Manual backport of [NET-11150] ci: fix conditional skip and add safeguard into release/1.6.0 #3599
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: build | |
| # We now default to running this workflow on every pull_request push | |
| # in addition to protected branch push. | |
| # | |
| # This provides fast feedback when build issues occur, so they can be | |
| # fixed prior to being merged. | |
| # | |
| # If you want to opt out of this, and only run the build on certain branches | |
| # please refer to the documentation on branch filtering here: | |
| # | |
| # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#onpushbranchestagsbranches-ignoretags-ignore | |
| # | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - release/** | |
| pull_request: | |
| workflow_dispatch: | |
| env: | |
| PKG_NAME: "consul-dataplane" | |
| jobs: | |
| conditional-skip: | |
| uses: ./.github/workflows/reusable-conditional-skip.yml | |
| get-go-version: | |
| # Cascades down to test jobs | |
| needs: [conditional-skip] | |
| if: needs.conditional-skip.outputs.skip-ci != 'true' | |
| uses: ./.github/workflows/reusable-get-go-version.yml | |
| get-product-version: | |
| # Cascades down to test jobs | |
| needs: [conditional-skip] | |
| if: needs.conditional-skip.outputs.skip-ci != 'true' | |
| runs-on: ubuntu-latest | |
| outputs: | |
| product-version: ${{ steps.get-product-version.outputs.product-version }} | |
| steps: | |
| - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
| - name: get product version | |
| id: get-product-version | |
| run: | | |
| make version | |
| echo "product-version=$(make version)" >> $GITHUB_OUTPUT | |
| generate-metadata-file: | |
| needs: get-product-version | |
| runs-on: ubuntu-latest | |
| outputs: | |
| filepath: ${{ steps.generate-metadata-file.outputs.filepath }} | |
| steps: | |
| - name: "Checkout directory" | |
| uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
| - name: Generate metadata file | |
| id: generate-metadata-file | |
| uses: hashicorp/actions-generate-metadata@v1 | |
| with: | |
| version: ${{ needs.get-product-version.outputs.product-version }} | |
| product: ${{ env.PKG_NAME }} | |
| repositoryOwner: "hashicorp" | |
| - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | |
| with: | |
| name: metadata.json | |
| path: ${{ steps.generate-metadata-file.outputs.filepath }} | |
| build-linux: | |
| needs: | |
| - get-go-version | |
| - get-product-version | |
| runs-on: ubuntu-20.04 # the GLIBC is too high on 22.04 | |
| strategy: | |
| matrix: | |
| include: | |
| - {goos: "linux", goarch: "arm"} | |
| - {goos: "linux", goarch: "arm64"} | |
| - {goos: "linux", goarch: "386"} | |
| - {goos: "linux", goarch: "amd64"} | |
| - {goos: "linux", goarch: "amd64", gotags: "fips", env: "CGO_ENABLED=1 GOEXPERIMENT=boringcrypto", fips: "+fips1402", pkg_suffix: "-fips" } | |
| - {goos: "linux", goarch: "arm64", gotags: "fips", env: "CGO_ENABLED=1 GOEXPERIMENT=boringcrypto CC=aarch64-linux-gnu-gcc", fips: "+fips1402", pkg_suffix: "-fips" } | |
| - {goos: "darwin", goarch: "amd64"} | |
| - {goos: "darwin", goarch: "arm64"} | |
| fail-fast: true | |
| name: Go ${{ needs.get-go-version.outputs.go-version }} ${{ matrix.goos }} ${{ matrix.goarch }} ${{ matrix.fips }} build | |
