Commit graph

34 commits

Author SHA1 Message Date
Ryan Cragun bd5d738ad7
[QT-436] Pseudo random artifact test scenarios (#18056)
Introducing a new approach to testing Vault artifacts before merge
and after merge/notorization/signing. Rather than run a few static
scenarios across the artifacts, we now have the ability to run a
pseudo random sample of scenarios across many different build artifacts.

We've added 20 possible scenarios for the AMD64 and ARM64 binary
bundles, which we've broken into five test groups. On any given push to
a pull request branch, we will now choose a random test group and
execute its corresponding scenarios against the resulting build
artifacts. This gives us greater test coverage but lets us split the
verification across many different pull requests.

The post-merge release testing pipeline behaves in a similar fashion,
however, the artifacts that we use for testing have been notarized and
signed prior to testing. We've also reduce the number of groups so that
we run more scenarios after merge to a release branch.

We intend to take what we've learned building this in Github Actions and
roll it into an easier to use feature that is native to Enos. Until then,
we'll have to manually add scenarios to each matrix file and manually
number the test group. It's important to note that Github requires every
matrix to include at least one vector, so every artifact that is being
tested must include a single scenario in order for all workflows to pass
and thus satisfy branch merge requirements.

* Add support for different artifact types to enos-run
* Add support for different runner type to enos-run
* Add arm64 scenarios to build matrix
* Expand build matrices to include different variants
* Update Consul versions in Enos scenarios and matrices
* Refactor enos-run environment
* Add minimum version filtering support to enos-run. This allows us to
  automatically exclude scenarios that require a more recent version of
  Vault
* Add maximum version filtering support to enos-run. This allows us to
  automatically exclude scenarios that require an older version of
  Vault
* Fix Node 12 deprecation warnings
* Rename enos-verify-stable to enos-release-testing-oss
* Convert artifactory matrix into enos-release-testing-oss matrices
* Add all Vault editions to Enos scenario matrices
* Fix verify version with complex Vault edition metadata
* Rename the crt-builder to ci-helper
* Add more version helpers to ci-helper and Makefile
* Update CODEOWNERS for quality team
* Add support for filtering matrices by group and version constraints
* Add support for pseudo random test scenario execution

Signed-off-by: Ryan Cragun <me@ryan.ec>
2022-12-12 13:46:04 -07:00
Nick Cabatoff 342b61984a
Move version out of SDK. (#14229)
Move version out of SDK.  For now it's a copy rather than move: the part not addressed by this change is sdk/helper/useragent.String, which we'll want to remove in favour of PluginString.  That will have to wait until we've removed uses of useragent.String from all builtins.
2022-12-07 13:29:51 -05:00
Ryan Cragun 4c4798417f
[QT-358] Unify CRT and local builder workflows (#17766)
Here we make the following major changes:

* Centralize CRT builder logic into a script utility so that we can share the
  logic for building artifacts in CI or locally.
* Simplify the build workflow by calling a reusable workflow many times
  instead of repeating the contents.
* Create a workflow that validates whether or not the build workflow and all
  child workflows have succeeded to allow for merge protection.

Motivation

* We need branch requirements for the build workflow and all subsequent
  integration tests (QT-353)
* We need to ensure that the Enos local builder works (QT-558)
* Debugging build failures can be difficult because one has to hand craft the
  steps to recreate the build
* Merge conflicts between Vault OSS and Vault ENT build workflows are quite
  painful. As the build workflow must be the same file and name we'll reduce
  what is contained in each that is unique. Implementations of building
  will be unique per edition so we don't have to worry about conflict
  resolution.
* Since we're going to be touching the build workflow to do the first two
  items we might as well try and improve those other issues at the same time
  to reduce the overhead of backports and conflicts.

