Skip to content

Backport of Bump golang.org/x/crypto from 0.22.0 to 0.31.0 in /testin… #8466

Backport of Bump golang.org/x/crypto from 0.22.0 to 0.31.0 in /testin…

Backport of Bump golang.org/x/crypto from 0.22.0 to 0.31.0 in /testin… #8466

Workflow file for this run

# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: MPL-2.0
name: build
on:
push:
# Sequence of patterns matched against refs/heads
branches:
# Push events on the main branch
- main
- release/**
env:
PKG_NAME: consul
# TODO(spatel): CE refactor
METADATA: oss
GOPRIVATE: github.com/hashicorp # Required for enterprise deps
jobs:
get-go-version:
uses: ./.github/workflows/reusable-get-go-version.yml
set-product-version:
runs-on: ubuntu-latest
outputs:
product-version: ${{ steps.set-product-version.outputs.product-version }}
base-product-version: ${{ steps.set-product-version.outputs.base-product-version }}
product-date: ${{ steps.get-product-version.outputs.product-date }}
pre-version: ${{ steps.set-product-version.outputs.prerelease-product-version }}
shared-ldflags: ${{ steps.shared-ldflags.outputs.shared-ldflags }}
steps:
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
# action-set-product-version implicitly sets fields like 'product-version' using version/VERSION
# https://github.com/hashicorp/actions-set-product-version
- name: set product version
id: set-product-version
uses: hashicorp/actions-set-product-version@v2
- name: get product version
id: get-product-version
run: |
CONSUL_DATE=$(build-support/scripts/build-date.sh)
echo "product-date=${CONSUL_DATE}" >> "$GITHUB_OUTPUT"
- name: Set shared -ldflags
id: shared-ldflags
run: |
T="github.com/hashicorp/consul/version"
echo "shared-ldflags=-X ${T}.GitCommit=${GITHUB_SHA::8} \
-X ${T}.GitDescribe=${{ steps.set-product-version.outputs.product-version }} \
-X ${T}.BuildDate=${{ steps.get-product-version.outputs.product-date }} \
" >> "$GITHUB_OUTPUT"
validate-outputs:
needs: set-product-version
runs-on: ubuntu-latest
steps:
- name: Validate Outputs
run: |
echo "Product Version: ${{ needs.set-product-version.outputs.product-version }}"
echo "Base Product Version: ${{ needs.set-product-version.outputs.base-product-version }}"
echo "Product Metadata: ${{ env.METADATA }}"
echo "Product Date: ${{ needs.set-product-version.outputs.product-date }}"
echo "Prerelease Version: ${{ needs.set-product-version.outputs.pre-version }}"
echo "Ldflags: ${{ needs.set-product-version.outputs.shared-ldflags }}"
generate-metadata-file:
needs: set-product-version
runs-on: ubuntu-latest
outputs:
filepath: ${{ steps.generate-metadata-file.outputs.filepath }}
steps:
- name: 'Checkout directory'
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- name: Generate metadata file
id: generate-metadata-file
uses: hashicorp/actions-generate-metadata@v1
with:
version: ${{ needs.set-product-version.outputs.product-version }}
product: ${{ env.PKG_NAME }}
- uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
with:
name: metadata.json
path: ${{ steps.generate-metadata-file.outputs.filepath }}
build:
needs:
- set-product-version
- get-go-version
runs-on: ubuntu-latest
strategy:
matrix:
include:
- {goos: "linux", goarch: "386"}
- {goos: "linux", goarch: "amd64"}
- {goos: "linux", goarch: "arm"}
- {goos: "linux", goarch: "arm64"}
- {goos: "darwin", goarch: "amd64"}
- {goos: "darwin", goarch: "arm64"}
- {goos: "freebsd", goarch: "386"}
- {goos: "freebsd", goarch: "amd64"}
- {goos: "windows", goarch: "386"}
- {goos: "windows", goarch: "amd64"}
- {goos: "solaris", goarch: "amd64"}
fail-fast: true
name: Go ${{ needs.get-go-version.outputs.go-version }} ${{ matrix.goos }} ${{ matrix.goarch }} build
steps:
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- name: Setup with node and yarn
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
with:
node-version: '18'
cache: 'yarn'
cache-dependency-path: 'ui/yarn.lock'
- name: Build UI
run: |
CONSUL_VERSION=${{ needs.set-product-version.outputs.product-version }}
CONSUL_DATE=${{ needs.set-product-version.outputs.product-date }}
CONSUL_BINARY_TYPE=${CONSUL_BINARY_TYPE}
CONSUL_COPYRIGHT_YEAR=$(git show -s --format=%cd --date=format:%Y HEAD)
echo "consul_version is ${CONSUL_VERSION}"
echo "consul_date is ${CONSUL_DATE}"
echo "consul binary type is ${CONSUL_BINARY_TYPE}"
echo "consul copyright year is ${CONSUL_COPYRIGHT_YEAR}"
cd ui && make && cd ..
