[QT-436] Pseudo random artifact test scenarios (#18056)
Introducing a new approach to testing Vault artifacts before merge and after merge/notorization/signing. Rather than run a few static scenarios across the artifacts, we now have the ability to run a pseudo random sample of scenarios across many different build artifacts. We've added 20 possible scenarios for the AMD64 and ARM64 binary bundles, which we've broken into five test groups. On any given push to a pull request branch, we will now choose a random test group and execute its corresponding scenarios against the resulting build artifacts. This gives us greater test coverage but lets us split the verification across many different pull requests. The post-merge release testing pipeline behaves in a similar fashion, however, the artifacts that we use for testing have been notarized and signed prior to testing. We've also reduce the number of groups so that we run more scenarios after merge to a release branch. We intend to take what we've learned building this in Github Actions and roll it into an easier to use feature that is native to Enos. Until then, we'll have to manually add scenarios to each matrix file and manually number the test group. It's important to note that Github requires every matrix to include at least one vector, so every artifact that is being tested must include a single scenario in order for all workflows to pass and thus satisfy branch merge requirements. * Add support for different artifact types to enos-run * Add support for different runner type to enos-run * Add arm64 scenarios to build matrix * Expand build matrices to include different variants * Update Consul versions in Enos scenarios and matrices * Refactor enos-run environment * Add minimum version filtering support to enos-run. This allows us to automatically exclude scenarios that require a more recent version of Vault * Add maximum version filtering support to enos-run. This allows us to automatically exclude scenarios that require an older version of Vault * Fix Node 12 deprecation warnings * Rename enos-verify-stable to enos-release-testing-oss * Convert artifactory matrix into enos-release-testing-oss matrices * Add all Vault editions to Enos scenario matrices * Fix verify version with complex Vault edition metadata * Rename the crt-builder to ci-helper * Add more version helpers to ci-helper and Makefile * Update CODEOWNERS for quality team * Add support for filtering matrices by group and version constraints * Add support for pseudo random test scenario execution Signed-off-by: Ryan Cragun <me@ryan.ec>
This commit is contained in:
parent
a545b1f22d
commit
bd5d738ad7
|
@ -1,44 +0,0 @@
|
|||
{
|
||||
"include": [
|
||||
{
|
||||
"scenario": "smoke arch:amd64 artifact_source:artifactory backend:consul consul_version:1.13.2 distro:rhel edition:ent seal:awskms artifact_type:bundle",
|
||||
"aws_region": "us-east-1"
|
||||
},
|
||||
{
|
||||
"scenario": "smoke arch:amd64 artifact_source:artifactory backend:consul consul_version:1.13.2 distro:ubuntu edition:ent seal:shamir artifact_type:bundle",
|
||||
"aws_region": "us-east-2"
|
||||
},
|
||||
{
|
||||
"scenario": "smoke arch:arm64 artifact_source:artifactory backend:raft consul_version:1.11.10 distro:ubuntu edition:ent seal:awskms artifact_type:bundle",
|
||||
"aws_region": "us-west-1"
|
||||
},
|
||||
{
|
||||
"scenario": "smoke arch:arm64 artifact_source:artifactory backend:raft consul_version:1.11.10 distro:rhel edition:ent seal:shamir artifact_type:bundle",
|
||||
"aws_region": "us-west-2"
|
||||
},
|
||||
{
|
||||
"scenario": "upgrade arch:arm64 artifact_source:artifactory backend:consul consul_version:1.12.5 distro:ubuntu edition:ent seal:shamir artifact_type:bundle",
|
||||
"aws_region": "us-west-1"
|
||||
},
|
||||
{
|
||||
"scenario": "upgrade arch:amd64 artifact_source:artifactory backend:consul consul_version:1.13.2 distro:rhel edition:ent seal:awskms artifact_type:bundle",
|
||||
"aws_region": "us-west-2"
|
||||
},
|
||||
{
|
||||
"scenario": "upgrade arch:arm64 artifact_source:artifactory backend:raft consul_version:1.12.5 distro:rhel edition:ent seal:shamir artifact_type:bundle",
|
||||
"aws_region": "us-east-1"
|
||||
},
|
||||
{
|
||||
"scenario": "upgrade arch:amd64 artifact_source:artifactory backend:raft consul_version:1.13.2 distro:ubuntu edition:ent seal:awskms artifact_type:bundle",
|
||||
"aws_region": "us-east-2"
|
||||
},
|
||||
{
|
||||
"scenario": "autopilot arch:amd64 artifact_source:artifactory distro:ubuntu edition:ent seal:awskms artifact_type:bundle",
|
||||
"aws_region": "us-west-1"
|
||||
},
|
||||
{
|
||||
"scenario": "autopilot arch:arm64 artifact_source:artifactory distro:rhel edition:ent seal:shamir artifact_type:bundle",
|
||||
"aws_region": "us-west-2"
|
||||
}
|
||||
]
|
||||
}
|
|
@ -1,36 +0,0 @@
|
|||
{
|
||||
"include": [
|
||||
{
|
||||
"scenario": "smoke arch:amd64 artifact_source:artifactory backend:consul consul_version:1.13.2 distro:rhel edition:oss seal:awskms artifact_type:bundle",
|
||||
"aws_region": "us-east-1"
|
||||
},
|
||||
{
|
||||
"scenario": "smoke arch:amd64 artifact_source:artifactory backend:consul consul_version:1.12.5 distro:ubuntu edition:oss seal:shamir artifact_type:bundle",
|
||||
"aws_region": "us-east-2"
|
||||
},
|
||||
{
|
||||
"scenario": "smoke arch:arm64 artifact_source:artifactory backend:raft consul_version:1.11.10 distro:ubuntu edition:oss seal:awskms artifact_type:bundle",
|
||||
"aws_region": "us-west-1"
|
||||
},
|
||||
{
|
||||
"scenario": "smoke arch:arm64 artifact_source:artifactory backend:raft consul_version:1.11.10 distro:rhel edition:oss seal:shamir artifact_type:bundle",
|
||||
"aws_region": "us-west-2"
|
||||
},
|
||||
{
|
||||
"scenario": "upgrade arch:arm64 artifact_source:artifactory backend:consul consul_version:1.11.10 distro:ubuntu edition:oss seal:shamir artifact_type:bundle",
|
||||
"aws_region": "us-west-1"
|
||||
},
|
||||
{
|
||||
"scenario": "upgrade arch:amd64 artifact_source:artifactory backend:consul consul_version:1.13.2 distro:rhel edition:oss seal:awskms artifact_type:bundle",
|
||||
"aws_region": "us-west-2"
|
||||
},
|
||||
{
|
||||
"scenario": "upgrade arch:arm64 artifact_source:artifactory backend:raft consul_version:1.12.5 distro:rhel edition:oss seal:shamir artifact_type:bundle",
|
||||
"aws_region": "us-east-1"
|
||||
},
|
||||
{
|
||||
"scenario": "upgrade arch:amd64 artifact_source:artifactory backend:raft consul_version:1.13.2 distro:ubuntu edition:oss seal:awskms artifact_type:bundle",
|
||||
"aws_region": "us-east-2"
|
||||
}
|
||||
]
|
||||
}
|
|
@ -0,0 +1,54 @@
|
|||
{
|
||||
"include": [
|
||||
{
|
||||
"scenario": "smoke backend:raft consul_version:1.14.2 distro:ubuntu seal:shamir arch:amd64 artifact_source:crt edition:oss artifact_type:bundle",
|
||||
"aws_region": "us-west-1",
|
||||
"test_group": 3
|
||||
},
|
||||
{
|
||||
