open-vault/.circleci/config.yml

1156 lines
45 KiB
YAML
Raw Normal View History

### ***
### WARNING: DO NOT manually EDIT or MERGE this file, it is generated by 'make ci-config'.
### INSTEAD: Edit or merge the source in config/ then run 'make ci-config'.
### ***
ci/packagespec (#9653) * add packagespec build system - The majority of changes in this commit are files generated by packagespec (everything in the packages-oss.lock directory). * add .yamllint * update to packagespec@fd54aea4 * ci: bust packagespec cache - Change to packagespec results in package IDs that can use git tag refs, not just commit refs. * update to packagepsec@5fc121d0 - This busts all caches, because of a change to the way we no longer traverse from tag refs to commit refs, due to the potential confusion this can cause. - See https://github.com/hashicorp/packagespec/commit/fd54aea4827bb6cfd637c78a2ab6274111605330 for the original change to packagespec necessitating this. * update to packagespec@5e6c87b6 - This completes the change to allowing git tag refs to be used for source IDs, begun in f130b940a8fbe3e9398225b08ea1d63420bef7b6 * update to packagespec@4d3c9e8b - This busts cache, needed to apply previous change. * remove RELEASE_BUILD_WORKFLOW_NAME * update packagespec, add watch-ci target * fix package names (do not refer to EDITION) * remove EDITION input from packages-oss.yml * bump package cache, update packagespec * update packagespec, add 'aliases' target * update packagespec; less output noise * ci: give release bundle file a better name - When performing a release build, this will include the build ID as part of the name, making it easier to distinguish from other builds. * ci: create aliases tarball artifact * ci: cache package metadata files * ci: add metadata artifact * ci: bust circleci package cache * Revert "ci: bust circleci package cache" This reverts commit 1320d182613466f0999d63f5742db12ac17f8e92. * ci: remove aliases artifact * ci: use buildID not workflowName to id artifacts * packages: add BUNDLE_NAME metadata * do not cache package metadata with binaries * ci: bump package cache * ci: debugging * ci: fix package cache; update packagespec * ci: update packagespec to 10e7beb2 * ci: write package metadata and aliases * ci: switch to .zip artifacts * switch package bundle back to tar.gz (from zip) - Because of the way zip works, the zip archive was over 2GB rather than under 750MB as with tar.gz. * bump packagespec, adds list-staged-builds * update packagespec * add publish stub + general tidy up * bump packagespec * bump packagespec; add make publish-config * Makefile: tidy up packagespec targets * pass PRODUCT_REPO_ROOT to packagespec * bump go to 1.14.6 * packages-oss.yml: use more explicit base image * bump packagespec to b899b7c1 * bump packagespec to f040ce8f * packages-oss.yml: pin base image to digest - This digest is pointed to by debian:buster-20200720 - Using a specific digest ensures that builds use the same base image in all contexts * add release-repo; bump packagespec * remove BUILD_TAGS and -tags flag * bump packagespec to e444f742 * bump to go1.14.7 * ci: bump to go1.14.7
2020-08-11 09:00:59 +00:00
# Orb 'circleci/slack@3.2.0' resolved to 'circleci/slack@3.2.0'
version: 2
jobs:
install-ui-dependencies:
docker:
- image: docker.mirror.hashicorp.services/node:14-buster
shell: /usr/bin/env bash -euo pipefail -c
working_directory: /home/circleci/go/src/github.com/hashicorp/vault
steps:
- checkout
- restore_cache:
key: yarn-lock-v7-{{ checksum "ui/yarn.lock" }}
2021-06-25 16:17:05 +00:00
name: Restore yarn cache
- run:
command: |
cd ui
yarn install
npm rebuild node-sass
name: Install UI dependencies
- save_cache:
key: yarn-lock-v7-{{ checksum "ui/yarn.lock" }}
2021-06-25 16:17:05 +00:00
name: Save yarn cache
paths:
- ui/node_modules
test-ui:
docker:
- image: docker.mirror.hashicorp.services/node:14-buster
shell: /usr/bin/env bash -euo pipefail -c
working_directory: /home/circleci/go/src/github.com/hashicorp/vault
Ember-cli upgrade from ~3.8 to ~3.20 (#9972) * Update ember-cli to ~3.20 * Remove bad optional-feature * Remove ember-fetch dep * re-install ember-fetch * update model fragments pr * update ember model fragments correct package name * update ember composable helpers to solve array helper error * update ember-concurrency * add back engine dependencies, automatically removed during ember-cli-upgrade * make author-form-options component js file otherwise error * for now comment out withTestWaiter * add eslint-node and fix if not with unless in templates * fix linting for tab index of false is now -1 and add type button to all buttons without types * fix href errors for linting, likely have to come back and fix * using eslint fix flag to fix all this.gets * ember modules codemode removed files that had module twice, will fix in next commit * finish codemode ember-data-codemod needed to rename const model * more this.get removal codemode did not work * cont. removal of this.get * stop mixin rules until figure out how to reconfig them all * smaller eslint ignores * get codemode * testing app small fixes to bring it back after all the changes * small changes to eslint * test removal of getProperties * fix issue with baseKey because value could be unknown needed to add a question mark in nested get * smaller linting fixes * get nested fixes * small linting error fixes * small linting changes * working through more small linting changes * another round of linting modifications * liniting fixes * ember module codemod * quinit dom codemod * angle bracket codemod * discovered that components must have js files * ran all codemods this is all that's left * small changes to fix get needs two object, should not have been using get. * fix issue with one input in form field * fun times with set and onChange from oninput * fix issue with model not being passed through on secret-edit-display * fix issue with yarn run test not working, revert without npm run all * linting and small fix when loading without a selectAuthBackend * fix failing test with ui-wizard issue * fix test failure due to model not being asked for correctly with new changes, probably run into this more. * fix issue with component helper and at props specific to wizard * rename log to clilog due to conflict with new eslint rule * small changes for test failures * component helper at fixes * Revert to old component style something with new one broke this and can't figure it out for now * small fishy smelling test fixes will revisit * small test changes * more small test changes, appears upgrade treats spaces differently * comment out code and test that no longer seems relevant but confirm * clean run on component test though still some potential timing issues on ui-console test * fixing one auth test issue and timing issue on enable-test * small mods * fix this conditional check from upgrade * linting fixes after master merge * package updates using yarn upgrade-interactive * update libraries that did not effect any of the test failures. * update ember truth helpers library * settling tests * Fix ui-panel control group output * fix features selection test failures * Fix auth tests (x-vault-token) * fix shared test * fix issue with data null on backend * Revert "Fix auth tests (x-vault-token)" This reverts commit 89cb174b2f1998efa56d9604d14131415ae65d6f. * Fix auth tests (x-vault-token) without updating this.set * Update redirect-to tests * fix wrapped token test * skip some flaky test * fix issue with href and a tags vs buttons * fix linting * updates to get tests running (#10409) * yarn isntall * increasing resource_class * whoops * trying large * back to xlarge * Fix param issue on transform item routes * test fixes * settle on policies (old) test * fix browserstack test warning and skips of test confirmed worked * Fix redirect-to test * skips * fix transformation test and skip some kmip * Skip tests * Add meep marker to remaining failing tests * Skip test with failing component * rever skip on secret-create test * Skip piece of test that fails due to navigation-input * fix settings test where can and skip in others after confirming * fix circle ci test failures * ssh role settle * Fix navigate-input and add settled to test * Remove extra import * secret cubbyhole and alicloud * Add settled to gcpkms test * settles on redirect to test * Bump browserstack test resource to large * Update browserstack resource size to xlarge * update todos * add back in withTestWaiter * try and fix credentials conditional action added comment instead * Update volatile computed properies to get functions * this step was never reached and we never defined secretType anywhere so I removed * add settled to policy old test * Fix navigate-input on policies and leases * replace ssh test with no var hoping that helps and add settled to other failing tests, unskip console tests * kmip, transit, role test remove a skip and add in settled * fix hover copy button, had to remove some testing functionality * Remove private router service * remove skip on control ssh and ui panel, fix search select by restructuring how to read the error * final bit of working through skipped test * Replace clearNonGlobalModels by linking directly to namespace with href-to * Remove unused var * Fix role-ssh id bug by updating form-field-from-model to form-field-group-loop * Fix transit create id would not update * Update option toggle selector for ssh-role * Fix ssh selector * cleanup pt1 * small clean up * cleanup part2 * Fix computed on pricing-metrics-form * small cleanup based on chelseas comments. Co-authored-by: Chelsea Shaw <chelshaw.dev@gmail.com> Co-authored-by: Sarah Thompson <sthompson@hashicorp.com>
2020-12-03 23:00:22 +00:00
resource_class: xlarge
steps:
- run:
command: |
case "$CIRCLE_BRANCH" in
main|ui/*|backport/ui/*|release/*|merge*) ;;
