suppressing vulnerability GO-2022-0635 for release (#4453) #2720
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Copyright (c) HashiCorp, Inc. | |
name: build | |
on: | |
workflow_dispatch: | |
push: | |
# Sequence of patterns matched against refs/heads | |
branches: | |
# Push events on main branch | |
- main | |
# Push events to branches matching refs/heads/release/** | |
- "release/**" | |
# Build on releng branches for testing build pipelines | |
- "releng/**" | |
env: | |
PKG_NAME: "consul-k8s" | |
jobs: | |
conditional-skip: | |
uses: ./.github/workflows/reusable-conditional-skip.yml | |
get-go-version: | |
# Cascades down to test jobs | |
needs: [ conditional-skip ] | |
if: needs.conditional-skip.outputs.skip-ci != 'true' | |
uses: ./.github/workflows/reusable-get-go-version.yml | |
get-product-version: | |
# Cascades down to test jobs | |
needs: [ conditional-skip ] | |
if: needs.conditional-skip.outputs.skip-ci != 'true' | |
runs-on: ubuntu-latest | |
outputs: | |
product-version: ${{ steps.get-product-version.outputs.product-version }} | |
steps: | |
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
- name: get product version | |
id: get-product-version | |
run: | | |
make version | |
echo "product-version=$(make version)" >> $GITHUB_OUTPUT | |
generate-metadata-file: | |
needs: get-product-version | |
runs-on: ubuntu-latest | |
outputs: | |
filepath: ${{ steps.generate-metadata-file.outputs.filepath }} | |
steps: | |
- name: "Checkout directory" | |
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
- name: Generate metadata file | |
id: generate-metadata-file | |
uses: hashicorp/actions-generate-metadata@v1 | |
with: | |
version: ${{ needs.get-product-version.outputs.product-version }} | |
product: ${{ env.PKG_NAME }} | |
repositoryOwner: "hashicorp" | |
- uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | |
with: | |
name: metadata.json | |
path: ${{ steps.generate-metadata-file.outputs.filepath }} | |
build: | |
needs: [get-go-version, get-product-version] | |
runs-on: ubuntu-20.04 # the GLIBC is too high on 22.04 | |
strategy: | |
matrix: | |
include: | |
# cli (We aren't build packages for the linux 32-bit platforms) | |
- {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "freebsd", goarch: "386", component: "cli", pkg_name: "consul-k8s", "bin_name": "consul-k8s" } | |
- {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "freebsd", goarch: "amd64", component: "cli", pkg_name: "consul-k8s", "bin_name": "consul-k8s" } | |
- {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "386", component: "cli", pkg_name: "consul-k8s", "bin_name": "consul-k8s", "skip_packaging": "true" } | |
- {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "amd64", component: "cli", pkg_name: "consul-k8s", "bin_name": "consul-k8s"} | |
- {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "arm", component: "cli", pkg_name: "consul-k8s", "bin_name": "consul-k8s", "skip_packaging": "true"} | |
- {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "arm64", component: "cli", pkg_name: "consul-k8s", "bin_name": "consul-k8s" } | |
- {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "windows", goarch: "386", component: "cli", pkg_name: "consul-k8s", "bin_name": "consul-k8s.exe" } | |
- {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "windows", goarch: "amd64", component: "cli", pkg_name: "consul-k8s", "bin_name": "consul-k8s.exe" } | |