| steps: | |
| - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
| - uses: hashicorp/actions-go-build@v1 | |
| with: | |
| product_name: ${{ env.PKG_NAME }} | |
| product_version: ${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }} | |
| go_version: ${{ needs.get-go-version.outputs.go-version }} | |
| os: ${{ matrix.goos }} | |
| arch: ${{ matrix.goarch }} | |
| reproducible: assert | |
| instructions: | | |
| cp LICENSE $TARGET_DIR/LICENSE.txt | |
| if [[ "${{ matrix.fips }}" == "+fips1402" ]] | |
| then | |
| sudo apt-get update --allow-releaseinfo-change-suite --allow-releaseinfo-change-version && sudo apt-get install -y build-essential gcc-aarch64-linux-gnu | |
| fi | |
| ${{ matrix.env }} go build -tags=${{ matrix.gotags }} -trimpath -buildvcs=false -ldflags="-X github.com/hashicorp/consul-dataplane/pkg/version.GitCommit=${GITHUB_SHA::8}" -o $BIN_PATH ./cmd/$BIN_NAME | |
| - name: Copy license file | |
| if: ${{ matrix.goos == 'linux' }} | |
| env: | |
| LICENSE_DIR: ".release/linux/package/usr/share/doc/${{ env.PKG_NAME }}" | |
| run: | | |
| mkdir -p "$LICENSE_DIR" | |
| cp LICENSE "$LICENSE_DIR/LICENSE.txt" | |
| - name: Package | |
| if: ${{ matrix.goos == 'linux' }} | |
| uses: hashicorp/actions-packaging-linux@v1 | |
| with: | |
| name: ${{ github.event.repository.name }}${{ matrix.pkg_suffix }} | |
| description: "Consul dataplane connects an application to a Consul service mesh." | |
| arch: ${{ matrix.goarch }} | |
| version: ${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }} | |
| maintainer: "HashiCorp" | |
| homepage: "https://github.com/hashicorp/consul-dataplane" | |
| license: "MPL-2.0" | |
| binary: "dist/${{ env.PKG_NAME }}" | |
| deb_depends: "openssl" | |
| rpm_depends: "openssl" | |
| config_dir: ".release/linux/package/" | |
| - name: Set Package Names | |
| if: ${{ matrix.goos == 'linux' }} | |
| run: | | |
| echo "RPM_PACKAGE=$(basename out/*.rpm)" >> $GITHUB_ENV | |
| echo "DEB_PACKAGE=$(basename out/*.deb)" >> $GITHUB_ENV | |
| - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | |
| if: ${{ matrix.goos == 'linux' }} | |
| with: | |
| name: ${{ env.RPM_PACKAGE }} | |
| path: out/${{ env.RPM_PACKAGE }} | |
| - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | |
| if: ${{ matrix.goos == 'linux' }} | |
| with: | |
| name: ${{ env.DEB_PACKAGE }} | |
| path: out/${{ env.DEB_PACKAGE }} | |
| build-docker-default: | |
| name: Docker ${{ matrix.arch }} ${{ matrix.fips }} default release build | |
| needs: | |
| - get-go-version | |
| - get-product-version | |
| - build-linux | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| # This is the subset of architectures we build binaries for officially | |
| # supported by Envoy. | |
| include: | |
| - { arch: "amd64" } | |
| - { arch: "amd64", fips: "+fips1402" } | |
| - { arch: "arm64" } | |
| - { arch: "arm64", fips: "+fips1402" } | |
| env: | |
| repo: ${{ github.event.repository.name }} | |
| version: ${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }} | |
| steps: | |
| - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
| # This naming convention will be used ONLY for per-commit dev images | |
| - name: Set docker dev tag | |
