diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml deleted file mode 100644 index 8df906c4c6..0000000000 --- a/.github/workflows/build.yml +++ /dev/null @@ -1,447 +0,0 @@ -# Copyright (c) HashiCorp, Inc. - -name: build -on: - workflow_dispatch: - push: - # Sequence of patterns matched against refs/heads - branches: - # Push events on main branch - - main - # Push events to branches matching refs/heads/release/** - - "release/**" - # Build on releng branches for testing build pipelines - - "releng/**" - -env: - PKG_NAME: "consul-k8s" - -jobs: - conditional-skip: - uses: ./.github/workflows/reusable-conditional-skip.yml - - get-go-version: - # Cascades down to test jobs - needs: [ conditional-skip ] - if: needs.conditional-skip.outputs.skip-ci != 'true' - uses: ./.github/workflows/reusable-get-go-version.yml - - get-product-version: - # Cascades down to test jobs - needs: [ conditional-skip ] - if: needs.conditional-skip.outputs.skip-ci != 'true' - runs-on: ubuntu-latest - outputs: - product-version: ${{ steps.get-product-version.outputs.product-version }} - steps: - - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - - name: get product version - id: get-product-version - run: | - make version - echo "product-version=$(make version)" >> $GITHUB_OUTPUT - - generate-metadata-file: - needs: get-product-version - runs-on: ubuntu-latest - outputs: - filepath: ${{ steps.generate-metadata-file.outputs.filepath }} - steps: - - name: "Checkout directory" - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - - name: Generate metadata file - id: generate-metadata-file - uses: hashicorp/actions-generate-metadata@v1 - with: - version: ${{ needs.get-product-version.outputs.product-version }} - product: ${{ env.PKG_NAME }} - repositoryOwner: "hashicorp" - - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 - with: - name: metadata.json - path: ${{ steps.generate-metadata-file.outputs.filepath }} - - build: - needs: [get-go-version, get-product-version] - runs-on: ubuntu-20.04 # the GLIBC is too high on 22.04 - strategy: - matrix: - include: - # cli (We aren't build packages for the linux 32-bit platforms) - - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "freebsd", goarch: "386", component: "cli", pkg_name: "consul-k8s", "bin_name": "consul-k8s" } - - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "freebsd", goarch: "amd64", component: "cli", pkg_name: "consul-k8s", "bin_name": "consul-k8s" } - - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "386", component: "cli", pkg_name: "consul-k8s", "bin_name": "consul-k8s", "skip_packaging": "true" } - - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "amd64", component: "cli", pkg_name: "consul-k8s", "bin_name": "consul-k8s"} - - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "arm", component: "cli", pkg_name: "consul-k8s", "bin_name": "consul-k8s", "skip_packaging": "true"} - - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "arm64", component: "cli", pkg_name: "consul-k8s", "bin_name": "consul-k8s" } - - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "windows", goarch: "386", component: "cli", pkg_name: "consul-k8s", "bin_name": "consul-k8s.exe" } - - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "windows", goarch: "amd64", component: "cli", pkg_name: "consul-k8s", "bin_name": "consul-k8s.exe" } - - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "darwin", goarch: "amd64", component: "cli", pkg_name: "consul-k8s", "bin_name": "consul-k8s" } - - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "darwin", goarch: "arm64", component: "cli", pkg_name: "consul-k8s", "bin_name": "consul-k8s" } - - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "amd64", component: "cli", pkg_name: "consul-k8s", "bin_name": "consul-k8s", gotags: "fips", env: "CGO_ENABLED=1 GOEXPERIMENT=boringcrypto", fips: "+fips1402", pkg_suffix: "-fips" } - - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "arm64", component: "cli", pkg_name: "consul-k8s", "bin_name": "consul-k8s", gotags: "fips", env: "CGO_ENABLED=1 GOEXPERIMENT=boringcrypto CC=aarch64-linux-gnu-gcc", fips: "+fips1402", pkg_suffix: "-fips" } - - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "windows", goarch: "amd64", component: "cli", pkg_name: "consul-k8s", "bin_name": "consul-k8s.exe", gotags: "fips", env: "CGO_ENABLED=1 GOEXPERIMENT=cngcrypto", fips: "+fips1402" } - - # control-plane - - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "freebsd", goarch: "386", component: "control-plane", pkg_name: "consul-k8s-control-plane", "bin_name": "consul-k8s-control-plane", "skip_packaging": "true" } - - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "freebsd", goarch: "amd64", component: "control-plane", pkg_name: "consul-k8s-control-plane", "bin_name": "consul-k8s-control-plane", "skip_packaging": "true" } - - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "386", component: "control-plane", pkg_name: "consul-k8s-control-plane", "bin_name": "consul-k8s-control-plane", "skip_packaging": "true" } - - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "amd64", component: "control-plane", pkg_name: "consul-k8s-control-plane", "bin_name": "consul-k8s-control-plane", "skip_packaging": "true" } - - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "arm", component: "control-plane", pkg_name: "consul-k8s-control-plane", "bin_name": "consul-k8s-control-plane", "skip_packaging": "true" } - - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "arm64", component: "control-plane", pkg_name: "consul-k8s-control-plane", "bin_name": "consul-k8s-control-plane", "skip_packaging": "true" } - # solaris is only built for the control plane - - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "solaris", goarch: "amd64", component: "control-plane", pkg_name: "consul-k8s-control-plane", "bin_name": "consul-k8s-control-plane", "skip_packaging": "true" } - - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "windows", goarch: "386", component: "control-plane", pkg_name: "consul-k8s-control-plane", "bin_name": "consul-k8s-control-plane.exe", "skip_packaging": "true" } - - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "windows", goarch: "amd64", component: "control-plane", pkg_name: "consul-k8s-control-plane", "bin_name": "consul-k8s-control-plane.exe", "skip_packaging": "true" } - - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "darwin", goarch: "amd64", component: "control-plane", pkg_name: "consul-k8s-control-plane", "bin_name": "consul-k8s-control-plane", "skip_packaging": "true" } - - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "darwin", goarch: "arm64", component: "control-plane", pkg_name: "consul-k8s-control-plane", "bin_name": "consul-k8s-control-plane", "skip_packaging": "true" } - - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "amd64", component: "control-plane", pkg_name: "consul-k8s-control-plane", "bin_name": "consul-k8s-control-plane", gotags: "fips", env: "CGO_ENABLED=1 GOEXPERIMENT=boringcrypto", fips: "+fips1402", pkg_suffix: "-fips", "skip_packaging": "true" } - - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "arm64", component: "control-plane", pkg_name: "consul-k8s-control-plane", "bin_name": "consul-k8s-control-plane", gotags: "fips", env: "CGO_ENABLED=1 GOEXPERIMENT=boringcrypto CC=aarch64-linux-gnu-gcc", fips: "+fips1402", pkg_suffix: "-fips", "skip_packaging": "true" } - - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "windows", goarch: "amd64", component: "control-plane", pkg_name: "consul-k8s-control-plane", "bin_name": "consul-k8s-control-plane.exe", gotags: "fips", env: "CGO_ENABLED=1 GOEXPERIMENT=cngcrypto", fips: "+fips1402", "skip_packaging": "true" } - - # consul-cni - - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "386", component: "control-plane/cni", pkg_name: "consul-cni", "bin_name": "consul-cni", "skip_packaging": "true" } - - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "amd64", component: "control-plane/cni", pkg_name: "consul-cni", "bin_name": "consul-cni" } - - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "arm", component: "control-plane/cni", pkg_name: "consul-cni", "bin_name": "consul-cni", "skip_packaging": "true" } - - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "arm64", component: "control-plane/cni", pkg_name: "consul-cni", "bin_name": "consul-cni" } - - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "amd64", component: "control-plane/cni", pkg_name: "consul-cni", "bin_name": "consul-cni", gotags: "fips", env: "CGO_ENABLED=1 GOEXPERIMENT=boringcrypto", fips: "+fips1402", pkg_suffix: "-fips" } - - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "arm64", component: "control-plane/cni", pkg_name: "consul-cni", "bin_name": "consul-cni", gotags: "fips", env: "CGO_ENABLED=1 GOEXPERIMENT=boringcrypto CC=aarch64-linux-gnu-gcc", fips: "+fips1402", pkg_suffix: "-fips" } - - fail-fast: true - - name: Go ${{ matrix.go }} ${{ matrix.goos }} ${{ matrix.goarch }} ${{ matrix.component }} ${{ matrix.fips }} build - steps: - - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - - - name: Setup go - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 - with: - go-version: ${{ matrix.go }} - - - name: Replace Go for Windows FIPS with Microsoft Go - if: ${{ matrix.fips == '+fips1402' && matrix.goos == 'windows' }} - run: | - # Uninstall standard Go and use microsoft/go instead - rm -rf /home/runner/actions-runner/_work/_tool/go - curl https://aka.ms/golang/release/latest/go${{ matrix.go }}-1.linux-amd64.tar.gz -Lo go${{ matrix.go }}.linux-amd64.tar.gz - tar -C $HOME -xf go${{ matrix.go }}.linux-amd64.tar.gz - chmod +x $HOME/go/bin - export PATH=$HOME/go/bin:$PATH - if [ $(which go) != "$HOME/go/bin/go" ]; then - echo "Unable to verify microsoft/go toolchain" - exit 1 - fi - - - name: Install cross-compiler for FIPS on arm64 - if: ${{ matrix.fips == '+fips1402' && matrix.goarch == 'arm64' }} - run: | - sudo apt-get update --allow-releaseinfo-change-suite --allow-releaseinfo-change-version && sudo apt-get install -y gcc-aarch64-linux-gnu - - - name: Build - env: - GOOS: ${{ matrix.goos }} - GOARCH: ${{ matrix.goarch }} - CGO_ENABLED: 0 - working-directory: ${{ matrix.component }} - run: | - mkdir -p dist out - cp $GITHUB_WORKSPACE/LICENSE dist/LICENSE.txt - - export GIT_COMMIT=$(git rev-parse --short HEAD) - export GIT_DIRTY=$(test -n "$(git status --porcelain)" && echo "+CHANGES") - export GIT_IMPORT=github.com/hashicorp/consul-k8s/version - export GOLDFLAGS="-X ${GIT_IMPORT}.GitCommit=${GIT_COMMIT}${GIT_DIRTY} -X ${GIT_IMPORT}.GitDescribe=${{ needs.get-product-version.outputs.product-version }}" - - ${{ matrix.env }} go build -o dist/${{ matrix.bin_name }} -ldflags "${GOLDFLAGS}" -tags=${{ matrix.gotags }} . - zip -r -j out/${{ matrix.pkg_name }}_${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip dist/ - - - name: Upload built binaries - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 - with: - name: ${{ matrix.pkg_name }}_${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip - path: ${{ matrix.component}}/out/${{ matrix.pkg_name }}_${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip - - - name: Copy license file - env: - LICENSE_DIR: ".release/linux/package/usr/share/doc/${{ env.PKG_NAME }}" - run: | - mkdir -p "$LICENSE_DIR" - cp $GITHUB_WORKSPACE/LICENSE "$LICENSE_DIR/LICENSE.txt" - - - name: Package rpm and deb files for consul-k8s CLI - if: matrix.goos == 'linux' && matrix.component == 'cli' && matrix.skip_packaging != 'true' - uses: hashicorp/actions-packaging-linux@v1 - with: - name: consul-k8s${{ matrix.pkg_suffix }} - description: "consul-k8s provides a cli interface to first-class integrations between Consul and Kubernetes." - arch: ${{ matrix.goarch }} - version: ${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }} - maintainer: "HashiCorp" - homepage: "https://github.com/hashicorp/consul-k8s" - license: "MPL-2.0" - binary: "${{ matrix.component }}/dist/${{ matrix.bin_name }}" - deb_depends: "openssl" - rpm_depends: "openssl" - config_dir: ".release/linux/package/" - - - name: Package rpm and deb files for consul-cni plugin - if: matrix.goos == 'linux' && matrix.component == 'control-plane/cni' && matrix.skip_packaging != 'true' - uses: hashicorp/actions-packaging-linux@v1 - with: - name: consul-cni${{ matrix.pkg_suffix }} - description: "consul-cni provides a CNI plugin for use with Consul Service Mesh." - arch: ${{ matrix.goarch }} - version: ${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }} - maintainer: "HashiCorp" - homepage: "https://github.com/hashicorp/consul-k8s/control-plane/cni" - license: "MPL-2.0" - binary: "${{ matrix.component }}/dist/${{ matrix.bin_name }}" - deb_depends: "openssl" - rpm_depends: "openssl" - config_dir: ".release/linux/package/" - postinstall: ".release/linux/postinst" - postremove: ".release/linux/postrm" - - - name: Set package names - if: matrix.goos == 'linux' && matrix.skip_packaging != 'true' - run: | - echo "RPM_PACKAGE=$(basename out/*.rpm)" >> $GITHUB_ENV - echo "DEB_PACKAGE=$(basename out/*.deb)" >> $GITHUB_ENV - - - name: Enable docker runtime emulation for testing packages - if: matrix.goos == 'linux' && matrix.skip_packaging != 'true' && matrix.component == 'cli' && matrix.goarch != 'amd64' - run: | - docker run --privileged \ - --rm \ - docker.mirror.hashicorp.services/tonistiigi/binfmt@sha256:5540f38542290735d17da57d7084f684c62336105d018c605058daf03e4c8256 --install ${{ matrix.goarch }} - - - name: Test consul-k8s CLI rpm package on platforms on UBI - if: matrix.goos == 'linux' && matrix.component == 'cli' && matrix.skip_packaging != 'true' - uses: addnab/docker-run-action@4f65fabd2431ebc8d299f8e5a018d79a769ae185 # v3 - with: - image: registry.access.redhat.com/ubi9/ubi:latest - options: -v ${{ github.workspace }}:/work --platform linux/${{matrix.goarch}} - run: | - dnf install -y /work/out/${{ env.RPM_PACKAGE }} - CONSUL_K8S_VERSION="$(consul-k8s version | awk '{print $2}')" - VERSION="v${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }}" - if [ "${VERSION}" != "${CONSUL_K8S_VERSION}" ]; then - echo "Test FAILED, expected: ${VERSION}, got: ${CONSUL_K8S_VERSION}" - exit 1 - fi - echo "Test PASSED, expected: ${VERSION}, got: ${CONSUL_K8S_VERSION}" - - - name: Upload rpm packages - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 - if: matrix.goos == 'linux' && matrix.skip_packaging != 'true' - with: - name: ${{ env.RPM_PACKAGE }} - path: out/${{ env.RPM_PACKAGE }} - - - name: Test consul-k8s CLI debian package - if: matrix.goos == 'linux' && matrix.component == 'cli' && matrix.skip_packaging != 'true' - uses: addnab/docker-run-action@4f65fabd2431ebc8d299f8e5a018d79a769ae185 # v3 - with: - image: ubuntu:latest - options: -v ${{ github.workspace }}:/work --platform linux/${{matrix.goarch}} - run: | - apt-get update -qq - apt-get install -y /work/out/${{ env.DEB_PACKAGE }} - CONSUL_K8S_VERSION="$(consul-k8s version | awk '{print $2}')" - VERSION="v${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }}" - if [ "${VERSION}" != "${CONSUL_K8S_VERSION}" ]; then - echo "Test FAILED, expected: ${VERSION}, got: ${CONSUL_K8S_VERSION}" - exit 1 - fi - echo "Test PASSED, expected: ${VERSION}, got: ${CONSUL_K8S_VERSION}" - - - name: Upload debian packages - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 - if: matrix.goos == 'linux' && matrix.skip_packaging != 'true' - with: - name: ${{ env.DEB_PACKAGE }} - path: out/${{ env.DEB_PACKAGE }} - - build-docker: - name: Docker ${{ matrix.goarch }} ${{ matrix.fips }} default release build - needs: [get-product-version, get-go-version, build] - runs-on: ubuntu-latest - strategy: - matrix: - include: - - { goos: "linux", goarch: "arm" } - - { goos: "linux", goarch: "arm64" } - - { goos: "linux", goarch: "386" } - - { goos: "linux", goarch: "amd64" } - - { goos: "linux", goarch: "amd64", fips: "+fips1402" } - - { goos: "linux", goarch: "arm64", fips: "+fips1402" } - env: - repo: ${{ github.event.repository.name }} - version: ${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }} - steps: - - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 - with: - name: consul-cni_${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }}_${{ matrix.goos}}_${{ matrix.goarch }}.zip - path: control-plane/dist/cni/${{ matrix.goos}}/${{ matrix.goarch }} - - name: extract consul-cni zip - env: - ZIP_LOCATION: control-plane/dist/cni/${{ matrix.goos}}/${{ matrix.goarch }} - run: | - cd "${ZIP_LOCATION}" - unzip -j *.zip - - # This naming convention will be used ONLY for per-commit dev images - - name: Set docker dev tag - run: | - echo "full_dev_tag=${{ env.version }}" - echo "full_dev_tag=${{ env.version }}" >> $GITHUB_ENV - echo "minor_dev_tag=$(echo ${{ env.version }}| sed -E 's/([0-9]+\.[0-9]+)\.[0-9]+(-[0-9a-zA-Z\+\.]+)?$/\1\2/')" - echo "minor_dev_tag=$(echo ${{ env.version }}| sed -E 's/([0-9]+\.[0-9]+)\.[0-9]+(-[0-9a-zA-Z\+\.]+)?$/\1\2/')" >> $GITHUB_ENV - - - name: Docker Build (Action) - uses: hashicorp/actions-docker-build@v2 - if: ${{ !matrix.fips }} - with: - smoke_test: | - TEST_VERSION="$(docker run "${IMAGE_NAME}" consul-k8s-control-plane version | awk '{print $2}')" - if [ "${TEST_VERSION}" != "v${version}" ]; then - echo "Test FAILED" - exit 1 - fi - echo "Test PASSED" - version: ${{ env.version }} - target: release-default - arch: ${{ matrix.goarch }} - pkg_name: consul-k8s-control-plane_${{ env.version }} - bin_name: consul-k8s-control-plane - workdir: control-plane - tags: | - docker.io/hashicorp/${{ env.repo }}-control-plane:${{ env.version }} - public.ecr.aws/hashicorp/${{ env.repo }}-control-plane:${{ env.version }} - dev_tags: | - docker.io/hashicorppreview/${{ env.repo }}-control-plane:${{ env.full_dev_tag }} - docker.io/hashicorppreview/${{ env.repo }}-control-plane:${{ env.full_dev_tag }}-${{ github.sha }} - docker.io/hashicorppreview/${{ env.repo }}-control-plane:${{ env.minor_dev_tag }} - docker.io/hashicorppreview/${{ env.repo }}-control-plane:${{ env.minor_dev_tag }}-${{ github.sha }} - extra_build_args: | - GOLANG_VERSION=${{ needs.get-go-version.outputs.go-version }} - - - name: Docker FIPS Build (Action) - uses: hashicorp/actions-docker-build@v2 - if: ${{ matrix.fips }} - with: - smoke_test: | - TEST_VERSION="$(docker run "${IMAGE_NAME}" consul-k8s-control-plane version | awk '{print $2}')" - if [ "${TEST_VERSION}" != "v${version}" ]; then - echo "Test FAILED" - exit 1 - fi - echo "Test PASSED" - version: ${{ env.version }} - target: release-default-fips # duplicate target to distinguish FIPS builds in CRT machinery - arch: ${{ matrix.goarch }} - pkg_name: consul-k8s-control-plane_${{ env.version }} - bin_name: consul-k8s-control-plane - workdir: control-plane - tags: | - docker.io/hashicorp/${{ env.repo }}-control-plane-fips:${{ env.version }} - public.ecr.aws/hashicorp/${{ env.repo }}-control-plane-fips:${{ env.version }} - dev_tags: | - docker.io/hashicorppreview/${{ env.repo }}-control-plane-fips:${{ env.full_dev_tag }} - docker.io/hashicorppreview/${{ env.repo }}-control-plane-fips:${{ env.full_dev_tag }}-${{ github.sha }} - docker.io/hashicorppreview/${{ env.repo }}-control-plane-fips:${{ env.minor_dev_tag }} - docker.io/hashicorppreview/${{ env.repo }}-control-plane-fips:${{ env.minor_dev_tag }}-${{ github.sha }} - extra_build_args: | - GOLANG_VERSION=${{ needs.get-go-version.outputs.go-version }} - - build-docker-ubi: - name: Docker ${{ matrix.arch }} ${{ matrix.fips }} UBI builds - needs: [get-product-version, get-go-version, build] - runs-on: ubuntu-latest - strategy: - matrix: - include: - - { arch: "amd64" } - - { arch: "amd64", fips: "+fips1402" } - env: - repo: ${{ github.event.repository.name }} - version: ${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }} - steps: - - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 - with: - name: consul-cni_${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }}_linux_${{ matrix.arch }}.zip - path: control-plane/dist/cni/linux/${{ matrix.arch }} - - name: extract consul-cni zip - env: - ZIP_LOCATION: control-plane/dist/cni/linux/${{ matrix.arch }} - run: | - cd "${ZIP_LOCATION}" - unzip -j *.zip - - # This naming convention will be used ONLY for per-commit dev images - - name: Set docker dev tag - run: | - echo "full_dev_tag=${{ env.version }}" - echo "full_dev_tag=${{ env.version }}" >> $GITHUB_ENV - echo "minor_dev_tag=$(echo ${{ env.version }}| sed -E 's/([0-9]+\.[0-9]+)\.[0-9]+(-[0-9a-zA-Z\+\.]+)?$/\1\2/')" - echo "minor_dev_tag=$(echo ${{ env.version }}| sed -E 's/([0-9]+\.[0-9]+)\.[0-9]+(-[0-9a-zA-Z\+\.]+)?