mirror of https://github.com/hashicorp/boundary
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
449 lines
17 KiB
449 lines
17 KiB
name: build
|
|
|
|
on:
|
|
- workflow_dispatch
|
|
- push
|
|
- workflow_call
|
|
|
|
env:
|
|
PKG_NAME: "boundary"
|
|
|
|
jobs:
|
|
product-metadata:
|
|
runs-on: ubuntu-latest
|
|
outputs:
|
|
product-version: ${{ steps.get-product-version.outputs.product-version }}
|
|
product-minor-version: ${{ steps.get-product-version.outputs.product-minor-version }}
|
|
product-edition: ${{ steps.get-product-edition.outputs.product-edition }}
|
|
go-version: ${{ steps.get-go-version.outputs.go-version }}
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
- name: Determine Go version
|
|
id: get-go-version
|
|
# We use .go-version as our source of truth for current Go
|
|
# version, because "goenv" can react to it automatically.
|
|
run: |
|
|
echo "Building with Go $(cat .go-version)"
|
|
echo "::set-output name=go-version::$(cat .go-version)"
|
|
- name: Set up Go
|
|
uses: actions/setup-go@v3
|
|
with:
|
|
go-version: "${{ steps.get-go-version.outputs.go-version }}"
|
|
- name: Determine Go cache paths
|
|
id: go-cache-paths
|
|
run: |
|
|
echo "::set-output name=go-build::$(go env GOCACHE)"
|
|
echo "::set-output name=go-mod::$(go env GOMODCACHE)"
|
|
- name: Set up Go modules cache
|
|
uses: actions/cache@v3
|
|
with:
|
|
path: |
|
|
${{ steps.go-cache-paths.outputs.go-build }}
|
|
${{ steps.go-cache-paths.outputs.go-mod }}
|
|
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
|
|
restore-keys: |
|
|
${{ runner.os }}-go-
|
|
- name: Determine product edition
|
|
id: get-product-edition
|
|
# Run make edition twice to ensure that extra go output isn't included
|
|
run: |
|
|
make edition
|
|
echo "::set-output name=product-edition::$(make edition)"
|
|
- name: Determine product version
|
|
id: get-product-version
|
|
run: |
|
|
VERSION=$(make version)
|
|
MINOR_VERSION=$(echo $VERSION | cut -d. -f-2)
|
|
echo "::set-output name=product-version::$VERSION"
|
|
echo "::set-output name=product-minor-version::$MINOR_VERSION"
|
|
|
|
verify-product-metadata:
|
|
needs: product-metadata
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: 'Checkout directory'
|
|
uses: actions/checkout@v3
|
|
- run: |
|
|
echo "Product Version - ${{ needs.product-metadata.outputs.product-version }}"
|
|
echo "Product Minor Version - ${{ needs.product-metadata.outputs.product-minor-version }}"
|
|
echo "Product Edition - ${{ needs.product-metadata.outputs.product-edition }}"
|
|
|
|
generate-metadata-file:
|
|
needs: product-metadata
|
|
runs-on: ubuntu-latest
|
|
outputs:
|
|
filepath: ${{ steps.generate-metadata-file.outputs.filepath }}
|
|
steps:
|
|
- name: 'Checkout directory'
|
|
uses: actions/checkout@v3
|
|
- name: Generate metadata file
|
|
id: generate-metadata-file
|
|
uses: hashicorp/actions-generate-metadata@main
|
|
with:
|
|
version: ${{ needs.product-metadata.outputs.product-version }}