*) # If the branch being tested doesn't match one of the above patterns,
# we don't need to run test-ui and can abort the job.
circleci-agent step halt
;;
esac
# exit with success either way
exit 0
name: Check branch name
working_directory: ~/
- checkout
- restore_cache:
key: yarn-lock-v7-{{ checksum "ui/yarn.lock" }}
2021-06-25 16:17:05 +00:00
name: Restore yarn cache
- attach_workspace:
at: .
- run:
command: |
set -x
# Install Chrome
wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub \
| apt-key add -
echo "deb http://dl.google.com/linux/chrome/deb/ stable main" \
| tee /etc/apt/sources.list.d/google-chrome.list
apt-get update
apt-get -y install google-chrome-stable
rm /etc/apt/sources.list.d/google-chrome.list
rm -rf /var/lib/apt/lists/* /var/cache/apt/*
# Add ./bin to the PATH so vault binary can be run by Ember tests
export PATH="${PWD}/bin:${PATH}"
# Run Ember tests
cd ui
mkdir -p test-results/qunit
Update ui dependencies (#7244) * be more specific about node version, and specify a yarn version * update ember, ember-cli, ember-data, ember-data-model-fragments * use router handlers to access transition information * fix shadowing of component helper * update ivy-codemirror, ember-cli-inject-live-reload * remove custom router service * don't use transition.queryParams * update ember-cli-deprecation-workflow * refactor kv v1 to use 'path' instead of 'id' on creation * fix auth-jwt-test and toolbar-link-test * update ember composable helpers * remove Ember.copy from test file * no more deprecations in the workflow * fix more secret tests * fix remaining failed tests * move select component to core because it's used by ttl-picker * generate new model class for each test instead of reusing an existing one * fix selectors on kmip tests * refactor how control groups construct urls from the new transition objects * add router service override back in, and have it be evented so that we can trigger router events on it * move stories and markdown files to core if the component lives in core * update ember-cli, ember-cli-babel, ember-auto-import * update base64js, date-fns, deepmerge, codemirror, broccoli-asset-rev * update linting rules * fix test selectors * update ember-api-actions, ember-concurrency, ember-load-initializers, escape-string-regexp, normalize.css, prettier-eslint-cli, jsdoc-to-markdown * remove test-results dir * update base64js, ember-cli-clipboard, ember-cli-sass, ember-cli-string-helpers, ember-cli-template-lint, ember-cli-uglify, ember-link-action * fix linting * run yarn install without restoring from cache * refactor how tests are run and handle the vault server subprocess * update makefile for new test task names * update circle config to use the new yarn task * fix writing the seal keys when starting the dev server * remove optional deps from the lockfile * don't ignore-optional on yarn install * remove errant console.log * update ember-basic-dropdown-hover, jsonlint, yargs-parser * update ember-cli-flash * add back optionalDeps * update @babel/core@7.5.5, ember-basic-dropdown@1.1.3, eslint-plugin-ember@6.8.2 * update storybook to the latest release * add a babel config with targets so that the ember babel plugin works properly * update ember-resolver, move ember-cli-storybook to devDependencies * revert normalize.css upgrade * silence fetchadapter warning for now * exclude 3rd party array helper now that ember includes one * fix switch and entity lookup styling * only add -root suffix if it's not in versions mode * make sure drop always has an array on the aws role form * fix labels like we did with the backport * update eslintignore * update the yarn version in the docker build file * update eslint ignore
2019-08-19 20:45:39 +00:00
yarn test:oss
name: Test UI
- store_artifacts:
path: ui/test-results
- store_test_results:
path: ui/test-results
test-ui-browserstack:
docker:
- image: docker.mirror.hashicorp.services/node:14-buster
shell: /usr/bin/env bash -euo pipefail -c
working_directory: /home/circleci/go/src/github.com/hashicorp/vault
Ember-cli upgrade from ~3.8 to ~3.20 (#9972) * Update ember-cli to ~3.20 * Remove bad optional-feature * Remove ember-fetch dep * re-install ember-fetch * update model fragments pr * update ember model fragments correct package name * update ember composable helpers to solve array helper error * update ember-concurrency * add back engine dependencies, automatically removed during ember-cli-upgrade * make author-form-options component js file otherwise error * for now comment out withTestWaiter * add eslint-node and fix if not with unless in templates * fix linting for tab index of false is now -1 and add type button to all buttons without types * fix href errors for linting, likely have to come back and fix * using eslint fix flag to fix all this.gets * ember modules codemode removed files that had module twice, will fix in next commit * finish codemode ember-data-codemod needed to rename const model * more this.get removal codemode did not work * cont. removal of this.get * stop mixin rules until figure out how to reconfig them all * smaller eslint ignores * get codemode * testing app small fixes to bring it back after all the changes * small changes to eslint * test removal of getProperties * fix issue with baseKey because value could be unknown needed to add a question mark in nested get * smaller linting fixes * get nested fixes * small linting error fixes * small linting changes * working through more small linting changes * another round of linting modifications * liniting fixes * ember module codemod * quinit dom codemod * angle bracket codemod * discovered that components must have js files * ran all codemods this is all that's left * small changes to fix get needs two object, should not have been using get. * fix issue with one input in form field * fun times with set and onChange from oninput * fix issue with model not being passed through on secret-edit-display * fix issue with yarn run test not working, revert without npm run all * linting and small fix when loading without a selectAuthBackend * fix failing test with ui-wizard issue * fix test failure due to model not being asked for correctly with new changes, probably run into this more. * fix issue with component helper and at props specific to wizard * rename log to clilog due to conflict with new eslint rule * small changes for test failures * component helper at fixes * Revert to old component style something with new one broke this and can't figure it out for now * small fishy smelling test fixes will revisit * small test changes * more small test changes, appears upgrade treats spaces differently * comment out code and test that no longer seems relevant but confirm * clean run on component test though still some potential timing issues on ui-console test * fixing one auth test issue and timing