Backport of Fix typo in permissive mTLS docs into release/1.16.x (#18… #6229
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Copyright (c) HashiCorp, Inc. | |
# SPDX-License-Identifier: MPL-2.0 | |
name: build | |
on: | |
push: | |
# Sequence of patterns matched against refs/heads | |
branches: | |
# Push events on the main branch | |
- main | |
- release/** | |
env: | |
PKG_NAME: consul | |
# TODO(spatel): CE refactor | |
METADATA: oss | |
GOPRIVATE: github.com/hashicorp # Required for enterprise deps | |
jobs: | |
set-product-version: | |
runs-on: ubuntu-latest | |
outputs: | |
product-version: ${{ steps.set-product-version.outputs.product-version }} | |
base-product-version: ${{ steps.set-product-version.outputs.base-product-version }} | |
product-date: ${{ steps.get-product-version.outputs.product-date }} | |
pre-version: ${{ steps.set-product-version.outputs.prerelease-product-version }} | |
shared-ldflags: ${{ steps.shared-ldflags.outputs.shared-ldflags }} | |
steps: | |
- uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 | |
- name: set product version | |
id: set-product-version | |
uses: hashicorp/actions-set-product-version@v1 | |
- name: get product version | |
id: get-product-version | |
run: | | |
CONSUL_DATE=$(build-support/scripts/build-date.sh) | |
## TODO: This assumes `make version` outputs 1.1.1+ent-prerel | |
echo "product-date=${CONSUL_DATE}" >> "$GITHUB_OUTPUT" | |
- name: Set shared -ldflags | |
id: shared-ldflags | |
run: | | |
T="github.com/hashicorp/consul/version" | |
echo "shared-ldflags=-X ${T}.GitCommit=${GITHUB_SHA::8} \ | |
-X ${T}.GitDescribe=${{ steps.set-product-version.outputs.product-version }} \ | |
-X ${T}.BuildDate=${{ steps.get-product-version.outputs.product-date }} \ | |
" >> "$GITHUB_OUTPUT" | |
validate-outputs: | |
needs: set-product-version | |
runs-on: ubuntu-latest | |
steps: | |
- name: Validate Outputs | |
run: | | |
echo "Product Version: ${{ needs.set-product-version.outputs.product-version }}" | |
echo "Base Product Version: ${{ needs.set-product-version.outputs.base-product-version }}" | |
echo "Product Metadata: ${{ env.METADATA }}" | |
echo "Product Date: ${{ needs.set-product-version.outputs.product-date }}" | |
echo "Prerelease Version: ${{ needs.set-product-version.outputs.pre-version }}" | |
echo "Ldflags: ${{ needs.set-product-version.outputs.shared-ldflags }}" | |
generate-metadata-file: | |
needs: set-product-version | |
runs-on: ubuntu-latest | |
outputs: | |
filepath: ${{ steps.generate-metadata-file.outputs.filepath }} | |
steps: | |
- name: 'Checkout directory' | |
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 | |
- name: Generate metadata file | |
id: generate-metadata-file | |
uses: hashicorp/actions-generate-metadata@v1 | |
with: | |
version: ${{ needs.set-product-version.outputs.product-version }} | |
product: ${{ env.PKG_NAME }} | |
- uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 | |
with: | |
name: metadata.json | |
path: ${{ steps.generate-metadata-file.outputs.filepath }} | |
build: | |
needs: set-product-version | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
include: | |
- {go: "1.20.8", goos: "linux", goarch: "386"} | |
- {go: "1.20.8", goos: "linux", goarch: "amd64"} | |
- {go: "1.20.8", goos: "linux", goarch: "arm"} | |
- {go: "1.20.8", goos: "linux", goarch: "arm64"} | |
- {go: "1.20.8", goos: "freebsd", goarch: "386"} | |
- {go: "1.20.8", goos: "freebsd", goarch: "amd64"} | |
- {go: "1.20.8", goos: "windows", goarch: "386"} | |
