Onboard consul to use new version/VERSION file and reproducible actions (#15631)

* Onboard consul to use new .release/VERSION file and reproducible actions-go-build

* Onboard consul to use new .release/VERSION file and reproducible actions

* Onboard consul to use new .release/VERSION file and reproducible actions

* fix to consul

* Onboard consul to use new .release/VERSION file and reproducible actions

* Onboard consul to use new .release/VERSION file and reproducible actions

* Onboard consul to use new .release/VERSION file and reproducible actions

* test out ent changes

* just or testing

* Added setup go for build ui

* try removing VERSION file out of .release dir

* add checkout action for build ui and update checkout version

* try no -dev marker

* try removing extra ldflags

* test version

* add back in setup-go step?

* Update utils.js

read from static VERSION file

* remove actions-setup go

* add 1.15.0-dev

* Using prepare workflow for pre-stable channel workflow

* Test prepare workflow

* Remove set-product-version branch from release pipeline

* Use METADATA in environment

* Correct env vars

* Remove current branch from build trigger list

Co-authored-by: emilymianeil <emilymianeil@gmail.com>
Co-authored-by: Sarah <sthompson@hashicorp.com>
Co-authored-by: hc-github-team-nomad-core <github-team-nomad-core@hashicorp.com>
Co-authored-by: emily neil <63985869+emilymianeil@users.noreply.github.com>
This commit is contained in:
claire labry 2023-01-05 14:16:47 -06:00 committed by GitHub
parent 666c2b2e2b
commit 590ae5fa5c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 120 additions and 293 deletions

