backport of commit 0ab63e0d18ea2ce3b9f8f10b7f262b27f99246bb (#2418) (… #1012
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright (c) HashiCorp, Inc. | |
| name: build | |
| on: | |
| workflow_dispatch: | |
| push: | |
| # Sequence of patterns matched against refs/heads | |
| branches: | |
| # Push events on main branch | |
| - main | |
| # Push events to branches matching refs/heads/release/** | |
| - "release/**" | |
| env: | |
| PKG_NAME: "consul-k8s" | |
| jobs: | |
| get-go-version: | |
| name: "Determine Go toolchain version" | |
| runs-on: ubuntu-latest | |
| outputs: | |
| go-version: ${{ steps.get-go-version.outputs.go-version }} | |
| steps: | |
| - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 | |
| - name: Determine Go version | |
| id: get-go-version | |
| # We use .go-version as our source of truth for current Go | |
| # version, because "goenv" can react to it automatically. | |
| run: | | |
| echo "Building with Go $(cat .go-version)" | |
| echo "::set-output name=go-version::$(cat .go-version)" | |
| get-product-version: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| product-version: ${{ steps.get-product-version.outputs.product-version }} | |
| steps: | |
| - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 | |
| - name: get product version | |
| id: get-product-version | |
| run: | | |
| make version | |
| echo "::set-output name=product-version::$(make version)" | |
| generate-metadata-file: | |
| needs: get-product-version | |
| runs-on: ubuntu-latest | |
| outputs: | |
| filepath: ${{ steps.generate-metadata-file.outputs.filepath }} | |
| steps: | |
| - name: "Checkout directory" | |
| uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 | |
| - name: Generate metadata file | |
| id: generate-metadata-file | |
| uses: hashicorp/actions-generate-metadata@v1 | |
| with: | |
| version: ${{ needs.get-product-version.outputs.product-version }} | |
| product: ${{ env.PKG_NAME }} | |
| repositoryOwner: "hashicorp" | |
| - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 | |
| with: | |
| name: metadata.json | |
| path: ${{ steps.generate-metadata-file.outputs.filepath }} | |
| build: | |
| needs: [get-go-version, get-product-version] | |
| runs-on: ubuntu-20.04 # the GLIBC is too high on 22.04 | |
| strategy: | |
| matrix: | |
| include: | |
| # cli | |
| - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "freebsd", goarch: "386", component: "cli", pkg_name: "consul-k8s", "bin_name": "consul-k8s" } | |
| - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "freebsd", goarch: "amd64", component: "cli", pkg_name: "consul-k8s", "bin_name": "consul-k8s" } | |
| - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "386", component: "cli", pkg_name: "consul-k8s", "bin_name": "consul-k8s" } | |
| - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "amd64", component: "cli", pkg_name: "consul-k8s", "bin_name": "consul-k8s" } | |
| - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "arm", component: "cli", pkg_name: "consul-k8s", "bin_name": "consul-k8s" } | |
| - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "arm64", component: "cli", pkg_name: "consul-k8s", "bin_name": "consul-k8s" } | |
| - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "windows", goarch: "386", component: "cli", pkg_name: "consul-k8s", "bin_name": "consul-k8s.exe" } | |
| - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "windows", goarch: "amd64", component: "cli", pkg_name: "consul-k8s", "bin_name": "consul-k8s.exe" } | |
| - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "darwin", goarch: "amd64", component: "cli", pkg_name: "consul-k8s", "bin_name": "consul-k8s" } | |
| - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "darwin", goarch: "arm64", component: "cli", pkg_name: "consul-k8s", "bin_name": "consul-k8s" } | |
| - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "amd64", component: "cli", pkg_name: "consul-k8s", "bin_name": "consul-k8s", gotags: "fips", env: "CGO_ENABLED=1 GOEXPERIMENT=boringcrypto", fips: ".fips1402" } | |
| - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "arm64", component: "cli", pkg_name: "consul-k8s", "bin_name": "consul-k8s", gotags: "fips", env: "CGO_ENABLED=1 GOEXPERIMENT=boringcrypto CC=aarch64-linux-gnu-gcc", fips: ".fips1402" } | |
| - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "windows", goarch: "amd64", component: "cli", pkg_name: "consul-k8s", "bin_name": "consul-k8s.exe", gotags: "fips", env: "CGO_ENABLED=1 GOEXPERIMENT=cngcrypto", fips: ".fips1402" } | |
| # control-plane | |
| - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "freebsd", goarch: "386", component: "control-plane", pkg_name: "consul-k8s-control-plane", "bin_name": "consul-k8s-control-plane" } | |
| - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "freebsd", goarch: "amd64", component: "control-plane", pkg_name: "consul-k8s-control-plane", "bin_name": "consul-k8s-control-plane" } | |
| - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "386", component: "control-plane", pkg_name: "consul-k8s-control-plane", "bin_name": "consul-k8s-control-plane" } | |
| - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "amd64", component: "control-plane", pkg_name: "consul-k8s-control-plane", "bin_name": "consul-k8s-control-plane" } | |
| - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "arm", component: "control-plane", pkg_name: "consul-k8s-control-plane", "bin_name": "consul-k8s-control-plane" } | |
| - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "arm64", component: "control-plane", pkg_name: "consul-k8s-control-plane", "bin_name": "consul-k8s-control-plane" } | |
| # solaris is only built for the control plane | |
| - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "solaris", goarch: "amd64", component: "control-plane", pkg_name: "consul-k8s-control-plane", "bin_name": "consul-k8s-control-plane" } | |
| - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "windows", goarch: "386", component: "control-plane", pkg_name: "consul-k8s-control-plane", "bin_name": "consul-k8s-control-plane.exe" } | |
| - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "windows", goarch: "amd64", component: "control-plane", pkg_name: "consul-k8s-control-plane", "bin_name": "consul-k8s-control-plane.exe" } | |
| - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "darwin", goarch: "amd64", component: "control-plane", pkg_name: "consul-k8s-control-plane", "bin_name": "consul-k8s-control-plane" } | |
| - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "darwin", goarch: "arm64", component: "control-plane", pkg_name: "consul-k8s-control-plane", "bin_name": "consul-k8s-control-plane" } | |
| - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "amd64", component: "control-plane", pkg_name: "consul-k8s-control-plane", "bin_name": "consul-k8s-control-plane", gotags: "fips", env: "CGO_ENABLED=1 GOEXPERIMENT=boringcrypto", fips: ".fips1402" } | |
| - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "arm64", component: "control-plane", pkg_name: "consul-k8s-control-plane", "bin_name": "consul-k8s-control-plane", gotags: "fips", env: "CGO_ENABLED=1 GOEXPERIMENT=boringcrypto CC=aarch64-linux-gnu-gcc", fips: ".fips1402" } | |
| - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "windows", goarch: "amd64", component: "control-plane", pkg_name: "consul-k8s-control-plane", "bin_name": "consul-k8s-control-plane.exe", gotags: "fips", env: "CGO_ENABLED=1 GOEXPERIMENT=cngcrypto", fips: ".fips1402" } | |
| # consul-cni | |
| - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "freebsd", goarch: "386", component: "control-plane/cni", pkg_name: "consul-cni", "bin_name": "consul-cni" } | |
| - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "freebsd", goarch: "amd64", component: "control-plane/cni", pkg_name: "consul-cni", "bin_name": "consul-cni" } | |
| - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "386", component: "control-plane/cni", pkg_name: "consul-cni", "bin_name": "consul-cni" } | |
| - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "amd64", component: "control-plane/cni", pkg_name: "consul-cni", "bin_name": "consul-cni" } | |
| - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "arm", component: "control-plane/cni", pkg_name: "consul-cni", "bin_name": "consul-cni" } | |
| - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "arm64", component: "control-plane/cni", pkg_name: "consul-cni", "bin_name": "consul-cni" } | |
| - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "solaris", goarch: "amd64", component: "control-plane/cni", pkg_name: "consul-cni", "bin_name": "consul-cni" } | |
| - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "windows", goarch: "386", component: "control-plane/cni", pkg_name: "consul-cni", "bin_name": "consul-cni.exe" } | |
| - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "windows", goarch: "amd64", component: "control-plane/cni", pkg_name: "consul-cni", "bin_name": "consul-cni.exe" } | |
| - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "darwin", goarch: "amd64", component: "control-plane/cni", pkg_name: "consul-cni", "bin_name": "consul-cni" } | |
| - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "darwin", goarch: "arm64", component: "control-plane/cni", pkg_name: "consul-cni", "bin_name": "consul-cni" } | |
| - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "amd64", component: "control-plane/cni", pkg_name: "consul-cni", "bin_name": "consul-cni", gotags: "fips", env: "CGO_ENABLED=1 GOEXPERIMENT=boringcrypto", fips: ".fips1402" } | |
| - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "arm64", component: "control-plane/cni", pkg_name: "consul-cni", "bin_name": "consul-cni", gotags: "fips", env: "CGO_ENABLED=1 GOEXPERIMENT=boringcrypto CC=aarch64-linux-gnu-gcc", fips: ".fips1402" } | |
| - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "windows", goarch: "amd64", component: "control-plane/cni", pkg_name: "consul-cni", "bin_name": "consul-cni.exe", gotags: "fips", env: "CGO_ENABLED=1 GOEXPERIMENT=cngcrypto", fips: ".fips1402" } | |
| fail-fast: true | |
| name: Go ${{ matrix.go }} ${{ matrix.goos }} ${{ matrix.goarch }} ${{ matrix.component }} ${{ matrix.fips }} build | |
| steps: | |
| - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 | |
| - name: Setup go | |
| uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0 | |
| with: | |
| go-version: ${{ matrix.go }} | |
| - name: Replace Go for Windows FIPS with Microsoft Go | |
| if: ${{ matrix.fips == '.fips1402' && matrix.goos == 'windows' }} | |
| run: | | |
| # Uninstall standard Go and use microsoft/go instead | |
| rm -rf /home/runner/actions-runner/_work/_tool/go | |
| curl https://aka.ms/golang/release/latest/go${{ matrix.go }}-1.linux-amd64.tar.gz -Lo go${{ matrix.go }}.linux-amd64.tar.gz | |
| tar -C $HOME -xf go${{ matrix.go }}.linux-amd64.tar.gz | |
| chmod +x $HOME/go/bin | |
| export PATH=$HOME/go/bin:$PATH | |
| if [ $(which go) != "$HOME/go/bin/go" ]; then | |
| echo "Unable to verify microsoft/go toolchain" | |
| exit 1 | |
| fi | |
| - name: Install cross-compiler for FIPS on arm | |
| if: ${{ matrix.fips == '.fips1402' && matrix.goarch == 'arm64' }} | |
| run: | | |
| sudo apt-get update --allow-releaseinfo-change-suite --allow-releaseinfo-change-version && sudo apt-get install -y gcc-aarch64-linux-gnu | |
| - name: Build | |
| env: | |
| GOOS: ${{ matrix.goos }} | |
| GOARCH: ${{ matrix.goarch }} | |
| CGO_ENABLED: 0 | |
| working-directory: ${{ matrix.component }} | |
| run: | | |
| mkdir -p dist out | |
| export GIT_COMMIT=$(git rev-parse --short HEAD) | |
| export GIT_DIRTY=$(test -n "$(git status --porcelain)" && echo "+CHANGES") | |
| export GIT_IMPORT=github.com/hashicorp/consul-k8s/${{ matrix.component }}/version | |
| export GOLDFLAGS="-X ${GIT_IMPORT}.GitCommit=${GIT_COMMIT}${GIT_DIRTY} -X ${GIT_IMPORT}.GitDescribe=${{ needs.get-product-version.outputs.product-version }}" | |
| ${{ matrix.env }} go build -o dist/${{ matrix.bin_name }} -ldflags "${GOLDFLAGS}" -tags=${{ matrix.gotags }} . | |
| zip -r -j out/${{ matrix.pkg_name }}_${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip dist/ | |
| - name: Upload built binaries | |
| uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 | |
| with: | |
| name: ${{ matrix.pkg_name }}_${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip | |
| path: ${{ matrix.component}}/out/${{ matrix.pkg_name }}_${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip | |
| - name: Package rpm and deb files | |
| if: ${{ matrix.goos == 'linux' && matrix.component == 'cli' && matrix.goarch == 'amd64'}} | |
| uses: hashicorp/actions-packaging-linux@v1 | |
| with: | |
| name: consul-k8s | |
| description: "consul-k8s provides a cli interface to first-class integrations between Consul and Kubernetes." | |
| arch: ${{ matrix.goarch }} | |
| version: ${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }} | |
| maintainer: "HashiCorp" | |
| homepage: "https://github.com/hashicorp/consul-k8s" | |
| license: "MPL-2.0" | |
| binary: "${{ matrix.component }}/dist/${{ matrix.pkg_name }}" | |
| deb_depends: "openssl" | |
| rpm_depends: "openssl" | |
| - name: Set package names | |
| if: ${{ matrix.goos == 'linux' && matrix.component == 'cli' && matrix.goarch == 'amd64'}} | |
| run: | | |
| echo "RPM_PACKAGE=$(basename out/*.rpm)" >> $GITHUB_ENV | |
| echo "DEB_PACKAGE=$(basename out/*.deb)" >> $GITHUB_ENV | |
| - name: Test rpm package | |
| if: ${{ matrix.goos == 'linux' && matrix.component == 'cli' && matrix.goarch == 'amd64'}} | |
| uses: addnab/docker-run-action@v3 # TSCCR: no entry for repository "addnab/docker-run-action" | |
| with: | |
| image: registry.access.redhat.com/ubi9/ubi:latest | |
| options: -v ${{ github.workspace }}:/work | |
| run: | | |
| dnf install -qy openssl | |
| cd /work | |
| rpm -ivh out/${{ env.RPM_PACKAGE }} | |
| CONSUL_K8S_VERSION="$(consul-k8s version | awk '{print $2}')" | |
| VERSION="v${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }}" | |
| if [ "${VERSION}" != "${CONSUL_K8S_VERSION}" ]; then | |
| echo "Test FAILED, expected: ${VERSION}, got: ${CONSUL_K8S_VERSION}" | |
| exit 1 | |
| fi | |
| echo "Test PASSED, expected: ${VERSION}, got: ${CONSUL_K8S_VERSION}" | |
| - name: Upload rpm package | |
| uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 | |
| if: ${{ matrix.goos == 'linux' && matrix.component == 'cli' && matrix.goarch == 'amd64'}} | |
| with: | |
| name: ${{ env.RPM_PACKAGE }} | |
| path: out/${{ env.RPM_PACKAGE }} | |
| - name: Test debian package | |
| if: ${{ matrix.goos == 'linux' && matrix.component == 'cli' && matrix.goarch == 'amd64'}} | |
| uses: addnab/docker-run-action@v3 # TSCCR: no entry for repository "addnab/docker-run-action" | |
| with: | |
| image: ubuntu:latest | |
| options: -v ${{ github.workspace }}:/work | |
| run: | | |
| apt update && apt install -y openssl | |
| cd /work | |
| apt install ./out/${{ env.DEB_PACKAGE }} | |
| CONSUL_K8S_VERSION="$(consul-k8s version | awk '{print $2}')" | |
| VERSION="v${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }}" | |
| if [ "${VERSION}" != "${CONSUL_K8S_VERSION}" ]; then | |
| echo "Test FAILED, expected: ${VERSION}, got: ${CONSUL_K8S_VERSION}" | |
| exit 1 | |
| fi | |
| echo "Test PASSED, expected: ${VERSION}, got: ${CONSUL_K8S_VERSION}" | |
| - name: Upload debian packages | |
| uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 | |
| if: ${{ matrix.goos == 'linux' && matrix.component == 'cli' && matrix.goarch == 'amd64'}} | |
| with: | |
| name: ${{ env.DEB_PACKAGE }} | |
| path: out/${{ env.DEB_PACKAGE }} | |
| build-docker: | |
| name: Docker ${{ matrix.goarch }} ${{ matrix.fips }} default release build | |
| needs: [get-product-version, build] | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| include: | |
| - { goos: "linux", goarch: "arm" } | |
| - { goos: "linux", goarch: "arm64" } | |
| - { goos: "linux", goarch: "386" } | |
| - { goos: "linux", goarch: "amd64" } | |
| - { goos: "linux", goarch: "amd64", fips: ".fips1402" } | |
| - { goos: "linux", goarch: "arm64", fips: ".fips1402" } | |
| env: | |
| repo: ${{ github.event.repository.name }} | |
| version: ${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }} | |
| steps: | |
| - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 | |
| - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 | |
| with: | |
| name: consul-cni_${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }}_${{ matrix.goos}}_${{ matrix.goarch }}.zip | |
| path: control-plane/dist/cni/${{ matrix.goos}}/${{ matrix.goarch }} | |
| - name: extract consul-cni zip | |
| env: | |
| ZIP_LOCATION: control-plane/dist/cni/${{ matrix.goos}}/${{ matrix.goarch }} | |
| run: | | |
| cd "${ZIP_LOCATION}" | |
| unzip -j *.zip | |
| - name: Docker Build (Action) | |
| uses: hashicorp/actions-docker-build@v1 | |
| if: ${{ !matrix.fips }} | |
| with: | |
| smoke_test: | | |
| TEST_VERSION="$(docker run "${IMAGE_NAME}" consul-k8s-control-plane version | awk '{print $2}')" | |
| if [ "${TEST_VERSION}" != "v${version}" ]; then | |
| echo "Test FAILED" | |
| exit 1 | |
| fi | |
| echo "Test PASSED" | |
| version: ${{ env.version }} | |
| target: release-default | |
| arch: ${{ matrix.goarch }} | |
| pkg_name: consul-k8s-control-plane_${{ env.version }} | |
| bin_name: consul-k8s-control-plane | |
| workdir: control-plane | |
| tags: | | |
| docker.io/hashicorp/${{ env.repo }}-control-plane:${{ env.version }} | |
| dev_tags: | | |
| hashicorppreview/${{ env.repo }}-control-plane:${{ env.version }} | |
| docker.io/hashicorppreview/${{ env.repo }}-control-plane:${{ env.version }}-${{ github.sha }} | |
| - name: Docker FIPS Build (Action) | |
| uses: hashicorp/actions-docker-build@v1 | |
| if: ${{ matrix.fips }} | |
| with: | |
| smoke_test: | | |
| TEST_VERSION="$(docker run "${IMAGE_NAME}" consul-k8s-control-plane version | awk '{print $2}')" | |
| if [ "${TEST_VERSION}" != "v${version}" ]; then | |
| echo "Test FAILED" | |
| exit 1 | |
| fi | |
| echo "Test PASSED" | |
| version: ${{ env.version }} | |
| target: release-default-fips # duplicate target to distinguish FIPS builds in CRT machinery | |
| arch: ${{ matrix.goarch }} | |
| pkg_name: consul-k8s-control-plane_${{ env.version }} | |
| bin_name: consul-k8s-control-plane | |
| workdir: control-plane | |
| tags: | | |
| docker.io/hashicorp/${{ env.repo }}-control-plane-fips:${{ env.version }} | |
| dev_tags: | | |
| hashicorppreview/${{ env.repo }}-control-plane-fips:${{ env.version }} | |
| docker.io/hashicorppreview/${{ env.repo }}-control-plane-fips:${{ env.version }}-${{ github.sha }} | |
| build-docker-ubi-redhat-registry: | |
| name: Docker ${{ matrix.arch }} ${{ matrix.fips }} UBI build for RedHat Registry | |
| needs: [get-product-version, build] | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| include: | |
| - { arch: "amd64" } | |
| - { arch: "amd64", fips: ".fips1402" } | |
| env: | |
| repo: ${{ github.event.repository.name }} | |
| version: ${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }} | |
| steps: | |
| - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 | |
| - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 | |
| with: | |
| name: consul-cni_${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }}_linux_${{ matrix.arch }}.zip | |
| path: control-plane/dist/cni/linux/${{ matrix.arch }} | |
| - name: extract consul-cni zip | |
| env: | |
| ZIP_LOCATION: control-plane/dist/cni/linux/${{ matrix.arch }} | |
| run: | | |
| cd "${ZIP_LOCATION}" | |
| unzip -j *.zip | |
| - name: Copy LICENSE | |
| run: | |
| cp LICENSE ./control-plane | |
| - name: Docker Build (Action) | |
| if: ${{ !matrix.fips }} | |
| uses: hashicorp/actions-docker-build@v1 | |
| with: | |
| smoke_test: | | |
| TEST_VERSION="$(docker run "${IMAGE_NAME}" consul-k8s-control-plane version | awk '{print $2}')" | |
| if [ "${TEST_VERSION}" != "v${version}" ]; then | |