- {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "darwin", goarch: "amd64", component: "cli", pkg_name: "consul-k8s", "bin_name": "consul-k8s" } | |
- {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "darwin", goarch: "arm64", component: "cli", pkg_name: "consul-k8s", "bin_name": "consul-k8s" } | |
- {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "amd64", component: "cli", pkg_name: "consul-k8s", "bin_name": "consul-k8s", gotags: "fips", env: "CGO_ENABLED=1 GOEXPERIMENT=boringcrypto", fips: "+fips1402", pkg_suffix: "-fips" } | |
- {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "arm64", component: "cli", pkg_name: "consul-k8s", "bin_name": "consul-k8s", gotags: "fips", env: "CGO_ENABLED=1 GOEXPERIMENT=boringcrypto CC=aarch64-linux-gnu-gcc", fips: "+fips1402", pkg_suffix: "-fips" } | |
- {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "windows", goarch: "amd64", component: "cli", pkg_name: "consul-k8s", "bin_name": "consul-k8s.exe", gotags: "fips", env: "CGO_ENABLED=1 GOEXPERIMENT=cngcrypto", fips: "+fips1402" } | |
# control-plane | |
- {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "freebsd", goarch: "386", component: "control-plane", pkg_name: "consul-k8s-control-plane", "bin_name": "consul-k8s-control-plane", "skip_packaging": "true" } | |
- {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "freebsd", goarch: "amd64", component: "control-plane", pkg_name: "consul-k8s-control-plane", "bin_name": "consul-k8s-control-plane", "skip_packaging": "true" } | |
- {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "386", component: "control-plane", pkg_name: "consul-k8s-control-plane", "bin_name": "consul-k8s-control-plane", "skip_packaging": "true" } | |
- {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "amd64", component: "control-plane", pkg_name: "consul-k8s-control-plane", "bin_name": "consul-k8s-control-plane", "skip_packaging": "true" } | |
- {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "arm", component: "control-plane", pkg_name: "consul-k8s-control-plane", "bin_name": "consul-k8s-control-plane", "skip_packaging": "true" } | |
- {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "arm64", component: "control-plane", pkg_name: "consul-k8s-control-plane", "bin_name": "consul-k8s-control-plane", "skip_packaging": "true" } | |
# solaris is only built for the control plane | |
- {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "solaris", goarch: "amd64", component: "control-plane", pkg_name: "consul-k8s-control-plane", "bin_name": "consul-k8s-control-plane", "skip_packaging": "true" } | |
- {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "windows", goarch: "386", component: "control-plane", pkg_name: "consul-k8s-control-plane", "bin_name": "consul-k8s-control-plane.exe", "skip_packaging": "true" } | |
- {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "windows", goarch: "amd64", component: "control-plane", pkg_name: "consul-k8s-control-plane", "bin_name": "consul-k8s-control-plane.exe", "skip_packaging": "true" } | |
- {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "darwin", goarch: "amd64", component: "control-plane", pkg_name: "consul-k8s-control-plane", "bin_name": "consul-k8s-control-plane", "skip_packaging": "true" } | |
- {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "darwin", goarch: "arm64", component: "control-plane", pkg_name: "consul-k8s-control-plane", "bin_name": "consul-k8s-control-plane", "skip_packaging": "true" } | |
- {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "amd64", component: "control-plane", pkg_name: "consul-k8s-control-plane", "bin_name": "consul-k8s-control-plane", gotags: "fips", env: "CGO_ENABLED=1 GOEXPERIMENT=boringcrypto", fips: "+fips1402", pkg_suffix: "-fips", "skip_packaging": "true" } | |
- {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "arm64", component: "control-plane", pkg_name: "consul-k8s-control-plane", "bin_name": "consul-k8s-control-plane", gotags: "fips", env: "CGO_ENABLED=1 GOEXPERIMENT=boringcrypto CC=aarch64-linux-gnu-gcc", fips: "+fips1402", pkg_suffix: "-fips", "skip_packaging": "true" } | |
- {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "windows", goarch: "amd64", component: "control-plane", pkg_name: "consul-k8s-control-plane", "bin_name": "consul-k8s-control-plane.exe", gotags: "fips", env: "CGO_ENABLED=1 GOEXPERIMENT=cngcrypto", fips: "+fips1402", "skip_packaging": "true" } | |
# consul-cni | |
- {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "386", component: "control-plane/cni", pkg_name: "consul-cni", "bin_name": "consul-cni", "skip_packaging": "true" } | |
- {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "amd64", component: "control-plane/cni", pkg_name: "consul-cni", "bin_name": "consul-cni" } | |
- {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "arm", component: "control-plane/cni", pkg_name: "consul-cni", "bin_name": "consul-cni", "skip_packaging": "true" } | |
- {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "arm64", component: "control-plane/cni", pkg_name: "consul-cni", "bin_name": "consul-cni" } | |
- {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "amd64", component: "control-plane/cni", pkg_name: "consul-cni", "bin_name": "consul-cni", gotags: "fips", env: "CGO_ENABLED=1 GOEXPERIMENT=boringcrypto", fips: "+fips1402", pkg_suffix: "-fips" } | |
- {go: "${{ needs.get-go-version.outputs.go-version }}", goos: "linux", goarch: "arm64", component: "control-plane/cni", pkg_name: "consul-cni", "bin_name": "consul-cni", gotags: "fips", env: "CGO_ENABLED=1 GOEXPERIMENT=boringcrypto CC=aarch64-linux-gnu-gcc", fips: "+fips1402", pkg_suffix: "-fips" } | |
fail-fast: true | |
name: Go ${{ matrix.go }} ${{ matrix.goos }} ${{ matrix.goarch }} ${{ matrix.component }} ${{ matrix.fips }} build | |
steps: | |
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
- name: Setup go | |
uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 | |
with: | |
go-version: ${{ matrix.go }} | |
- name: Replace Go for Windows FIPS with Microsoft Go | |
if: ${{ matrix.fips == '+fips1402' && matrix.goos == 'windows' }} | |
run: | | |
# Uninstall standard Go and use microsoft/go instead | |
rm -rf /home/runner/actions-runner/_work/_tool/go | |
curl https://aka.ms/golang/release/latest/go${{ matrix.go }}-1.linux-amd64.tar.gz -Lo go${{ matrix.go }}.linux-amd64.tar.gz | |
tar -C $HOME -xf go${{ matrix.go }}.linux-amd64.tar.gz | |
chmod +x $HOME/go/bin | |
export PATH=$HOME/go/bin:$PATH | |
if [ $(which go) != "$HOME/go/bin/go" ]; then | |
echo "Unable to verify microsoft/go toolchain" | |
exit 1 | |
fi | |
- name: Install cross-compiler for FIPS on arm64 | |
if: ${{ matrix.fips == '+fips1402' && matrix.goarch == 'arm64' }} | |
run: | | |
sudo apt-get update --allow-releaseinfo-change-suite --allow-releaseinfo-change-version && sudo apt-get install -y gcc-aarch64-linux-gnu | |
- name: Build | |
env: | |
GOOS: ${{ matrix.goos }} | |
GOARCH: ${{ matrix.goarch }} | |
CGO_ENABLED: 0 | |
working-directory: ${{ matrix.component }} | |
run: | | |
mkdir -p dist out | |
cp $GITHUB_WORKSPACE/LICENSE dist/LICENSE.txt | |
export GIT_COMMIT=$(git rev-parse --short HEAD) | |
export GIT_DIRTY=$(test -n "$(git status --porcelain)" && echo "+CHANGES") | |
export GIT_IMPORT=github.com/hashicorp/consul-k8s/version | |
export GOLDFLAGS="-X ${GIT_IMPORT}.GitCommit=${GIT_COMMIT}${GIT_DIRTY} -X ${GIT_IMPORT}.GitDescribe=${{ needs.get-product-version.outputs.product-version }}" | |
${{ matrix.env }} go build -o dist/${{ matrix.bin_name }} -ldflags "${GOLDFLAGS}" -tags=${{ matrix.gotags }} . | |
zip -r -j out/${{ matrix.pkg_name }}_${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip dist/ | |
- name: Upload built binaries | |
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | |
with: | |
name: ${{ matrix.pkg_name }}_${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip | |
path: ${{ matrix.component}}/out/${{ matrix.pkg_name }}_${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip | |
- name: Copy license file | |
env: | |
LICENSE_DIR: ".release/linux/package/usr/share/doc/${{ env.PKG_NAME }}" | |
run: | | |
mkdir -p "$LICENSE_DIR" | |
cp $GITHUB_WORKSPACE/LICENSE "$LICENSE_DIR/LICENSE.txt" | |
- name: Package rpm and deb files for consul-k8s CLI | |
if: matrix.goos == 'linux' && matrix.component == 'cli' && matrix.skip_packaging != 'true' | |
uses: hashicorp/actions-packaging-linux@v1 | |
with: | |
name: consul-k8s${{ matrix.pkg_suffix }} | |
description: "consul-k8s provides a cli interface to first-class integrations between Consul and Kubernetes." | |
arch: ${{ matrix.goarch }} | |
version: ${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }} | |
maintainer: "HashiCorp" | |
homepage: "https://github.com/hashicorp/consul-k8s" | |
license: "MPL-2.0" | |
binary: "${{ matrix.component }}/dist/${{ matrix.bin_name }}" | |
deb_depends: "openssl" | |
rpm_depends: "openssl" | |
config_dir: ".release/linux/package/" | |
- name: Package rpm and deb files for consul-cni plugin | |
if: matrix.goos == 'linux' && matrix.component == 'control-plane/cni' && matrix.skip_packaging != 'true' | |
uses: hashicorp/actions-packaging-linux@v1 | |
with: | |
name: consul-cni${{ matrix.pkg_suffix }} | |
description: "consul-cni provides a CNI plugin for use with Consul Service Mesh." | |
arch: ${{ matrix.goarch }} | |
version: ${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }} | |
maintainer: "HashiCorp" | |
homepage: "https://github.com/hashicorp/consul-k8s/control-plane/cni" | |
license: "MPL-2.0" | |
binary: "${{ matrix.component }}/dist/${{ matrix.bin_name }}" | |
deb_depends: "openssl" | |
rpm_depends: "openssl" | |
config_dir: ".release/linux/package/" | |
postinstall: ".release/linux/postinst" | |
postremove: ".release/linux/postrm" | |
- name: Set package names | |
if: matrix.goos == 'linux' && matrix.skip_packaging != 'true' | |
run: | | |
echo "RPM_PACKAGE=$(basename out/*.rpm)" >> $GITHUB_ENV | |
echo "DEB_PACKAGE=$(basename out/*.deb)" >> $GITHUB_ENV | |
- name: Enable docker runtime emulation for testing packages | |
if: matrix.goos == 'linux' && matrix.skip_packaging != 'true' && matrix.component == 'cli' && matrix.goarch != 'amd64' | |
run: | | |
docker run --privileged \ | |
--rm \ | |
docker.mirror.hashicorp.services/tonistiigi/binfmt@sha256:5540f38542290735d17da57d7084f684c62336105d018c605058daf03e4c8256 --install ${{ matrix.goarch }} | |
- name: Test consul-k8s CLI rpm package on platforms on UBI | |
if: matrix.goos == 'linux' && matrix.component == 'cli' && matrix.skip_packaging != 'true' | |
uses: addnab/docker-run-action@4f65fabd2431ebc8d299f8e5a018d79a769ae185 # v3 | |
with: | |
image: registry.access.redhat.com/ubi9/ubi:latest | |
options: -v ${{ github.workspace }}:/work --platform linux/${{matrix.goarch}} | |
run: | | |
dnf install -y /work/out/${{ env.RPM_PACKAGE }} | |
CONSUL_K8S_VERSION="$(consul-k8s version | awk '{print $2}')" | |
VERSION="v${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }}" | |
if [ "${VERSION}" != "${CONSUL_K8S_VERSION}" ]; then | |
echo "Test FAILED, expected: ${VERSION}, got: ${CONSUL_K8S_VERSION}" | |
exit 1 | |
fi | |
echo "Test PASSED, expected: ${VERSION}, got: ${CONSUL_K8S_VERSION}" | |
- name: Upload rpm packages | |
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | |
if: matrix.goos == 'linux' && matrix.skip_packaging != 'true' | |
with: | |
name: ${{ env.RPM_PACKAGE }} | |
path: out/${{ env.RPM_PACKAGE }} | |
- name: Test consul-k8s CLI debian package | |
if: matrix.goos == 'linux' && matrix.component == 'cli' && matrix.skip_packaging != 'true' | |
uses: addnab/docker-run-action@4f65fabd2431ebc8d299f8e5a018d79a769ae185 # v3 | |
with: | |
image: ubuntu:latest | |
options: -v ${{ github.workspace }}:/work --platform linux/${{matrix.goarch}} | |
run: | | |
apt-get update -qq | |
apt-get install -y /work/out/${{ env.DEB_PACKAGE }} | |
CONSUL_K8S_VERSION="$(consul-k8s version | awk '{print $2}')" | |
VERSION="v${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }}" | |
if [ "${VERSION}" != "${CONSUL_K8S_VERSION}" ]; then | |
echo "Test FAILED, expected: ${VERSION}, got: ${CONSUL_K8S_VERSION}" | |
exit 1 | |
fi | |
echo "Test PASSED, expected: ${VERSION}, got: ${CONSUL_K8S_VERSION}" | |
- name: Upload debian packages | |
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | |
if: matrix.goos == 'linux' && matrix.skip_packaging != 'true' | |
with: | |
name: ${{ env.DEB_PACKAGE }} | |
path: out/${{ env.DEB_PACKAGE }} | |
build-docker: | |
name: Docker ${{ matrix.goarch }} ${{ matrix.fips }} default release build | |
needs: [get-product-version, get-go-version, build] | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
include: | |
- { goos: "linux", goarch: "arm" } | |
- { goos: "linux", goarch: "arm64" } | |
- { goos: "linux", goarch: "386" } | |
- { goos: "linux", goarch: "amd64" } | |
- { goos: "linux", goarch: "amd64", fips: "+fips1402" } | |
- { goos: "linux", goarch: "arm64", fips: "+fips1402" } | |
env: | |
repo: ${{ github.event.repository.name }} | |
version: ${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }} | |
steps: | |
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
- uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 | |
with: | |
name: consul-cni_${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }}_${{ matrix.goos}}_${{ matrix.goarch }}.zip | |
path: control-plane/dist/cni/${{ matrix.goos}}/${{ matrix.goarch }} | |
- name: extract consul-cni zip | |
env: | |
ZIP_LOCATION: control-plane/dist/cni/${{ matrix.goos}}/${{ matrix.goarch }} | |
run: | | |
cd "${ZIP_LOCATION}" | |
unzip -j *.zip | |
# This naming convention will be used ONLY for per-commit dev images | |
- name: Set docker dev tag | |
run: | | |
echo "full_dev_tag=${{ env.version }}" | |
echo "full_dev_tag=${{ env.version }}" >> $GITHUB_ENV | |
echo "minor_dev_tag=$(echo ${{ env.version }}| sed -E 's/([0-9]+\.[0-9]+)\.[0-9]+(-[0-9a-zA-Z\+\.]+)?$/\1\2/')" | |
echo "minor_dev_tag=$(echo ${{ env.version }}| sed -E 's/([0-9]+\.[0-9]+)\.[0-9]+(-[0-9a-zA-Z\+\.]+)?$/\1\2/')" >> $GITHUB_ENV | |
- name: Docker Build (Action) | |
uses: hashicorp/actions-docker-build@v2 | |
if: ${{ !matrix.fips }} | |
with: | |
smoke_test: | | |
TEST_VERSION="$(docker run "${IMAGE_NAME}" consul-k8s-control-plane version | awk '{print $2}')" | |
if [ "${TEST_VERSION}" != "v${version}" ]; then | |
echo "Test FAILED" | |
exit 1 | |
fi | |
echo "Test PASSED" | |
version: ${{ env.version }} | |
target: release-default | |
arch: ${{ matrix.goarch }} | |
pkg_name: consul-k8s-control-plane_${{ env.version }} | |
bin_name: consul-k8s-control-plane | |
workdir: control-plane | |
tags: | | |
docker.io/hashicorp/${{ env.repo }}-control-plane:${{ env.version }} | |
public.ecr.aws/hashicorp/${{ env.repo }}-control-plane:${{ env.version }} | |
dev_tags: | | |
docker.io/hashicorppreview/${{ env.repo }}-control-plane:${{ env.full_dev_tag }} | |
docker.io/hashicorppreview/${{ env.repo }}-control-plane:${{ env.full_dev_tag }}-${{ github.sha }} | |
docker.io/hashicorppreview/${{ env.repo }}-control-plane:${{ env.minor_dev_tag }} | |
docker.io/hashicorppreview/${{ env.repo }}-control-plane:${{ env.minor_dev_tag }}-${{ github.sha }} | |
extra_build_args: | | |
GOLANG_VERSION=${{ needs.get-go-version.outputs.go-version }} | |
- name: Docker FIPS Build (Action) | |
uses: hashicorp/actions-docker-build@v2 | |
if: ${{ matrix.fips }} | |
with: | |
smoke_test: | | |
TEST_VERSION="$(docker run "${IMAGE_NAME}" consul-k8s-control-plane version | awk '{print $2}')" | |
if [ "${TEST_VERSION}" != "v${version}" ]; then | |
echo "Test FAILED" | |
exit 1 | |
fi | |
echo "Test PASSED" | |
version: ${{ env.version }} | |
target: release-default-fips # duplicate target to distinguish FIPS builds in CRT machinery | |
arch: ${{ matrix.goarch }} | |
pkg_name: consul-k8s-control-plane_${{ env.version }} | |
bin_name: consul-k8s-control-plane | |
workdir: control-plane | |
tags: | | |
docker.io/hashicorp/${{ env.repo }}-control-plane-fips:${{ env.version }} | |
public.ecr.aws/hashicorp/${{ env.repo }}-control-plane-fips:${{ env.version }} | |
dev_tags: | | |
docker.io/hashicorppreview/${{ env.repo }}-control-plane-fips:${{ env.full_dev_tag }} | |
docker.io/hashicorppreview/${{ env.repo }}-control-plane-fips:${{ env.full_dev_tag }}-${{ github.sha }} | |
docker.io/hashicorppreview/${{ env.repo }}-control-plane-fips:${{ env.minor_dev_tag }} | |
docker.io/hashicorppreview/${{ env.repo }}-control-plane-fips:${{ env.minor_dev_tag }}-${{ github.sha }} | |
extra_build_args: | | |
GOLANG_VERSION=${{ needs.get-go-version.outputs.go-version }} | |
build-docker-ubi: | |
name: Docker ${{ matrix.arch }} ${{ matrix.fips }} UBI builds | |
needs: [get-product-version, get-go-version, build] | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
include: | |
- { arch: "amd64" } | |
- { arch: "amd64", fips: "+fips1402" } | |
env: | |
repo: ${{ github.event.repository.name }} | |
version: ${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }} | |
steps: | |
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
- uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 | |
with: | |
name: consul-cni_${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }}_linux_${{ matrix.arch }}.zip | |
