Commit graph

189 commits

Author SHA1 Message Date
hc-github-team-secure-vault-core be5249a6dd
backport of commit ece2995ee1df24341ec1dd0fdcc2fdedc6737806 (#21731)
Co-authored-by: Kuba Wieczorek <kuba.wieczorek@hashicorp.com>
2023-07-10 18:09:52 +00:00
hc-github-team-secure-vault-core d1210427d1
backport of commit 8c18f24b9da475c13f7908e609c5d4be24c773e6 (#21611) (#21615)
* combine into one checker

* combine and simplify ci checks

* add to test package list

* remove testing test

* only run deprecations check

* only run deprecations check

* remove unneeded repo check

* fix bash options

Co-authored-by: miagilepner <mia.epner@hashicorp.com>
2023-07-10 17:05:20 +02:00
hc-github-team-secure-vault-core f881304cc5
backport of commit 5919645a70a12e2675331e0a7ad43238c823738e (#21707)
Co-authored-by: miagilepner <mia.epner@hashicorp.com>
2023-07-10 10:58:05 +00:00
hc-github-team-secure-vault-core 03e6898cfc
backport of commit d18242dae4192b11784e539ef862bcfaf654ec69 (#21698)
Co-authored-by: Violet Hynes <violet.hynes@hashicorp.com>
2023-07-07 20:35:32 +00:00
hc-github-team-secure-vault-core cfa1e9d363
backport of commit 87d37fecb775a5ae82d264f0fc08b613dd733c7c (#21688)
Co-authored-by: Violet Hynes <violet.hynes@hashicorp.com>
2023-07-07 19:56:05 +00:00
hc-github-team-secure-vault-core 9d1592cc93
backport of commit 34d1d200ee5e5547779ee8424c52bb7cf4dcb772 (#21676)
Co-authored-by: Violet Hynes <violet.hynes@hashicorp.com>
2023-07-07 15:35:57 -04:00
hc-github-team-secure-vault-core 93d2fc099f
VAULT-17592 Extract failed Go test results across runners (#21625) (#21672)
Co-authored-by: Kuba Wieczorek <kuba.wieczorek@hashicorp.com>
2023-07-07 18:52:01 +01:00
hc-github-team-secure-vault-core f3f97c9658
backport of commit 95b44add74807bed971638928599b18d302a2ae2 (#21667)
Co-authored-by: Kuba Wieczorek <kuba.wieczorek@hashicorp.com>
2023-07-07 16:43:07 +00:00
Ryan Cragun d1e9b99233
[QT-576] Optimize build workflow (#21486) (#21601)
Improve our build workflow execution time by using custom runners,
improved caching and conditional Web UI builds.

Runners
-------
We improve our build times[0] by using larger custom runners[1] when
building the UI and Vault.

Caching
-------
We improve Vault caching by keeping a cache for each build job. This
strategy has the following properties which should result in faster
build times when `go.sum` hasn't been changed from prior builds, or
when a pull request is retried or updated after a prior successful
build:

* Builds will restore cached Go modules and Go build cache according to
  the Go version, platform, architecture, go tags, and hash of `go.sum`
  that relates to each individual build workflow. This reduces the
  amount of time it will take to download the cache on hits and upload
  the cache on misses.
* Parallel build workflows won't clobber each others build cache. This
  results in much faster compile times after cache hits because the Go
  compiler can reuse the platform, architecture, and tag specific build
  cache that it created on prior runs.
* Older modules and build cache will not be uploaded when creating a new
  cache. This should result in lean cache sizes on an ongoing basis.
* On cache misses we will have to upload our compressed module and build
  cache. This will slightly extend the build time for pull requests that
  modify `go.sum`.

