aherman
/
boundary
mirror of https://github.com/hashicorp/boundary
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Onboard boundary to use new version/VERSION file and reproducible actions-go-build (#2662)

Browse Source 
* Onboard boundary to use new .release/VERSION file and reproducible actions-go-build

* Added automatic patch version bumps to end of release pipeline

* Added back VersionMetadata to internal directory

* Moved VERSION file to version/

* Update to current version

* Using prepare workflow for pre-stable channel workflow

* Test prepare workflow

* PR feedback: allow builds to run builds locally without setting BIN_PATH

* PR feedback: revert Enos changes

* PR Feedback

* Remove current branch from ci pipeline

* Run make fmt
pull/2700/head
emily neil 3 years ago committed by GitHub
parent 5d48b10123
commit 7cd5b5a320
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 128 additions and 221 deletions
Show Stats Download Patch File Download Diff File

138
.github/workflows/build.yml vendored
Unescape View File

@ -9,11 +9,23 @@ env:
PKG_NAME: "boundary"
jobs:
set-product-version:
runs-on: ubuntu-latest
outputs:
product-version: ${{ steps.set-product-version.outputs.product-version }}
base-product-version: $${{ steps.set-product-version.outputs.base-product-version }}
prerelease-product-version: ${{ steps.set-product-version.outputs.prerelease-product-version }}
steps:
- uses: actions/checkout@v3
- name: Set Product version
id: set-product-version
uses: hashicorp/actions-set-product-version@v1
product-metadata:
needs: set-product-version
runs-on: ubuntu-latest
outputs:
product-version: ${{ steps.get-product-version.outputs.product-version }}
product-minor-version: ${{ steps.get-product-version.outputs.product-minor-version }}
product-minor-version: ${{ steps.get-product-minor-version.outputs.product-minor-version }}
product-edition: ${{ steps.get-product-edition.outputs.product-edition }}
go-version: ${{ steps.get-go-version.outputs.go-version }}
steps:
@ -49,27 +61,29 @@ jobs:
run: |
make edition
echo "::set-output name=product-edition::$(make edition)"
- name: Determine product version
id: get-product-version
- name: Determine minor product version
id: get-product-minor-version
run: |
VERSION=$(make version)
VERSION=${{ needs.set-product-version.outputs.product-version }}
MINOR_VERSION=$(echo $VERSION | cut -d. -f-2)
echo "::set-output name=product-version::$VERSION"
echo "::set-output name=product-minor-version::$MINOR_VERSION"
verify-product-metadata:
needs: product-metadata
needs:
- set-product-version
- product-metadata
runs-on: ubuntu-latest
steps:
- name: 'Checkout directory'
uses: actions/checkout@v3
- run: |
echo "Product Version - ${{ needs.product-metadata.outputs.product-version }}"
echo "Product Version - ${{ needs.set-product-version.outputs.product-version }}"
echo "Product Prerelease - ${{ needs.set-product-version.outputs.prerelease-product-version }}"
echo "Product Metadata - ${{ needs.product-metadata.outputs.product-edition }}"
echo "Product Minor Version - ${{ needs.product-metadata.outputs.product-minor-version }}"
echo "Product Edition - ${{ needs.product-metadata.outputs.product-edition }}"
generate-metadata-file:
needs: product-metadata
needs: set-product-version
runs-on: ubuntu-latest
outputs:
filepath: ${{ steps.generate-metadata-file.outputs.filepath }}
@ -78,9 +92,9 @@ jobs:
uses: actions/checkout@v3
- name: Generate metadata file
id: generate-metadata-file
uses: hashicorp/actions-generate-metadata@main
uses: hashicorp/actions-generate-metadata@v1
with:
version: ${{ needs.product-metadata.outputs.product-version }}
version: ${{ needs.set-product-version.outputs.product-version }}
product: ${{ env.PKG_NAME }}
- uses: actions/upload-artifact@v3
@ -91,6 +105,7 @@ jobs:
build-other:
needs:
- product-metadata
- set-product-version
runs-on: ubuntu-latest
strategy:
matrix:
@ -143,23 +158,30 @@ jobs:
repo: "hashicorp/boundary-ui"
name: admin-ui-${{ needs.product-metadata.outputs.product-edition }}
path: internal/ui/.tmp/boundary-ui/ui/admin/dist
- name: Go build
- name: Go Build
env:
GOOS: ${{ matrix.goos }}
GOARCH: ${{ matrix.goarch }}
CGO_ENABLED: 0
run: |
mkdir out
make build
zip -r -j out/${{ env.PKG_NAME }}_${{ needs.product-metadata.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip bin/
CGO_ENABLED: "0"
PRERELEASE_PRODUCT_VERSION: ${{ needs.set-product-version.outputs.prerelease-product-version }}
METADATA_PRODUCT_VERSION: ${{ needs.product-metadata.outputs.product-edition }}
uses: hashicorp/actions-go-build@v0.1.7
with:
product_name: ${{ env.PKG_NAME }}
product_version: ${{ needs.set-product-version. outputs.product-version }}
go_version: ${{ matrix.go }}
os: ${{ matrix.goos }}
arch: ${{ matrix.goarch }}
reproducible: report
instructions: |-
make build
- uses: actions/upload-artifact@v3
with:
name: ${{ env.PKG_NAME }}_${{ needs.product-metadata.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip
path: out/${{ env.PKG_NAME }}_${{ needs.product-metadata.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip
name: ${{ env.PKG_NAME }}_${{ needs.set-product-version.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip
path: out/${{ env.PKG_NAME }}_${{ needs.set-product-version.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip
build-linux:
needs:
- product-metadata
- set-product-version
runs-on: ubuntu-latest
strategy:
matrix:
@ -207,31 +229,36 @@ jobs:
repo: "hashicorp/boundary-ui"