issue on enable-test * small mods * fix this conditional check from upgrade * linting fixes after master merge * package updates using yarn upgrade-interactive * update libraries that did not effect any of the test failures. * update ember truth helpers library * settling tests * Fix ui-panel control group output * fix features selection test failures * Fix auth tests (x-vault-token) * fix shared test * fix issue with data null on backend * Revert "Fix auth tests (x-vault-token)" This reverts commit 89cb174b2f1998efa56d9604d14131415ae65d6f. * Fix auth tests (x-vault-token) without updating this.set * Update redirect-to tests * fix wrapped token test * skip some flaky test * fix issue with href and a tags vs buttons * fix linting * updates to get tests running (#10409) * yarn isntall * increasing resource_class * whoops * trying large * back to xlarge * Fix param issue on transform item routes * test fixes * settle on policies (old) test * fix browserstack test warning and skips of test confirmed worked * Fix redirect-to test * skips * fix transformation test and skip some kmip * Skip tests * Add meep marker to remaining failing tests * Skip test with failing component * rever skip on secret-create test * Skip piece of test that fails due to navigation-input * fix settings test where can and skip in others after confirming * fix circle ci test failures * ssh role settle * Fix navigate-input and add settled to test * Remove extra import * secret cubbyhole and alicloud * Add settled to gcpkms test * settles on redirect to test * Bump browserstack test resource to large * Update browserstack resource size to xlarge * update todos * add back in withTestWaiter * try and fix credentials conditional action added comment instead * Update volatile computed properies to get functions * this step was never reached and we never defined secretType anywhere so I removed * add settled to policy old test * Fix navigate-input on policies and leases * replace ssh test with no var hoping that helps and add settled to other failing tests, unskip console tests * kmip, transit, role test remove a skip and add in settled * fix hover copy button, had to remove some testing functionality * Remove private router service * remove skip on control ssh and ui panel, fix search select by restructuring how to read the error * final bit of working through skipped test * Replace clearNonGlobalModels by linking directly to namespace with href-to * Remove unused var * Fix role-ssh id bug by updating form-field-from-model to form-field-group-loop * Fix transit create id would not update * Update option toggle selector for ssh-role * Fix ssh selector * cleanup pt1 * small clean up * cleanup part2 * Fix computed on pricing-metrics-form * small cleanup based on chelseas comments. Co-authored-by: Chelsea Shaw <chelshaw.dev@gmail.com> Co-authored-by: Sarah Thompson <sthompson@hashicorp.com>
2020-12-03 23:00:22 +00:00
resource_class: xlarge
steps:
- checkout
- restore_cache:
key: yarn-lock-v7-{{ checksum "ui/yarn.lock" }}
2021-06-25 16:17:05 +00:00
name: Restore yarn cache
- attach_workspace:
at: .
- run:
command: |
# Add ./bin to the PATH so vault binary can be found.
export PATH="${PWD}"/bin:${PATH}
make test-ui-browserstack
name: Run Browserstack Tests
build-go-dev:
machine: true
shell: /usr/bin/env bash -euo pipefail -c
working_directory: /home/circleci/go/src/github.com/hashicorp/vault
steps:
- run:
command: |
[ -n "$GO_VERSION" ] || { echo "You must set GO_VERSION"; exit 1; }
# Install Go
curl -sSLO "https://dl.google.com/go/go${GO_VERSION}.linux-amd64.tar.gz"
sudo rm -rf /usr/local/go
sudo tar -C /usr/local -xzf "go${GO_VERSION}.linux-amd64.tar.gz"
rm -f "go${GO_VERSION}.linux-amd64.tar.gz"
GOPATH="/home/circleci/go"
mkdir $GOPATH 2>/dev/null || { sudo mkdir $GOPATH && sudo chmod 777 $GOPATH; }
echo "export GOPATH='$GOPATH'" >> "$BASH_ENV"
echo "export PATH='$PATH:$GOPATH/bin:/usr/local/go/bin'" >> "$BASH_ENV"
2021-06-25 16:17:05 +00:00
echo "export GOPROXY=off" >> "$BASH_ENV"
echo "export GOPRIVATE=github.com/hashicorp/*" >> "$BASH_ENV"
echo "$ go version"
go version
name: Setup Go
working_directory: ~/
- checkout
2021-06-25 16:17:05 +00:00
- restore_cache:
keys:
- v1.4-{{checksum "go.sum"}}-{{checksum "sdk/go.sum"}}-{{checksum "api/go.sum"}}
2021-06-25 16:17:05 +00:00
name: Restore exact go modules cache
- attach_workspace:
at: .
- run:
command: |
# Move dev UI assets to expected location
rm -rf ./pkg
mkdir ./pkg
# Build dev binary
make ci-bootstrap dev
name: Build dev binary
- persist_to_workspace:
paths:
- bin
root: .
environment:
- CIRCLECI_CLI_VERSION: 0.1.5546
- GO_TAGS: ''
2022-02-23 20:08:08 +00:00
- GO_VERSION: 1.17.7
- GOFUMPT_VERSION: 0.2.1
- GOTESTSUM_VERSION: 0.5.2
algolia-index:
docker:
- image: node:14
steps:
- checkout
- run:
command: |
if [ "$CIRCLE_REPOSITORY_URL" != "git@github.com:hashicorp/vault.git" ]; then
echo "Not Vault OSS Repo, not indexing Algolia"
exit 0
fi
cd website/
npm install -g npm@latest
npm install
node scripts/index_search_content.js
name: Push content to Algolia Index
test-go-remote-docker:
docker:
2022-02-23 20:08:08 +00:00
- image: docker.mirror.hashicorp.services/cimg/go:1.17.7
resource_class: medium
working_directory: /home/circleci/go/src/github.com/hashicorp/vault
parallelism: 8
steps:
- run:
command: |
# If the branch being tested starts with ui/ or docs/ we want to exit the job without failing
[[ "$CIRCLE_BRANCH" = ui/* || "$CIRCLE_BRANCH" = docs/* || "$CIRCLE_BRANCH" = backport/docs/* ]] && {
# stop the job from this step
circleci-agent step halt
}
# exit with success either way
exit 0
name: Check branch name
working_directory: ~/
- checkout
- setup_remote_docker:
docker_layer_caching: true
version: 18.09.3
- add_ssh_keys:
fingerprints:
- 0e:03:77:f4:e2:c3:56:c2:53:6a:03:e1:31:91:2f:06
- run:
command: |
git config --global url."git@github.com:".insteadOf https://github.com/
- run:
command: |
TZ=GMT date '+%Y%m%d' > /tmp/go-cache-key
name: Compute test cache key
- restore_cache:
keys:
- go-test-cache-date-v1-{{ checksum "/tmp/go-cache-key" }}
2021-06-25 16:17:05 +00:00
- restore_cache:
keys:
- v1.4-{{checksum "go.sum"}}-{{checksum "sdk/go.sum"}}-{{checksum "api/go.sum"}}
2021-06-25 16:17:05 +00:00
name: Restore exact go modules cache
- run:
command: |
set -exo pipefail
EXTRA_TAGS=
case "" in
*-race*) export VAULT_CI_GO_TEST_RACE=1;;
*) EXTRA_TAGS=deadlock;;
esac
# Install CircleCI CLI
curl -sSL \
"https://github.com/CircleCI-Public/circleci-cli/releases/download/v${CIRCLECI_CLI_VERSION}/circleci-cli_${CIRCLECI_CLI_VERSION}_linux_amd64.tar.gz" \
| sudo tar --overwrite -xz \
-C /usr/local/bin \
"circleci-cli_${CIRCLECI_CLI_VERSION}_linux_amd64/circleci"
USE_DOCKER=0
USE_DOCKER=1
# Check all directories with a go.mod file
modules=("." "api" "sdk")
all_package_names=""
for dir in "${modules[@]}"
do
pushd "$dir"
