Commit Graph

122 Commits

Author SHA1 Message Date
akshya96 c3b1c3188c
Github Action to check deprecations in PR (#19666)
* deprecation check

* adding script

* add execute permission to script

* revert changes

* adding the script back

* added working script for local and GHA

* give execute permissions

* updating revgrep

* adding changes to script, tools

* run go mod tidy

* removing default ref

* make bootstrap

* adding to makefile
2023-03-27 22:50:58 -07:00
Marc Boudreau 27103f9908
Remove CircleCI Configuration (#19751)
* modify pre-commit hook to not look for circleci

* remove circleci configuration
2023-03-24 14:24:06 -04:00
Marc Boudreau c1a548d225
Marcboudreau/vault 13760/add test UI to completed (#19747)
* remove check of circleci configuration from pre-commit hook

* add dependency on test-ui for tests-completed job
2023-03-24 13:20:49 -04:00
Kuba Wieczorek 49fca89b1d
Add the FIPS testing job to GitHub Actions CI workflow (#19742) 2023-03-24 17:17:21 +00:00
Marc Boudreau 4749ef9e16
Create Job to Track All Required Test Jobs (#19743)
* add tests-completed job to track all matrix jobs completed successfully

* add dependency on setup job for tests-completed job
2023-03-24 10:39:17 -04:00
Ryan Cragun 62ed710318
ci: unpin terraform in CICD (#19665)
A prior planning bug was resolved in Terraform 1.4.2
2023-03-23 11:59:11 -06:00
Marc Boudreau 4ad111b3dd
Migrating CircleCI Jobs to GHA Workflow (#19662)
* address lint reports

* add diff-oss-ci and test-ui jobs to ci GHA workflow

* Add actions linter workflow

* Fix actions linter errors

* pin 3rd party components with SHA hash and limit actionlint workflow to pull requests touching paths under .github directory

* Fix actionlint runner

* pin SHA hash of 3rd party components
use .go-version file to provide go version to setup-go action
remove unncessary ref parameter in checkout action

---------

Co-authored-by: Brian Shore <bshore@hashicorp.com>
2023-03-22 15:02:06 -04:00
Raymond Ho 96e966e9ef
VAULT-13614 Support SCRAM-SHA-256 encrypted passwords for PostgreSQL (#19616) 2023-03-21 12:12:53 -07:00
Kuba Wieczorek 641f42f767
Add a GHA job running Go tests with race detection enabled to the CI … (#19561)
* Add a GHA job running Go tests with race detection enabled to the CI workflow

* Incorporate logic from test-go-race into the test-go testing matrix

* Make test-go testing matrix job names more meaningful

* Fix some a bug in script's logic

* Experiment: bump wait time in the failing TestLoginMFASinglePhase test to see if that makes a difference

* Lower the wait time in TestLoginMFASinglePhase

* Change the wait time in TestLoginMFASinglePhase to 15

* Add more detail to test-go testing matrix job names

* Test whether we already have access to larger runners

* Run Go tests with enabled data race detection from a separate job than the standard suite of tests

* Tweak runner sizes for OSS

* Try rebalancing test buckets

* Change instance type for larger ENT runners

* Undo rebalancing of test buckets as it changed nothing

* Change instance type for larger OSS runners

* Change the way we generate names for matrix jobs

* Consolidate the Go build tags variables, update them to use comma as a separator and fix the if statement in test-go

* Fix a typo
2023-03-21 14:13:40 -04:00
Marc Boudreau 00219b3917
comment out HCP_SCADA_ADDRESS environment variable (#19583) 2023-03-16 13:04:23 -04:00
Ryan Cragun cebde2f880
ci: pin terraform until planning bug is resolved (#19560)
Signed-off-by: Ryan Cragun <me@ryan.ec>
2023-03-15 17:54:18 +00:00
Hamid Ghaf 27bb03bbc0
adding copyright header (#19555)
* adding copyright header

* fix fmt and a test
2023-03-15 09:00:52 -07:00
Marc Boudreau f286ee5b3c
Fix failing TestHCPLinkConnected Test (#19474)
* replace use of os.Unsetenv in test with t.Setenv and remove t.Parallel from test that rely on env being modified.

* experiment with using fromJSON function

* revert previous experiment

* including double quotes in the output value for the string ubuntu-latest

* use go run to launch gofumpt
2023-03-09 13:46:54 -05:00
Ashlee M Boyer b5eab9d3a0
Delete test-link-rewrites.yml (#19467) 2023-03-07 15:16:14 -08:00
Marc Boudreau 84238dee52
Introduce GitHub Actions CI Workflow (#19449)
* Migrate subset of CircleCI ci workflow to GitHub Actions

Runs test-go and test-go-remote-docker with a static splitting of test packages

* [skip actions] add comment to explain the purpose of test-generate-test-package-lists.sh and what to do if it fails