Web UI
------
We no longer build the web UI in every build workflow. Instead we separate
the UI building into its own workflow and cache the resulting assets.
The same UI assets are restored from cache during build worklows. This
strategy has the following properties:

* If the `ui` directory has not changed from prior builds we'll restore
  `http/web_ui` from cache and skip building the UI for no reason.
* We continue to use the built-in `yarn` caching functionality in
  `action/setup-node`. The default mode saves the `yarn` global cache.
  to improve UI build times if the cache has not been modified.

Changes
-------
* Add per platform/archicture Go module and build caching
* Move UI building into a separate job and cache the result
* Restore UI cache during build
* Pin workflows

Notes
-----
[0] https://hashicorp.atlassian.net/browse/QT-578
[1] https://github.com/hashicorp/vault/actions/runs/5415830307/jobs/9844829929

Signed-off-by: Ryan Cragun <me@ryan.ec>
2023-07-05 15:19:49 -06:00
hc-github-team-secure-vault-core a2b98398e1
backport of commit eecae3a827f523a25359068ad6714af8f28c6ced (#21550) (#21556)
Co-authored-by: miagilepner <mia.epner@hashicorp.com>
2023-07-04 17:07:05 +02:00
hc-github-team-secure-vault-core 96f1478944
backport of commit f1c6ab41fc6d90811d1a268465f4d9eb712a58b5 (#21535)
Co-authored-by: Rebecca Willett <47540675+rebwill@users.noreply.github.com>
2023-06-30 15:51:51 -04:00
hc-github-team-secure-vault-core 1c44b797b2
backport of commit 30aac443d0037852b0a5e4b50d59a9bedc5e4445 (#21324)
Co-authored-by: miagilepner <mia.epner@hashicorp.com>
2023-06-16 13:10:36 -04:00
hc-github-team-secure-vault-core 92e2ae8897
backport of commit a1fdf105b3cc2e88483f3fca27729fa06bfbfa7f (#21312)
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2023-06-16 14:41:28 +00:00
hc-github-team-secure-vault-core 66fc3d6154
backport of commit d3ae2085ae6242d752cbafb0d0aa9a48b8f4a16b (#21288)
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2023-06-15 15:56:29 -04:00
hc-github-team-secure-vault-core 6da06be1cf
backport of commit 567917efacd62639103133a7a07efd3076be713b (#21205)
Co-authored-by: Kuba Wieczorek <kuba.wieczorek@hashicorp.com>
2023-06-13 21:07:38 +00:00
hc-github-team-secure-vault-core afef4629c8
backport of commit 21eccf8b8df7868c7d454f8ba42d5bec5235a69e (#20866)
Co-authored-by: Anton Averchenkov <84287187+averche@users.noreply.github.com>
2023-05-31 23:06:59 +00:00
Alexander Scheel 30488bc374
sdk/helper/nonce -> go-secure-stdlib/nonceutil (#20737)
Depends on https://github.com/hashicorp/go-secure-stdlib/pull/73

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-05-25 20:57:08 +00:00
Marc Boudreau 6ef35feeb9
update security-scanner version to latest to pickup changes that eliminate use of deprecated GitHub Actions commands (#20690) 2023-05-25 12:09:43 -04:00
Angel Garbarino 4a402ca128
Address Test-ui suite failure for package install issues (#20756)
* fix

* apparently its going to take me two commits.. for one line.

* test removing the installation of the packages.

* remove browser dependencies
2023-05-24 15:24:47 -06:00
Alexander Scheel 83d32240c7
Add nonce service to sdk/helpers, use in PKI (#20688)
* Build a better nonce service

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add internal nonce service for testing

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add benchmarks for nonce service

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add statistics around how long tidy took

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Replace ACME nonces with shared nonce service

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add an initialize method to nonce services

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Use the new initialize helper on nonce service in PKI

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add additional tests for nonces

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Format sdk/helper/nonce

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Use default 90s nonce expiry in PKI

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Remove parallel test case as covered by benchmark

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add additional commentary to encrypted nonce implementation