"scenario": "smoke backend:raft consul_version:1.13.4 distro:rhel seal:awskms arch:amd64 artifact_source:crt edition:oss artifact_type:bundle",
|
||||
"aws_region": "us-west-2",
|
||||
"test_group": 4
|
||||
},
|
||||
{
|
||||
"scenario": "smoke backend:consul consul_version:1.14.2 distro:ubuntu seal:shamir arch:amd64 artifact_source:crt edition:oss artifact_type:bundle",
|
||||
"aws_region": "us-west-1",
|
||||
"test_group": 1
|
||||
},
|
||||
{
|
||||
"scenario": "smoke backend:consul consul_version:1.13.4 distro:rhel seal:awskms arch:amd64 artifact_source:crt edition:oss artifact_type:bundle",
|
||||
"aws_region": "us-west-2",
|
||||
"test_group": 5
|
||||
},
|
||||
{
|
||||
"scenario": "smoke backend:consul consul_version:1.12.7 distro:ubuntu seal:shamir arch:amd64 artifact_source:crt edition:oss artifact_type:bundle",
|
||||
"aws_region": "us-west-1",
|
||||
"test_group": 2
|
||||
},
|
||||
{
|
||||
"scenario": "upgrade backend:raft consul_version:1.14.2 distro:rhel seal:awskms arch:amd64 artifact_source:crt edition:oss artifact_type:bundle",
|
||||
"aws_region": "us-west-2",
|
||||
"test_group": 3
|
||||
},
|
||||
{
|
||||
"scenario": "upgrade backend:raft consul_version:1.14.2 distro:ubuntu seal:shamir arch:amd64 artifact_source:crt edition:oss artifact_type:bundle",
|
||||
"aws_region": "us-west-1",
|
||||
"test_group": 5
|
||||
},
|
||||
{
|
||||
"scenario": "upgrade backend:consul consul_version:1.14.2 distro:rhel seal:awskms arch:amd64 artifact_source:crt edition:oss artifact_type:bundle",
|
||||
"aws_region": "us-west-2",
|
||||
"test_group": 4
|
||||
},
|
||||
{
|
||||
"scenario": "upgrade backend:consul consul_version:1.13.4 distro:ubuntu seal:shamir arch:amd64 artifact_source:crt edition:oss artifact_type:bundle",
|
||||
"aws_region": "us-west-1",
|
||||
"test_group": 2
|
||||
},
|
||||
{
|
||||
"scenario": "upgrade backend:consul consul_version:1.12.7 distro:rhel seal:awskms arch:amd64 artifact_source:crt edition:oss artifact_type:bundle",
|
||||
"aws_region": "us-west-2",
|
||||
"test_group": 1
|
||||
}
|
||||
]
|
||||
}
|
|
@ -0,0 +1,54 @@
|
|||
{
|
||||
"include": [
|
||||
{
|
||||
"scenario": "smoke backend:raft consul_version:1.13.4 distro:rhel seal:shamir arch:arm64 artifact_source:crt edition:oss artifact_type:bundle",
|
||||
"aws_region": "us-west-2",
|
||||
"test_group": 1
|
||||
},
|
||||
{
|
||||
"scenario": "smoke backend:raft consul_version:1.14.2 distro:ubuntu seal:awskms arch:arm64 artifact_source:crt edition:oss artifact_type:bundle",
|
||||
"aws_region": "us-west-1",
|
||||
"test_group": 2
|
||||
},
|
||||
{
|
||||
"scenario": "smoke backend:consul consul_version:1.12.7 distro:ubuntu seal:shamir arch:arm64 artifact_source:crt edition:oss artifact_type:bundle",
|
||||
"aws_region": "us-west-2",
|
||||
"test_group": 3
|
||||
},
|
||||
{
|
||||
"scenario": "smoke backend:consul consul_version:1.14.2 distro:ubuntu seal:shamir arch:arm64 artifact_source:crt edition:oss artifact_type:bundle",
|
||||
"aws_region": "us-west-1",
|
||||
"test_group": 4
|
||||
},
|
||||
{
|
||||
"scenario": "smoke backend:consul consul_version:1.13.4 distro:rhel seal:awskms arch:arm64 artifact_source:crt edition:oss artifact_type:bundle",
|
||||
"aws_region": "us-west-2",
|
||||
"test_group": 5
|
||||
},
|
||||
{
|
||||
"scenario": "upgrade backend:raft consul_version:1.14.2 distro:ubuntu seal:shamir arch:arm64 artifact_source:crt edition:oss artifact_type:bundle",
|
||||
"aws_region": "us-west-1",
|
||||
"test_group": 1
|
||||
},
|
||||
{
|
||||
"scenario": "upgrade backend:raft consul_version:1.14.2 distro:rhel seal:awskms arch:arm64 artifact_source:crt edition:oss artifact_type:bundle",
|
||||
"aws_region": "us-west-2",
|
||||
"test_group": 2
|
||||
},
|
||||
{
|
||||
"scenario": "upgrade backend:consul consul_version:1.12.7 distro:rhel seal:awskms arch:arm64 artifact_source:crt edition:oss artifact_type:bundle",
|
||||
"aws_region": "us-west-1",
|
||||
"test_group": 3
|
||||
},
|
||||
{
|
||||
"scenario": "upgrade backend:consul consul_version:1.13.4 distro:ubuntu seal:shamir arch:arm64 artifact_source:crt edition:oss artifact_type:bundle",
|
||||
"aws_region": "us-west-2",
|
||||
"test_group": 4
|
||||
},
|
||||
{
|
||||
"scenario": "upgrade backend:consul consul_version:1.14.2 distro:rhel seal:awskms arch:arm64 artifact_source:crt edition:oss artifact_type:bundle",
|
||||
"aws_region": "us-west-1",
|
||||
"test_group": 5
|
||||
}
|
||||
]
|
||||
}
|
|
@ -1,24 +0,0 @@
|
|||
{
|
||||
"include": [
|
||||
{
|
||||
"scenario": "smoke backend:consul consul_version:1.13.2 distro:ubuntu seal:awskms arch:amd64 artifact_source:crt edition:ent artifact_type:bundle",
|
||||
"aws_region": "us-west-1"
|
||||
},
|
||||
{
|
||||
"scenario": "smoke backend:raft consul_version:1.13.2 distro:ubuntu seal:shamir arch:amd64 artifact_source:crt edition:ent artifact_type:bundle",
|
||||
"aws_region": "us-west-2"
|
||||
},
|
||||
{
|
||||
"scenario": "upgrade backend:raft consul_version:1.12.5 distro:rhel seal:shamir arch:amd64 artifact_source:crt edition:ent artifact_type:bundle",
|
||||
"aws_region": "us-west-1"
|
||||
},
|
||||
{
|
||||
"scenario": "upgrade backend:consul consul_version:1.12.5 distro:rhel seal:awskms arch:amd64 artifact_source:crt edition:ent artifact_type:bundle",
|
||||
"aws_region": "us-west-2"
|
||||
},
|
||||
{
|
||||
"scenario": "autopilot distro:ubuntu seal:shamir arch:amd64 artifact_source:crt edition:ent artifact_type:bundle",
|
||||
"aws_region": "us-west-1"
|
||||
}
|
||||
]
|
||||
}
|
|
@ -1,20 +0,0 @@
|
|||
{
|
||||
"include": [
|
||||
{
|
||||
"scenario": "smoke backend:consul consul_version:1.13.2 distro:ubuntu seal:awskms arch:amd64 artifact_source:crt edition:oss artifact_type:bundle",
|
||||
"aws_region": "us-west-1"
|
||||
},
|
||||
{
|
||||
"scenario": "smoke backend:raft consul_version:1.13.2 distro:ubuntu seal:shamir arch:amd64 artifact_source:crt edition:oss artifact_type:bundle",
|
||||
"aws_region": "us-west-2"
|
||||
},
|
||||
{
|
||||
"scenario": "upgrade backend:raft consul_version:1.12.5 distro:rhel seal:shamir arch:amd64 artifact_source:crt edition:oss artifact_type:bundle",
|
||||
"aws_region": "us-west-1"
|
||||
},
|
||||
{
|
||||
"scenario": "upgrade backend:consul consul_version:1.12.5 distro:rhel seal:awskms arch:amd64 artifact_source:crt edition:oss artifact_type:bundle",
|
||||
"aws_region": "us-west-2"
|
||||
}
|
||||
]
|
||||
}
|
54
.github/enos-run-matrices/enos_release_testing_oss-artifactory-oss-linux-amd64-zip.json
vendored
Normal file
54
.github/enos-run-matrices/enos_release_testing_oss-artifactory-oss-linux-amd64-zip.json
vendored
Normal file
|
@ -0,0 +1,54 @@
|
|||
{
|
||||
"include": [
|
||||
{
|
||||
"scenario": "smoke backend:raft consul_version:1.14.2 distro:ubuntu seal:shamir arch:amd64 artifact_source:artifactory edition:oss artifact_type:bundle",
|
||||
"aws_region": "us-west-1",
|
||||
"test_group": 2
