This PR upgrades our CI images and fixes some affected tests.
- upgrade go-machine-image to premade latest ubuntu LTS (ubuntu-2004:202111-02)
- eliminate go-machine-recent-image (no longer necessary)
- manage GOPATH in GNUMakefile (see https://discuss.circleci.com/t/gopath-is-set-to-multiple-directories/7174)
- fix tcp dial error check (message seems to be OS specific)
- spot check values measured instead of specifically 'RSS' (rss no longer reported in cgroups v2)
- use safe MkdirTemp for generating tmpfiles
NOT applied: (too flakey)
- eliminate setting GOMAXPROCS=1 (build tools were also affected by this setting)
- upgrade resource type for all imanges to large (2C -> 4C)
We don't run tests over documentation PRs marked by the branch prefix
`docs-*`. With the new backport assistant, that should also include
branches with the prefix `backports/docs-*`
Have the build-binary bundle the UI by default. This eases getting "alpha pre-releases" out for support without compiling locally, and engineer's experience with e2e test clusters.
* ci: only spin up a docker engine if necessary
Halt the website-docker-image job early if no changes are detected. We
halt early before spinning up the remote docker engine, as the remote
docker engine step can add some delay (seconds to minutes) and is more
likely to suffer circleci instability.
* ci: Only run website workflow in OSS repo
Add a CircleCI conditional to avoid running website worklows on forks.
OSS no longer needs the multi-file config Makefile content, so it was
removed. However, enterprise does benefit from having that around. We
can allow enterprise to expand on OSS' CircleCI Makefile by adding an
include directive in OSS. This will allow the Makefile to be the same on
both OSS and Enterprise, so merge conflicts cannot occur.
Dockerhub is going to rate limit unauthenticated pulls.
Use our HashiCorp internal mirror for builds run through CircleCI.
Co-authored-by: Mahmood Ali <mahmood@hashicorp.com>
Currently we compile (but don't run) the e2e tests as part of `test-other`,
which is skipped for branches named `e2e-*`. Move this check into the
`test-e2e` job. Split out the vault compatibility integration check as its own
makefile target for clarity.
We currently have two jobs commented out in ENT because we don't have the test
target configured there. So having the filter attached to one of those jobs
means changes to filters always create a merge conflict.
Branches for the e2e code base can't have impact on the unit tests, so running
those tests just extends the time it takes to ship e2e updates. This changeset
updates the CircleCI config so that e2e branches run linting, build the
binary, and run the e2e unit tests (currently just vault compatibility).
Go 1.14.4 contains two CVEs which are fixed in 1.14.5:
- [CVE-2020-15586](https://golang.org/issue/34902)
- [CVE-2020-14039](https://golang.org/issue/39360)
Upon consideration with HashiCorp security these CVEs are considered low
severity for Nomad and no new security fix binary will be released.
Seth Hoenig