Considerations

* Build logic for Vault OSS and Vault ENT differs
* The Enos local builder was duplicating a lot of what we did in the CRT build
  workflow
* Version and other artifact metadata has been an issue before. Debugging it
  has been tedious and error prone.
* The build workflow is full of brittle copy and paste that is hard to
  understand, especially for all of the release editions in Vault Enterprise
* Branch check requirements for workflows are incredibly painful to use for
  workflows that are dynamic or change often. The required workflows have to be
  configured in Github settings by administrators. They would also prevent us
  from having simple docs PRs since required integration workflows always have
  to run to satisfy branch requirements.
* Doormat credentials requirements that are coming will require us to modify
  which event types trigger workflows. This changes those ahead of time since
  we're doing so much to build workflow. The only noticeable impact will be
  that the build workflow no longer runs on pushes to non-main or release
  branches. In order to test other branches it requires a workflow_dispatch
  from the Actions tab or a pull request.

Solutions

* Centralize the logic that determines build metadata and creates releasable
  Vault artifacts. Instead of cargo-culting logic multiple times in the build
  workflow and the Enos local modules, we now have a crt-builder script which
  determines build metadata and also handles building the UI, Vault, and the
  package bundle. There are make targets for all of the available sub-commands.
  Now what we use in the pipeline is the same thing as the local builder, and
  it can be executed locally by developers. The crt-builder script works in OSS
  and Enterprise so we will never have to deal with them being divergent or with
  special casing things in the build workflow.
* Refactor the bulk of the Vault building into a reusable workflow that we can
  call multiple times. This allows us to define Vault builds in a much simpler
  manner and makes resolving merge conflicts much easier.
* Rather than trying to maintain a list and manually configure the branch check
  requirements for build, we'll trigger a single workflow that uses the github
  event system to determine if the build workflow (all of the sub-workflows
  included) have passed. We'll then create branch restrictions on that single
  workflow down the line.

Signed-off-by: Ryan Cragun me@ryan.ec
2022-11-11 13:14:43 -07:00
Christopher Swenson 81b702b918
Remove gox in favor of go build. (#16353)
Remove gox in favor of go build.

`gox` hasn't had a release to update it in many years, so is missing
support for many modern systems, like `darwin/arm64`.

In any case, we only use it for dev builds, where we don't even use
the ability of it to build for multiple platforms. Release builds use
`go build` now.

So, this switches to `go build` everywhere.

I pulled this down and tested it in Windows as well. (Side note: I
couldn't get `gox` to work in Windows, so couldn't build before this
change.)
2022-07-20 10:44:41 -07:00
Chris Capurso e69f89c279
Add build date (#14957)
* add BuildDate to version base

* populate BuildDate with ldflags

* include BuildDate in FullVersionNumber

* add BuildDate to seal-status and associated status cmd

* extend core/versions entries to include BuildDate

* include BuildDate in version-history API and CLI

* fix version history tests

* fix sys status tests

* fix TestStatusFormat

* remove extraneous LD_FLAGS from build.sh

* add BuildDate to build.bat

* fix TestSysUnseal_Reset

* attempt to add build-date to release builds

* add branch to github build workflow

* add get-build-date to build-* job needs

* fix release build command vars

* add missing quote in release build command

* Revert "add branch to github build workflow"

This reverts commit b835699ecb7c2c632757fa5fe64b3d5f60d2a886.

* add changelog entry
2022-04-19 14:28:08 -04:00
Robert 89b8c84928
Remove old binary before copying new one to GOPATH/bin (#13966) 2022-02-09 08:32:10 -05:00
Scott Miller 3dfe5176ee
Darwin/ARM64 build target (#11321)
* Update to Go 1.16.2 for build/dev

* Update SDK version_base

* 1st attempt

* Update docker images

* wip

* wip
2021-04-09 09:53:03 -05:00
Calvin Leung Huang 80ea138b9e
scripts: make build.sh gocmd aware (#9394) 2020-07-02 17:45:41 -07:00
Jeff Mitchell 8bcb533a1b
Create sdk/ and api/ submodules (#6583) 2019-04-12 17:54:35 -04:00
Jeff Mitchell 9193792773 Sync over 2019-03-18 09:33:01 -04:00
Jeff Mitchell 379b05d281 Add the ability for make dev to honor XC_OSARCH 2018-03-03 12:35:36 -05:00
Jeff Mitchell 259e425beb It's not a 1.10 thing apparently.
Revert "Revert "Remove netbsd/arm as it won't compile""