| run: | | |
| echo "full_dev_tag=${{ env.version }}" | |
| echo "full_dev_tag=${{ env.version }}" >> $GITHUB_ENV | |
| echo "minor_dev_tag=$(echo ${{ env.version }}| sed -E 's/([0-9]+\.[0-9]+)\.[0-9]+(-[0-9a-zA-Z\+\.]+)?$/\1\2/')" | |
| echo "minor_dev_tag=$(echo ${{ env.version }}| sed -E 's/([0-9]+\.[0-9]+)\.[0-9]+(-[0-9a-zA-Z\+\.]+)?$/\1\2/')" >> $GITHUB_ENV | |
| - name: Docker Build (Action) | |
| if: ${{ !matrix.fips }} | |
| uses: hashicorp/actions-docker-build@v2 | |
| with: | |
| smoke_test: | | |
| TEST_VERSION="$(docker run "${IMAGE_NAME}" --version | head -n1 | cut -d' ' -f3 | sed 's/^v//')" | |
| if [ "${TEST_VERSION}" != "${version}" ]; then | |
| echo "Test FAILED: Got ${TEST_VERSION}, want ${version}." | |
| exit 1 | |
| fi | |
| echo "Test PASSED" | |
| version: ${{ env.version }} | |
| target: release-default | |
| arch: ${{ matrix.arch }} | |
| tags: | | |
| docker.io/hashicorp/${{env.repo}}:${{env.version}} | |
| public.ecr.aws/hashicorp/${{env.repo}}:${{env.version}} | |
| dev_tags: | | |
| docker.io/hashicorppreview/${{ env.repo }}:${{ env.full_dev_tag }} | |
| docker.io/hashicorppreview/${{ env.repo }}:${{ env.full_dev_tag }}-${{ github.sha }} | |
| docker.io/hashicorppreview/${{ env.repo }}:${{ env.minor_dev_tag }} | |
| docker.io/hashicorppreview/${{ env.repo }}:${{ env.minor_dev_tag }}-${{ github.sha }} | |
| extra_build_args: | | |
| GOLANG_VERSION=${{ needs.get-go-version.outputs.go-version }} | |
| - name: Docker FIPS Build (Action) | |
| if: ${{ matrix.fips }} | |
| uses: hashicorp/actions-docker-build@v2 | |
| with: | |
| smoke_test: | | |
| TEST_VERSION="$(docker run "${IMAGE_NAME}" --version | head -n1 | cut -d' ' -f3 | sed 's/^v//')" | |
| if [ "${TEST_VERSION}" != "${version}" ]; then | |
| echo "Test FAILED: Got ${TEST_VERSION}, want ${version}." | |
| exit 1 | |
| fi | |
| echo "Test PASSED" | |
| version: ${{ env.version }} | |
| target: release-fips-default | |
| arch: ${{ matrix.arch }} | |
| tags: | | |
| docker.io/hashicorp/${{env.repo}}-fips:${{env.version}} | |
| public.ecr.aws/hashicorp/${{env.repo}}-fips:${{env.version}} | |
| dev_tags: | | |
| docker.io/hashicorppreview/${{ env.repo }}-fips:${{ env.full_dev_tag }} | |
| docker.io/hashicorppreview/${{ env.repo }}-fips:${{ env.full_dev_tag }}-${{ github.sha }} | |
| docker.io/hashicorppreview/${{ env.repo }}-fips:${{ env.minor_dev_tag }} | |
| docker.io/hashicorppreview/${{ env.repo }}-fips:${{ env.minor_dev_tag }}-${{ github.sha }} | |
| extra_build_args: | | |
| GOLANG_VERSION=${{ needs.get-go-version.outputs.go-version }} | |
| build-docker-redhat: | |
| name: Docker ${{ matrix.fips }} UBI Image Build (for Red Hat Certified Container Registry) | |
| needs: | |
| - get-go-version | |
| - get-product-version | |
| - build-linux | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| include: | |
| - { target-name: "release-ubi", registry-id: "631f805e0d15f623c5996c2e" } | |
| - { target-name: "release-fips-ubi", registry-id: "649cced3e093d1cc7f3d9b61", fips: "+fips1402" } | |
| env: | |
| repo: ${{github.event.repository.name}} | |
| version: ${{needs.get-product-version.outputs.product-version}}${{ matrix.fips }} | |
| steps: | |
| - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