|
|
product: ${{ env.PKG_NAME }}
|
|
|
|
- uses: actions/upload-artifact@v3
|
|
with:
|
|
name: metadata.json
|
|
path: ${{ steps.generate-metadata-file.outputs.filepath }}
|
|
|
|
build-other:
|
|
needs:
|
|
- product-metadata
|
|
runs-on: ubuntu-latest
|
|
strategy:
|
|
matrix:
|
|
goos: [ freebsd, windows, netbsd, openbsd, solaris ]
|
|
goarch: [ "386", "amd64", "arm" ]
|
|
go: [ "${{ needs.product-metadata.outputs.go-version }}" ]
|
|
exclude:
|
|
- goos: solaris
|
|
goarch: 386
|
|
- goos: solaris
|
|
goarch: arm
|
|
- goos: windows
|
|
goarch: arm
|
|
fail-fast: true
|
|
|
|
name: Go ${{ matrix.go }} ${{ matrix.goos }} ${{ matrix.goarch }} build
|
|
env:
|
|
GOPRIVATE: "github.com/hashicorp"
|
|
GO111MODULE: on
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
- name: Set up go
|
|
uses: actions/setup-go@v3
|
|
with:
|
|
go-version: ${{ matrix.go }}
|
|
- name: Determine Go cache paths
|
|
id: go-cache-paths
|
|
run: |
|
|
echo "::set-output name=go-build::$(go env GOCACHE)"
|
|
echo "::set-output name=go-mod::$(go env GOMODCACHE)"
|
|
- name: Set up Go modules cache
|
|
uses: actions/cache@v3
|
|
with:
|
|
path: |
|
|
${{ steps.go-cache-paths.outputs.go-build }}
|
|
${{ steps.go-cache-paths.outputs.go-mod }}
|
|
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}-${{ matrix.goarch }}
|
|
restore-keys: |
|
|
${{ runner.os }}-go-
|
|
- name: Set up Git
|
|
run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com"
|
|
- name: Determine SHA
|
|
id: set-sha
|
|
run: echo "::set-output name=sha::$(head -n1 internal/ui/VERSION | cut -d ' ' -f1)"
|
|
- name: Download UI artifact
|
|
uses: dawidd6/action-download-artifact@v2
|
|
with:
|
|
workflow: build-admin-ui.yaml
|
|
commit: ${{ steps.set-sha.outputs.sha }}
|
|
repo: "hashicorp/boundary-ui"
|
|
name: admin-ui-${{ needs.product-metadata.outputs.product-edition }}
|
|
path: internal/ui/.tmp/boundary-ui/ui/admin/dist
|
|
- name: Go build
|
|
env:
|
|
GOOS: ${{ matrix.goos }}
|
|
GOARCH: ${{ matrix.goarch }}
|
|
CGO_ENABLED: 0
|
|
run: |
|
|
mkdir out
|
|
make build
|
|
zip -r -j out/${{ env.PKG_NAME }}_${{ needs.product-metadata.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip bin/
|
|
- uses: actions/upload-artifact@v3
|
|
with:
|
|
name: ${{ env.PKG_NAME }}_${{ needs.product-metadata.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip
|
|
path: out/${{ env.PKG_NAME }}_${{ needs.product-metadata.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip
|
|
|
|
build-linux:
|
|
needs:
|
|
- product-metadata
|
|
runs-on: ubuntu-latest
|
|
strategy:
|
|
matrix:
|
|
goos: [linux]
|
|
goarch: ["arm", "arm64", "386", "amd64"]
|
|
go: [ "${{ needs.product-metadata.outputs.go-version }}" ]
|
|
fail-fast: true
|
|
|
|
name: Go ${{ matrix.go }} ${{ matrix.goos }} ${{ matrix.goarch }} build
|
|
|
|
env:
|
|
GOPRIVATE: "github.com/hashicorp"
|
|
GO111MODULE: on
|
|
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
