4ad111b3dd
* address lint reports * add diff-oss-ci and test-ui jobs to ci GHA workflow * Add actions linter workflow * Fix actions linter errors * pin 3rd party components with SHA hash and limit actionlint workflow to pull requests touching paths under .github directory * Fix actionlint runner * pin SHA hash of 3rd party components use .go-version file to provide go version to setup-go action remove unncessary ref parameter in checkout action --------- Co-authored-by: Brian Shore <bshore@hashicorp.com>
218 lines
8.1 KiB
YAML
218 lines
8.1 KiB
YAML
---
|
|
name: build
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
pull_request:
|
|
push:
|
|
branches:
|
|
- main
|
|
- release/**
|
|
|
|
jobs:
|
|
product-metadata:
|
|
runs-on: ubuntu-latest
|
|
outputs:
|
|
build-date: ${{ steps.get-metadata.outputs.build-date }}
|
|
filepath: ${{ steps.generate-metadata-file.outputs.filepath }}
|
|
go-version: ${{ steps.get-metadata.outputs.go-version }}
|
|
matrix-test-group: ${{ steps.get-metadata.outputs.matrix-test-group }}
|
|
package-name: ${{ steps.get-metadata.outputs.package-name }}
|
|
vault-revision: ${{ steps.get-metadata.outputs.vault-revision }}
|
|
vault-version: ${{ steps.get-metadata.outputs.vault-version }}
|
|
vault-base-version: ${{ steps.get-metadata.outputs.vault-base-version }}
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
- name: Get metadata
|
|
id: get-metadata
|
|
env:
|
|
# MATRIX_MAX_TEST_GROUPS is required to determine the randomly selected
|
|
# test group. It should be set to the highest test_group used in the
|
|
# enos-run-matrices.
|
|
MATRIX_MAX_TEST_GROUPS: 5
|
|
run: |
|
|
# shellcheck disable=SC2129
|
|
echo "build-date=$(make ci-get-date)" >> "$GITHUB_OUTPUT"
|
|
echo "go-version=$(cat ./.go-version)" >> "$GITHUB_OUTPUT"
|
|
echo "matrix-test-group=$(make ci-get-matrix-group-id)" >> "$GITHUB_OUTPUT"
|
|
echo "package-name=vault" >> "$GITHUB_OUTPUT"
|
|
echo "vault-base-version=$(make ci-get-version-base)" >> "$GITHUB_OUTPUT"
|
|
echo "vault-revision=$(make ci-get-revision)" >> "$GITHUB_OUTPUT"
|
|
echo "vault-version=$(make ci-get-version)" >> "$GITHUB_OUTPUT"
|
|
- uses: hashicorp/actions-generate-metadata@v1
|
|
id: generate-metadata-file
|
|
with:
|
|
version: ${{ steps.get-metadata.outputs.vault-version }}
|
|
product: ${{ steps.get-metadata.outputs.package-name }}
|
|
- uses: actions/upload-artifact@v3
|
|
with:
|
|
name: metadata.json
|
|
path: ${{ steps.generate-metadata-file.outputs.filepath }}
|
|
if-no-files-found: error
|
|
|
|
build-other:
|
|
name: Other
|
|
needs: product-metadata
|
|
strategy:
|
|
matrix:
|
|
goos: [freebsd, windows, netbsd, openbsd, solaris]
|
|
goarch: [386, amd64, arm]
|
|
exclude:
|
|
- goos: solaris
|
|
goarch: 386
|
|
- goos: solaris
|
|
goarch: arm
|
|
- goos: windows
|
|
goarch: arm
|
|
fail-fast: true
|
|
uses: ./.github/workflows/build-vault-oss.yml
|
|
with:
|
|
create-packages: false
|
|
goarch: ${{ matrix.goarch }}
|
|
goos: ${{ matrix.goos }}
|
|
go-tags: ui
|
|
go-version: ${{ needs.product-metadata.outputs.go-version }}
|
|
package-name: ${{ needs.product-metadata.outputs.package-name }}
|
|
vault-version: ${{ needs.product-metadata.outputs.vault-version }}
|
|
secrets: inherit
|
|
|
|
build-linux:
|
|
name: Linux
|
|
needs: product-metadata
|
|
strategy:
|
|
matrix:
|
|
goos: [linux]
|
|
goarch: [arm, arm64, 386, amd64]
|
|
fail-fast: true
|
|
uses: ./.github/workflows/build-vault-oss.yml
|
|
with:
|
|
goarch: ${{ matrix.goarch }}
|
|
goos: ${{ matrix.goos }}
|
|
go-tags: ui
|
|
go-version: ${{ needs.product-metadata.outputs.go-version }}
|
|
package-name: ${{ needs.product-metadata.outputs.package-name }}
|
|
vault-version: ${{ needs.product-metadata.outputs.vault-version }}
|
|
secrets: inherit
|
|
|
|
build-darwin:
|
|
name: Darwin
|
|
needs: product-metadata
|
|
strategy:
|
|
matrix:
|
|
goos: [darwin]
|
|
goarch: [amd64, arm64]
|
|
fail-fast: true
|
|
uses: ./.github/workflows/build-vault-oss.yml
|
|
with:
|
|
create-packages: false
|
|
goarch: ${{ matrix.goarch }}
|
|
goos: ${{ matrix.goos }}
|
|
go-tags: ui netcgo
|
|
go-version: ${{ needs.product-metadata.outputs.go-version }}
|
|
package-name: ${{ needs.product-metadata.outputs.package-name }}
|
|