- {go: "1.20.8", goos: "windows", goarch: "amd64"} | |
- {go: "1.20.8", goos: "solaris", goarch: "amd64"} | |
fail-fast: true | |
name: Go ${{ matrix.go }} ${{ matrix.goos }} ${{ matrix.goarch }} build | |
steps: | |
- uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 | |
- name: Setup with node and yarn | |
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 | |
with: | |
node-version: '14' | |
cache: 'yarn' | |
cache-dependency-path: 'ui/yarn.lock' | |
- name: Build UI | |
run: | | |
CONSUL_VERSION=${{ needs.set-product-version.outputs.product-version }} | |
CONSUL_DATE=${{ needs.set-product-version.outputs.product-date }} | |
CONSUL_BINARY_TYPE=${CONSUL_BINARY_TYPE} | |
CONSUL_COPYRIGHT_YEAR=$(git show -s --format=%cd --date=format:%Y HEAD) | |
echo "consul_version is ${CONSUL_VERSION}" | |
echo "consul_date is ${CONSUL_DATE}" | |
echo "consul binary type is ${CONSUL_BINARY_TYPE}" | |
echo "consul copyright year is ${CONSUL_COPYRIGHT_YEAR}" | |
cd ui && make && cd .. | |
rm -rf agent/uiserver/dist | |
mv ui/packages/consul-ui/dist agent/uiserver/ | |
- name: Go Build | |
env: | |
PRODUCT_VERSION: ${{ needs.set-product-version.outputs.product-version }} | |
PRERELEASE_VERSION: ${{ needs.set-product-version.outputs.pre-version }} | |
CGO_ENABLED: "0" | |
GOLDFLAGS: "${{needs.set-product-version.outputs.shared-ldflags}}" | |
uses: hashicorp/[email protected] | |
with: | |
product_name: ${{ env.PKG_NAME }} | |
product_version: ${{ needs.set-product-version.outputs.product-version }} | |
go_version: ${{ matrix.go }} | |
os: ${{ matrix.goos }} | |
arch: ${{ matrix.goarch }} | |
reproducible: report | |
instructions: |- | |
go build -ldflags="$GOLDFLAGS" -o "$BIN_PATH" -trimpath -buildvcs=false | |
- name: Package | |
if: ${{ matrix.goos == 'linux' }} | |
uses: hashicorp/actions-packaging-linux@v1 | |
with: | |
name: ${{ github.event.repository.name }} | |
description: "Consul is a distributed, highly available, and data center aware solution to connect and configure applications across dynamic, distributed infrastructure. " | |
arch: ${{ matrix.goarch }} | |
version: ${{ needs.set-product-version.outputs.product-version }} | |
maintainer: "HashiCorp" | |
homepage: "https://github.com/hashicorp/consul" | |
license: "MPL-2.0" | |
binary: "dist/${{ env.PKG_NAME }}" | |
deb_depends: "openssl" | |
rpm_depends: "openssl" | |
config_dir: ".release/linux/package" | |
preinstall: ".release/linux/preinstall" | |
postinstall: ".release/linux/postinstall" | |
preremove: ".release/linux/preremove" | |
postremove: ".release/linux/postremove" | |
- name: Set Package Names | |
if: ${{ matrix.goos == 'linux' }} | |
run: | | |
echo "RPM_PACKAGE=$(basename out/*.rpm)" >> $GITHUB_ENV | |
echo "DEB_PACKAGE=$(basename out/*.deb)" >> $GITHUB_ENV | |
- uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 | |
if: ${{ matrix.goos == 'linux' }} | |
with: | |
name: ${{ env.RPM_PACKAGE }} | |
path: out/${{ env.RPM_PACKAGE }} | |
- uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 | |
if: ${{ matrix.goos == 'linux' }} | |
with: | |
name: ${{ env.DEB_PACKAGE }} | |
path: out/${{ env.DEB_PACKAGE }} | |
build-s390x: | |
needs: set-product-version | |
if: ${{ endsWith(github.repository, '-enterprise') }} | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
include: | |
- {go: "1.20.8", goos: "linux", goarch: "s390x"} | |
fail-fast: true | |
name: Go ${{ matrix.go }} ${{ matrix.goos }} ${{ matrix.goarch }} build | |
steps: | |
- uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 | |