|
||||
},
|
||||
{
|
||||
"scenario": "smoke backend:raft consul_version:1.13.4 distro:rhel seal:awskms arch:amd64 artifact_source:artifactory edition:oss artifact_type:bundle",
|
||||
"aws_region": "us-west-2",
|
||||
"test_group": 1
|
||||
},
|
||||
{
|
||||
"scenario": "smoke backend:consul consul_version:1.14.2 distro:ubuntu seal:shamir arch:amd64 artifact_source:artifactory edition:oss artifact_type:bundle",
|
||||
"aws_region": "us-west-1",
|
||||
"test_group": 2
|
||||
},
|
||||
{
|
||||
"scenario": "smoke backend:consul consul_version:1.13.4 distro:rhel seal:awskms arch:amd64 artifact_source:artifactory edition:oss artifact_type:bundle",
|
||||
"aws_region": "us-west-2",
|
||||
"test_group": 1
|
||||
},
|
||||
{
|
||||
"scenario": "smoke backend:consul consul_version:1.12.7 distro:ubuntu seal:shamir arch:amd64 artifact_source:artifactory edition:oss artifact_type:bundle",
|
||||
"aws_region": "us-west-1",
|
||||
"test_group": 2
|
||||
},
|
||||
{
|
||||
"scenario": "upgrade backend:raft consul_version:1.14.2 distro:rhel seal:awskms arch:amd64 artifact_source:artifactory edition:oss artifact_type:bundle",
|
||||
"aws_region": "us-west-2",
|
||||
"test_group": 1
|
||||
},
|
||||
{
|
||||
"scenario": "upgrade backend:raft consul_version:1.14.2 distro:ubuntu seal:shamir arch:amd64 artifact_source:artifactory edition:oss artifact_type:bundle",
|
||||
"aws_region": "us-west-1",
|
||||
"test_group": 2
|
||||
},
|
||||
{
|
||||
"scenario": "upgrade backend:consul consul_version:1.14.2 distro:rhel seal:awskms arch:amd64 artifact_source:artifactory edition:oss artifact_type:bundle",
|
||||
"aws_region": "us-west-2",
|
||||
"test_group": 1
|
||||
},
|
||||
{
|
||||
"scenario": "upgrade backend:consul consul_version:1.13.4 distro:ubuntu seal:shamir arch:amd64 artifact_source:artifactory edition:oss artifact_type:bundle",
|
||||
"aws_region": "us-west-1",
|
||||
"test_group": 2
|
||||
},
|
||||
{
|
||||
"scenario": "upgrade backend:consul consul_version:1.12.7 distro:rhel seal:awskms arch:amd64 artifact_source:artifactory edition:oss artifact_type:bundle",
|
||||
"aws_region": "us-west-2",
|
||||
"test_group": 1
|
||||
}
|
||||
]
|
||||
}
|
54
.github/enos-run-matrices/enos_release_testing_oss-artifactory-oss-linux-arm64-zip.json
vendored
Normal file
54
.github/enos-run-matrices/enos_release_testing_oss-artifactory-oss-linux-arm64-zip.json
vendored
Normal file
|
@ -0,0 +1,54 @@
|
|||
{
|
||||
"include": [
|
||||
{
|
||||
"scenario": "smoke backend:raft consul_version:1.13.4 distro:rhel seal:shamir arch:amd64 artifact_source:artifactory edition:oss artifact_type:bundle",
|
||||
"aws_region": "us-west-2",
|
||||
"test_group": 1
|
||||
},
|
||||
{
|
||||
"scenario": "smoke backend:raft consul_version:1.14.2 distro:ubuntu seal:awskms arch:amd64 artifact_source:artifactory edition:oss artifact_type:bundle",
|
||||
"aws_region": "us-west-1",
|
||||
"test_group": 2
|
||||
},
|
||||
{
|
||||
"scenario": "smoke backend:consul consul_version:1.12.7 distro:ubuntu seal:shamir arch:amd64 artifact_source:artifactory edition:oss artifact_type:bundle",
|
||||
"aws_region": "us-west-1",
|
||||
"test_group": 1
|
||||
},
|
||||
{
|
||||
"scenario": "smoke backend:consul consul_version:1.14.2 distro:ubuntu seal:shamir arch:amd64 artifact_source:artifactory edition:oss artifact_type:bundle",
|
||||
"aws_region": "us-west-1",
|
||||
"test_group": 2
|
||||
},
|
||||
{
|
||||
"scenario": "smoke backend:consul consul_version:1.13.4 distro:rhel seal:awskms arch:amd64 artifact_source:artifactory edition:oss artifact_type:bundle",
|
||||
"aws_region": "us-west-2",
|
||||
"test_group": 1
|
||||
},
|
||||
{
|
||||
"scenario": "upgrade backend:raft consul_version:1.14.2 distro:ubuntu seal:shamir arch:amd64 artifact_source:artifactory edition:oss artifact_type:bundle",
|
||||
"aws_region": "us-west-1",
|
||||
"test_group": 2
|
||||
},
|
||||
{
|
||||
"scenario": "upgrade backend:raft consul_version:1.14.2 distro:rhel seal:awskms arch:amd64 artifact_source:artifactory edition:oss artifact_type:bundle",
|
||||
"aws_region": "us-west-2",
|
||||
"test_group": 1
|
||||
},
|
||||
{
|
||||
"scenario": "upgrade backend:consul consul_version:1.12.7 distro:rhel seal:awskms arch:amd64 artifact_source:artifactory edition:oss artifact_type:bundle",
|
||||
"aws_region": "us-west-2",
|
||||
"test_group": 2
|
||||
},
|
||||
{
|
||||
"scenario": "upgrade backend:consul consul_version:1.13.4 distro:ubuntu seal:shamir arch:amd64 artifact_source:artifactory edition:oss artifact_type:bundle",
|
||||
"aws_region": "us-west-1",
|
||||
"test_group": 1
|
||||
},
|
||||
{
|
||||
"scenario": "upgrade backend:consul consul_version:1.14.2 distro:rhel seal:awskms arch:amd64 artifact_source:artifactory edition:oss artifact_type:bundle",
|
||||
"aws_region": "us-west-2",
|
||||
"test_group": 2
|
||||
}
|
||||
]
|
||||
}
|
|
@ -2,7 +2,7 @@
|
|||
name: build_vault
|
||||
|
||||
# This workflow is intended to be called by the build workflow for each Vault
|
||||
# binary that needs to be built and packaged. The crt make targets that are
|
||||
# binary that needs to be built and packaged. The ci make targets that are
|
||||
# utilized automatically determine build metadata and handle building and
|
||||
# packing vault.
|
||||
|
||||
|
@ -51,23 +51,23 @@ jobs:
|
|||
cache: yarn
|
||||
cache-dependency-path: ui/yarn.lock
|
||||
- name: Build UI
|
||||
run: make crt-build-ui
|
||||
run: make ci-build-ui
|
||||
- name: Build Vault
|
||||
env:
|
||||
CGO_ENABLED: ${{ inputs.cgo-enabled }}
|
||||
GOARCH: ${{ inputs.goarch }}
|
||||
GOOS: ${{ inputs.goos }}
|
||||
GO_TAGS: ${{ inputs.go-tags }}
|
||||
run: make crt-build
|
||||
run: make ci-build
|
||||
- name: Determine artifact basename
|
||||
env:
|
||||
GOARCH: ${{ inputs.goarch }}
|
||||
GOOS: ${{ inputs.goos }}
|
||||
run: echo "ARTIFACT_BASENAME=$(make crt-get-artifact-basename)" >> $GITHUB_ENV
|
||||
run: echo "ARTIFACT_BASENAME=$(make ci-get-artifact-basename)" >> $GITHUB_ENV
|
||||
- name: Bundle Vault
|
||||
env:
|
||||
BUNDLE_PATH: out/${{ env.ARTIFACT_BASENAME }}.zip
|
||||
run: make crt-bundle
|
||||
run: make ci-bundle
|
||||
- uses: actions/upload-artifact@v3
|
||||
with:
|
||||
name: ${{ env.ARTIFACT_BASENAME }}.zip
|
||||
|
|
|
@ -19,6 +19,7 @@ jobs:
|
|||
build-date: ${{ steps.get-metadata.outputs.build-date }}
|
||||
filepath: ${{ steps.generate-metadata-file.outputs.filepath }}
|
||||
go-version: ${{ steps.get-metadata.outputs.go-version }}
|
||||
matrix-test-group: ${{ steps.get-metadata.outputs.matrix-test-group }}
|
||||
package-name: ${{ steps.get-metadata.outputs.package-name }}
|
||||
vault-revision: ${{ steps.get-metadata.outputs.vault-revision }}
|
||||
vault-version: ${{ steps.get-metadata.outputs.vault-version }}
|
||||
|
@ -27,13 +28,19 @@ jobs:
|
|||
- uses: actions/checkout@v3
|
||||
- name: Get metadata
|
||||
id: get-metadata
|
||||
env:
|
||||
# MATRIX_MAX_TEST_GROUPS is required to determine the randomly selected
|
||||
# test group. It should be set to the highest test_group used in the
|
||||
# enos-run-matrices.
|
||||
MATRIX_MAX_TEST_GROUPS: 5
|
||||
run: |
|
||||
echo "build-date=$(make crt-get-date)" >> $GITHUB_OUTPUT
|
||||
echo "package-name=${{ env.PKG_NAME }}" >> $GITHUB_OUTPUT
|
||||
echo "build-date=$(make ci-get-date)" >> $GITHUB_OUTPUT
|
||||
echo "go-version=$(cat ./.go-version)" >> $GITHUB_OUTPUT
|
||||
echo "vault-base-version=$(make crt-get-version-base)" >> $GITHUB_OUTPUT
|
||||
echo "vault-revision=$(make crt-get-revision)" >> $GITHUB_OUTPUT
|
||||
echo "vault-version=$(make crt-get-version)" >> $GITHUB_OUTPUT
|
||||
echo "matrix-test-group=$(make ci-get-matrix-group-id)" >> $GITHUB_OUTPUT
|
||||
echo "package-name=${{ env.PKG_NAME }}" >> $GITHUB_OUTPUT
|
||||
echo "vault-base-version=$(make ci-get-version-base)" >> $GITHUB_OUTPUT
|
||||
echo "vault-revision=$(make ci-get-revision)" >> $GITHUB_OUTPUT
|
||||
echo "vault-version=$(make ci-get-version)" >> $GITHUB_OUTPUT
|
||||
- uses: hashicorp/actions-generate-metadata@v1
|
||||
id: generate-metadata-file
|
||||
with:
|
||||
|
@ -154,8 +161,8 @@ jobs:
|
|||
zip_artifact_name: ${{ env.PKG_NAME }}_${{ needs.product-metadata.outputs.vault-version }}_linux_${{ matrix.arch }}.zip
|
||||
redhat_tag: quay.io/redhat-isv-containers/5f89bb5e0b94cf64cfeb500a:${{ env.version }}-ubi
|
||||
|
||||
enos:
|
||||
name: Enos
|
||||
test:
|
||||
name: Test ${{ matrix.build-artifact-name }}
|
||||
# Only run the Enos workflow against branches that are created from the
|
||||
# hashicorp/vault repository. This has the effect of limiting execution of
|
||||
# Enos scenarios to branches that originate from authors that have write
|
||||
|
@ -167,16 +174,24 @@ jobs:
|
|||
- product-metadata
|
||||
- build-linux
|
||||
uses: ./.github/workflows/enos-run.yml
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
include:
|
||||
- matrix-file-name: build-github-oss-linux-amd64-zip
|
||||
build-artifact-name: vault_${{ needs.product-metadata.outputs.vault-version }}_linux_amd64.zip
|
||||
- matrix-file-name: build-github-oss-linux-arm64-zip
|
||||
build-artifact-name: vault_${{ needs.product-metadata.outputs.vault-version }}_linux_arm64.zip
|
||||
with:
|
||||
artifact-build-date: ${{ needs.product-metadata.outputs.build-date }}
|
||||
artifact-name: vault_${{ needs.product-metadata.outputs.vault-version }}_linux_amd64.zip
|
||||
artifact-revision: ${{ needs.product-metadata.outputs.vault-revision }}
|
||||
artifact-source: crt
|
||||
artifact-version: ${{ needs.product-metadata.outputs.vault-version }}
|
||||
build-artifact-name: ${{ matrix.build-artifact-name }}
|
||||
matrix-file-name: ${{ matrix.matrix-file-name }}
|
||||
matrix-test-group: ${{ needs.product-metadata.outputs.matrix-test-group }}
|
||||
vault-edition: oss
|
||||
vault-revision: ${{ needs.product-metadata.outputs.vault-revision }}
|
||||
secrets: inherit
|
||||
|
||||
enos-docker-k8s:
|
||||
name: Enos Docker K8s
|
||||
test-docker-k8s:
|
||||
name: Test Docker K8s
|
||||
# Only run the Enos workflow against branches that are created from the
|
||||
# hashicorp/vault repository. This has the effect of limiting execution of
|
||||
# Enos scenarios to branches that originate from authors that have write
|
||||
|
@ -203,7 +218,7 @@ jobs:
|
|||
- build-darwin
|
||||
- build-docker
|
||||
- build-ubi
|
||||
- enos
|
||||
- enos-docker-k8s
|
||||
- test
|
||||
- test-docker-k8s
|
||||
steps:
|
||||
- run: echo "All build and integration workflows have succeeded!"
|
||||
- run: echo "All build and test workflows have succeeded!"
|
||||
|
|
|
@ -0,0 +1,43 @@
|
|||
name: enos-release-testing-oss
|
||||
|
||||
on:
|
||||
repository_dispatch:
|
||||
types:
|
||||
- enos-release-testing-oss
|
||||
- enos-release-testing-oss::*
|
||||
|
||||
jobs:
|
||||
metadata:
|
||||
if: ${{ startsWith(github.event.client_payload.payload.branch, 'release/') }}
|
||||
runs-on: ubuntu-default
|
||||
outputs:
|
||||
matrix-test-group: ${{ steps.matrix-group.outputs.matrix-test-group }}
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- id: matrix-group
|
||||
env:
|
||||
# MATRIX_MAX_TEST_GROUPS is required to determine the randomly selected
|
||||
# test group. It should be set to the highest test_group used in the
|
||||
# enos-run-matrices.
|
||||
MATRIX_MAX_TEST_GROUPS: 2
|
||||
run: echo "matrix-test-group=$(make ci-get-matrix-group-id)" >> $GITHUB_OUTPUT
|
||||
|
||||
test:
|
||||
name: Test ${{ matrix.matrix-file-name }}
|
||||
if: ${{ startsWith(github.event.client_payload.payload.branch, 'release/') }}
|
||||
needs: metadata
|
||||
uses: ./.github/workflows/enos-run.yml
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
include:
|
||||
- matrix-file-name: enos_release_testing_oss-artifactory-oss-linux-amd64-zip
|
||||
test-name: Linux AMD64 Zip
|
||||
- matrix-file-name: enos_release_testing_oss-artifactory-oss-linux-arm64-zip
|
||||
test-name: Linux ARM64 Zip
|
||||
with:
|
||||
matrix-file-name: ${{ matrix.test-name }}
|
||||
matrix-test-group: ${{ needs.metadata.outputs.matrix-test-group }}
|
||||
vault-edition: oss
|
||||
vault-revision: ${{ github.event.client_payload.payload.sha }}
|
||||
secrets: inherit
|
|
@ -2,69 +2,114 @@
|
|||
name: enos
|
||||
|
||||
on:
|
||||
# Only trigger this working using workflow_call. It assumes that secrets are
|
||||
# being inherited from the caller.
|
||||
# Only trigger this working using workflow_call. This workflow requires many
|
||||
# secrets that must be inherited from the caller workflow.
|
||||
workflow_call:
|
||||
inputs:
|
||||
artifact-build-date:
|
||||
# The name of the artifact that we're going to use for testing. This should
|
||||
# match exactly to build artifacts uploaded to Github and Artifactory.
|
||||
build-artifact-name:
|
||||
required: true
|
||||
type: string
|
||||
# The base name of the file in ./github/enos-run-matrices that we use to
|
||||
# determine which scenarios to run for the build artifact.
|
||||
#
|
||||
# They are named in the format of:
|
||||
# $caller_workflow_name-$artifact_source-$vault_edition-$platform-$arch-$packing_type
|
||||
#
|
||||
# Where each are:
|
||||
# caller_workflow_name: the Github Actions workflow that is calling
|
||||
# this one
|
||||
# artifact_source: where we're getting the artifact from. Either
|
||||
# "github" or "artifactory"
|
||||
# vault_edition: which edition of vault that we're testing. e.g. "oss"
|
||||
# or "ent"
|
||||
# platform: the vault binary target platform, e.g. "linux" or "macos"
|
||||
# arch: the vault binary target architecture, e.g. "arm64" or "amd64"
|
||||
# packing_type: how vault binary is packaged, e.g. "zip", "deb", "rpm"
|
||||
#
|
||||
# Examples:
|
||||
# build-github-oss-linux-amd64-zip
|
||||
matrix-file-name:
|
||||
required: true
|
||||
type: string
|
||||
# The test group we want to run. This corresponds to the test_group attribute
|
||||
# defined in the enos-run-matrices files.
|
||||
matrix-test-group:
|
||||
default: 0
|
||||
type: string
|
||||
runs-on:
|
||||
# NOTE: The value should be JSON encoded as that's the only way we can
|
||||
# pass arrays with workflow_call.
|
||||
type: string
|
||||
required: false
|
||||
default: '"ubuntu-latest"'
|
||||
ssh-key-name:
|
||||
type: string
|
||||
artifact-name:
|
||||
default: enos-ci-ssh-key
|
||||
# Which edition of Vault we're using. e.g. "oss", "ent", "ent.hsm.fips1402"
|
||||
vault-edition:
|
||||
required: true
|
||||
type: string
|
||||
artifact-revision:
|
||||
# The Git commit SHA used as the revision when building vault
|
||||
vault-revision:
|
||||
required: true
|
||||
type: string
|
||||
artifact-source:
|
||||
required: false
|
||||
type: string
|
||||
artifact-version:
|
||||
required: true
|
||||
type: string
|
||||
|
||||
env:
|
||||
PKG_NAME: vault
|
||||
ARTIFACT_BUILD_DATE: ${{ inputs.artifact-build-date }}
|
||||
ARTIFACT_NAME: ${{ inputs.artifact-name }}
|
||||
ARTIFACT_REVISION: ${{ inputs.artifact-revision }}
|
||||
ARTIFACT_SOURCE: ${{ inputs.artifact-source }}
|
||||
ARTIFACT_VERSION: ${{ inputs.artifact-version }}
|
||||
|
||||
jobs:
|
||||
# Read Enos scenario matrix file based on artifact-name input to test
|
||||
read-enos-matrix:
|
||||
runs-on: ubuntu-latest
|
||||
metadata:
|
||||
runs-on: ${{ fromJSON(inputs.runs-on) }}
|
||||
outputs:
|
||||
enos-scenarios: ${{ steps.enos-matrix.outputs.matrix }}
|
||||
build-date: ${{ steps.metadata.outputs.build-date }}
|
||||
matrix: ${{ steps.metadata.outputs.matrix }}
|
||||
version: ${{ steps.metadata.outputs.version }}
|
||||
version-minor: ${{ steps.metadata.outputs.matrix }}
|
||||
env:
|
||||
# Pass the vault edition as VAULT_METADATA so the CI make targets can create
|
||||
# values that consider the edition.
|
||||
VAULT_METADATA: ${{ inputs.vault-edition }}
|
||||
# Pass in the matrix and matrix group for filtering
|
||||
MATRIX_FILE: ./.github/enos-run-matrices/${{ inputs.matrix-file-name }}.json
|
||||
MATRIX_TEST_GROUP: ${{ inputs.matrix-test-group }}
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v3
|
||||
- name: Create Enos scenario matrix
|
||||
id: enos-matrix
|
||||
- uses: actions/checkout@v3
|
||||
- id: metadata
|
||||
run: |
|
||||
[[ ${{ env.ARTIFACT_NAME }} == *"ent"* ]] && scenarioFile=$(cat ./.github/enos-run-matrices/${{ env.ARTIFACT_SOURCE }}-ent.json |jq -c .) || scenarioFile=$(cat ./.github/enos-run-matrices/${{ env.ARTIFACT_SOURCE }}-oss.json |jq -c .)
