Update .github/workflows/security-scan.yml #10
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: build | |
| # We now default to running this workflow on every push to every branch. | |
| # This provides fast feedback when build issues occur, so they can be | |
| # fixed prior to being merged to the main branch. | |
| # | |
| # If you want to opt out of this, and only run the build on certain branches | |
| # please refer to the documentation on branch filtering here: | |
| # | |
| # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#onpushbranchestagsbranches-ignoretags-ignore | |
| # | |
| on: [workflow_dispatch, push] | |
| env: | |
| PKG_NAME: "consul-aws" | |
| jobs: | |
| get-go-version: | |
| uses: ./.github/workflows/reusable-get-go-version.yml | |
| set-product-version: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| product-version: ${{ steps.set-product-version.outputs.product-version }} | |
| product-base-version: ${{ steps.set-product-version.outputs.base-product-version }} | |
| product-prerelease-version: ${{ steps.set-product-version.outputs.prerelease-product-version }} | |
| product-minor-version: ${{ steps.set-product-version.outputs.minor-product-version }} | |
| steps: | |
| - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
| - name: Set Product version | |
| id: set-product-version | |
| uses: hashicorp/actions-set-product-version@v1 | |
| generate-metadata-file: | |
| needs: set-product-version | |
| runs-on: ubuntu-latest | |
| outputs: | |
| filepath: ${{ steps.generate-metadata-file.outputs.filepath }} | |
| steps: | |
| - name: "Checkout directory" | |
| uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
| - name: Generate metadata file | |
| id: generate-metadata-file | |
| uses: hashicorp/actions-generate-metadata@v1 | |
| with: | |
| version: ${{ needs.set-product-version.outputs.product-version }} | |
| product: ${{ env.PKG_NAME }} | |
| repositoryOwner: "hashicorp" | |
| - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 | |
| with: | |
| name: metadata.json | |
| path: ${{ steps.generate-metadata-file.outputs.filepath }} | |
| build-other: | |
| needs: | |
| - get-go-version | |
| - set-product-version | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false # recommended during development | |
| matrix: | |
| goos: [freebsd, windows, netbsd, openbsd, solaris] | |
| goarch: ["386", "amd64", "arm"] | |
| exclude: | |
| - goos: solaris | |
| goarch: 386 | |
| - goos: solaris | |
| goarch: arm | |
| - goos: windows | |
| goarch: arm | |
| name: Go ${{ needs.get-go-version.outputs.go-version }} ${{ matrix.goos }} ${{ matrix.goarch }} build | |
| steps: | |
| - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
| - uses: hashicorp/actions-go-build@v0.1.7 | |
| env: | |
| BASE_VERSION: ${{ needs.set-product-version.outputs.product-base-version }} | |
| PRERELEASE_VERSION: ${{ needs.set-product-version.outputs.product-prerelease-version}} | |
| METADATA_VERSION: ${{ env.METADATA }} | |
| with: | |
| product_name: ${{ env.PKG_NAME }} | |
| product_version: ${{ needs.set-product-version.outputs.product-version }} | |
| go_version: ${{ needs.get-go-version.outputs.go-version }} | |
| os: ${{ matrix.goos }} | |
| arch: ${{ matrix.goarch }} | |
| reproducible: assert | |
| instructions: | | |
| make build | |
| build-linux: | |
| needs: | |
| - get-go-version | |
| - set-product-version | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| include: | |
| - {goos: "linux", goarch: "arm"} | |
| - {goos: "linux", goarch: "arm64"} | |
| - {goos: "linux", goarch: "386"} | |
| - {goos: "linux", goarch: "amd64"} | |
| fail-fast: true | |
| name: Go ${{ needs.get-go-version.outputs.go-version }} ${{ matrix.goos }} ${{ matrix.goarch }} build | |
| steps: | |
| - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
| - uses: hashicorp/actions-go-build@v0.1.7 | |
| with: | |
| product_name: ${{ env.PKG_NAME }} | |
| product_version: ${{ needs.set-product-version.outputs.product-version }} | |
| go_version: ${{ needs.get-go-version.outputs.go-version }} | |
| os: ${{ matrix.goos }} | |
| arch: ${{ matrix.goarch }} | |
| reproducible: assert | |
| instructions: | | |
| make build | |
| build-darwin: | |
| needs: | |
| - get-go-version | |
| - set-product-version | |
| runs-on: macos-latest | |
| strategy: | |
| matrix: | |
| goos: [darwin] | |
| goarch: ["amd64", "arm64"] | |
| fail-fast: true | |
| name: Go ${{ needs.get-go-version.outputs.go-version }} ${{ matrix.goos }} ${{ matrix.goarch }} build | |
| env: | |
| GOOS: ${{ matrix.goos }} | |
| GOARCH: ${{ matrix.goarch }} | |
| steps: | |
| - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
| - uses: hashicorp/actions-go-build@v0.1.7 | |
| with: | |
| product_name: ${{ env.PKG_NAME }} | |
| product_version: ${{ needs.set-product-version.outputs.product-version }} | |
| go_version: ${{ needs.get-go-version.outputs.go-version }} | |
| os: ${{ matrix.goos }} | |
| arch: ${{ matrix.goarch }} | |
| reproducible: assert | |
| instructions: | | |
| make build | |
| build-docker-default: | |
| name: Docker ${{ matrix.arch }} ${{ matrix.fips }} default release build | |
| needs: | |
| - get-go-version | |
| - set-product-version | |
| - build-linux | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| include: | |
| - { arch: "amd64" } | |
| - { arch: "arm64" } | |
| env: | |
| repo: ${{ github.event.repository.name }} | |
| version: ${{ needs.set-product-version.outputs.product-version }} | |
| steps: | |
| - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
| # This naming convention will be used ONLY for per-commit dev images | |
| - name: Set docker dev tag | |
| run: | | |
| echo "full_dev_tag=${{ env.version }}" | |
| echo "full_dev_tag=${{ env.version }}" >> $GITHUB_ENV | |
| echo "minor_dev_tag=$(echo ${{ env.version }}| sed -E 's/([0-9]+\.[0-9]+)\.[0-9]+(-[0-9a-zA-Z\+\.]+)?$/\1\2/')" | |
| echo "minor_dev_tag=$(echo ${{ env.version }}| sed -E 's/([0-9]+\.[0-9]+)\.[0-9]+(-[0-9a-zA-Z\+\.]+)?$/\1\2/')" >> $GITHUB_ENV | |
| - name: Docker Build (Action) | |
| uses: hashicorp/actions-docker-build@76d2fc91532d816ca2660d8f3139e432ac3700fd | |
| with: | |
| smoke_test: | | |
| TEST_VERSION="$(docker run "${IMAGE_NAME}" version | head -n1 | cut -d' ' -f2 | sed 's/^v//')" | |
| if [ "${TEST_VERSION}" != "${version}" ]; then | |
| echo "Test FAILED: Got ${TEST_VERSION}, want ${version}." | |
| exit 1 | |
| fi | |
| echo "Test PASSED" | |
| version: ${{ env.version }} | |
| target: release-default | |
| arch: ${{ matrix.arch }} | |
| tags: | | |
| docker.io/hashicorp/${{env.repo}}:${{env.version}} | |
| public.ecr.aws/hashicorp/${{env.repo}}:${{env.version}} | |
| dev_tags: | | |
| docker.io/hashicorppreview/${{ env.repo }}:${{ env.full_dev_tag }} | |
| docker.io/hashicorppreview/${{ env.repo }}:${{ env.full_dev_tag }}-${{ github.sha }} | |
| docker.io/hashicorppreview/${{ env.repo }}:${{ env.minor_dev_tag }} | |
| docker.io/hashicorppreview/${{ env.repo }}:${{ env.minor_dev_tag }}-${{ github.sha }} | |
| extra_build_args: | | |
| GOLANG_VERSION=${{ needs.get-go-version.outputs.go-version }} | |
| build-docker-redhat: | |
| name: Docker UBI Image Build (for Red Hat Certified Container Registry) | |
| needs: | |
| - get-go-version | |
| - set-product-version | |
| - build-linux | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| include: | |
| - { target-name: "release-ubi", registry-id: "631f805e0d15f623c5996c2e" } | |
| env: | |
| repo: ${{github.event.repository.name}} | |
| version: ${{needs.set-product-version.outputs.product-version}} | |
| steps: | |
| - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
| - uses: hashicorp/actions-docker-build@76d2fc91532d816ca2660d8f3139e432ac3700fd | |
| with: | |
| version: ${{env.version}} | |
| target: ${{ matrix.target-name }} | |
| arch: amd64 | |
| redhat_tag: quay.io/redhat-isv-containers/${{matrix.registry-id}}:${{env.version}}-ubi | |
| build-docker-ubi-dockerhub: | |
| name: Docker ${{ matrix.arch }} UBI build for DockerHub | |
| needs: | |
| - get-go-version | |
| - set-product-version | |
| - build-linux | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| include: | |
| - { arch: "amd64" } | |
| env: | |
| repo: ${{ github.event.repository.name }} | |
| version: ${{ needs.set-product-version.outputs.product-version }} | |
| steps: | |
| - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
| # This naming convention will be used ONLY for per-commit dev images | |
| - name: Set docker dev tag | |
| run: | | |
| echo "full_dev_tag=${{ env.version }}" | |
| echo "full_dev_tag=${{ env.version }}" >> $GITHUB_ENV | |
| echo "minor_dev_tag=$(echo ${{ env.version }}| sed -E 's/([0-9]+\.[0-9]+)\.[0-9]+(-[0-9a-zA-Z\+\.]+)?$/\1\2/')" | |
| echo "minor_dev_tag=$(echo ${{ env.version }}| sed -E 's/([0-9]+\.[0-9]+)\.[0-9]+(-[0-9a-zA-Z\+\.]+)?$/\1\2/')" >> $GITHUB_ENV | |
| - name: Docker Build (Action) | |
| uses: hashicorp/actions-docker-build@76d2fc91532d816ca2660d8f3139e432ac3700fd | |
| with: | |
| smoke_test: | | |
| TEST_VERSION="$(docker run "${IMAGE_NAME}" version | head -n1 | cut -d' ' -f2 | sed 's/^v//')" | |
| if [ "${TEST_VERSION}" != "${version}" ]; then | |
| echo "Test FAILED: Got ${TEST_VERSION}, want ${version}}." | |
| exit 1 | |
| fi | |
| echo "Test PASSED" | |
| version: ${{ env.version }} | |
| target: release-ubi | |
| arch: ${{ matrix.arch }} | |
| tags: | | |
| docker.io/hashicorp/${{env.repo}}:${{env.version}}-ubi | |
| public.ecr.aws/hashicorp/${{env.repo}}:${{env.version}}-ubi | |
| dev_tags: | | |
| docker.io/hashicorppreview/${{ env.repo }}:${{ env.full_dev_tag }}-ubi | |
| docker.io/hashicorppreview/${{ env.repo }}:${{ env.full_dev_tag }}-ubi-${{ github.sha }} | |
| docker.io/hashicorppreview/${{ env.repo }}:${{ env.minor_dev_tag }}-ubi | |
| docker.io/hashicorppreview/${{ env.repo }}:${{ env.minor_dev_tag }}-ubi-${{ github.sha }} | |
| # TODO: Integration Test Here |