Skip to content

Backport of security: Upgrade Go to 1.22.7 into release/1.1.x (#4317) #2627

Backport of security: Upgrade Go to 1.22.7 into release/1.1.x (#4317)

Backport of security: Upgrade Go to 1.22.7 into release/1.1.x (#4317) #2627

Workflow file for this run

# Copyright (c) HashiCorp, Inc.
name: build
on:
workflow_dispatch:
push:
# Sequence of patterns matched against refs/heads
branches:
# Push events on main branch
- main
# Push events to branches matching refs/heads/release/**
- "release/**"
env:
PKG_NAME: "consul-k8s"
jobs:
conditional-skip:
uses: ./.github/workflows/reusable-conditional-skip.yml
get-go-version:
# Cascades down to test jobs
needs: [ conditional-skip ]
if: needs.conditional-skip.outputs.skip-ci != 'true'
uses: ./.github/workflows/reusable-get-go-version.yml
get-product-version:
# Cascades down to test jobs
needs: [ conditional-skip ]
if: needs.conditional-skip.outputs.skip-ci != 'true'
runs-on: ubuntu-latest
outputs:
product-version: ${{ steps.get-product-version.outputs.product-version }}
steps:
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- name: get product version
id: get-product-version
run: |
make version
echo "product-version=$(make version)" >> $GITHUB_OUTPUT
generate-metadata-file:
needs: get-product-version
runs-on: ubuntu-latest
outputs:
filepath: ${{ steps.generate-metadata-file.outputs.filepath }}
steps:
- name: "Checkout directory"
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- name: Generate metadata file
id: generate-metadata-file
uses: hashicorp/actions-generate-metadata@v1
with:
version: ${{ needs.get-product-version.outputs.product-version }}
product: ${{ env.PKG_NAME }}
repositoryOwner: "hashicorp"
- uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
with:
name: metadata.json
path: ${{ steps.generate-metadata-file.outputs.filepath }}
build:
needs: [get-go-version, get-product-version]
runs-on: ubuntu-latest
strategy:
matrix:
include:
# cli
- {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "freebsd", goarch: "386", component: "cli", pkg_name: "consul-k8s", "bin_name": "consul-k8s" }
- {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "freebsd", goarch: "amd64", component: "cli", pkg_name: "consul-k8s", "bin_name": "consul-k8s" }
- {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "386", component: "cli", pkg_name: "consul-k8s", "bin_name": "consul-k8s" }
- {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "amd64", component: "cli", pkg_name: "consul-k8s", "bin_name": "consul-k8s" }
- {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "arm", component: "cli", pkg_name: "consul-k8s", "bin_name": "consul-k8s" }
- {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "arm64", component: "cli", pkg_name: "consul-k8s", "bin_name": "consul-k8s" }
- {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "windows", goarch: "386", component: "cli", pkg_name: "consul-k8s", "bin_name": "consul-k8s.exe" }
- {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "windows", goarch: "amd64", component: "cli", pkg_name: "consul-k8s", "bin_name": "consul-k8s.exe" }
- {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "darwin", goarch: "amd64", component: "cli", pkg_name: "consul-k8s", "bin_name": "consul-k8s" }
- {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "darwin", goarch: "arm64", component: "cli", pkg_name: "consul-k8s", "bin_name": "consul-k8s" }
# control-plane
- {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "freebsd", goarch: "386", component: "control-plane", pkg_name: "consul-k8s-control-plane", "bin_name": "consul-k8s-control-plane" }
- {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "freebsd", goarch: "amd64", component: "control-plane", pkg_name: "consul-k8s-control-plane", "bin_name": "consul-k8s-control-plane" }
- {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "386", component: "control-plane", pkg_name: "consul-k8s-control-plane", "bin_name": "consul-k8s-control-plane" }
- {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "amd64", component: "control-plane", pkg_name: "consul-k8s-control-plane", "bin_name": "consul-k8s-control-plane" }
- {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "arm", component: "control-plane", pkg_name: "consul-k8s-control-plane", "bin_name": "consul-k8s-control-plane" }
- {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "arm64", component: "control-plane", pkg_name: "consul-k8s-control-plane", "bin_name": "consul-k8s-control-plane" }
