Added feature to get encrypt key from Vault #18364
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# NOTE: this workflow builds Consul binaries on multiple architectures for PRs. | |
# It is aimed at checking new commits don't introduce any breaking build changes. | |
name: build-distros | |
on: | |
pull_request: | |
push: | |
branches: | |
# Push events on the main branch | |
- main | |
- release/** | |
permissions: | |
contents: read | |
env: | |
GOTAGS: ${{ endsWith(github.repository, '-enterprise') && 'consulent' || '' }} | |
GOPRIVATE: github.com/hashicorp # Required for enterprise deps | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.head_ref || github.ref }} | |
cancel-in-progress: true | |
jobs: | |
setup: | |
name: Setup | |
runs-on: ubuntu-latest | |
outputs: | |
compute-small: ${{ steps.setup-outputs.outputs.compute-small }} | |
compute-medium: ${{ steps.setup-outputs.outputs.compute-medium }} | |
compute-large: ${{ steps.setup-outputs.outputs.compute-large }} | |
compute-xl: ${{ steps.setup-outputs.outputs.compute-xl }} | |
steps: | |
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
- id: setup-outputs | |
name: Setup outputs | |
run: ./.github/scripts/get_runner_classes.sh | |
get-go-version: | |
uses: ./.github/workflows/reusable-get-go-version.yml | |
check-go-mod: | |
needs: | |
- setup | |
- get-go-version | |
uses: ./.github/workflows/reusable-check-go-mod.yml | |
with: | |
runs-on: ${{ needs.setup.outputs.compute-medium }} | |
repository-name: ${{ github.repository }} | |
go-version: ${{ needs.get-go-version.outputs.go-version }} | |
secrets: | |
elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} | |
build-386: | |
needs: | |
- setup | |
- get-go-version | |
- check-go-mod | |
env: | |
XC_OS: "freebsd linux windows" | |
runs-on: ${{ fromJSON(needs.setup.outputs.compute-xl) }} | |
steps: | |
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
# NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos. | |
- name: Setup Git | |
if: ${{ endsWith(github.repository, '-enterprise') }} | |
run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com" | |
- uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 | |
with: | |
go-version: ${{ needs.get-go-version.outputs.go-version }} | |
- name: Build | |
run: | | |
for os in $XC_OS; do | |
GOOS="$os" GOARCH=386 CGO_ENABLED=0 go build -tags "${{ env.GOTAGS }}" | |
done | |
build-amd64: | |
needs: | |
- setup | |
- get-go-version | |
- check-go-mod | |
env: | |
XC_OS: "darwin freebsd linux solaris windows" | |
runs-on: ${{ fromJSON(needs.setup.outputs.compute-xl) }} | |
steps: | |
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
# NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos. | |
- name: Setup Git | |
if: ${{ endsWith(github.repository, '-enterprise') }} | |
run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com" | |
- uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 | |
with: | |
go-version: ${{ needs.get-go-version.outputs.go-version }} | |
- name: Build | |
run: | | |
for os in $XC_OS; do | |
GOOS="$os" GOARCH=amd64 CGO_ENABLED=0 go build -tags "${{ env.GOTAGS }}" | |
done | |
build-arm: | |
needs: | |
- setup | |
- get-go-version | |
- check-go-mod | |
runs-on: ${{ fromJSON(needs.setup.outputs.compute-xl) }} | |
env: | |
CGO_ENABLED: 1 | |
GOOS: linux | |
steps: | |
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
# NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos. | |
- name: Setup Git | |
if: ${{ endsWith(github.repository, '-enterprise') }} | |
run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com" | |
- uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 | |
with: | |
go-version: ${{ needs.get-go-version.outputs.go-version }} | |
- run: | | |
sudo apt-get update --allow-releaseinfo-change-suite --allow-releaseinfo-change-version && sudo apt-get install -y gcc-arm-linux-gnueabi gcc-arm-linux-gnueabihf gcc-aarch64-linux-gnu | |
- run: CC=arm-linux-gnueabi-gcc GOARCH=arm GOARM=5 go build -tags "${{ env.GOTAGS }}" | |
- run: CC=arm-linux-gnueabihf-gcc GOARCH=arm GOARM=6 go build -tags "${{ env.GOTAGS }}" | |
- run: CC=aarch64-linux-gnu-gcc GOARCH=arm64 go build -tags "${{ env.GOTAGS }}" | |
build-s390x: | |
if: ${{ endsWith(github.repository, '-enterprise') }} | |
needs: | |
- setup | |
- get-go-version | |
- check-go-mod | |
runs-on: ${{ fromJSON(needs.setup.outputs.compute-xl) }} | |
steps: | |
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
# NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos. | |
- name: Setup Git | |
run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com" | |
- uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 | |
with: | |
go-version: ${{ needs.get-go-version.outputs.go-version }} | |
- name: Build | |
run: GOOS=linux GOARCH=s390x CGO_ENABLED=0 go build -tags "${{ env.GOTAGS }}" | |
# This is job is required for branch protection as a required gihub check | |
# because GitHub actions show up as checks at the job level and not the | |
# workflow level. This is currently a feature request: | |
# https://github.com/orgs/community/discussions/12395 | |
# | |
# This job must: | |
# - be placed after the fanout of a workflow so that everything fans back in | |
# to this job. | |
# - "need" any job that is part of the fan out / fan in | |
# - implement the if logic because we have conditional jobs | |
# (go-test-enteprise) that this job needs and this would potentially get | |
# skipped if a previous job got skipped. So we use the if clause to make | |
# sure it does not get skipped. | |
build-distros-success: | |
needs: | |
- setup | |
- check-go-mod | |
- build-386 | |
- build-amd64 | |
- build-arm | |
- build-s390x | |
runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }} | |
if: ${{ always() }} | |
steps: | |
- name: evaluate upstream job results | |
run: | | |
# exit 1 if failure or cancelled result for any upstream job | |
if printf '${{ toJSON(needs) }}' | grep -E -i '\"result\": \"(failure|cancelled)\"'; then | |
printf "Tests failed or workflow cancelled:\n\n${{ toJSON(needs) }}" | |
exit 1 | |
fi |