# On its own line so that -e will fail the tests if we detect errors here.
go list -test -json ./... > test-list.json
# Split Go tests by prior test times. If use_docker is true, only run
# tests that depend on docker, otherwise only those that don't.
# The appended true condition ensures the command will succeed if no packages are found
if [ $USE_DOCKER == 1 ]; then
package_names=$(< test-list.json jq -r 'select(.Deps != null) |
select(any(.Deps[] ; contains("github.com/hashicorp/vault/helper/testhelpers/docker"))) |
.ForTest | select(. != null)' |
sort -u | grep -v vault/integ | circleci tests split --split-by=timings --timings-type=classname || true)
else
package_names=$(< test-list.json jq -r 'select(.Deps != null) |
select(all(.Deps[] ; contains("github.com/hashicorp/vault/helper/testhelpers/docker")|not)) |
.ForTest | select(. != null)' |
sort -u | grep -v vault/integ | circleci tests split --split-by=timings --timings-type=classname || true)
fi
# Move back into root directory
popd
# Append the test packages into the global list, if any are found
if [ -n "$package_names" ]; then
all_package_names+=" ${package_names}"
fi
done
# After running tests split step, we are now running the following steps
# in multiple different containers, each getting a different subset of
# the test packages in their package_names variable. Each container
# has its own remote docker VM.
make prep
mkdir -p test-results/go-test
# We don't want VAULT_LICENSE set when running Go tests, because that's
# not what developers have in their environments and it could break some
# tests; it would be like setting VAULT_TOKEN. However some non-Go
# CI commands, like the UI tests, shouldn't have to worry about licensing.
# So we set VAULT_LICENSE in CI, and here we unset it. Instead of
# VAULT_LICENSE, we populate VAULT_LICENSE_CI, so that tests which want
# an externally supplied license can opt-in to using it.
export VAULT_LICENSE_CI="$VAULT_LICENSE"
VAULT_LICENSE=
# Create a docker network for our testcontainer
if [ $USE_DOCKER == 1 ]; then
# Despite the fact that we're using a circleci image (thus getting the
# version they chose for the docker cli) and that we're specifying a
# docker version to use for the remote docker instances, we occasionally
# see "client version too new, max supported version 1.39" errors for
# reasons unclear.
export DOCKER_API_VERSION=1.39
export TEST_DOCKER_NETWORK_ID=$(docker network list -q -f 'name=vaulttest')
if [ -z $TEST_DOCKER_NETWORK_ID ]; then
TEST_DOCKER_NETWORK_ID=$(docker network create vaulttest)
fi
# Start a docker testcontainer to run the tests in
docker run -d \
-e TEST_DOCKER_NETWORK_ID \
-e GOPRIVATE \
-e DOCKER_CERT_PATH \
-e DOCKER_HOST \
-e DOCKER_MACHINE_NAME \
-e DOCKER_TLS_VERIFY \
-e NO_PROXY \
-e VAULT_TEST_LOG_DIR=/tmp/testlogs \
--network vaulttest --name \
2022-02-23 20:08:08 +00:00
testcontainer docker.mirror.hashicorp.services/cimg/go:1.17.7 \
tail -f /dev/null
# Run tests
test -d /tmp/go-cache && docker cp /tmp/go-cache testcontainer:/tmp/gocache
docker exec testcontainer sh -c 'mkdir -p /home/circleci/go/src/github.com/hashicorp/vault'
docker cp . testcontainer:/home/circleci/go/src/github.com/hashicorp/vault/
docker cp $DOCKER_CERT_PATH/ testcontainer:$DOCKER_CERT_PATH
2021-06-25 16:17:05 +00:00
# Copy the downloaded modules inside the container.
docker exec testcontainer sh -c 'mkdir -p /home/circleci/go/pkg'
docker cp "$(go env GOPATH)/pkg/mod" testcontainer:/home/circleci/go/pkg/mod
2021-06-25 16:17:05 +00:00
docker exec -w /home/circleci/go/src/github.com/hashicorp/vault/ \
2021-06-25 16:17:05 +00:00
-e CIRCLECI -e VAULT_CI_GO_TEST_RACE \
-e GOCACHE=/tmp/gocache \
-e GO_TAGS \
2021-06-25 16:17:05 +00:00
-e GOPROXY="off" \
-e VAULT_LICENSE_CI \
-e GOARCH=amd64 \
testcontainer \
gotestsum --format=short-verbose \
--junitfile test-results/go-test/results.xml \
--jsonfile test-results/go-test/results.json \
-- \
-tags "${GO_TAGS} ${EXTRA_TAGS}" \
-timeout=60m \
-parallel=20 \
\
${all_package_names}
else
GOARCH=amd64 \
GOCACHE=/tmp/go-cache \
gotestsum --format=short-verbose \
--junitfile test-results/go-test/results.xml \
--jsonfile test-results/go-test/results.json \
-- \
-tags "${GO_TAGS} ${EXTRA_TAGS}" \
-timeout=60m \
-parallel=20 \
\
${all_package_names}
fi
environment:
GOPRIVATE: github.com/hashicorp/*
name: Run Go tests
no_output_timeout: 60m
- run:
command: |
docker cp testcontainer:/home/circleci/go/src/github.com/hashicorp/vault/test-results .
docker cp testcontainer:/tmp/gocache /tmp/go-cache
name: Copy test results
when: always
- store_artifacts:
path: test-results
- store_test_results:
path: test-results
- store_artifacts:
path: /tmp/testlogs
environment:
- CIRCLECI_CLI_VERSION: 0.1.5546
- GO_TAGS: ''
fmt:
machine: true
shell: /usr/bin/env bash -euo pipefail -c
working_directory: /home/circleci/go/src/github.com/hashicorp/vault
steps:
- run:
command: |
[ -n "$GO_VERSION" ] || { echo "You must set GO_VERSION"; exit 1; }
# Install Go
curl -sSLO "https://dl.google.com/go/go${GO_VERSION}.linux-amd64.tar.gz"
sudo rm -rf /usr/local/go
sudo tar -C /usr/local -xzf "go${GO_VERSION}.linux-amd64.tar.gz"
rm -f "go${GO_VERSION}.linux-amd64.tar.gz"
GOPATH="/home/circleci/go"
mkdir $GOPATH 2>/dev/null || { sudo mkdir $GOPATH && sudo chmod 777 $GOPATH; }
echo "export GOPATH='$GOPATH'" >> "$BASH_ENV"
echo "export PATH='$PATH:$GOPATH/bin:/usr/local/go/bin'" >> "$BASH_ENV"
echo "export GOPROXY=https://proxy.golang.org,direct" >> "$BASH_ENV"
echo "export GOPRIVATE=github.com/hashicorp/*" >> "$BASH_ENV"
echo "$ go version"
go version
name: Setup Go
working_directory: ~/
- checkout
- run:
command: |
go install "mvdan.cc/gofumpt@v${GOFUMPT_VERSION}"
make fmt
if ! git diff --exit-code; then
echo "Code has formatting errors. Run 'make fmt' to fix"
exit 1
fi
name: make fmt
environment:
- CIRCLECI_CLI_VERSION: 0.1.5546
- GO_TAGS: ''
2022-02-23 20:08:08 +00:00
- GO_VERSION: 1.17.7
- GOFUMPT_VERSION: 0.2.1
- GOTESTSUM_VERSION: 0.5.2
test-go-race:
docker:
2022-02-23 20:08:08 +00:00
- image: docker.mirror.hashicorp.services/cimg/go:1.17.7
resource_class: xlarge
working_directory: /home/circleci/go/src/github.com/hashicorp/vault
parallelism: 8
steps:
- run:
command: |
# If the branch being tested starts with ui/ or docs/ we want to exit the job without failing
[[ "$CIRCLE_BRANCH" = ui/* || "$CIRCLE_BRANCH" = docs/* || "$CIRCLE_BRANCH" = backport/docs/* ]] && {
# stop the job from this step
circleci-agent step halt
}
# exit with success either way
exit 0
name: Check branch name
working_directory: ~/
- checkout
- add_ssh_keys:
fingerprints:
- 0e:03:77:f4:e2:c3:56:c2:53:6a:03:e1:31:91:2f:06
- run:
command: |
git config --global url."git@github.com:".insteadOf https://github.com/
- run:
command: |
TZ=GMT date '+%Y%m%d' > /tmp/go-cache-key
name: Compute test cache key
- restore_cache:
keys:
- go-test-cache-date-v1-{{ checksum "/tmp/go-cache-key" }}
2021-06-25 16:17:05 +00:00
- restore_cache:
keys:
- v1.4-{{checksum "go.sum"}}-{{checksum "sdk/go.sum"}}-{{checksum "api/go.sum"}}
2021-06-25 16:17:05 +00:00
name: Restore exact go modules cache
- run:
command: |
set -exo pipefail
EXTRA_TAGS=
case "-race" in
*-race*) export VAULT_CI_GO_TEST_RACE=1;;
*) EXTRA_TAGS=deadlock;;
esac
# Install CircleCI CLI
curl -sSL \
"https://github.com/CircleCI-Public/circleci-cli/releases/download/v${CIRCLECI_CLI_VERSION}/circleci-cli_${CIRCLECI_CLI_VERSION}_linux_amd64.tar.gz" \
| sudo tar --overwrite -xz \
-C /usr/local/bin \
"circleci-cli_${CIRCLECI_CLI_VERSION}_linux_amd64/circleci"
USE_DOCKER=0
# Check all directories with a go.mod file
modules=("." "api" "sdk")
all_package_names=""
for dir in "${modules[@]}"
do
pushd "$dir"
