Commit Graph

209 Commits

Author SHA1 Message Date
hc-github-team-secure-vault-core 94dc0d67e0
backport of commit 437a7ab9340c9d5e6638570ac37a271e5c1342e5 (#22019)
Co-authored-by: Hamid Ghaf <83242695+hghaf099@users.noreply.github.com>
2023-07-21 17:34:53 +00:00
Hamid Ghaf 191aebca62
use verify changes for docs to skip tests (#21620) (#22017)
* use verify changes for docs to skip tests

* add verify-changes to the needed jobs

* skip go tests for doc/ui only changes

* fix a job ref

* change names, remove script

* remove ui conditions

* separate flags

* feedback
2023-07-21 10:15:14 -07:00
hc-github-team-secure-vault-core ca31f71966
backport of commit 8615b31598e094b1bf083242e76fff74a31daf9a (#22014)
Co-authored-by: Ryan Cragun <me@ryan.ec>
2023-07-21 10:53:07 -06:00
hc-github-team-secure-vault-core cade65423c
backport of commit 02f43ecbc26ec79790f30826f49f97cecda987eb (#21587) (#21996)
* VAULT-17590 Add failure notifications for OSS builds

* VAULT-17590 Incur build failure for testing purposes

* VAULT-17590 head_ref for testing

* VAULT-17590 rework to rely on completed status checks

* VAULT-17590 Use slackapi/slack-github-action

* VAULT-17590 Remember dollar sign

* VAULT-17590 finalize PR

* VAULT-17590 add extra empty line

* Update .github/workflows/build.yml



* Update .github/workflows/ci.yml



* VAULT-17590 fix typo

* VAULT-17590 ent workflow

* VAULT-17590 typo

---------

Co-authored-by: Violet Hynes <violet.hynes@hashicorp.com>
Co-authored-by: Kuba Wieczorek <kuba.wieczorek@hashicorp.com>
2023-07-21 08:50:26 -04:00
hc-github-team-secure-vault-core 83b95d3efe
backport of commit 1a46088afb0d5e442273350c6793d1216b6be4d1 (#21985)
Co-authored-by: Ryan Cragun <me@ryan.ec>
2023-07-20 22:39:29 +00:00
hc-github-team-secure-vault-core 04eed0b14c
backport of commit 6b21994d76b18c91397247dfd69bb01e46c5de25 (#21981)
Co-authored-by: Ryan Cragun <me@ryan.ec>
2023-07-20 20:51:07 +00:00
hc-github-team-secure-vault-core 45af65da81
Backport of Limit number of tests in CI comment into release/1.14.x (#21971)
* backport of commit dc104898f700447f7764919445c7559baeb7e987 (#21853)

* fix multiline

* shellcheck, and success message for builds

* add full path

* cat the summary

* fix and faster

* fix if condition

* base64 in a separate step

* echo

* check against empty string

* add echo

* only use matrix ids

* only id

* echo matrix

* remove wrapping array

* tojson

* try echo again

* use jq to get packages

* don't quote

* only run binary tests once

* only run binary tests once

* test what's wrong with the binary

* separate file

* use matrix file

* failed test

* update comment on success

* correct variable name

* bae64 fix

* output to file

* use multiline

* fix

* fix formatting

* fix newline

* fix whitespace

* correct body, remove comma

* small fixes

* shellcheck

* another shellcheck fix

* fix deprecation checker

* only run comments for prs

* Update .github/workflows/test-go.yml

Co-authored-by: Mike Palmiotto <mike.palmiotto@hashicorp.com>

* Update .github/workflows/test-go.yml

Co-authored-by: Mike Palmiotto <mike.palmiotto@hashicorp.com>

* fixes

---------

Co-authored-by: Mike Palmiotto <mike.palmiotto@hashicorp.com>

* backport of commit 3b00dde1ba4d479fbd67b1d0767e421e495d8cce (#21936)