View File

@ -10,54 +10,62 @@ on:
env:
PKG_NAME: consul
METADATA: oss
jobs:
get-product-version:
set-product-version:
runs-on: ubuntu-latest
outputs:
product-version: ${{ steps.get-product-version.outputs.product-version }}
product-version: ${{ steps.set-product-version.outputs.product-version }}
base-product-version: ${{ steps.set-product-version.outputs.base-product-version }}
product-date: ${{ steps.get-product-version.outputs.product-date }}
pre-version: ${{ steps.get-product-version.outputs.pre-version }}
pkg-version: ${{ steps.get-product-version.outputs.pkg-version }}
pre-version: ${{ steps.set-product-version.outputs.prerelease-product-version }}
shared-ldflags: ${{ steps.shared-ldflags.outputs.shared-ldflags }}
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v3
- name: set product version
id: set-product-version
uses: hashicorp/actions-set-product-version@v1
- name: get product version
id: get-product-version
run: |
CONSUL_VERSION=$(build-support/scripts/version.sh -r)
CONSUL_DATE=$(build-support/scripts/build-date.sh)
## TODO: This assumes `make version` outputs 1.1.1+ent-prerel
IFS="+" read VERSION _other <<< "$CONSUL_VERSION"
IFS="-" read _other PREREL_VERSION <<< "$CONSUL_VERSION"
## TODO: this assumes `version.sh` outputs in the expected ordering of
## [version]+ent{-prerelease} If we need to transition to
## [version]{-prerelease}+ent before then, we'll need to add
## logic to handle presense/absence of the prerelease
echo "::set-output name=product-version::${CONSUL_VERSION}"
echo "::set-output name=product-date::${CONSUL_DATE}"
echo "::set-output name=pre-version::${PREREL_VERSION}"
echo "::set-output name=pkg-version::${VERSION}"
- name: Set shared -ldflags
id: shared-ldflags
run: |
T="github.com/hashicorp/consul/version"
echo "::set-output name=shared-ldflags::-X ${T}.GitCommit=${GITHUB_SHA::8} -X ${T}.GitDescribe=${{ steps.get-product-version.outputs.product-version }} -X ${T}.BuildDate=${{ steps.get-product-version.outputs.product-date }}"
echo "::set-output name=shared-ldflags::-X ${T}.GitCommit=${GITHUB_SHA::8} \
-X ${T}.GitDescribe=${{ steps.set-product-version.outputs.product-version }} \
-X ${T}.BuildDate=${{ steps.get-product-version.outputs.product-date }} \
"
validate-outputs:
needs: set-product-version
runs-on: ubuntu-latest
steps:
- name: Validate Outputs
run: |
echo "Product Version: ${{ needs.set-product-version.outputs.product-version }}"
echo "Base Product Version: ${{ needs.set-product-version.outputs.base-product-version }}"
echo "Product Metadata: ${{ env.METADATA }}"
echo "Product Date: ${{ needs.set-product-version.outputs.product-date }}"
echo "Prerelease Version: ${{ needs.set-product-version.outputs.pre-version }}"
echo "Ldflags: ${{ needs.set-product-version.outputs.shared-ldflags }}"
generate-metadata-file:
needs: get-product-version
needs: set-product-version
runs-on: ubuntu-latest
outputs:
filepath: ${{ steps.generate-metadata-file.outputs.filepath }}
steps:
- name: 'Checkout directory'
uses: actions/checkout@v2
uses: actions/checkout@v3
- name: Generate metadata file
id: generate-metadata-file
uses: hashicorp/actions-generate-metadata@v1
with:
version: ${{ needs.get-product-version.outputs.product-version }}
version: ${{ needs.set-product-version.outputs.product-version }}
product: ${{ env.PKG_NAME }}
- uses: actions/upload-artifact@v2
@ -66,7 +74,7 @@ jobs:
path: ${{ steps.generate-metadata-file.outputs.filepath }}
build:
needs: get-product-version
needs: set-product-version
runs-on: ubuntu-latest
strategy:
matrix:
@ -84,15 +92,10 @@ jobs:
name: Go ${{ matrix.go }} ${{ matrix.goos }} ${{ matrix.goarch }} build
steps:
- uses: actions/checkout@v2
- name: Setup go
uses: actions/setup-go@v2
with:
go-version: ${{ matrix.go }}
- uses: actions/checkout@v3
- name: Setup with node and yarn
uses: actions/setup-node@v2
uses: actions/setup-node@v3
with:
node-version: '14'
cache: 'yarn'
@ -100,8 +103,8 @@ jobs:
- name: Build UI
run: |
CONSUL_VERSION=${{ needs.get-product-version.outputs.product-version }}
CONSUL_DATE=${{ needs.get-product-version.outputs.product-date }}
CONSUL_VERSION=${{ needs.set-product-version.outputs.product-version }}
CONSUL_DATE=${{ needs.set-product-version.outputs.product-date }}
CONSUL_BINARY_TYPE=${CONSUL_BINARY_TYPE}
CONSUL_COPYRIGHT_YEAR=$(git show -s --format=%cd --date=format:%Y HEAD)
