Make it push #4
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: build | |
| on: | |
| push: | |
| branches-ignore: | |
| - 'docs/**' | |
| workflow_dispatch: | |
| inputs: | |
| version: | |
| description: "Version to build, e.g. 0.1.0" | |
| type: string | |
| required: false | |
| env: | |
| PKG_NAME: "vault-secrets-operator" | |
| # used by scripts that fetch build tools from GH | |
| GH_GET_RETRIES: 5 | |
| jobs: | |
| get-product-version: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| product-version: ${{ steps.get-product-version.outputs.product-version }} | |
| steps: | |
| - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
| - name: get product version | |
| id: get-product-version | |
| run: | | |
| VERSION="${{ github.event.inputs.version || '0.0.0-dev' }}" | |
| echo "Using version ${VERSION}" | |
| echo "product-version=${VERSION}" >> $GITHUB_OUTPUT | |
| build-pre-checks: | |
| runs-on: ubuntu-latest | |
| needs: get-product-version | |
| outputs: | |
| go-version: ${{ steps.setup-go.outputs.go-version }} | |
| steps: | |
| - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
| - id: setup-go | |
| uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 | |
| with: | |
| go-version-file: .go-version | |
| - name: go fmt | |
| run: | | |
| make check-fmt | |
| - name: tf fmt | |
| run: | | |
| make check-tffmt | |
| - name: go mod tidy | |
| run: | | |
| go mod tidy | |
| test -z "$(git status --porcelain)" | |
| - name: check versions | |
| run: | | |
| make check-versions VERSION=${{ needs.get-product-version.outputs.product-version }} | |
| - name: generate manifests | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| make generate manifests | |
| test -z "$(git status --porcelain)" | |
| generate-metadata-file: | |
| needs: get-product-version | |
| runs-on: ubuntu-latest | |
| outputs: | |
| filepath: ${{ steps.generate-metadata-file.outputs.filepath }} | |
| steps: | |
| - name: Checkout directory | |
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
| - name: Generate metadata file | |
| id: generate-metadata-file | |
| uses: hashicorp/actions-generate-metadata@v1 | |
| with: | |
| version: ${{ needs.get-product-version.outputs.product-version }} | |
| product: ${{ env.PKG_NAME }} | |
| repositoryOwner: "hashicorp" | |
| - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 | |
| with: | |
| name: metadata.json | |
| path: ${{ steps.generate-metadata-file.outputs.filepath }} | |
| build: | |
| name: Go ${{ needs.build-pre-checks.outputs.go-version }} linux ${{ matrix.arch }} build | |
| needs: [get-product-version, build-pre-checks] | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| arch: ["arm64", "amd64"] | |
| fail-fast: true | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
| - name: Setup go | |
| uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 | |
| with: | |
| go-version-file: .go-version | |
| - name: Build | |
| env: | |
| GOOS: "linux" | |
| GOARCH: ${{ matrix.arch }} | |
| VERSION: ${{ needs.get-product-version.outputs.product-version }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| mkdir dist out | |
| make ci-build | |
| zip -r -j out/${{ env.PKG_NAME }}_${{ needs.get-product-version.outputs.product-version }}_linux_${{ matrix.arch }}.zip dist/${{ env.GOOS }}/${{ env.GOARCH }}/ | |
| - name: Upload binaries | |
| uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 | |
| with: | |
| name: ${{ env.PKG_NAME }}_${{ needs.get-product-version.outputs.product-version }}_linux_${{ matrix.arch }}.zip | |
| path: out/${{ env.PKG_NAME }}_${{ needs.get-product-version.outputs.product-version }}_linux_${{ matrix.arch }}.zip | |
| build-docker: | |
| name: Docker ${{ matrix.arch }} build | |
| needs: [get-product-version, build-pre-checks, build] | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| arch: ["arm64", "amd64"] | |
| env: | |
| repo: ${{github.event.repository.name}} | |
| version: ${{needs.get-product-version.outputs.product-version}} | |
| steps: | |
| - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
| - name: Docker Build (Action) | |
| uses: hashicorp/actions-docker-build@v1 | |
| env: | |
| VERSION: ${{ needs.get-product-version.outputs.product-version }} | |
| GO_VERSION: ${{ needs.build-pre-checks.outputs.go-version }} | |
| with: | |
| version: ${{env.version}} | |
| target: release-default | |
| arch: ${{matrix.arch}} | |
| tags: | | |
| docker.io/hashicorp/${{env.repo}}:${{env.version}} | |
| public.ecr.aws/hashicorp/${{env.repo}}:${{env.version}} | |
| - name: Check binary version in container | |
| shell: bash | |
| run: | | |
| version_output=$(docker run hashicorp/${{env.repo}}:${{env.version}} --version --output=json) | |
| echo $version_output | |
| git_version=$(echo $version_output | jq -r .gitVersion) | |
| if [ "$git_version" != "${{ env.version }}" ]; then | |
| echo "$gitVersion expected to be ${{ env.version }}" | |
| exit 1 | |
| fi | |
| build-docker-ubi: | |
| name: UBI ${{ matrix.arch }} build | |
| needs: [get-product-version, build-pre-checks, build] | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| arch: ["arm64", "amd64"] | |
| env: | |
| repo: ${{github.event.repository.name}} | |
| version: ${{needs.get-product-version.outputs.product-version}} | |
| image_tag: ${{needs.get-product-version.outputs.product-version}}-ubi | |
| steps: | |
| - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
| - name: Docker Build (Action) | |
| uses: hashicorp/actions-docker-build@v1 | |
| env: | |
| VERSION: ${{ needs.get-product-version.outputs.product-version }} | |
| GO_VERSION: ${{ needs.build-pre-checks.outputs.go-version }} | |
| with: | |
| version: ${{env.version}} | |
| target: release-ubi | |
| arch: ${{matrix.arch}} | |
| tags: | | |
| docker.io/hashicorp/${{env.repo}}:${{env.image_tag}} | |
| public.ecr.aws/hashicorp/${{env.repo}}:${{env.image_tag}} | |
| - name: Check binary version in container | |
| shell: bash | |
| run: | | |
| version_output=$(docker run hashicorp/${{env.repo}}:${{env.image_tag}} --version --output=json) | |
| echo $version_output | |
| git_version=$(echo $version_output | jq -r .gitVersion) | |
| if [ "$git_version" != "${{ env.version }}" ]; then | |
| echo "$gitVersion expected to be ${{ env.version }}" | |
| exit 1 | |
| fi | |
| build-docker-ubi-redhat: | |
| name: UBI ${{ matrix.arch }} RedHat build | |
| needs: [get-product-version, build-pre-checks, build] | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| # Building only amd64 for the RedHat registry for now | |
| arch: ["amd64"] | |
| env: | |
| repo: ${{github.event.repository.name}} | |
| version: ${{needs.get-product-version.outputs.product-version}} | |
| image_tag: ${{needs.get-product-version.outputs.product-version}}-ubi | |
| steps: | |
| - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
| - name: Docker Build (Action) | |
| uses: hashicorp/actions-docker-build@v1 | |
| env: | |
| VERSION: ${{ needs.get-product-version.outputs.product-version }} | |
| GO_VERSION: ${{ needs.build-pre-checks.outputs.go-version }} | |
| with: | |
| version: ${{env.version}} | |
| target: release-ubi-redhat | |
| arch: ${{matrix.arch}} | |
| # The quay id here corresponds to the project id on RedHat's portal | |
| redhat_tag: quay.io/redhat-isv-containers/64b072322e2773c28d30d988:${{env.image_tag}} | |
| - name: Check binary version in container | |
| shell: bash | |
| run: | | |
| version_output=$(docker run quay.io/redhat-isv-containers/64b072322e2773c28d30d988:${{env.image_tag}} --version --output=json) | |
| echo $version_output | |
| git_version=$(echo $version_output | jq -r .gitVersion) | |
| if [ "$git_version" != "${{ env.version }}" ]; then | |
| echo "$gitVersion expected to be ${{ env.version }}" | |
| exit 1 | |
| fi | |
| vault-versions: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - run: echo "setting vault versions" | |
| outputs: | |
| VAULT_N_2: 1.13.13 | |
| VAULT_N_1: 1.14.9 | |
| VAULT_N: 1.15.5 | |
| k8s-versions: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - run: echo "setting k8s versions" | |
| outputs: | |
| K8S_1_24: 1.24.15 | |
| K8S_1_25: 1.25.11 | |
| K8S_1_26: 1.26.6 | |
| K8S_1_27: 1.27.3 | |
| K8S_1_28: 1.28.0 | |
| K8S_1_29: 1.29.0 | |
| integrationTest: | |
| runs-on: ubuntu-latest | |
| needs: [get-product-version, build-pre-checks, build-docker, vault-versions, k8s-versions] | |
| env: | |
| KIND_CLUSTER_NAME: vault-secrets-operator | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| VERSION: ${{ needs.get-product-version.outputs.product-version }} | |
| OPERATOR_IMAGE: ${{ github.event.repository.name }}_release-default_linux_amd64_${{ needs.get-product-version.outputs.product-version }}_${{ github.sha }}.docker.tar | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| kind-k8s-version: | |
| - "${{ needs.k8s-versions.outputs.K8S_1_24 }}" | |
| - "${{ needs.k8s-versions.outputs.K8S_1_25 }}" | |
| - "${{ needs.k8s-versions.outputs.K8S_1_26 }}" | |
| - "${{ needs.k8s-versions.outputs.K8S_1_27 }}" | |
| - "${{ needs.k8s-versions.outputs.K8S_1_28 }}" | |
| - "${{ needs.k8s-versions.outputs.K8S_1_29 }}" | |
| vault-version: | |
| - "${{ needs.vault-versions.outputs.VAULT_N_2 }}" | |
| - "${{ needs.vault-versions.outputs.VAULT_N_1 }}" | |
| - "${{ needs.vault-versions.outputs.VAULT_N }}" | |
| installation-method: [helm, kustomize] | |
| enterprise: [true, false] | |
| # Note: We want to test the operator with the different k8s versions, | |
| # and with the different vault versions, but we don't care about testing | |
| # all the k8s versions against all the vault versions. | |
| # Combos to exclude: | |
| # kind-k8s-version: [K8S_1_24, K8S_1_25, K8S_1_26, K8S_1_27] | |
| # vault-version: [VAULT_N_2, VAULT_N_1] | |
| # We run kustomize ent against the full matrix, and other tests against vault version VAULT_N. | |
| # Combos to exclude: | |
| # vault-version: [VAULT_N_2, VAULT_N_1] | |
| # any combos from installation-method and enterprise except for kustomize true | |
| exclude: | |
| # vault version N-2 | |
| - kind-k8s-version: ${{ needs.k8s-versions.outputs.K8S_1_28 }} | |
| vault-version: ${{ needs.vault-versions.outputs.VAULT_N_2 }} | |
| - kind-k8s-version: ${{ needs.k8s-versions.outputs.K8S_1_27 }} | |
| vault-version: ${{ needs.vault-versions.outputs.VAULT_N_2 }} | |
| - kind-k8s-version: ${{ needs.k8s-versions.outputs.K8S_1_26 }} | |
| vault-version: ${{ needs.vault-versions.outputs.VAULT_N_2 }} | |
| - kind-k8s-version: ${{ needs.k8s-versions.outputs.K8S_1_25 }} | |
| vault-version: ${{ needs.vault-versions.outputs.VAULT_N_2 }} | |
| - kind-k8s-version: ${{ needs.k8s-versions.outputs.K8S_1_24 }} | |
| vault-version: ${{ needs.vault-versions.outputs.VAULT_N_2 }} | |
| - vault-version: ${{ needs.vault-versions.outputs.VAULT_N_2 }} | |
| installation-method: helm | |
| enterprise: true | |
| - vault-version: ${{ needs.vault-versions.outputs.VAULT_N_2 }} | |
| installation-method: helm | |
| enterprise: false | |
| - vault-version: ${{ needs.vault-versions.outputs.VAULT_N_2 }} | |
| installation-method: kustomize | |
| enterprise: false | |
| # vault version N-1 | |
| - kind-k8s-version: ${{ needs.k8s-versions.outputs.K8S_1_28 }} | |
| vault-version: ${{ needs.vault-versions.outputs.VAULT_N_1 }} | |
| - kind-k8s-version: ${{ needs.k8s-versions.outputs.K8S_1_27 }} | |
| vault-version: ${{ needs.vault-versions.outputs.VAULT_N_1 }} | |