* limit test comments

* remove unecessary tee

* fix go test condition

* fix

* fail test

* remove ailways entirely

* fix columns

* make a bunch of tests fail

* separate line

* include Failures:

* remove test fails

* fix whitespace

* backport of commit 245430215c00d80a38283020fca114bade022e0f (#21973)

* only add binary tests if they exist

* shellcheck

---------

Co-authored-by: miagilepner <mia.epner@hashicorp.com>
Co-authored-by: Mike Palmiotto <mike.palmiotto@hashicorp.com>
2023-07-20 15:07:20 +02:00
hc-github-team-secure-vault-core 17a6700f6c
backport of commit 4b15fb96b88d633db1ef294d7cc86483df060b2b (#21920)
Co-authored-by: akshya96 <87045294+akshya96@users.noreply.github.com>
2023-07-18 11:15:56 -07:00
hc-github-team-secure-vault-core 32433e9dd7
Go test failure summaries fixes and improvements (#21888) (#21892)
Co-authored-by: Kuba Wieczorek <kuba.wieczorek@hashicorp.com>
2023-07-17 16:13:15 +00:00
hc-github-team-secure-vault-core c08b05506f
backport of commit f3e9d159d325b9e2a3c80b7acf6705303ae04468 (#21891)
Co-authored-by: Hamid Ghaf <83242695+hghaf099@users.noreply.github.com>
2023-07-17 08:08:20 -07:00
hc-github-team-secure-vault-core ca1d99d3a7
backport of commit 384cdd791c5a473374fe1a0f7cb9b9d3f972bcf7 (#21845)
Co-authored-by: akshya96 <87045294+akshya96@users.noreply.github.com>
2023-07-13 18:22:15 -07:00
hc-github-team-secure-vault-core da49fe9db5
backport of commit 20675ccef0944571f17fd06969147fa476fc68ba (#21834)
Co-authored-by: akshya96 <87045294+akshya96@users.noreply.github.com>
2023-07-13 20:08:22 +00:00
hc-github-team-secure-vault-core a7232590e9
VAULT-12958 Add link to logs to the test failure summary in CI (#21736) (#21825)
Co-authored-by: Kuba Wieczorek <kuba.wieczorek@hashicorp.com>
2023-07-13 18:36:30 +00:00
hc-github-team-secure-vault-core e9ee08ec7d
backport of commit 2a05a48016150b4040067ae7b6dc8ab8ba8aa93a (#21816)
Co-authored-by: Rebecca Willett <47540675+rebwill@users.noreply.github.com>
2023-07-13 12:09:34 -04:00
hc-github-team-secure-vault-core ecec77f6f2
backport of commit 702c52148988fc6907b8ee6457accd1536a2c25f (#21781)
Co-authored-by: Mike Palmiotto <mike.palmiotto@hashicorp.com>
2023-07-13 11:23:53 -04:00
hc-github-team-secure-vault-core d2bbc42fcb
backport of commit bfa93fdeda1a998dc9c2a91c5c14424456b6d1d7 (#21782) (#21786)
* use shas instead of versions and fix milestones

* remove trailing space

Co-authored-by: miagilepner <mia.epner@hashicorp.com>
2023-07-13 15:19:21 +02:00
hc-github-team-secure-vault-core 1ebd61689d
backport of commit a98c0d9cbe9d7cc59fc17a0416e61469cd9d56ac (#21797)
Co-authored-by: Ryan Cragun <me@ryan.ec>
2023-07-12 20:40:35 +00:00
hc-github-team-secure-vault-core 59cbdcda39
[QT-589] Use the go module cache between CI and build (#21764) (#21790)
In order to reliably store Go test times in the Github Actions cache we
need to reduce our cache thrashing by not using more than 10gb over all
of our caches. This change reduces our cache usage significantly by
sharing Go module cache between our Go CI workflows and our build
workflows. We lose our per-builder cache which will result in a bit of
performance hit, but we'll enable better automatic rebalancing of our CI
workflows. Overall we should see a per branch reduction in cache sizes
from ~17gb to ~850mb.