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add nonce to test_packages

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

---------

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2023-05-23 19:44:05 +00:00
Ryan Cragun 1e752e0cba
ci: request vpc quota increase (#20360)
* Fix regions on two service quotas
* Request an increase in VPCs per region
* Pin github actions workflows

Signed-off-by: Ryan Cragun <me@ryan.ec>
2023-05-22 11:18:06 -06:00
Violet Hynes 92dc054bb3
VAULT-15547 Agent/proxy decoupling, take two (#20634)
* VAULT-15547 Additional tests, refactoring, for proxy split

* VAULT-15547 Additional tests, refactoring, for proxy split

* VAULT-15547 Import reorganization

* VAULT-15547 Some missed updates for PersistConfig

* VAULT-15547 address comments

* VAULT-15547 address comments
2023-05-19 13:17:48 -04:00
Violet Hynes b2468d3481
VAULT-15547 First pass at agent/proxy decoupling (#20548)
* VAULT-15547 First pass at agent/proxy decoupling

* VAULT-15547 Fix some imports

* VAULT-15547 cases instead of string.Title

* VAULT-15547 changelog

* VAULT-15547 Fix some imports

* VAULT-15547 some more dependency updates

* VAULT-15547 More dependency paths

* VAULT-15547 godocs for tests

* VAULT-15547 godocs for tests

* VAULT-15547 test package updates

* VAULT-15547 test packages

* VAULT-15547 add proxy to test packages

* VAULT-15547 gitignore

* VAULT-15547 address comments

* VAULT-15547 Some typos and small fixes
2023-05-17 09:38:34 -04:00
Jaymala b5606770f6
Update verify-changes to support external docs branches (#20535)
* Update verify-changes to support external docs branches

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

* Revert QT-545 as it Enos workflow is not a workflow_run event

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

---------

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>
2023-05-08 15:03:23 -04:00
Nick Cabatoff 3eb5fb3eb7
Use newer version of backport-assistant (#20484) 2023-05-03 12:40:01 -04:00
Nick Cabatoff 120830681e
Don't run build workflow on draft PRs. (#20443) 2023-05-01 13:52:41 -04:00
Nick Cabatoff 9eee5f3438
CI tests should run on release branches as well as main (#20444) 2023-05-01 15:42:03 +00:00
Ryan Cragun 190783a87f
release testing: always save the metadata (#20402)
Signed-off-by: Ryan Cragun <me@ryan.ec>
2023-04-28 15:15:03 -06:00
Nick Cabatoff a816ef6c15
Use a dedicated runner for the binary-based tests. (#20377) 2023-04-27 09:41:49 -04:00
Jaymala 5164069708
Fail completed successfully check for failing Enos tests (#20335)
* Force required completed-successfully check to fail when builds or tests fail

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

* Update to fail cancelled workflows

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

---------

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>
2023-04-26 15:16:31 -04:00
Kuba Wieczorek 2445637829
Run DataDog-related steps every time test-go CI workflow runs (#20364) 2023-04-26 16:28:39 +01:00
Nick Cabatoff ad18fc6398
Docker testing: handle licensing, different images per node (#20347) 2023-04-25 17:11:46 -04:00
Nick Cabatoff 1e433add83
Add ent-specific test binary build rules (#20334)
This fixes the binary building on ent, except because I ran into problems with the binary-based tests there, I've included a bunch of `github.repository != 'hashicorp/vault-enterprise'` conditions to disable the binary building.  I'll fix the test problems in a future PR and remove those repo conditions.
2023-04-25 10:49:34 -04:00
Luis (LT) Carbonell 8b4ce9c1c2
Re-run Milestone Check when Milestones are Applied (#20299)
* re-run when milestones are applied