vault-version: ${{ needs.product-metadata.outputs.vault-version }}
|
|
secrets: inherit
|
|
|
|
build-docker:
|
|
name: Docker image
|
|
needs:
|
|
- product-metadata
|
|
- build-linux
|
|
runs-on: ubuntu-latest
|
|
strategy:
|
|
matrix:
|
|
arch: [arm, arm64, 386, amd64]
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
- uses: hashicorp/actions-docker-build@v1
|
|
with:
|
|
version: ${{ needs.product-metadata.outputs.vault-version }}
|
|
target: default
|
|
arch: ${{ matrix.arch }}
|
|
zip_artifact_name: vault_${{ needs.product-metadata.outputs.vault-version }}_linux_${{ matrix.arch }}.zip
|
|
tags: |
|
|
docker.io/hashicorp/${{ github.event.repository.name }}:${{ needs.product-metadata.outputs.vault-version }}
|
|
public.ecr.aws/hashicorp/${{ github.event.repository.name }}:${{ needs.product-metadata.outputs.vault-version }}
|
|
|
|
build-ubi:
|
|
name: UBI image
|
|
needs:
|
|
- product-metadata
|
|
- build-linux
|
|
runs-on: ubuntu-latest
|
|
strategy:
|
|
matrix:
|
|
arch: [amd64]
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
- uses: hashicorp/actions-docker-build@v1
|
|
with:
|
|
version: ${{ needs.product-metadata.outputs.vault-version }}
|
|
target: ubi
|
|
arch: ${{ matrix.arch }}
|
|
zip_artifact_name: vault_${{ needs.product-metadata.outputs.vault-version }}_linux_${{ matrix.arch }}.zip
|
|
redhat_tag: quay.io/redhat-isv-containers/5f89bb5e0b94cf64cfeb500a:${{ needs.product-metadata.outputs.vault-version }}-ubi
|
|
|
|
test:
|
|
name: Test ${{ matrix.build-artifact-name }}
|
|
# Only run the Enos workflow against branches that are created from the
|
|
# hashicorp/vault repository. This has the effect of limiting execution of
|
|
# Enos scenarios to branches that originate from authors that have write
|
|
# access to hashicorp/vault repository. This is required as Github Actions
|
|
# will not populate the required secrets for branches created by outside
|
|
# contributors in order to protect the secrets integrity.
|
|
if: "! github.event.pull_request.head.repo.fork"
|
|
needs:
|
|
- product-metadata
|
|
- build-linux
|
|
uses: ./.github/workflows/test-run-enos-scenario-matrix.yml
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
include:
|
|
- matrix-file-name: build-github-oss-linux-amd64-zip
|
|
build-artifact-name: vault_${{ needs.product-metadata.outputs.vault-version }}_linux_amd64.zip
|
|
- matrix-file-name: build-github-oss-linux-arm64-zip
|
|
build-artifact-name: vault_${{ needs.product-metadata.outputs.vault-version }}_linux_arm64.zip
|
|
with:
|
|
build-artifact-name: ${{ matrix.build-artifact-name }}
|
|
matrix-file-name: ${{ matrix.matrix-file-name }}
|
|
matrix-test-group: ${{ needs.product-metadata.outputs.matrix-test-group }}
|
|
vault-edition: oss
|
|
vault-revision: ${{ needs.product-metadata.outputs.vault-revision }}
|
|
ssh-key-name: ${{ github.event.repository.name }}-ci-ssh-key
|
|
secrets: inherit
|
|
|
|
test-docker-k8s:
|
|
name: Test Docker K8s
|
|
# Only run the Enos workflow against branches that are created from the
|
|
# hashicorp/vault repository. This has the effect of limiting execution of
|
|
# Enos scenarios to branches that originate from authors that have write
|
|
# access to hashicorp/vault repository. This is required as Github Actions
|
|
# will not populate the required secrets for branches created by outside
|
|
# contributors in order to protect the secrets integrity.
|
|
if: "! github.event.pull_request.head.repo.fork"
|
|
needs:
|
|
- product-metadata
|
|
- build-docker
|
|
uses: ./.github/workflows/enos-run-k8s.yml
|
|
with:
|
|
artifact-build-date: ${{ needs.product-metadata.outputs.build-date }}
|
|
artifact-name: ${{ github.event.repository.name }}_default_linux_amd64_${{ needs.product-metadata.outputs.vault-version }}_${{ needs.product-metadata.outputs.vault-revision }}.docker.tar
|
|
artifact-revision: ${{ needs.product-metadata.outputs.vault-revision }}
|
|
artifact-version: ${{ needs.product-metadata.outputs.vault-version }}
|
|
secrets: inherit
|
|
|
|
completed-successfully:
|
|
runs-on: ubuntu-latest
|
|
needs:
|
|
- build-other
|
|
- build-linux
|
|
- build-darwin
|
|
- build-docker
|
|
- build-ubi
|
|
- test
|
|
- test-docker-k8s
|
|
steps:
|
|
- run: echo "All required build and test workflows have succeeded!"
|