Some preliminary investigation into this new strategy:

Prior build workflow strategy on a cache miss:
  Download modules: ~20s
  Build Vault: ~40s
  Upload cache: ~30s
  Total: ~1m30s

Prior build workflow strategy on a cache hit:
  Download and decompress modules and build cache: ~12s
  Build Vault: ~15s
  Total: ~28s

New build workflow strategy on a cache miss:
  Download modules: ~20
  Build Vault: ~40s
  Upload cache: ~6s
  Total: ~1m6s

New build workflow strategy on a cache hit:
  Download and decompress modules: ~3s
  Build Vault: ~40s
  Total: ~43s

Expected time if we used no Go caching:
  Download modules: ~20
  Build Vault: ~40s
  Total: ~1m

Signed-off-by: Ryan Cragun <me@ryan.ec>
Co-authored-by: Ryan Cragun <me@ryan.ec>
2023-07-12 19:26:00 +00:00
hc-github-team-secure-vault-core e1eb178f1e
backport of commit a29ba45a3a59626bf97e08a48ccac2a5dbd60f96 (#21754)
Co-authored-by: miagilepner <mia.epner@hashicorp.com>
2023-07-11 15:25:44 +00:00
hc-github-team-secure-vault-core 34964e05a9
backport of commit a053c616ba01291fcd3186d77ea63e3b5e4218c4 (#21692)
Co-authored-by: Rebecca Willett <47540675+rebwill@users.noreply.github.com>
2023-07-11 15:08:58 +00:00
hc-github-team-secure-vault-core be5249a6dd
backport of commit ece2995ee1df24341ec1dd0fdcc2fdedc6737806 (#21731)
Co-authored-by: Kuba Wieczorek <kuba.wieczorek@hashicorp.com>
2023-07-10 18:09:52 +00:00
hc-github-team-secure-vault-core d1210427d1
backport of commit 8c18f24b9da475c13f7908e609c5d4be24c773e6 (#21611) (#21615)
* combine into one checker

* combine and simplify ci checks

* add to test package list

* remove testing test

* only run deprecations check

* only run deprecations check

* remove unneeded repo check

* fix bash options

Co-authored-by: miagilepner <mia.epner@hashicorp.com>
2023-07-10 17:05:20 +02:00
hc-github-team-secure-vault-core f881304cc5
backport of commit 5919645a70a12e2675331e0a7ad43238c823738e (#21707)
Co-authored-by: miagilepner <mia.epner@hashicorp.com>
2023-07-10 10:58:05 +00:00
hc-github-team-secure-vault-core 03e6898cfc
backport of commit d18242dae4192b11784e539ef862bcfaf654ec69 (#21698)
Co-authored-by: Violet Hynes <violet.hynes@hashicorp.com>
2023-07-07 20:35:32 +00:00
hc-github-team-secure-vault-core cfa1e9d363
backport of commit 87d37fecb775a5ae82d264f0fc08b613dd733c7c (#21688)
Co-authored-by: Violet Hynes <violet.hynes@hashicorp.com>
2023-07-07 19:56:05 +00:00
hc-github-team-secure-vault-core 9d1592cc93
backport of commit 34d1d200ee5e5547779ee8424c52bb7cf4dcb772 (#21676)
Co-authored-by: Violet Hynes <violet.hynes@hashicorp.com>
2023-07-07 15:35:57 -04:00
hc-github-team-secure-vault-core 93d2fc099f
VAULT-17592 Extract failed Go test results across runners (#21625) (#21672)
Co-authored-by: Kuba Wieczorek <kuba.wieczorek@hashicorp.com>
2023-07-07 18:52:01 +01:00
hc-github-team-secure-vault-core f3f97c9658
backport of commit 95b44add74807bed971638928599b18d302a2ae2 (#21667)
Co-authored-by: Kuba Wieczorek <kuba.wieczorek@hashicorp.com>
2023-07-07 16:43:07 +00:00
Ryan Cragun d1e9b99233
[QT-576] Optimize build workflow (#21486) (#21601)
Improve our build workflow execution time by using custom runners,
improved caching and conditional Web UI builds.