- name: Set up Git
|
|
run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com"
|
|
- name: Set up Go
|
|
uses: actions/setup-go@v3
|
|
with:
|
|
go-version: ${{ matrix.go }}
|
|
- name: Determine Go cache paths
|
|
id: go-cache-paths
|
|
run: |
|
|
echo "::set-output name=go-build::$(go env GOCACHE)"
|
|
echo "::set-output name=go-mod::$(go env GOMODCACHE)"
|
|
- name: Set up Go modules cache
|
|
uses: actions/cache@v3
|
|
with:
|
|
path: |
|
|
${{ steps.go-cache-paths.outputs.go-build }}
|
|
${{ steps.go-cache-paths.outputs.go-mod }}
|
|
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}-${{ matrix.goarch }}
|
|
restore-keys: |
|
|
${{ runner.os }}-go-
|
|
- name: Determine SHA
|
|
id: set-sha
|
|
run: echo "::set-output name=sha::$(head -n1 internal/ui/VERSION | cut -d ' ' -f1)"
|
|
- name: Download UI artifact
|
|
uses: dawidd6/action-download-artifact@v2
|
|
with:
|
|
workflow: build-admin-ui.yaml
|
|
commit: ${{ steps.set-sha.outputs.sha }}
|
|
repo: "hashicorp/boundary-ui"
|
|
name: admin-ui-${{ needs.product-metadata.outputs.product-edition }}
|
|
path: internal/ui/.tmp/boundary-ui/ui/admin/dist
|
|
- name: Go build
|
|
env:
|
|
GOOS: ${{ matrix.goos }}
|
|
GOARCH: ${{ matrix.goarch }}
|
|
CGO_ENABLED: 0
|
|
run: |
|
|
mkdir out
|
|
make build
|
|
zip -r -j out/${{ env.PKG_NAME }}_${{ needs.product-metadata.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip bin/
|
|
- uses: actions/upload-artifact@v3
|
|
with:
|
|
name: ${{ env.PKG_NAME }}_${{ needs.product-metadata.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip
|
|
path: out/${{ env.PKG_NAME }}_${{ needs.product-metadata.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip
|
|
|
|
- name: Package
|
|
uses: hashicorp/actions-packaging-linux@v1
|
|
with:
|
|
name: ${{ github.event.repository.name }}
|
|
description: "HashiCorp Boundary - Identity-based access management for dynamic infrastructure"
|
|
arch: ${{ matrix.goarch }}
|
|
version: ${{ needs.product-metadata.outputs.product-version }}
|
|
maintainer: "HashiCorp"
|
|
homepage: "https://github.com/hashicorp/boundary"
|
|
license: "MPL-2.0"
|
|
binary: "bin/${{ env.PKG_NAME }}"
|
|
deb_depends: "openssl"
|
|
rpm_depends: "openssl"
|
|
config_dir: ".release/linux/package/"
|
|
preinstall: ".release/linux/preinst"
|
|
postremove: ".release/linux/postrm"
|
|
- name: Add Linux Package names to env
|
|
run: |
|
|
echo "RPM_PACKAGE=$(basename out/*.rpm)" >> $GITHUB_ENV
|
|
echo "DEB_PACKAGE=$(basename out/*.deb)" >> $GITHUB_ENV
|
|
- name: Upload RPM package
|
|
uses: actions/upload-artifact@v3
|
|
with:
|
|
name: ${{ env.RPM_PACKAGE }}
|
|
path: out/${{ env.RPM_PACKAGE }}
|
|
- name: Upload DEB package
|
|
uses: actions/upload-artifact@v3
|
|
with:
|
|
name: ${{ env.DEB_PACKAGE }}
|
|
path: out/${{ env.DEB_PACKAGE }}
|
|
|
|
build-darwin:
|
|
needs:
|
|
- product-metadata
|
|
runs-on: macos-latest
|
|
strategy:
|
|
matrix:
|
|
goos: [ darwin ]
|
|
goarch: [ "amd64", "arm64" ]