# solaris is only built for the control plane
- {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "solaris", goarch: "amd64", component: "control-plane", pkg_name: "consul-k8s-control-plane", "bin_name": "consul-k8s-control-plane" }
- {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "windows", goarch: "386", component: "control-plane", pkg_name: "consul-k8s-control-plane", "bin_name": "consul-k8s-control-plane.exe" }
- {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "windows", goarch: "amd64", component: "control-plane", pkg_name: "consul-k8s-control-plane", "bin_name": "consul-k8s-control-plane.exe" }
- {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "darwin", goarch: "amd64", component: "control-plane", pkg_name: "consul-k8s-control-plane", "bin_name": "consul-k8s-control-plane" }
- {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "darwin", goarch: "arm64", component: "control-plane", pkg_name: "consul-k8s-control-plane", "bin_name": "consul-k8s-control-plane" }
# consul-cni
- {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "freebsd", goarch: "386", component: "control-plane/cni", pkg_name: "consul-cni", "bin_name": "consul-cni" }
- {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "freebsd", goarch: "amd64", component: "control-plane/cni", pkg_name: "consul-cni", "bin_name": "consul-cni" }
- {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "386", component: "control-plane/cni", pkg_name: "consul-cni", "bin_name": "consul-cni" }
- {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "amd64", component: "control-plane/cni", pkg_name: "consul-cni", "bin_name": "consul-cni" }
- {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "arm", component: "control-plane/cni", pkg_name: "consul-cni", "bin_name": "consul-cni" }
- {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "arm64", component: "control-plane/cni", pkg_name: "consul-cni", "bin_name": "consul-cni" }
- {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "solaris", goarch: "amd64", component: "control-plane/cni", pkg_name: "consul-cni", "bin_name": "consul-cni" }
- {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "windows", goarch: "386", component: "control-plane/cni", pkg_name: "consul-cni", "bin_name": "consul-cni.exe" }
- {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "windows", goarch: "amd64", component: "control-plane/cni", pkg_name: "consul-cni", "bin_name": "consul-cni.exe" }
- {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "darwin", goarch: "amd64", component: "control-plane/cni", pkg_name: "consul-cni", "bin_name": "consul-cni" }
- {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "darwin", goarch: "arm64", component: "control-plane/cni", pkg_name: "consul-cni", "bin_name": "consul-cni" }
fail-fast: true
name: Go ${{ matrix.go }} ${{ matrix.goos }} ${{ matrix.goarch }} ${{ matrix.component }} build
steps:
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- name: Setup go
uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
with:
go-version: ${{ matrix.go }}
- name: Build
env:
GOOS: ${{ matrix.goos }}
GOARCH: ${{ matrix.goarch }}
CGO_ENABLED: 0
working-directory: ${{ matrix.component }}
run: |
mkdir -p dist out
cp $GITHUB_WORKSPACE/LICENSE dist/LICENSE.txt
export GIT_COMMIT=$(git rev-parse --short HEAD)
export GIT_DIRTY=$(test -n "$(git status --porcelain)" && echo "+CHANGES")
export GIT_IMPORT=github.com/hashicorp/consul-k8s/version
export GOLDFLAGS="-X ${GIT_IMPORT}.GitCommit=${GIT_COMMIT}${GIT_DIRTY} -X ${GIT_IMPORT}.GitDescribe=${{ needs.get-product-version.outputs.product-version }}"
CGO_ENABLED=0 go build -o dist/${{ matrix.bin_name }} -ldflags "${GOLDFLAGS}" .
zip -r -j out/${{ matrix.pkg_name }}_${{ needs.get-product-version.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip dist/
- name: Upload built binaries
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
with:
name: ${{ matrix.pkg_name }}_${{ needs.get-product-version.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip
path: ${{ matrix.component}}/out/${{ matrix.pkg_name }}_${{ needs.get-product-version.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip
- name: Copy license file
env:
LICENSE_DIR: ".release/linux/package/usr/share/doc/${{ env.PKG_NAME }}"
run: |
mkdir -p "$LICENSE_DIR"
cp $GITHUB_WORKSPACE/LICENSE "$LICENSE_DIR/LICENSE.txt"
- name: Package rpm and deb files
if: ${{ matrix.goos == 'linux' && matrix.component == 'cli' && matrix.goarch == 'amd64'}}
uses: hashicorp/actions-packaging-linux@v1
with:
name: consul-k8s
description: "consul-k8s provides a cli interface to first-class integrations between Consul and Kubernetes."