* change trigger to push

---------

Co-authored-by: Kuba Wieczorek <kuba.wieczorek@hashicorp.com>
2023-03-06 16:57:55 -05:00
Michael Anthony 074312dde2
Move env var declaration to called workflow (#19085) 2023-02-09 09:17:33 -07:00
miagilepner c49d180bc8
VAULT-13169 Require go docs for all new test functions (#18971)
* example for checking go doc tests

* add analyzer test and action

* get metadata step

* install revgrep

* fix for ci

* add revgrep to go.mod

* clarify how analysistest works
2023-02-07 10:41:04 +01:00
Mike Baum 225fbb78d2
[QT-304] Ensure Chrome is only installed for vault-enterprise UI Test workflows (#19003) 2023-02-06 16:29:33 -05:00
Mike Baum 3131c48501
[QT-304] Add enos ui scenario (#18518)
* Add enos ui scenario
* Add github action for running the UI scenario
2023-02-03 09:55:06 -05:00
Ryan Cragun 119e2274fc
[QT-470] Normalize and simplify container build workflows (#18900)
* [QT-470] Normalize and simplify container build workflows

Signed-off-by: Ryan Cragun <me@ryan.ec>
2023-01-30 15:01:51 -07:00
Ashlee M Boyer f3df55ad58
docs: Migrate link formats (#18696)
* Adding check-legacy-links-format workflow

* Adding test-link-rewrites workflow

* Updating docs-content-check-legacy-links-format hash

* Migrating links to new format

Co-authored-by: Kendall Strautman <kendallstrautman@gmail.com>
2023-01-25 16:12:15 -08:00
Michael Anthony 3762cfaf0a
Add workflow for running Docker-only acc tests (#18672)
* Add workflow for running Docker-only acc tests

* Convert to caller/called workflow

* Add comments for posterity and change run trigger

* Standardize workflow names and adjust artifact retention time

* Consolidate metadata job into test job

* Shorten artifact retention time

* Standardize filenames

* Correct workflow reference

* Remove erroneous dependency reference
2023-01-20 12:57:56 -07:00
Jaymala 9501b56ffa
Rename reusable enos-run workflow file (#18757)
* Rename reusable enos-run workflow file

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

* Update Enos README file

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>
2023-01-18 16:37:38 -07:00
Mike Baum da2849217c
[QT-441] Switch over to using new vault_ci AWS account for enos CI workflows (#18398) 2023-01-18 16:09:19 -05:00
Josh Brand c2ae1f1654
Add automated CI account cleanup & monitoring (#18659)
This uses aws-nuke and awslimitchecker to monitor the new vault CI account to clean up and prevent resource quota exhaustion.  AWS-nuke will scan all regions of the accounts for lingering resources enos/terraform didn't clean up, and if they don't match exclusion criteria, delete them every night.  By default, we exclude corp-sec created resources, our own CI resources, and when possible, anything created within the past 72 hours. Because this account is dedicated to CI, users should not expect resources to persist beyond this without additional configuration.
2023-01-11 17:24:08 -05:00
Jaymala 929391b09b
Save release testing metadata only when tests are run (#18540)
Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>
2022-12-23 14:06:42 -05:00
Jaymala e740844789
Persist metadata post release tests (#18531)
Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>
2022-12-22 22:20:05 +00:00
Luis (LT) Carbonell c1a4a1150f
Add GitHub action to check for a milestone (#18406)
* Add GitHub action to check for a milestone

* Update comment

* Cleanup

* Add config

* move config to own directory
2022-12-19 12:38:41 -06:00
Jaymala 360eaeb865
Fix the checkout sha for enos-run workflow (#18445)
- enos-run workflow will checkout the `main` branch by default, which would pass incorrect metadata to the workflow
so we use the `revision` passed by the calling workflow to checkout the sha and get the relavant metadata`

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>
2022-12-16 15:19:10 -05:00
Ryan Cragun ebbbcf7e5e
test: normalize job and steps between build and release test workflows (#18425)
Signed-off-by: Ryan Cragun <me@ryan.ec>
2022-12-15 16:10:49 -07:00
Ryan Cragun 3051100e0a
test: pass build artifact name to release testing workflow (#18411)
Signed-off-by: Ryan Cragun <me@ryan.ec>
2022-12-15 11:47:14 -07:00
Sarah Thompson 8940880efd
Revert "Create test-reusable.yml" (#18371)
This reverts commit 131bf240293b0de1c22394b555b3e9878720738f.
2022-12-15 16:01:15 +00:00
Sarah Thompson 55b21f2012
Create test-reusable.yml 2022-12-14 15:27:56 +00:00
Ryan Cragun 0a884689a0
test: add build artifacts to release testing workflow (#18336)
Add build artifacts to release testing workflow

Signed-off-by: Ryan Cragun <me@ryan.ec>
2022-12-13 12:00:58 -07:00
Mike Baum 5b07829941
Fix role name in CI bootstrap workflow (#18330)
Fixed role name in ci bootstrap workflow
2022-12-13 09:20:49 -05:00
Ryan Cragun 0899c4153a
test: fix release testing workflows (#18322)
* Use the correct runner
* Fix indentation

Signed-off-by: Ryan Cragun <me@ryan.ec>
2022-12-12 16:07:16 -07:00
Ryan Cragun bd5d738ad7
[QT-436] Pseudo random artifact test scenarios (#18056)
Introducing a new approach to testing Vault artifacts before merge
and after merge/notorization/signing. Rather than run a few static
scenarios across the artifacts, we now have the ability to run a
pseudo random sample of scenarios across many different build artifacts.

