correct fips version delimiter #1355
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: build | |
| # We now default to running this workflow on every push to every branch. | |
| # This provides fast feedback when build issues occur, so they can be | |
| # fixed prior to being merged to the main branch. | |
| # | |
| # If you want to opt out of this, and only run the build on certain branches | |
| # please refer to the documentation on branch filtering here: | |
| # | |
| # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#onpushbranchestagsbranches-ignoretags-ignore | |
| # | |
| on: [workflow_dispatch, push] | |
| env: | |
| PKG_NAME: "consul-dataplane" | |
| jobs: | |
| get-go-version: | |
| name: "Determine Go toolchain version" | |
| runs-on: ubuntu-latest | |
| outputs: | |
| go-version: ${{ steps.get-go-version.outputs.go-version }} | |
| steps: | |
| - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 | |
| - name: Determine Go version | |
| id: get-go-version | |
| # We use .go-version as our source of truth for current Go | |
| # version, because "goenv" can react to it automatically. | |
| run: | | |
| echo "Building with Go $(cat .go-version)" | |
| echo "go-version=$(cat .go-version)" >> $GITHUB_OUTPUT | |
| get-product-version: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| product-version: ${{ steps.get-product-version.outputs.product-version }} | |
| steps: | |
| - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 | |
| - name: get product version | |
| id: get-product-version | |
| run: | | |
| make version | |
| echo "product-version=$(make version)" >> $GITHUB_OUTPUT | |
| generate-metadata-file: | |
| needs: get-product-version | |
| runs-on: ubuntu-latest | |
| outputs: | |
| filepath: ${{ steps.generate-metadata-file.outputs.filepath }} | |
| steps: | |
| - name: "Checkout directory" | |
| uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 | |
| - name: Generate metadata file | |
| id: generate-metadata-file | |
| uses: hashicorp/actions-generate-metadata@v1 | |
| with: | |
| version: ${{ needs.get-product-version.outputs.product-version }} | |
| product: ${{ env.PKG_NAME }} | |
| repositoryOwner: "hashicorp" | |
| - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 | |
| with: | |
| name: metadata.json | |
| path: ${{ steps.generate-metadata-file.outputs.filepath }} | |
| build-linux: | |
| needs: | |
| - get-go-version | |
| - get-product-version | |
| runs-on: ubuntu-20.04 # the GLIBC is too high on 22.04 | |
| strategy: | |
| matrix: | |
| include: | |
| - {goos: "linux", goarch: "arm"} | |
| - {goos: "linux", goarch: "arm64"} | |
| - {goos: "linux", goarch: "386"} | |
| - {goos: "linux", goarch: "amd64"} | |
| - {goos: "linux", goarch: "amd64", gotags: "fips", env: "CGO_ENABLED=1 GOEXPERIMENT=boringcrypto", fips: "+fips1402" } | |
| - {goos: "linux", goarch: "arm64", gotags: "fips", env: "CGO_ENABLED=1 GOEXPERIMENT=boringcrypto CC=aarch64-linux-gnu-gcc", fips: "+fips1402"} | |
| fail-fast: true | |
| name: Go ${{ needs.get-go-version.outputs.go-version }} ${{ matrix.goos }} ${{ matrix.goarch }} ${{ matrix.fips }} build | |
| steps: | |
| - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 | |
| - uses: hashicorp/actions-go-build@v0.1.3 | |
| with: | |
| product_name: ${{ env.PKG_NAME }} | |
| product_version: ${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }} | |
| go_version: ${{ needs.get-go-version.outputs.go-version }} | |
| os: ${{ matrix.goos }} | |
| arch: ${{ matrix.goarch }} | |
| reproducible: assert | |
| instructions: | | |
| if [[ "${{ matrix.fips }}" == "+fips1402" ]] | |