arch: ${{ matrix.goarch }}
version: ${{ needs.get-product-version.outputs.product-version }}
maintainer: "HashiCorp"
homepage: "https://github.com/hashicorp/consul-k8s"
license: "MPL-2.0"
binary: "${{ matrix.component }}/dist/${{ matrix.pkg_name }}"
deb_depends: "openssl"
rpm_depends: "openssl"
config_dir: ".release/linux/package/"
- name: Set package names
if: ${{ matrix.goos == 'linux' && matrix.component == 'cli' && matrix.goarch == 'amd64'}}
run: |
echo "RPM_PACKAGE=$(basename out/*.rpm)" >> $GITHUB_ENV
echo "DEB_PACKAGE=$(basename out/*.deb)" >> $GITHUB_ENV
- name: Test rpm package
if: ${{ matrix.goos == 'linux' && matrix.component == 'cli' && matrix.goarch == 'amd64'}}
uses: addnab/docker-run-action@4f65fabd2431ebc8d299f8e5a018d79a769ae185 # v3
with:
image: registry.access.redhat.com/ubi9/ubi:latest
options: -v ${{ github.workspace }}:/work
run: |
dnf install -qy openssl
cd /work
rpm -ivh out/${{ env.RPM_PACKAGE }}
CONSUL_K8S_VERSION="$(consul-k8s version | awk '{print $2}')"
VERSION="v${{ needs.get-product-version.outputs.product-version }}"
if [ "${VERSION}" != "${CONSUL_K8S_VERSION}" ]; then
echo "Test FAILED, expected: ${VERSION}, got: ${CONSUL_K8S_VERSION}"
exit 1
fi
echo "Test PASSED, expected: ${VERSION}, got: ${CONSUL_K8S_VERSION}"
- name: Upload rpm package
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
if: ${{ matrix.goos == 'linux' && matrix.component == 'cli' && matrix.goarch == 'amd64'}}
with:
name: ${{ env.RPM_PACKAGE }}
path: out/${{ env.RPM_PACKAGE }}
- name: Test debian package
if: ${{ matrix.goos == 'linux' && matrix.component == 'cli' && matrix.goarch == 'amd64'}}
uses: addnab/docker-run-action@4f65fabd2431ebc8d299f8e5a018d79a769ae185 # v3
with:
image: ubuntu:latest
options: -v ${{ github.workspace }}:/work
run: |
apt update && apt install -y openssl
cd /work
apt install ./out/${{ env.DEB_PACKAGE }}
CONSUL_K8S_VERSION="$(consul-k8s version | awk '{print $2}')"
VERSION="v${{ needs.get-product-version.outputs.product-version }}"
if [ "${VERSION}" != "${CONSUL_K8S_VERSION}" ]; then
echo "Test FAILED, expected: ${VERSION}, got: ${CONSUL_K8S_VERSION}"
exit 1
fi
echo "Test PASSED, expected: ${VERSION}, got: ${CONSUL_K8S_VERSION}"
- name: Upload debian packages
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
if: ${{ matrix.goos == 'linux' && matrix.component == 'cli' && matrix.goarch == 'amd64'}}
with:
name: ${{ env.DEB_PACKAGE }}
path: out/${{ env.DEB_PACKAGE }}
build-docker:
name: Docker ${{ matrix.arch }} default release build
needs: [get-product-version, get-go-version, build]
runs-on: ubuntu-latest
strategy:
matrix:
arch: ["arm", "arm64", "386", "amd64"]
env:
repo: ${{ github.event.repository.name }}
version: ${{ needs.get-product-version.outputs.product-version }}
steps:
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
with:
name: consul-cni_${{ needs.get-product-version.outputs.product-version }}_linux_${{ matrix.arch }}.zip
path: control-plane/dist/cni/linux/${{ matrix.arch }}
- name: extract consul-cni zip
env:
ZIP_LOCATION: control-plane/dist/cni/linux/${{ matrix.arch }}
run: |
cd "${ZIP_LOCATION}"
unzip -j *.zip
# This naming convention will be used ONLY for per-commit dev images
- name: Set docker dev tag
run: |
echo "full_dev_tag=${{ env.version }}"
echo "full_dev_tag=${{ env.version }}" >> $GITHUB_ENV
echo "minor_dev_tag=$(echo ${{ env.version }}| sed -E 's/([0-9]+\.[0-9]+)\.[0-9]+(-[0-9a-zA-Z\+\.]+)?$/\1\2/')"