We've added 20 possible scenarios for the AMD64 and ARM64 binary
bundles, which we've broken into five test groups. On any given push to
a pull request branch, we will now choose a random test group and
execute its corresponding scenarios against the resulting build
artifacts. This gives us greater test coverage but lets us split the
verification across many different pull requests.

The post-merge release testing pipeline behaves in a similar fashion,
however, the artifacts that we use for testing have been notarized and
signed prior to testing. We've also reduce the number of groups so that
we run more scenarios after merge to a release branch.

We intend to take what we've learned building this in Github Actions and
roll it into an easier to use feature that is native to Enos. Until then,
we'll have to manually add scenarios to each matrix file and manually
number the test group. It's important to note that Github requires every
matrix to include at least one vector, so every artifact that is being
tested must include a single scenario in order for all workflows to pass
and thus satisfy branch merge requirements.

* Add support for different artifact types to enos-run
* Add support for different runner type to enos-run
* Add arm64 scenarios to build matrix
* Expand build matrices to include different variants
* Update Consul versions in Enos scenarios and matrices
* Refactor enos-run environment
* Add minimum version filtering support to enos-run. This allows us to
  automatically exclude scenarios that require a more recent version of
  Vault
* Add maximum version filtering support to enos-run. This allows us to
  automatically exclude scenarios that require an older version of
  Vault
* Fix Node 12 deprecation warnings
* Rename enos-verify-stable to enos-release-testing-oss
* Convert artifactory matrix into enos-release-testing-oss matrices
* Add all Vault editions to Enos scenario matrices
* Fix verify version with complex Vault edition metadata
* Rename the crt-builder to ci-helper
* Add more version helpers to ci-helper and Makefile
* Update CODEOWNERS for quality team
* Add support for filtering matrices by group and version constraints
* Add support for pseudo random test scenario execution

Signed-off-by: Ryan Cragun <me@ryan.ec>
2022-12-12 13:46:04 -07:00
mcollao-hc 4245c6e51f
Update security-scan.yml 2022-12-06 10:13:57 -06:00
mcollao-hc 009af4458d
Update security-scan.yml 2022-12-06 09:34:06 -06:00
mcollao-hc cbc2ef31f8
Update security-scan.yml 2022-12-05 17:13:52 -06:00
mcollao-hc 571a61af01
Update security-scan.yml 2022-12-05 16:23:37 -06:00
mcollao-hc c660bbc03d
Update security-scan.yml 2022-12-05 16:00:36 -06:00
mcollao-hc a672ebb751
Delete codeql-analysis.yml 2022-12-05 14:28:07 -06:00
Mike Baum cdb6303c4d
[QT-318] Add workflow dispatch trigger for bootstrap workflow, update ssh key name (#18174)
* Added a workflow dispatch trigger for bootstrap workflow, updated ssh key name
* Ensure the bootstrap workflow is only run for PRs that change the bootstrapping code
2022-12-02 14:29:20 -05:00
mcollao-hc 495c503b11
Update security-scan.yml (#18180) 2022-12-01 13:05:21 -06:00
Mike Baum b03da5157e
[QT-318] Add Vault CI bootstrap scenarios (#17907) 2022-11-30 12:44:02 -05:00
mcollao-hc 4129f8a5d0
update semgrep exludes (#18090) 2022-11-22 16:19:35 -05:00
Ryan Cragun 275479cdd9
[QT-353] Use a different approach to branch restrictions (#17998)
Create a new workflow job that is only triggered when all build and
integration workflows have completed. This will allow us to require
branch restrictions on a single workflow.

Of note, we tried to allow docs branches to bypass testing using the
method suggested by Github[0], however, the `branches-ignore`
functionality did not work for the `pull_request` event type. Therefore,
bypassing build and integration workflows for docs branches is no longer
supported.

[0] https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/defining-the-mergeability-of-pull-requests/troubleshooting-required-status-checks#handling-skipped-but-required-checks

Signed-off-by: Ryan Cragun <me@ryan.ec>
2022-11-18 14:43:55 -07:00
mcollao-hc 35adc70f92
pin security-scanner workflow (#18048)
* pin security-scanner workflow

* updated to post-squash commit
2022-11-18 14:04:23 -06:00
mcollao-hc 5ec0d57313
PSP-256 - Add security-scanner tool (#17988)
Add security-scanner tool and github workflow
2022-11-17 17:12:03 -06:00