# On its own line so that -e will fail the tests if we detect errors here.
go list -test -json ./... > test-list.json
# Split Go tests by prior test times. If use_docker is true, only run
# tests that depend on docker, otherwise only those that don't.
# The appended true condition ensures the command will succeed if no packages are found
if [ $USE_DOCKER == 1 ]; then
package_names=$(< test-list.json jq -r 'select(.Deps != null) |
select(any(.Deps[] ; contains("github.com/hashicorp/vault/helper/testhelpers/docker"))) |
.ForTest | select(. != null)' |
sort -u | grep -v vault/integ | circleci tests split --split-by=timings --timings-type=classname || true)
else
package_names=$(< test-list.json jq -r 'select(.Deps != null) |
select(all(.Deps[] ; contains("github.com/hashicorp/vault/helper/testhelpers/docker")|not)) |
.ForTest | select(. != null)' |
sort -u | grep -v vault/integ | circleci tests split --split-by=timings --timings-type=classname || true)
fi
# Move back into root directory
popd
# Append the test packages into the global list, if any are found
if [ -n "$package_names" ]; then
all_package_names+=" ${package_names}"
fi
done
# After running tests split step, we are now running the following steps
# in multiple different containers, each getting a different subset of
# the test packages in their package_names variable. Each container
# has its own remote docker VM.
make prep
mkdir -p test-results/go-test
# We don't want VAULT_LICENSE set when running Go tests, because that's
# not what developers have in their environments and it could break some
# tests; it would be like setting VAULT_TOKEN. However some non-Go
# CI commands, like the UI tests, shouldn't have to worry about licensing.
# So we set VAULT_LICENSE in CI, and here we unset it. Instead of
# VAULT_LICENSE, we populate VAULT_LICENSE_CI, so that tests which want
# an externally supplied license can opt-in to using it.
export VAULT_LICENSE_CI="$VAULT_LICENSE"
VAULT_LICENSE=
# Create a docker network for our testcontainer
if [ $USE_DOCKER == 1 ]; then
# Despite the fact that we're using a circleci image (thus getting the
# version they chose for the docker cli) and that we're specifying a
# docker version to use for the remote docker instances, we occasionally
# see "client version too new, max supported version 1.39" errors for
# reasons unclear.
export DOCKER_API_VERSION=1.39
export TEST_DOCKER_NETWORK_ID=$(docker network list -q -f 'name=vaulttest')
if [ -z $TEST_DOCKER_NETWORK_ID ]; then
TEST_DOCKER_NETWORK_ID=$(docker network create vaulttest)
fi
# Start a docker testcontainer to run the tests in
docker run -d \
-e TEST_DOCKER_NETWORK_ID \
-e GOPRIVATE \
-e DOCKER_CERT_PATH \
-e DOCKER_HOST \
-e DOCKER_MACHINE_NAME \
-e DOCKER_TLS_VERIFY \
-e NO_PROXY \
-e VAULT_TEST_LOG_DIR=/tmp/testlogs \
--network vaulttest --name \
2022-02-23 20:08:08 +00:00
testcontainer docker.mirror.hashicorp.services/cimg/go:1.17.7 \
tail -f /dev/null
# Run tests
test -d /tmp/go-cache && docker cp /tmp/go-cache testcontainer:/tmp/gocache
docker exec testcontainer sh -c 'mkdir -p /home/circleci/go/src/github.com/hashicorp/vault'
docker cp . testcontainer:/home/circleci/go/src/github.com/hashicorp/vault/
docker cp $DOCKER_CERT_PATH/ testcontainer:$DOCKER_CERT_PATH
2021-06-25 16:17:05 +00:00
# Copy the downloaded modules inside the container.
docker exec testcontainer sh -c 'mkdir -p /home/circleci/go/pkg'
docker cp "$(go env GOPATH)/pkg/mod" testcontainer:/home/circleci/go/pkg/mod
2021-06-25 16:17:05 +00:00
docker exec -w /home/circleci/go/src/github.com/hashicorp/vault/ \
2021-06-25 16:17:05 +00:00
-e CIRCLECI -e VAULT_CI_GO_TEST_RACE \
-e GOCACHE=/tmp/gocache \
-e GO_TAGS \
2021-06-25 16:17:05 +00:00
-e GOPROXY="off" \
-e VAULT_LICENSE_CI \
-e GOARCH=amd64 \
testcontainer \
gotestsum --format=short-verbose \
--junitfile test-results/go-test/results.xml \
--jsonfile test-results/go-test/results.json \
-- \
-tags "${GO_TAGS} ${EXTRA_TAGS}" \
-timeout=60m \
-parallel=20 \
-race \
${all_package_names}
else
GOARCH=amd64 \
GOCACHE=/tmp/go-cache \
gotestsum --format=short-verbose \
--junitfile test-results/go-test/results.xml \
--jsonfile test-results/go-test/results.json \
-- \
-tags "${GO_TAGS} ${EXTRA_TAGS}" \
-timeout=60m \
-parallel=20 \
-race \
${all_package_names}
fi
environment:
GOPRIVATE: github.com/hashicorp/*
name: Run Go tests
2019-11-12 14:03:42 +00:00
no_output_timeout: 60m
- store_artifacts:
path: test-results
- store_test_results:
path: test-results
- store_artifacts:
path: /tmp/testlogs
environment:
- CIRCLECI_CLI_VERSION: 0.1.5546
- GO_TAGS: ''
website-docker-image:
docker:
- image: circleci/buildpack-deps
shell: /usr/bin/env bash -euo pipefail -c
steps:
- checkout
- setup_remote_docker
- run:
command: |
IMAGE_TAG="$(git rev-list -n1 HEAD -- website/Dockerfile website/package-lock.json)"
echo "Using $IMAGE_TAG"
if [ "$CIRCLE_REPOSITORY_URL" != "git@github.com:hashicorp/vault.git" ]; then
echo "Not Vault OSS Repo, not building website docker image"
elif curl https://hub.docker.com/v2/repositories/hashicorp/vault-website/tags/$IMAGE_TAG -fsL > /dev/null; then
echo "Dependencies have not changed, not building a new website docker image."
