open-vault/.github/workflows/build.yml
Ryan Cragun 119e2274fc
[QT-470] Normalize and simplify container build workflows (#18900)
* [QT-470] Normalize and simplify container build workflows

Signed-off-by: Ryan Cragun <me@ryan.ec>
2023-01-30 15:01:51 -07:00

217 lines
8.1 KiB
YAML

---
name: build
on:
workflow_dispatch:
pull_request:
push:
branches:
- main
- release/**
jobs:
product-metadata:
runs-on: ubuntu-latest
outputs:
build-date: ${{ steps.get-metadata.outputs.build-date }}
filepath: ${{ steps.generate-metadata-file.outputs.filepath }}
go-version: ${{ steps.get-metadata.outputs.go-version }}
matrix-test-group: ${{ steps.get-metadata.outputs.matrix-test-group }}
package-name: ${{ steps.get-metadata.outputs.package-name }}
vault-revision: ${{ steps.get-metadata.outputs.vault-revision }}
vault-version: ${{ steps.get-metadata.outputs.vault-version }}
vault-base-version: ${{ steps.get-metadata.outputs.vault-base-version }}
steps:
- uses: actions/checkout@v3
- name: Get metadata
id: get-metadata
env:
# MATRIX_MAX_TEST_GROUPS is required to determine the randomly selected
# test group. It should be set to the highest test_group used in the
# enos-run-matrices.
MATRIX_MAX_TEST_GROUPS: 5
run: |
echo "build-date=$(make ci-get-date)" >> $GITHUB_OUTPUT
echo "go-version=$(cat ./.go-version)" >> $GITHUB_OUTPUT
echo "matrix-test-group=$(make ci-get-matrix-group-id)" >> $GITHUB_OUTPUT
echo "package-name=vault" >> $GITHUB_OUTPUT
echo "vault-base-version=$(make ci-get-version-base)" >> $GITHUB_OUTPUT
echo "vault-revision=$(make ci-get-revision)" >> $GITHUB_OUTPUT
echo "vault-version=$(make ci-get-version)" >> $GITHUB_OUTPUT
- uses: hashicorp/actions-generate-metadata@v1
id: generate-metadata-file
with:
version: ${{ steps.get-metadata.outputs.vault-version }}
product: ${{ steps.get-metadata.outputs.package-name }}
- uses: actions/upload-artifact@v3
with:
name: metadata.json
path: ${{ steps.generate-metadata-file.outputs.filepath }}
if-no-files-found: error
build-other:
name: Other
needs: product-metadata
strategy:
matrix:
goos: [freebsd, windows, netbsd, openbsd, solaris]
goarch: [386, amd64, arm]
exclude:
- goos: solaris
goarch: 386
- goos: solaris
goarch: arm
- goos: windows
goarch: arm
fail-fast: true
uses: ./.github/workflows/build-vault-oss.yml
with:
create-packages: false
goarch: ${{ matrix.goarch }}
goos: ${{ matrix.goos }}
go-tags: ui
go-version: ${{ needs.product-metadata.outputs.go-version }}
package-name: ${{ needs.product-metadata.outputs.package-name }}
vault-version: ${{ needs.product-metadata.outputs.vault-version }}
secrets: inherit
build-linux:
name: Linux
needs: product-metadata
strategy:
matrix:
goos: [linux]
goarch: [arm, arm64, 386, amd64]
fail-fast: true
uses: ./.github/workflows/build-vault-oss.yml
with:
goarch: ${{ matrix.goarch }}
goos: ${{ matrix.goos }}
go-tags: ui
go-version: ${{ needs.product-metadata.outputs.go-version }}
package-name: ${{ needs.product-metadata.outputs.package-name }}
vault-version: ${{ needs.product-metadata.outputs.vault-version }}
secrets: inherit
build-darwin:
name: Darwin
needs: product-metadata
strategy:
matrix:
goos: [darwin]
goarch: [amd64, arm64]
fail-fast: true
uses: ./.github/workflows/build-vault-oss.yml
with:
create-packages: false
goarch: ${{ matrix.goarch }}
goos: ${{ matrix.goos }}
go-tags: ui netcgo
go-version: ${{ needs.product-metadata.outputs.go-version }}
package-name: ${{ needs.product-metadata.outputs.package-name }}
vault-version: ${{ needs.product-metadata.outputs.vault-version }}
secrets: inherit
build-docker:
name: Docker image
needs:
- product-metadata
- build-linux
runs-on: ubuntu-latest
strategy:
matrix:
arch: [arm, arm64, 386, amd64]
steps:
- uses: actions/checkout@v3
- uses: hashicorp/actions-docker-build@v1
with:
version: ${{ needs.product-metadata.outputs.vault-version }}
target: default
arch: ${{ matrix.arch }}
zip_artifact_name: vault_${{ needs.product-metadata.outputs.vault-version }}_linux_${{ matrix.arch }}.zip
tags: |
docker.io/hashicorp/${{ github.event.repository.name }}:${{ needs.product-metadata.outputs.vault-version }}
public.ecr.aws/hashicorp/${{ github.event.repository.name }}:${{ needs.product-metadata.outputs.vault-version }}
build-ubi:
name: UBI image
needs:
- product-metadata
- build-linux
runs-on: ubuntu-latest
strategy:
matrix:
arch: [amd64]
steps:
- uses: actions/checkout@v2
- uses: hashicorp/actions-docker-build@v1
with:
version: ${{ needs.product-metadata.outputs.vault-version }}
target: ubi
arch: ${{ matrix.arch }}
zip_artifact_name: vault_${{ needs.product-metadata.outputs.vault-version }}_linux_${{ matrix.arch }}.zip
redhat_tag: quay.io/redhat-isv-containers/5f89bb5e0b94cf64cfeb500a:${{ needs.product-metadata.outputs.vault-version }}-ubi
test:
name: Test ${{ matrix.build-artifact-name }}
# Only run the Enos workflow against branches that are created from the
# hashicorp/vault repository. This has the effect of limiting execution of
# Enos scenarios to branches that originate from authors that have write
# access to hashicorp/vault repository. This is required as Github Actions
# will not populate the required secrets for branches created by outside
# contributors in order to protect the secrets integrity.
if: "! github.event.pull_request.head.repo.fork"
needs:
- product-metadata
- build-linux
uses: ./.github/workflows/test-run-enos-scenario-matrix.yml
strategy:
fail-fast: false
matrix:
include:
- matrix-file-name: build-github-oss-linux-amd64-zip
build-artifact-name: vault_${{ needs.product-metadata.outputs.vault-version }}_linux_amd64.zip
- matrix-file-name: build-github-oss-linux-arm64-zip
build-artifact-name: vault_${{ needs.product-metadata.outputs.vault-version }}_linux_arm64.zip
with:
build-artifact-name: ${{ matrix.build-artifact-name }}
matrix-file-name: ${{ matrix.matrix-file-name }}
matrix-test-group: ${{ needs.product-metadata.outputs.matrix-test-group }}
vault-edition: oss
vault-revision: ${{ needs.product-metadata.outputs.vault-revision }}
ssh-key-name: ${{ github.event.repository.name }}-ci-ssh-key
secrets: inherit
test-docker-k8s:
name: Test Docker K8s
# Only run the Enos workflow against branches that are created from the
# hashicorp/vault repository. This has the effect of limiting execution of
# Enos scenarios to branches that originate from authors that have write
# access to hashicorp/vault repository. This is required as Github Actions
# will not populate the required secrets for branches created by outside
# contributors in order to protect the secrets integrity.
if: "! github.event.pull_request.head.repo.fork"
needs:
- product-metadata
- build-docker
uses: ./.github/workflows/enos-run-k8s.yml
with:
artifact-build-date: ${{ needs.product-metadata.outputs.build-date }}
artifact-name: ${{ github.event.repository.name }}_default_linux_amd64_${{ needs.product-metadata.outputs.vault-version }}_${{ needs.product-metadata.outputs.vault-revision }}.docker.tar
artifact-revision: ${{ needs.product-metadata.outputs.vault-revision }}
artifact-version: ${{ needs.product-metadata.outputs.vault-version }}
secrets: inherit
completed-successfully:
runs-on: ubuntu-latest
needs:
- build-other
- build-linux
- build-darwin
- build-docker
- build-ubi
- test
- test-docker-k8s
steps:
- run: echo "All required build and test workflows have succeeded!"