rm -rf agent/uiserver/dist
mv ui/packages/consul-ui/dist agent/uiserver/
- name: Go Build
env:
PRODUCT_VERSION: ${{ needs.set-product-version.outputs.product-version }}
PRERELEASE_VERSION: ${{ needs.set-product-version.outputs.pre-version }}
CGO_ENABLED: "0"
GOLDFLAGS: "${{needs.set-product-version.outputs.shared-ldflags}}"
uses: hashicorp/actions-go-build@make-clean-flag-optional
with:
product_name: ${{ env.PKG_NAME }}
product_version: ${{ needs.set-product-version.outputs.product-version }}
go_version: ${{ needs.get-go-version.outputs.go-version }}
os: ${{ matrix.goos }}
arch: ${{ matrix.goarch }}
reproducible: nope
clean: false
instructions: |-
cp LICENSE $TARGET_DIR/LICENSE.txt
go build -ldflags="$GOLDFLAGS" -o "$BIN_PATH" -trimpath -buildvcs=false
- name: Copy license file
if: ${{ !endsWith(github.repository, '-enterprise') }}
env:
LICENSE_DIR: ".release/linux/package/usr/share/doc/${{ env.PKG_NAME }}"
run: |
mkdir -p "$LICENSE_DIR"
cp LICENSE "$LICENSE_DIR/LICENSE.txt"
- name: Package
if: ${{ matrix.goos == 'linux' }}
uses: hashicorp/actions-packaging-linux@v1
with:
name: ${{ github.event.repository.name }}
description: "Consul is a distributed, highly available, and data center aware solution to connect and configure applications across dynamic, distributed infrastructure. "
arch: ${{ matrix.goarch }}
version: ${{ needs.set-product-version.outputs.product-version }}
maintainer: "HashiCorp"
homepage: "https://github.com/hashicorp/consul"
license: "BSL-1.1"
binary: "dist/${{ env.PKG_NAME }}"
deb_depends: "openssl"
rpm_depends: "openssl"
config_dir: ".release/linux/package"
preinstall: ".release/linux/preinstall"
postinstall: ".release/linux/postinstall"
preremove: ".release/linux/preremove"
postremove: ".release/linux/postremove"
- name: Set Package Names
if: ${{ matrix.goos == 'linux' }}
run: |
echo "RPM_PACKAGE=$(basename out/*.rpm)" >> $GITHUB_ENV
echo "DEB_PACKAGE=$(basename out/*.deb)" >> $GITHUB_ENV
- uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
if: ${{ matrix.goos == 'linux' }}
with:
name: ${{ env.RPM_PACKAGE }}
path: out/${{ env.RPM_PACKAGE }}
- uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
if: ${{ matrix.goos == 'linux' }}
with:
name: ${{ env.DEB_PACKAGE }}
path: out/${{ env.DEB_PACKAGE }}
build-s390x:
needs:
- set-product-version
- get-go-version
if: ${{ endsWith(github.repository, '-enterprise') }}
runs-on: ubuntu-latest
strategy:
matrix:
include:
- {goos: "linux", goarch: "s390x"}
fail-fast: true
name: Go ${{ needs.get-go-version.outputs.go-version }} ${{ matrix.goos }} ${{ matrix.goarch }} build
steps:
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- name: Setup with node and yarn
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
with:
node-version: '18'
cache: 'yarn'
cache-dependency-path: 'ui/yarn.lock'
- name: Build UI
run: |
CONSUL_VERSION=${{ needs.set-product-version.outputs.product-version }}
CONSUL_DATE=${{ needs.set-product-version.outputs.product-date }}
CONSUL_BINARY_TYPE=${CONSUL_BINARY_TYPE}
CONSUL_COPYRIGHT_YEAR=$(git show -s --format=%cd --date=format:%Y HEAD)
echo "consul_version is ${CONSUL_VERSION}"
echo "consul_date is ${CONSUL_DATE}"
echo "consul binary type is ${CONSUL_BINARY_TYPE}"
echo "consul copyright year is ${CONSUL_COPYRIGHT_YEAR}"
cd ui && make && cd ..
