This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build TF Provider | |
on: [push] | |
jobs: | |
static-build: | |
runs-on: ubuntu-latest | |
container: | |
image: golang:1.21.3-bullseye | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install GCC | |
run: | | |
apt update && apt install -y gcc-x86-64-linux-gnu && git config --global --add safe.directory '*' | |
- run: go env | |
- name: go mod download | |
run: go mod download | |
- name: Build | |
run: | | |
CC=x86_64-linux-gnu-gcc \ | |
GOARCH=amd64 \ | |
CGO_ENABLED=1 \ | |
GOEXPERIMENT=boringcrypto \ | |
go build -v -o /go/bin/app . | |
- name: LDD check | |
run: | | |
ldd /go/bin/app | |
- name: Verify Boringcrypto | |
run: | | |
go run rsc.io/goversion@master -crypto /go/bin/app | grep -q '(boring crypto)' | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup Go | |
uses: actions/setup-go@v4 | |
with: | |
go-version: 1.21.3 | |
- name: Install C toolchain | |
run: | | |
sudo apt-get update | |
sudo apt install -y gcc-x86-64-linux-gnu | |
mkdir bin | |
- name: Cache Binaries | |
uses: actions/cache@v2 | |
env: | |
cache-name: cache-binaries | |
with: | |
path: bin | |
key: ${{ github.sha }} | |
restore-keys: ${{ github.sha }} | |
- name: Build Linux binary with Boringcrypto | |
run: | | |
CC=x86_64-linux-gnu-gcc CGO_ENABLED=1 GOARCH=amd64 GOOS=linux GOEXPERIMENT=boringcrypto \ | |
go build \ | |
-ldflags "-linkmode external -extldflags -static" | |
-o bin/terraform-provider-google.linux.amd64 . | |
- name: Verify statically linked | |
run: | | |
ldd bin/terraform-provider-google.linux.amd64 | |
- name: Verify Boringcrypto | |
run: | | |
go run rsc.io/goversion@master -crypto bin/terraform-provider-google.linux.amd64 | grep -q '(boring crypto)' | |
# boringcrypto isn't available for darwin, so we can also disable CGO. | |
- name: Build Darwin binary without Boringcrypto | |
run: | | |
CGO_ENABLED=0 GOARCH=arm64 GOOS=darwin \ | |
go build -o bin/terraform-provider-google.darwin.arm64 . | |
release: | |
runs-on: ubuntu-latest | |
needs: build | |
if: github.ref == 'refs/heads/snyk-v1' | |
permissions: | |
contents: write | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Cache Binaries | |
uses: actions/cache@v2 | |
env: | |
cache-name: cache-binaries | |
with: | |
path: bin | |
key: ${{ github.sha }} | |
restore-keys: ${{ github.sha }} | |
- name: Create Release | |
uses: ncipollo/release-action@v1 | |
with: | |
tag: v0.0.0-${{ github.sha }} | |
commit: ${{ github.sha }} | |
artifacts: bin/terraform-provider-google.*.* | |
makeLatest: true |