| echo "Test FAILED" | |
| exit 1 | |
| fi | |
| echo "Test PASSED" | |
| version: ${{ env.version }} | |
| target: ubi | |
| arch: ${{ matrix.arch }} | |
| pkg_name: consul-k8s-control-plane_${{ env.version }} | |
| bin_name: consul-k8s-control-plane | |
| workdir: control-plane | |
| redhat_tag: quay.io/redhat-isv-containers/611ca2f89a9b407267837100:${{env.version}}-ubi | |
| - name: Docker FIPS Build (Action) | |
| if: ${{ matrix.fips }} | |
| uses: hashicorp/actions-docker-build@v1 | |
| with: | |
| smoke_test: | | |
| TEST_VERSION="$(docker run "${IMAGE_NAME}" consul-k8s-control-plane version | awk '{print $2}')" | |
| if [ "${TEST_VERSION}" != "v${version}" ]; then | |
| echo "Test FAILED" | |
| exit 1 | |
| fi | |
| echo "Test PASSED" | |
| version: ${{ env.version }} | |
| target: ubi-fips # duplicate target to distinguish FIPS builds in CRT machinery | |
| arch: ${{ matrix.arch }} | |
| pkg_name: consul-k8s-control-plane_${{ env.version }} | |
| bin_name: consul-k8s-control-plane | |
| workdir: control-plane | |
| redhat_tag: quay.io/redhat-isv-containers/6486b1beabfc4e51588c0416:${{env.version}}-ubi # this is different than the non-FIPS one | |
| build-docker-ubi-dockerhub: | |
| name: Docker ${{ matrix.arch }} ${{ matrix.fips }} UBI build for DockerHub | |
| needs: [ get-product-version, build ] | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| arch: [ "amd64" ] | |
| fips: [ ".fips1402", "" ] | |
| env: | |
| repo: ${{ github.event.repository.name }} | |
| version: ${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }} | |
| steps: | |
| - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 | |
| - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 | |
| with: | |
| name: consul-cni_${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }}_linux_${{ matrix.arch }}.zip | |
| path: control-plane/dist/cni/linux/${{ matrix.arch }} | |
| - name: extract consul-cni zip | |
| env: | |
| ZIP_LOCATION: control-plane/dist/cni/linux/${{ matrix.arch }} | |
| run: | | |
| cd ${ZIP_LOCATION} | |
| unzip -j *.zip | |
| - name: Copy LICENSE | |
| run: | |
| cp LICENSE ./control-plane | |
| - name: Docker Build (Action) | |
| uses: hashicorp/actions-docker-build@v1 | |
| if: ${{ !matrix.fips }} | |
| with: | |
| smoke_test: | | |
| TEST_VERSION="$(docker run "${IMAGE_NAME}" consul-k8s-control-plane version | awk '{print $2}')" | |
| if [ "${TEST_VERSION}" != "v${version}" ]; then | |
| echo "Test FAILED" | |
| exit 1 | |
| fi | |
| echo "Test PASSED" | |
| version: ${{ env.version }} | |
| target: ubi | |
| arch: ${{ matrix.arch }} | |
| pkg_name: consul-k8s-control-plane_${{ env.version }} | |
| bin_name: consul-k8s-control-plane | |
| workdir: control-plane | |
| tags: | | |
| docker.io/hashicorp/${{ env.repo }}-control-plane:${{ env.version }}-ubi | |
| dev_tags: | | |
| hashicorppreview/${{ env.repo }}-control-plane:${{ env.version }}-ubi | |
| docker.io/hashicorppreview/${{ env.repo }}-control-plane:${{ env.version }}-ubi-${{ github.sha }} | |
| - name: Docker FIPS Build (Action) | |
| uses: hashicorp/actions-docker-build@v1 | |
| if: ${{ matrix.fips }} | |
| with: | |
| smoke_test: | | |
| TEST_VERSION="$(docker run "${IMAGE_NAME}" consul-k8s-control-plane version | awk '{print $2}')" | |
| if [ "${TEST_VERSION}" != "v${version}" ]; then | |
| echo "Test FAILED" | |
| exit 1 | |
| fi | |
| echo "Test PASSED" | |
| version: ${{ env.version }} | |
| target: ubi-fips # duplicate target to distinguish FIPS builds in CRT machinery | |
| arch: ${{ matrix.arch }} | |
| pkg_name: consul-k8s-control-plane_${{ env.version }} | |
| bin_name: consul-k8s-control-plane | |
| workdir: control-plane | |
| tags: | | |
| docker.io/hashicorp/${{ env.repo }}-control-plane-fips:${{ env.version }}-ubi | |
| dev_tags: | | |
| hashicorppreview/${{ env.repo }}-control-plane-fips:${{ env.version }}-ubi | |
| docker.io/hashicorppreview/${{ env.repo }}-control-plane-fips:${{ env.version }}-ubi-${{ github.sha }} |