Merge a7ebdae3ee0d6b6d62d00bd4c3e630c68a548a8b into backport/nicoleta… #3179
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: build | ||
# We now default to running this workflow on every push to every branch. | ||
# This provides fast feedback when build issues occur, so they can be | ||
# fixed prior to being merged to the main branch. | ||
# | ||
# If you want to opt out of this, and only run the build on certain branches | ||
# please refer to the documentation on branch filtering here: | ||
# | ||
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#onpushbranchestagsbranches-ignoretags-ignore | ||
# | ||
on: [workflow_dispatch, push] | ||
env: | ||
PKG_NAME: "consul-dataplane" | ||
jobs: | ||
conditional-skip: | ||
uses: ./.github/workflows/reusable-conditional-skip.yml | ||
Check failure on line 19 in .github/workflows/build.yml GitHub Actions / .github/workflows/build.ymlInvalid workflow file
|
||
get-go-version: | ||
# Cascades down to test jobs | ||
needs: [conditional-skip] | ||
if: needs.conditional-skip.outputs.skip-ci != 'true' | ||
uses: ./.github/workflows/reusable-get-go-version.yml | ||
get-product-version: | ||
# Cascades down to test jobs | ||
needs: [conditional-skip] | ||
if: needs.conditional-skip.outputs.skip-ci != 'true' | ||
runs-on: ubuntu-latest | ||
outputs: | ||
product-version: ${{ steps.get-product-version.outputs.product-version }} | ||
steps: | ||
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | ||
- name: get product version | ||
id: get-product-version | ||
run: | | ||
make version | ||
echo "product-version=$(make version)" >> $GITHUB_OUTPUT | ||
generate-metadata-file: | ||
needs: get-product-version | ||
runs-on: ubuntu-latest | ||
outputs: | ||
filepath: ${{ steps.generate-metadata-file.outputs.filepath }} | ||
steps: | ||
- name: "Checkout directory" | ||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | ||
- name: Generate metadata file | ||
id: generate-metadata-file | ||
uses: hashicorp/actions-generate-metadata@v1 | ||
with: | ||
version: ${{ needs.get-product-version.outputs.product-version }} | ||
product: ${{ env.PKG_NAME }} | ||
repositoryOwner: "hashicorp" | ||
- uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | ||
with: | ||
name: metadata.json | ||
path: ${{ steps.generate-metadata-file.outputs.filepath }} | ||
build-linux: | ||
needs: | ||
- get-go-version | ||
- get-product-version | ||
runs-on: ubuntu-20.04 # the GLIBC is too high on 22.04 | ||
strategy: | ||
matrix: | ||
include: | ||
- {goos: "linux", goarch: "arm"} | ||
- {goos: "linux", goarch: "arm64"} | ||
- {goos: "linux", goarch: "386"} | ||
- {goos: "linux", goarch: "amd64"} | ||
- {goos: "linux", goarch: "amd64", gotags: "fips", env: "CGO_ENABLED=1 GOEXPERIMENT=boringcrypto", fips: "+fips1402", pkg_suffix: "-fips" } | ||
- {goos: "linux", goarch: "arm64", gotags: "fips", env: "CGO_ENABLED=1 GOEXPERIMENT=boringcrypto CC=aarch64-linux-gnu-gcc", fips: "+fips1402", pkg_suffix: "-fips" } | ||
- {goos: "darwin", goarch: "amd64"} | ||
- {goos: "darwin", goarch: "arm64"} | ||
fail-fast: true | ||
name: Go ${{ needs.get-go-version.outputs.go-version }} ${{ matrix.goos }} ${{ matrix.goarch }} ${{ matrix.fips }} build | ||
steps: | ||
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | ||
- uses: hashicorp/actions-go-build@v1 | ||
with: | ||
product_name: ${{ env.PKG_NAME }} | ||
product_version: ${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }} | ||
go_version: ${{ needs.get-go-version.outputs.go-version }} | ||
os: ${{ matrix.goos }} | ||
arch: ${{ matrix.goarch }} | ||
reproducible: assert | ||
instructions: | | ||
cp LICENSE $TARGET_DIR/LICENSE.txt | ||
if [[ "${{ matrix.fips }}" == "+fips1402" ]] | ||
then | ||
sudo apt-get update --allow-releaseinfo-change-suite --allow-releaseinfo-change-version && sudo apt-get install -y build-essential gcc-aarch64-linux-gnu | ||
fi | ||
${{ matrix.env }} go build -tags=${{ matrix.gotags }} -trimpath -buildvcs=false -ldflags="-X github.com/hashicorp/consul-dataplane/pkg/version.GitCommit=${GITHUB_SHA::8}" -o $BIN_PATH ./cmd/$BIN_NAME | ||
- name: Copy license file | ||
if: ${{ matrix.goos == 'linux' }} | ||
env: | ||
LICENSE_DIR: ".release/linux/package/usr/share/doc/${{ env.PKG_NAME }}" | ||
run: | | ||
mkdir -p "$LICENSE_DIR" | ||
cp LICENSE "$LICENSE_DIR/LICENSE.txt" | ||
- name: Package | ||
if: ${{ matrix.goos == 'linux' }} | ||
uses: hashicorp/actions-packaging-linux@v1 | ||
with: | ||
name: ${{ github.event.repository.name }}${{ matrix.pkg_suffix }} | ||
description: "Consul dataplane connects an application to a Consul service mesh." | ||
arch: ${{ matrix.goarch }} | ||
version: ${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }} | ||
maintainer: "HashiCorp" | ||
homepage: "https://github.com/hashicorp/consul-dataplane" | ||
license: "MPL-2.0" | ||
binary: "dist/${{ env.PKG_NAME }}" | ||
deb_depends: "openssl" | ||
rpm_depends: "openssl" | ||
config_dir: ".release/linux/package/" | ||
- name: Set Package Names | ||
if: ${{ matrix.goos == 'linux' }} | ||
run: | | ||
echo "RPM_PACKAGE=$(basename out/*.rpm)" >> $GITHUB_ENV | ||
echo "DEB_PACKAGE=$(basename out/*.deb)" >> $GITHUB_ENV | ||
- uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | ||
if: ${{ matrix.goos == 'linux' }} | ||
with: | ||
name: ${{ env.RPM_PACKAGE }} | ||
path: out/${{ env.RPM_PACKAGE }} | ||
- uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | ||
if: ${{ matrix.goos == 'linux' }} | ||
with: | ||
name: ${{ env.DEB_PACKAGE }} | ||
path: out/${{ env.DEB_PACKAGE }} | ||
build-docker-default: | ||
name: Docker ${{ matrix.arch }} ${{ matrix.fips }} default release build | ||
needs: | ||
- get-go-version | ||
- get-product-version | ||
- build-linux | ||
runs-on: ubuntu-latest | ||
strategy: | ||
matrix: | ||
# This is the subset of architectures we build binaries for officially | ||
# supported by Envoy. | ||
include: | ||
- { arch: "amd64" } | ||
- { arch: "amd64", fips: "+fips1402" } | ||
- { arch: "arm64" } | ||
- { arch: "arm64", fips: "+fips1402" } | ||
env: | ||
repo: ${{ github.event.repository.name }} | ||
version: ${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }} | ||
steps: | ||
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | ||
# This naming convention will be used ONLY for per-commit dev images | ||
- name: Set docker dev tag | ||
run: | | ||
echo "full_dev_tag=${{ env.version }}" | ||
echo "full_dev_tag=${{ env.version }}" >> $GITHUB_ENV | ||
echo "minor_dev_tag=$(echo ${{ env.version }}| sed -E 's/([0-9]+\.[0-9]+)\.[0-9]+(-[0-9a-zA-Z\+\.]+)?$/\1\2/')" | ||
echo "minor_dev_tag=$(echo ${{ env.version }}| sed -E 's/([0-9]+\.[0-9]+)\.[0-9]+(-[0-9a-zA-Z\+\.]+)?$/\1\2/')" >> $GITHUB_ENV | ||
- name: Docker Build (Action) | ||
if: ${{ !matrix.fips }} | ||
uses: hashicorp/actions-docker-build@v2 | ||
with: | ||
smoke_test: | | ||
TEST_VERSION="$(docker run "${IMAGE_NAME}" --version | head -n1 | cut -d' ' -f3 | sed 's/^v//')" | ||
if [ "${TEST_VERSION}" != "${version}" ]; then | ||
echo "Test FAILED: Got ${TEST_VERSION}, want ${version}." | ||
exit 1 | ||
fi | ||
echo "Test PASSED" | ||
version: ${{ env.version }} | ||
target: release-default | ||
arch: ${{ matrix.arch }} | ||
tags: | | ||
docker.io/hashicorp/${{env.repo}}:${{env.version}} | ||
public.ecr.aws/hashicorp/${{env.repo}}:${{env.version}} | ||
dev_tags: | | ||
docker.io/hashicorppreview/${{ env.repo }}:${{ env.full_dev_tag }} | ||
docker.io/hashicorppreview/${{ env.repo }}:${{ env.full_dev_tag }}-${{ github.sha }} | ||
docker.io/hashicorppreview/${{ env.repo }}:${{ env.minor_dev_tag }} | ||
docker.io/hashicorppreview/${{ env.repo }}:${{ env.minor_dev_tag }}-${{ github.sha }} | ||
extra_build_args: | | ||
GOLANG_VERSION=${{ needs.get-go-version.outputs.go-version }} | ||
- name: Docker FIPS Build (Action) | ||
if: ${{ matrix.fips }} | ||
uses: hashicorp/actions-docker-build@v2 | ||
with: | ||
smoke_test: | | ||
TEST_VERSION="$(docker run "${IMAGE_NAME}" --version | head -n1 | cut -d' ' -f3 | sed 's/^v//')" | ||
if [ "${TEST_VERSION}" != "${version}" ]; then | ||
echo "Test FAILED: Got ${TEST_VERSION}, want ${version}." | ||
exit 1 | ||
fi | ||
echo "Test PASSED" | ||
version: ${{ env.version }} | ||
target: release-fips-default | ||
arch: ${{ matrix.arch }} | ||
tags: | | ||
docker.io/hashicorp/${{env.repo}}-fips:${{env.version}} | ||
public.ecr.aws/hashicorp/${{env.repo}}-fips:${{env.version}} | ||
dev_tags: | | ||
docker.io/hashicorppreview/${{ env.repo }}-fips:${{ env.full_dev_tag }} | ||
docker.io/hashicorppreview/${{ env.repo }}-fips:${{ env.full_dev_tag }}-${{ github.sha }} | ||
docker.io/hashicorppreview/${{ env.repo }}-fips:${{ env.minor_dev_tag }} | ||
docker.io/hashicorppreview/${{ env.repo }}-fips:${{ env.minor_dev_tag }}-${{ github.sha }} | ||
extra_build_args: | | ||
GOLANG_VERSION=${{ needs.get-go-version.outputs.go-version }} | ||
build-docker-redhat: | ||
name: Docker ${{ matrix.fips }} UBI Image Build (for Red Hat Certified Container Registry) | ||
needs: | ||
- get-go-version | ||
- get-product-version | ||
- build-linux | ||
runs-on: ubuntu-latest | ||
strategy: | ||
matrix: | ||
include: | ||
- { target-name: "release-ubi", registry-id: "631f805e0d15f623c5996c2e" } | ||
- { target-name: "release-fips-ubi", registry-id: "649cced3e093d1cc7f3d9b61", fips: "+fips1402" } | ||
env: | ||
repo: ${{github.event.repository.name}} | ||
version: ${{needs.get-product-version.outputs.product-version}}${{ matrix.fips }} | ||
steps: | ||
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | ||
- uses: hashicorp/actions-docker-build@v2 | ||
with: | ||
version: ${{env.version}} | ||
target: ${{ matrix.target-name }} | ||
arch: amd64 | ||
redhat_tag: quay.io/redhat-isv-containers/${{matrix.registry-id}}:${{env.version}}-ubi | ||
extra_build_args: | | ||
GOLANG_VERSION=${{ needs.get-go-version.outputs.go-version }} | ||
build-docker-ubi-dockerhub: | ||
name: Docker ${{ matrix.arch }} ${{ matrix.fips }} UBI build for DockerHub | ||
needs: | ||
- get-go-version | ||
- get-product-version | ||
- build-linux | ||
runs-on: ubuntu-latest | ||
strategy: | ||
matrix: | ||
include: | ||
- { arch: "amd64" } | ||
- { arch: "amd64", fips: "+fips1402" } | ||
env: | ||
repo: ${{ github.event.repository.name }} | ||
version: ${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }} | ||
steps: | ||
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | ||
# This naming convention will be used ONLY for per-commit dev images | ||
- name: Set docker dev tag | ||
run: | | ||
echo "full_dev_tag=${{ env.version }}" | ||
echo "full_dev_tag=${{ env.version }}" >> $GITHUB_ENV | ||
echo "minor_dev_tag=$(echo ${{ env.version }}| sed -E 's/([0-9]+\.[0-9]+)\.[0-9]+(-[0-9a-zA-Z\+\.]+)?$/\1\2/')" | ||
echo "minor_dev_tag=$(echo ${{ env.version }}| sed -E 's/([0-9]+\.[0-9]+)\.[0-9]+(-[0-9a-zA-Z\+\.]+)?$/\1\2/')" >> $GITHUB_ENV | ||
- name: Docker Build (Action) | ||
if: ${{ !matrix.fips }} | ||
uses: hashicorp/actions-docker-build@v2 | ||
with: | ||
smoke_test: | | ||
TEST_VERSION="$(docker run "${IMAGE_NAME}" --version | head -n1 | cut -d' ' -f3 | sed 's/^v//')" | ||
if [ "${TEST_VERSION}" != "${version}" ]; then | ||
echo "Test FAILED: Got ${TEST_VERSION}, want ${version}}." | ||
exit 1 | ||
fi | ||
echo "Test PASSED" | ||
version: ${{ env.version }} | ||
target: release-ubi | ||
arch: ${{ matrix.arch }} | ||
tags: | | ||
docker.io/hashicorp/${{env.repo}}:${{env.version}}-ubi | ||
public.ecr.aws/hashicorp/${{env.repo}}:${{env.version}}-ubi | ||
dev_tags: | | ||
docker.io/hashicorppreview/${{ env.repo }}:${{ env.full_dev_tag }}-ubi | ||
docker.io/hashicorppreview/${{ env.repo }}:${{ env.full_dev_tag }}-ubi-${{ github.sha }} | ||
docker.io/hashicorppreview/${{ env.repo }}:${{ env.minor_dev_tag }}-ubi | ||
docker.io/hashicorppreview/${{ env.repo }}:${{ env.minor_dev_tag }}-ubi-${{ github.sha }} | ||
extra_build_args: | | ||
GOLANG_VERSION=${{ needs.get-go-version.outputs.go-version }} | ||
- name: Docker FIPS Build (Action) | ||
if: ${{ matrix.fips }} | ||
uses: hashicorp/actions-docker-build@v2 | ||
with: | ||
smoke_test: | | ||
TEST_VERSION="$(docker run "${IMAGE_NAME}" --version | head -n1 | cut -d' ' -f3 | sed 's/^v//')" | ||
if [ "${TEST_VERSION}" != "${version}" ]; then | ||
echo "Test FAILED: Got ${TEST_VERSION}, want ${version}}." | ||
exit 1 | ||
fi | ||
echo "Test PASSED" | ||
version: ${{ env.version }} | ||
target: release-fips-ubi | ||
arch: ${{ matrix.arch }} | ||
tags: | | ||
docker.io/hashicorp/${{env.repo}}-fips:${{env.version}}-ubi | ||
public.ecr.aws/hashicorp/${{env.repo}}-fips:${{env.version}}-ubi | ||
dev_tags: | | ||
docker.io/hashicorppreview/${{ env.repo }}-fips:${{ env.full_dev_tag }}-ubi | ||
docker.io/hashicorppreview/${{ env.repo }}-fips:${{ env.full_dev_tag }}-ubi-${{ github.sha }} | ||
docker.io/hashicorppreview/${{ env.repo }}-fips:${{ env.minor_dev_tag }}-ubi | ||
docker.io/hashicorppreview/${{ env.repo }}-fips:${{ env.minor_dev_tag }}-ubi-${{ github.sha }} | ||
extra_build_args: | | ||
GOLANG_VERSION=${{ needs.get-go-version.outputs.go-version }} | ||
integration-tests: | ||
name: Integration Tests (Consul ${{ matrix.server.version }} ${{ matrix.dataplane.docker_target }}) | ||
needs: | ||
- build-docker-default | ||
- build-docker-ubi-dockerhub | ||
- get-product-version | ||
- get-go-version | ||
runs-on: ubuntu-latest | ||
strategy: | ||
matrix: | ||
server: | ||
- version: v1.15.0-dev | ||
image: hashicorppreview/consul:1.15-dev | ||
- version: v1.16.0-dev | ||
image: hashicorppreview/consul:1.16-dev | ||
- version: v1.17.0-dev | ||
image: hashicorppreview/consul:1.17-dev | ||
- version: v1.18.0-dev | ||
image: hashicorppreview/consul:1.18-dev | ||
dataplane: | ||
- image_suffix: "" | ||
docker_target: "release-default" | ||
- image_suffix: "-ubi" | ||
docker_target: "release-ubi" | ||
env: | ||
repo: ${{ github.event.repository.name }} | ||
version: ${{ needs.get-product-version.outputs.product-version }} | ||
steps: | ||
- name: Set docker dev tag | ||
run: | | ||
version="${{ env.version }}" | ||
echo "dev_tag=${{ env.version }}${{ matrix.dataplane.image_suffix }}" >> $GITHUB_ENV | ||
- name: Set image tarball | ||
run: | | ||
echo "image_tarball=${{env.repo}}_${{ matrix.dataplane.docker_target }}_linux_amd64_${{env.version}}_${{github.sha}}.docker.dev.tar" >> $GITHUB_ENV | ||
- uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 | ||
with: | ||
name: ${{env.image_tarball}} | ||
- run: docker load --input ${{env.image_tarball}} | ||
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | ||
- uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 | ||
with: | ||
go-version: ${{ needs.get-go-version.outputs.go-version }} | ||
- id: run-tests | ||
run: cd integration-tests && go test -v -output-dir=./output -dataplane-image=hashicorppreview/${{env.repo}}:${{env.dev_tag}}-${{github.sha}} -server-image=${{matrix.server.image}} -server-version=${{matrix.server.version}} | ||
continue-on-error: true | ||
- uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | ||
continue-on-error: true | ||
with: | ||
name: consul-${{matrix.server.version}}-${{matrix.dataplane.docker_target}}-integration-tests-output | ||
path: integration-tests/output/ | ||
if-no-files-found: 'error' | ||
- name: Check for failures | ||
if: ${{ steps.run-tests.outcome != 'success' }} | ||
run: exit 1 | ||
integration-tests-success: | ||
needs: | ||
- conditional-skip | ||
- integration-tests | ||
runs-on: ubuntu-latest | ||
if: always() && needs.conditional-skip.outputs.skip-ci != 'true' | ||
steps: | ||
- name: evaluate upstream job results | ||
run: | | ||
# exit 1 if failure or cancelled result for any upstream job | ||
if printf '${{ toJSON(needs) }}' | grep -E -i '\"result\": \"(failure|cancelled)\"'; then | ||
printf "Tests failed or workflow cancelled:\n\n${{ toJSON(needs) }}" | ||
exit 1 | ||
fi |