name: admin-ui-${{ needs.product-metadata.outputs.product-edition }}
path: internal/ui/.tmp/boundary-ui/ui/admin/dist
- name: Go build
- name: Go Build
env:
GOOS: ${{ matrix.goos }}
GOARCH: ${{ matrix.goarch }}
CGO_ENABLED: 0
run: |
mkdir out
make build
zip -r -j out/${{ env.PKG_NAME }}_${{ needs.product-metadata.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip bin/
CGO_ENABLED: "0"
PRERELEASE_PRODUCT_VERSION: ${{ needs.set-product-version.outputs.prerelease-product-version }}
METADATA_PRODUCT_VERSION: ${{ needs.product-metadata.outputs.product-edition }}
uses: hashicorp/actions-go-build@v0.1.7
with:
product_name: ${{ env.PKG_NAME }}
product_version: ${{ needs.set-product-version. outputs.product-version }}
go_version: ${{ matrix.go }}
os: ${{ matrix.goos }}
arch: ${{ matrix.goarch }}
reproducible: report
instructions: |-
make build
- uses: actions/upload-artifact@v3
with:
name: ${{ env.PKG_NAME }}_${{ needs.product-metadata.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip
path: out/${{ env.PKG_NAME }}_${{ needs.product-metadata.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip
name: ${{ env.PKG_NAME }}_${{ needs.set-product-version.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip
path: out/${{ env.PKG_NAME }}_${{ needs.set-product-version.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip
- name: Package
uses: hashicorp/actions-packaging-linux@v1
with:
name: ${{ github.event.repository.name }}
description: "HashiCorp Boundary - Identity-based access management for dynamic infrastructure"
arch: ${{ matrix.goarch }}
version: ${{ needs.product-metadata.outputs.product-version }}
version: ${{ needs.set-product-version.outputs.product-version }}
maintainer: "HashiCorp"
homepage: "https://github.com/hashicorp/boundary"
license: "MPL-2.0"
binary: "bin/${{ env.PKG_NAME }}"
binary: "dist/${{ env.PKG_NAME }}"
deb_depends: "openssl"
rpm_depends: "openssl"
config_dir: ".release/linux/package/"
@ -255,6 +282,7 @@ jobs:
build-darwin:
needs:
- product-metadata
- set-product-version
runs-on: macos-latest
strategy:
matrix:
@ -299,24 +327,31 @@ jobs:
repo: "hashicorp/boundary-ui"
name: admin-ui-${{ needs.product-metadata.outputs.product-edition }}
path: internal/ui/.tmp/boundary-ui/ui/admin/dist
- name: Go build
- name: Go Build
env:
GOOS: ${{ matrix.goos }}
GOARCH: ${{ matrix.goarch }}
CGO_ENABLED: 0
run: |
mkdir out
make build
zip -r -j out/${{ env.PKG_NAME }}_${{ needs.product-metadata.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip bin/
CGO_ENABLED: "0"
PRERELEASE_PRODUCT_VERSION: ${{ needs.set-product-version.outputs.prerelease-product-version }}
METADATA_PRODUCT_VERSION: ${{ needs.product-metadata.outputs.product-edition }}
uses: hashicorp/actions-go-build@v0.1.7
with:
product_name: ${{ env.PKG_NAME }}
product_version: ${{ needs.set-product-version. outputs.product-version }}
go_version: ${{ matrix.go }}
os: ${{ matrix.goos }}
arch: ${{ matrix.goarch }}
reproducible: report
instructions: |-
make build
- uses: actions/upload-artifact@v3
with:
name: ${{ env.PKG_NAME }}_${{ needs.product-metadata.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip
path: out/${{ env.PKG_NAME }}_${{ needs.product-metadata.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip
name: ${{ env.PKG_NAME }}_${{ needs.set-product-version.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip
path: out/${{ env.PKG_NAME }}_${{ needs.set-product-version.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip
build-docker:
name: Docker ${{ matrix.arch }} build
needs:
- product-metadata
- set-product-version
- build-linux
runs-on: ubuntu-latest
strategy:
@ -324,7 +359,7 @@ jobs:
arch: ["arm", "arm64", "386", "amd64"]
env:
repo: ${{ github.event.repository.name }}
version: ${{ needs.product-metadata.outputs.product-version }}
version: ${{ needs.set-product-version.outputs.product-version }}
minor-version: ${{ needs.product-metadata.outputs.product-minor-version }}
steps:
- uses: actions/checkout@v3
@ -352,11 +387,12 @@ jobs:
# workflow.
if: "! github.event.pull_request.head.repo.fork"
needs:
- set-product-version
- product-metadata
- build-linux
uses: ./.github/workflows/enos-run.yml
with:
artifact-name: "boundary_${{ needs.product-metadata.outputs.product-version }}_linux_amd64.zip"
artifact-name: "boundary_${{ needs.set-product-version.outputs.product-version }}_linux_amd64.zip"
go-version: ${{ needs.product-metadata.outputs.go-version }}
secrets: inherit
@ -365,7 +401,7 @@ jobs:
name: CLI tests
if: "! github.event.pull_request.head.repo.fork"
needs:
- product-metadata
- set-product-version
- build-linux
steps:
- uses: actions/checkout@v3
@ -421,12 +457,12 @@ jobs:
id: download
uses: actions/download-artifact@v3
with:
name: boundary_${{ needs.product-metadata.outputs.product-version }}_linux_amd64.zip
name: boundary_${{ needs.set-product-version.outputs.product-version }}_linux_amd64.zip
path: /tmp
- name: Unpack boundary bundle
run: |
unzip ${{steps.download.outputs.download-path}}/boundary_${{ needs.product-metadata.outputs.product-version }}_linux_amd64.zip -d /usr/local/bin
rm ${{steps.download.outputs.download-path}}/boundary_${{ needs.product-metadata.outputs.product-version }}_linux_amd64.zip
unzip ${{steps.download.outputs.download-path}}/boundary_${{ needs.set-product-version.outputs.product-version }}_linux_amd64.zip -d /usr/local/bin
rm ${{steps.download.outputs.download-path}}/boundary_${{ needs.set-product-version.outputs.product-version }}_linux_amd64.zip
- name: Versions
run: |
echo "go version:"