Runners
-------
We improve our build times[0] by using larger custom runners[1] when
building the UI and Vault.

Caching
-------
We improve Vault caching by keeping a cache for each build job. This
strategy has the following properties which should result in faster
build times when `go.sum` hasn't been changed from prior builds, or
when a pull request is retried or updated after a prior successful
build:

* Builds will restore cached Go modules and Go build cache according to
  the Go version, platform, architecture, go tags, and hash of `go.sum`
  that relates to each individual build workflow. This reduces the
  amount of time it will take to download the cache on hits and upload
  the cache on misses.
* Parallel build workflows won't clobber each others build cache. This
  results in much faster compile times after cache hits because the Go
  compiler can reuse the platform, architecture, and tag specific build
  cache that it created on prior runs.
* Older modules and build cache will not be uploaded when creating a new
  cache. This should result in lean cache sizes on an ongoing basis.
* On cache misses we will have to upload our compressed module and build
  cache. This will slightly extend the build time for pull requests that
  modify `go.sum`.

Web UI
------
We no longer build the web UI in every build workflow. Instead we separate
the UI building into its own workflow and cache the resulting assets.
The same UI assets are restored from cache during build worklows. This
strategy has the following properties:

* If the `ui` directory has not changed from prior builds we'll restore
  `http/web_ui` from cache and skip building the UI for no reason.
* We continue to use the built-in `yarn` caching functionality in
  `action/setup-node`. The default mode saves the `yarn` global cache.
  to improve UI build times if the cache has not been modified.

Changes
-------
* Add per platform/archicture Go module and build caching
* Move UI building into a separate job and cache the result
* Restore UI cache during build
* Pin workflows

Notes
-----
[0] https://hashicorp.atlassian.net/browse/QT-578
[1] https://github.com/hashicorp/vault/actions/runs/5415830307/jobs/9844829929

Signed-off-by: Ryan Cragun <me@ryan.ec>
2023-07-05 15:19:49 -06:00
hc-github-team-secure-vault-core a2b98398e1
backport of commit eecae3a827f523a25359068ad6714af8f28c6ced (#21550) (#21556)
Co-authored-by: miagilepner <mia.epner@hashicorp.com>
2023-07-04 17:07:05 +02:00
hc-github-team-secure-vault-core 96f1478944
backport of commit f1c6ab41fc6d90811d1a268465f4d9eb712a58b5 (#21535)
Co-authored-by: Rebecca Willett <47540675+rebwill@users.noreply.github.com>
2023-06-30 15:51:51 -04:00
hc-github-team-secure-vault-core 1c44b797b2
backport of commit 30aac443d0037852b0a5e4b50d59a9bedc5e4445 (#21324)
Co-authored-by: miagilepner <mia.epner@hashicorp.com>
2023-06-16 13:10:36 -04:00
hc-github-team-secure-vault-core 92e2ae8897
backport of commit a1fdf105b3cc2e88483f3fca27729fa06bfbfa7f (#21312)
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2023-06-16 14:41:28 +00:00
hc-github-team-secure-vault-core 66fc3d6154
backport of commit d3ae2085ae6242d752cbafb0d0aa9a48b8f4a16b (#21288)
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2023-06-15 15:56:29 -04:00
hc-github-team-secure-vault-core 6da06be1cf
backport of commit 567917efacd62639103133a7a07efd3076be713b (#21205)
Co-authored-by: Kuba Wieczorek <kuba.wieczorek@hashicorp.com>
2023-06-13 21:07:38 +00:00
hc-github-team-secure-vault-core afef4629c8
backport of commit 21eccf8b8df7868c7d454f8ba42d5bec5235a69e (#20866)
Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>
2023-05-31 23:06:59 +00:00
Alexander Scheel 30488bc374
sdk/helper/nonce -> go-secure-stdlib/nonceutil (#20737)
Depends on https://github.com/hashicorp/go-secure-stdlib/pull/73

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-05-25 20:57:08 +00:00
Marc Boudreau 6ef35feeb9
update security-scanner version to latest to pickup changes that eliminate use of deprecated GitHub Actions commands (#20690) 2023-05-25 12:09:43 -04:00
Angel Garbarino 4a402ca128
Address Test-ui suite failure for package install issues (#20756)
* fix

* apparently its going to take me two commits.. for one line.