- name: Setup with node and yarn | |
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 | |
with: | |
node-version: '14' | |
cache: 'yarn' | |
cache-dependency-path: 'ui/yarn.lock' | |
- name: Build UI | |
run: | | |
CONSUL_VERSION=${{ needs.set-product-version.outputs.product-version }} | |
CONSUL_DATE=${{ needs.set-product-version.outputs.product-date }} | |
CONSUL_BINARY_TYPE=${CONSUL_BINARY_TYPE} | |
CONSUL_COPYRIGHT_YEAR=$(git show -s --format=%cd --date=format:%Y HEAD) | |
echo "consul_version is ${CONSUL_VERSION}" | |
echo "consul_date is ${CONSUL_DATE}" | |
echo "consul binary type is ${CONSUL_BINARY_TYPE}" | |
echo "consul copyright year is ${CONSUL_COPYRIGHT_YEAR}" | |
cd ui && make && cd .. | |
rm -rf agent/uiserver/dist | |
mv ui/packages/consul-ui/dist agent/uiserver/ | |
- name: Go Build | |
env: | |
PRODUCT_VERSION: ${{ needs.set-product-version.outputs.product-version }} | |
PRERELEASE_VERSION: ${{ needs.set-product-version.outputs.pre-version }} | |
CGO_ENABLED: "0" | |
GOLDFLAGS: "${{needs.set-product-version.outputs.shared-ldflags}}" | |
uses: hashicorp/[email protected] | |
with: | |
product_name: ${{ env.PKG_NAME }} | |
product_version: ${{ needs.set-product-version.outputs.product-version }} | |
go_version: ${{ matrix.go }} | |
os: ${{ matrix.goos }} | |
arch: ${{ matrix.goarch }} | |
reproducible: report | |
instructions: |- | |
go build -ldflags="$GOLDFLAGS" -o "$BIN_PATH" -trimpath -buildvcs=false | |
build-darwin: | |
needs: set-product-version | |
runs-on: macos-latest | |
strategy: | |
matrix: | |
goos: [ darwin ] | |
goarch: [ "amd64", "arm64" ] | |
go: [ "1.20.8" ] | |
fail-fast: true | |
name: Go ${{ matrix.go }} ${{ matrix.goos }} ${{ matrix.goarch }} build | |
steps: | |
- uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 | |
- name: Setup with node and yarn | |
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 | |
with: | |
node-version: '14' | |
cache: 'yarn' | |
cache-dependency-path: 'ui/yarn.lock' | |
- name: Build UI | |
run: | | |
CONSUL_VERSION=${{ needs.set-product-version.outputs.product-version }} | |
CONSUL_BINARY_TYPE=${CONSUL_BINARY_TYPE} | |
CONSUL_COPYRIGHT_YEAR=$(git show -s --format=%cd --date=format:%Y HEAD) | |
echo "consul_version is ${CONSUL_VERSION}" | |
echo "consul binary type is ${CONSUL_BINARY_TYPE}" | |
echo "consul copyright year is ${CONSUL_COPYRIGHT_YEAR}" | |
cd ui && make && cd .. | |
rm -rf agent/uiserver/dist | |
mv ui/packages/consul-ui/dist agent/uiserver/ | |
- name: Go Build | |
env: | |
PRODUCT_VERSION: ${{ needs.set-product-version.outputs.product-version }} | |
PRERELEASE_VERSION: ${{ needs.set-product-version.outputs.pre-version }} | |
CGO_ENABLED: "0" | |
GOLDFLAGS: "${{needs.set-product-version.outputs.shared-ldflags}}" | |
uses: hashicorp/[email protected] | |
with: | |
product_name: ${{ env.PKG_NAME }} | |
product_version: ${{ needs.set-product-version.outputs.product-version }} | |
go_version: ${{ matrix.go }} | |
os: ${{ matrix.goos }} | |
arch: ${{ matrix.goarch }} | |
reproducible: report | |
instructions: |- | |
go build -ldflags="$GOLDFLAGS" -tags netcgo -o "$BIN_PATH" -trimpath -buildvcs=false | |
build-docker: | |
name: Docker ${{ matrix.arch }} build | |
needs: | |
- set-product-version | |
- build | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
include: | |
- { arch: "386" } | |
- { arch: "arm" } | |
- { arch: "amd64" } | |
- { arch: "arm64" } | |
env: | |
repo: ${{github.event.repository.name}} | |
version: ${{needs.set-product-version.outputs.product-version}} | |