|
||||
echo "matrix=$scenarioFile" >> $GITHUB_OUTPUT
|
||||
# Run Integration tests on Enos scenario matrix
|
||||
enos:
|
||||
name: Integration
|
||||
needs: read-enos-matrix
|
||||
echo "build-date=$(make ci-get-date)" >> $GITHUB_OUTPUT
|
||||
echo "version=$(make ci-get-version)" >> $GITHUB_OUTPUT
|
||||
filtered=$(make ci-filter-matrix)
|
||||
echo "matrix=$(echo $filtered)}" >> $GITHUB_OUTPUT
|
||||
|
||||
# Run the Enos test scenarios
|
||||
run:
|
||||
needs: metadata
|
||||
strategy:
|
||||
fail-fast: false # don't fail as that can skip required cleanup steps for jobs
|
||||
matrix: ${{ fromJson(needs.read-enos-matrix.outputs.enos-scenarios) }}
|
||||
matrix: ${{ fromJson(needs.metadata.outputs.matrix) }}
|
||||
runs-on: ubuntu-latest
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
|
||||
# Pass in enos variables
|
||||
ENOS_VAR_aws_region: ${{ matrix.aws_region }}
|
||||
ENOS_VAR_aws_ssh_keypair_name: ${{ inputs.ssh-key-name }}
|
||||
ENOS_VAR_aws_ssh_private_key_path: ./support/private_key.pem
|
||||
ENOS_VAR_tfc_api_token: ${{ secrets.TF_API_TOKEN }}
|
||||
ENOS_VAR_artifactory_username: ${{ secrets.ARTIFACTORY_USER }}
|
||||
ENOS_VAR_artifactory_token: ${{ secrets.ARTIFACTORY_TOKEN }}
|
||||
ENOS_VAR_terraform_plugin_cache_dir: ./support/terraform-plugin-cache
|
||||
ENOS_VAR_vault_build_date: ${{ needs.metadata.outputs.build-date }}
|
||||
ENOS_VAR_vault_product_version: ${{ needs.metadata.outputs.version }}
|
||||
ENOS_VAR_vault_revision: ${{ inputs.vault-revision }}
|
||||
ENOS_VAR_vault_bundle_path: ./support/downloads/${{ inputs.build-artifact-name }}
|
||||
ENOS_VAR_vault_license_path: ./support/vault.hclic
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v3
|
||||
- name: Set up Terraform
|
||||
uses: hashicorp/setup-terraform@v2
|
||||
- uses: actions/checkout@v3
|
||||
- uses: hashicorp/setup-terraform@v2
|
||||
with:
|
||||
# the Terraform wrapper will break Terraform execution in Enos because
|
||||
# it changes the output to text when we expect it to be JSON.
|
||||
terraform_wrapper: false
|
||||
- name: Configure AWS credentials
|
||||
uses: aws-actions/configure-aws-credentials@v1
|
||||
- uses: aws-actions/configure-aws-credentials@v1-node16
|
||||
with:
|
||||
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
|
||||
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
||||
|
@ -72,87 +117,39 @@ jobs:
|
|||
role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
|
||||
role-skip-session-tagging: true
|
||||
role-duration-seconds: 3600
|
||||
- name: Set up Enos
|
||||
uses: hashicorp/action-setup-enos@v1
|
||||
- uses: hashicorp/action-setup-enos@v1
|
||||
with:
|
||||
github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
|
||||
- name: Set up AWS SSH private key
|
||||
- name: Prepare scenario dependencies
|
||||
run: |
|
||||
mkdir -p ./enos/support
|
||||
mkdir -p ./enos/support/terraform-plugin-cache
|
||||
echo "${{ secrets.ENOS_CI_SSH_KEY }}" > ./enos/support/private_key.pem
|
||||
chmod 600 ./enos/support/private_key.pem
|
||||
- name: Download Linux AMD64 Vault bundle
|
||||
if: ${{ env.ARTIFACT_SOURCE == 'crt' }}
|
||||
id: download
|
||||
- if: contains(inputs.matrix-file-name, 'github')
|
||||
uses: actions/download-artifact@v3
|
||||
with:
|
||||
name: ${{ inputs.artifact-name }}
|
||||
name: ${{ inputs.build-artifact-name }}
|
||||
path: ./enos/support/downloads
|
||||
- name: unzip Downloaded Vault bundle
|
||||
if: ${{ env.ARTIFACT_SOURCE == 'crt' }}
|
||||
run: |
|
||||
unzip ${{steps.download.outputs.download-path}}/*.zip -d enos/support
|
||||
mv ${{steps.download.outputs.download-path}}/*.zip enos/support/vault.zip
|
||||
- name: Prepare for scenario execution
|
||||
run: |
|
||||
mkdir -p enos/support/terraform-plugin-cache
|
||||
[[ ${{ env.ARTIFACT_NAME }} == *"ent"* ]] && echo "${{ secrets.VAULT_LICENSE }}" > ./enos/support/vault.hclic || true
|
||||
- if: contains(inputs.matrix-file-name, 'ent')
|
||||
name: Configure Vault license
|
||||
run: echo "${{ secrets.VAULT_LICENSE }}" > ./enos/support/vault.hclic || true
|
||||
- name: Run Enos scenario
|
||||
id: run
|
||||
# Continue once and retry to handle occasional blips when creating
|
||||
# infrastructure.
|
||||
continue-on-error: true
|
||||
env:
|
||||
ENOS_VAR_aws_region: ${{ matrix.aws_region }}
|
||||
ENOS_VAR_aws_ssh_keypair_name: enos-ci-ssh-key
|
||||
ENOS_VAR_aws_ssh_private_key_path: ./support/private_key.pem
|
||||
ENOS_VAR_tfc_api_token: ${{ secrets.TF_API_TOKEN }}
|
||||
ENOS_VAR_artifactory_username: ${{ secrets.ARTIFACTORY_USER }}
|
||||
ENOS_VAR_artifactory_token: ${{ secrets.ARTIFACTORY_TOKEN }}
|
||||
ENOS_VAR_terraform_plugin_cache_dir: ./support/terraform-plugin-cache
|
||||
ENOS_VAR_vault_build_date: ${{ env.ARTIFACT_BUILD_DATE }}
|
||||
ENOS_VAR_vault_product_version: ${{ env.ARTIFACT_VERSION }}
|
||||
ENOS_VAR_vault_revision: ${{ env.ARTIFACT_REVISION }}
|
||||
ENOS_VAR_vault_bundle_path: ./support/vault.zip
|
||||
run: |
|
||||
enos scenario run --timeout 60m0s --chdir ./enos ${{ matrix.scenario }}
|
||||
- name: Retry Enos scenario
|
||||
run: enos scenario run --timeout 60m0s --chdir ./enos ${{ matrix.scenario }}
|
||||
- name: Retry Enos scenario if necessary
|
||||
id: run_retry
|
||||
if: steps.run.outcome == 'failure'
|
||||
env:
|
||||
ENOS_VAR_aws_region: ${{ matrix.aws_region }}
|
||||
ENOS_VAR_aws_ssh_keypair_name: enos-ci-ssh-key
|
||||
ENOS_VAR_aws_ssh_private_key_path: ./support/private_key.pem
|
||||
ENOS_VAR_tfc_api_token: ${{ secrets.TF_API_TOKEN }}
|
||||
ENOS_VAR_artifactory_username: ${{ secrets.ARTIFACTORY_USER }}
|
||||
ENOS_VAR_artifactory_token: ${{ secrets.ARTIFACTORY_TOKEN }}
|
||||
ENOS_VAR_terraform_plugin_cache_dir: ./support/terraform-plugin-cache
|
||||
ENOS_VAR_vault_build_date: ${{ env.ARTIFACT_BUILD_DATE }}
|
||||
ENOS_VAR_vault_product_version: ${{ env.ARTIFACT_VERSION }}
|
||||
ENOS_VAR_vault_revision: ${{ env.ARTIFACT_REVISION }}
|
||||
ENOS_VAR_vault_bundle_path: ./support/vault.zip
|
||||
run: |
|
||||