echo "minor_dev_tag=$(echo ${{ env.version }}| sed -E 's/([0-9]+\.[0-9]+)\.[0-9]+(-[0-9a-zA-Z\+\.]+)?$/\1\2/')" >> $GITHUB_ENV
- name: Docker Build (Action)
uses: hashicorp/actions-docker-build@v2
with:
smoke_test: |
TEST_VERSION="$(docker run "${IMAGE_NAME}" consul-k8s-control-plane version | awk '{print $2}')"
if [ "${TEST_VERSION}" != "v${version}" ]; then
echo "Test FAILED"
exit 1
fi
echo "Test PASSED"
version: ${{ env.version }}
target: release-default
arch: ${{ matrix.arch }}
pkg_name: consul-k8s-control-plane_${{ env.version }}
bin_name: consul-k8s-control-plane
workdir: control-plane
tags: |
docker.io/hashicorp/${{ env.repo }}-control-plane:${{ env.version }}
public.ecr.aws/hashicorp/${{ env.repo }}-control-plane:${{ env.version }}
dev_tags: |
docker.io/hashicorppreview/${{ env.repo }}-control-plane:${{ env.full_dev_tag }}
docker.io/hashicorppreview/${{ env.repo }}-control-plane:${{ env.full_dev_tag }}-${{ github.sha }}
docker.io/hashicorppreview/${{ env.repo }}-control-plane:${{ env.minor_dev_tag }}
docker.io/hashicorppreview/${{ env.repo }}-control-plane:${{ env.minor_dev_tag }}-${{ github.sha }}
extra_build_args: |
GOLANG_VERSION=${{ needs.get-go-version.outputs.go-version }}
build-docker-ubi:
name: Docker ${{ matrix.arch }} UBI builds
needs: [get-product-version, get-go-version, build]
runs-on: ubuntu-latest
strategy:
matrix:
arch: [ "amd64" ]
env:
repo: ${{ github.event.repository.name }}
version: ${{ needs.get-product-version.outputs.product-version }}
steps:
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
with:
name: consul-cni_${{ needs.get-product-version.outputs.product-version }}_linux_${{ matrix.arch }}.zip
path: control-plane/dist/cni/linux/${{ matrix.arch }}
- name: extract consul-cni zip
env:
ZIP_LOCATION: control-plane/dist/cni/linux/${{ matrix.arch }}
run: |
cd "${ZIP_LOCATION}"
unzip -j *.zip
# This naming convention will be used ONLY for per-commit dev images
- name: Set docker dev tag
run: |
echo "full_dev_tag=${{ env.version }}"
echo "full_dev_tag=${{ env.version }}" >> $GITHUB_ENV
echo "minor_dev_tag=$(echo ${{ env.version }}| sed -E 's/([0-9]+\.[0-9]+)\.[0-9]+(-[0-9a-zA-Z\+\.]+)?$/\1\2/')"
echo "minor_dev_tag=$(echo ${{ env.version }}| sed -E 's/([0-9]+\.[0-9]+)\.[0-9]+(-[0-9a-zA-Z\+\.]+)?$/\1\2/')" >> $GITHUB_ENV
- name: Docker Build (Action)
uses: hashicorp/actions-docker-build@v2
with:
smoke_test: |
TEST_VERSION="$(docker run "${IMAGE_NAME}" consul-k8s-control-plane version | awk '{print $2}')"
if [ "${TEST_VERSION}" != "v${version}" ]; then
echo "Test FAILED"
exit 1
fi
echo "Test PASSED"
version: ${{ env.version }}
target: ubi
arch: ${{ matrix.arch }}
pkg_name: consul-k8s-control-plane_${{ env.version }}
bin_name: consul-k8s-control-plane
workdir: control-plane
tags: |
docker.io/hashicorp/${{ env.repo }}-control-plane:${{ env.version }}-ubi
public.ecr.aws/hashicorp/${{ env.repo }}-control-plane:${{ env.version }}-ubi
dev_tags: |
docker.io/hashicorppreview/${{ env.repo }}-control-plane:${{ env.full_dev_tag }}-ubi
docker.io/hashicorppreview/${{ env.repo }}-control-plane:${{ env.full_dev_tag }}-ubi-${{ github.sha }}
docker.io/hashicorppreview/${{ env.repo }}-control-plane:${{ env.minor_dev_tag }}-ubi
docker.io/hashicorppreview/${{ env.repo }}-control-plane:${{ env.minor_dev_tag }}-ubi-${{ github.sha }}
redhat_tag: quay.io/redhat-isv-containers/611ca2f89a9b407267837100:${{env.version}}-ubi
extra_build_args: |
GOLANG_VERSION=${{ needs.get-go-version.outputs.go-version }}