
View File

@ -0,0 +1,7 @@
#!/bin/bash
if [ "$1" = "purge" ]; then
userdel nomad
fi
exit 0

13
.release/linux/preinst Normal file
View File

@ -0,0 +1,13 @@
#!/bin/bash
set -eu
USER="nomad"
if ! id -u $USER >/dev/null 2>&1; then
useradd \
--system \
--user-group \
--shell /bin/false \
$USER
fi

View File

@ -0,0 +1,18 @@
container {
secrets {
all = false
}
dependencies = false
alpine_security = false
}
binary {
go_modules = true
osv = false
nvd = false
secrets {
all = true
}
}

4
CODEOWNERS Normal file
View File

@ -0,0 +1,4 @@
# release configuration
/.release/ @hashicorp/release-engineering
/.github/workflows/build.yml @hashicorp/release-engineering

View File

@ -67,7 +67,8 @@ ALL_TARGETS = linux_s390x
endif endif
ifeq (Darwin,$(THIS_OS)) ifeq (Darwin,$(THIS_OS))
ALL_TARGETS = darwin_amd64 ALL_TARGETS = darwin_amd64 \
darwin_arm64
endif endif
ifeq (FreeBSD,$(THIS_OS)) ifeq (FreeBSD,$(THIS_OS))
@ -371,7 +372,7 @@ test-ui: ## Run Nomad UI test suite
.PHONY: ember-dist .PHONY: ember-dist
ember-dist: ## Build the static UI assets from source ember-dist: ## Build the static UI assets from source
@echo "--> Installing JavaScript assets" @echo "--> Installing JavaScript assets"
@cd ui && yarn install --silent @cd ui && yarn install --silent --network-timeout 300000
@cd ui && npm rebuild node-sass @cd ui && npm rebuild node-sass
@echo "--> Building Ember application" @echo "--> Building Ember application"
@cd ui && npm run build @cd ui && npm run build
@ -408,3 +409,12 @@ ui-screenshots:
ui-screenshots-local: ui-screenshots-local:
@echo "==> Collecting UI screenshots (local)..." @echo "==> Collecting UI screenshots (local)..."
@cd scripts/screenshots/src && SCREENSHOTS_DIR="../screenshots" node index.js @cd scripts/screenshots/src && SCREENSHOTS_DIR="../screenshots" node index.js
version:
ifneq (,$(wildcard version/version_ent.go))
@$(CURDIR)/scripts/version.sh version/version_ent.go
else
@$(CURDIR)/scripts/version.sh version/version.go
endif
.PHONY: version

11
scripts/version.sh Executable file
View File

@ -0,0 +1,11 @@
#!/usr/bin/env bash
version_file=$1
version=$(awk '$1 == "Version" && $2 == "=" { gsub(/"/, "", $3); print $3 }' <"${version_file}")
prerelease=$(awk '$1 == "VersionPrerelease" && $2 == "=" { gsub(/"/, "", $3); print $3 }' <"${version_file}")
if [ -n "$prerelease" ]; then
echo "${version}-${prerelease}"
else
echo "${version}"
fi