[NET-4103] ci: build s390x (#18067)

* ci: build s390x

* ci: test s390x

* ci: dev build s390x

* no GOOS

* ent only

* build: publish s390x

* fix syntax error

* fix syntax error again

* fix syntax error again x2

* test branch

* Move s390x conditionals to step level

* remove test branch

---------

Co-authored-by: emilymianeil <eneil@hashicorp.com>

.github/workflows/build-distros.yml

@@ -117,6 +117,26 @@ jobs:
     - run: CC=arm-linux-gnueabihf-gcc GOARCH=arm GOARM=6 go build -tags "${{ env.GOTAGS }}"
     - run: CC=aarch64-linux-gnu-gcc GOARCH=arm64 go build -tags "${{ env.GOTAGS }}"
 
+
+  build-s390x:
+    if: ${{ endsWith(github.repository, '-enterprise') }}
+    needs:
+    - setup
+    - check-go-mod
+    runs-on: ${{ fromJSON(needs.setup.outputs.compute-xl) }}
+    steps:
+    - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+
+    # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
+    - name: Setup Git
+      run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com"
+
+    - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
+      with:
+        go-version-file: 'go.mod'
+    - name: Build
+      run: GOOS=linux GOARCH=s390x CGO_ENABLED=0 go build -tags "${{ env.GOTAGS }}"
+
   # This is job is required for branch protection as a required gihub check
   # because GitHub actions show up as checks at the job level and not the
   # workflow level.  This is currently a feature request:
@@ -130,7 +150,6 @@ jobs:
   #   (go-test-enteprise) that this job needs and this would potentially get
   #   skipped if a previous job got skipped.  So we use the if clause to make
   # sure it does not get skipped.
-
   build-distros-success:
     needs:
     - setup
@@ -138,6 +157,7 @@ jobs:
     - build-386
     - build-amd64
     - build-arm
+    - build-s390x
     runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }}
     if: ${{ always() }}
     steps:

.github/workflows/build.yml

@@ -57,6 +57,7 @@ jobs:
           echo "Product Date: ${{ needs.set-product-version.outputs.product-date }}"
           echo "Prerelease Version: ${{ needs.set-product-version.outputs.pre-version }}"
           echo "Ldflags: ${{ needs.set-product-version.outputs.shared-ldflags }}"
+
   generate-metadata-file:
     needs: set-product-version
     runs-on: ubuntu-latest
@@ -173,6 +174,57 @@ jobs:
           name: ${{ env.DEB_PACKAGE }}
           path: out/${{ env.DEB_PACKAGE }}
 
+  build-s390x:
+    needs: set-product-version
+    if: ${{ endsWith(github.repository, '-enterprise') }}
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        include:
+          - {go: "1.20.4", goos: "linux", goarch: "s390x"}
+      fail-fast: true
+
+    name: Go ${{ matrix.go }} ${{ matrix.goos }} ${{ matrix.goarch }} build
+    steps:
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+
+      - name: Setup with node and yarn
+        uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
+        with:
+          node-version: '14'
+          cache: 'yarn'
+          cache-dependency-path: 'ui/yarn.lock'
+
+      - name: Build UI
+        run: |
+          CONSUL_VERSION=${{ needs.set-product-version.outputs.product-version }}
+          CONSUL_DATE=${{ needs.set-product-version.outputs.product-date }}
+          CONSUL_BINARY_TYPE=${CONSUL_BINARY_TYPE}
+          CONSUL_COPYRIGHT_YEAR=$(git show -s --format=%cd --date=format:%Y HEAD)
+          echo "consul_version is ${CONSUL_VERSION}"
+          echo "consul_date is ${CONSUL_DATE}"
+          echo "consul binary type is ${CONSUL_BINARY_TYPE}"
+          echo "consul copyright year is ${CONSUL_COPYRIGHT_YEAR}"
+          cd ui && make && cd ..
+          rm -rf agent/uiserver/dist
+          mv ui/packages/consul-ui/dist agent/uiserver/
+      - name: Go Build
+        env:
+          PRODUCT_VERSION: ${{ needs.set-product-version.outputs.product-version }}
+          PRERELEASE_VERSION: ${{ needs.set-product-version.outputs.pre-version }}
+          CGO_ENABLED: "0"
+          GOLDFLAGS: "${{needs.set-product-version.outputs.shared-ldflags}}"
+        uses: hashicorp/actions-go-build@v0.1.7
+        with:
+          product_name: ${{ env.PKG_NAME }}
+          product_version: ${{ needs.set-product-version.outputs.product-version }}
+          go_version: ${{ matrix.go }}
+          os: ${{ matrix.goos }}
+          arch: ${{ matrix.goarch }}
+          reproducible: report
+          instructions: |-
+            go build -ldflags="$GOLDFLAGS" -o "$BIN_PATH" -trimpath -buildvcs=false
+
   build-darwin:
     needs: set-product-version
     runs-on: macos-latest
@@ -319,7 +371,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        arch: ["386", "amd64", "arm", "arm64"]
+        arch: ["386", "amd64", "arm", "arm64", "s390x"]
       fail-fast: true
     env:
       version: ${{ needs.set-product-version.outputs.product-version }}
@@ -328,8 +380,10 @@ jobs:
     name: Verify ${{ matrix.arch }} linux binary
     steps:
       - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+        if: ${{ endsWith(github.repository, '-enterprise') || matrix.arch != 's390x' }}
 