steps: | |
- uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 | |
# Strip everything but MAJOR.MINOR from the version string and add a `-dev` suffix | |
# This naming convention will be used ONLY for per-commit dev images | |
- name: Set docker dev tag | |
run: | | |
version="${{ env.version }}" | |
echo "dev_tag=${version%.*}-dev" >> $GITHUB_ENV | |
- name: Docker Build (Action) | |
uses: hashicorp/actions-docker-build@v1 | |
with: | |
version: ${{env.version}} | |
target: default | |
arch: ${{matrix.arch}} | |
tags: | | |
docker.io/hashicorp/${{env.repo}}:${{env.version}} | |
public.ecr.aws/hashicorp/${{env.repo}}:${{env.version}} | |
dev_tags: | | |
docker.io/hashicorppreview/${{ env.repo }}:${{ env.dev_tag }} | |
docker.io/hashicorppreview/${{ env.repo }}:${{ env.dev_tag }}-${{ github.sha }} | |
smoke_test: .github/scripts/verify_docker.sh v${{ env.version }} | |
build-docker-ubi-redhat: | |
name: Docker Build UBI Image for RedHat Registry | |
needs: | |
- set-product-version | |
- build | |
runs-on: ubuntu-latest | |
env: | |
repo: ${{github.event.repository.name}} | |
version: ${{needs.set-product-version.outputs.product-version}} | |
steps: | |
- uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 | |
- uses: hashicorp/actions-docker-build@v1 | |
with: | |
version: ${{env.version}} | |
target: ubi | |
arch: amd64 | |
redhat_tag: quay.io/redhat-isv-containers/60f9fdbec3a80eac643abedf:${{env.version}}-ubi | |
smoke_test: .github/scripts/verify_docker.sh v${{ env.version }} | |
build-docker-ubi-dockerhub: | |
name: Docker Build UBI Image for DockerHub | |
needs: | |
- set-product-version | |
- build | |
runs-on: ubuntu-latest | |
env: | |
repo: ${{github.event.repository.name}} | |
version: ${{needs.set-product-version.outputs.product-version}} | |
steps: | |
- uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 | |
# Strip everything but MAJOR.MINOR from the version string and add a `-dev` suffix | |
# This naming convention will be used ONLY for per-commit dev images | |
- name: Set docker dev tag | |
run: | | |
version="${{ env.version }}" | |
echo "dev_tag=${version%.*}-dev" >> $GITHUB_ENV | |
- uses: hashicorp/actions-docker-build@v1 | |
with: | |
version: ${{env.version}} | |
target: ubi | |
arch: amd64 | |
tags: | | |
docker.io/hashicorp/${{env.repo}}:${{env.version}}-ubi | |
public.ecr.aws/hashicorp/${{env.repo}}:${{env.version}}-ubi | |
dev_tags: | | |
docker.io/hashicorppreview/${{ env.repo }}:${{ env.dev_tag }}-ubi | |
docker.io/hashicorppreview/${{ env.repo }}:${{ env.dev_tag }}-ubi-${{ github.sha }} | |
smoke_test: .github/scripts/verify_docker.sh v${{ env.version }} | |
verify-linux: | |
needs: | |
- set-product-version | |
- build | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
include: | |
- { arch: "386" } | |
- { arch: "arm" } | |
- { arch: "amd64" } | |
- { arch: "arm64" } | |
fail-fast: true | |
env: | |
version: ${{ needs.set-product-version.outputs.product-version }} | |
zip_name: consul_${{ needs.set-product-version.outputs.product-version }}_linux_${{ matrix.arch }}.zip | |
name: Verify ${{ matrix.arch }} linux binary | |
steps: | |
- uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 | |
if: ${{ endsWith(github.repository, '-enterprise') || matrix.arch != 's390x' }} | |
- name: Download ${{ matrix.arch }} zip | |
if: ${{ endsWith(github.repository, '-enterprise') || matrix.arch != 's390x' }} | |
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 | |
with: | |