else
cd website/
docker build -t hashicorp/vault-website:$IMAGE_TAG .
docker tag hashicorp/vault-website:$IMAGE_TAG hashicorp/vault-website:latest
docker login -u $WEBSITE_DOCKER_USER -p $WEBSITE_DOCKER_PASS
docker push hashicorp/vault-website
fi
name: Build Docker Image if Necessary
test-go:
docker:
2022-02-23 20:08:08 +00:00
- image: docker.mirror.hashicorp.services/cimg/go:1.17.7
resource_class: large
working_directory: /home/circleci/go/src/github.com/hashicorp/vault
parallelism: 8
steps:
- run:
command: |
# If the branch being tested starts with ui/ or docs/ we want to exit the job without failing
[[ "$CIRCLE_BRANCH" = ui/* || "$CIRCLE_BRANCH" = docs/* || "$CIRCLE_BRANCH" = backport/docs/* ]] && {
# stop the job from this step
circleci-agent step halt
}
# exit with success either way
exit 0
name: Check branch name
working_directory: ~/
- checkout
- add_ssh_keys:
fingerprints:
- 0e:03:77:f4:e2:c3:56:c2:53:6a:03:e1:31:91:2f:06
- run:
command: |
git config --global url."git@github.com:".insteadOf https://github.com/
- run:
command: |
TZ=GMT date '+%Y%m%d' > /tmp/go-cache-key
name: Compute test cache key
- restore_cache:
keys:
- go-test-cache-date-v1-{{ checksum "/tmp/go-cache-key" }}
2021-06-25 16:17:05 +00:00
- restore_cache:
keys:
- v1.4-{{checksum "go.sum"}}-{{checksum "sdk/go.sum"}}-{{checksum "api/go.sum"}}
2021-06-25 16:17:05 +00:00
name: Restore exact go modules cache
- run:
command: |
set -exo pipefail
EXTRA_TAGS=
case "" in
*-race*) export VAULT_CI_GO_TEST_RACE=1;;
*) EXTRA_TAGS=deadlock;;
esac
# Install CircleCI CLI
curl -sSL \
"https://github.com/CircleCI-Public/circleci-cli/releases/download/v${CIRCLECI_CLI_VERSION}/circleci-cli_${CIRCLECI_CLI_VERSION}_linux_amd64.tar.gz" \
| sudo tar --overwrite -xz \
-C /usr/local/bin \
"circleci-cli_${CIRCLECI_CLI_VERSION}_linux_amd64/circleci"
USE_DOCKER=0
# Check all directories with a go.mod file
modules=("." "api" "sdk")
all_package_names=""
for dir in "${modules[@]}"
do
pushd "$dir"
# On its own line so that -e will fail the tests if we detect errors here.
go list -test -json ./... > test-list.json
# Split Go tests by prior test times. If use_docker is true, only run
# tests that depend on docker, otherwise only those that don't.
# The appended true condition ensures the command will succeed if no packages are found
if [ $USE_DOCKER == 1 ]; then
package_names=$(< test-list.json jq -r 'select(.Deps != null) |
select(any(.Deps[] ; contains("github.com/hashicorp/vault/helper/testhelpers/docker"))) |
.ForTest | select(. != null)' |
sort -u | grep -v vault/integ | circleci tests split --split-by=timings --timings-type=classname || true)
else
package_names=$(< test-list.json jq -r 'select(.Deps != null) |
select(all(.Deps[] ; contains("github.com/hashicorp/vault/helper/testhelpers/docker")|not)) |
.ForTest | select(. != null)' |
sort -u | grep -v vault/integ | circleci tests split --split-by=timings --timings-type=classname || true)
fi
# Move back into root directory
popd
# Append the test packages into the global list, if any are found
if [ -n "$package_names" ]; then
all_package_names+=" ${package_names}"
fi
done
# After running tests split step, we are now running the following steps
# in multiple different containers, each getting a different subset of
# the test packages in their package_names variable. Each container
# has its own remote docker VM.
make prep
mkdir -p test-results/go-test
# We don't want VAULT_LICENSE set when running Go tests, because that's
# not what developers have in their environments and it could break some
# tests; it would be like setting VAULT_TOKEN. However some non-Go
# CI commands, like the UI tests, shouldn't have to worry about licensing.
# So we set VAULT_LICENSE in CI, and here we unset it. Instead of
# VAULT_LICENSE, we populate VAULT_LICENSE_CI, so that tests which want
# an externally supplied license can opt-in to using it.
export VAULT_LICENSE_CI="$VAULT_LICENSE"
VAULT_LICENSE=
# Create a docker network for our testcontainer
if [ $USE_DOCKER == 1 ]; then
# Despite the fact that we're using a circleci image (thus getting the
# version they chose for the docker cli) and that we're specifying a
# docker version to use for the remote docker instances, we occasionally
# see "client version too new, max supported version 1.39" errors for
# reasons unclear.
export DOCKER_API_VERSION=1.39
export TEST_DOCKER_NETWORK_ID=$(docker network list -q -f 'name=vaulttest')
if [ -z $TEST_DOCKER_NETWORK_ID ]; then
TEST_DOCKER_NETWORK_ID=$(docker network create vaulttest)
fi
# Start a docker testcontainer to run the tests in
docker run -d \
-e TEST_DOCKER_NETWORK_ID \
-e GOPRIVATE \
-e DOCKER_CERT_PATH \
-e DOCKER_HOST \
-e DOCKER_MACHINE_NAME \
-e DOCKER_TLS_VERIFY \
-e NO_PROXY \
-e VAULT_TEST_LOG_DIR=/tmp/testlogs \
--network vaulttest --name \
2022-02-23 20:08:08 +00:00
testcontainer docker.mirror.hashicorp.services/cimg/go:1.17.7 \
tail -f /dev/null
# Run tests
test -d /tmp/go-cache && docker cp /tmp/go-cache testcontainer:/tmp/gocache
docker exec testcontainer sh -c 'mkdir -p /home/circleci/go/src/github.com/hashicorp/vault'
docker cp . testcontainer:/home/circleci/go/src/github.com/hashicorp/vault/
docker cp $DOCKER_CERT_PATH/ testcontainer:$DOCKER_CERT_PATH
2021-06-25 16:17:05 +00:00
# Copy the downloaded modules inside the container.
docker exec testcontainer sh -c 'mkdir -p /home/circleci/go/pkg'
docker cp "$(go env GOPATH)/pkg/mod" testcontainer:/home/circleci/go/pkg/mod
2021-06-25 16:17:05 +00:00
docker exec -w /home/circleci/go/src/github.com/hashicorp/vault/ \
2021-06-25 16:17:05 +00:00
-e CIRCLECI -e VAULT_CI_GO_TEST_RACE \
-e GOCACHE=/tmp/gocache \
-e GO_TAGS \
2021-06-25 16:17:05 +00:00
-e GOPROXY="off" \
-e VAULT_LICENSE_CI \
-e GOARCH=amd64 \
testcontainer \
gotestsum --format=short-verbose \
--junitfile test-results/go-test/results.xml \
--jsonfile test-results/go-test/results.json \
-- \
-tags "${GO_TAGS} ${EXTRA_TAGS}" \
-timeout=60m \
-parallel=20 \
\
${all_package_names}
else
GOARCH=amd64 \
GOCACHE=/tmp/go-cache \
gotestsum --format=short-verbose \
--junitfile test-results/go-test/results.xml \
--jsonfile test-results/go-test/results.json \
-- \
-tags "${GO_TAGS} ${EXTRA_TAGS}" \
-timeout=60m \
-parallel=20 \
\
${all_package_names}
fi
environment:
GOPRIVATE: github.com/hashicorp/*
name: Run Go tests
2019-11-12 14:03:42 +00:00
no_output_timeout: 60m
- store_artifacts:
path: test-results
- store_test_results:
path: test-results
- store_artifacts:
path: /tmp/testlogs
environment:
- CIRCLECI_CLI_VERSION: 0.1.5546
- GO_TAGS: ''
semgrep:
docker:
- image: docker.mirror.hashicorp.services/alpine:3.13
shell: /bin/sh
working_directory: /home/circleci/go/src/github.com/hashicorp/vault
steps:
- run:
command: |
apk add --no-cache python3 py3-pip make
python3 -m pip install --user semgrep==0.86.5
export PATH="$HOME/.local/bin:$PATH"
echo "$ semgrep --version"
semgrep --version
name: Setup Semgrep
working_directory: ~/
- checkout
- attach_workspace:
at: .
- run:
command: "# Alpine images can't run the make file due to a bash requirement. Run\n# semgrep explicitly here. \nexport PATH=\"$HOME/.local/bin:$PATH\" \nsemgrep --error --include '*.go' --exclude 'vendor' -f tools/semgrep/ci .\n"
name: Run Semgrep Rules
pre-flight-checks:
2021-06-25 16:17:05 +00:00
machine: true
shell: /usr/bin/env bash -euo pipefail -c
working_directory: /home/circleci/go/src/github.com/hashicorp/vault
steps:
2021-06-25 16:17:05 +00:00
- run:
command: |
[ -n "$GO_VERSION" ] || { echo "You must set GO_VERSION"; exit 1; }
# Install Go
curl -sSLO "https://dl.google.com/go/go${GO_VERSION}.linux-amd64.tar.gz"
sudo rm -rf /usr/local/go
sudo tar -C /usr/local -xzf "go${GO_VERSION}.linux-amd64.tar.gz"
rm -f "go${GO_VERSION}.linux-amd64.tar.gz"
GOPATH="/home/circleci/go"
2021-06-25 16:17:05 +00:00
mkdir $GOPATH 2>/dev/null || { sudo mkdir $GOPATH && sudo chmod 777 $GOPATH; }
echo "export GOPATH='$GOPATH'" >> "$BASH_ENV"
echo "export PATH='$PATH:$GOPATH/bin:/usr/local/go/bin'" >> "$BASH_ENV"
echo "export GOPROXY=https://proxy.golang.org,direct" >> "$BASH_ENV"
echo "export GOPRIVATE=github.com/hashicorp/*" >> "$BASH_ENV"
echo "$ go version"
go version
name: Setup Go
working_directory: ~/
- checkout
- run:
command: |
2021-06-25 16:17:05 +00:00
export CCI_PATH=/tmp/circleci-cli/$CIRCLECI_CLI_VERSION
mkdir -p $CCI_PATH
2021-06-25 16:17:05 +00:00
NAME=circleci-cli_${CIRCLECI_CLI_VERSION}_${ARCH}
URL=$BASE/v${CIRCLECI_CLI_VERSION}/${NAME}.tar.gz
curl -sSL $URL \
| tar --overwrite --strip-components=1 -xz -C $CCI_PATH "${NAME}/circleci"
# Add circleci to the path for subsequent steps.
echo "export PATH=$CCI_PATH:\$PATH" >> $BASH_ENV
# Done, print some debug info.
set -x
. $BASH_ENV
which circleci
circleci version
environment:
ARCH: linux_amd64
BASE: https://github.com/CircleCI-Public/circleci-cli/releases/download
name: Install CircleCI CLI
- run:
command: make ci-verify
2021-06-25 16:17:05 +00:00
- add_ssh_keys:
fingerprints:
- 0e:03:77:f4:e2:c3:56:c2:53:6a:03:e1:31:91:2f:06
- run:
command: |
git config --global url."git@github.com:".insteadOf https://github.com/
- restore_cache:
keys:
- v1.4-{{checksum "go.sum"}}-{{checksum "sdk/go.sum"}}-{{checksum "api/go.sum"}}
- v1.4-{{checksum "go.sum"}}-{{checksum "sdk/go.sum"}}
- v1.4-{{checksum "go.sum"}}
2021-06-25 16:17:05 +00:00
name: Restore closest matching go modules cache
- run:
command: |
# go list ./... forces downloading some additional versions of modules that 'go mod
# download' misses. We need this because we make use of go list itself during
# code generation in later builds that rely on this module cache.
go list ./...
2021-06-25 16:17:05 +00:00
go mod download -json
( cd sdk && go mod download -json; )
( cd api && go mod download -json; )
name: go mod download
- run:
command: |
git --no-pager diff --exit-code || {
echo "ERROR: Files modified by go mod download, see above."
exit 1
}
name: Verify downloading modules did not modify any files
- save_cache:
key: v1.4-{{checksum "go.sum"}}-{{checksum "sdk/go.sum"}}-{{checksum "api/go.sum"}}
2021-06-25 16:17:05 +00:00
name: Save go modules cache
paths:
- /home/circleci/go/pkg/mod
2021-06-25 16:17:05 +00:00
environment:
- CIRCLECI_CLI_VERSION: 0.1.5546
- GO_TAGS: ''
2022-02-23 20:08:08 +00:00
- GO_VERSION: 1.17.7
- GOFUMPT_VERSION: 0.2.1
2021-06-25 16:17:05 +00:00
- GOTESTSUM_VERSION: 0.5.2
test-go-race-remote-docker:
docker:
2022-02-23 20:08:08 +00:00
- image: docker.mirror.hashicorp.services/cimg/go:1.17.7
resource_class: medium
working_directory: /home/circleci/go/src/github.com/hashicorp/vault
parallelism: 8
steps:
- run:
command: |
# If the branch being tested starts with ui/ or docs/ we want to exit the job without failing
[[ "$CIRCLE_BRANCH" = ui/* || "$CIRCLE_BRANCH" = docs/* || "$CIRCLE_BRANCH" = backport/docs/* ]] && {
# stop the job from this step
circleci-agent step halt
}
# exit with success either way
exit 0
name: Check branch name
working_directory: ~/
- checkout
- setup_remote_docker:
docker_layer_caching: true
version: 18.09.3
- add_ssh_keys:
fingerprints:
- 0e:03:77:f4:e2:c3:56:c2:53:6a:03:e1:31:91:2f:06
- run:
command: |
git config --global url."git@github.com:".insteadOf https://github.com/
- run:
command: |
TZ=GMT date '+%Y%m%d' > /tmp/go-cache-key
name: Compute test cache key
- restore_cache:
keys:
- go-test-cache-date-v1-{{ checksum "/tmp/go-cache-key" }}
2021-06-25 16:17:05 +00:00
- restore_cache:
keys:
- v1.4-{{checksum "go.sum"}}-{{checksum "sdk/go.sum"}}-{{checksum "api/go.sum"}}
2021-06-25 16:17:05 +00:00
name: Restore exact go modules cache
- run:
command: |
set -exo pipefail
EXTRA_TAGS=
case "-race" in
*-race*) export VAULT_CI_GO_TEST_RACE=1;;
*) EXTRA_TAGS=deadlock;;
esac
# Install CircleCI CLI
curl -sSL \
"https://github.com/CircleCI-Public/circleci-cli/releases/download/v${CIRCLECI_CLI_VERSION}/circleci-cli_${CIRCLECI_CLI_VERSION}_linux_amd64.tar.gz" \
| sudo tar --overwrite -xz \
-C /usr/local/bin \
"circleci-cli_${CIRCLECI_CLI_VERSION}_linux_amd64/circleci"
USE_DOCKER=0
USE_DOCKER=1
# Check all directories with a go.mod file
modules=("." "api" "sdk")
all_package_names=""
for dir in "${modules[@]}"
do
pushd "$dir"
# On its own line so that -e will fail the tests if we detect errors here.
go list -test -json ./... > test-list.json
# Split Go tests by prior test times. If use_docker is true, only run
# tests that depend on docker, otherwise only those that don't.
# The appended true condition ensures the command will succeed if no packages are found
if [ $USE_DOCKER == 1 ]; then
package_names=$(< test-list.json jq -r 'select(.Deps != null) |
select(any(.Deps[] ; contains("github.com/hashicorp/vault/helper/testhelpers/docker"))) |
.ForTest | select(. != null)' |
sort -u | grep -v vault/integ | circleci tests split --split-by=timings --timings-type=classname || true)
else
package_names=$(< test-list.json jq -r 'select(.Deps != null) |
select(all(.Deps[] ; contains("github.com/hashicorp/vault/helper/testhelpers/docker")|not)) |
.ForTest | select(. != null)' |
sort -u | grep -v vault/integ | circleci tests split --split-by=timings --timings-type=classname || true)
fi
# Move back into root directory
popd
# Append the test packages into the global list, if any are found
if [ -n "$package_names" ]; then
all_package_names+=" ${package_names}"
fi
done
# After running tests split step, we are now running the following steps
# in multiple different containers, each getting a different subset of
# the test packages in their package_names variable. Each container
# has its own remote docker VM.
make prep
mkdir -p test-results/go-test
# We don't want VAULT_LICENSE set when running Go tests, because that's
# not what developers have in their environments and it could break some
# tests; it would be like setting VAULT_TOKEN. However some non-Go
# CI commands, like the UI tests, shouldn't have to worry about licensing.
# So we set VAULT_LICENSE in CI, and here we unset it. Instead of
# VAULT_LICENSE, we populate VAULT_LICENSE_CI, so that tests which want
# an externally supplied license can opt-in to using it.
export VAULT_LICENSE_CI="$VAULT_LICENSE"
VAULT_LICENSE=
# Create a docker network for our testcontainer
if [ $USE_DOCKER == 1 ]; then
# Despite the fact that we're using a circleci image (thus getting the
# version they chose for the docker cli) and that we're specifying a
# docker version to use for the remote docker instances, we occasionally
# see "client version too new, max supported version 1.39" errors for
# reasons unclear.
export DOCKER_API_VERSION=1.39
export TEST_DOCKER_NETWORK_ID=$(docker network list -q -f 'name=vaulttest')
if [ -z $TEST_DOCKER_NETWORK_ID ]; then
TEST_DOCKER_NETWORK_ID=$(docker network create vaulttest)
fi
# Start a docker testcontainer to run the tests in
docker run -d \
-e TEST_DOCKER_NETWORK_ID \
-e GOPRIVATE \
-e DOCKER_CERT_PATH \
-e DOCKER_HOST \
-e DOCKER_MACHINE_NAME \
-e DOCKER_TLS_VERIFY \
-e NO_PROXY \
-e VAULT_TEST_LOG_DIR=/tmp/testlogs \
--network vaulttest --name \
2022-02-23 20:08:08 +00:00
testcontainer docker.mirror.hashicorp.services/cimg/go:1.17.7 \
tail -f /dev/null
# Run tests
test -d /tmp/go-cache && docker cp /tmp/go-cache testcontainer:/tmp/gocache
docker exec testcontainer sh -c 'mkdir -p /home/circleci/go/src/github.com/hashicorp/vault'
docker cp . testcontainer:/home/circleci/go/src/github.com/hashicorp/vault/
docker cp $DOCKER_CERT_PATH/ testcontainer:$DOCKER_CERT_PATH
2021-06-25 16:17:05 +00:00
# Copy the downloaded modules inside the container.
docker exec testcontainer sh -c 'mkdir -p /home/circleci/go/pkg'
docker cp "$(go env GOPATH)/pkg/mod" testcontainer:/home/circleci/go/pkg/mod
2021-06-25 16:17:05 +00:00
docker exec -w /home/circleci/go/src/github.com/hashicorp/vault/ \
2021-06-25 16:17:05 +00:00
-e CIRCLECI -e VAULT_CI_GO_TEST_RACE \
-e GOCACHE=/tmp/gocache \
-e GO_TAGS \
2021-06-25 16:17:05 +00:00
-e GOPROXY="off" \
-e VAULT_LICENSE_CI \
-e GOARCH=amd64 \
testcontainer \
gotestsum --format=short-verbose \
--junitfile test-results/go-test/results.xml \
--jsonfile test-results/go-test/results.json \
-- \
-tags "${GO_TAGS} ${EXTRA_TAGS}" \
-timeout=60m \
-parallel=20 \
-race \
${all_package_names}
else
GOARCH=amd64 \
GOCACHE=/tmp/go-cache \
gotestsum --format=short-verbose \
--junitfile test-results/go-test/results.xml \
--jsonfile test-results/go-test/results.json \
-- \
-tags "${GO_TAGS} ${EXTRA_TAGS}" \
-timeout=60m \
-parallel=20 \
-race \
${all_package_names}
fi
environment:
GOPRIVATE: github.com/hashicorp/*
name: Run Go tests
no_output_timeout: 60m
- run:
command: |
docker cp testcontainer:/home/circleci/go/src/github.com/hashicorp/vault/test-results .
docker cp testcontainer:/tmp/gocache /tmp/go-cache
name: Copy test results
when: always
- store_artifacts:
path: test-results
- store_test_results:
path: test-results
- store_artifacts:
path: /tmp/testlogs
environment:
- CIRCLECI_CLI_VERSION: 0.1.5546
- GO_TAGS: ''
workflows:
ci:
jobs:
- pre-flight-checks
- fmt
- install-ui-dependencies:
requires:
- pre-flight-checks
- build-go-dev:
requires:
- pre-flight-checks
- test-ui:
requires:
- install-ui-dependencies
- build-go-dev
- test-ui-browserstack:
filters:
branches:
ignore: /pull\/[0-9]+/
requires:
- install-ui-dependencies
- build-go-dev
- test-go:
requires:
- pre-flight-checks
- test-go-remote-docker:
requires:
- pre-flight-checks
- test-go-race:
requires:
- pre-flight-checks
- test-go-race-remote-docker:
requires:
- pre-flight-checks
- website-docker-image:
filters:
branches:
only:
- main
context: vault-docs
- algolia-index:
filters:
branches:
only:
- stable-website
context: vault-docs
- semgrep:
requires:
- pre-flight-checks
version: 2