|
|
go: [ "${{ needs.product-metadata.outputs.go-version }}" ]
|
|
fail-fast: true
|
|
name: Go ${{ matrix.go }} ${{ matrix.goos }} ${{ matrix.goarch }} build
|
|
|
|
env:
|
|
GOPRIVATE: "github.com/hashicorp"
|
|
GO111MODULE: on
|
|
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
- name: Set up go
|
|
uses: actions/setup-go@v3
|
|
with:
|
|
go-version: ${{ matrix.go }}
|
|
- name: Determine Go cache paths
|
|
id: go-cache-paths
|
|
run: |
|
|
echo "::set-output name=go-build::$(go env GOCACHE)"
|
|
echo "::set-output name=go-mod::$(go env GOMODCACHE)"
|
|
- name: Set up Go modules cache
|
|
uses: actions/cache@v3
|
|
with:
|
|
path: |
|
|
${{ steps.go-cache-paths.outputs.go-build }}
|
|
${{ steps.go-cache-paths.outputs.go-mod }}
|
|
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
|
|
restore-keys: |
|
|
${{ runner.os }}-go-
|
|
- name: Determine SHA
|
|
id: set-sha
|
|
run: echo "::set-output name=sha::$(head -n1 internal/ui/VERSION | cut -d ' ' -f1)"
|
|
- name: Download UI artifact
|
|
uses: dawidd6/action-download-artifact@v2
|
|
with:
|
|
workflow: build-admin-ui.yaml
|
|
commit: ${{ steps.set-sha.outputs.sha }}
|
|
repo: "hashicorp/boundary-ui"
|
|
name: admin-ui-${{ needs.product-metadata.outputs.product-edition }}
|
|
path: internal/ui/.tmp/boundary-ui/ui/admin/dist
|
|
- name: Go build
|
|
env:
|
|
GOOS: ${{ matrix.goos }}
|
|
GOARCH: ${{ matrix.goarch }}
|
|
CGO_ENABLED: 0
|
|
run: |
|
|
mkdir out
|
|
make build
|
|
zip -r -j out/${{ env.PKG_NAME }}_${{ needs.product-metadata.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip bin/
|
|
- uses: actions/upload-artifact@v3
|
|
with:
|
|
name: ${{ env.PKG_NAME }}_${{ needs.product-metadata.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip
|
|
path: out/${{ env.PKG_NAME }}_${{ needs.product-metadata.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip
|
|
|
|
build-docker:
|
|
name: Docker ${{ matrix.arch }} build
|
|
needs:
|
|
- product-metadata
|
|
- build-linux
|
|
runs-on: ubuntu-latest
|
|
strategy:
|
|
matrix:
|
|
arch: ["arm", "arm64", "386", "amd64"]
|
|
env:
|
|
repo: ${{ github.event.repository.name }}
|
|
version: ${{ needs.product-metadata.outputs.product-version }}
|
|
minor-version: ${{ needs.product-metadata.outputs.product-minor-version }}
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
- name: Docker Build (Action)
|
|
uses: hashicorp/actions-docker-build@v1
|
|
with:
|
|
version: ${{ env.version }}
|
|
target: default
|
|
arch: ${{ matrix.arch }}
|
|
tags: |
|
|
docker.io/hashicorp/${{ env.repo }}:${{ env.version }}
|
|
public.ecr.aws/hashicorp/${{ env.repo }}:${{ env.version }}
|
|
# Per-commit dev images follow the naming convention MAJOR.MINOR-dev
|
|
# And MAJOR.MINOR-dev-$COMMITSHA
|
|
dev_tags: |
|
|
docker.io/hashicorppreview/${{ env.repo }}:${{ env.minor-version }}-dev
|
|
docker.io/hashicorppreview/${{ env.repo }}:${{ env.minor-version }}-dev-${{ github.sha }}
|
|
|
|
enos:
|
|
name: Enos
|
|
# Only run the Enos workflow on pull requests that have been originated from
|
|
# the hashicorp/boundary repository. As Enos scenarios require access to
|
|
# Github Actions secrets, it only makes sense to run this workflow when those
|
|
# secrets are available. Any pull requests from forks will not trigger the
|
|
# workflow.
|
|
if: "! github.event.pull_request.head.repo.fork"
|
|
needs:
|
|
- product-metadata
|
|
- build-linux
|
|
uses: ./.github/workflows/enos-run.yml
|
|
with:
|
|
artifact-name: "boundary_${{ needs.product-metadata.outputs.product-version }}_linux_amd64.zip"
|
|
go-version: ${{ needs.product-metadata.outputs.go-version }}
|
|
secrets: inherit
|
|
|
|
bats:
|
|
runs-on: ubuntu-latest
|
|
name: CLI tests
|
|
if: "! github.event.pull_request.head.repo.fork"
|
|
needs:
|
|
- product-metadata
|
|
- build-linux
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
- name: Import GPG key for Boundary pass keystore
|
|
id: import_gpg
|
|
uses: crazy-max/ghaction-import-gpg@v5
|
|
with:
|
|
gpg_private_key: ${{ secrets.ENOS_GPG_PRIVATE_KEY }}
|
|
passphrase: ${{ secrets.ENOS_GPG_PASSPHRASE }}
|
|
- name: Trust the pass keystore GPG key
|
|
id: trust_gpg
|
|
run: |
|
|
gpg -a --encrypt -r ${{ secrets.ENOS_GPG_UID }} --trust-model always
|
|
echo "trusted-key ${{ secrets.ENOS_GPG_UID }}" >> ~/.gnupg/gpg.conf
|
|
cat ~/.gnupg/gpg.conf
|
|
- name: Set up Bats CLI UI tests dependency cache
|
|
id: dep-cache
|
|
uses: actions/cache@v3
|
|
with:
|
|
path: /tmp/bats-cli-ui-deps
|
|
key: enos-bats-cli-ui-deps-jq-1.6-password-store-1.7.4
|
|
- name: Set up Node for Bats install
|
|
uses: actions/setup-node@v3
|
|
with:
|
|
node-version: 16
|
|
- name: Install Bats via NPM
|
|
# Use npm so this workflow is portable on multiple runner distros
|
|
run: npm install --location=global bats
|
|
- name: Download jq for Bats CLI UI tests
|
|
if: steps.dep-cache.outputs.cache-hit != 'true'
|
|
# NOTE: if you update the jq version make sure to update the dep cache key
|
|
run: |
|
|
mkdir -p /tmp/bats-cli-ui-deps
|
|
wget https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 -O /tmp/bats-cli-ui-deps/jq-bin
|
|
- name: Install jq for Bats CLI UI tests
|
|
run: |
|
|
chmod +x /tmp/bats-cli-ui-deps/jq-bin
|
|
sudo cp /tmp/bats-cli-ui-deps/jq-bin /usr/local/bin/jq
|
|
- name: Download and unzip pass for Boundary keyring
|
|
if: steps.dep-cache.outputs.cache-hit != 'true'
|
|
# NOTE: if you update the password store version make sure to update the dep cache key
|
|
run: |
|
|
mkdir -p /tmp/bats-cli-ui-deps/pass
|
|
wget https://git.zx2c4.com/password-store/snapshot/password-store-1.7.4.tar.xz -O /tmp/bats-cli-ui-deps/pass/pass.tar.xz
|
|
cd /tmp/bats-cli-ui-deps/pass
|
|
tar -xvf pass.tar.xz
|
|
- name: Install pass for Boundary keyring
|
|
run: |
|
|
cd /tmp/bats-cli-ui-deps/pass/password-store-1.7.4
|
|
sudo make install
|
|
pass init ${{ secrets.ENOS_GPG_UID }}
|
|
- name: Download Linux AMD64 Boundary bundle
|
|
id: download
|
|
uses: actions/download-artifact@v3
|
|
with:
|
|
name: boundary_${{ needs.product-metadata.outputs.product-version }}_linux_amd64.zip
|
|
path: /tmp
|
|
- name: Unpack boundary bundle
|
|
run: |
|
|
unzip ${{steps.download.outputs.download-path}}/boundary_${{ needs.product-metadata.outputs.product-version }}_linux_amd64.zip -d /usr/local/bin
|
|
rm ${{steps.download.outputs.download-path}}/boundary_${{ needs.product-metadata.outputs.product-version }}_linux_amd64.zip
|
|
- name: Versions
|
|
run: |
|
|
echo "go version:"
|
|
go version
|
|
echo "bats version:"
|
|
bats --version
|
|
echo "jq version:"
|
|
jq --version
|
|
echo "gpg version:"
|
|
gpg --version
|
|
echo "pass version:"
|
|
pass --version
|
|
echo "bash version:"
|
|
bash --version
|
|
echo "boundary version:"
|
|
boundary version
|
|
- name: Run cli bats tests
|
|
run: |
|
|
make test-cli
|