* test removing the installation of the packages.

* remove browser dependencies
2023-05-24 15:24:47 -06:00
Alexander Scheel 83d32240c7
Add nonce service to sdk/helpers, use in PKI (#20688)
* Build a better nonce service

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add internal nonce service for testing

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add benchmarks for nonce service

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add statistics around how long tidy took

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Replace ACME nonces with shared nonce service

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add an initialize method to nonce services

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Use the new initialize helper on nonce service in PKI

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add additional tests for nonces

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Format sdk/helper/nonce

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Use default 90s nonce expiry in PKI

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Remove parallel test case as covered by benchmark

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add additional commentary to encrypted nonce implementation

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add nonce to test_packages

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-05-23 19:44:05 +00:00
Ryan Cragun 1e752e0cba
ci: request vpc quota increase (#20360)
* Fix regions on two service quotas
* Request an increase in VPCs per region
* Pin github actions workflows

Signed-off-by: Ryan Cragun <me@ryan.ec>
2023-05-22 11:18:06 -06:00
Violet Hynes 92dc054bb3
VAULT-15547 Agent/proxy decoupling, take two (#20634)
* VAULT-15547 Additional tests, refactoring, for proxy split

* VAULT-15547 Additional tests, refactoring, for proxy split

* VAULT-15547 Import reorganization

* VAULT-15547 Some missed updates for PersistConfig

* VAULT-15547 address comments

* VAULT-15547 address comments
2023-05-19 13:17:48 -04:00
Violet Hynes b2468d3481
VAULT-15547 First pass at agent/proxy decoupling (#20548)
* VAULT-15547 First pass at agent/proxy decoupling

* VAULT-15547 Fix some imports

* VAULT-15547 cases instead of string.Title

* VAULT-15547 changelog

* VAULT-15547 Fix some imports

* VAULT-15547 some more dependency updates

* VAULT-15547 More dependency paths

* VAULT-15547 godocs for tests

* VAULT-15547 godocs for tests

* VAULT-15547 test package updates

* VAULT-15547 test packages

* VAULT-15547 add proxy to test packages

* VAULT-15547 gitignore

* VAULT-15547 address comments

* VAULT-15547 Some typos and small fixes
2023-05-17 09:38:34 -04:00
Jaymala b5606770f6
Update verify-changes to support external docs branches (#20535)
* Update verify-changes to support external docs branches

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

* Revert QT-545 as it Enos workflow is not a workflow_run event

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

---------

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>
2023-05-08 15:03:23 -04:00
Nick Cabatoff 3eb5fb3eb7
Use newer version of backport-assistant (#20484) 2023-05-03 12:40:01 -04:00
Nick Cabatoff 120830681e
Don't run build workflow on draft PRs. (#20443) 2023-05-01 13:52:41 -04:00
Nick Cabatoff 9eee5f3438
CI tests should run on release branches as well as main (#20444) 2023-05-01 15:42:03 +00:00
Ryan Cragun 190783a87f
release testing: always save the metadata (#20402)
Signed-off-by: Ryan Cragun <me@ryan.ec>
2023-04-28 15:15:03 -06:00
Nick Cabatoff a816ef6c15
Use a dedicated runner for the binary-based tests. (#20377) 2023-04-27 09:41:49 -04:00
Jaymala 5164069708
Fail completed successfully check for failing Enos tests (#20335)
* Force required completed-successfully check to fail when builds or tests fail

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

* Update to fail cancelled workflows

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

---------

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>
2023-04-26 15:16:31 -04:00