| - uses: hashicorp/actions-docker-build@v2 | |
| with: | |
| version: ${{env.version}} | |
| target: ${{ matrix.target-name }} | |
| arch: amd64 | |
| redhat_tag: quay.io/redhat-isv-containers/${{matrix.registry-id}}:${{env.version}}-ubi | |
| extra_build_args: | | |
| GOLANG_VERSION=${{ needs.get-go-version.outputs.go-version }} | |
| build-docker-ubi-dockerhub: | |
| name: Docker ${{ matrix.arch }} ${{ matrix.fips }} UBI build for DockerHub | |
| needs: | |
| - get-go-version | |
| - get-product-version | |
| - build-linux | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| include: | |
| - { arch: "amd64" } | |
| - { arch: "amd64", fips: "+fips1402" } | |
| env: | |
| repo: ${{ github.event.repository.name }} | |
| version: ${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }} | |
| steps: | |
| - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
| # This naming convention will be used ONLY for per-commit dev images | |
| - name: Set docker dev tag | |
| run: | | |
| echo "full_dev_tag=${{ env.version }}" | |
| echo "full_dev_tag=${{ env.version }}" >> $GITHUB_ENV | |
| echo "minor_dev_tag=$(echo ${{ env.version }}| sed -E 's/([0-9]+\.[0-9]+)\.[0-9]+(-[0-9a-zA-Z\+\.]+)?$/\1\2/')" | |
| echo "minor_dev_tag=$(echo ${{ env.version }}| sed -E 's/([0-9]+\.[0-9]+)\.[0-9]+(-[0-9a-zA-Z\+\.]+)?$/\1\2/')" >> $GITHUB_ENV | |
| - name: Docker Build (Action) | |
| if: ${{ !matrix.fips }} | |
| uses: hashicorp/actions-docker-build@v2 | |
| with: | |
| smoke_test: | | |
| TEST_VERSION="$(docker run "${IMAGE_NAME}" --version | head -n1 | cut -d' ' -f3 | sed 's/^v//')" | |
| if [ "${TEST_VERSION}" != "${version}" ]; then | |
| echo "Test FAILED: Got ${TEST_VERSION}, want ${version}}." | |
| exit 1 | |
| fi | |
| echo "Test PASSED" | |
| version: ${{ env.version }} | |
| target: release-ubi | |
| arch: ${{ matrix.arch }} | |
| tags: | | |
| docker.io/hashicorp/${{env.repo}}:${{env.version}}-ubi | |
| public.ecr.aws/hashicorp/${{env.repo}}:${{env.version}}-ubi | |
| dev_tags: | | |
| docker.io/hashicorppreview/${{ env.repo }}:${{ env.full_dev_tag }}-ubi | |
| docker.io/hashicorppreview/${{ env.repo }}:${{ env.full_dev_tag }}-ubi-${{ github.sha }} | |
| docker.io/hashicorppreview/${{ env.repo }}:${{ env.minor_dev_tag }}-ubi | |
| docker.io/hashicorppreview/${{ env.repo }}:${{ env.minor_dev_tag }}-ubi-${{ github.sha }} | |
| extra_build_args: | | |
| GOLANG_VERSION=${{ needs.get-go-version.outputs.go-version }} | |
| - name: Docker FIPS Build (Action) | |
| if: ${{ matrix.fips }} | |
| uses: hashicorp/actions-docker-build@v2 | |
| with: | |
| smoke_test: | | |
| TEST_VERSION="$(docker run "${IMAGE_NAME}" --version | head -n1 | cut -d' ' -f3 | sed 's/^v//')" | |
| if [ "${TEST_VERSION}" != "${version}" ]; then | |
| echo "Test FAILED: Got ${TEST_VERSION}, want ${version}}." | |
| exit 1 | |
| fi | |
| echo "Test PASSED" | |
| version: ${{ env.version }} | |
| target: release-fips-ubi | |
| arch: ${{ matrix.arch }} | |
| tags: | | |
| docker.io/hashicorp/${{env.repo}}-fips:${{env.version}}-ubi | |
| public.ecr.aws/hashicorp/${{env.repo}}-fips:${{env.version}}-ubi | |
| dev_tags: | | |
| docker.io/hashicorppreview/${{ env.repo }}-fips:${{ env.full_dev_tag }}-ubi | |