rm -rf agent/uiserver/dist
mv ui/packages/consul-ui/dist agent/uiserver/
- name: Go Build
env:
PRODUCT_VERSION: ${{ needs.set-product-version.outputs.product-version }}
PRERELEASE_VERSION: ${{ needs.set-product-version.outputs.pre-version }}
CGO_ENABLED: "0"
GOLDFLAGS: "${{needs.set-product-version.outputs.shared-ldflags}}"
uses: hashicorp/actions-go-build@make-clean-flag-optional
with:
product_name: ${{ env.PKG_NAME }}
product_version: ${{ needs.set-product-version.outputs.product-version }}
go_version: ${{ needs.get-go-version.outputs.go-version }}
os: ${{ matrix.goos }}
arch: ${{ matrix.goarch }}
reproducible: nope
clean: false
instructions: |-
cp LICENSE $TARGET_DIR/LICENSE.txt
go build -ldflags="$GOLDFLAGS" -o "$BIN_PATH" -trimpath -buildvcs=false
build-docker:
name: Docker ${{ matrix.arch }} build
needs:
- set-product-version
- build
runs-on: ubuntu-latest
strategy:
matrix:
include:
- { arch: "386" }
- { arch: "arm" }
- { arch: "amd64" }
- { arch: "arm64" }
env:
repo: ${{github.event.repository.name}}
version: ${{needs.set-product-version.outputs.product-version}}
steps:
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
# Strip everything but MAJOR.MINOR from the version string and add a `-dev` suffix
# This naming convention will be used ONLY for per-commit dev images
- name: Set docker dev tag
run: |
echo "full_dev_tag=${{ env.version }}"
echo "full_dev_tag=${{ env.version }}" >> $GITHUB_ENV
echo "minor_dev_tag=$(echo ${{ env.version }}| sed -E 's/([0-9]+\.[0-9]+)\.[0-9]+(-[0-9a-zA-Z\+\.]+)?$/\1\2/')"
echo "minor_dev_tag=$(echo ${{ env.version }}| sed -E 's/([0-9]+\.[0-9]+)\.[0-9]+(-[0-9a-zA-Z\+\.]+)?$/\1\2/')" >> $GITHUB_ENV
- name: Docker Build (Action)
uses: hashicorp/actions-docker-build@v2
with:
version: ${{env.version}}
target: default
arch: ${{matrix.arch}}
tags: |
docker.io/hashicorp/${{env.repo}}:${{env.version}}
public.ecr.aws/hashicorp/${{env.repo}}:${{env.version}}
dev_tags: |
docker.io/hashicorppreview/${{ env.repo }}:${{ env.full_dev_tag }}
docker.io/hashicorppreview/${{ env.repo }}:${{ env.full_dev_tag }}-${{ github.sha }}
docker.io/hashicorppreview/${{ env.repo }}:${{ env.minor_dev_tag }}
docker.io/hashicorppreview/${{ env.repo }}:${{ env.minor_dev_tag }}-${{ github.sha }}
smoke_test: .github/scripts/verify_docker.sh v${{ env.version }}
build-docker-ubi-dockerhub:
name: Docker Build UBI Images
needs:
- set-product-version
- build
runs-on: ubuntu-latest
env:
repo: ${{github.event.repository.name}}
version: ${{needs.set-product-version.outputs.product-version}}
steps:
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
# Strip everything but MAJOR.MINOR from the version string and add a `-dev` suffix
# This naming convention will be used ONLY for per-commit dev images
- name: Set docker dev tag
run: |
echo "full_dev_tag=${{ env.version }}"
echo "full_dev_tag=${{ env.version }}" >> $GITHUB_ENV
echo "minor_dev_tag=$(echo ${{ env.version }}| sed -E 's/([0-9]+\.[0-9]+)\.[0-9]+(-[0-9a-zA-Z\+\.]+)?$/\1\2/')"
echo "minor_dev_tag=$(echo ${{ env.version }}| sed -E 's/([0-9]+\.[0-9]+)\.[0-9]+(-[0-9a-zA-Z\+\.]+)?$/\1\2/')" >> $GITHUB_ENV
- uses: hashicorp/actions-docker-build@v2
with:
version: ${{env.version}}
target: ubi
arch: amd64
tags: |
docker.io/hashicorp/${{env.repo}}:${{env.version}}-ubi
public.ecr.aws/hashicorp/${{env.repo}}:${{env.version}}-ubi
dev_tags: |
docker.io/hashicorppreview/${{ env.repo }}:${{ env.full_dev_tag }}-ubi
docker.io/hashicorppreview/${{ env.repo }}:${{ env.full_dev_tag }}-ubi-${{ github.sha }}
docker.io/hashicorppreview/${{ env.repo }}:${{ env.minor_dev_tag }}-ubi
