Merge branch 'hashicorp:main' into linux-vault-config-files-not-writa…

…ble-for-vault
hashicorp · Jan 13, 2024 · b641aa1 · b641aa1
2 parents e486051 + bc9be55
commit b641aa1
Show file tree

Hide file tree

Showing 602 changed files with 10,357 additions and 4,019 deletions.
diff --git a/.copywrite.hcl b/.copywrite.hcl
@@ -2,13 +2,13 @@ schema_version = 1
 
 project {
   license        = "BUSL-1.1"
-  copyright_year = 2023
+  copyright_year = 2024
 
   # (OPTIONAL) A list of globs that should not have copyright/license headers.
   # Supports doublestar glob patterns for more flexibility in defining which
   # files or folders should be ignored
   header_ignore = [
-    "builtin/credential/aws/pkcs7/**",
+    "helper/pkcs7/**",
     "ui/node_modules/**",
     "enos/modules/k8s_deploy_vault/raft-config.hcl",
     "plugins/database/postgresql/scram/**",

diff --git a/.github/actions/install-external-tools/action.yml b/.github/actions/install-external-tools/action.yml
@@ -0,0 +1,32 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: BUSL-1.1
+
+---
+name: Install external tools for CI
+description: Install external tools CI
+
+# When possible, prefer installing pre-built external tools for speed. This allows us to avoid
+# downloading modules and compiling external tools on CI runners.
+
+runs:
+  using: composite
+  steps:
+    - uses: ./.github/actions/set-up-buf
+      with:
+        version: v1.25.0 # This should match the version in tools/tool.sh
+    - uses: ./.github/actions/set-up-gofumpt
+    - uses: ./.github/actions/set-up-gotestsum
+    - uses: ./.github/actions/set-up-misspell
+    - uses: ./.github/actions/set-up-staticcheck
+      # We assume that the Go toolchain will be managed by the caller workflow so we don't set one
+      # up here.
+    - run: go install google.golang.org/protobuf/cmd/protoc-gen-go@latest
+      shell: bash
+    - run: go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@latest
+      shell: bash
+    - run: go install github.com/favadi/protoc-go-inject-tag@latest
+      shell: bash
+    - run: go install golang.org/x/tools/cmd/goimports@latest
+      shell: bash
+    - run: go install github.com/golangci/revgrep/cmd/revgrep@latest
+      shell: bash
diff --git a/.github/actions/set-up-buf/action.yml b/.github/actions/set-up-buf/action.yml
@@ -0,0 +1,63 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: BUSL-1.1
+
+---
+name: Set up buf from Github releases
+description: Set up buf from Github releases
+
+inputs:
+  destination:
+    description: "Where to install the buf binary (default: $HOME/bin/buf)"
+    type: boolean
+    default: "$HOME/bin/buf"
+  version:
+    description: "The version to install (default: latest)"
+    type: string
+    default: Latest
+
+outputs:
+  destination:
+    description: Where the installed buf binary is
+    value: ${{ steps.install.outputs.destination }}
+  destination-dir:
+    description: The directory where the installed buf binary is
+    value: ${{ steps.install.outputs.destination-dir }}
+  version:
+    description: The installed version of buf
+    value: ${{ steps.install.outputs.version }}
+
+runs:
+  using: composite
+  steps:
+    - id: install
+      shell: bash
+      env:
+        GH_TOKEN: ${{ github.token }}
+      run: |
+        VERSION=$(gh release list -R bufbuild/buf --exclude-drafts --exclude-pre-releases | grep ${{ inputs.version }} | cut -f1)
+        echo "version=$VERSION" >> "$GITHUB_OUTPUT"
+
+        mkdir -p $(dirname ${{ inputs.destination }})
+        DESTINATION="$(readlink -f "${{ inputs.destination }}")"
+        echo "destination=$DESTINATION" >> "$GITHUB_OUTPUT"
+        DESTINATION_DIR="$(dirname "$DESTINATION")"
+        echo "$DESTINATION_DIR" >> "$GITHUB_PATH"
+        echo "destination-dir=$DESTINATION_DIR" >> "$GITHUB_OUTPUT"
+
+        ARCH="$(echo "$RUNNER_ARCH" | tr '[:upper:]' '[:lower:]')"
+        OS="$RUNNER_OS"
+        if [ "$ARCH" = "x64" ]; then
