luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
open-vault/packages-oss.yml
Nick Cabatoff ff74f49047
Move to go 1.17 (#12868) 
Also ensure that the go 1.17 breaking changes to net.ParseCIDR don't make us choke on stored CIDRs that were acceptable to older Go versions.
2021-10-21 09:32:03 -04:00

250 lines
11 KiB
YAML
Raw Blame History

# packages.yml
#
# packages.yml defines all the packages we are able to build for a single commit
# in this repo. A package means a single zip file containing the executable binary,
# and optionally other files if needed.
#
# packages.yml is a convenience file for the human management of large numbers of
# alternate packages, allowing default and templated values. We generate another
# artifact from this one, called packages.lock which contains the fully expanded set
# of package and layer specs. This fully expanded file is in turn used to drive the
# build process, and as data for templating CI config.
# config contains packagespec config for this repo.
config:
# product-repo is important to CI providers.
product-repo: https://github.com/hashicorp/vault.git
release-repo: https://github.com/hashicorp/vault-release.git
# product-id is used by external systems to identify this product.
# It can be any unique name, but a golang import path is ideal.
product-id: github.com/hashicorp/vault
circleci-project-slug: gh/hashicorp/vault
circleci-host: circleci.com
on-publish: create-github-release
# inputs are a set of environment variables that may affect the set of bytes produced
# for a given package. Note that a package is a zip file containing the binary, so
# the name of the binary does affect the package's bytes.
inputs:
# defaults contains default input values for each package.
# These values may be overridden on a per-package basis in the packages section.
defaults:
# PRODUCT_VERSION is the version of this product. Usually, this should be left
# as 0.0.0-snapshot. When we build a release candidate, this is overridden in
# a one-off fashion to produce that build.
# This should be used in the PACKAGE_NAME template.
PRODUCT_VERSION: 0.0.0-snapshot
# GO_VERSION is the version of the Go toolchain to use to compile this package.
GO_VERSION: 1.17.2
# YARN_VERSION is the version of Yarn to install for the UI layer.
YARN_VERSION: 1.19.1-1
# Standard golang environment variables, passed to the 'go build' command.
# You can use any standard environment variables here, any that you omit
# will be ommitted from the go build command too, meaning to use the system
# default in the build container.
CGO_ENABLED: 0
GO111MODULE: "off"
# templates contain golang template strings. Each of these is rendered per package
# using that packages values (including any default values), and then added to that
# package.
# Note that templates MAY NOT refer to each other, but may refer to any default or
# package-specific inputs.
templates:
# BINARY_NAME is the name of the executable binary we compile and package.
# It is the name users will use on the CLI to invoke the product.
BINARY_NAME: 'vault{{if eq .GOOS "windows"}}.exe{{end}}'
# PRODUCT_VERSION_MMP is just the major.minor.prerelease fields of the PRODUCT_VERSION.
# Think semantic versioning (semver), although we do not version our binaries
# using semver.
PRODUCT_VERSION_MMP: >-
{{with .PRODUCT_VERSION | strings.SplitN "-" 2}}{{index . 0}}{{end}}
# PRODUCT_VERSION_PRE is just the prerelease field of the product version (i.e. the bit
# after any -, if there is one.
PRODUCT_VERSION_PRE: >-
{{with .PRODUCT_VERSION | strings.SplitN "-" 2}}{{if gt (len .) 1}}{{index . 1}}{{else}}"''"{{end}}{{end}}
# build-command is a templated bash script to be run in the final builder container
# to produce the package. It may refer to any of the inputs, including rendered templates,
# but not meta data.
#
# The build command is passed 3 environment variables, in addition to all those specified as inputs.
#
# - PACKAGE_SOURCE_ID The source ID (usually the git commit SHA, unless build is dirty)
# - OUTPUT_DIR Directory to write the executable and zip file to (will exist already)
# - PACKAGE_ZIP_NAME The name of the package zip file to create (relative to OUTPUT_DIR)
#
# NOTE: You MUST NOT use single quotes in the build command, because at present we do no escaping.
build-command: VERSION_PKG_PATH=github.com/hashicorp/vault/sdk/version;
GO111MODULE=on
go build -v
-tags ui
-ldflags "
-X $VERSION_PKG_PATH.GitCommit=$PACKAGE_SOURCE_ID
-X $VERSION_PKG_PATH.Version={{.PRODUCT_VERSION_MMP}}
-X $VERSION_PKG_PATH.VersionPrerelease={{.PRODUCT_VERSION_PRE}}"