* update milestone check conditions
2023-04-25 08:49:43 -05:00
Jaymala 2893342c60
Fix script to verify docs changes (#20317)
Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>
2023-04-24 13:16:01 -04:00
Nick Cabatoff b7e6090a21
Move all checkout@v2 users to v3. (#20315) 2023-04-24 15:25:58 +00:00
Nick Cabatoff 313957b911
Add tests based on vault binary (#20224)
First steps towards docker-based tests: tests using vault binary in -dev or -dev-three-node modes.
2023-04-24 09:57:37 -04:00
Jaymala e3a39f4adc
[QT-517] Skip builds for docs PRs (#20036)
* [QT-517] Skip builds for docs changes

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

* [QT-545] Enable Enos tests to also run on forked PRs

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

* Add comments and fix CI errors

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

---------

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>
2023-04-21 10:58:47 -04:00
claire bontempo f4928cf7cb
Run UI tests on PRs with "ui" label (#20209)
* add conditional for label

* VAULT-14643 link jira
2023-04-18 12:03:35 -07:00
Ryan Cragun a19f7dbda5
[QT-525] enos: use spot instances for Vault targets (#20037)
The previous strategy for provisioning infrastructure targets was to use
the cheapest instances that could reliably perform as Vault cluster
nodes. With this change we introduce a new model for target node
infrastructure. We've replaced on-demand instances for a spot
fleet. While the spot price fluctuates based on dynamic pricing, 
capacity, region, instance type, and platform, cost savings for our
most common combinations range between 20-70%.

This change only includes spot fleet targets for Vault clusters.
We'll be updating our Consul backend bidding in another PR.

* Create a new `vault_cluster` module that handles installation,
  configuration, initializing, and unsealing Vault clusters.
* Create a `target_ec2_instances` module that can provision a group of
  instances on-demand.
* Create a `target_ec2_spot_fleet` module that can bid on a fleet of
  spot instances.
* Extend every Enos scenario to utilize the spot fleet target acquisition
  strategy and the `vault_cluster` module.
* Update our Enos CI modules to handle both the `aws-nuke` permissions
  and also the privileges to provision spot fleets.
* Only use us-east-1 and us-west-2 in our scenario matrices as costs are
  lower than us-west-1.

Signed-off-by: Ryan Cragun <me@ryan.ec>
2023-04-13 15:44:43 -04:00
Kuba Wieczorek deb215a8e1
Stop running UI tests on every PR into a release branch in CI (#20149) 2023-04-13 18:10:17 +00:00
Bryce Kalow 9f9bceda88
remove check-legacy-links-format workflow (#20115) 2023-04-12 21:52:54 -04:00
Kuba Wieczorek 7e48d06e20
Add smaller runner groups for CI jobs (#20081) 2023-04-11 14:05:15 -04:00
Jaymala d414a703e4
Use absolute path for debug datadir (#20069)
Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>
2023-04-11 13:06:51 -04:00
Kuba Wieczorek af0adf85fa
Fix issues tripping the actionlint linter again (#20026) 2023-04-06 17:04:09 +00:00
Jaymala d0ac3d8fe2
[QT-488] Get artifact summary info along with product metadata (#19977)
* [QT-488] Get artifact summary info along with product metadata

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

* Fix GH Lint warnings

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>

---------

Signed-off-by: Jaymala Sinha <jaymala@hashicorp.com>
2023-04-05 13:49:46 -06:00
Marc Boudreau 209671c25e
add workflow_dispatch trigger to ci.yml workflow (#19979) 2023-04-05 10:03:08 -04:00
Kuba Wieczorek f7aacbe74a
Fix an issue tripping the actionlint linter in test-run-enos-scenario-matrix.yml (#19986) 2023-04-05 13:14:44 +00:00
Jordan Reimer 7fe9a2b328
Node Version CI Update (#19978)
* updates github workflows to read node version from .nvmrc file

* updates to double quotes for shell expression

* removes set-output workflow command

* updates to use node-version-file option for gh workflows

* pins node version to 16
2023-04-04 15:39:17 -06:00
Peter Wilson 4fc4516b49
Moved 'WaitForNodesExcludingSelectedStandbys' to shared testhelpers file (#19976) 2023-04-04 15:32:01 +01:00