+          export ARCH="x86_64"
+        fi
+        if [ "$ARCH" = "arm64" ] && [ "$OS" = "Linux" ]; then
+          export ARCH="aarch64"
+        fi
+        if [ "$OS" = "macOS" ]; then
+          export OS="Darwin"
+        fi
+
+        mkdir -p tmp
+        gh release download "$VERSION" -p "buf-${OS}-${ARCH}.tar.gz" -O tmp/buf.tgz -R bufbuild/buf
+        pushd tmp && tar -xvf buf.tgz && popd
+        mv tmp/buf/bin/buf "$DESTINATION"
+        rm -rf tmp
diff --git a/.github/actions/set-up-go/action.yml b/.github/actions/set-up-go/action.yml
@@ -65,10 +65,5 @@ runs:
       shell: bash
       run: |
         git config --global url."https://${{ inputs.github-token }}@github.com".insteadOf https://github.com
-        for mod in $(find . -type f -name go.mod); do
-          pushd "$(dirname $mod)"
-            go list ./...
-            go list -test ./...
-            go mod download
-          popd
-        done
+        make go-mod-download
+        du -h -d 1 ${{ steps.metadata.outputs.cache-path }}
diff --git a/.github/actions/set-up-gofumpt/action.yml b/.github/actions/set-up-gofumpt/action.yml
@@ -0,0 +1,58 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: BUSL-1.1
+
+---
+name: Set up gofumpt from Github releases
+description: Set up gofumpt from Github releases
+
+inputs:
+  destination:
+    description: "Where to install the gofumpt binary (default: $HOME/bin/gofumpt)"
+    type: boolean
+    default: "$HOME/bin/gofumpt"
+  version:
+    description: "The version to install (default: latest)"
+    type: string
+    default: Latest
+
+outputs:
+  destination:
+    description: Where the installed gofumpt binary is
+    value: ${{ steps.install.outputs.destination }}
+  destination-dir:
+    description: The directory where the installed gofumpt binary is
+    value: ${{ steps.install.outputs.destination-dir }}
+  version:
+    description: The installed version of gofumpt
+    value: ${{ steps.install.outputs.version }}
+
+runs:
+  using: composite
+  steps:
+    - id: install
+      shell: bash
+      env:
+        GH_TOKEN: ${{ github.token }}
+      run: |
+        VERSION=$(gh release list -R mvdan/gofumpt --exclude-drafts --exclude-pre-releases | grep ${{ inputs.version }} | cut -f1)
+        echo "version=$VERSION" >> "$GITHUB_OUTPUT"
+
+        mkdir -p $(dirname ${{ inputs.destination }})
+        DESTINATION="$(readlink -f "${{ inputs.destination }}")"
+        echo "destination=$DESTINATION" >> "$GITHUB_OUTPUT"
+        DESTINATION_DIR="$(dirname "$DESTINATION")"
+        echo "$DESTINATION_DIR" >> "$GITHUB_PATH"
+        echo "destination-dir=$DESTINATION_DIR" >> "$GITHUB_OUTPUT"
+
+        ARCH="$(echo "$RUNNER_ARCH" | tr '[:upper:]' '[:lower:]')"
+        OS="$(echo "$RUNNER_OS" | tr '[:upper:]' '[:lower:]')"
+        if [ "$ARCH" = "x64" ]; then
+          export ARCH="amd64"
+        fi
+        if [ "$OS" = "macos" ]; then
+          export OS="darwin"
+        fi
+
+        gh release download "$VERSION" -p "gofumpt_*_${OS}_${ARCH}" -O gofumpt -R mvdan/gofumpt
+        chmod +x gofumpt
+        mv gofumpt "$DESTINATION"
diff --git a/.github/actions/set-up-gotestsum/action.yml b/.github/actions/set-up-gotestsum/action.yml
@@ -9,7 +9,7 @@ inputs:
   destination:
     description: "Where to install the gotestsum binary (default: $HOME/bin/gotestsum)"
     type: boolean
-    default: "$HOME/bin"
+    default: "$HOME/bin/gotestsum"
   version:
     description: "The version to install (default: latest)"
     type: string
@@ -34,22 +34,24 @@ runs:
       env:
         GH_TOKEN: ${{ github.token }}
       run: |
-        VERSION=$(gh release list -R gotestyourself/gotestsum --exclude-drafts --exclude-pre-releases | grep Latest | cut -f1)
+        VERSION=$(gh release list -R gotestyourself/gotestsum --exclude-drafts --exclude-pre-releases | grep ${{ inputs.version }} | cut -f1)
         echo "version=$VERSION" >> "$GITHUB_OUTPUT"
 
