Merge pull request #136 from LuminalHQ/fix/IAC-3164/update-vulnerable… #21
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build TF Provider | |
on: [push] | |
jobs: | |
build: | |
# we need to use the same Ubuntu version as our final Docker (base) image | |
# is using in order to match glibc versions. We need glibc because we | |
# compile a dynamically-linked binary with boringcrypto. | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup Go | |
uses: actions/setup-go@v4 | |
with: | |
go-version: 1.21.3 | |
- name: Install C toolchain | |
run: | | |
sudo apt-get update | |
sudo apt install -y gcc-x86-64-linux-gnu | |
mkdir bin | |
- name: Cache Binaries | |
uses: actions/cache@v2 | |
env: | |
cache-name: cache-binaries | |
with: | |
path: bin | |
key: ${{ github.sha }} | |
restore-keys: ${{ github.sha }} | |
- name: Build Linux binary with Boringcrypto | |
run: | | |
CC=x86_64-linux-gnu-gcc CGO_ENABLED=1 GOARCH=amd64 GOOS=linux GOEXPERIMENT=boringcrypto \ | |
go build -o bin/terraform-provider-google.linux.amd64 . | |
- name: Verify Boringcrypto | |
run: | | |
go run rsc.io/goversion@master -crypto bin/terraform-provider-google.linux.amd64 | grep -q '(boring crypto)' | |
# boringcrypto isn't available for darwin, so we can also disable CGO. | |
- name: Build Darwin binary without Boringcrypto | |
run: | | |
CGO_ENABLED=0 GOARCH=arm64 GOOS=darwin \ | |
go build -o bin/terraform-provider-google.darwin.arm64 . | |
release: | |
runs-on: ubuntu-latest | |
needs: build | |
if: github.ref == 'refs/heads/snyk-v1' | |
permissions: | |
contents: write | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Cache Binaries | |
uses: actions/cache@v2 | |
env: | |
cache-name: cache-binaries | |
with: | |
path: bin | |
key: ${{ github.sha }} | |
restore-keys: ${{ github.sha }} | |
- name: Create Release | |
uses: ncipollo/release-action@v1 | |
with: | |
tag: v0.0.0-${{ github.sha }} | |
commit: ${{ github.sha }} | |
artifacts: bin/terraform-provider-google.*.* | |
makeLatest: true |