173
.release/ci.hcl
Unescape View File

@ -13,14 +13,11 @@ project "boundary" {
release_branches = [
"main",
"release/**",
]
}
}
event "merge" {
// "entrypoint" to use if build is not run automatically // i.e. send "merge" complete signal to orchestrator to trigger build
}
event "build" {
depends = ["merge"]
@ -31,13 +28,13 @@ event "build" {
}
}
event "upload-dev" {
event "prepare" {
depends = ["build"]
action "upload-dev" {
action "prepare" {
organization = "hashicorp"
repository = "crt-workflows-common"
workflow = "upload-dev"
workflow = "prepare"
depends = ["build"]
}
@ -46,157 +43,6 @@ event "upload-dev" {
}
}
event "security-scan-binaries" {
depends = ["upload-dev"]
action "security-scan-binaries" {
organization = "hashicorp"
repository = "crt-workflows-common"
workflow = "security-scan-binaries"
config = "security-scan.hcl"
}
notification {
on = "fail"
}
}
event "security-scan-containers" {
depends = ["security-scan-binaries"]
action "security-scan-containers" {
organization = "hashicorp"
repository = "crt-workflows-common"
workflow = "security-scan-containers"
config = "security-scan.hcl"
}
notification {
on = "fail"
}
}
event "notarize-darwin-amd64" {
depends = ["security-scan-containers"]
action "notarize-darwin-amd64" {
organization = "hashicorp"
repository = "crt-workflows-common"
workflow = "notarize-darwin-amd64"
}
notification {
on = "fail"
}
}
event "notarize-darwin-arm64" {
depends = ["notarize-darwin-amd64"]
action "notarize-darwin-arm64" {
organization = "hashicorp"
repository = "crt-workflows-common"
workflow = "notarize-darwin-arm64"
}
notification {
on = "fail"
}
}
event "notarize-windows-386" {
depends = ["notarize-darwin-arm64"]
action "notarize-windows-386" {
organization = "hashicorp"
repository = "crt-workflows-common"
workflow = "notarize-windows-386"
}
notification {
on = "fail"
}
}
event "notarize-windows-amd64" {
depends = ["notarize-windows-386"]
action "notarize-windows-amd64" {
organization = "hashicorp"
repository = "crt-workflows-common"
workflow = "notarize-windows-amd64"
}
notification {
on = "fail"
}
}
event "sign" {
depends = ["notarize-windows-amd64"]
action "sign" {
organization = "hashicorp"
repository = "crt-workflows-common"
workflow = "sign"
}
notification {
on = "fail"
}
}
event "sign-linux-rpms" {
depends = ["sign"]
action "sign-linux-rpms" {
organization = "hashicorp"
repository = "crt-workflows-common"
workflow = "sign-linux-rpms"
}
notification {
on = "fail"
}
}
event "verify" {
depends = ["sign-linux-rpms"]
action "verify" {
organization = "hashicorp"
repository = "crt-workflows-common"
workflow = "verify"
}
notification {
on = "fail"
}
}
event "promote-dev-docker" {
depends = ["verify"]
action "promote-dev-docker" {
organization = "hashicorp"
repository = "crt-workflows-common"
workflow = "promote-dev-docker"
depends = ["verify"]
}
notification {
on = "fail"
}
}
event "fossa-scan" {
depends = ["promote-dev-docker"]
action "fossa-scan" {
organization = "hashicorp"
repository = "crt-workflows-common"
workflow = "fossa-scan"
}
}
## These are promotion and post-publish events
## they should be added to the end of the file after the verify event stanza.
@ -292,8 +138,17 @@ event "post-publish-website" {
}
}
event "update-ironbank" {
event "bump-version" {
depends = ["post-publish-website"]
action "bump-version" {
organization = "hashicorp"
repository = "crt-workflows-common"
workflow = "bump-version"
}
}
event "update-ironbank" {
depends = ["bump-version"]
action "update-ironbank" {
organization = "hashicorp"
repository = "crt-workflows-common"