| then | |
| sudo apt-get update --allow-releaseinfo-change-suite --allow-releaseinfo-change-version && sudo apt-get install -y build-essential gcc-aarch64-linux-gnu | |
| fi | |
| ${{ matrix.env }} go build -tags=${{ matrix.gotags }} -trimpath -buildvcs=false -ldflags="-X github.com/hashicorp/consul-dataplane/pkg/version.GitCommit=${GITHUB_SHA::8}" -o $BIN_PATH ./cmd/$BIN_NAME | |
| - name: Package | |
| if: ${{ matrix.goos == 'linux' }} | |
| uses: hashicorp/actions-packaging-linux@v1 | |
| with: | |
| name: ${{ github.event.repository.name }} | |
| description: "Consul dataplane connects an application to a Consul service mesh." | |
| arch: ${{ matrix.goarch }} | |
| version: ${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }} | |
| maintainer: "HashiCorp" | |
| homepage: "https://github.com/hashicorp/consul-dataplane" | |
| license: "MPL-2.0" | |
| binary: "dist/${{ env.PKG_NAME }}" | |
| deb_depends: "openssl" | |
| rpm_depends: "openssl" | |
| - name: Set Package Names | |
| if: ${{ matrix.goos == 'linux' }} | |
| run: | | |
| echo "RPM_PACKAGE=$(basename out/*.rpm)" >> $GITHUB_ENV | |
| echo "DEB_PACKAGE=$(basename out/*.deb)" >> $GITHUB_ENV | |
| - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 | |
| if: ${{ matrix.goos == 'linux' }} | |
| with: | |
| name: ${{ env.RPM_PACKAGE }} | |
| path: out/${{ env.RPM_PACKAGE }} | |
| - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 | |
| if: ${{ matrix.goos == 'linux' }} | |
| with: | |
| name: ${{ env.DEB_PACKAGE }} | |
| path: out/${{ env.DEB_PACKAGE }} | |
| build-darwin: | |
| needs: | |
| - get-go-version | |
| - get-product-version | |
| runs-on: macos-latest | |
| strategy: | |
| matrix: | |
| goos: [darwin] | |
| goarch: ["amd64", "arm64"] | |
| fail-fast: true | |
| name: Go ${{ needs.get-go-version.outputs.go-version }} ${{ matrix.goos }} ${{ matrix.goarch }} build | |
| env: | |
| GOOS: ${{ matrix.goos }} | |
| GOARCH: ${{ matrix.goarch }} | |
| steps: | |
| - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 | |
| - uses: hashicorp/actions-go-build@v0.1.3 | |
| with: | |
| product_name: ${{ env.PKG_NAME }} | |
| product_version: ${{ needs.get-product-version.outputs.product-version }} | |
| go_version: ${{ needs.get-go-version.outputs.go-version }} | |
| os: ${{ matrix.goos }} | |
| arch: ${{ matrix.goarch }} | |
| reproducible: assert | |
| instructions: CGO_ENABLED=0 go build -trimpath -buildvcs=false -ldflags="-X github.com/hashicorp/consul-dataplane/pkg/version.GitCommit=${GITHUB_SHA::8}" -o $BIN_PATH ./cmd/$BIN_NAME | |
| build-docker-default: | |
| name: Docker ${{ matrix.arch }} ${{ matrix.fips }} default release build | |
| needs: | |
| - get-product-version | |
| - build-linux | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| # This is the subset of architectures we build binaries for officially | |
| # supported by Envoy. | |
| include: | |
| - { arch: "amd64" } | |
| - { arch: "amd64", fips: "+fips1402" } | |
| - { arch: "arm64" } | |
| - { arch: "arm64", fips: "+fips1402" } | |
| env: | |
| repo: ${{ github.event.repository.name }} | |
| version: ${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }} | |
| steps: | |
| - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 | |
| # Strip everything but MAJOR.MINOR from the version string and add a `-dev` suffix | |
| # This naming convention will be used ONLY for per-commit dev images | |
| - name: Set docker dev tag | |
| run: | | |
| version="${{ env.version }}" | |
| echo "dev_tag=${version%.*}-dev" >> $GITHUB_ENV | |
| - name: Docker Build (Action) | |
| if: ${{ !matrix.fips }} | |
| uses: hashicorp/actions-docker-build@v1 | |
| with: | |
| smoke_test: | | |
| TEST_VERSION="$(docker run "${IMAGE_NAME}" --version | head -n1 | cut -d' ' -f3 | sed 's/^v//')" | |
| if [ "${TEST_VERSION}" != "${version}" ]; then | |
| echo "Test FAILED: Got ${TEST_VERSION}, want ${version}." | |
| exit 1 | |
| fi | |
| echo "Test PASSED" | |
| version: ${{ env.version }} | |
| target: release-default | |
| arch: ${{ matrix.arch }} | |
| tags: | | |
| docker.io/hashicorp/${{env.repo}}:${{env.version}} | |
| public.ecr.aws/hashicorp/${{env.repo}}:${{env.version}} | |
| dev_tags: | | |
| docker.io/hashicorppreview/${{ env.repo }}:${{ env.dev_tag }} | |
| docker.io/hashicorppreview/${{ env.repo }}:${{ env.dev_tag }}-${{ github.sha }} | |
| - name: Docker FIPS Build (Action) | |
| if: ${{ matrix.fips }} | |
| uses: hashicorp/actions-docker-build@v1 | |
| with: | |
| smoke_test: | | |
| TEST_VERSION="$(docker run "${IMAGE_NAME}" --version | head -n1 | cut -d' ' -f3 | sed 's/^v//')" | |
| if [ "${TEST_VERSION}" != "${version}" ]; then | |
| echo "Test FAILED: Got ${TEST_VERSION}, want ${version}." | |
| exit 1 | |
| fi | |
| echo "Test PASSED" | |
| version: ${{ env.version }} | |
| target: release-fips-default | |
| arch: ${{ matrix.arch }} | |
| tags: | | |
| docker.io/hashicorp/${{env.repo}}-fips:${{env.version}} | |
| public.ecr.aws/hashicorp/${{env.repo}}-fips:${{env.version}} | |
| dev_tags: | | |
| docker.io/hashicorppreview/${{ env.repo }}-fips:${{ env.dev_tag }} | |
| docker.io/hashicorppreview/${{ env.repo }}-fips:${{ env.dev_tag }}-${{ github.sha }} | |
| build-docker-redhat: | |
| name: Docker ${{ matrix.fips }} UBI Image Build (for Red Hat Certified Container Registry) | |
| needs: | |
| - get-product-version | |
| - build-linux | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| include: | |
| - { target-name: "release-ubi", registry-id: "631f805e0d15f623c5996c2e" } | |
| - { target-name: "release-fips-ubi", registry-id: "6484fd31685105da62a96b24", fips: "+fips1402" } | |
| env: | |
| repo: ${{github.event.repository.name}} | |
| version: ${{needs.get-product-version.outputs.product-version}}${{ matrix.fips }} | |
| steps: | |
| - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 | |
| - uses: hashicorp/actions-docker-build@v1 | |
| with: | |
| version: ${{env.version}} | |
| target: ${{ matrix.target-name }} | |
| arch: amd64 | |
| redhat_tag: quay.io/redhat-isv-containers/${{matrix.registry-id}}:${{env.version}}-ubi | |
| build-docker-ubi-dockerhub: | |
| name: Docker ${{ matrix.arch }} ${{ matrix.fips }} UBI build for DockerHub | |
| needs: | |
| - get-product-version | |
| - build-linux | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| include: | |
| - { arch: "amd64" } | |
| - { arch: "amd64", fips: "+fips1402" } | |
| env: | |
| repo: ${{ github.event.repository.name }} | |
| version: ${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }} | |
| steps: | |
| - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 | |
| # Strip everything but MAJOR.MINOR from the version string and add a `-dev` suffix | |
| # This naming convention will be used ONLY for per-commit dev images | |
| - name: Set docker dev tag | |
| run: | | |
| version="${{ env.version }}" | |
| echo "dev_tag=${version%.*}-dev" >> $GITHUB_ENV | |
| - name: Docker Build (Action) | |
| if: ${{ !matrix.fips }} | |
| uses: hashicorp/actions-docker-build@v1 | |
| with: | |
| smoke_test: | | |
| TEST_VERSION="$(docker run "${IMAGE_NAME}" --version | head -n1 | cut -d' ' -f3 | sed 's/^v//')" | |