       - name: Download ${{ matrix.arch  }} zip
+        if: ${{ endsWith(github.repository, '-enterprise') || matrix.arch != 's390x' }}
         uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
         with:
           name: ${{ env.zip_name }}
@@ -342,6 +396,7 @@ jobs:
           platforms: arm,arm64
 
       - name: Run verification for ${{ matrix.arch }} binary
+        if: ${{ endsWith(github.repository, '-enterprise') || matrix.arch != 's390x' }}
         run: .github/scripts/verify_artifact.sh ${{ env.zip_name }} v${{ env.version }}
 
   verify-darwin:

.github/workflows/go-tests.yml

@@ -184,6 +184,19 @@ jobs:
     secrets:
       elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
 
+  dev-build-s390x:
+    if: ${{ endsWith(github.repository, '-enterprise') }}
+    needs:
+    - setup
+    uses: ./.github/workflows/reusable-dev-build.yml
+    with:
+      uploaded-binary-name: 'consul-bin-s390x'
+      runs-on: ${{ needs.setup.outputs.compute-xl }}
+      go-arch: "s390x"
+      repository-name: ${{ github.repository }}
+    secrets:
+      elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
+
   # dev-build-arm64:
   #   # only run on enterprise because GHA does not have arm64 runners in OSS
   #   if: ${{ endsWith(github.repository, '-enterprise') }}
@@ -296,6 +309,27 @@ jobs:
       consul-license: ${{secrets.CONSUL_LICENSE}}
       datadog-api-key: "${{ !endsWith(github.repository, '-enterprise') && secrets.DATADOG_API_KEY || '' }}"
 
+  go-test-s390x:
+    if: ${{ endsWith(github.repository, '-enterprise') }}
+    needs:
+    - setup
+    - dev-build-s390x
+    uses: ./.github/workflows/reusable-unit.yml
+    with:
+      uploaded-binary-name: 'consul-bin-s390x'
+      directory: .
+      go-test-flags: 'export GO_TEST_FLAGS="-short"'
+      runs-on: ${{ needs.setup.outputs.compute-xl }}
+      repository-name: ${{ github.repository }}
+      go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}"
+    permissions:
+      id-token: write # NOTE: this permission is explicitly required for Vault auth.
+      contents: read
+    secrets:
+      elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
+      consul-license: ${{secrets.CONSUL_LICENSE}}
+      datadog-api-key: "${{ !endsWith(github.repository, '-enterprise') && secrets.DATADOG_API_KEY || '' }}"
+
   go-test-envoyextensions:
     needs:
     - setup
@@ -445,6 +479,7 @@ jobs:
     - go-test-sdk-1-19
     - go-test-sdk-1-20
     - go-test-32bit
+    - go-test-s390x
     runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }}
     if: ${{ always() }}
     steps: