backport of commit 7ed060eb9078657d3ca8c70f910c8a32d9f3d14e #2184
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: build | |
# We now default to running this workflow on every push to every branch. | |
# This provides fast feedback when build issues occur, so they can be | |
# fixed prior to being merged to the main branch. | |
# | |
# If you want to opt out of this, and only run the build on certain branches | |
# please refer to the documentation on branch filtering here: | |
# | |
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#onpushbranchestagsbranches-ignoretags-ignore | |
# | |
on: [workflow_dispatch, push] | |
env: | |
PKG_NAME: "consul-dataplane" | |
jobs: | |
get-go-version: | |
name: "Determine Go toolchain version" | |
runs-on: ubuntu-latest | |
outputs: | |
go-version: ${{ steps.get-go-version.outputs.go-version }} | |
steps: | |
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
- name: Determine Go version | |
id: get-go-version | |
# We use .go-version as our source of truth for current Go | |
# version, because "goenv" can react to it automatically. | |
run: | | |
echo "Building with Go $(cat .go-version)" | |
echo "go-version=$(cat .go-version)" >> $GITHUB_OUTPUT | |
get-product-version: | |
runs-on: ubuntu-latest | |
outputs: | |
product-version: ${{ steps.get-product-version.outputs.product-version }} | |
steps: | |
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
- name: get product version | |
id: get-product-version | |
run: | | |
make version | |
echo "product-version=$(make version)" >> $GITHUB_OUTPUT | |
generate-metadata-file: | |
needs: get-product-version | |
runs-on: ubuntu-latest | |
outputs: | |
filepath: ${{ steps.generate-metadata-file.outputs.filepath }} | |
steps: | |
- name: "Checkout directory" | |
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
- name: Generate metadata file | |
id: generate-metadata-file | |
uses: hashicorp/actions-generate-metadata@v1 | |
with: | |
version: ${{ needs.get-product-version.outputs.product-version }} | |
product: ${{ env.PKG_NAME }} | |
repositoryOwner: "hashicorp" | |
- uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 | |
with: | |
name: metadata.json | |
path: ${{ steps.generate-metadata-file.outputs.filepath }} | |
build-linux: | |
needs: | |
- get-go-version | |
- get-product-version | |
runs-on: ubuntu-20.04 # the GLIBC is too high on 22.04 | |
strategy: | |
matrix: | |
include: | |
- {goos: "linux", goarch: "arm"} | |
- {goos: "linux", goarch: "arm64"} | |
- {goos: "linux", goarch: "386"} | |
- {goos: "linux", goarch: "amd64"} | |
- {goos: "linux", goarch: "amd64", gotags: "fips", env: "CGO_ENABLED=1 GOEXPERIMENT=boringcrypto", fips: "+fips1402", pkg_suffix: "-fips" } | |
- {goos: "linux", goarch: "arm64", gotags: "fips", env: "CGO_ENABLED=1 GOEXPERIMENT=boringcrypto CC=aarch64-linux-gnu-gcc", fips: "+fips1402", pkg_suffix: "-fips" } | |
fail-fast: true | |
name: Go ${{ needs.get-go-version.outputs.go-version }} ${{ matrix.goos }} ${{ matrix.goarch }} ${{ matrix.fips }} build | |
steps: | |
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
- uses: hashicorp/actions-go-build@v0.1.3 | |
with: | |
product_name: ${{ env.PKG_NAME }} | |
product_version: ${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }} | |
go_version: ${{ needs.get-go-version.outputs.go-version }} | |
os: ${{ matrix.goos }} | |
arch: ${{ matrix.goarch }} | |
reproducible: assert | |
instructions: | | |
if [[ "${{ matrix.fips }}" == "+fips1402" ]] | |
then | |
sudo apt-get update --allow-releaseinfo-change-suite --allow-releaseinfo-change-version && sudo apt-get install -y build-essential gcc-aarch64-linux-gnu | |
fi | |
${{ matrix.env }} go build -tags=${{ matrix.gotags }} -trimpath -buildvcs=false -ldflags="-X github.com/hashicorp/consul-dataplane/pkg/version.GitCommit=${GITHUB_SHA::8}" -o $BIN_PATH ./cmd/$BIN_NAME | |
- name: Package | |
if: ${{ matrix.goos == 'linux' }} | |
uses: hashicorp/actions-packaging-linux@v1 | |
with: | |
name: ${{ github.event.repository.name }}${{ matrix.pkg_suffix }} | |
description: "Consul dataplane connects an application to a Consul service mesh." | |
arch: ${{ matrix.goarch }} | |
version: ${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }} | |
maintainer: "HashiCorp" | |
homepage: "https://github.com/hashicorp/consul-dataplane" | |
license: "MPL-2.0" | |
binary: "dist/${{ env.PKG_NAME }}" | |
deb_depends: "openssl" | |
rpm_depends: "openssl" | |
- name: Set Package Names | |
if: ${{ matrix.goos == 'linux' }} | |
run: | | |
echo "RPM_PACKAGE=$(basename out/*.rpm)" >> $GITHUB_ENV | |
echo "DEB_PACKAGE=$(basename out/*.deb)" >> $GITHUB_ENV | |
- uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 | |
if: ${{ matrix.goos == 'linux' }} | |
with: | |
name: ${{ env.RPM_PACKAGE }} | |
path: out/${{ env.RPM_PACKAGE }} | |
- uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 | |
if: ${{ matrix.goos == 'linux' }} | |
with: | |
name: ${{ env.DEB_PACKAGE }} | |
path: out/${{ env.DEB_PACKAGE }} | |
build-darwin: | |
needs: | |
- get-go-version | |
- get-product-version | |
runs-on: macos-latest | |
strategy: | |
matrix: | |
goos: [darwin] | |
goarch: ["amd64", "arm64"] | |
fail-fast: true | |
name: Go ${{ needs.get-go-version.outputs.go-version }} ${{ matrix.goos }} ${{ matrix.goarch }} build | |
env: | |
GOOS: ${{ matrix.goos }} | |
GOARCH: ${{ matrix.goarch }} | |
steps: | |
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
- uses: hashicorp/actions-go-build@v0.1.3 | |
with: | |
product_name: ${{ env.PKG_NAME }} | |
product_version: ${{ needs.get-product-version.outputs.product-version }} | |
go_version: ${{ needs.get-go-version.outputs.go-version }} | |
os: ${{ matrix.goos }} | |
arch: ${{ matrix.goarch }} | |
reproducible: assert | |
instructions: CGO_ENABLED=0 go build -trimpath -buildvcs=false -ldflags="-X github.com/hashicorp/consul-dataplane/pkg/version.GitCommit=${GITHUB_SHA::8}" -o $BIN_PATH ./cmd/$BIN_NAME | |
build-docker-default: | |
name: Docker ${{ matrix.arch }} ${{ matrix.fips }} default release build | |
needs: | |
- get-product-version | |
- build-linux | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
# This is the subset of architectures we build binaries for officially | |
# supported by Envoy. | |
include: | |
- { arch: "amd64" } | |
- { arch: "amd64", fips: "+fips1402" } | |
- { arch: "arm64" } | |
- { arch: "arm64", fips: "+fips1402" } | |
env: | |
repo: ${{ github.event.repository.name }} | |
version: ${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }} | |
steps: | |
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
# This naming convention will be used ONLY for per-commit dev images | |
- name: Set docker dev tag | |
run: | | |
echo "full_dev_tag=${{ env.version }}" | |
echo "full_dev_tag=${{ env.version }}" >> $GITHUB_ENV | |
echo "minor_dev_tag=$(echo ${{ env.version }}| sed -E 's/([0-9]+\.[0-9]+)\.[0-9]+(-[0-9a-zA-Z\+\.]+)?$/\1\2/')" | |
echo "minor_dev_tag=$(echo ${{ env.version }}| sed -E 's/([0-9]+\.[0-9]+)\.[0-9]+(-[0-9a-zA-Z\+\.]+)?$/\1\2/')" >> $GITHUB_ENV | |
- name: Docker Build (Action) | |
if: ${{ !matrix.fips }} | |
uses: hashicorp/actions-docker-build@v1 | |
with: | |
smoke_test: | | |
TEST_VERSION="$(docker run "${IMAGE_NAME}" --version | head -n1 | cut -d' ' -f3 | sed 's/^v//')" | |
if [ "${TEST_VERSION}" != "${version}" ]; then | |
echo "Test FAILED: Got ${TEST_VERSION}, want ${version}." | |
exit 1 | |
fi | |
echo "Test PASSED" | |
version: ${{ env.version }} | |
target: release-default | |
arch: ${{ matrix.arch }} | |
tags: | | |
docker.io/hashicorp/${{env.repo}}:${{env.version}} | |
public.ecr.aws/hashicorp/${{env.repo}}:${{env.version}} | |
dev_tags: | | |
docker.io/hashicorppreview/${{ env.repo }}:${{ env.full_dev_tag }} | |
docker.io/hashicorppreview/${{ env.repo }}:${{ env.full_dev_tag }}-${{ github.sha }} | |
docker.io/hashicorppreview/${{ env.repo }}:${{ env.minor_dev_tag }} | |
docker.io/hashicorppreview/${{ env.repo }}:${{ env.minor_dev_tag }}-${{ github.sha }} | |
- name: Docker FIPS Build (Action) | |
if: ${{ matrix.fips }} | |
uses: hashicorp/actions-docker-build@v1 | |
with: | |
smoke_test: | | |
TEST_VERSION="$(docker run "${IMAGE_NAME}" --version | head -n1 | cut -d' ' -f3 | sed 's/^v//')" | |
if [ "${TEST_VERSION}" != "${version}" ]; then | |
echo "Test FAILED: Got ${TEST_VERSION}, want ${version}." | |
exit 1 | |
fi | |
echo "Test PASSED" | |
version: ${{ env.version }} | |
target: release-fips-default | |
arch: ${{ matrix.arch }} | |
tags: | | |
docker.io/hashicorp/${{env.repo}}-fips:${{env.version}} | |
public.ecr.aws/hashicorp/${{env.repo}}-fips:${{env.version}} | |
dev_tags: | | |
docker.io/hashicorppreview/${{ env.repo }}-fips:${{ env.full_dev_tag }} | |
docker.io/hashicorppreview/${{ env.repo }}-fips:${{ env.full_dev_tag }}-${{ github.sha }} | |
docker.io/hashicorppreview/${{ env.repo }}-fips:${{ env.minor_dev_tag }} | |
docker.io/hashicorppreview/${{ env.repo }}-fips:${{ env.minor_dev_tag }}-${{ github.sha }} | |
build-docker-redhat: | |
name: Docker ${{ matrix.fips }} UBI Image Build (for Red Hat Certified Container Registry) | |
needs: | |
- get-product-version | |
- build-linux | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
include: | |
- { target-name: "release-ubi", registry-id: "631f805e0d15f623c5996c2e" } | |
- { target-name: "release-fips-ubi", registry-id: "649cced3e093d1cc7f3d9b61", fips: "+fips1402" } | |
env: | |
repo: ${{github.event.repository.name}} | |
version: ${{needs.get-product-version.outputs.product-version}}${{ matrix.fips }} | |
steps: | |
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
- uses: hashicorp/actions-docker-build@v1 | |
with: | |
version: ${{env.version}} | |
target: ${{ matrix.target-name }} | |
arch: amd64 | |
redhat_tag: quay.io/redhat-isv-containers/${{matrix.registry-id}}:${{env.version}}-ubi | |
build-docker-ubi-dockerhub: | |
name: Docker ${{ matrix.arch }} ${{ matrix.fips }} UBI build for DockerHub | |
needs: | |
- get-product-version | |
- build-linux | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
include: | |
- { arch: "amd64" } | |
- { arch: "amd64", fips: "+fips1402" } | |
env: | |
repo: ${{ github.event.repository.name }} | |
version: ${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }} | |
steps: | |
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
# This naming convention will be used ONLY for per-commit dev images | |
- name: Set docker dev tag | |
run: | | |
echo "full_dev_tag=${{ env.version }}" | |
echo "full_dev_tag=${{ env.version }}" >> $GITHUB_ENV | |
echo "minor_dev_tag=$(echo ${{ env.version }}| sed -E 's/([0-9]+\.[0-9]+)\.[0-9]+(-[0-9a-zA-Z\+\.]+)?$/\1\2/')" | |
echo "minor_dev_tag=$(echo ${{ env.version }}| sed -E 's/([0-9]+\.[0-9]+)\.[0-9]+(-[0-9a-zA-Z\+\.]+)?$/\1\2/')" >> $GITHUB_ENV | |
- name: Docker Build (Action) | |
if: ${{ !matrix.fips }} | |
uses: hashicorp/actions-docker-build@v1 | |
with: | |
smoke_test: | | |
TEST_VERSION="$(docker run "${IMAGE_NAME}" --version | head -n1 | cut -d' ' -f3 | sed 's/^v//')" | |
if [ "${TEST_VERSION}" != "${version}" ]; then | |
echo "Test FAILED: Got ${TEST_VERSION}, want ${version}}." | |
exit 1 | |
fi | |
echo "Test PASSED" | |
version: ${{ env.version }} | |
target: release-ubi | |
arch: ${{ matrix.arch }} | |
tags: | | |
docker.io/hashicorp/${{env.repo}}:${{env.version}}-ubi | |
public.ecr.aws/hashicorp/${{env.repo}}:${{env.version}}-ubi | |
dev_tags: | | |
docker.io/hashicorppreview/${{ env.repo }}:${{ env.full_dev_tag }}-ubi | |
docker.io/hashicorppreview/${{ env.repo }}:${{ env.full_dev_tag }}-ubi-${{ github.sha }} | |
docker.io/hashicorppreview/${{ env.repo }}:${{ env.minor_dev_tag }}-ubi | |
docker.io/hashicorppreview/${{ env.repo }}:${{ env.minor_dev_tag }}-ubi-${{ github.sha }} | |
- name: Docker FIPS Build (Action) | |
if: ${{ matrix.fips }} | |
uses: hashicorp/actions-docker-build@v1 | |
with: | |
smoke_test: | | |
TEST_VERSION="$(docker run "${IMAGE_NAME}" --version | head -n1 | cut -d' ' -f3 | sed 's/^v//')" | |
if [ "${TEST_VERSION}" != "${version}" ]; then | |
echo "Test FAILED: Got ${TEST_VERSION}, want ${version}}." | |
exit 1 | |
fi | |
echo "Test PASSED" | |
version: ${{ env.version }} | |
target: release-fips-ubi | |
arch: ${{ matrix.arch }} | |
tags: | | |
docker.io/hashicorp/${{env.repo}}-fips:${{env.version}}-ubi | |
public.ecr.aws/hashicorp/${{env.repo}}-fips:${{env.version}}-ubi | |
dev_tags: | | |
docker.io/hashicorppreview/${{ env.repo }}-fips:${{ env.full_dev_tag }}-ubi | |
docker.io/hashicorppreview/${{ env.repo }}-fips:${{ env.full_dev_tag }}-ubi-${{ github.sha }} | |
docker.io/hashicorppreview/${{ env.repo }}-fips:${{ env.minor_dev_tag }}-ubi | |
docker.io/hashicorppreview/${{ env.repo }}-fips:${{ env.minor_dev_tag }}-ubi-${{ github.sha }} | |
integration-tests: | |
name: Integration Tests (Consul ${{ matrix.server.version }} ${{ matrix.dataplane.docker_target }}) | |
needs: | |
- build-docker-default | |
- build-docker-ubi-dockerhub | |
- get-product-version | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
server: | |
- version: v1.15.0-dev | |
image: hashicorppreview/consul:1.15-dev | |
- version: v1.16.0-dev | |
image: hashicorppreview/consul:1.16-dev | |
- version: v1.17.0-dev | |
image: hashicorppreview/consul:1.17-dev | |
dataplane: | |
- image_suffix: "" | |
docker_target: "release-default" | |
- image_suffix: "-ubi" | |
docker_target: "release-ubi" | |
env: | |
repo: ${{ github.event.repository.name }} | |
version: ${{ needs.get-product-version.outputs.product-version }} | |
steps: | |
- name: Set docker dev tag | |
run: | | |
version="${{ env.version }}" | |
echo "dev_tag=${{ env.version }}${{ matrix.dataplane.image_suffix }}" >> $GITHUB_ENV | |
- name: Set image tarball | |
run: | | |
echo "image_tarball=${{env.repo}}_${{ matrix.dataplane.docker_target }}_linux_amd64_${{env.version}}_${{github.sha}}.docker.dev.tar" >> $GITHUB_ENV | |
- uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 | |
with: | |
name: ${{env.image_tarball}} | |
- run: docker load --input ${{env.image_tarball}} | |
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
- uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 | |
with: | |
# pinning this to 1.20.5 because this issue in go-testcontainers occurs | |
# in 1.20.6 with the error "http: invalid Host header, host port waiting failed" | |
# https://github.com/testcontainers/testcontainers-go/issues/1359 | |
# remove setting this when the above issue is fixed so that the job will | |
# just get the go version from .go-version. | |
go-version: 1.20.5 | |
- id: run-tests | |
run: cd integration-tests && go test -v -output-dir=./output -dataplane-image=hashicorppreview/${{env.repo}}:${{env.dev_tag}}-${{github.sha}} -server-image=${{matrix.server.image}} -server-version=${{matrix.server.version}} | |
continue-on-error: true | |
- uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 | |
continue-on-error: true | |
with: | |
name: consul-${{matrix.server.version}}-integration-tests-output | |
path: integration-tests/output/ | |
if-no-files-found: 'error' | |
- name: Check for failures | |
if: ${{ steps.run-tests.outcome != 'success' }} | |
run: exit 1 |