-        mkdir -p "$HOME/bin"
-        DESTINATION="$(readlink -f "$HOME/bin")"
-        echo "destination=$DESTINATION" >> "GITHUB_OUTPUT"
+        mkdir -p $(dirname ${{ inputs.destination }})
+        DESTINATION="$(readlink -f "${{ inputs.destination }}")"
+        echo "destination=$DESTINATION" >> "$GITHUB_OUTPUT"
         DESTINATION_DIR="$(dirname "$DESTINATION")"
         echo "$DESTINATION_DIR" >> "$GITHUB_PATH"
-        echo "destination-dir=$DESTINATION_DIR" >> "GITHUB_OUTPUT"
+        echo "destination-dir=$DESTINATION_DIR" >> "$GITHUB_OUTPUT"
 
         OS="$(echo "$RUNNER_OS" | tr '[:upper:]' '[:lower:]')"
         ARCH="$(echo "$RUNNER_ARCH" | tr '[:upper:]' '[:lower:]')"
         if [ "$ARCH" = "x64" ]; then
           export ARCH="amd64"
         fi
 
-        gh release download "$VERSION" -p "*${OS}_${ARCH}.tar.gz" -O gotestsum.tgz -R gotestyourself/gotestsum
-        tar -xvf gotestsum.tgz
-        mv gotestsum "${DESTINATION_DIR}/gotestsum"
+        mkdir -p tmp
+        gh release download "$VERSION" -p "*${OS}_${ARCH}.tar.gz" -O tmp/gotestsum.tgz -R gotestyourself/gotestsum
+        pushd tmp && tar -xvf gotestsum.tgz && popd
+        mv tmp/gotestsum "$DESTINATION"
+        rm -rf tmp
diff --git a/.github/actions/set-up-misspell/action.yml b/.github/actions/set-up-misspell/action.yml
@@ -0,0 +1,60 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: BUSL-1.1
+
+---
+name: Set up misspell from Github releases
+description: Set up misspell from Github releases
+
+inputs:
+  destination:
+    description: "Where to install the misspell binary (default: $HOME/bin/misspell)"
+    type: boolean
+    default: "$HOME/bin/misspell"
+  version:
+    description: "The version to install (default: latest)"
+    type: string
+    default: Latest
+
+outputs:
+  destination:
+    description: Where the installed misspell binary is
+    value: ${{ steps.install.outputs.destination }}
+  destination-dir:
+    description: The directory where the installed misspell binary is
+    value: ${{ steps.install.outputs.destination-dir }}
+  version:
+    description: The installed version of misspell
+    value: ${{ steps.install.outputs.version }}
+
+runs:
+  using: composite
+  steps:
+    - id: install
+      shell: bash
+      env:
+        GH_TOKEN: ${{ github.token }}
+      run: |
+        VERSION=$(gh release list -R golangci/misspell --exclude-drafts --exclude-pre-releases | grep ${{ inputs.version }} | cut -f1)
+        echo "version=$VERSION" >> "$GITHUB_OUTPUT"
+
+        mkdir -p $(dirname ${{ inputs.destination }})
+        DESTINATION="$(readlink -f "${{ inputs.destination }}")"
+        echo "destination=$DESTINATION" >> "$GITHUB_OUTPUT"
+        DESTINATION_DIR="$(dirname "$DESTINATION")"
+        echo "$DESTINATION_DIR" >> "$GITHUB_PATH"
+        echo "destination-dir=$DESTINATION_DIR" >> "$GITHUB_OUTPUT"
+
+        ARCH="$(echo "$RUNNER_ARCH" | tr '[:upper:]' '[:lower:]')"
+        OS="$(echo "$RUNNER_OS" | tr '[:upper:]' '[:lower:]')"
+        if [ "$ARCH" = "x64" ]; then
+          export ARCH="64bit"
+        fi
+        if [ "$OS" = "macos" ]; then
+          export OS="mac"
+        fi
+
+        mkdir -p tmp
+        gh release download "$VERSION" -p "misspell_*_${OS}_${ARCH}.tar.gz" -O tmp/misspell.tgz -R golangci/misspell
+        pushd tmp && tar -xvf misspell.tgz && popd
+        mv tmp/misspell "$DESTINATION"
+        rm -rf tmp
diff --git a/.github/actions/set-up-staticcheck/action.yml b/.github/actions/set-up-staticcheck/action.yml
@@ -0,0 +1,60 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: BUSL-1.1