path: control-plane/dist/cni/linux/${{ matrix.arch }} | |
- name: extract consul-cni zip | |
env: | |
ZIP_LOCATION: control-plane/dist/cni/linux/${{ matrix.arch }} | |
run: | | |
cd "${ZIP_LOCATION}" | |
unzip -j *.zip | |
# This naming convention will be used ONLY for per-commit dev images | |
- name: Set docker dev tag | |
run: | | |
echo "full_dev_tag=${{ env.version }}" | |
echo "full_dev_tag=${{ env.version }}" >> $GITHUB_ENV | |
echo "minor_dev_tag=$(echo ${{ env.version }}| sed -E 's/([0-9]+\.[0-9]+)\.[0-9]+(-[0-9a-zA-Z\+\.]+)?$/\1\2/')" | |
echo "minor_dev_tag=$(echo ${{ env.version }}| sed -E 's/([0-9]+\.[0-9]+)\.[0-9]+(-[0-9a-zA-Z\+\.]+)?$/\1\2/')" >> $GITHUB_ENV | |
- name: Docker Build (Action) | |
if: ${{ !matrix.fips }} | |
uses: hashicorp/actions-docker-build@v2 | |
with: | |
smoke_test: | | |
TEST_VERSION="$(docker run "${IMAGE_NAME}" consul-k8s-control-plane version | awk '{print $2}')" | |
if [ "${TEST_VERSION}" != "v${version}" ]; then | |
echo "Test FAILED" | |
exit 1 | |
fi | |
echo "Test PASSED" | |
version: ${{ env.version }} | |
target: ubi | |
arch: ${{ matrix.arch }} | |
pkg_name: consul-k8s-control-plane_${{ env.version }} | |
bin_name: consul-k8s-control-plane | |
workdir: control-plane | |
tags: | | |
docker.io/hashicorp/${{ env.repo }}-control-plane:${{ env.version }}-ubi | |
public.ecr.aws/hashicorp/${{ env.repo }}-control-plane:${{ env.version }}-ubi | |
dev_tags: | | |
docker.io/hashicorppreview/${{ env.repo }}-control-plane:${{ env.full_dev_tag }}-ubi | |
docker.io/hashicorppreview/${{ env.repo }}-control-plane:${{ env.full_dev_tag }}-ubi-${{ github.sha }} | |
docker.io/hashicorppreview/${{ env.repo }}-control-plane:${{ env.minor_dev_tag }}-ubi | |
docker.io/hashicorppreview/${{ env.repo }}-control-plane:${{ env.minor_dev_tag }}-ubi-${{ github.sha }} | |
redhat_tag: quay.io/redhat-isv-containers/611ca2f89a9b407267837100:${{env.version}}-ubi | |
extra_build_args: | | |
GOLANG_VERSION=${{ needs.get-go-version.outputs.go-version }} | |
- name: Docker FIPS Build (Action) | |
if: ${{ matrix.fips }} | |
uses: hashicorp/actions-docker-build@v2 | |
with: | |
smoke_test: | | |
TEST_VERSION="$(docker run "${IMAGE_NAME}" consul-k8s-control-plane version | awk '{print $2}')" | |
if [ "${TEST_VERSION}" != "v${version}" ]; then | |
echo "Test FAILED" | |
exit 1 | |
fi | |
echo "Test PASSED" | |
version: ${{ env.version }} | |
target: ubi-fips # duplicate target to distinguish FIPS builds in CRT machinery | |
arch: ${{ matrix.arch }} | |
pkg_name: consul-k8s-control-plane_${{ env.version }} | |
bin_name: consul-k8s-control-plane | |
workdir: control-plane | |
tags: | | |
public.ecr.aws/hashicorp/${{ env.repo }}-control-plane-fips:${{ env.version }}-ubi | |
docker.io/hashicorp/${{ env.repo }}-control-plane-fips:${{ env.version }}-ubi | |
redhat_tag: quay.io/redhat-isv-containers/6486b1beabfc4e51588c0416:${{env.version}}-ubi # this is different than the non-FIPS one | |
extra_build_args: | | |
GOLANG_VERSION=${{ needs.get-go-version.outputs.go-version }} | |
dev_tags: | | |
docker.io/hashicorppreview/${{ env.repo }}-control-plane-fips:${{ env.full_dev_tag }}-ubi | |
docker.io/hashicorppreview/${{ env.repo }}-control-plane-fips:${{ env.full_dev_tag }}-ubi-${{ github.sha }} | |
docker.io/hashicorppreview/${{ env.repo }}-control-plane-fips:${{ env.minor_dev_tag }}-ubi | |
docker.io/hashicorppreview/${{ env.repo }}-control-plane-fips:${{ env.minor_dev_tag }}-ubi-${{ github.sha }} |