docker.io/hashicorppreview/${{ env.repo }}:${{ env.minor_dev_tag }}-ubi-${{ github.sha }}
smoke_test: .github/scripts/verify_docker.sh v${{ env.version }}
redhat_tag: quay.io/redhat-isv-containers/60f9fdbec3a80eac643abedf:${{env.version}}-ubi
verify-linux:
needs:
- set-product-version
- build
runs-on: ubuntu-latest
strategy:
matrix:
include:
- { arch: "386" }
- { arch: "arm" }
- { arch: "amd64" }
- { arch: "arm64" }
fail-fast: true
env:
version: ${{ needs.set-product-version.outputs.product-version }}
zip_name: consul_${{ needs.set-product-version.outputs.product-version }}_linux_${{ matrix.arch }}.zip
name: Verify ${{ matrix.arch }} linux binary
steps:
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
if: ${{ endsWith(github.repository, '-enterprise') || matrix.arch != 's390x' }}
- name: Download ${{ matrix.arch }} zip
if: ${{ endsWith(github.repository, '-enterprise') || matrix.arch != 's390x' }}
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
with:
name: ${{ env.zip_name }}
- name: Set up QEMU
uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
if: ${{ matrix.arch == 'arm' || matrix.arch == 'arm64' }}
with:
# this should be a comma-separated string as opposed to an array
platforms: arm,arm64
- name: Run verification for ${{ matrix.arch }} binary
if: ${{ endsWith(github.repository, '-enterprise') || matrix.arch != 's390x' }}
run: .github/scripts/verify_artifact.sh ${{ env.zip_name }} v${{ env.version }}
verify-linux-packages-deb:
needs:
- build
- set-product-version
runs-on: ubuntu-latest
strategy:
matrix:
include:
- { arch: "i386" }
- { arch: "armhf" }
- { arch: "amd64" }
- { arch: "arm64" }
# fail-fast: true
env:
version: ${{ needs.set-product-version.outputs.product-version }}
name: Verify ${{ matrix.arch }} debian package
steps:
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- name: Set package version
run: |
echo "pkg_version=$(echo ${{ needs.set-product-version.outputs.product-version }} | sed 's/\-/~/g')" >> $GITHUB_ENV
- name: Set package name
run: |
echo "pkg_name=consul_${{ env.pkg_version }}-1_${{ matrix.arch }}.deb" >> $GITHUB_ENV
- name: Download workflow artifacts
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
with:
name: ${{ env.pkg_name }}
- name: Set up QEMU
uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
with:
platforms: all
- name: Verify ${{ matrix.arch }} debian package
run: ./.github/scripts/verify_artifact.sh ${{ env.pkg_name }} v${{ env.version }}
verify-linux-packages-rpm:
needs:
- build
- set-product-version
runs-on: ubuntu-latest
strategy:
matrix:
include:
- { arch: "i386" }
- { arch: "x86_64" }
# TODO(eculver): re-enable when there is a smaller verification container available
# - { arch: "armv7hl" }
# - { arch: "aarch64" }
env:
version: ${{ needs.set-product-version.outputs.product-version }}
name: Verify ${{ matrix.arch }} rpm
steps:
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- name: Set package version
run: |
echo "pkg_version=$(echo ${{ needs.set-product-version.outputs.product-version }} | sed 's/\-/~/g')" >> $GITHUB_ENV
- name: Set package name
run: |
echo "pkg_name=consul-${{ env.pkg_version }}-1.${{ matrix.arch }}.rpm" >> $GITHUB_ENV
- name: Download workflow artifacts
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
with:
name: ${{ env.pkg_name }}
- name: Set up QEMU
uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
with:
platforms: all
- name: Verify ${{ matrix.arch }} rpm
run: ./.github/scripts/verify_artifact.sh ${{ env.pkg_name }} v${{ env.version }}