$/\1\2/')" >> $GITHUB_ENV - - - name: Docker Build (Action) - if: ${{ !matrix.fips }} - uses: hashicorp/actions-docker-build@v2 - with: - smoke_test: | - TEST_VERSION="$(docker run "${IMAGE_NAME}" consul-k8s-control-plane version | awk '{print $2}')" - if [ "${TEST_VERSION}" != "v${version}" ]; then - echo "Test FAILED" - exit 1 - fi - echo "Test PASSED" - version: ${{ env.version }} - target: ubi - arch: ${{ matrix.arch }} - pkg_name: consul-k8s-control-plane_${{ env.version }} - bin_name: consul-k8s-control-plane - workdir: control-plane - tags: | - docker.io/hashicorp/${{ env.repo }}-control-plane:${{ env.version }}-ubi - public.ecr.aws/hashicorp/${{ env.repo }}-control-plane:${{ env.version }}-ubi - dev_tags: | - docker.io/hashicorppreview/${{ env.repo }}-control-plane:${{ env.full_dev_tag }}-ubi - docker.io/hashicorppreview/${{ env.repo }}-control-plane:${{ env.full_dev_tag }}-ubi-${{ github.sha }} - docker.io/hashicorppreview/${{ env.repo }}-control-plane:${{ env.minor_dev_tag }}-ubi - docker.io/hashicorppreview/${{ env.repo }}-control-plane:${{ env.minor_dev_tag }}-ubi-${{ github.sha }} - redhat_tag: quay.io/redhat-isv-containers/611ca2f89a9b407267837100:${{env.version}}-ubi - extra_build_args: | - GOLANG_VERSION=${{ needs.get-go-version.outputs.go-version }} - - - name: Docker FIPS Build (Action) - if: ${{ matrix.fips }} - uses: hashicorp/actions-docker-build@v2 - with: - smoke_test: | - TEST_VERSION="$(docker run "${IMAGE_NAME}" consul-k8s-control-plane version | awk '{print $2}')" - if [ "${TEST_VERSION}" != "v${version}" ]; then - echo "Test FAILED" - exit 1 - fi - echo "Test PASSED" - version: ${{ env.version }} - target: ubi-fips # duplicate target to distinguish FIPS builds in CRT machinery - arch: ${{ matrix.arch }} - pkg_name: consul-k8s-control-plane_${{ env.version }} - bin_name: consul-k8s-control-plane - workdir: control-plane - tags: | - public.ecr.aws/hashicorp/${{ env.repo }}-control-plane-fips:${{ env.version }}-ubi - docker.io/hashicorp/${{ env.repo }}-control-plane-fips:${{ env.version }}-ubi - redhat_tag: quay.io/redhat-isv-containers/6486b1beabfc4e51588c0416:${{env.version}}-ubi # this is different than the non-FIPS one - extra_build_args: | - GOLANG_VERSION=${{ needs.get-go-version.outputs.go-version }} - dev_tags: | - docker.io/hashicorppreview/${{ env.repo }}-control-plane-fips:${{ env.full_dev_tag }}-ubi - docker.io/hashicorppreview/${{ env.repo }}-control-plane-fips:${{ env.full_dev_tag }}-ubi-${{ github.sha }} - docker.io/hashicorppreview/${{ env.repo }}-control-plane-fips:${{ env.minor_dev_tag }}-ubi - docker.io/hashicorppreview/${{ env.repo }}-control-plane-fips:${{ env.minor_dev_tag }}-ubi-${{ github.sha }} diff --git a/.github/workflows/changelog-checker.yml b/.github/workflows/changelog-checker.yml deleted file mode 100644 index 35db5df1f6..0000000000 --- a/.github/workflows/changelog-checker.yml +++ /dev/null @@ -1,48 +0,0 @@ -# Copyright (c) HashiCorp, Inc. - -# This workflow checks that there is either a 'pr/no-changelog' label applied to a PR -# or there is a .changelog/.txt file associated with a PR for a changelog entry - -name: Changelog Checker - -on: - pull_request: - types: [opened, synchronize, labeled] - # Runs on PRs to main and all release branches - branches: - - main - - release/* - -jobs: - # checks that a .changelog entry is present for a PR - changelog-check: - # If there's a `pr/no-changelog` label we ignore this check. Also, we ignore PRs created by the bot assigned to `backport-assistant` - if: "! ( contains(github.event.pull_request.labels.*.name, 'pr/no-changelog') || github.event.pull_request.user.login == 'hc-github-team-consul-core' )" - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - with: - ref: ${{ github.event.pull_request.head.sha }} - fetch-depth: 0 # by default the checkout action doesn't checkout all branches - - name: Check for changelog entry in diff - run: | - # check if there is a diff in the .changelog directory - # for PRs against the main branch, the changelog file name should match the PR number - if [ "${{ github.event.pull_request.base.ref }}" = "${{ github.event.repository.default_branch }}" ]; then - enforce_matching_pull_request_number="matching this PR number " - changelog_file_path=".changelog/(_)?${{ github.event.pull_request.number }}.txt" - else - changelog_file_path=".changelog/[_0-9]*.txt" - fi - - changelog_files=$(git --no-pager diff --name-only HEAD "$(git merge-base HEAD "origin/${{ github.event.pull_request.base.ref }}")" | egrep -e "${changelog_file_path}") - - # If we do not find a file in .changelog/, we fail the check - if [ -z "$changelog_files" ]; then - # Fail status check when no .changelog entry was found on the PR - echo "Did not find a .changelog entry ${enforce_matching_pull_request_number}and the 'pr/no-changelog' label was not applied. Reference - https://github.com/hashicorp/consul-k8s/pull/1947" - exit 1 - else - echo "Found .changelog entry in PR!" - fi diff --git a/.github/workflows/jira-issues.yaml b/.github/workflows/jira-issues.yaml deleted file mode 100644 index a36db22af4..0000000000 --- a/.github/workflows/jira-issues.yaml +++ /dev/null @@ -1,83 +0,0 @@ -# Copyright (c) HashiCorp, Inc. - -on: - issues: - types: [opened, closed, deleted, reopened] - issue_comment: - types: [created] - workflow_dispatch: - -name: Jira Community Issue Sync - -jobs: - sync: - runs-on: ubuntu-latest - name: Jira Community Issue sync - steps: - - name: Login - uses: atlassian/gajira-login@45fd029b9f1d6d8926c6f04175aa80c0e42c9026 # v3.0.1 - env: - JIRA_BASE_URL: ${{ secrets.JIRA_BASE_URL }} - JIRA_USER_EMAIL: ${{ secrets.JIRA_USER_EMAIL }} - JIRA_API_TOKEN: ${{ secrets.JIRA_API_TOKEN }} - - - name: Set ticket type - id: set-ticket-type - run: | - echo "TYPE=GH Issue" >> $GITHUB_OUTPUT - - - name: Set ticket labels - if: github.event.action == 'opened' - id: set-ticket-labels - run: | - LABELS="[" - if [[ "${{ contains(github.event.issue.labels.*.name, 'type/bug') }}" == "true" ]]; then LABELS+="\"type/bug\", "; fi - if [[ "${{ contains(github.event.issue.labels.*.name, 'type/enhancement') }}" == "true" ]]; then LABELS+="\"type/enhancement\", "; fi - if [[ ${#LABELS} != 1 ]]; then LABELS=${LABELS::-2}"]"; else LABELS+="]"; fi - echo "LABELS=${LABELS}" >> $GITHUB_OUTPUT - - - name: Create ticket if an issue is filed, or if PR not by a team member is opened - if: github.event.action == 'opened' - uses: tomhjp/gh-action-jira-create@3ed1789cad3521292e591a7cfa703215ec1348bf # v0.2.1 - with: - project: NET - issuetype: "${{ steps.set-ticket-type.outputs.TYPE }}" - summary: "${{ github.event.repository.name }} [${{ steps.set-ticket-type.outputs.TYPE }} #${{ github.event.issue.number }}]: ${{ github.event.issue.title }}" - description: "${{ github.event.issue.body || github.event.pull_request.body }}\n\n_Created in GitHub by ${{ github.actor }}._" - # customfield_10089 is "Issue Link", customfield_10371 is "Source" (use JIRA API to retrieve) - extraFields: '{ "customfield_10089": "${{ github.event.issue.html_url || github.event.pull_request.html_url }}", - "customfield_10371": { "value": "GitHub" }, - "labels": ${{ steps.set-ticket-labels.outputs.LABELS }} }' - env: - JIRA_BASE_URL: ${{ secrets.JIRA_BASE_URL }} - JIRA_USER_EMAIL: ${{ secrets.JIRA_USER_EMAIL }} - JIRA_API_TOKEN: ${{ secrets.JIRA_API_TOKEN }} - - - name: Search - if: github.event.action != 'opened' - id: search - uses: tomhjp/gh-action-jira-search@04700b457f317c3e341ce90da5a3ff4ce058f2fa # v0.2.2 - with: - # cf[10089] is Issue Link (use JIRA API to retrieve) - jql: 'issuetype = "${{ steps.set-ticket-type.outputs.TYPE }}" and cf[10089] = "${{ github.event.issue.html_url || github.event.pull_request.html_url }}"' - - - name: Sync comment - if: github.event.action == 'created' && steps.search.outputs.issue - uses: tomhjp/gh-action-jira-comment@6eb6b9ead70221916b6badd118c24535ed220bd9 # v0.2.0 - with: - issue: ${{ steps.search.outputs.issue }} - comment: "${{ github.actor }} ${{ github.event.review.state || 'commented' }}:\n\n${{ github.event.comment.body || github.event.review.body }}\n\n${{ github.event.comment.html_url || github.event.review.html_url }}" - - - name: Close ticket - if: ( github.event.action == 'closed' || github.event.action == 'deleted' ) && steps.search.outputs.issue - uses: atlassian/gajira-transition@38fc9cd61b03d6a53dd35fcccda172fe04b36de3 # v3.0.1 - with: - issue: ${{ steps.search.outputs.issue }} - transition: "Closed" - - - name: Reopen ticket - if: github.event.action == 'reopened' && steps.search.outputs.issue - uses: atlassian/gajira-transition@38fc9cd61b03d6a53dd35fcccda172fe04b36de3 # v3.0.1 - with: - issue: ${{ steps.search.outputs.issue }} - transition: "To Do" diff --git a/.github/workflows/jira-pr.yaml b/.github/workflows/jira-pr.yaml deleted file mode 100644 index 05bc78f020..0000000000 --- a/.github/workflows/jira-pr.yaml +++ /dev/null @@ -1,97 +0,0 @@ -# Copyright (c) HashiCorp, Inc. - -on: - pull_request_target: - types: [opened, closed, reopened] - workflow_dispatch: - -name: Jira Community PR Sync - -jobs: - sync: - runs-on: ubuntu-latest - name: Jira sync - steps: - - name: Login - uses: atlassian/gajira-login@45fd029b9f1d6d8926c6f04175aa80c0e42c9026 # v3.0.1 - env: - JIRA_BASE_URL: ${{ secrets.JIRA_BASE_URL }} - JIRA_USER_EMAIL: ${{ secrets.JIRA_USER_EMAIL }} - JIRA_API_TOKEN: ${{ secrets.JIRA_API_TOKEN }} - - - name: Set ticket type - id: set-ticket-type - run: | - echo "TYPE=GH Issue" >> $GITHUB_OUTPUT - - - name: Set ticket labels - if: github.event.action == 'opened' - id: set-ticket-labels - run: | - LABELS="[" - if [[ "${{ contains(github.event.issue.labels.*.name, 'type/bug') }}" == "true" ]]; then LABELS+="\"type/bug\", "; fi - if [[ "${{ contains(github.event.issue.labels.*.name, 'type/enhancement') }}" == "true" ]]; then LABELS+="\"type/enhancement\", "; fi - if [[ ${#LABELS} != 1 ]]; then LABELS=${LABELS::-2}"]"; else LABELS+="]"; fi - echo "LABELS=${LABELS}" >> $GITHUB_OUTPUT - - - name: Check if team member - if: github.event.action == 'opened' - id: is-team-member - run: | - TEAM=consul - ROLE="$(gh api orgs/hashicorp/teams/${TEAM}/memberships/${{ github.actor }} | jq -r '.role | select(.!=null)')" - if [[ -n ${ROLE} ]]; then - echo "Actor ${{ github.actor }} is a ${TEAM} team member" - echo "MESSAGE=true" >> $GITHUB_OUTPUT - else - echo "Actor ${{ github.actor }} is NOT a ${TEAM} team member" - echo "MESSAGE=false" >> $GITHUB_OUTPUT - fi - env: - GITHUB_TOKEN: ${{ secrets.JIRA_SYNC_GITHUB_TOKEN }} - - - name: Create ticket if an issue is filed, or if PR not by a team member is opened - if: ( github.event.action == 'opened' && steps.is-team-member.outputs.MESSAGE == 'false' ) - uses: tomhjp/gh-action-jira-create@3ed1789cad3521292e591a7cfa703215ec1348bf # v0.2.1 - with: - project: NET - issuetype: "${{ steps.set-ticket-type.outputs.TYPE }}" - summary: "${{ github.event.repository.name }} [${{ steps.set-ticket-type.outputs.TYPE }} #${{ github.event.pull_request.number }}]: ${{ github.event.pull_request.title }}" - description: "${{ github.event.issue.body || github.event.pull_request.body }}\n\n_Created in GitHub by ${{ github.actor }}._" - # customfield_10089 is "Issue Link", customfield_10371 is "Source" (use JIRA API to retrieve) - extraFields: '{ "customfield_10089": "${{ github.event.pull_request.html_url }}", - "customfield_10371": { "value": "GitHub" }, - "labels": ${{ steps.set-ticket-labels.outputs.LABELS }} }' - env: - JIRA_BASE_URL: ${{ secrets.JIRA_BASE_URL }} - JIRA_USER_EMAIL: ${{ secrets.JIRA_USER_EMAIL }} - JIRA_API_TOKEN: ${{ secrets.JIRA_API_TOKEN }} - - - name: Search - if: github.event.action != 'opened' - id: search - uses: tomhjp/gh-action-jira-search@04700b457f317c3e341ce90da5a3ff4ce058f2fa # v0.2.2 - with: - # cf[10089] is Issue Link (use JIRA API to retrieve) - jql: 'issuetype = "${{ steps.set-ticket-type.outputs.TYPE }}" and cf[10089] = "${{ github.event.issue.html_url || github.event.pull_request.html_url }}"' - - - name: Sync comment - if: github.event.action == 'created' && steps.search.outputs.issue - uses: tomhjp/gh-action-jira-comment@6eb6b9ead70221916b6badd118c24535ed220bd9 # v0.2.0 - with: - issue: ${{ steps.search.outputs.issue }} - comment: "${{ github.actor }} ${{ github.event.review.state || 'commented' }}:\n\n${{ github.event.comment.body || github.event.review.body }}\n\n${{ github.event.comment.html_url || github.event.review.html_url }}" - - - name: Close ticket - if: ( github.event.action == 'closed' || github.event.action == 'deleted' ) && steps.search.outputs.issue - uses: atlassian/gajira-transition@38fc9cd61b03d6a53dd35fcccda172fe04b36de3 # v3.0.1 - with: - issue: ${{ steps.search.outputs.issue }} - transition: "Closed" - - - name: Reopen ticket - if: github.event.action == 'reopened' && steps.search.outputs.issue - uses: atlassian/gajira-transition@38fc9cd61b03d6a53dd35fcccda172fe04b36de3 # v3.0.1 - with: - issue: ${{ steps.search.outputs.issue }} - transition: "To Do" diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml deleted file mode 100644 index aedbb51464..0000000000 --- a/.github/workflows/lint.yaml +++ /dev/null @@ -1,55 +0,0 @@ -# Dispatch to the consul-k8s-workflows when a PR is created and on merges to main/release* -name: lint -on: - pull_request: - -jobs: - get-go-version: - uses: ./.github/workflows/reusable-get-go-version.yml - - linting: - name: golangci-lint - needs: - - get-go-version - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - - - name: Setup go - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 - with: - go-version: ${{ needs.get-go-version.outputs.go-version }} - cache: false - - - name: Setup GOROOT # Need to set GOROOT because an older version of go-critic used GOROOT to find rules - run: echo "GOROOT=$(go env GOROOT)" >> "${GITHUB_ENV}" - - - name: golangci-lint-helm-gen - uses: golangci/golangci-lint-action@38e1018663fa5173f3968ea0777460d3de38f256 # v5.3.0 - with: - version: "v1.55.2" - working-directory: hack/helm-reference-gen - skip-cache: true # We have seen sticky timeout bugs crop up with caching enabled, so disabling for now - args: "--no-config --disable-all --enable gofmt,govet" - - - name: golangci-lint-control-plane - uses: golangci/golangci-lint-action@38e1018663fa5173f3968ea0777460d3de38f256 # v5.3.0 - with: - version: "v1.55.2" - working-directory: control-plane - skip-cache: true # We have seen sticky timeout bugs crop up with caching enabled, so disabling for now - - - name: golangci-lint-acceptance - uses: golangci/golangci-lint-action@38e1018663fa5173f3968ea0777460d3de38f256 # v5.3.0 - with: - version: "v1.55.2" - working-directory: acceptance - skip-cache: true # We have seen sticky timeout bugs crop up with caching enabled, so disabling for now - - - name: golangci-lint-cli - uses: golangci/golangci-lint-action@38e1018663fa5173f3968ea0777460d3de38f256 # v5.3.0 - with: - version: "v1.55.2" - working-directory: acceptance - skip-cache: true # We have seen sticky timeout bugs crop up with caching enabled, so disabling for now \ No newline at end of file diff --git a/.github/workflows/merge.yml b/.github/workflows/merge.yml deleted file mode 100644 index 22c7614eca..0000000000 --- a/.github/workflows/merge.yml +++ /dev/null @@ -1,30 +0,0 @@ -# Dispatch to the consul-k8s-workflows when a PR is created and on merges to main/release* -name: merge -on: - push: - # Sequence of patterns matched against refs/heads - branches: - # Push events on main branch - - main - # Push events to branches matching refs/heads/release/** - - "release/**" - -# these should be the only settings that you will ever need to change -env: - BRANCH: ${{ github.head_ref || github.ref_name }} - CONTEXT: "merge" - SHA: ${{ github.event.pull_request.head.sha || github.sha }} - -jobs: - test: - name: test - runs-on: ubuntu-latest - steps: - - uses: benc-uk/workflow-dispatch@25b02cc069be46d637e8fe2f1e8484008e9e9609 # v1.2.3 - name: test - with: - workflow: test.yml - repo: hashicorp/consul-k8s-workflows - ref: main - token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} - inputs: '{ "context":"${{ env.CONTEXT }}", "actor":"${{ github.actor }}", "repository":"${{ github.repository }}", "branch":"${{ env.BRANCH }}", "sha":"${{ env.SHA }}", "token":"${{ secrets.ELEVATED_GITHUB_TOKEN }}" }' diff --git a/.github/workflows/nightly-acceptance.yml b/.github/workflows/nightly-acceptance.yml deleted file mode 100644 index c8ac870410..0000000000 --- a/.github/workflows/nightly-acceptance.yml +++ /dev/null @@ -1,26 +0,0 @@ -# Dispatch to the consul-k8s-workflows with a nightly cron -name: nightly-acceptance -on: - schedule: - # * is a special character in YAML so you have to quote this string - # Run nightly at 12AM UTC/8PM EST/5PM PST - - cron: '0 0 * * *' - -# these should be the only settings that you will ever need to change -env: - BRANCH: ${{ github.ref_name }} - CONTEXT: "nightly" - -jobs: - cloud: - name: cloud - runs-on: ubuntu-latest - steps: - - uses: benc-uk/workflow-dispatch@25b02cc069be46d637e8fe2f1e8484008e9e9609 # v1.2.3 - name: cloud - with: - workflow: cloud.yml - repo: hashicorp/consul-k8s-workflows - ref: main - token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} - inputs: '{ "context":"${{ env.CONTEXT }}", "repository":"${{ github.repository }}", "branch":"${{ env.BRANCH }}", "sha":"${{ github.sha }}", "token":"${{ secrets.ELEVATED_GITHUB_TOKEN }}" }' diff --git a/.github/workflows/nightly-api-gateway-conformance.yml b/.github/workflows/nightly-api-gateway-conformance.yml deleted file mode 100644 index 44c03b529b..0000000000 --- a/.github/workflows/nightly-api-gateway-conformance.yml +++ /dev/null @@ -1,27 +0,0 @@ -# Dispatch to the consul-k8s-workflows with a nightly cron -name: nightly-api-gateway-conformance -on: - schedule: - # * is a special character in YAML so you have to quote this string - # Run nightly at 12AM UTC/8PM EST/5PM PST. - - cron: '0 0 * * *' - - -# these should be the only settings that you will ever need to change -env: - BRANCH: ${{ github.ref_name }} - CONTEXT: "nightly" - -jobs: - api-gateway-conformance: - name: api-gateway-conformance - runs-on: ubuntu-latest - steps: - - uses: benc-uk/workflow-dispatch@25b02cc069be46d637e8fe2f1e8484008e9e9609 # v1.2.3 - name: conformance - with: - workflow: api-gateway-conformance.yml - repo: hashicorp/consul-k8s-workflows - ref: main - token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} - inputs: '{ "context":"${{ env.CONTEXT }}", "repository":"${{ github.repository }}", "branch":"${{ env.BRANCH }}", "sha":"${{ github.sha }}", "token":"${{ secrets.ELEVATED_GITHUB_TOKEN }}" }' diff --git a/.github/workflows/nightly-cleanup.yml b/.github/workflows/nightly-cleanup.yml deleted file mode 100644 index c8a35755e6..0000000000 --- a/.github/workflows/nightly-cleanup.yml +++ /dev/null @@ -1,26 +0,0 @@ -# Dispatch to the consul-k8s-workflows with a nightly cron -name: nightly-cleanup -on: - schedule: - # * is a special character in YAML so you have to quote this string - # Run nightly at 12PM UTC/8AM EST/5AM PST - - cron: '0 12 * * *' - -# these should be the only settings that you will ever need to change -env: - BRANCH: ${{ github.ref_name }} - CONTEXT: "nightly" - -jobs: - cleanup: - name: cleanup - runs-on: ubuntu-latest - steps: - - uses: benc-uk/workflow-dispatch@25b02cc069be46d637e8fe2f1e8484008e9e9609 # v1.2.3 - name: cleanup - with: - workflow: cleanup.yml - repo: hashicorp/consul-k8s-workflows - ref: main - token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} - inputs: '{ "context":"${{ env.CONTEXT }}", "repository":"${{ github.repository }}", "branch":"${{ env.BRANCH }}", "sha":"${{ github.sha }}", "token":"${{ secrets.ELEVATED_GITHUB_TOKEN }}" }' diff --git a/.github/workflows/openshift-acceptance.yml b/.github/workflows/openshift-acceptance.yml new file mode 100644 index 0000000000..229e37a752 --- /dev/null +++ b/.github/workflows/openshift-acceptance.yml @@ -0,0 +1,48 @@ +# Consul acceptance tests running against OpenShift cluster +name: OpenShift Acceptance Tests + +on: + push: + +jobs: + build: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + + - name: Install CLI tools from OpenShift Mirror + uses: redhat-actions/openshift-tools-installer@v1.13.1 + with: + # "mirror" is the default source, so this is optional. + source: "mirror" + + crc: "latest" + + # Installs the latest release of oc with the major version 3. + # This is equivalent to "3.x" or "^3". + oc: "latest" + - name: Configure CRC + run: | + groups + crc config set kubeadmin-password citest + crc setup + crc start + +# runs-on: custom-linux-xl +# steps: +# + + +# +# - name: Setup CRC +# run: | +# crc setup +# +# - name: Start CRC +# run: | +# crc start +# +# - name: Login to CRC +# run: | +# crc oc-env +# oc login -u developer https://api.crc.testing:6443 diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml deleted file mode 100644 index 3719afe1f8..0000000000 --- a/.github/workflows/pr.yml +++ /dev/null @@ -1,59 +0,0 @@ -# Dispatch to the consul-k8s-workflows when a PR is created and on merges to main/release* -name: pr -on: - pull_request: - -# these should be the only settings that you will ever need to change -env: - BRANCH: ${{ github.head_ref || github.ref_name }} - CONTEXT: "pr" - SHA: ${{ github.event.pull_request.head.sha || github.sha }} - -jobs: - conditional-skip: - uses: ./.github/workflows/reusable-conditional-skip.yml - - test: - name: test - needs: [ conditional-skip ] - if: needs.conditional-skip.outputs.skip-ci != 'true' - runs-on: ubuntu-latest - steps: - - uses: benc-uk/workflow-dispatch@25b02cc069be46d637e8fe2f1e8484008e9e9609 # v1.2.3 - name: test - with: - workflow: test.yml - repo: hashicorp/consul-k8s-workflows - ref: main - token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} - inputs: '{ "context":"${{ env.CONTEXT }}", "actor":"${{ github.actor }}", "repository":"${{ github.repository }}", "branch":"${{ env.BRANCH }}", "sha":"${{ env.SHA }}", "token":"${{ secrets.ELEVATED_GITHUB_TOKEN }}" }' - - pass-required-checks-on-skip: - needs: [ conditional-skip ] - if: needs.conditional-skip.outputs.skip-ci == 'true' - runs-on: ubuntu-latest - strategy: - matrix: - include: - # The required checks that should be "passed" when the CI is skipped - - check-name: acceptance - - check-name: acceptance-cni - - check-name: acceptance-tproxy - - check-name: Unit test helm templates - - check-name: Unit test helm gen - - check-name: Unit test enterprise control plane - - check-name: Unit test control plane - - check-name: Unit test cli - - check-name: Unit test acceptance - steps: - - name: Update final status - uses: docker://ghcr.io/curtbushko/commit-status-action:e1d661c757934ab35c74210b4b70c44099ec747a - env: - INPUT_TOKEN: ${{ secrets.ELEVATED_GITHUB_TOKEN }} - INPUT_REPOSITORY: ${{ github.repository }} - INPUT_CONTEXT: ${{ matrix.check-name }} - INPUT_STATE: success - INPUT_DESCRIPTION: "Skipped due to conditional-skip check" - INPUT_SHA: ${{ env.SHA }} - INPUT_DETAILS_URL: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} - INPUT_OWNER: "hashicorp" diff --git a/.github/workflows/reusable-conditional-skip.yml b/.github/workflows/reusable-conditional-skip.yml deleted file mode 100644 index 113649fd6f..0000000000 --- a/.github/workflows/reusable-conditional-skip.yml +++ /dev/null @@ -1,69 +0,0 @@ -name: conditional-skip - -on: - workflow_call: - outputs: - skip-ci: - description: "Whether we should skip build and test jobs" - value: ${{ jobs.check-skip.outputs.skip-ci }} - -jobs: - check-skip: - runs-on: ubuntu-latest - name: Check whether to skip build and tests - outputs: - skip-ci: ${{ steps.maybe-skip-ci.outputs.skip-ci }} - steps: - # We only allow use of conditional skip in two scenarios: - # 1. PRs - # 2. Pushes (merges) to protected branches (`main`, `release/**`) - # - # The second scenario is the only place we can be sure that checking just the - # latest change on the branch is sufficient. In PRs, we need to check _all_ commits. - # The ability to do this is ultimately determined by the triggers of the calling - # workflow, since `base_ref` (the target branch of a PR) is only available in - # `pull_request` events, not `push`. - - name: Error if conditional check is not allowed - if: ${{ !github.base_ref && !github.ref_protected }} - run: | - echo "Conditional skip requires a PR event with 'base_ref' or 'push' to a protected branch." - echo "github.base_ref: ${{ github.base_ref }}" - echo "github.ref_protected: ${{ github.ref_protected }}" - echo "github.ref_name: ${{ github.ref_name }}" - echo "Check the triggers of the calling workflow to ensure that these requirements are met." - exit 1 - - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - with: - fetch-depth: 0 - - name: Check for skippable file changes - id: changed-files - uses: tj-actions/changed-files@e9772d140489982e0e3704fea5ee93d536f1e275 # v45.0.1 - with: - # This is a multi-line YAML string with one match pattern per line. - # Do not use quotes around values, as it's not supported. - # See https://github.com/tj-actions/changed-files/blob/main/README.md#inputs-%EF%B8%8F - # for usage, options, and more details on match syntax. - files: | - .github/workflows/reusable-conditional-skip.yml - LICENSE - .copywrite.hcl - .gitignore - **.md - assets/** - .changelog/** - - name: Print changed files - env: - SKIPPABLE_CHANGED_FILES: ${{ steps.changed-files.outputs.all_changed_files }} - NON_SKIPPABLE_FILES: ${{ steps.changed-files.outputs.other_changed_files }} - run: | - echo "Skippable changed files:" - for file in ${SKIPPABLE_CHANGED_FILES}; do echo " $file"; done - echo - echo "Non-skippable files:" - for file in ${NON_SKIPPABLE_FILES}; do echo " $file"; done - - name: Skip tests and build if only skippable files changed - id: maybe-skip-ci - if: ${{ steps.changed-files.outputs.only_changed == 'true' }} - run: | - echo "Skipping tests and build because only skippable files changed" - echo "skip-ci=true" >> $GITHUB_OUTPUT \ No newline at end of file diff --git a/.github/workflows/reusable-get-go-version.yml b/.github/workflows/reusable-get-go-version.yml deleted file mode 100644 index a153b24eb8..0000000000 --- a/.github/workflows/reusable-get-go-version.yml +++ /dev/null @@ -1,30 +0,0 @@ -name: get-go-version - -on: - workflow_call: - outputs: - go-version: - description: "The Go version detected by this workflow" - value: ${{ jobs.get-go-version.outputs.go-version }} - -jobs: - get-go-version: - name: "Determine Go toolchain version" - runs-on: ubuntu-latest - outputs: - go-version: ${{ steps.get-go-version.outputs.go-version }} - steps: - - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - - name: Determine Go version - id: get-go-version - # We use .go-version as our source of truth for current Go - # version, because "goenv" can react to it automatically. - # - # In the future, we can transition from .go-version and goenv to - # Go 1.21 `toolchain` directives by updating this workflow rather - # than individually setting `go-version-file` in each `setup-go` - # job (as of 2024-01-03, `setup-go` does not support `toolchain`). - run: | - GO_VERSION=$(head -n 1 .go-version) - echo "Building with Go ${GO_VERSION}" - echo "go-version=${GO_VERSION}" >> $GITHUB_OUTPUT diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml deleted file mode 100644 index e75ffec40d..0000000000 --- a/.github/workflows/security-scan.yml +++ /dev/null @@ -1,71 +0,0 @@ -# This job runs a non-blocking informational security scan on the repository. -# For release-blocking security scans, see .release/security-scan.hcl. -name: Security Scan - -on: - push: - branches: - - main - - release/** - pull_request: - branches: - - main - - release/** - # paths-ignore only works for non-required checks. - # Jobs that are required for merge must use reusable-conditional-skip.yml. - paths-ignore: - - 'assets/**' - - '.changelog/**' - -# cancel existing runs of the same workflow on the same ref -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.ref }} - cancel-in-progress: true - -jobs: - - get-go-version: - # Cascades down to test jobs - uses: ./.github/workflows/reusable-get-go-version.yml - - scan: - needs: - - get-go-version - runs-on: ubuntu-latest - # The first check ensures this doesn't run on community-contributed PRs, who - # won't have the permissions to run this job. - if: ${{ (github.repository != 'hashicorp/consul-k8s' || (github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name)) - && (github.actor != 'dependabot[bot]') && (github.actor != 'hc-github-team-consul-core') }} - - steps: - - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - - - name: Set up Go - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 - with: - go-version: ${{ needs.get-go-version.outputs.go-version }} - - - name: Clone Security Scanner repo - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - with: - repository: hashicorp/security-scanner - token: ${{ secrets.PRODSEC_SCANNER_READ_ONLY }} - path: security-scanner - ref: main - - - name: Scan - id: scan - uses: ./security-scanner - with: - repository: "$PWD" - # See scan.hcl at repository root for config. - - - name: SARIF Output - shell: bash - run: | - cat results.sarif | jq - - - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@c4fb451437765abf5018c6fbf22cce1a7da1e5cc # codeql-bundle-v2.17.1 - with: - sarif_file: results.sarif diff --git a/.github/workflows/weekly-acceptance-1-1-x.yml b/.github/workflows/weekly-acceptance-1-1-x.yml deleted file mode 100644 index 5aea9e3f2c..0000000000 --- a/.github/workflows/weekly-acceptance-1-1-x.yml +++ /dev/null @@ -1,29 +0,0 @@ -# Dispatch to the consul-k8s-workflows with a weekly cron -# -# A separate file is needed for each release because the cron schedules are different for each release. -name: weekly-acceptance-1-1-x -on: - schedule: - # * is a special character in YAML so you have to quote this string - # Run weekly on Monday at 3AM UTC/11PM EST/8PM PST - - cron: '0 3 * * 1' - - -# these should be the only settings that you will ever need to change -env: - BRANCH: "release/1.1.x" - CONTEXT: "weekly" - -jobs: - cloud: - name: cloud - runs-on: ubuntu-latest - steps: - - uses: benc-uk/workflow-dispatch@25b02cc069be46d637e8fe2f1e8484008e9e9609 # v1.2.3 - name: cloud - with: - workflow: cloud.yml - repo: hashicorp/consul-k8s-workflows - ref: main - token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} - inputs: '{ "context":"${{ env.CONTEXT }}", "repository":"${{ github.repository }}", "branch":"${{ env.BRANCH }}", "sha":"${{ github.sha }}", "token":"${{ secrets.ELEVATED_GITHUB_TOKEN }}" }' diff --git a/.github/workflows/weekly-acceptance-1-3-x.yml b/.github/workflows/weekly-acceptance-1-3-x.yml deleted file mode 100644 index 7dcc846ca2..0000000000 --- a/.github/workflows/weekly-acceptance-1-3-x.yml +++ /dev/null @@ -1,28 +0,0 @@ -# Dispatch to the consul-k8s-workflows with a weekly cron -# -# A separate file is needed for each release because the cron schedules are different for each release. -name: weekly-acceptance-1-3-x -on: - schedule: - # * is a special character in YAML so you have to quote this string - # Run weekly on Wednesday at 3AM UTC/11PM EST/8PM PST - - cron: '0 3 * * 3' - -# these should be the only settings that you will ever need to change -env: - BRANCH: "release/1.3.x" - CONTEXT: "weekly" - -jobs: - cloud: - name: cloud - runs-on: ubuntu-latest - steps: - - uses: benc-uk/workflow-dispatch@25b02cc069be46d637e8fe2f1e8484008e9e9609 # v1.2.3 - name: cloud - with: - workflow: cloud.yml - repo: hashicorp/consul-k8s-workflows - ref: main - token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} - inputs: '{ "context":"${{ env.CONTEXT }}", "repository":"${{ github.repository }}", "branch":"${{ env.BRANCH }}", "sha":"${{ github.sha }}", "token":"${{ secrets.ELEVATED_GITHUB_TOKEN }}" }' diff --git a/.github/workflows/weekly-acceptance-1-4-x.yml b/.github/workflows/weekly-acceptance-1-4-x.yml deleted file mode 100644 index eb8d50bc73..0000000000 --- a/.github/workflows/weekly-acceptance-1-4-x.yml +++ /dev/null @@ -1,28 +0,0 @@ -# Dispatch to the consul-k8s-workflows with a weekly cron -# -# A separate file is needed for each release because the cron schedules are different for each release. -name: weekly-acceptance-1-4-x -on: - schedule: - # * is a special character in YAML so you have to quote this string - # Run weekly on Thursday at 3AM UTC/11PM EST/8PM PST - - cron: '0 3 * * 4' - -# these should be the only settings that you will ever need to change -env: - BRANCH: "release/1.4.x" - CONTEXT: "weekly" - -jobs: - cloud: - name: cloud - runs-on: ubuntu-latest - steps: - - uses: benc-uk/workflow-dispatch@25b02cc069be46d637e8fe2f1e8484008e9e9609 # v1.2.3 - name: cloud - with: - workflow: cloud.yml - repo: hashicorp/consul-k8s-workflows - ref: main - token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} - inputs: '{ "context":"${{ env.CONTEXT }}", "repository":"${{ github.repository }}", "branch":"${{ env.BRANCH }}", "sha":"${{ github.sha }}", "token":"${{ secrets.ELEVATED_GITHUB_TOKEN }}" }' diff --git a/.github/workflows/weekly-acceptance-1-5-x.yml b/.github/workflows/weekly-acceptance-1-5-x.yml deleted file mode 100644 index ea245dc1d9..0000000000 --- a/.github/workflows/weekly-acceptance-1-5-x.yml +++ /dev/null @@ -1,28 +0,0 @@ -# Dispatch to the consul-k8s-workflows with a weekly cron -# -# A separate file is needed for each release because the cron schedules are different for each release. -name: weekly-acceptance-1-5-x -on: - schedule: - # * is a special character in YAML so you have to quote this string - # Run weekly on Friday at 3AM UTC/11PM EST/8PM PST - - cron: '0 3 * * 5' - -# these should be the only settings that you will ever need to change -env: - BRANCH: "release/1.5.x" - CONTEXT: "weekly" - -jobs: - cloud: - name: cloud - runs-on: ubuntu-latest - steps: - - uses: benc-uk/workflow-dispatch@25b02cc069be46d637e8fe2f1e8484008e9e9609 # v1.2.3 - name: cloud - with: - workflow: cloud.yml - repo: hashicorp/consul-k8s-workflows - ref: main - token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} - inputs: '{ "context":"${{ env.CONTEXT }}", "repository":"${{ github.repository }}", "branch":"${{ env.BRANCH }}", "sha":"${{ github.sha }}", "token":"${{ secrets.ELEVATED_GITHUB_TOKEN }}" }' diff --git a/.github/workflows/weekly-acceptance-1-6-x.yml b/.github/workflows/weekly-acceptance-1-6-x.yml deleted file mode 100644 index cb75d883f4..0000000000 --- a/.github/workflows/weekly-acceptance-1-6-x.yml +++ /dev/null @@ -1,28 +0,0 @@ -# Dispatch to the consul-k8s-workflows with a weekly cron -# -# A separate file is needed for each release because the cron schedules are different for each release. -name: weekly-acceptance-1-6-x -on: - schedule: - # * is a special character in YAML so you have to quote this string - # Run weekly on Friday at 3AM UTC/11PM EST/8PM PST - - cron: '0 3 * * 6' - -# these should be the only settings that you will ever need to change -env: - BRANCH: "release/1.6.x" - CONTEXT: "weekly" - -jobs: - cloud: - name: cloud - runs-on: ubuntu-latest - steps: - - uses: benc-uk/workflow-dispatch@25b02cc069be46d637e8fe2f1e8484008e9e9609 # v1.2.3 - name: cloud - with: - workflow: cloud.yml - repo: hashicorp/consul-k8s-workflows - ref: main - token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} - inputs: '{ "context":"${{ env.CONTEXT }}", "repository":"${{ github.repository }}", "branch":"${{ env.BRANCH }}", "sha":"${{ github.sha }}", "token":"${{ secrets.ELEVATED_GITHUB_TOKEN }}" }'