--- name: build on: workflow_dispatch: pull_request: push: branches: - main - release/** jobs: product-metadata: runs-on: ubuntu-latest outputs: build-date: ${{ steps.get-metadata.outputs.build-date }} filepath: ${{ steps.generate-metadata-file.outputs.filepath }} go-version: ${{ steps.get-metadata.outputs.go-version }} matrix-test-group: ${{ steps.get-metadata.outputs.matrix-test-group }} package-name: ${{ steps.get-metadata.outputs.package-name }} vault-revision: ${{ steps.get-metadata.outputs.vault-revision }} vault-version: ${{ steps.get-metadata.outputs.vault-version }} vault-base-version: ${{ steps.get-metadata.outputs.vault-base-version }} steps: - uses: actions/checkout@v3 - name: Get metadata id: get-metadata env: # MATRIX_MAX_TEST_GROUPS is required to determine the randomly selected # test group. It should be set to the highest test_group used in the # enos-run-matrices. MATRIX_MAX_TEST_GROUPS: 5 run: | # shellcheck disable=SC2129 echo "build-date=$(make ci-get-date)" >> "$GITHUB_OUTPUT" echo "go-version=$(cat ./.go-version)" >> "$GITHUB_OUTPUT" echo "matrix-test-group=$(make ci-get-matrix-group-id)" >> "$GITHUB_OUTPUT" echo "package-name=vault" >> "$GITHUB_OUTPUT" echo "vault-base-version=$(make ci-get-version-base)" >> "$GITHUB_OUTPUT" echo "vault-revision=$(make ci-get-revision)" >> "$GITHUB_OUTPUT" echo "vault-version=$(make ci-get-version)" >> "$GITHUB_OUTPUT" - uses: hashicorp/actions-generate-metadata@v1 id: generate-metadata-file with: version: ${{ steps.get-metadata.outputs.vault-version }} product: ${{ steps.get-metadata.outputs.package-name }} - uses: actions/upload-artifact@v3 with: name: metadata.json path: ${{ steps.generate-metadata-file.outputs.filepath }} if-no-files-found: error build-other: name: Other needs: product-metadata strategy: matrix: goos: [freebsd, windows, netbsd, openbsd, solaris] goarch: [386, amd64, arm] exclude: - goos: solaris goarch: 386 - goos: solaris goarch: arm - goos: windows goarch: arm fail-fast: true uses: ./.github/workflows/build-vault-oss.yml with: create-packages: false goarch: ${{ matrix.goarch }} goos: ${{ matrix.goos }} go-tags: ui go-version: ${{ needs.product-metadata.outputs.go-version }} package-name: ${{ needs.product-metadata.outputs.package-name }} vault-version: ${{ needs.product-metadata.outputs.vault-version }} secrets: inherit build-linux: name: Linux needs: product-metadata strategy: matrix: goos: [linux] goarch: [arm, arm64, 386, amd64] fail-fast: true uses: ./.github/workflows/build-vault-oss.yml with: goarch: ${{ matrix.goarch }} goos: ${{ matrix.goos }} go-tags: ui go-version: ${{ needs.product-metadata.outputs.go-version }} package-name: ${{ needs.product-metadata.outputs.package-name }} vault-version: ${{ needs.product-metadata.outputs.vault-version }} secrets: inherit build-darwin: name: Darwin needs: product-metadata strategy: matrix: goos: [darwin] goarch: [amd64, arm64] fail-fast: true uses: ./.github/workflows/build-vault-oss.yml with: create-packages: false goarch: ${{ matrix.goarch }} goos: ${{ matrix.goos }} go-tags: ui netcgo go-version: ${{ needs.product-metadata.outputs.go-version }} package-name: ${{ needs.product-metadata.outputs.package-name }} vault-version: ${{ needs.product-metadata.outputs.vault-version }} secrets: inherit build-docker: name: Docker image needs: - product-metadata - build-linux runs-on: ubuntu-latest strategy: matrix: arch: [arm, arm64, 386, amd64] steps: - uses: actions/checkout@v3 - uses: hashicorp/actions-docker-build@v1 with: version: ${{ needs.product-metadata.outputs.vault-version }} target: default arch: ${{ matrix.arch }} zip_artifact_name: vault_${{ needs.product-metadata.outputs.vault-version }}_linux_${{ matrix.arch }}.zip tags: | docker.io/hashicorp/${{ github.event.repository.name }}:${{ needs.product-metadata.outputs.vault-version }} public.ecr.aws/hashicorp/${{ github.event.repository.name }}:${{ needs.product-metadata.outputs.vault-version }} build-ubi: name: UBI image needs: - product-metadata - build-linux runs-on: ubuntu-latest strategy: matrix: arch: [amd64] steps: - uses: actions/checkout@v2 - uses: hashicorp/actions-docker-build@v1 with: version: ${{ needs.product-metadata.outputs.vault-version }} target: ubi arch: ${{ matrix.arch }} zip_artifact_name: vault_${{ needs.product-metadata.outputs.vault-version }}_linux_${{ matrix.arch }}.zip redhat_tag: quay.io/redhat-isv-containers/5f89bb5e0b94cf64cfeb500a:${{ needs.product-metadata.outputs.vault-version }}-ubi test: name: Test ${{ matrix.build-artifact-name }} # Only run the Enos workflow against branches that are created from the # hashicorp/vault repository. This has the effect of limiting execution of # Enos scenarios to branches that originate from authors that have write # access to hashicorp/vault repository. This is required as Github Actions # will not populate the required secrets for branches created by outside # contributors in order to protect the secrets integrity. if: "! github.event.pull_request.head.repo.fork" needs: - product-metadata - build-linux uses: ./.github/workflows/test-run-enos-scenario-matrix.yml strategy: fail-fast: false matrix: include: - matrix-file-name: build-github-oss-linux-amd64-zip build-artifact-name: vault_${{ needs.product-metadata.outputs.vault-version }}_linux_amd64.zip - matrix-file-name: build-github-oss-linux-arm64-zip build-artifact-name: vault_${{ needs.product-metadata.outputs.vault-version }}_linux_arm64.zip with: build-artifact-name: ${{ matrix.build-artifact-name }} matrix-file-name: ${{ matrix.matrix-file-name }} matrix-test-group: ${{ needs.product-metadata.outputs.matrix-test-group }} vault-edition: oss vault-revision: ${{ needs.product-metadata.outputs.vault-revision }} ssh-key-name: ${{ github.event.repository.name }}-ci-ssh-key secrets: inherit test-docker-k8s: name: Test Docker K8s # Only run the Enos workflow against branches that are created from the # hashicorp/vault repository. This has the effect of limiting execution of # Enos scenarios to branches that originate from authors that have write # access to hashicorp/vault repository. This is required as Github Actions # will not populate the required secrets for branches created by outside # contributors in order to protect the secrets integrity. if: "! github.event.pull_request.head.repo.fork" needs: - product-metadata - build-docker uses: ./.github/workflows/enos-run-k8s.yml with: artifact-build-date: ${{ needs.product-metadata.outputs.build-date }} artifact-name: ${{ github.event.repository.name }}_default_linux_amd64_${{ needs.product-metadata.outputs.vault-version }}_${{ needs.product-metadata.outputs.vault-revision }}.docker.tar artifact-revision: ${{ needs.product-metadata.outputs.vault-revision }} artifact-version: ${{ needs.product-metadata.outputs.vault-version }} secrets: inherit completed-successfully: runs-on: ubuntu-latest needs: - build-other - build-linux - build-darwin - build-docker - build-ubi - test - test-docker-k8s steps: - run: echo "All required build and test workflows have succeeded!"