+
+---
+name: Set up staticcheck from Github releases
+description: Set up staticcheck from Github releases
+
+inputs:
+  destination:
+    description: "Where to install the staticcheck binary (default: $HOME/bin/staticcheck)"
+    type: boolean
+    default: "$HOME/bin/staticcheck"
+  version:
+    description: "The version to install (default: latest)"
+    type: string
+    default: Latest
+
+outputs:
+  destination:
+    description: Where the installed staticcheck binary is
+    value: ${{ steps.install.outputs.destination }}
+  destination-dir:
+    description: The directory where the installed staticcheck binary is
+    value: ${{ steps.install.outputs.destination-dir }}
+  version:
+    description: The installed version of staticcheck
+    value: ${{ steps.install.outputs.version }}
+
+runs:
+  using: composite
+  steps:
+    - id: install
+      shell: bash
+      env:
+        GH_TOKEN: ${{ github.token }}
+      run: |
+        VERSION=$(gh release list -R dominikh/go-tools --exclude-drafts --exclude-pre-releases | grep ${{ inputs.version }} | cut -d " " -f2)
+        echo "version=$VERSION" >> "$GITHUB_OUTPUT"
+
+        mkdir -p $(dirname ${{ inputs.destination }})
+        DESTINATION="$(readlink -f "${{ inputs.destination }}")"
+        echo "destination=$DESTINATION" >> "$GITHUB_OUTPUT"
+        DESTINATION_DIR="$(dirname "$DESTINATION")"
+        echo "$DESTINATION_DIR" >> "$GITHUB_PATH"
+        echo "destination-dir=$DESTINATION_DIR" >> "$GITHUB_OUTPUT"
+
+        ARCH="$(echo "$RUNNER_ARCH" | tr '[:upper:]' '[:lower:]')"
+        OS="$(echo "$RUNNER_OS" | tr '[:upper:]' '[:lower:]')"
+        if [ "$ARCH" = "x64" ]; then
+          export ARCH="amd64"
+        fi
+        if [ "$OS" = "macos" ]; then
+          export OS="darwin"
+        fi
+
+        mkdir -p tmp
+        gh release download "$VERSION" -p "staticcheck_${OS}_${ARCH}.tar.gz" -O tmp/staticcheck.tgz -R dominikh/go-tools
+        pushd tmp && tar -xvf staticcheck.tgz && popd
+        mv tmp/staticcheck/staticcheck "$DESTINATION"
+        rm -rf tmp
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -374,7 +374,7 @@ jobs:
                   "type": "section",
                   "text": {
                     "type": "mrkdwn",
-                    "text": "${{ (needs.build-other.result != 'failure' && needs.build-linux.result != 'failure' && needs.build-darwin.result != 'failure' && needs.build-docker.result != 'failure' && needs.build-ubi.result != 'failure') && ':white_check_mark:' || ':x:' }} Build results\n${{ (needs.test.result != 'failure' && needs.test-docker-k8s.result != 'failure') && ':white_check_mark:' || ':x:' }} Enos tests"
+                    "text": "${{ (needs.build-other.result == 'success' && needs.build-linux.result == 'success' && needs.build-darwin.result == 'success' && needs.build-docker.result == 'success' && needs.build-ubi.result == 'success') && ':white_check_mark:' || ':x:' }} Build results\n${{ (needs.test.result != 'failure' && needs.test-docker-k8s.result != 'failure') && ':white_check_mark:' || ':x:' }} Enos tests"
                   },
                   "accessory": {
                     "type": "button",
@@ -412,7 +412,7 @@ jobs:
         run: vault-auth
       - id: secrets
         name: Fetch Vault Secrets
-        uses: hashicorp/vault-action@130d1f5f4fe645bb6c83e4225c04d64cfb62de6e
+        uses: hashicorp/vault-action@affa6f04da5c2d55e6e115b7d1b044a6b1af8c74
         with:
           url: ${{ steps.vault-auth.outputs.addr }}
           caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }}