From 1307a19be2ce5aeae28bc8bbb0df10dbc1ad69d5 Mon Sep 17 00:00:00 2001 From: NiniOak Date: Wed, 25 Sep 2024 14:31:18 -0700 Subject: [PATCH 01/15] Add openshift workflow yaml --- .github/workflows/openshift-acceptance.yml | 81 +++++++++++++++++++ .../workflows/reusable-conditional-skip.yml | 1 + 2 files changed, 82 insertions(+) create mode 100644 .github/workflows/openshift-acceptance.yml diff --git a/.github/workflows/openshift-acceptance.yml b/.github/workflows/openshift-acceptance.yml new file mode 100644 index 0000000000..d6f64fc9bf --- /dev/null +++ b/.github/workflows/openshift-acceptance.yml @@ -0,0 +1,81 @@ +# Consul acceptance tests running against OpenShift cluster +name: OpenShift Acceptance Tests + +on: + push: + branches: + - 'anita/openshift_testing_ci' +# schedule: +# # Run on Monday (1),Wednesday (3),and Friday (5) at 6:00 AM UTC, 1:00 AM EST, 10:00 PM PST +# - cron: '0 6 * * 1,3,5' + +jobs: + openshift: + runs-on: ubuntu-latest + steps: + - name: Checkout Code + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + with: + fetch-depth: 0 + + - name: Install Helm + uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 + with: + version: 3.9.4 + + - name: Install Podman + run: | + . /etc/os-release + echo "deb https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_22.04/ /" | sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list + curl -fsSL "https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_22.04/Release.key" | sudo gpg --dearmor -o /etc/apt/trusted.gpg.d/libcontainers.gpg + sudo apt-get update + sudo apt-get -y upgrade + sudo apt-get -y install podman + + - name: Setup OpenShift Client and kubectl + run: | + curl -L https://mirror.openshift.com/pub/openshift-v4/clients/ocp/latest/openshift-client-linux.tar.gz | sudo tar -xz -C /usr/local/bin + sudo chmod +x /usr/local/bin/oc /usr/local/bin/kubectl + + - name: Install and Run MicroShift cluster + run: | + sudo podman run -d --name microshift \ + --privileged \ + -v microshift-data:/var/lib \ + -p 6443:6443 \ + quay.io/microshift/microshift-aio:latest + + # Wait for MicroShift cluster to be ready (may need to be increased) + sleep 60 + + # Set up kubeconfig + mkdir -p ${HOME}/.kube + sudo podman cp \ + microshift:/var/lib/microshift/resources/kubeadmin/kubeconfig \ + ${HOME}/.kube/config + sudo chown $(id -u):$(id -g) ${HOME}/.kube/config + chmod 600 ${HOME}/.kube/config + + # Display cluster info + kubectl cluster-info + + # - name: Install OVN-Kubernetes-MicroShift + # run: | + # # Clone the OVN-Kubernetes-MicroShift repository + # git clone https://github.com/openshift/ovn-kubernetes-microshift.git + # cd ovn-kubernetes-microshift + + # kubectl apply -f manifests/ + + # # Wait for OVN-Kubernetes pods to be ready + # kubectl rollout status daemonset/ovnkube-node -n openshift-ovn-kubernetes --timeout=300s + + - name: Install Consul on MicroShift + run: | + helm repo add hashicorp https://helm.releases.hashicorp.com + helm repo update + + kubectl create namespace consul + helm install consul hashicorp/consul --namespace consul --set global.name=consul + kubectl rollout status statefulset/consul-server -n consul --timeout=300s + kubectl get pods -n consul \ No newline at end of file diff --git a/.github/workflows/reusable-conditional-skip.yml b/.github/workflows/reusable-conditional-skip.yml index 113649fd6f..d8a1e69d7d 100644 --- a/.github/workflows/reusable-conditional-skip.yml +++ b/.github/workflows/reusable-conditional-skip.yml @@ -45,6 +45,7 @@ jobs: # for usage, options, and more details on match syntax. files: | .github/workflows/reusable-conditional-skip.yml + .github/workflows/openshift-acceptance.yml LICENSE .copywrite.hcl .gitignore From 55fbb7fdfbb13010318758efd6a2b8b53ddacef0 Mon Sep 17 00:00:00 2001 From: NiniOak Date: Thu, 26 Sep 2024 16:00:06 -0700 Subject: [PATCH 02/15] run test again --- .github/workflows/openshift-acceptance.yml | 62 ++++++++++++---------- 1 file changed, 33 insertions(+), 29 deletions(-) diff --git a/.github/workflows/openshift-acceptance.yml b/.github/workflows/openshift-acceptance.yml index d6f64fc9bf..74b61372e6 100644 --- a/.github/workflows/openshift-acceptance.yml +++ b/.github/workflows/openshift-acceptance.yml @@ -37,44 +37,48 @@ jobs: curl -L https://mirror.openshift.com/pub/openshift-v4/clients/ocp/latest/openshift-client-linux.tar.gz | sudo tar -xz -C /usr/local/bin sudo chmod +x /usr/local/bin/oc /usr/local/bin/kubectl - - name: Install and Run MicroShift cluster + - name: Download and Install Microshift run: | - sudo podman run -d --name microshift \ - --privileged \ - -v microshift-data:/var/lib \ - -p 6443:6443 \ - quay.io/microshift/microshift-aio:latest + # Download the latest Microshift binary + curl -L -o microshift https://github.com/redhat-et/microshift/releases/latest/download/microshift-linux-amd64 + chmod +x microshift + sudo mv microshift /usr/local/bin/microshift - # Wait for MicroShift cluster to be ready (may need to be increased) - sleep 60 + # Set up directories for Microshift + sudo mkdir -p /etc/microshift /var/lib/microshift - # Set up kubeconfig - mkdir -p ${HOME}/.kube - sudo podman cp \ - microshift:/var/lib/microshift/resources/kubeadmin/kubeconfig \ - ${HOME}/.kube/config - sudo chown $(id -u):$(id -g) ${HOME}/.kube/config - chmod 600 ${HOME}/.kube/config + # Start MicroShift in the background + sudo microshift run & - # Display cluster info - kubectl cluster-info + # Wait for Microshift to become ready + echo "Waiting for Microshift to be ready..." + timeout=300 # 5 minutes + start_time=$(date +%s) + while true; do + if sudo kubectl get --raw='/readyz' &> /dev/null; then + echo "Microshift is ready!" + break + fi + current_time=$(date +%s) + elapsed=$((current_time - start_time)) + if [ $elapsed -ge $timeout ]; then + echo "Timeout reached. Microshift is not ready after 5 minutes." + exit 1 + fi + sleep 5 + done - # - name: Install OVN-Kubernetes-MicroShift - # run: | - # # Clone the OVN-Kubernetes-MicroShift repository - # git clone https://github.com/openshift/ovn-kubernetes-microshift.git - # cd ovn-kubernetes-microshift - - # kubectl apply -f manifests/ - - # # Wait for OVN-Kubernetes pods to be ready - # kubectl rollout status daemonset/ovnkube-node -n openshift-ovn-kubernetes --timeout=300s + - name: Set up kubeconfig + run: | + mkdir -p ~/.kube + sudo cp /var/lib/microshift/resources/kubeadmin/kubeconfig ~/.kube/config + sudo chown $(whoami):$(whoami) ~/.kube/config + kubectl get nodes - - name: Install Consul on MicroShift + - name: Install Consul on Microshift run: | helm repo add hashicorp https://helm.releases.hashicorp.com helm repo update - kubectl create namespace consul helm install consul hashicorp/consul --namespace consul --set global.name=consul kubectl rollout status statefulset/consul-server -n consul --timeout=300s From 2804a1f21bca6606b1c71ba81062d42948a156f5 Mon Sep 17 00:00:00 2001 From: Sarah Alsmiller Date: Mon, 30 Sep 2024 11:22:47 -0500 Subject: [PATCH 03/15] test --- .github/workflows/reusable-conditional-skip.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/reusable-conditional-skip.yml b/.github/workflows/reusable-conditional-skip.yml index d8a1e69d7d..113649fd6f 100644 --- a/.github/workflows/reusable-conditional-skip.yml +++ b/.github/workflows/reusable-conditional-skip.yml @@ -45,7 +45,6 @@ jobs: # for usage, options, and more details on match syntax. files: | .github/workflows/reusable-conditional-skip.yml - .github/workflows/openshift-acceptance.yml LICENSE .copywrite.hcl .gitignore From 0bf51d529958bde7d4a147b23c186ceb2e7d76e8 Mon Sep 17 00:00:00 2001 From: Sarah Alsmiller Date: Mon, 30 Sep 2024 11:25:05 -0500 Subject: [PATCH 04/15] push --- .github/workflows/openshift-acceptance.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/openshift-acceptance.yml b/.github/workflows/openshift-acceptance.yml index 74b61372e6..a72da36612 100644 --- a/.github/workflows/openshift-acceptance.yml +++ b/.github/workflows/openshift-acceptance.yml @@ -3,8 +3,6 @@ name: OpenShift Acceptance Tests on: push: - branches: - - 'anita/openshift_testing_ci' # schedule: # # Run on Monday (1),Wednesday (3),and Friday (5) at 6:00 AM UTC, 1:00 AM EST, 10:00 PM PST # - cron: '0 6 * * 1,3,5' From d11936aed406350a15e464694711e939592f027a Mon Sep 17 00:00:00 2001 From: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> Date: Wed, 16 Oct 2024 11:59:22 -0500 Subject: [PATCH 05/15] Update openshift-acceptance.yml --- .github/workflows/openshift-acceptance.yml | 119 +++++++-------------- 1 file changed, 41 insertions(+), 78 deletions(-) diff --git a/.github/workflows/openshift-acceptance.yml b/.github/workflows/openshift-acceptance.yml index a72da36612..100dfdd8a6 100644 --- a/.github/workflows/openshift-acceptance.yml +++ b/.github/workflows/openshift-acceptance.yml @@ -1,83 +1,46 @@ -# Consul acceptance tests running against OpenShift cluster -name: OpenShift Acceptance Tests +name: weekly-openshift-1-5-x on: - push: -# schedule: -# # Run on Monday (1),Wednesday (3),and Friday (5) at 6:00 AM UTC, 1:00 AM EST, 10:00 PM PST -# - cron: '0 6 * * 1,3,5' + pull_request: + workflow_dispatch: jobs: - openshift: + build: runs-on: ubuntu-latest - steps: - - name: Checkout Code - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - with: - fetch-depth: 0 - - - name: Install Helm - uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 - with: - version: 3.9.4 - - - name: Install Podman - run: | - . /etc/os-release - echo "deb https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_22.04/ /" | sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list - curl -fsSL "https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_22.04/Release.key" | sudo gpg --dearmor -o /etc/apt/trusted.gpg.d/libcontainers.gpg - sudo apt-get update - sudo apt-get -y upgrade - sudo apt-get -y install podman - - - name: Setup OpenShift Client and kubectl - run: | - curl -L https://mirror.openshift.com/pub/openshift-v4/clients/ocp/latest/openshift-client-linux.tar.gz | sudo tar -xz -C /usr/local/bin - sudo chmod +x /usr/local/bin/oc /usr/local/bin/kubectl - - - name: Download and Install Microshift - run: | - # Download the latest Microshift binary - curl -L -o microshift https://github.com/redhat-et/microshift/releases/latest/download/microshift-linux-amd64 - chmod +x microshift - sudo mv microshift /usr/local/bin/microshift - - # Set up directories for Microshift - sudo mkdir -p /etc/microshift /var/lib/microshift - - # Start MicroShift in the background - sudo microshift run & - - # Wait for Microshift to become ready - echo "Waiting for Microshift to be ready..." - timeout=300 # 5 minutes - start_time=$(date +%s) - while true; do - if sudo kubectl get --raw='/readyz' &> /dev/null; then - echo "Microshift is ready!" - break - fi - current_time=$(date +%s) - elapsed=$((current_time - start_time)) - if [ $elapsed -ge $timeout ]; then - echo "Timeout reached. Microshift is not ready after 5 minutes." - exit 1 - fi - sleep 5 - done - - - name: Set up kubeconfig - run: | - mkdir -p ~/.kube - sudo cp /var/lib/microshift/resources/kubeadmin/kubeconfig ~/.kube/config - sudo chown $(whoami):$(whoami) ~/.kube/config - kubectl get nodes - - - name: Install Consul on Microshift - run: | - helm repo add hashicorp https://helm.releases.hashicorp.com - helm repo update - kubectl create namespace consul - helm install consul hashicorp/consul --namespace consul --set global.name=consul - kubectl rollout status statefulset/consul-server -n consul --timeout=300s - kubectl get pods -n consul \ No newline at end of file + steps: + - name: MicroShift OpenShift Cluster + uses: container-tools/microshift-action@v0.3 +# runs-on: custom-linux-xl +# steps: +# - uses: actions/checkout@v2 +# +# - name: Cache CRC binary +# id: cache-crc-binary +# uses: actions/cache@v2 +# with: +# path: crc +# key: ${{ runner.os }}-okd-crc +# +# - name: Download CRC binary +# run: | +# curl -LO https://dl.fedoraproject.org/pub/alt/okd-crc/macos-amd64/crc +# chmod +x crc +# sudo cp crc /usr/local/bin/crc +# crc version +# +# - name: Configure CRC +# run: | +# crc config set skip-check-root-user true +# +# - name: Setup CRC +# run: | +# crc setup +# +# - name: Start CRC +# run: | +# crc start +# +# - name: Login to CRC +# run: | +# crc oc-env +# oc login -u developer https://api.crc.testing:6443 From a00802306a6ed5bd2b2533358f0cb238f22aa003 Mon Sep 17 00:00:00 2001 From: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> Date: Wed, 16 Oct 2024 12:03:06 -0500 Subject: [PATCH 06/15] Update openshift-acceptance.yml --- .github/workflows/openshift-acceptance.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/openshift-acceptance.yml b/.github/workflows/openshift-acceptance.yml index 100dfdd8a6..49b1ac136f 100644 --- a/.github/workflows/openshift-acceptance.yml +++ b/.github/workflows/openshift-acceptance.yml @@ -3,6 +3,7 @@ name: weekly-openshift-1-5-x on: pull_request: workflow_dispatch: + push: jobs: build: From ce181c49ad0396a0bcb72b06deabfbe80b58db93 Mon Sep 17 00:00:00 2001 From: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> Date: Wed, 16 Oct 2024 12:08:10 -0500 Subject: [PATCH 07/15] Update openshift-acceptance.yml --- .github/workflows/openshift-acceptance.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/openshift-acceptance.yml b/.github/workflows/openshift-acceptance.yml index 49b1ac136f..93b4c78b08 100644 --- a/.github/workflows/openshift-acceptance.yml +++ b/.github/workflows/openshift-acceptance.yml @@ -1,8 +1,7 @@ -name: weekly-openshift-1-5-x +# Consul acceptance tests running against OpenShift cluster +name: OpenShift Acceptance Tests on: - pull_request: - workflow_dispatch: push: jobs: From f72005d89d800a1722379152149c369ecc2be04b Mon Sep 17 00:00:00 2001 From: Sarah Alsmiller Date: Wed, 16 Oct 2024 12:13:58 -0500 Subject: [PATCH 08/15] remove other workflows purely for testing, do not merge --- .github/workflows/build.yml | 447 ------------------ .github/workflows/changelog-checker.yml | 48 -- .github/workflows/jira-issues.yaml | 83 ---- .github/workflows/jira-pr.yaml | 97 ---- .github/workflows/lint.yaml | 55 --- .github/workflows/merge.yml | 30 -- .github/workflows/nightly-acceptance.yml | 26 - .../nightly-api-gateway-conformance.yml | 27 -- .github/workflows/nightly-cleanup.yml | 26 - .github/workflows/pr.yml | 59 --- .../workflows/reusable-conditional-skip.yml | 69 --- .github/workflows/reusable-get-go-version.yml | 30 -- .github/workflows/security-scan.yml | 71 --- .github/workflows/weekly-acceptance-1-1-x.yml | 29 -- .github/workflows/weekly-acceptance-1-3-x.yml | 28 -- .github/workflows/weekly-acceptance-1-4-x.yml | 28 -- .github/workflows/weekly-acceptance-1-5-x.yml | 28 -- .github/workflows/weekly-acceptance-1-6-x.yml | 28 -- 18 files changed, 1209 deletions(-) delete mode 100644 .github/workflows/build.yml delete mode 100644 .github/workflows/changelog-checker.yml delete mode 100644 .github/workflows/jira-issues.yaml delete mode 100644 .github/workflows/jira-pr.yaml delete mode 100644 .github/workflows/lint.yaml delete mode 100644 .github/workflows/merge.yml delete mode 100644 .github/workflows/nightly-acceptance.yml delete mode 100644 .github/workflows/nightly-api-gateway-conformance.yml delete mode 100644 .github/workflows/nightly-cleanup.yml delete mode 100644 .github/workflows/pr.yml delete mode 100644 .github/workflows/reusable-conditional-skip.yml delete mode 100644 .github/workflows/reusable-get-go-version.yml delete mode 100644 .github/workflows/security-scan.yml delete mode 100644 .github/workflows/weekly-acceptance-1-1-x.yml delete mode 100644 .github/workflows/weekly-acceptance-1-3-x.yml delete mode 100644 .github/workflows/weekly-acceptance-1-4-x.yml delete mode 100644 .github/workflows/weekly-acceptance-1-5-x.yml delete mode 100644 .github/workflows/weekly-acceptance-1-6-x.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml deleted file mode 100644 index 8df906c4c6..0000000000 --- a/.github/workflows/build.yml +++ /dev/null @@ -1,447 +0,0 @@ -# Copyright (c) HashiCorp, Inc. - -name: build -on: - workflow_dispatch: - push: - # Sequence of patterns matched against refs/heads - branches: - # Push events on main branch - - main - # Push events to branches matching refs/heads/release/** - - "release/**" - # Build on releng branches for testing build pipelines - - "releng/**" - -env: - PKG_NAME: "consul-k8s" - -jobs: - conditional-skip: - uses: ./.github/workflows/reusable-conditional-skip.yml - - get-go-version: - # Cascades down to test jobs - needs: [ conditional-skip ] - if: needs.conditional-skip.outputs.skip-ci != 'true' - uses: ./.github/workflows/reusable-get-go-version.yml - - get-product-version: - # Cascades down to test jobs - needs: [ conditional-skip ] - if: needs.conditional-skip.outputs.skip-ci != 'true' - runs-on: ubuntu-latest - outputs: - product-version: ${{ steps.get-product-version.outputs.product-version }} - steps: - - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - - name: get product version - id: get-product-version - run: | - make version - echo "product-version=$(make version)" >> $GITHUB_OUTPUT - - generate-metadata-file: - needs: get-product-version - runs-on: ubuntu-latest - outputs: - filepath: ${{ steps.generate-metadata-file.outputs.filepath }} - steps: - - name: "Checkout directory" - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - - name: Generate metadata file - id: generate-metadata-file - uses: hashicorp/actions-generate-metadata@v1 - with: - version: ${{ needs.get-product-version.outputs.product-version }} - product: ${{ env.PKG_NAME }} - repositoryOwner: "hashicorp" - - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 - with: - name: metadata.json - path: ${{ steps.generate-metadata-file.outputs.filepath }} - - build: - needs: [get-go-version, get-product-version] - runs-on: ubuntu-20.04 # the GLIBC is too high on 22.04 - strategy: - matrix: - include: - # cli (We aren't build packages for the linux 32-bit platforms) - - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "freebsd", goarch: "386", component: "cli", pkg_name: "consul-k8s", "bin_name": "consul-k8s" } - - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "freebsd", goarch: "amd64", component: "cli", pkg_name: "consul-k8s", "bin_name": "consul-k8s" } - - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "386", component: "cli", pkg_name: "consul-k8s", "bin_name": "consul-k8s", "skip_packaging": "true" } - - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "amd64", component: "cli", pkg_name: "consul-k8s", "bin_name": "consul-k8s"} - - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "arm", component: "cli", pkg_name: "consul-k8s", "bin_name": "consul-k8s", "skip_packaging": "true"} - - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "arm64", component: "cli", pkg_name: "consul-k8s", "bin_name": "consul-k8s" } - - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "windows", goarch: "386", component: "cli", pkg_name: "consul-k8s", "bin_name": "consul-k8s.exe" } - - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "windows", goarch: "amd64", component: "cli", pkg_name: "consul-k8s", "bin_name": "consul-k8s.exe" } - - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "darwin", goarch: "amd64", component: "cli", pkg_name: "consul-k8s", "bin_name": "consul-k8s" } - - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "darwin", goarch: "arm64", component: "cli", pkg_name: "consul-k8s", "bin_name": "consul-k8s" } - - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "amd64", component: "cli", pkg_name: "consul-k8s", "bin_name": "consul-k8s", gotags: "fips", env: "CGO_ENABLED=1 GOEXPERIMENT=boringcrypto", fips: "+fips1402", pkg_suffix: "-fips" } - - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "arm64", component: "cli", pkg_name: "consul-k8s", "bin_name": "consul-k8s", gotags: "fips", env: "CGO_ENABLED=1 GOEXPERIMENT=boringcrypto CC=aarch64-linux-gnu-gcc", fips: "+fips1402", pkg_suffix: "-fips" } - - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "windows", goarch: "amd64", component: "cli", pkg_name: "consul-k8s", "bin_name": "consul-k8s.exe", gotags: "fips", env: "CGO_ENABLED=1 GOEXPERIMENT=cngcrypto", fips: "+fips1402" } - - # control-plane - - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "freebsd", goarch: "386", component: "control-plane", pkg_name: "consul-k8s-control-plane", "bin_name": "consul-k8s-control-plane", "skip_packaging": "true" } - - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "freebsd", goarch: "amd64", component: "control-plane", pkg_name: "consul-k8s-control-plane", "bin_name": "consul-k8s-control-plane", "skip_packaging": "true" } - - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "386", component: "control-plane", pkg_name: "consul-k8s-control-plane", "bin_name": "consul-k8s-control-plane", "skip_packaging": "true" } - - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "amd64", component: "control-plane", pkg_name: "consul-k8s-control-plane", "bin_name": "consul-k8s-control-plane", "skip_packaging": "true" } - - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "arm", component: "control-plane", pkg_name: "consul-k8s-control-plane", "bin_name": "consul-k8s-control-plane", "skip_packaging": "true" } - - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "arm64", component: "control-plane", pkg_name: "consul-k8s-control-plane", "bin_name": "consul-k8s-control-plane", "skip_packaging": "true" } - # solaris is only built for the control plane - - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "solaris", goarch: "amd64", component: "control-plane", pkg_name: "consul-k8s-control-plane", "bin_name": "consul-k8s-control-plane", "skip_packaging": "true" } - - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "windows", goarch: "386", component: "control-plane", pkg_name: "consul-k8s-control-plane", "bin_name": "consul-k8s-control-plane.exe", "skip_packaging": "true" } - - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "windows", goarch: "amd64", component: "control-plane", pkg_name: "consul-k8s-control-plane", "bin_name": "consul-k8s-control-plane.exe", "skip_packaging": "true" } - - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "darwin", goarch: "amd64", component: "control-plane", pkg_name: "consul-k8s-control-plane", "bin_name": "consul-k8s-control-plane", "skip_packaging": "true" } - - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "darwin", goarch: "arm64", component: "control-plane", pkg_name: "consul-k8s-control-plane", "bin_name": "consul-k8s-control-plane", "skip_packaging": "true" } - - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "amd64", component: "control-plane", pkg_name: "consul-k8s-control-plane", "bin_name": "consul-k8s-control-plane", gotags: "fips", env: "CGO_ENABLED=1 GOEXPERIMENT=boringcrypto", fips: "+fips1402", pkg_suffix: "-fips", "skip_packaging": "true" } - - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "arm64", component: "control-plane", pkg_name: "consul-k8s-control-plane", "bin_name": "consul-k8s-control-plane", gotags: "fips", env: "CGO_ENABLED=1 GOEXPERIMENT=boringcrypto CC=aarch64-linux-gnu-gcc", fips: "+fips1402", pkg_suffix: "-fips", "skip_packaging": "true" } - - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "windows", goarch: "amd64", component: "control-plane", pkg_name: "consul-k8s-control-plane", "bin_name": "consul-k8s-control-plane.exe", gotags: "fips", env: "CGO_ENABLED=1 GOEXPERIMENT=cngcrypto", fips: "+fips1402", "skip_packaging": "true" } - - # consul-cni - - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "386", component: "control-plane/cni", pkg_name: "consul-cni", "bin_name": "consul-cni", "skip_packaging": "true" } - - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "amd64", component: "control-plane/cni", pkg_name: "consul-cni", "bin_name": "consul-cni" } - - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "arm", component: "control-plane/cni", pkg_name: "consul-cni", "bin_name": "consul-cni", "skip_packaging": "true" } - - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "arm64", component: "control-plane/cni", pkg_name: "consul-cni", "bin_name": "consul-cni" } - - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "amd64", component: "control-plane/cni", pkg_name: "consul-cni", "bin_name": "consul-cni", gotags: "fips", env: "CGO_ENABLED=1 GOEXPERIMENT=boringcrypto", fips: "+fips1402", pkg_suffix: "-fips" } - - {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "arm64", component: "control-plane/cni", pkg_name: "consul-cni", "bin_name": "consul-cni", gotags: "fips", env: "CGO_ENABLED=1 GOEXPERIMENT=boringcrypto CC=aarch64-linux-gnu-gcc", fips: "+fips1402", pkg_suffix: "-fips" } - - fail-fast: true - - name: Go ${{ matrix.go }} ${{ matrix.goos }} ${{ matrix.goarch }} ${{ matrix.component }} ${{ matrix.fips }} build - steps: - - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - - - name: Setup go - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 - with: - go-version: ${{ matrix.go }} - - - name: Replace Go for Windows FIPS with Microsoft Go - if: ${{ matrix.fips == '+fips1402' && matrix.goos == 'windows' }} - run: | - # Uninstall standard Go and use microsoft/go instead - rm -rf /home/runner/actions-runner/_work/_tool/go - curl https://aka.ms/golang/release/latest/go${{ matrix.go }}-1.linux-amd64.tar.gz -Lo go${{ matrix.go }}.linux-amd64.tar.gz - tar -C $HOME -xf go${{ matrix.go }}.linux-amd64.tar.gz - chmod +x $HOME/go/bin - export PATH=$HOME/go/bin:$PATH - if [ $(which go) != "$HOME/go/bin/go" ]; then - echo "Unable to verify microsoft/go toolchain" - exit 1 - fi - - - name: Install cross-compiler for FIPS on arm64 - if: ${{ matrix.fips == '+fips1402' && matrix.goarch == 'arm64' }} - run: | - sudo apt-get update --allow-releaseinfo-change-suite --allow-releaseinfo-change-version && sudo apt-get install -y gcc-aarch64-linux-gnu - - - name: Build - env: - GOOS: ${{ matrix.goos }} - GOARCH: ${{ matrix.goarch }} - CGO_ENABLED: 0 - working-directory: ${{ matrix.component }} - run: | - mkdir -p dist out - cp $GITHUB_WORKSPACE/LICENSE dist/LICENSE.txt - - export GIT_COMMIT=$(git rev-parse --short HEAD) - export GIT_DIRTY=$(test -n "$(git status --porcelain)" && echo "+CHANGES") - export GIT_IMPORT=github.com/hashicorp/consul-k8s/version - export GOLDFLAGS="-X ${GIT_IMPORT}.GitCommit=${GIT_COMMIT}${GIT_DIRTY} -X ${GIT_IMPORT}.GitDescribe=${{ needs.get-product-version.outputs.product-version }}" - - ${{ matrix.env }} go build -o dist/${{ matrix.bin_name }} -ldflags "${GOLDFLAGS}" -tags=${{ matrix.gotags }} . - zip -r -j out/${{ matrix.pkg_name }}_${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip dist/ - - - name: Upload built binaries - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 - with: - name: ${{ matrix.pkg_name }}_${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip - path: ${{ matrix.component}}/out/${{ matrix.pkg_name }}_${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip - - - name: Copy license file - env: - LICENSE_DIR: ".release/linux/package/usr/share/doc/${{ env.PKG_NAME }}" - run: | - mkdir -p "$LICENSE_DIR" - cp $GITHUB_WORKSPACE/LICENSE "$LICENSE_DIR/LICENSE.txt" - - - name: Package rpm and deb files for consul-k8s CLI - if: matrix.goos == 'linux' && matrix.component == 'cli' && matrix.skip_packaging != 'true' - uses: hashicorp/actions-packaging-linux@v1 - with: - name: consul-k8s${{ matrix.pkg_suffix }} - description: "consul-k8s provides a cli interface to first-class integrations between Consul and Kubernetes." - arch: ${{ matrix.goarch }} - version: ${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }} - maintainer: "HashiCorp" - homepage: "https://github.com/hashicorp/consul-k8s" - license: "MPL-2.0" - binary: "${{ matrix.component }}/dist/${{ matrix.bin_name }}" - deb_depends: "openssl" - rpm_depends: "openssl" - config_dir: ".release/linux/package/" - - - name: Package rpm and deb files for consul-cni plugin - if: matrix.goos == 'linux' && matrix.component == 'control-plane/cni' && matrix.skip_packaging != 'true' - uses: hashicorp/actions-packaging-linux@v1 - with: - name: consul-cni${{ matrix.pkg_suffix }} - description: "consul-cni provides a CNI plugin for use with Consul Service Mesh." - arch: ${{ matrix.goarch }} - version: ${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }} - maintainer: "HashiCorp" - homepage: "https://github.com/hashicorp/consul-k8s/control-plane/cni" - license: "MPL-2.0" - binary: "${{ matrix.component }}/dist/${{ matrix.bin_name }}" - deb_depends: "openssl" - rpm_depends: "openssl" - config_dir: ".release/linux/package/" - postinstall: ".release/linux/postinst" - postremove: ".release/linux/postrm" - - - name: Set package names - if: matrix.goos == 'linux' && matrix.skip_packaging != 'true' - run: | - echo "RPM_PACKAGE=$(basename out/*.rpm)" >> $GITHUB_ENV - echo "DEB_PACKAGE=$(basename out/*.deb)" >> $GITHUB_ENV - - - name: Enable docker runtime emulation for testing packages - if: matrix.goos == 'linux' && matrix.skip_packaging != 'true' && matrix.component == 'cli' && matrix.goarch != 'amd64' - run: | - docker run --privileged \ - --rm \ - docker.mirror.hashicorp.services/tonistiigi/binfmt@sha256:5540f38542290735d17da57d7084f684c62336105d018c605058daf03e4c8256 --install ${{ matrix.goarch }} - - - name: Test consul-k8s CLI rpm package on platforms on UBI - if: matrix.goos == 'linux' && matrix.component == 'cli' && matrix.skip_packaging != 'true' - uses: addnab/docker-run-action@4f65fabd2431ebc8d299f8e5a018d79a769ae185 # v3 - with: - image: registry.access.redhat.com/ubi9/ubi:latest - options: -v ${{ github.workspace }}:/work --platform linux/${{matrix.goarch}} - run: | - dnf install -y /work/out/${{ env.RPM_PACKAGE }} - CONSUL_K8S_VERSION="$(consul-k8s version | awk '{print $2}')" - VERSION="v${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }}" - if [ "${VERSION}" != "${CONSUL_K8S_VERSION}" ]; then - echo "Test FAILED, expected: ${VERSION}, got: ${CONSUL_K8S_VERSION}" - exit 1 - fi - echo "Test PASSED, expected: ${VERSION}, got: ${CONSUL_K8S_VERSION}" - - - name: Upload rpm packages - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 - if: matrix.goos == 'linux' && matrix.skip_packaging != 'true' - with: - name: ${{ env.RPM_PACKAGE }} - path: out/${{ env.RPM_PACKAGE }} - - - name: Test consul-k8s CLI debian package - if: matrix.goos == 'linux' && matrix.component == 'cli' && matrix.skip_packaging != 'true' - uses: addnab/docker-run-action@4f65fabd2431ebc8d299f8e5a018d79a769ae185 # v3 - with: - image: ubuntu:latest - options: -v ${{ github.workspace }}:/work --platform linux/${{matrix.goarch}} - run: | - apt-get update -qq - apt-get install -y /work/out/${{ env.DEB_PACKAGE }} - CONSUL_K8S_VERSION="$(consul-k8s version | awk '{print $2}')" - VERSION="v${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }}" - if [ "${VERSION}" != "${CONSUL_K8S_VERSION}" ]; then - echo "Test FAILED, expected: ${VERSION}, got: ${CONSUL_K8S_VERSION}" - exit 1 - fi - echo "Test PASSED, expected: ${VERSION}, got: ${CONSUL_K8S_VERSION}" - - - name: Upload debian packages - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 - if: matrix.goos == 'linux' && matrix.skip_packaging != 'true' - with: - name: ${{ env.DEB_PACKAGE }} - path: out/${{ env.DEB_PACKAGE }} - - build-docker: - name: Docker ${{ matrix.goarch }} ${{ matrix.fips }} default release build - needs: [get-product-version, get-go-version, build] - runs-on: ubuntu-latest - strategy: - matrix: - include: - - { goos: "linux", goarch: "arm" } - - { goos: "linux", goarch: "arm64" } - - { goos: "linux", goarch: "386" } - - { goos: "linux", goarch: "amd64" } - - { goos: "linux", goarch: "amd64", fips: "+fips1402" } - - { goos: "linux", goarch: "arm64", fips: "+fips1402" } - env: - repo: ${{ github.event.repository.name }} - version: ${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }} - steps: - - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 - with: - name: consul-cni_${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }}_${{ matrix.goos}}_${{ matrix.goarch }}.zip - path: control-plane/dist/cni/${{ matrix.goos}}/${{ matrix.goarch }} - - name: extract consul-cni zip - env: - ZIP_LOCATION: control-plane/dist/cni/${{ matrix.goos}}/${{ matrix.goarch }} - run: | - cd "${ZIP_LOCATION}" - unzip -j *.zip - - # This naming convention will be used ONLY for per-commit dev images - - name: Set docker dev tag - run: | - echo "full_dev_tag=${{ env.version }}" - echo "full_dev_tag=${{ env.version }}" >> $GITHUB_ENV - echo "minor_dev_tag=$(echo ${{ env.version }}| sed -E 's/([0-9]+\.[0-9]+)\.[0-9]+(-[0-9a-zA-Z\+\.]+)?$/\1\2/')" - echo "minor_dev_tag=$(echo ${{ env.version }}| sed -E 's/([0-9]+\.[0-9]+)\.[0-9]+(-[0-9a-zA-Z\+\.]+)?$/\1\2/')" >> $GITHUB_ENV - - - name: Docker Build (Action) - uses: hashicorp/actions-docker-build@v2 - if: ${{ !matrix.fips }} - with: - smoke_test: | - TEST_VERSION="$(docker run "${IMAGE_NAME}" consul-k8s-control-plane version | awk '{print $2}')" - if [ "${TEST_VERSION}" != "v${version}" ]; then - echo "Test FAILED" - exit 1 - fi - echo "Test PASSED" - version: ${{ env.version }} - target: release-default - arch: ${{ matrix.goarch }} - pkg_name: consul-k8s-control-plane_${{ env.version }} - bin_name: consul-k8s-control-plane - workdir: control-plane - tags: | - docker.io/hashicorp/${{ env.repo }}-control-plane:${{ env.version }} - public.ecr.aws/hashicorp/${{ env.repo }}-control-plane:${{ env.version }} - dev_tags: | - docker.io/hashicorppreview/${{ env.repo }}-control-plane:${{ env.full_dev_tag }} - docker.io/hashicorppreview/${{ env.repo }}-control-plane:${{ env.full_dev_tag }}-${{ github.sha }} - docker.io/hashicorppreview/${{ env.repo }}-control-plane:${{ env.minor_dev_tag }} - docker.io/hashicorppreview/${{ env.repo }}-control-plane:${{ env.minor_dev_tag }}-${{ github.sha }} - extra_build_args: | - GOLANG_VERSION=${{ needs.get-go-version.outputs.go-version }} - - - name: Docker FIPS Build (Action) - uses: hashicorp/actions-docker-build@v2 - if: ${{ matrix.fips }} - with: - smoke_test: | - TEST_VERSION="$(docker run "${IMAGE_NAME}" consul-k8s-control-plane version | awk '{print $2}')" - if [ "${TEST_VERSION}" != "v${version}" ]; then - echo "Test FAILED" - exit 1 - fi - echo "Test PASSED" - version: ${{ env.version }} - target: release-default-fips # duplicate target to distinguish FIPS builds in CRT machinery - arch: ${{ matrix.goarch }} - pkg_name: consul-k8s-control-plane_${{ env.version }} - bin_name: consul-k8s-control-plane - workdir: control-plane - tags: | - docker.io/hashicorp/${{ env.repo }}-control-plane-fips:${{ env.version }} - public.ecr.aws/hashicorp/${{ env.repo }}-control-plane-fips:${{ env.version }} - dev_tags: | - docker.io/hashicorppreview/${{ env.repo }}-control-plane-fips:${{ env.full_dev_tag }} - docker.io/hashicorppreview/${{ env.repo }}-control-plane-fips:${{ env.full_dev_tag }}-${{ github.sha }} - docker.io/hashicorppreview/${{ env.repo }}-control-plane-fips:${{ env.minor_dev_tag }} - docker.io/hashicorppreview/${{ env.repo }}-control-plane-fips:${{ env.minor_dev_tag }}-${{ github.sha }} - extra_build_args: | - GOLANG_VERSION=${{ needs.get-go-version.outputs.go-version }} - - build-docker-ubi: - name: Docker ${{ matrix.arch }} ${{ matrix.fips }} UBI builds - needs: [get-product-version, get-go-version, build] - runs-on: ubuntu-latest - strategy: - matrix: - include: - - { arch: "amd64" } - - { arch: "amd64", fips: "+fips1402" } - env: - repo: ${{ github.event.repository.name }} - version: ${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }} - steps: - - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 - with: - name: consul-cni_${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }}_linux_${{ matrix.arch }}.zip - path: control-plane/dist/cni/linux/${{ matrix.arch }} - - name: extract consul-cni zip - env: - ZIP_LOCATION: control-plane/dist/cni/linux/${{ matrix.arch }} - run: | - cd "${ZIP_LOCATION}" - unzip -j *.zip - - # This naming convention will be used ONLY for per-commit dev images - - name: Set docker dev tag - run: | - echo "full_dev_tag=${{ env.version }}" - echo "full_dev_tag=${{ env.version }}" >> $GITHUB_ENV - echo "minor_dev_tag=$(echo ${{ env.version }}| sed -E 's/([0-9]+\.[0-9]+)\.[0-9]+(-[0-9a-zA-Z\+\.]+)?$/\1\2/')" - echo "minor_dev_tag=$(echo ${{ env.version }}| sed -E 's/([0-9]+\.[0-9]+)\.[0-9]+(-[0-9a-zA-Z\+\.]+)?$/\1\2/')" >> $GITHUB_ENV - - - name: Docker Build (Action) - if: ${{ !matrix.fips }} - uses: hashicorp/actions-docker-build@v2 - with: - smoke_test: | - TEST_VERSION="$(docker run "${IMAGE_NAME}" consul-k8s-control-plane version | awk '{print $2}')" - if [ "${TEST_VERSION}" != "v${version}" ]; then - echo "Test FAILED" - exit 1 - fi - echo "Test PASSED" - version: ${{ env.version }} - target: ubi - arch: ${{ matrix.arch }} - pkg_name: consul-k8s-control-plane_${{ env.version }} - bin_name: consul-k8s-control-plane - workdir: control-plane - tags: | - docker.io/hashicorp/${{ env.repo }}-control-plane:${{ env.version }}-ubi - public.ecr.aws/hashicorp/${{ env.repo }}-control-plane:${{ env.version }}-ubi - dev_tags: | - docker.io/hashicorppreview/${{ env.repo }}-control-plane:${{ env.full_dev_tag }}-ubi - docker.io/hashicorppreview/${{ env.repo }}-control-plane:${{ env.full_dev_tag }}-ubi-${{ github.sha }} - docker.io/hashicorppreview/${{ env.repo }}-control-plane:${{ env.minor_dev_tag }}-ubi - docker.io/hashicorppreview/${{ env.repo }}-control-plane:${{ env.minor_dev_tag }}-ubi-${{ github.sha }} - redhat_tag: quay.io/redhat-isv-containers/611ca2f89a9b407267837100:${{env.version}}-ubi - extra_build_args: | - GOLANG_VERSION=${{ needs.get-go-version.outputs.go-version }} - - - name: Docker FIPS Build (Action) - if: ${{ matrix.fips }} - uses: hashicorp/actions-docker-build@v2 - with: - smoke_test: | - TEST_VERSION="$(docker run "${IMAGE_NAME}" consul-k8s-control-plane version | awk '{print $2}')" - if [ "${TEST_VERSION}" != "v${version}" ]; then - echo "Test FAILED" - exit 1 - fi - echo "Test PASSED" - version: ${{ env.version }} - target: ubi-fips # duplicate target to distinguish FIPS builds in CRT machinery - arch: ${{ matrix.arch }} - pkg_name: consul-k8s-control-plane_${{ env.version }} - bin_name: consul-k8s-control-plane - workdir: control-plane - tags: | - public.ecr.aws/hashicorp/${{ env.repo }}-control-plane-fips:${{ env.version }}-ubi - docker.io/hashicorp/${{ env.repo }}-control-plane-fips:${{ env.version }}-ubi - redhat_tag: quay.io/redhat-isv-containers/6486b1beabfc4e51588c0416:${{env.version}}-ubi # this is different than the non-FIPS one - extra_build_args: | - GOLANG_VERSION=${{ needs.get-go-version.outputs.go-version }} - dev_tags: | - docker.io/hashicorppreview/${{ env.repo }}-control-plane-fips:${{ env.full_dev_tag }}-ubi - docker.io/hashicorppreview/${{ env.repo }}-control-plane-fips:${{ env.full_dev_tag }}-ubi-${{ github.sha }} - docker.io/hashicorppreview/${{ env.repo }}-control-plane-fips:${{ env.minor_dev_tag }}-ubi - docker.io/hashicorppreview/${{ env.repo }}-control-plane-fips:${{ env.minor_dev_tag }}-ubi-${{ github.sha }} diff --git a/.github/workflows/changelog-checker.yml b/.github/workflows/changelog-checker.yml deleted file mode 100644 index 35db5df1f6..0000000000 --- a/.github/workflows/changelog-checker.yml +++ /dev/null @@ -1,48 +0,0 @@ -# Copyright (c) HashiCorp, Inc. - -# This workflow checks that there is either a 'pr/no-changelog' label applied to a PR -# or there is a .changelog/.txt file associated with a PR for a changelog entry - -name: Changelog Checker - -on: - pull_request: - types: [opened, synchronize, labeled] - # Runs on PRs to main and all release branches - branches: - - main - - release/* - -jobs: - # checks that a .changelog entry is present for a PR - changelog-check: - # If there's a `pr/no-changelog` label we ignore this check. Also, we ignore PRs created by the bot assigned to `backport-assistant` - if: "! ( contains(github.event.pull_request.labels.*.name, 'pr/no-changelog') || github.event.pull_request.user.login == 'hc-github-team-consul-core' )" - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - with: - ref: ${{ github.event.pull_request.head.sha }} - fetch-depth: 0 # by default the checkout action doesn't checkout all branches - - name: Check for changelog entry in diff - run: | - # check if there is a diff in the .changelog directory - # for PRs against the main branch, the changelog file name should match the PR number - if [ "${{ github.event.pull_request.base.ref }}" = "${{ github.event.repository.default_branch }}" ]; then - enforce_matching_pull_request_number="matching this PR number " - changelog_file_path=".changelog/(_)?${{ github.event.pull_request.number }}.txt" - else - changelog_file_path=".changelog/[_0-9]*.txt" - fi - - changelog_files=$(git --no-pager diff --name-only HEAD "$(git merge-base HEAD "origin/${{ github.event.pull_request.base.ref }}")" | egrep -e "${changelog_file_path}") - - # If we do not find a file in .changelog/, we fail the check - if [ -z "$changelog_files" ]; then - # Fail status check when no .changelog entry was found on the PR - echo "Did not find a .changelog entry ${enforce_matching_pull_request_number}and the 'pr/no-changelog' label was not applied. Reference - https://github.com/hashicorp/consul-k8s/pull/1947" - exit 1 - else - echo "Found .changelog entry in PR!" - fi diff --git a/.github/workflows/jira-issues.yaml b/.github/workflows/jira-issues.yaml deleted file mode 100644 index a36db22af4..0000000000 --- a/.github/workflows/jira-issues.yaml +++ /dev/null @@ -1,83 +0,0 @@ -# Copyright (c) HashiCorp, Inc. - -on: - issues: - types: [opened, closed, deleted, reopened] - issue_comment: - types: [created] - workflow_dispatch: - -name: Jira Community Issue Sync - -jobs: - sync: - runs-on: ubuntu-latest - name: Jira Community Issue sync - steps: - - name: Login - uses: atlassian/gajira-login@45fd029b9f1d6d8926c6f04175aa80c0e42c9026 # v3.0.1 - env: - JIRA_BASE_URL: ${{ secrets.JIRA_BASE_URL }} - JIRA_USER_EMAIL: ${{ secrets.JIRA_USER_EMAIL }} - JIRA_API_TOKEN: ${{ secrets.JIRA_API_TOKEN }} - - - name: Set ticket type - id: set-ticket-type - run: | - echo "TYPE=GH Issue" >> $GITHUB_OUTPUT - - - name: Set ticket labels - if: github.event.action == 'opened' - id: set-ticket-labels - run: | - LABELS="[" - if [[ "${{ contains(github.event.issue.labels.*.name, 'type/bug') }}" == "true" ]]; then LABELS+="\"type/bug\", "; fi - if [[ "${{ contains(github.event.issue.labels.*.name, 'type/enhancement') }}" == "true" ]]; then LABELS+="\"type/enhancement\", "; fi - if [[ ${#LABELS} != 1 ]]; then LABELS=${LABELS::-2}"]"; else LABELS+="]"; fi - echo "LABELS=${LABELS}" >> $GITHUB_OUTPUT - - - name: Create ticket if an issue is filed, or if PR not by a team member is opened - if: github.event.action == 'opened' - uses: tomhjp/gh-action-jira-create@3ed1789cad3521292e591a7cfa703215ec1348bf # v0.2.1 - with: - project: NET - issuetype: "${{ steps.set-ticket-type.outputs.TYPE }}" - summary: "${{ github.event.repository.name }} [${{ steps.set-ticket-type.outputs.TYPE }} #${{ github.event.issue.number }}]: ${{ github.event.issue.title }}" - description: "${{ github.event.issue.body || github.event.pull_request.body }}\n\n_Created in GitHub by ${{ github.actor }}._" - # customfield_10089 is "Issue Link", customfield_10371 is "Source" (use JIRA API to retrieve) - extraFields: '{ "customfield_10089": "${{ github.event.issue.html_url || github.event.pull_request.html_url }}", - "customfield_10371": { "value": "GitHub" }, - "labels": ${{ steps.set-ticket-labels.outputs.LABELS }} }' - env: - JIRA_BASE_URL: ${{ secrets.JIRA_BASE_URL }} - JIRA_USER_EMAIL: ${{ secrets.JIRA_USER_EMAIL }} - JIRA_API_TOKEN: ${{ secrets.JIRA_API_TOKEN }} - - - name: Search - if: github.event.action != 'opened' - id: search - uses: tomhjp/gh-action-jira-search@04700b457f317c3e341ce90da5a3ff4ce058f2fa # v0.2.2 - with: - # cf[10089] is Issue Link (use JIRA API to retrieve) - jql: 'issuetype = "${{ steps.set-ticket-type.outputs.TYPE }}" and cf[10089] = "${{ github.event.issue.html_url || github.event.pull_request.html_url }}"' - - - name: Sync comment - if: github.event.action == 'created' && steps.search.outputs.issue - uses: tomhjp/gh-action-jira-comment@6eb6b9ead70221916b6badd118c24535ed220bd9 # v0.2.0 - with: - issue: ${{ steps.search.outputs.issue }} - comment: "${{ github.actor }} ${{ github.event.review.state || 'commented' }}:\n\n${{ github.event.comment.body || github.event.review.body }}\n\n${{ github.event.comment.html_url || github.event.review.html_url }}" - - - name: Close ticket - if: ( github.event.action == 'closed' || github.event.action == 'deleted' ) && steps.search.outputs.issue - uses: atlassian/gajira-transition@38fc9cd61b03d6a53dd35fcccda172fe04b36de3 # v3.0.1 - with: - issue: ${{ steps.search.outputs.issue }} - transition: "Closed" - - - name: Reopen ticket - if: github.event.action == 'reopened' && steps.search.outputs.issue - uses: atlassian/gajira-transition@38fc9cd61b03d6a53dd35fcccda172fe04b36de3 # v3.0.1 - with: - issue: ${{ steps.search.outputs.issue }} - transition: "To Do" diff --git a/.github/workflows/jira-pr.yaml b/.github/workflows/jira-pr.yaml deleted file mode 100644 index 05bc78f020..0000000000 --- a/.github/workflows/jira-pr.yaml +++ /dev/null @@ -1,97 +0,0 @@ -# Copyright (c) HashiCorp, Inc. - -on: - pull_request_target: - types: [opened, closed, reopened] - workflow_dispatch: - -name: Jira Community PR Sync - -jobs: - sync: - runs-on: ubuntu-latest - name: Jira sync - steps: - - name: Login - uses: atlassian/gajira-login@45fd029b9f1d6d8926c6f04175aa80c0e42c9026 # v3.0.1 - env: - JIRA_BASE_URL: ${{ secrets.JIRA_BASE_URL }} - JIRA_USER_EMAIL: ${{ secrets.JIRA_USER_EMAIL }} - JIRA_API_TOKEN: ${{ secrets.JIRA_API_TOKEN }} - - - name: Set ticket type - id: set-ticket-type - run: | - echo "TYPE=GH Issue" >> $GITHUB_OUTPUT - - - name: Set ticket labels - if: github.event.action == 'opened' - id: set-ticket-labels - run: | - LABELS="[" - if [[ "${{ contains(github.event.issue.labels.*.name, 'type/bug') }}" == "true" ]]; then LABELS+="\"type/bug\", "; fi - if [[ "${{ contains(github.event.issue.labels.*.name, 'type/enhancement') }}" == "true" ]]; then LABELS+="\"type/enhancement\", "; fi - if [[ ${#LABELS} != 1 ]]; then LABELS=${LABELS::-2}"]"; else LABELS+="]"; fi - echo "LABELS=${LABELS}" >> $GITHUB_OUTPUT - - - name: Check if team member - if: github.event.action == 'opened' - id: is-team-member - run: | - TEAM=consul - ROLE="$(gh api orgs/hashicorp/teams/${TEAM}/memberships/${{ github.actor }} | jq -r '.role | select(.!=null)')" - if [[ -n ${ROLE} ]]; then - echo "Actor ${{ github.actor }} is a ${TEAM} team member" - echo "MESSAGE=true" >> $GITHUB_OUTPUT - else - echo "Actor ${{ github.actor }} is NOT a ${TEAM} team member" - echo "MESSAGE=false" >> $GITHUB_OUTPUT - fi - env: - GITHUB_TOKEN: ${{ secrets.JIRA_SYNC_GITHUB_TOKEN }} - - - name: Create ticket if an issue is filed, or if PR not by a team member is opened - if: ( github.event.action == 'opened' && steps.is-team-member.outputs.MESSAGE == 'false' ) - uses: tomhjp/gh-action-jira-create@3ed1789cad3521292e591a7cfa703215ec1348bf # v0.2.1 - with: - project: NET - issuetype: "${{ steps.set-ticket-type.outputs.TYPE }}" - summary: "${{ github.event.repository.name }} [${{ steps.set-ticket-type.outputs.TYPE }} #${{ github.event.pull_request.number }}]: ${{ github.event.pull_request.title }}" - description: "${{ github.event.issue.body || github.event.pull_request.body }}\n\n_Created in GitHub by ${{ github.actor }}._" - # customfield_10089 is "Issue Link", customfield_10371 is "Source" (use JIRA API to retrieve) - extraFields: '{ "customfield_10089": "${{ github.event.pull_request.html_url }}", - "customfield_10371": { "value": "GitHub" }, - "labels": ${{ steps.set-ticket-labels.outputs.LABELS }} }' - env: - JIRA_BASE_URL: ${{ secrets.JIRA_BASE_URL }} - JIRA_USER_EMAIL: ${{ secrets.JIRA_USER_EMAIL }} - JIRA_API_TOKEN: ${{ secrets.JIRA_API_TOKEN }} - - - name: Search - if: github.event.action != 'opened' - id: search - uses: tomhjp/gh-action-jira-search@04700b457f317c3e341ce90da5a3ff4ce058f2fa # v0.2.2 - with: - # cf[10089] is Issue Link (use JIRA API to retrieve) - jql: 'issuetype = "${{ steps.set-ticket-type.outputs.TYPE }}" and cf[10089] = "${{ github.event.issue.html_url || github.event.pull_request.html_url }}"' - - - name: Sync comment - if: github.event.action == 'created' && steps.search.outputs.issue - uses: tomhjp/gh-action-jira-comment@6eb6b9ead70221916b6badd118c24535ed220bd9 # v0.2.0 - with: - issue: ${{ steps.search.outputs.issue }} - comment: "${{ github.actor }} ${{ github.event.review.state || 'commented' }}:\n\n${{ github.event.comment.body || github.event.review.body }}\n\n${{ github.event.comment.html_url || github.event.review.html_url }}" - - - name: Close ticket - if: ( github.event.action == 'closed' || github.event.action == 'deleted' ) && steps.search.outputs.issue - uses: atlassian/gajira-transition@38fc9cd61b03d6a53dd35fcccda172fe04b36de3 # v3.0.1 - with: - issue: ${{ steps.search.outputs.issue }} - transition: "Closed" - - - name: Reopen ticket - if: github.event.action == 'reopened' && steps.search.outputs.issue - uses: atlassian/gajira-transition@38fc9cd61b03d6a53dd35fcccda172fe04b36de3 # v3.0.1 - with: - issue: ${{ steps.search.outputs.issue }} - transition: "To Do" diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml deleted file mode 100644 index aedbb51464..0000000000 --- a/.github/workflows/lint.yaml +++ /dev/null @@ -1,55 +0,0 @@ -# Dispatch to the consul-k8s-workflows when a PR is created and on merges to main/release* -name: lint -on: - pull_request: - -jobs: - get-go-version: - uses: ./.github/workflows/reusable-get-go-version.yml - - linting: - name: golangci-lint - needs: - - get-go-version - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - - - name: Setup go - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 - with: - go-version: ${{ needs.get-go-version.outputs.go-version }} - cache: false - - - name: Setup GOROOT # Need to set GOROOT because an older version of go-critic used GOROOT to find rules - run: echo "GOROOT=$(go env GOROOT)" >> "${GITHUB_ENV}" - - - name: golangci-lint-helm-gen - uses: golangci/golangci-lint-action@38e1018663fa5173f3968ea0777460d3de38f256 # v5.3.0 - with: - version: "v1.55.2" - working-directory: hack/helm-reference-gen - skip-cache: true # We have seen sticky timeout bugs crop up with caching enabled, so disabling for now - args: "--no-config --disable-all --enable gofmt,govet" - - - name: golangci-lint-control-plane - uses: golangci/golangci-lint-action@38e1018663fa5173f3968ea0777460d3de38f256 # v5.3.0 - with: - version: "v1.55.2" - working-directory: control-plane - skip-cache: true # We have seen sticky timeout bugs crop up with caching enabled, so disabling for now - - - name: golangci-lint-acceptance - uses: golangci/golangci-lint-action@38e1018663fa5173f3968ea0777460d3de38f256 # v5.3.0 - with: - version: "v1.55.2" - working-directory: acceptance - skip-cache: true # We have seen sticky timeout bugs crop up with caching enabled, so disabling for now - - - name: golangci-lint-cli - uses: golangci/golangci-lint-action@38e1018663fa5173f3968ea0777460d3de38f256 # v5.3.0 - with: - version: "v1.55.2" - working-directory: acceptance - skip-cache: true # We have seen sticky timeout bugs crop up with caching enabled, so disabling for now \ No newline at end of file diff --git a/.github/workflows/merge.yml b/.github/workflows/merge.yml deleted file mode 100644 index 22c7614eca..0000000000 --- a/.github/workflows/merge.yml +++ /dev/null @@ -1,30 +0,0 @@ -# Dispatch to the consul-k8s-workflows when a PR is created and on merges to main/release* -name: merge -on: - push: - # Sequence of patterns matched against refs/heads - branches: - # Push events on main branch - - main - # Push events to branches matching refs/heads/release/** - - "release/**" - -# these should be the only settings that you will ever need to change -env: - BRANCH: ${{ github.head_ref || github.ref_name }} - CONTEXT: "merge" - SHA: ${{ github.event.pull_request.head.sha || github.sha }} - -jobs: - test: - name: test - runs-on: ubuntu-latest - steps: - - uses: benc-uk/workflow-dispatch@25b02cc069be46d637e8fe2f1e8484008e9e9609 # v1.2.3 - name: test - with: - workflow: test.yml - repo: hashicorp/consul-k8s-workflows - ref: main - token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} - inputs: '{ "context":"${{ env.CONTEXT }}", "actor":"${{ github.actor }}", "repository":"${{ github.repository }}", "branch":"${{ env.BRANCH }}", "sha":"${{ env.SHA }}", "token":"${{ secrets.ELEVATED_GITHUB_TOKEN }}" }' diff --git a/.github/workflows/nightly-acceptance.yml b/.github/workflows/nightly-acceptance.yml deleted file mode 100644 index c8ac870410..0000000000 --- a/.github/workflows/nightly-acceptance.yml +++ /dev/null @@ -1,26 +0,0 @@ -# Dispatch to the consul-k8s-workflows with a nightly cron -name: nightly-acceptance -on: - schedule: - # * is a special character in YAML so you have to quote this string - # Run nightly at 12AM UTC/8PM EST/5PM PST - - cron: '0 0 * * *' - -# these should be the only settings that you will ever need to change -env: - BRANCH: ${{ github.ref_name }} - CONTEXT: "nightly" - -jobs: - cloud: - name: cloud - runs-on: ubuntu-latest - steps: - - uses: benc-uk/workflow-dispatch@25b02cc069be46d637e8fe2f1e8484008e9e9609 # v1.2.3 - name: cloud - with: - workflow: cloud.yml - repo: hashicorp/consul-k8s-workflows - ref: main - token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} - inputs: '{ "context":"${{ env.CONTEXT }}", "repository":"${{ github.repository }}", "branch":"${{ env.BRANCH }}", "sha":"${{ github.sha }}", "token":"${{ secrets.ELEVATED_GITHUB_TOKEN }}" }' diff --git a/.github/workflows/nightly-api-gateway-conformance.yml b/.github/workflows/nightly-api-gateway-conformance.yml deleted file mode 100644 index 44c03b529b..0000000000 --- a/.github/workflows/nightly-api-gateway-conformance.yml +++ /dev/null @@ -1,27 +0,0 @@ -# Dispatch to the consul-k8s-workflows with a nightly cron -name: nightly-api-gateway-conformance -on: - schedule: - # * is a special character in YAML so you have to quote this string - # Run nightly at 12AM UTC/8PM EST/5PM PST. - - cron: '0 0 * * *' - - -# these should be the only settings that you will ever need to change -env: - BRANCH: ${{ github.ref_name }} - CONTEXT: "nightly" - -jobs: - api-gateway-conformance: - name: api-gateway-conformance - runs-on: ubuntu-latest - steps: - - uses: benc-uk/workflow-dispatch@25b02cc069be46d637e8fe2f1e8484008e9e9609 # v1.2.3 - name: conformance - with: - workflow: api-gateway-conformance.yml - repo: hashicorp/consul-k8s-workflows - ref: main - token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} - inputs: '{ "context":"${{ env.CONTEXT }}", "repository":"${{ github.repository }}", "branch":"${{ env.BRANCH }}", "sha":"${{ github.sha }}", "token":"${{ secrets.ELEVATED_GITHUB_TOKEN }}" }' diff --git a/.github/workflows/nightly-cleanup.yml b/.github/workflows/nightly-cleanup.yml deleted file mode 100644 index c8a35755e6..0000000000 --- a/.github/workflows/nightly-cleanup.yml +++ /dev/null @@ -1,26 +0,0 @@ -# Dispatch to the consul-k8s-workflows with a nightly cron -name: nightly-cleanup -on: - schedule: - # * is a special character in YAML so you have to quote this string - # Run nightly at 12PM UTC/8AM EST/5AM PST - - cron: '0 12 * * *' - -# these should be the only settings that you will ever need to change -env: - BRANCH: ${{ github.ref_name }} - CONTEXT: "nightly" - -jobs: - cleanup: - name: cleanup - runs-on: ubuntu-latest - steps: - - uses: benc-uk/workflow-dispatch@25b02cc069be46d637e8fe2f1e8484008e9e9609 # v1.2.3 - name: cleanup - with: - workflow: cleanup.yml - repo: hashicorp/consul-k8s-workflows - ref: main - token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} - inputs: '{ "context":"${{ env.CONTEXT }}", "repository":"${{ github.repository }}", "branch":"${{ env.BRANCH }}", "sha":"${{ github.sha }}", "token":"${{ secrets.ELEVATED_GITHUB_TOKEN }}" }' diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml deleted file mode 100644 index 3719afe1f8..0000000000 --- a/.github/workflows/pr.yml +++ /dev/null @@ -1,59 +0,0 @@ -# Dispatch to the consul-k8s-workflows when a PR is created and on merges to main/release* -name: pr -on: - pull_request: - -# these should be the only settings that you will ever need to change -env: - BRANCH: ${{ github.head_ref || github.ref_name }} - CONTEXT: "pr" - SHA: ${{ github.event.pull_request.head.sha || github.sha }} - -jobs: - conditional-skip: - uses: ./.github/workflows/reusable-conditional-skip.yml - - test: - name: test - needs: [ conditional-skip ] - if: needs.conditional-skip.outputs.skip-ci != 'true' - runs-on: ubuntu-latest - steps: - - uses: benc-uk/workflow-dispatch@25b02cc069be46d637e8fe2f1e8484008e9e9609 # v1.2.3 - name: test - with: - workflow: test.yml - repo: hashicorp/consul-k8s-workflows - ref: main - token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} - inputs: '{ "context":"${{ env.CONTEXT }}", "actor":"${{ github.actor }}", "repository":"${{ github.repository }}", "branch":"${{ env.BRANCH }}", "sha":"${{ env.SHA }}", "token":"${{ secrets.ELEVATED_GITHUB_TOKEN }}" }' - - pass-required-checks-on-skip: - needs: [ conditional-skip ] - if: needs.conditional-skip.outputs.skip-ci == 'true' - runs-on: ubuntu-latest - strategy: - matrix: - include: - # The required checks that should be "passed" when the CI is skipped - - check-name: acceptance - - check-name: acceptance-cni - - check-name: acceptance-tproxy - - check-name: Unit test helm templates - - check-name: Unit test helm gen - - check-name: Unit test enterprise control plane - - check-name: Unit test control plane - - check-name: Unit test cli - - check-name: Unit test acceptance - steps: - - name: Update final status - uses: docker://ghcr.io/curtbushko/commit-status-action:e1d661c757934ab35c74210b4b70c44099ec747a - env: - INPUT_TOKEN: ${{ secrets.ELEVATED_GITHUB_TOKEN }} - INPUT_REPOSITORY: ${{ github.repository }} - INPUT_CONTEXT: ${{ matrix.check-name }} - INPUT_STATE: success - INPUT_DESCRIPTION: "Skipped due to conditional-skip check" - INPUT_SHA: ${{ env.SHA }} - INPUT_DETAILS_URL: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} - INPUT_OWNER: "hashicorp" diff --git a/.github/workflows/reusable-conditional-skip.yml b/.github/workflows/reusable-conditional-skip.yml deleted file mode 100644 index 113649fd6f..0000000000 --- a/.github/workflows/reusable-conditional-skip.yml +++ /dev/null @@ -1,69 +0,0 @@ -name: conditional-skip - -on: - workflow_call: - outputs: - skip-ci: - description: "Whether we should skip build and test jobs" - value: ${{ jobs.check-skip.outputs.skip-ci }} - -jobs: - check-skip: - runs-on: ubuntu-latest - name: Check whether to skip build and tests - outputs: - skip-ci: ${{ steps.maybe-skip-ci.outputs.skip-ci }} - steps: - # We only allow use of conditional skip in two scenarios: - # 1. PRs - # 2. Pushes (merges) to protected branches (`main`, `release/**`) - # - # The second scenario is the only place we can be sure that checking just the - # latest change on the branch is sufficient. In PRs, we need to check _all_ commits. - # The ability to do this is ultimately determined by the triggers of the calling - # workflow, since `base_ref` (the target branch of a PR) is only available in - # `pull_request` events, not `push`. - - name: Error if conditional check is not allowed - if: ${{ !github.base_ref && !github.ref_protected }} - run: | - echo "Conditional skip requires a PR event with 'base_ref' or 'push' to a protected branch." - echo "github.base_ref: ${{ github.base_ref }}" - echo "github.ref_protected: ${{ github.ref_protected }}" - echo "github.ref_name: ${{ github.ref_name }}" - echo "Check the triggers of the calling workflow to ensure that these requirements are met." - exit 1 - - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - with: - fetch-depth: 0 - - name: Check for skippable file changes - id: changed-files - uses: tj-actions/changed-files@e9772d140489982e0e3704fea5ee93d536f1e275 # v45.0.1 - with: - # This is a multi-line YAML string with one match pattern per line. - # Do not use quotes around values, as it's not supported. - # See https://github.com/tj-actions/changed-files/blob/main/README.md#inputs-%EF%B8%8F - # for usage, options, and more details on match syntax. - files: | - .github/workflows/reusable-conditional-skip.yml - LICENSE - .copywrite.hcl - .gitignore - **.md - assets/** - .changelog/** - - name: Print changed files - env: - SKIPPABLE_CHANGED_FILES: ${{ steps.changed-files.outputs.all_changed_files }} - NON_SKIPPABLE_FILES: ${{ steps.changed-files.outputs.other_changed_files }} - run: | - echo "Skippable changed files:" - for file in ${SKIPPABLE_CHANGED_FILES}; do echo " $file"; done - echo - echo "Non-skippable files:" - for file in ${NON_SKIPPABLE_FILES}; do echo " $file"; done - - name: Skip tests and build if only skippable files changed - id: maybe-skip-ci - if: ${{ steps.changed-files.outputs.only_changed == 'true' }} - run: | - echo "Skipping tests and build because only skippable files changed" - echo "skip-ci=true" >> $GITHUB_OUTPUT \ No newline at end of file diff --git a/.github/workflows/reusable-get-go-version.yml b/.github/workflows/reusable-get-go-version.yml deleted file mode 100644 index a153b24eb8..0000000000 --- a/.github/workflows/reusable-get-go-version.yml +++ /dev/null @@ -1,30 +0,0 @@ -name: get-go-version - -on: - workflow_call: - outputs: - go-version: - description: "The Go version detected by this workflow" - value: ${{ jobs.get-go-version.outputs.go-version }} - -jobs: - get-go-version: - name: "Determine Go toolchain version" - runs-on: ubuntu-latest - outputs: - go-version: ${{ steps.get-go-version.outputs.go-version }} - steps: - - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - - name: Determine Go version - id: get-go-version - # We use .go-version as our source of truth for current Go - # version, because "goenv" can react to it automatically. - # - # In the future, we can transition from .go-version and goenv to - # Go 1.21 `toolchain` directives by updating this workflow rather - # than individually setting `go-version-file` in each `setup-go` - # job (as of 2024-01-03, `setup-go` does not support `toolchain`). - run: | - GO_VERSION=$(head -n 1 .go-version) - echo "Building with Go ${GO_VERSION}" - echo "go-version=${GO_VERSION}" >> $GITHUB_OUTPUT diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml deleted file mode 100644 index e75ffec40d..0000000000 --- a/.github/workflows/security-scan.yml +++ /dev/null @@ -1,71 +0,0 @@ -# This job runs a non-blocking informational security scan on the repository. -# For release-blocking security scans, see .release/security-scan.hcl. -name: Security Scan - -on: - push: - branches: - - main - - release/** - pull_request: - branches: - - main - - release/** - # paths-ignore only works for non-required checks. - # Jobs that are required for merge must use reusable-conditional-skip.yml. - paths-ignore: - - 'assets/**' - - '.changelog/**' - -# cancel existing runs of the same workflow on the same ref -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.ref }} - cancel-in-progress: true - -jobs: - - get-go-version: - # Cascades down to test jobs - uses: ./.github/workflows/reusable-get-go-version.yml - - scan: - needs: - - get-go-version - runs-on: ubuntu-latest - # The first check ensures this doesn't run on community-contributed PRs, who - # won't have the permissions to run this job. - if: ${{ (github.repository != 'hashicorp/consul-k8s' || (github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name)) - && (github.actor != 'dependabot[bot]') && (github.actor != 'hc-github-team-consul-core') }} - - steps: - - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - - - name: Set up Go - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 - with: - go-version: ${{ needs.get-go-version.outputs.go-version }} - - - name: Clone Security Scanner repo - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - with: - repository: hashicorp/security-scanner - token: ${{ secrets.PRODSEC_SCANNER_READ_ONLY }} - path: security-scanner - ref: main - - - name: Scan - id: scan - uses: ./security-scanner - with: - repository: "$PWD" - # See scan.hcl at repository root for config. - - - name: SARIF Output - shell: bash - run: | - cat results.sarif | jq - - - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@c4fb451437765abf5018c6fbf22cce1a7da1e5cc # codeql-bundle-v2.17.1 - with: - sarif_file: results.sarif diff --git a/.github/workflows/weekly-acceptance-1-1-x.yml b/.github/workflows/weekly-acceptance-1-1-x.yml deleted file mode 100644 index 5aea9e3f2c..0000000000 --- a/.github/workflows/weekly-acceptance-1-1-x.yml +++ /dev/null @@ -1,29 +0,0 @@ -# Dispatch to the consul-k8s-workflows with a weekly cron -# -# A separate file is needed for each release because the cron schedules are different for each release. -name: weekly-acceptance-1-1-x -on: - schedule: - # * is a special character in YAML so you have to quote this string - # Run weekly on Monday at 3AM UTC/11PM EST/8PM PST - - cron: '0 3 * * 1' - - -# these should be the only settings that you will ever need to change -env: - BRANCH: "release/1.1.x" - CONTEXT: "weekly" - -jobs: - cloud: - name: cloud - runs-on: ubuntu-latest - steps: - - uses: benc-uk/workflow-dispatch@25b02cc069be46d637e8fe2f1e8484008e9e9609 # v1.2.3 - name: cloud - with: - workflow: cloud.yml - repo: hashicorp/consul-k8s-workflows - ref: main - token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} - inputs: '{ "context":"${{ env.CONTEXT }}", "repository":"${{ github.repository }}", "branch":"${{ env.BRANCH }}", "sha":"${{ github.sha }}", "token":"${{ secrets.ELEVATED_GITHUB_TOKEN }}" }' diff --git a/.github/workflows/weekly-acceptance-1-3-x.yml b/.github/workflows/weekly-acceptance-1-3-x.yml deleted file mode 100644 index 7dcc846ca2..0000000000 --- a/.github/workflows/weekly-acceptance-1-3-x.yml +++ /dev/null @@ -1,28 +0,0 @@ -# Dispatch to the consul-k8s-workflows with a weekly cron -# -# A separate file is needed for each release because the cron schedules are different for each release. -name: weekly-acceptance-1-3-x -on: - schedule: - # * is a special character in YAML so you have to quote this string - # Run weekly on Wednesday at 3AM UTC/11PM EST/8PM PST - - cron: '0 3 * * 3' - -# these should be the only settings that you will ever need to change -env: - BRANCH: "release/1.3.x" - CONTEXT: "weekly" - -jobs: - cloud: - name: cloud - runs-on: ubuntu-latest - steps: - - uses: benc-uk/workflow-dispatch@25b02cc069be46d637e8fe2f1e8484008e9e9609 # v1.2.3 - name: cloud - with: - workflow: cloud.yml - repo: hashicorp/consul-k8s-workflows - ref: main - token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} - inputs: '{ "context":"${{ env.CONTEXT }}", "repository":"${{ github.repository }}", "branch":"${{ env.BRANCH }}", "sha":"${{ github.sha }}", "token":"${{ secrets.ELEVATED_GITHUB_TOKEN }}" }' diff --git a/.github/workflows/weekly-acceptance-1-4-x.yml b/.github/workflows/weekly-acceptance-1-4-x.yml deleted file mode 100644 index eb8d50bc73..0000000000 --- a/.github/workflows/weekly-acceptance-1-4-x.yml +++ /dev/null @@ -1,28 +0,0 @@ -# Dispatch to the consul-k8s-workflows with a weekly cron -# -# A separate file is needed for each release because the cron schedules are different for each release. -name: weekly-acceptance-1-4-x -on: - schedule: - # * is a special character in YAML so you have to quote this string - # Run weekly on Thursday at 3AM UTC/11PM EST/8PM PST - - cron: '0 3 * * 4' - -# these should be the only settings that you will ever need to change -env: - BRANCH: "release/1.4.x" - CONTEXT: "weekly" - -jobs: - cloud: - name: cloud - runs-on: ubuntu-latest - steps: - - uses: benc-uk/workflow-dispatch@25b02cc069be46d637e8fe2f1e8484008e9e9609 # v1.2.3 - name: cloud - with: - workflow: cloud.yml - repo: hashicorp/consul-k8s-workflows - ref: main - token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} - inputs: '{ "context":"${{ env.CONTEXT }}", "repository":"${{ github.repository }}", "branch":"${{ env.BRANCH }}", "sha":"${{ github.sha }}", "token":"${{ secrets.ELEVATED_GITHUB_TOKEN }}" }' diff --git a/.github/workflows/weekly-acceptance-1-5-x.yml b/.github/workflows/weekly-acceptance-1-5-x.yml deleted file mode 100644 index ea245dc1d9..0000000000 --- a/.github/workflows/weekly-acceptance-1-5-x.yml +++ /dev/null @@ -1,28 +0,0 @@ -# Dispatch to the consul-k8s-workflows with a weekly cron -# -# A separate file is needed for each release because the cron schedules are different for each release. -name: weekly-acceptance-1-5-x -on: - schedule: - # * is a special character in YAML so you have to quote this string - # Run weekly on Friday at 3AM UTC/11PM EST/8PM PST - - cron: '0 3 * * 5' - -# these should be the only settings that you will ever need to change -env: - BRANCH: "release/1.5.x" - CONTEXT: "weekly" - -jobs: - cloud: - name: cloud - runs-on: ubuntu-latest - steps: - - uses: benc-uk/workflow-dispatch@25b02cc069be46d637e8fe2f1e8484008e9e9609 # v1.2.3 - name: cloud - with: - workflow: cloud.yml - repo: hashicorp/consul-k8s-workflows - ref: main - token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} - inputs: '{ "context":"${{ env.CONTEXT }}", "repository":"${{ github.repository }}", "branch":"${{ env.BRANCH }}", "sha":"${{ github.sha }}", "token":"${{ secrets.ELEVATED_GITHUB_TOKEN }}" }' diff --git a/.github/workflows/weekly-acceptance-1-6-x.yml b/.github/workflows/weekly-acceptance-1-6-x.yml deleted file mode 100644 index cb75d883f4..0000000000 --- a/.github/workflows/weekly-acceptance-1-6-x.yml +++ /dev/null @@ -1,28 +0,0 @@ -# Dispatch to the consul-k8s-workflows with a weekly cron -# -# A separate file is needed for each release because the cron schedules are different for each release. -name: weekly-acceptance-1-6-x -on: - schedule: - # * is a special character in YAML so you have to quote this string - # Run weekly on Friday at 3AM UTC/11PM EST/8PM PST - - cron: '0 3 * * 6' - -# these should be the only settings that you will ever need to change -env: - BRANCH: "release/1.6.x" - CONTEXT: "weekly" - -jobs: - cloud: - name: cloud - runs-on: ubuntu-latest - steps: - - uses: benc-uk/workflow-dispatch@25b02cc069be46d637e8fe2f1e8484008e9e9609 # v1.2.3 - name: cloud - with: - workflow: cloud.yml - repo: hashicorp/consul-k8s-workflows - ref: main - token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} - inputs: '{ "context":"${{ env.CONTEXT }}", "repository":"${{ github.repository }}", "branch":"${{ env.BRANCH }}", "sha":"${{ github.sha }}", "token":"${{ secrets.ELEVATED_GITHUB_TOKEN }}" }' From 241693e02685174ef53a058136301ec97ba179c3 Mon Sep 17 00:00:00 2001 From: Sarah Alsmiller Date: Wed, 16 Oct 2024 12:23:34 -0500 Subject: [PATCH 09/15] use proper action --- .github/workflows/openshift-acceptance.yml | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/.github/workflows/openshift-acceptance.yml b/.github/workflows/openshift-acceptance.yml index 93b4c78b08..85d1bb37cf 100644 --- a/.github/workflows/openshift-acceptance.yml +++ b/.github/workflows/openshift-acceptance.yml @@ -8,8 +8,18 @@ jobs: build: runs-on: ubuntu-latest steps: - - name: MicroShift OpenShift Cluster - uses: container-tools/microshift-action@v0.3 + - name: Install CLI tools from OpenShift Mirror + uses: redhat-actions/openshift-tools-installer@v1.13.1 + with: + # "mirror" is the default source, so this is optional. + source: "mirror" + + crc: "latest" + + # Installs the latest release of oc with the major version 3. + # This is equivalent to "3.x" or "^3". + oc: "3" + # runs-on: custom-linux-xl # steps: # - uses: actions/checkout@v2 From a8687986bafcaed4f4851aa4667dd579718a8e22 Mon Sep 17 00:00:00 2001 From: Sarah Alsmiller Date: Wed, 16 Oct 2024 12:24:20 -0500 Subject: [PATCH 10/15] add checkout action --- .github/workflows/openshift-acceptance.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/openshift-acceptance.yml b/.github/workflows/openshift-acceptance.yml index 85d1bb37cf..66d34de47a 100644 --- a/.github/workflows/openshift-acceptance.yml +++ b/.github/workflows/openshift-acceptance.yml @@ -8,6 +8,8 @@ jobs: build: runs-on: ubuntu-latest steps: + - uses: actions/checkout@v2 + - name: Install CLI tools from OpenShift Mirror uses: redhat-actions/openshift-tools-installer@v1.13.1 with: @@ -22,7 +24,7 @@ jobs: # runs-on: custom-linux-xl # steps: -# - uses: actions/checkout@v2 +# # # - name: Cache CRC binary # id: cache-crc-binary From e5ea67f0736f1826cf38c29d0544242818e03b59 Mon Sep 17 00:00:00 2001 From: Sarah Alsmiller Date: Wed, 16 Oct 2024 12:27:15 -0500 Subject: [PATCH 11/15] ok this is promising --- .github/workflows/openshift-acceptance.yml | 30 ++++++++-------------- 1 file changed, 10 insertions(+), 20 deletions(-) diff --git a/.github/workflows/openshift-acceptance.yml b/.github/workflows/openshift-acceptance.yml index 66d34de47a..0c5199354a 100644 --- a/.github/workflows/openshift-acceptance.yml +++ b/.github/workflows/openshift-acceptance.yml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - + - name: Install CLI tools from OpenShift Mirror uses: redhat-actions/openshift-tools-installer@v1.13.1 with: @@ -20,29 +20,19 @@ jobs: # Installs the latest release of oc with the major version 3. # This is equivalent to "3.x" or "^3". - oc: "3" + oc: "latest" + - name: Configure CRC + run: | + crc config set skip-check-root-user true + crc config set kubeadmin-password citest + crc setup + crc start # runs-on: custom-linux-xl # steps: # -# -# - name: Cache CRC binary -# id: cache-crc-binary -# uses: actions/cache@v2 -# with: -# path: crc -# key: ${{ runner.os }}-okd-crc -# -# - name: Download CRC binary -# run: | -# curl -LO https://dl.fedoraproject.org/pub/alt/okd-crc/macos-amd64/crc -# chmod +x crc -# sudo cp crc /usr/local/bin/crc -# crc version -# -# - name: Configure CRC -# run: | -# crc config set skip-check-root-user true + + # # - name: Setup CRC # run: | From b086aed5bcb1bd2bad2b4931aa68c2bd85ba6adb Mon Sep 17 00:00:00 2001 From: Sarah Alsmiller Date: Wed, 16 Oct 2024 12:39:24 -0500 Subject: [PATCH 12/15] remove skip root user check --- .github/workflows/openshift-acceptance.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/openshift-acceptance.yml b/.github/workflows/openshift-acceptance.yml index 0c5199354a..4eaeef50b8 100644 --- a/.github/workflows/openshift-acceptance.yml +++ b/.github/workflows/openshift-acceptance.yml @@ -23,7 +23,6 @@ jobs: oc: "latest" - name: Configure CRC run: | - crc config set skip-check-root-user true crc config set kubeadmin-password citest crc setup crc start From 15134b7c4f332c36d94fb76d83a077b78f04dd67 Mon Sep 17 00:00:00 2001 From: Sarah Alsmiller Date: Wed, 16 Oct 2024 12:39:38 -0500 Subject: [PATCH 13/15] attempt using passwordless sudo --- .github/workflows/openshift-acceptance.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/openshift-acceptance.yml b/.github/workflows/openshift-acceptance.yml index 4eaeef50b8..2af33b2e6d 100644 --- a/.github/workflows/openshift-acceptance.yml +++ b/.github/workflows/openshift-acceptance.yml @@ -23,9 +23,9 @@ jobs: oc: "latest" - name: Configure CRC run: | - crc config set kubeadmin-password citest - crc setup - crc start + sudo crc config set kubeadmin-password citest + sudo crc setup + sudo crc start # runs-on: custom-linux-xl # steps: From 81bdacb6f30a732a244fa5e179913e8affad60cb Mon Sep 17 00:00:00 2001 From: Sarah Alsmiller Date: Wed, 16 Oct 2024 12:46:53 -0500 Subject: [PATCH 14/15] remove sudo --- .github/workflows/openshift-acceptance.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/openshift-acceptance.yml b/.github/workflows/openshift-acceptance.yml index 2af33b2e6d..4eaeef50b8 100644 --- a/.github/workflows/openshift-acceptance.yml +++ b/.github/workflows/openshift-acceptance.yml @@ -23,9 +23,9 @@ jobs: oc: "latest" - name: Configure CRC run: | - sudo crc config set kubeadmin-password citest - sudo crc setup - sudo crc start + crc config set kubeadmin-password citest + crc setup + crc start # runs-on: custom-linux-xl # steps: From 2d96441fc8d3338c6e74d7cf1d35ceec0047e920 Mon Sep 17 00:00:00 2001 From: Sarah Alsmiller Date: Wed, 16 Oct 2024 12:55:18 -0500 Subject: [PATCH 15/15] list groups in env --- .github/workflows/openshift-acceptance.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/openshift-acceptance.yml b/.github/workflows/openshift-acceptance.yml index 4eaeef50b8..229e37a752 100644 --- a/.github/workflows/openshift-acceptance.yml +++ b/.github/workflows/openshift-acceptance.yml @@ -23,6 +23,7 @@ jobs: oc: "latest" - name: Configure CRC run: | + groups crc config set kubeadmin-password citest crc setup crc start