This reverts commit 8b43db120c5b3f15723e7ea61edcf0d4c2c7fc9f.
2018-02-26 12:40:49 -05:00
Jeff Mitchell fb41cf74d7 Revert "Remove netbsd/arm as it won't compile"
This reverts commit 3d4bd6f3cb083e8ee5dac980db58474382a99834.
2018-02-26 12:27:25 -05:00
Jeff Mitchell 7d673e5e05 Remove netbsd/arm as it won't compile 2018-02-20 15:27:33 -05:00
Bharath B ab9111827d Remove symbols from vault binary (#3369) 2017-11-08 07:53:08 -05:00
Chris Hoffman 893c63ef01 adding ability to set gcflags on build (#3451) 2017-10-11 11:36:26 -04:00
Jeff Mitchell 16c6a84a8a Add linux/arm64 build.
Fixes #2630
2017-04-24 09:35:36 -04:00
James Nugent 2c14ff7385 build: Add support for building on Illumos
This commit adds support for building for Illumos-derived operating
systems. Regrettably, the cyrpto/ssh/terminal package does not include
implementations of the functions IsTerminal, MakeRaw or Restore for the
solaris OS. Consequently this commit implements them in Vault.

makeRaw(fd int) is based on the Illumos implementation of the getpass
function [1] for the correct flags. isTerminal(fd int) is based on the
Illumos libc implementation [2] of isatty.

[1] http://src.illumos.org/source/xref/illumos-gate/usr/src/lib/libast/common/uwin/getpass.c
[2] http://src.illumos.org/source/xref/illumos-gate/usr/src/lib/libbc/libc/gen/common/isatty.c
2016-08-13 00:20:15 -04:00
vishalnayak 0617199d7d Set the OSARCH for dev builds 2016-05-24 13:25:50 -04:00
Jeff Mitchell 315db7c8ad
Cut version 0.6.0-beta1 2016-05-23 16:14:15 -04:00
Jeff Mitchell 3d2d044693 Rename build tags 2016-04-28 00:59:33 +00:00
Jeff Mitchell 1027b51d17 Built tag-ify sealtesting 2016-04-28 00:47:44 +00:00
Sean Chittenden c14975c54c Go's -X linker flag now requires only one argument 2016-03-17 10:57:25 -07:00
Jeff Mitchell 786bce24b1 Remove us building Solaris binaries for the moment, as they don't build successfully 2016-03-16 15:47:55 -04:00
Jeff Mitchell d8a840cb2a Increase platforms for next build 2016-02-25 15:49:12 -05:00
Jeff Mitchell 7e36ff547d TF_DEV->VAULT_DEV_BUILD 2016-02-25 11:05:51 -05:00
Jeff Mitchell 7a4eda156c Migrate to built-in Go vendoring.
This also removes `godep` calls from make scripts. Of note is that
currently `./...` checking in acceptance tests is disabled.
2016-02-18 15:06:02 -05:00
Jeff Mitchell 75f1c1e40c Print version on startup.
Fixes #765
2015-11-09 13:52:55 -05:00
Armon Dadgar c0d01df519 Merge pull request #404 from BRMatt/patch-1
Ensure build.sh uses dependencies vendored by godeps
2015-07-22 17:30:06 -07:00
Jeff Zellner 25ea28f419 use /usr/bin/env to find bash 2015-07-21 20:06:54 -06:00
Matt Button 2d0777a32f Ensure build.sh uses dependencies vendored by godeps 2015-07-08 14:02:37 +01:00
Mitchell Hashimoto 15d3d88c48 don't compile for open/freebsd [GH-136] 2015-05-11 10:34:17 -07:00
Mitchell Hashimoto 57be8bcc09 move the cli to the cli/ package so enterprising individuals can call it 2015-04-12 16:58:45 -07:00
Mitchell Hashimoto ba870b8fd2 scripts 2015-03-03 23:14:18 -08:00