f52a686b91
Replace our prior implementation of Enos test groups with the new Enos sampling feature. With this feature we're able to describe which scenarios and variant combinations are valid for a given artifact and allow enos to create a valid sample field (a matrix of all compatible scenarios) and take an observation (select some to run) for us. This ensures that every valid scenario and variant combination will now be a candidate for testing in the pipeline. See QT-504[0] for further details on the Enos sampling capabilities. Our prior implementation only tested the amd64 and arm64 zip artifacts, as well as the Docker container. We now include the following new artifacts in the test matrix: * CE Amd64 Debian package * CE Amd64 RPM package * CE Arm64 Debian package * CE Arm64 RPM package Each artifact includes a sample definition for both pre-merge/post-merge (build) and release testing. Changes: * Remove the hand crafted `enos-run-matrices` ci matrix targets and replace them with per-artifact samples. * Use enos sampling to generate different sample groups on all pull requests. * Update the enos scenario matrices to handle HSM and FIPS packages. * Simplify enos scenarios by using shared globals instead of cargo-culted locals. Note: This will require coordination with vault-enterprise to ensure a smooth migration to the new system. Integrating new scenarios or modifying existing scenarios/variants should be much smoother after this initial migration. [0] https://github.com/hashicorp/enos/pull/102 Signed-off-by: Ryan Cragun <me@ryan.ec> Co-authored-by: Ryan Cragun <me@ryan.ec>
111 lines
3.9 KiB
YAML
111 lines
3.9 KiB
YAML
---
|
|
name: build_vault
|
|
|
|
# This workflow is intended to be called by the build workflow for each Vault
|
|
# binary that needs to be built and packaged. The ci make targets that are
|
|
# utilized automatically determine build metadata and handle building and
|
|
# packing vault.
|
|
|
|
on:
|
|
workflow_call:
|
|
inputs:
|
|
cgo-enabled:
|
|
type: string
|
|
default: 0
|
|
create-packages:
|
|
type: boolean
|
|
default: true
|
|
goos:
|
|
required: true
|
|
type: string
|
|
goarch:
|
|
required: true
|
|
type: string
|
|
go-tags:
|
|
type: string
|
|
package-name:
|
|
type: string
|
|
default: vault
|
|
vault-version:
|
|
type: string
|
|
required: true
|
|
web-ui-cache-key:
|
|
type: string
|
|
required: true
|
|
|
|
jobs:
|
|
build:
|
|
runs-on: custom-linux-xl-vault-latest
|
|
name: Vault ${{ inputs.goos }} ${{ inputs.goarch }} v${{ inputs.vault-version }}
|
|
steps:
|
|
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
|
|
- uses: ./.github/actions/set-up-go
|
|
with:
|
|
github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
|
|
- name: Restore UI from cache
|
|
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
|
|
with:
|
|
# Restore the UI asset from the UI build workflow. Never use a partial restore key.
|
|
enableCrossOsArchive: true
|
|
fail-on-cache-miss: true
|
|
path: http/web_ui
|
|
key: ${{ inputs.web-ui-cache-key }}
|
|
- name: Build Vault
|
|
env:
|
|
GO_TAGS: ${{ inputs.go-tags }}
|
|
CGO_ENABLED: ${{ inputs.cgo-enabled }}
|
|
GOARCH: ${{ inputs.goarch }}
|
|
GOOS: ${{ inputs.goos }}
|
|
VERSION: ${{ inputs.vault-version }}
|
|
run:
|
|
make ci-build
|
|
- name: Determine artifact basename
|
|
env:
|
|
GOARCH: ${{ inputs.goarch }}
|
|
GOOS: ${{ inputs.goos }}
|
|
VERSION: ${{ inputs.vault-version }}
|
|
run: echo "ARTIFACT_BASENAME=$(make ci-get-artifact-basename)" >> "$GITHUB_ENV"
|
|
- name: Bundle Vault
|
|
env:
|
|
BUNDLE_PATH: out/${{ env.ARTIFACT_BASENAME }}.zip
|
|
run: make ci-bundle
|
|
- uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
|
|
with:
|
|
name: ${{ env.ARTIFACT_BASENAME }}.zip
|
|
path: out/${{ env.ARTIFACT_BASENAME }}.zip
|
|
if-no-files-found: error
|
|
- if: ${{ inputs.create-packages }}
|
|
uses: hashicorp/actions-packaging-linux@v1
|
|
with:
|
|
name: ${{ github.event.repository.name }}
|
|
description: Vault is a tool for secrets management, encryption as a service, and privileged access management.
|
|
arch: ${{ inputs.goarch }}
|
|
version: ${{ inputs.vault-version }}
|
|
maintainer: HashiCorp
|
|
homepage: https://github.com/hashicorp/vault
|
|
license: MPL-2.0
|
|
binary: dist/${{ inputs.package-name }}
|
|
deb_depends: openssl
|
|
rpm_depends: openssl
|
|
config_dir: .release/linux/package/
|
|
preinstall: .release/linux/preinst
|
|
postinstall: .release/linux/postinst
|
|
postremove: .release/linux/postrm
|
|
- if: ${{ inputs.create-packages }}
|
|
name: Determine package file names
|
|
run: |
|
|
echo "RPM_PACKAGE=$(basename out/*.rpm)" >> "$GITHUB_ENV"
|
|
echo "DEB_PACKAGE=$(basename out/*.deb)" >> "$GITHUB_ENV"
|
|
- if: ${{ inputs.create-packages }}
|
|
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
|
|
with:
|
|
name: ${{ env.RPM_PACKAGE }}
|
|
path: out/${{ env.RPM_PACKAGE }}
|
|
if-no-files-found: error
|
|
- if: ${{ inputs.create-packages }}
|
|
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
|
|
with:
|
|
name: ${{ env.DEB_PACKAGE }}
|
|
path: out/${{ env.DEB_PACKAGE }}
|
|
if-no-files-found: error
|