-o $OUTPUT_DIR/{{.BINARY_NAME}}
&& cd $OUTPUT_DIR && zip $PACKAGE_ZIP_NAME {{.BINARY_NAME}}
# packages is the full set of packages we are able to build based on a single commit
# in this repo. Each package is a map where the keys are the names of environment
# variables provided to each build (think 'go build' invocation). Each package is
# expanded by first filling in any unspecified variables with those from defaults,
# and then rendering each template and adding the result to the map.
# Each package must result in a unique PACKAGE_NAME.
#
# The fully expanded set of packages are written to packages.lock. That file
# is a useful data source for building CI/CD pipelines.
packages:
- inputs: { GOOS: darwin, GOARCH: amd64 }
- inputs: { GOOS: darwin, GOARCH: arm64 }
- inputs: { GOOS: freebsd, GOARCH: 386 }
- inputs: { GOOS: freebsd, GOARCH: amd64 }
- inputs: { GOOS: freebsd, GOARCH: arm }
- inputs: { GOOS: linux, GOARCH: 386 }
- inputs: { GOOS: linux, GOARCH: amd64 }
- inputs: { GOOS: linux, GOARCH: arm }
- inputs: { GOOS: linux, GOARCH: arm64 }
- inputs: { GOOS: netbsd, GOARCH: 386 }
- inputs: { GOOS: netbsd, GOARCH: amd64 }
- inputs: { GOOS: openbsd, GOARCH: 386 }
- inputs: { GOOS: openbsd, GOARCH: amd64 }
- inputs: { GOOS: solaris, GOARCH: amd64 }
- inputs: { GOOS: windows, GOARCH: 386 }
- inputs: { GOOS: windows, GOARCH: amd64 }
# meta defines additional custom metadata about packages. This metadata does not
# participate in the PACKAGE_SPEC_ID and so changing it does not directly change cache
# keys for layers or packages. In addition, metadata may not be overridden per-package
# and is not available to input or layer dockerfile templates.
meta:
defaults:
# No default metadata.
templates:
# BUILD_JOB_NAME is the name of a job to build this package in CI. Care must be
# taken that it is both unique within this set of packages, as well as compatible
# with the CI system's naming conventions.
BUILD_JOB_NAME: >-
{{.GOOS}}_{{.GOARCH}}_package
# BUNDLE_NAME is used in archive filenames, as well as by downstream processes.
BUNDLE_NAME: "vault_{{.PRODUCT_VERSION}}"
# package-aliases are a set of paths by which each package may be known, they are
# templates which may refer to any input or meta field defined in this file.
# Package aliases must be unique across all packages defined in this file.
# If any package-alias renders to empty, it is ignored. You can use this
# to produce aliases selectively depending on the package.
#
# Package aliases count as meta data because they do not affect the bytes produced
# per package.
#
# We use package aliases to give human-readable names to packages, and to arrange
# them in a directory hierarchy ready for further processing and distribution.
# Each alias is written as a relative symbolic link in .buildcache/packages/by-alias.
#
# At least one alias must render to a nonempty string.
package-aliases:
- type: local
template: >-
{{.BUNDLE_NAME}}_{{.GOOS}}_{{.GOARCH}}.zip
# public-hc-releases is the path to use for upload to releases.hashicorp.com
# it is empty if this package is not public (empty aliases are ignored).
- type: public-hc-releases
template: >-
vault/{{.BUNDLE_NAME}}/{{.BUNDLE_NAME}}_{{.GOOS}}_{{.GOARCH}}.zip
# Layers determines the build layers, which are individually cacheable layers
# in a linear build. Each layer contains a Dockerfile. All the layers
# together produce the final builder image used to compile binaries.
#
# The partial Dockerfiles may contain references to any of the inputs
# including rendered input templates, but may not reference meta data.
# These Dockerfiles, once rendered, count as inputs and affect the
# package spec ID of each package.
#
# The order of layers is significant. The first layer must have a FROM line, and
# forms the base image. Each subsequent layer begins from the previous one.
#
# You can control cacheability by careful use of variables and ordering.
# Try to group things which change infrequently towards the top, and
# things which change more frequently towards the bottom.
#
# If there are things you want to cache that vary between packages defined in
# this file, put them last so that the greater bulk of work can be shared.
#
# NOTE: At present, changing the names and/or adding/removing layers may
# require updating the CI template file at .circleci/config/@build-release.yml.tpl
# which references some of these layers by name.
base-image: "debian:bullseye-20210927@sha256:eaa533c53fa886f87e48b9420579e1a4698026159cc9190a02f1e9fe88f590ba"
layers:
- name: base
dockerfile: |-
RUN apt-get update -y && apt-get install --no-install-recommends -y -q \
curl \
zip \
build-essential \
gcc-multilib \
g++-multilib \
ca-certificates \
git mercurial bzr \
gnupg \
libltdl-dev \
libltdl7 \
bash \
&& rm -rf /var/lib/apt/lists/*
- name: install-go
dockerfile: |-
ENV GOPATH /gopath
ENV GOROOT /goroot
RUN mkdir $GOROOT && mkdir $GOPATH
RUN curl https://storage.googleapis.com/golang/go{{.GO_VERSION}}.linux-amd64.tar.gz \
| tar xzf - -C $GOROOT --strip-components=1
ENV PATH $GOROOT/bin:$GOPATH/bin:$PATH
- name: install-go-tools
dockerfile: |
ENV GO111MODULE=off
RUN go get golang.org/x/tools/cmd/goimports
- name: set-workdir
dockerfile: |
ENV REPO=github.com/hashicorp/vault
ENV DIR=$GOPATH/src/$REPO
RUN mkdir -p $DIR
WORKDIR $DIR
- name: install-yarn
dockerfile: |-
RUN curl -sL https://deb.nodesource.com/setup_14.x | bash -
RUN curl -sL https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add -
RUN echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list
RUN apt-get update -y && apt-get install -y -q nodejs yarn={{.YARN_VERSION}} \
&& rm -rf /var/lib/apt/lists/*
- name: make-ui-folder
dockerfile: |-
RUN mkdir -p http/web_ui
- name: ui-dependencies
source-include: ui/package.json ui/yarn.lock
dockerfile: |-
RUN cd ui && yarn install
RUN cd ui && npm rebuild node-sass
- name: build-ui
source-include: ui/
dockerfile: |-
RUN { while true; do sleep 30; echo keepalive; done; } & cd ui && yarn --verbose run build
- name: go-modules
source-include: "go.mod go.sum */go.mod */go.sum"
dockerfile: |
ENV GO111MODULE=on
RUN go mod download
# The final layer must contain all the source code we've not yet included.
- name: copy-source
source-include: "*.go"
Reference in a new issue View git blame Copy permalink