| docker.io/hashicorppreview/${{ env.repo }}-fips:${{ env.full_dev_tag }}-ubi-${{ github.sha }} | |
| docker.io/hashicorppreview/${{ env.repo }}-fips:${{ env.minor_dev_tag }}-ubi | |
| docker.io/hashicorppreview/${{ env.repo }}-fips:${{ env.minor_dev_tag }}-ubi-${{ github.sha }} | |
| extra_build_args: | | |
| GOLANG_VERSION=${{ needs.get-go-version.outputs.go-version }} | |
| integration-tests: | |
| name: Integration Tests (Consul ${{ matrix.server.version }} ${{ matrix.dataplane.docker_target }}) | |
| needs: | |
| - build-docker-default | |
| - build-docker-ubi-dockerhub | |
| - get-product-version | |
| - get-go-version | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| server: | |
| - version: v1.15.0-dev | |
| image: hashicorppreview/consul:1.15-dev | |
| - version: v1.18.0-dev | |
| image: hashicorppreview/consul:1.18-dev | |
| - version: v1.19.0-dev | |
| image: hashicorppreview/consul:1.19-dev | |
| - version: v1.20.0-dev | |
| image: hashicorppreview/consul:1.20-dev | |
| dataplane: | |
| - image_suffix: "" | |
| docker_target: "release-default" | |
| - image_suffix: "-ubi" | |
| docker_target: "release-ubi" | |
| env: | |
| repo: ${{ github.event.repository.name }} | |
| version: ${{ needs.get-product-version.outputs.product-version }} | |
| steps: | |
| - name: Set docker dev tag | |
| run: | | |
| version="${{ env.version }}" | |
| echo "dev_tag=${{ env.version }}${{ matrix.dataplane.image_suffix }}" >> $GITHUB_ENV | |
| - name: Set image tarball | |
| run: | | |
| echo "image_tarball=${{env.repo}}_${{ matrix.dataplane.docker_target }}_linux_amd64_${{env.version}}_${{github.sha}}.docker.dev.tar" >> $GITHUB_ENV | |
| - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 | |
| with: | |
| name: ${{env.image_tarball}} | |
| - run: docker load --input ${{env.image_tarball}} | |
| - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
| - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 | |
| with: | |
| go-version: ${{ needs.get-go-version.outputs.go-version }} | |
| - id: run-tests | |
| run: cd integration-tests && go test -v -output-dir=./output -dataplane-image=hashicorppreview/${{env.repo}}:${{env.dev_tag}}-${{github.sha}} -server-image=${{matrix.server.image}} -server-version=${{matrix.server.version}} | |
| continue-on-error: true | |
| - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | |
| continue-on-error: true | |
| with: | |
| name: consul-${{matrix.server.version}}-${{matrix.dataplane.docker_target}}-integration-tests-output | |
| path: integration-tests/output/ | |
| if-no-files-found: 'error' | |
| - name: Check for failures | |
| if: ${{ steps.run-tests.outcome != 'success' }} | |
| run: exit 1 | |
| integration-tests-success: | |
| needs: | |
| - conditional-skip | |
| - integration-tests | |
| runs-on: ubuntu-latest | |
| if: always() && needs.conditional-skip.outputs.skip-ci != 'true' | |
| steps: | |
| - name: evaluate upstream job results | |
| run: | | |
| # exit 1 if failure or cancelled result for any upstream job | |
| if printf '${{ toJSON(needs) }}' | grep -E -i '\"result\": \"(failure|cancelled)\"'; then | |
| printf "Tests failed or workflow cancelled:\n\n${{ toJSON(needs) }}" | |
| exit 1 | |
| fi |