| if [ "${TEST_VERSION}" != "${version}" ]; then | |
| echo "Test FAILED: Got ${TEST_VERSION}, want ${version}}." | |
| exit 1 | |
| fi | |
| echo "Test PASSED" | |
| version: ${{ env.version }} | |
| target: release-ubi | |
| arch: ${{ matrix.arch }} | |
| tags: | | |
| docker.io/hashicorp/${{env.repo}}:${{env.version}}-ubi | |
| public.ecr.aws/hashicorp/${{env.repo}}:${{env.version}}-ubi | |
| dev_tags: | | |
| docker.io/hashicorppreview/${{ env.repo }}:${{ env.dev_tag }}-ubi | |
| docker.io/hashicorppreview/${{ env.repo }}:${{ env.dev_tag }}-ubi-${{ github.sha }} | |
| - name: Docker FIPS Build (Action) | |
| if: ${{ matrix.fips }} | |
| uses: hashicorp/actions-docker-build@v1 | |
| with: | |
| smoke_test: | | |
| TEST_VERSION="$(docker run "${IMAGE_NAME}" --version | head -n1 | cut -d' ' -f3 | sed 's/^v//')" | |
| if [ "${TEST_VERSION}" != "${version}" ]; then | |
| echo "Test FAILED: Got ${TEST_VERSION}, want ${version}}." | |
| exit 1 | |
| fi | |
| echo "Test PASSED" | |
| version: ${{ env.version }} | |
| target: release-fips-ubi | |
| arch: ${{ matrix.arch }} | |
| tags: | | |
| docker.io/hashicorp/${{env.repo}}-fips:${{env.version}}-ubi | |
| public.ecr.aws/hashicorp/${{env.repo}}-fips:${{env.version}}-ubi | |
| dev_tags: | | |
| docker.io/hashicorppreview/${{ env.repo }}-fips:${{ env.dev_tag }}-ubi | |
| docker.io/hashicorppreview/${{ env.repo }}-fips:${{ env.dev_tag }}-ubi-${{ github.sha }} | |
| integration-tests: | |
| name: Integration Tests (Consul ${{ matrix.server.version }} ${{ matrix.dataplane.docker_target }}) | |
| needs: | |
| - build-docker-default | |
| - build-docker-ubi-dockerhub | |
| - get-product-version | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| server: | |
| - version: v1.15.0-dev | |
| image: hashicorppreview/consul:1.15-dev | |
| - version: v1.16.0-dev | |
| image: hashicorppreview/consul:1.16-dev | |
| - version: v1.17.0-dev | |
| image: hashicorppreview/consul:1.17-dev | |
| dataplane: | |
| - image_suffix: "dev" | |
| docker_target: "release-default" | |
| - image_suffix: "dev-ubi" | |
| docker_target: "release-ubi" | |
| env: | |
| repo: ${{ github.event.repository.name }} | |
| version: ${{ needs.get-product-version.outputs.product-version }} | |
| steps: | |
| - name: Set docker dev tag | |
| run: | | |
| version="${{ env.version }}" | |
| echo "dev_tag=${version%.*}-${{ matrix.dataplane.image_suffix }}" >> $GITHUB_ENV | |
| - name: Set image tarball | |
| run: | | |
| echo "image_tarball=${{env.repo}}_${{ matrix.dataplane.docker_target }}_linux_amd64_${{env.version}}_${{github.sha}}.docker.dev.tar" >> $GITHUB_ENV | |
| - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 | |
| with: | |
| name: ${{env.image_tarball}} | |
| - run: docker load --input ${{env.image_tarball}} | |
| - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 | |
| - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 | |
| with: | |
| go-version: ${{ needs.get-go-version.outputs.go-version }} | |
| - id: run-tests | |
| run: cd integration-tests && go test -v -output-dir=./output -dataplane-image=hashicorppreview/${{env.repo}}:${{env.dev_tag}}-${{github.sha}} -server-image=${{matrix.server.image}} -server-version=${{matrix.server.version}} | |
| continue-on-error: true | |
| - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 | |
| continue-on-error: true | |
| with: | |
| name: consul-${{matrix.server.version}}-integration-tests-output | |
| path: integration-tests/output/ | |
| if-no-files-found: 'error' | |
| - name: Check for failures | |
| if: ${{ steps.run-tests.outcome != 'success' }} | |
| run: exit 1 |