30
scripts/build.sh
Unescape View File

@ -54,26 +54,38 @@ if [ "${CI_BUILD}x" != "x" ]; then
exit
fi
# Declare binary paths!
BINARY_NAME="boundary${BINARY_SUFFIX}"
BIN_PATH=${BIN_PATH:=bin/${BINARY_NAME}}
BIN_PARENT_DIR="${BIN_PATH%/*}"
BIN_PARENT_DIR="${BIN_PARENT_DIR##*/}"
# Delete the old dir
echo "==> Removing old directory..."
rm -f bin/*
mkdir -p bin/
echo "==> Removing old directory ${BIN_PARENT_DIR}..."
rm -rf ${BIN_PARENT_DIR}
mkdir -p ${BIN_PARENT_DIR}
# Build!
echo "==> Building into bin/ for ${GOOS}_${GOARCH}..."
BINARY_NAME="boundary${BINARY_SUFFIX}"
echo "==> Building into ${BIN_PARENT_DIR} for ${GOOS}_${GOARCH}..."
${GO_CMD} build \
-tags="${BUILD_TAGS}" \
-ldflags "-X github.com/hashicorp/boundary/version.GitCommit=${GIT_COMMIT}${GIT_DIRTY}" \
-o "bin/${BINARY_NAME}" \
-trimpath \
-buildvcs=false \
-ldflags "
-X github.com/hashicorp/boundary/version.GitCommit=${GIT_COMMIT}${GIT_DIRTY}
-X 'github.com/hashicorp/boundary/version.Version=$PRODUCT_VERSION'
-X 'github.com/hashicorp/boundary/version.VersionPrerelease=$PRERELEASE_PRODUCT_VERSION'
-X 'github.com/hashicorp/boundary/version.VersionMetadata=$METADATA_PRODUCT_VERSION'
" \
-o "$BIN_PATH" \
./cmd/boundary
# Copy binary into gopath if desired
if [ "${BOUNDARY_INSTALL_BINARY}x" != "x" ]; then
echo "==> Moving binary into GOPATH/bin..."
mv -f "bin/${BINARY_NAME}" "${GOPATH}/bin/"
mv -f "${BIN_PATH}" "${GOPATH}/bin/"
fi
# Done!
echo "==> Results:"
ls -hl bin/
ls -hl ${BIN_PARENT_DIR}

1
version/VERSION
Unescape View File

@ -0,0 +1 @@
0.12.0

7
version/version_base.go
Unescape View File

@ -1,17 +1,20 @@
package version
var (
// The git commit that was compiled. This will be filled in by the compiler.
// GitCommit is the git commit that was compiled. This will be filled in by the compiler.
GitCommit string
GitDescribe string
// Whether cgo is enabled or not; set at build time
// CgoEnabled is whether cgo is enabled or not; set at build time
CgoEnabled bool
// Version is the base version
// Default values - set when building locally (at build time)
Version = "0.12.0"
// VersionPrerelease is also set at compile time, similarly to Version.
VersionPrerelease = ""
// VersionMetadata is also set at compile time.
VersionMetadata = ""
)

Write Preview
Loading…
Cancel
Save