| - kind-k8s-version: ${{ needs.k8s-versions.outputs.K8S_1_26 }} | |
| vault-version: ${{ needs.vault-versions.outputs.VAULT_N_1 }} | |
| - kind-k8s-version: ${{ needs.k8s-versions.outputs.K8S_1_25 }} | |
| vault-version: ${{ needs.vault-versions.outputs.VAULT_N_1 }} | |
| - kind-k8s-version: ${{ needs.k8s-versions.outputs.K8S_1_24 }} | |
| vault-version: ${{ needs.vault-versions.outputs.VAULT_N_1 }} | |
| - vault-version: ${{ needs.vault-versions.outputs.VAULT_N_1 }} | |
| installation-method: helm | |
| enterprise: true | |
| - vault-version: ${{ needs.vault-versions.outputs.VAULT_N_1 }} | |
| installation-method: helm | |
| enterprise: false | |
| - vault-version: ${{ needs.vault-versions.outputs.VAULT_N_1 }} | |
| installation-method: kustomize | |
| enterprise: false | |
| name: vault:${{ matrix.vault-version }} kind:${{ matrix.kind-k8s-version }} ${{ matrix.installation-method }} enterprise=${{ matrix.enterprise }} | |
| steps: | |
| - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
| - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 | |
| with: | |
| name: ${{ env.OPERATOR_IMAGE }} | |
| path: dist | |
| - name: Create K8s Kind Cluster | |
| uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0 | |
| with: | |
| version: v0.20.0 | |
| cluster_name: ${{ env.KIND_CLUSTER_NAME }} | |
| config: test/integration/kind/config.yaml | |
| node_image: kindest/node:v${{ matrix.kind-k8s-version }} | |
| - name: Create kind export log root | |
| id: create_kind_export_log_root | |
| run: | | |
| vault_flavor=oss | |
| if [ ${{ matrix.enterprise }} == 'true' ]; then | |
| vault_flavor=ent | |
| fi | |
| log_artifact_name="kind-${{ env.KIND_CLUSTER_NAME}}-$(git rev-parse --short ${{ github.sha }})-${{ matrix.kind-k8s-version }}-${{ matrix.vault-version }}-${vault_flavor}-${{ matrix.installation-method }}-logs" | |
| log_root="/tmp/${log_artifact_name}" | |
| mkdir -p "${log_root}" | |
| echo "log_root=${log_root}" >> $GITHUB_OUTPUT | |
| echo "log_artifact_name=${log_artifact_name}" >> $GITHUB_OUTPUT | |
| - name: Load Docker image | |
| # Load the amd64 docker image from the build-docker job | |
| run: | |
| make docker-image-load load-docker-image IMAGE_ARCHIVE_FILE=dist/${{ env.OPERATOR_IMAGE }} | |
| - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 | |
| with: | |
| go-version-file: .go-version | |
| - name: ${{ matrix.installation-method }} enterprise=${{ matrix.enterprise }} | |
| env: | |
| INTEGRATION_TESTS: true | |
| VAULT_IMAGE_TAG: ${{ matrix.vault-version }} | |
| VAULT_LICENSE_CI: ${{ secrets.VAULT_LICENSE_CI }} | |
| HCP_ORGANIZATION_ID: ${{ secrets.HCP_ORGANIZATION_ID }} | |
| HCP_PROJECT_ID: ${{ secrets.HCP_PROJECT_ID }} | |
| HCP_CLIENT_ID: ${{ secrets.HCP_CLIENT_ID }} | |
| HCP_CLIENT_SECRET: ${{ secrets.HCP_CLIENT_SECRET }} | |
| run: | | |
| make_target=integration-test | |
| if [ ${{ matrix.installation-method }} == 'helm' ]; then | |
| make_target+='-helm' | |
| fi | |
| if [ ${{ matrix.enterprise }} == 'true' ]; then | |
| make_target+='-ent' | |
| export VAULT_IMAGE_TAG='${{ matrix.vault-version }}-ent' | |
| fi | |
| make $make_target INTEGRATION_TESTS_PARALLEL=true SUPPRESS_TF_OUTPUT=true EXPORT_KIND_LOGS_ROOT=${{ steps.create_kind_export_log_root.outputs.log_root }} | |
| - name: Store kind cluster logs | |
| if: success() | |
| uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 | |
| with: | |
| name: ${{ steps.create_kind_export_log_root.outputs.log_artifact_name }} | |
| path: ${{ steps.create_kind_export_log_root.outputs.log_root }} | |
| - name: Store kind cluster logs failure | |
| if: failure() | |
| uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 | |
| with: | |
| name: ${{ steps.create_kind_export_log_root.outputs.log_artifact_name }}-failed | |
| path: ${{ steps.create_kind_export_log_root.outputs.log_root }} |