name: ${{ env.zip_name }} | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2.1.0 | |
if: ${{ matrix.arch == 'arm' || matrix.arch == 'arm64' }} | |
with: | |
# this should be a comma-separated string as opposed to an array | |
platforms: arm,arm64 | |
- name: Run verification for ${{ matrix.arch }} binary | |
if: ${{ endsWith(github.repository, '-enterprise') || matrix.arch != 's390x' }} | |
run: .github/scripts/verify_artifact.sh ${{ env.zip_name }} v${{ env.version }} | |
verify-darwin: | |
needs: | |
- set-product-version | |
- build-darwin | |
runs-on: macos-latest | |
strategy: | |
fail-fast: true | |
env: | |
version: ${{needs.set-product-version.outputs.product-version}} | |
zip_name: consul_${{ needs.set-product-version.outputs.product-version }}_darwin_amd64.zip | |
name: Verify amd64 darwin binary | |
steps: | |
- uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 | |
- name: Download amd64 darwin zip | |
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 | |
with: | |
name: ${{ env.zip_name }} | |
- name: Unzip amd64 darwin zip | |
run: unzip ${{ env.zip_name }} | |
- name: Run verification for amd64 darwin binary | |
run: .github/scripts/verify_bin.sh ./consul v${{ env.version }} | |
verify-linux-packages-deb: | |
needs: | |
- build | |
- set-product-version | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
include: | |
- { arch: "i386" } | |
- { arch: "armhf" } | |
- { arch: "amd64" } | |
- { arch: "arm64" } | |
# fail-fast: true | |
env: | |
version: ${{ needs.set-product-version.outputs.product-version }} | |
name: Verify ${{ matrix.arch }} debian package | |
steps: | |
- uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 | |
- name: Set package version | |
run: | | |
echo "pkg_version=$(echo ${{ needs.set-product-version.outputs.product-version }} | sed 's/\-/~/g')" >> $GITHUB_ENV | |
- name: Set package name | |
run: | | |
echo "pkg_name=consul_${{ env.pkg_version }}-1_${{ matrix.arch }}.deb" >> $GITHUB_ENV | |
- name: Download workflow artifacts | |
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 | |
with: | |
name: ${{ env.pkg_name }} | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2.1.0 | |
with: | |
platforms: all | |
- name: Verify ${{ matrix.arch }} debian package | |
run: ./.github/scripts/verify_artifact.sh ${{ env.pkg_name }} v${{ env.version }} | |
verify-linux-packages-rpm: | |
needs: | |
- build | |
- set-product-version | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
include: | |
- { arch: "i386" } | |
- { arch: "x86_64" } | |
# TODO(eculver): re-enable when there is a smaller verification container available | |
# - { arch: "armv7hl" } | |
# - { arch: "aarch64" } | |
env: | |
version: ${{ needs.set-product-version.outputs.product-version }} | |
name: Verify ${{ matrix.arch }} rpm | |
steps: | |
- uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 | |
- name: Set package version | |
run: | | |
echo "pkg_version=$(echo ${{ needs.set-product-version.outputs.product-version }} | sed 's/\-/~/g')" >> $GITHUB_ENV | |
- name: Set package name | |
run: | | |
echo "pkg_name=consul-${{ env.pkg_version }}-1.${{ matrix.arch }}.rpm" >> $GITHUB_ENV | |
- name: Download workflow artifacts | |
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 | |
with: | |
name: ${{ env.pkg_name }} | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2.1.0 | |
with: | |
platforms: all | |
- name: Verify ${{ matrix.arch }} rpm | |
run: ./.github/scripts/verify_artifact.sh ${{ env.pkg_name }} v${{ env.version }} |