enos scenario run --timeout 60m0s --chdir ./enos ${{ matrix.scenario }}
|
||||
- name: Destroy Enos scenario
|
||||
run: enos scenario run --timeout 60m0s --chdir ./enos ${{ matrix.scenario }}
|
||||
- name: Ensure scenario has been destroyed
|
||||
if: ${{ always() }}
|
||||
# With Enos version 0.0.11 the destroy step returns an error if the infrastructure
|
||||
# is already destroyed by enos run. So temporarily setting it to continue on error in GHA
|
||||
continue-on-error: true
|
||||
env:
|
||||
ENOS_VAR_aws_region: ${{ matrix.aws_region }}
|
||||
ENOS_VAR_aws_ssh_keypair_name: enos-ci-ssh-key
|
||||
ENOS_VAR_aws_ssh_private_key_path: ./support/private_key.pem
|
||||
ENOS_VAR_tfc_api_token: ${{ secrets.TF_API_TOKEN }}
|
||||
ENOS_VAR_artifactory_username: ${{ secrets.ARTIFACTORY_USER }}
|
||||
ENOS_VAR_artifactory_token: ${{ secrets.ARTIFACTORY_TOKEN }}
|
||||
ENOS_VAR_terraform_plugin_cache_dir: ./support/terraform-plugin-cache
|
||||
ENOS_VAR_vault_build_date: ${{ env.ARTIFACT_BUILD_DATE }}
|
||||
ENOS_VAR_vault_product_version: ${{ env.ARTIFACT_VERSION }}
|
||||
ENOS_VAR_vault_revision: ${{ env.ARTIFACT_REVISION }}
|
||||
ENOS_VAR_vault_bundle_path: ./support/vault.zip
|
||||
run: |
|
||||
enos scenario destroy --timeout 60m0s --chdir ./enos ${{ matrix.scenario }}
|
||||
- name: Cleanup Enos runtime directories
|
||||
run: enos scenario destroy --timeout 60m0s --chdir ./enos ${{ matrix.scenario }}
|
||||
- name: Clean up Enos runtime directories
|
||||
if: ${{ always() }}
|
||||
run: |
|
||||
rm -rf /tmp/enos*
|
||||
|
|
|
@ -1,19 +0,0 @@
|
|||
name: enos-verify-stable
|
||||
|
||||
on:
|
||||
repository_dispatch:
|
||||
types:
|
||||
- enos-verify-stable
|
||||
- enos-verify-stable::*
|
||||
|
||||
jobs:
|
||||
enos-verify-stable:
|
||||
name: Enos verify stable artifact
|
||||
if: ${{ startsWith(github.event.client_payload.payload.branch, 'release/') }}
|
||||
uses: ./.github/workflows/enos-run.yml
|
||||
with:
|
||||
artifact-source: artifactory
|
||||
artifact-name: ${{ github.event.client_payload.payload.product }}_${{ github.event.client_payload.payload.version }}_linux_amd64.zip
|
||||
artifact-revision: ${{ github.event.client_payload.payload.sha }}
|
||||
artifact-version: ${{ github.event.client_payload.payload.version }}
|
||||
secrets: inherit
|
|
@ -175,18 +175,19 @@ event "verify" {
|
|||
}
|
||||
}
|
||||
|
||||
event "enos-verify-stable" {
|
||||
event "enos-release-testing-oss" {
|
||||
depends = ["verify"]
|
||||
action "enos-verify-stable" {
|
||||
action "enos-release-testing-oss" {
|
||||
organization = "hashicorp"
|
||||
repository = "vault"
|
||||
workflow = "enos-verify-stable"
|
||||
workflow = "enos-release-testing-oss"
|
||||
}
|
||||
|
||||
notification {
|
||||
on = "fail"
|
||||
}
|
||||
}
|
||||
|
||||
## These events are publish and post-publish events and should be added to the end of the file
|
||||
## after the verify event stanza.
|
||||
|
||||
|
|
|
@ -39,5 +39,9 @@
|
|||
/ui/app/routes/vault/cluster/oidc-*.js @austingebauer
|
||||
|
||||
# Release config; service account is required for automation tooling.
|
||||
/.release/ @hashicorp/release-engineering @hashicorp/github-secure-vault-core
|
||||
/.github/workflows/build.yml @hashicorp/release-engineering @hashicorp/github-secure-vault-core
|
||||
/.release/ @hashicorp/release-engineering @hashicorp/github-secure-vault-core @hashicorp/quality-team
|
||||
/.github/workflows/build.yml @hashicorp/release-engineering @hashicorp/github-secure-vault-core @hashicorp/quality-team
|
||||
|
||||
# Quality engineering
|
||||
/.github/ @hashicorp/quality-team
|
||||
/enos/ @hashicorp/quality-team
|
||||
|
|
94
Makefile
94
Makefile
|
@ -254,48 +254,72 @@ ci-verify:
|
|||
|
||||
.NOTPARALLEL: ember-dist ember-dist-dev
|
||||
|
||||
# These crt targets are used for release builds by .github/workflows/build.yml
|
||||
# and for artifact_source:local Enos scenario variants.
|
||||
.PHONY: crt-build
|
||||
crt-build:
|
||||
@$(CURDIR)/scripts/crt-builder.sh build
|
||||
# These ci targets are used for used for building and testing in Github Actions
|
||||
# workflows and for Enos scenarios.
|
||||
.PHONY: ci-build
|
||||
ci-build:
|
||||
@$(CURDIR)/scripts/ci-helper.sh build
|
||||
|
||||
.PHONY: crt-build-ui
|
||||
crt-build-ui:
|
||||
@$(CURDIR)/scripts/crt-builder.sh build-ui
|
||||
.PHONY: ci-build-ui
|
||||
ci-build-ui:
|
||||
@$(CURDIR)/scripts/ci-helper.sh build-ui
|
||||
|
||||
.PHONY: crt-bundle
|
||||
crt-bundle:
|
||||
@$(CURDIR)/scripts/crt-builder.sh bundle
|
||||
.PHONY: ci-bundle
|
||||
ci-bundle:
|
||||
@$(CURDIR)/scripts/ci-helper.sh bundle
|
||||
|
||||
.PHONY: crt-get-artifact-basename
|
||||
crt-get-artifact-basename:
|
||||
@$(CURDIR)/scripts/crt-builder.sh artifact-basename
|
||||
.PHONY: ci-filter-matrix
|
||||
ci-filter-matrix:
|
||||
@$(CURDIR)/scripts/ci-helper.sh matrix-filter-file
|
||||
|
||||
.PHONY: crt-get-date
|
||||
crt-get-date:
|
||||
@$(CURDIR)/scripts/crt-builder.sh date
|
||||
.PHONY: ci-get-artifact-basename
|
||||
ci-get-artifact-basename:
|
||||
@$(CURDIR)/scripts/ci-helper.sh artifact-basename
|
||||
|
||||
.PHONY: crt-get-revision
|
||||
crt-get-revision:
|
||||
@$(CURDIR)/scripts/crt-builder.sh revision
|
||||
.PHONY: ci-get-date
|
||||
ci-get-date:
|
||||
@$(CURDIR)/scripts/ci-helper.sh date
|
||||
|
||||
.PHONY: crt-get-version
|
||||
crt-get-version:
|
||||
@$(CURDIR)/scripts/crt-builder.sh version
|
||||
.PHONY: ci-get-matrix-group-id
|
||||
ci-get-matrix-group-id:
|
||||
@$(CURDIR)/scripts/ci-helper.sh matrix-group-id
|
||||
|
||||
.PHONY: crt-get-version-base
|
||||
crt-get-version-base:
|
||||
@$(CURDIR)/scripts/crt-builder.sh version-base
|
||||
.PHONY: ci-get-revision
|
||||
ci-get-revision:
|
||||
@$(CURDIR)/scripts/ci-helper.sh revision
|
||||
|
||||
.PHONY: crt-get-version-pre
|
||||
crt-get-version-pre:
|
||||
@$(CURDIR)/scripts/crt-builder.sh version-pre
|
||||
.PHONY: ci-get-version
|
||||
ci-get-version:
|
||||
@$(CURDIR)/scripts/ci-helper.sh version
|
||||
|
||||
.PHONY: crt-get-version-meta
|
||||
crt-get-version-meta:
|
||||
@$(CURDIR)/scripts/crt-builder.sh version-meta
|
||||
.PHONY: ci-get-version-base
|
||||
ci-get-version-base:
|
||||
@$(CURDIR)/scripts/ci-helper.sh version-base
|
||||
|
||||
.PHONY: crt-prepare-legal
|
||||
crt-prepare-legal:
|
||||
@$(CURDIR)/scripts/crt-builder.sh prepare-legal
|
||||
.PHONY: ci-get-version-major
|
||||
ci-get-version-major:
|
||||
@$(CURDIR)/scripts/ci-helper.sh version-major
|
||||
|
||||
.PHONY: ci-get-version-meta
|
||||
ci-get-version-meta:
|
||||
@$(CURDIR)/scripts/ci-helper.sh version-meta
|
||||
|
||||
.PHONY: ci-get-version-minor
|
||||
ci-get-version-minor:
|
||||
@$(CURDIR)/scripts/ci-helper.sh version-minor
|
||||
|
||||
.PHONY: ci-get-version-package
|
||||
ci-get-version-package:
|
||||
@$(CURDIR)/scripts/ci-helper.sh version-package
|
||||
|
||||
.PHONY: ci-get-version-patch
|
||||
ci-get-version-patch:
|
||||
@$(CURDIR)/scripts/ci-helper.sh version-patch
|
||||
|
||||
.PHONY: ci-get-version-pre
|
||||
ci-get-version-pre:
|
||||
@$(CURDIR)/scripts/ci-helper.sh version-pre
|
||||
|
||||
.PHONY: ci-prepare-legal
|
||||
ci-prepare-legal:
|
||||
@$(CURDIR)/scripts/ci-helper.sh prepare-legal
|
||||
|
|
|
@ -3,7 +3,7 @@ scenario "agent" {
|
|||
arch = ["amd64", "arm64"]
|
||||
artifact_source = ["local", "crt", "artifactory"]
|
||||
distro = ["ubuntu", "rhel"]
|
||||
edition = ["oss", "ent"]
|
||||
edition = ["oss", "ent", "ent.fips1402", "ent.hsm", "ent.hsm.fips1402"]
|
||||
}
|
||||
|
||||
terraform_cli = terraform_cli.default
|
||||
|
@ -16,8 +16,11 @@ scenario "agent" {
|
|||
|
||||
locals {
|
||||
build_tags = {
|
||||
"oss" = ["ui"]
|
||||
"ent" = ["enterprise", "ent"]
|
||||
"oss" = ["ui"]
|
||||
"ent" = ["ui", "enterprise", "ent"]
|
||||
"ent.fips1402" = ["ui", "enterprise", "cgo", "hsm", "fips", "fips_140_2", "ent.fips1402"]
|
||||
"ent.hsm" = ["ui", "enterprise", "cgo", "hsm", "venthsm"]
|
||||
"ent.hsm.fips1402" = ["ui", "enterprise", "cgo", "hsm", "fips", "fips_140_2", "ent.hsm.fips1402"]
|
||||
}
|
||||
bundle_path = matrix.artifact_source != "artifactory" ? abspath(var.vault_bundle_path) : null
|
||||
dependencies_to_install = ["jq"]
|
||||
|
|
|
@ -4,7 +4,7 @@ scenario "autopilot" {
|
|||
artifact_source = ["local", "crt", "artifactory"]
|
||||
artifact_type = ["bundle", "package"]
|
||||
distro = ["ubuntu", "rhel"]
|
||||
edition = ["ent"]
|
||||
edition = ["ent", "ent.fips1402", "ent.hsm", "ent.hsm.fips1402"]
|
||||
seal = ["awskms", "shamir"]
|
||||
}
|
||||
|
||||
|
@ -18,7 +18,10 @@ scenario "autopilot" {
|
|||
|
||||
locals {
|
||||
build_tags = {
|
||||
"ent" = ["enterprise", "ent"]
|
||||
"ent" = ["ui", "enterprise", "ent"]
|
||||
"ent.fips1402" = ["ui", "enterprise", "cgo", "hsm", "fips", "fips_140_2", "ent.fips1402"]
|
||||
"ent.hsm" = ["ui", "enterprise", "cgo", "hsm", "venthsm"]
|
||||
"ent.hsm.fips1402" = ["ui", "enterprise", "cgo", "hsm", "fips", "fips_140_2", "ent.hsm.fips1402"]
|
||||
}
|
||||
bundle_path = matrix.artifact_source != "artifactory" ? abspath(var.vault_bundle_path) : null
|
||||
dependencies_to_install = ["jq"]
|
||||
|
|
|
@ -4,9 +4,9 @@ scenario "smoke" {
|
|||
backend = ["consul", "raft"]
|
||||
artifact_source = ["local", "crt", "artifactory"]
|
||||
artifact_type = ["bundle", "package"]
|
||||
consul_version = ["1.13.2", "1.12.5", "1.11.10"]
|
||||
consul_version = ["1.14.2", "1.13.4", "1.12.7"]
|
||||
distro = ["ubuntu", "rhel"]
|
||||
edition = ["oss", "ent"]
|
||||
edition = ["oss", "ent", "ent.fips1402", "ent.hsm", "ent.hsm.fips1402"]
|
||||
seal = ["awskms", "shamir"]
|
||||
|
||||
# Packages are not offered for the oss edition
|
||||
|
@ -26,8 +26,11 @@ scenario "smoke" {
|
|||
|
||||
locals {
|
||||
build_tags = {
|
||||
"oss" = ["ui"]
|
||||
"ent" = ["enterprise", "ent"]
|
||||
"oss" = ["ui"]
|
||||
"ent" = ["ui", "enterprise", "ent"]
|
||||
"ent.fips1402" = ["ui", "enterprise", "cgo", "hsm", "fips", "fips_140_2", "ent.fips1402"]
|
||||
"ent.hsm" = ["ui", "enterprise", "cgo", "hsm", "venthsm"]
|
||||
"ent.hsm.fips1402" = ["ui", "enterprise", "cgo", "hsm", "fips", "fips_140_2", "ent.hsm.fips1402"]
|
||||
}
|
||||
bundle_path = matrix.artifact_source != "artifactory" ? abspath(var.vault_bundle_path) : null
|
||||
dependencies_to_install = ["jq"]
|
||||
|
@ -115,11 +118,11 @@ scenario "smoke" {
|
|||
depends_on = [step.create_vpc]
|
||||
|
||||
providers = {
|
||||
enos = local.enos_provider[matrix.distro]
|
||||
enos = provider.enos.ubuntu
|
||||
}
|
||||
|
||||
variables {
|
||||
ami_id = step.create_vpc.ami_ids[matrix.distro][matrix.arch]
|
||||
ami_id = step.create_vpc.ami_ids["ubuntu"]["amd64"]
|
||||
common_tags = local.tags
|
||||
consul_release = {
|
||||
edition = var.backend_edition
|
||||
|
|
|
@ -4,9 +4,9 @@ scenario "upgrade" {
|
|||
backend = ["consul", "raft"]
|
||||
artifact_source = ["local", "crt", "artifactory"]
|
||||
artifact_type = ["bundle", "package"]
|
||||
consul_version = ["1.13.2", "1.12.5", "1.11.10"]
|
||||
consul_version = ["1.14.2", "1.13.4", "1.12.7"]
|
||||
distro = ["ubuntu", "rhel"]
|
||||
edition = ["oss", "ent"]
|
||||
edition = ["oss", "ent", "ent.fips1402", "ent.hsm", "ent.hsm.fips1402"]
|
||||
seal = ["awskms", "shamir"]
|
||||
|
||||
# Packages are not offered for the oss edition
|
||||
|
@ -27,8 +27,11 @@ scenario "upgrade" {
|
|||
|
||||
locals {
|
||||
build_tags = {
|
||||
"oss" = ["ui"]
|
||||
"ent" = ["enterprise", "ent"]
|
||||
"oss" = ["ui"]
|
||||
"ent" = ["ui", "enterprise", "ent"]
|
||||
"ent.fips1402" = ["ui", "enterprise", "cgo", "hsm", "fips", "fips_140_2", "ent.fips1402"]
|
||||
"ent.hsm" = ["ui", "enterprise", "cgo", "hsm", "venthsm"]
|
||||
"ent.hsm.fips1402" = ["ui", "enterprise", "cgo", "hsm", "fips", "fips_140_2", "ent.hsm.fips1402"]
|
||||
}
|
||||
bundle_path = matrix.artifact_source != "artifactory" ? abspath(var.vault_bundle_path) : null
|
||||
dependencies_to_install = ["jq"]
|
||||
|
|
|
@ -8,5 +8,5 @@ export CGO_ENABLED=0
|
|||
|
||||
root_dir="$(git rev-parse --show-toplevel)"
|
||||
pushd "$root_dir" > /dev/null
|
||||
make crt-build-ui crt-build crt-bundle
|
||||
make ci-build-ui ci-build ci-bundle
|
||||
popd > /dev/null
|
||||
|
|
|
@ -2,5 +2,5 @@
|
|||
set -eu -o pipefail
|
||||
|
||||
pushd "$(git rev-parse --show-toplevel)" > /dev/null
|
||||
make crt-get-date
|
||||
make ci-get-date
|
||||
popd > /dev/null
|
||||
|
|
|
@ -2,5 +2,5 @@
|
|||
set -eu -o pipefail
|
||||
|
||||
pushd "$(git rev-parse --show-toplevel)" > /dev/null
|
||||
make crt-get-version
|
||||
make ci-get-version
|
||||
popd > /dev/null
|
||||
|
|
|
@ -1,15 +1,14 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
# The Vault smoke test to verify the Vault version installed
|
||||
|
||||
# Verify the Vault "version" includes the correct base version, build date,
|
||||
# revision SHA, and edition metadata.
|
||||
set -e
|
||||
|
||||
binpath=${vault_install_dir}/vault
|
||||
edition=${vault_edition}
|
||||
version=${vault_version}
|
||||
sha=${vault_revision}
|
||||
builddate=${vault_build_date}
|
||||
release="$version+$edition"
|
||||
build_date=${vault_build_date}
|
||||
|
||||
fail() {
|
||||
echo "$1" 1>&2
|
||||
|
@ -21,25 +20,20 @@ test -x "$binpath" || fail "unable to locate vault binary at $binpath"
|
|||
export VAULT_ADDR='http://127.0.0.1:8200'
|
||||
export VAULT_TOKEN='${vault_token}'
|
||||
|
||||
if [[ "$builddate" != "" ]]; then
|
||||
build_date=$builddate
|
||||
else
|
||||
build_date=$("$binpath" status -format=json | jq -Mr .build_date)
|
||||
fi
|
||||
|
||||
if [[ "$(echo $version |awk -F'.' '{print $2}')" -ge 11 ]]; then
|
||||
# Build date was added in 1.11
|
||||
if [[ "$(echo "$version" |awk -F'.' '{print $2}')" -ge 11 ]]; then
|
||||
version_expected="Vault v$version ($sha), built $build_date"
|
||||
else
|
||||
version_expected="Vault v$version ($sha)"
|
||||
fi
|
||||
|
||||
case "$release" in
|
||||
*+oss) ;;
|
||||
*+ent) ;;
|
||||
*+ent.hsm) version_expected="$version_expected (cgo)";;
|
||||
*+ent.fips1402) version_expected="$version_expected (cgo)" ;;
|
||||
*+ent.hsm.fips1402) version_expected="$version_expected (cgo)" ;;
|
||||
*) fail "($release) file doesn't match any known license types"
|
||||
case "$edition" in
|
||||
*oss) ;;
|
||||
*ent) ;;
|
||||
*ent.hsm) version_expected="$version_expected (cgo)";;
|
||||
*ent.fips1402) version_expected="$version_expected (cgo)" ;;
|
||||
*ent.hsm.fips1402) version_expected="$version_expected (cgo)" ;;
|
||||
*) fail "Unknown Vault edition: ($edition)" ;;
|
||||
esac
|
||||
|
||||
version_expected_nosha=$(echo "$version_expected" | awk '!($3="")' | sed 's/ / /' | sed -e 's/[[:space:]]*$//')
|
||||
|
|
|
@ -18,10 +18,10 @@ cd "$DIR"
|
|||
BUILD_TAGS="${BUILD_TAGS:-"vault"}"
|
||||
|
||||
# Get the git commit
|
||||
GIT_COMMIT="$("$SOURCE_DIR"/crt-builder.sh revision)"
|
||||
GIT_COMMIT="$("$SOURCE_DIR"/ci-helper.sh revision)"
|
||||
GIT_DIRTY="$(test -n "`git status --porcelain`" && echo "+CHANGES" || true)"
|
||||
|
||||
BUILD_DATE="$("$SOURCE_DIR"/crt-builder.sh date)"
|
||||
BUILD_DATE="$("$SOURCE_DIR"/ci-helper.sh date)"
|
||||
|
||||
GOPATH=${GOPATH:-$(${GO_CMD} env GOPATH)}
|
||||
case $(uname) in
|
||||
|
|
|
@ -1,8 +1,7 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
# The crt-builder is used to detemine build metadata and create Vault builds.
|
||||
# We use it in build-vault.yml for building release artifacts with CRT. It is
|
||||
# also used by Enos for artifact_source:local scenario variants.
|
||||
# The ci-helper is used to determine build metadata, build Vault binaries,
|
||||
# package those binaries into artifacts, and execute tests with those artifacts.
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
|
@ -43,6 +42,21 @@ function version_base() {
|
|||
awk '$1 == "Version" && $2 == "=" { gsub(/"/, "", $3); print $3 }' < "$VERSION_FILE"
|
||||
}
|
||||
|
||||
# Get the version major
|
||||
function version_major() {
|
||||
version_base | cut -d '.' -f 1
|
||||
}
|
||||
|
||||
# Get the version minor
|
||||
function version_minor() {
|
||||
version_base | cut -d '.' -f 2
|
||||
}
|
||||
|
||||
# Get the version patch
|
||||
function version_patch() {
|
||||
version_base | cut -d '.' -f 3
|
||||
}
|
||||
|
||||
# Get the version pre-release
|
||||
function version_pre() {
|
||||
: "${VAULT_PRERELEASE:=""}"
|
||||
|
@ -60,7 +74,7 @@ function version_pre() {
|
|||
function version_metadata() {
|
||||
: "${VAULT_METADATA:=""}"
|
||||
|
||||
if [ -n "$VAULT_METADATA" ]; then
|
||||
if [[ (-n "$VAULT_METADATA") && ("$VAULT_METADATA" != "oss") ]]; then
|
||||
echo "$VAULT_METADATA"
|
||||
return
|
||||
fi
|
||||
|
@ -69,6 +83,11 @@ function version_metadata() {
|
|||
awk '$1 == "VersionMetadata" && $2 == "=" { gsub(/"/, "", $3); print $3 }' < "$VERSION_FILE"
|
||||
}
|
||||
|
||||
# Get the version formatted for Debian and RHEL packages
|
||||
function version_package() {
|
||||
version | awk '{ gsub("-","~",$1); print $1 }'
|
||||
}
|
||||
|
||||
# Get the build date from the latest commit since it can be used across all
|
||||
# builds
|
||||
function build_date() {
|
||||
|
@ -152,7 +171,7 @@ function build() {
|
|||
fi
|
||||
|
||||
if [ -n "$metadata" ]; then
|
||||
msg="${msg}, metadata ${VAULT_METADATA}"
|
||||
msg="${msg}, metadata ${metadata}"
|
||||
ldflags="${ldflags} -X github.com/hashicorp/vault/version.VersionMetadata=$metadata"
|
||||
fi
|
||||
|
||||
|
@ -167,7 +186,7 @@ function build() {
|
|||
popd
|
||||
}
|
||||
|
||||
# Bundle the dist directory
|
||||
# Bundle the dist directory into a zip
|
||||
function bundle() {
|
||||
: "${BUNDLE_PATH:=$(repo_root)/vault.zip}"
|
||||
echo "--> Bundling dist/* to $BUNDLE_PATH"
|
||||
|
@ -188,7 +207,50 @@ function prepare_legal() {
|
|||
popd
|
||||
}
|
||||
|
||||
# Run the CRT Builder
|
||||
# Determine the matrix group number that we'll select for execution. If the
|
||||
# MATRIX_TEST_GROUP environment variable has set then it will always return
|
||||
# that value. If has not been set, we will randomly select a number between 1
|
||||
# and the value of MATRIX_MAX_TEST_GROUPS.
|
||||
function matrix_group_id() {
|
||||
: "${MATRIX_TEST_GROUP:=""}"
|
||||
if [ -n "$MATRIX_TEST_GROUP" ]; then
|
||||
echo "$MATRIX_TEST_GROUP"
|
||||
return
|
||||
fi
|
||||
|
||||
: "${MATRIX_MAX_TEST_GROUPS:=1}"
|
||||
awk -v min=1 -v max=$MATRIX_MAX_TEST_GROUPS 'BEGIN{srand(); print int(min+rand()*(max-min+1))}'
|
||||
}
|
||||
|
||||
# Filter matrix file reads in the contents of MATRIX_FILE and filters out
|
||||
# scenarios that are not in the current test group and/or those that have not
|
||||
# met minimux or maximum version requirements.
|
||||
function matrix_filter_file() {
|
||||
: "${MATRIX_FILE:=""}"
|
||||
if [ -z "$MATRIX_FILE" ]; then
|
||||
echo "You must specify the MATRIX_FILE variable for this command" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
: "${MATRIX_TEST_GROUP:=$(matrix_group_id)}"
|
||||
|
||||
local path
|
||||
local matrix
|
||||
path=$(readlink -f $MATRIX_FILE)
|
||||
matrix=$(cat "$path" | jq ".include |
|
||||
map(. |
|
||||
select(
|
||||
((.min_minor_version == null) or (.min_minor_version <= $(version_minor))) and
|
||||
((.max_minor_version == null) or (.max_minor_version >= $(version_minor))) and
|
||||
((.test_group == null) or (.test_group == $MATRIX_TEST_GROUP))
|
||||
)
|
||||
)"
|
||||
)
|
||||
|
||||
echo "{\"include\":$matrix}" | jq -c .
|
||||
}
|
||||
|
||||
# Run the CI Helper
|
||||
function main() {
|
||||
case $1 in
|
||||
artifact-basename)
|
||||
|
@ -209,6 +271,12 @@ function main() {
|
|||
prepare-legal)
|
||||
prepare_legal
|
||||
;;
|
||||
matrix-filter-file)
|
||||
matrix_filter_file
|
||||
;;
|
||||
matrix-group-id)
|
||||
matrix_group_id
|
||||
;;
|
||||
revision)
|
||||
build_revision
|
||||
;;
|
||||
|
@ -221,9 +289,21 @@ function main() {
|
|||
version-pre)
|
||||
version_pre
|
||||
;;
|
||||
version-major)
|
||||
version_major
|
||||
;;
|
||||
version-meta)
|
||||
version_metadata
|
||||
;;
|
||||
version-minor)
|
||||
version_minor
|
||||
;;
|
||||
version-package)
|
||||
version_package
|
||||
;;
|
||||
version-patch)
|
||||
version_patch
|
||||
;;
|
||||
*)
|
||||
echo "unknown sub-command" >&2
|
||||
exit 1
|
Loading…
Reference in New Issue