echo "consul_version is ${CONSUL_VERSION}"
@ -111,21 +114,22 @@ jobs:
cd ui && make && cd ..
rm -rf agent/uiserver/dist
mv ui/packages/consul-ui/dist agent/uiserver/
- name: Build
- name: Go Build
env:
GOOS: ${{ matrix.goos }}
GOARCH: ${{ matrix.goarch }}
CGO_ENABLED: 0
GOLDFLAGS: "${{needs.get-product-version.outputs.shared-ldflags}}"
run: |
mkdir dist out
go build -ldflags="$GOLDFLAGS" -o dist/ .
zip -r -j out/${{ env.PKG_NAME }}_${{ needs.get-product-version.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip dist/
- uses: actions/upload-artifact@v2
PRODUCT_VERSION: ${{ needs.set-product-version.outputs.product-version }}
PRERELEASE_VERSION: ${{ needs.set-product-version.outputs.pre-version }}
CGO_ENABLED: "0"
GOLDFLAGS: "${{needs.set-product-version.outputs.shared-ldflags}}"
uses: hashicorp/actions-go-build@v0.1.7
with:
name: ${{ env.PKG_NAME }}_${{ needs.get-product-version.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip
path: out/${{ env.PKG_NAME }}_${{ needs.get-product-version.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip
product_name: ${{ env.PKG_NAME }}
product_version: ${{ needs.set-product-version.outputs.product-version }}
go_version: ${{ matrix.go }}
os: ${{ matrix.goos }}
arch: ${{ matrix.goarch }}
reproducible: report
instructions: |-
go build -ldflags="$GOLDFLAGS" -o "$BIN_PATH" -trimpath -buildvcs=false
- name: Package
if: ${{ matrix.goos == 'linux' }}
@ -134,7 +138,7 @@ jobs:
name: ${{ github.event.repository.name }}
description: "Consul is a distributed, highly available, and data center aware solution to connect and configure applications across dynamic, distributed infrastructure. "
arch: ${{ matrix.goarch }}
version: ${{ needs.get-product-version.outputs.product-version }}
version: ${{ needs.set-product-version.outputs.product-version }}
maintainer: "HashiCorp"
homepage: "https://github.com/hashicorp/consul"
license: "MPL-2.0"
@ -166,7 +170,7 @@ jobs:
path: out/${{ env.DEB_PACKAGE }}
build-darwin:
needs: get-product-version
needs: set-product-version
runs-on: macos-latest
strategy:
matrix:
@ -177,15 +181,10 @@ jobs:
name: Go ${{ matrix.go }} ${{ matrix.goos }} ${{ matrix.goarch }} build
steps:
- uses: actions/checkout@v2
- name: Setup go
uses: actions/setup-go@v2
with:
go-version: ${{ matrix.go }}
- uses: actions/checkout@v3
- name: Setup with node and yarn
uses: actions/setup-node@v2
uses: actions/setup-node@v3
with:
node-version: '14'
cache: 'yarn'
@ -193,7 +192,7 @@ jobs:
- name: Build UI
run: |
CONSUL_VERSION=${{ needs.get-product-version.outputs.product-version }}
CONSUL_VERSION=${{ needs.set-product-version.outputs.product-version }}
CONSUL_BINARY_TYPE=${CONSUL_BINARY_TYPE}
CONSUL_COPYRIGHT_YEAR=$(git show -s --format=%cd --date=format:%Y HEAD)
echo "consul_version is ${CONSUL_VERSION}"
@ -202,26 +201,27 @@ jobs:
cd ui && make && cd ..
rm -rf agent/uiserver/dist
mv ui/packages/consul-ui/dist agent/uiserver/
- name: Build
- name: Go Build
env:
GOOS: ${{ matrix.goos }}
GOARCH: ${{ matrix.goarch }}
GOLDFLAGS: "${{ needs.get-product-version.outputs.shared-ldflags }}"
run: |
mkdir dist out
go build -ldflags="$GOLDFLAGS" -tags netcgo -o dist/ .
zip -r -j out/${{ env.PKG_NAME }}_${{ needs.get-product-version.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip dist/
- uses: actions/upload-artifact@v2
PRODUCT_VERSION: ${{ needs.set-product-version.outputs.product-version }}
PRERELEASE_VERSION: ${{ needs.set-product-version.outputs.pre-version }}
CGO_ENABLED: "0"
GOLDFLAGS: "${{needs.set-product-version.outputs.shared-ldflags}}"
uses: hashicorp/actions-go-build@v0.1.7
with:
name: ${{ env.PKG_NAME }}_${{ needs.get-product-version.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip
path: out/${{ env.PKG_NAME }}_${{ needs.get-product-version.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip
product_name: ${{ env.PKG_NAME }}
product_version: ${{ needs.set-product-version.outputs.product-version }}
go_version: ${{ matrix.go }}
os: ${{ matrix.goos }}
arch: ${{ matrix.goarch }}
reproducible: report
instructions: |-
go build -ldflags="$GOLDFLAGS" -tags netcgo -o "$BIN_PATH" -trimpath -buildvcs=false
build-docker:
name: Docker ${{ matrix.arch }} build
needs:
- get-product-version
- set-product-version
- build
runs-on: ubuntu-latest
strategy:
@ -229,10 +229,10 @@ jobs:
arch: ["386", "amd64", "arm", "arm64"]
env:
repo: ${{github.event.repository.name}}
version: ${{needs.get-product-version.outputs.product-version}}
version: ${{needs.set-product-version.outputs.product-version}}
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v3
# Strip everything but MAJOR.MINOR from the version string and add a `-dev` suffix
# This naming convention will be used ONLY for per-commit dev images
@ -258,15 +258,15 @@ jobs:
build-docker-ubi-redhat:
name: Docker Build UBI Image for RedHat Registry
needs:
- get-product-version
- set-product-version
- build
runs-on: ubuntu-latest
env:
repo: ${{github.event.repository.name}}
version: ${{needs.get-product-version.outputs.product-version}}
version: ${{needs.set-product-version.outputs.product-version}}
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v3
- uses: hashicorp/actions-docker-build@v1
with:
version: ${{env.version}}
@ -278,15 +278,15 @@ jobs:
build-docker-ubi-dockerhub:
name: Docker Build UBI Image for DockerHub
needs:
- get-product-version
- set-product-version
- build
runs-on: ubuntu-latest
env:
repo: ${{github.event.repository.name}}
version: ${{needs.get-product-version.outputs.product-version}}
version: ${{needs.set-product-version.outputs.product-version}}
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v3
# Strip everything but MAJOR.MINOR from the version string and add a `-dev` suffix
# This naming convention will be used ONLY for per-commit dev images
@ -310,7 +310,7 @@ jobs:
verify-linux:
needs:
- get-product-version
- set-product-version
- build
runs-on: ubuntu-latest
strategy:
@ -318,12 +318,12 @@ jobs:
arch: ["386", "amd64", "arm", "arm64"]
fail-fast: true
env:
version: ${{ needs.get-product-version.outputs.product-version }}
zip_name: consul_${{ needs.get-product-version.outputs.product-version }}_linux_${{ matrix.arch }}.zip
version: ${{ needs.set-product-version.outputs.product-version }}
zip_name: consul_${{ needs.set-product-version.outputs.product-version }}_linux_${{ matrix.arch }}.zip
name: Verify ${{ matrix.arch }} linux binary
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v3
- name: Download ${{ matrix.arch }} zip
uses: actions/download-artifact@v3
@ -342,18 +342,18 @@ jobs:
verify-darwin:
needs:
- get-product-version
- set-product-version
- build-darwin
runs-on: macos-latest
strategy:
fail-fast: true
env:
version: ${{needs.get-product-version.outputs.product-version}}
zip_name: consul_${{ needs.get-product-version.outputs.product-version }}_darwin_amd64.zip
version: ${{needs.set-product-version.outputs.product-version}}
zip_name: consul_${{ needs.set-product-version.outputs.product-version }}_darwin_amd64.zip
name: Verify amd64 darwin binary
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v3
- name: Download amd64 darwin zip
uses: actions/download-artifact@v3
@ -369,22 +369,22 @@ jobs:
verify-linux-packages-deb:
needs:
- build
- get-product-version
- set-product-version
runs-on: ubuntu-latest
strategy:
matrix:
arch: ["i386", "amd64", "armhf", "arm64"]
# fail-fast: true
env:
version: ${{ needs.get-product-version.outputs.product-version }}
version: ${{ needs.set-product-version.outputs.product-version }}
name: Verify ${{ matrix.arch }} debian package
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v3
- name: Set package version
run: |
echo "pkg_version=$(echo ${{ needs.get-product-version.outputs.product-version }} | sed 's/\-/~/g')" >> $GITHUB_ENV
echo "pkg_version=$(echo ${{ needs.set-product-version.outputs.product-version }} | sed 's/\-/~/g')" >> $GITHUB_ENV
- name: Set package name
run: |
@ -406,22 +406,22 @@ jobs:
verify-linux-packages-rpm:
needs:
- build
- get-product-version
- set-product-version
runs-on: ubuntu-latest
strategy:
matrix:
# TODO(eculver): re-enable when there is a smaller verification container available
arch: ["i386", "x86_64"] #, "armv7hl", "aarch64"]
env:
version: ${{ needs.get-product-version.outputs.product-version }}
version: ${{ needs.set-product-version.outputs.product-version }}
name: Verify ${{ matrix.arch }} rpm
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v3
- name: Set package version
run: |
echo "pkg_version=$(echo ${{ needs.get-product-version.outputs.product-version }} | sed 's/\-/~/g')" >> $GITHUB_ENV
echo "pkg_version=$(echo ${{ needs.set-product-version.outputs.product-version }} | sed 's/\-/~/g')" >> $GITHUB_ENV
- name: Set package name
run: |

View File

@ -17,7 +17,6 @@ project "consul" {
}
event "build" {
depends = ["merge"]
action "build" {
organization = "hashicorp"
repository = "crt-workflows-common"
@ -25,12 +24,12 @@ event "build" {
}
}
event "upload-dev" {
event "prepare" {
depends = ["build"]
action "upload-dev" {
action "prepare" {
organization = "hashicorp"
repository = "crt-workflows-common"
workflow = "upload-dev"
workflow = "prepare"
depends = ["build"]
}
@ -39,186 +38,6 @@ event "upload-dev" {
}
}
event "security-scan-binaries" {
depends = ["upload-dev"]
action "security-scan-binaries" {
organization = "hashicorp"
repository = "crt-workflows-common"
workflow = "security-scan-binaries"
config = "security-scan.hcl"
}
notification {
on = "fail"
}
}
event "security-scan-containers" {
depends = ["security-scan-binaries"]
action "security-scan-containers" {
organization = "hashicorp"
repository = "crt-workflows-common"
workflow = "security-scan-containers"
config = "security-scan.hcl"
}
notification {
on = "fail"
}
}
event "notarize-darwin-amd64" {
depends = ["security-scan-containers"]
action "notarize-darwin-amd64" {
organization = "hashicorp"
repository = "crt-workflows-common"
workflow = "notarize-darwin-amd64"
}
notification {
on = "fail"
}
}
event "notarize-darwin-arm64" {
depends = ["notarize-darwin-amd64"]
action "notarize-darwin-arm64" {
organization = "hashicorp"
repository = "crt-workflows-common"
workflow = "notarize-darwin-arm64"
}
notification {
on = "fail"
}
}
event "notarize-windows-386" {
depends = ["notarize-darwin-arm64"]
action "notarize-windows-386" {
organization = "hashicorp"
repository = "crt-workflows-common"
workflow = "notarize-windows-386"
}
notification {
on = "fail"
}
}
event "notarize-windows-amd64" {
depends = ["notarize-windows-386"]
action "notarize-windows-amd64" {
organization = "hashicorp"
repository = "crt-workflows-common"
workflow = "notarize-windows-amd64"
}
notification {
on = "fail"
}
}
event "sign" {
depends = ["notarize-windows-amd64"]
action "sign" {
organization = "hashicorp"
repository = "crt-workflows-common"
workflow = "sign"
}
notification {
on = "fail"
}
}
event "sign-linux-rpms" {
depends = ["sign"]
action "sign-linux-rpms" {
organization = "hashicorp"
repository = "crt-workflows-common"
workflow = "sign-linux-rpms"
}
notification {
on = "fail"
}
}
event "verify" {
depends = ["sign-linux-rpms"]
action "verify" {
organization = "hashicorp"
repository = "crt-workflows-common"
workflow = "verify"
}
notification {
on = "fail"
}
}
event "promote-dev-docker" {
depends = ["verify"]
action "promote-dev-docker" {
organization = "hashicorp"
repository = "crt-workflows-common"
workflow = "promote-dev-docker"
depends = ["verify"]
}
notification {
on = "fail"
}
}
event "fossa-scan" {
depends = ["promote-dev-docker"]
action "fossa-scan" {
organization = "hashicorp"
repository = "crt-workflows-common"
workflow = "fossa-scan"
}
}
## These are promotion and post-publish events
## they should be added to the end of the file after the verify event stanza.
event "trigger-staging" {
// This event is dispatched by the bob trigger-promotion command
// and is required - do not delete.
}
event "promote-staging" {
depends = ["trigger-staging"]
action "promote-staging" {
organization = "hashicorp"
repository = "crt-workflows-common"
workflow = "promote-staging"
config = "release-metadata.hcl"
}
notification {
on = "always"
}
}
event "promote-staging-docker" {
depends = ["promote-staging"]
action "promote-staging-docker" {
organization = "hashicorp"
repository = "crt-workflows-common"
workflow = "promote-staging-docker"
}
notification {
on = "always"
}
}
event "trigger-production" {
// This event is dispatched by the bob trigger-promotion command
// and is required - do not delete.
@ -275,9 +94,21 @@ event "post-publish-website" {
on = "always"
}
}
event "bump-version" {
depends = ["post-publish-website"]
action "bump-version" {
organization = "hashicorp"
repository = "crt-workflows-common"
workflow = "bump-version"
}
notification {
on = "fail"
}
}
event "update-ironbank" {
depends = ["post-publish-website"]
depends = ["bump-version"]
action "update-ironbank" {
organization = "hashicorp"
repository = "crt-workflows-common"

View File

@ -9,16 +9,10 @@ const repositorySHA = function (sha = exec('git rev-parse --short HEAD')) {
return sha.toString().trim();
};
const binaryVersion = function (repositoryRoot) {
return function (versionFileContents = read(`${repositoryRoot}/version/version.go`)) {
return function (versionFileContents = read(`${repositoryRoot}/version/VERSION`)) {
// see /scripts/dist.sh:8
return versionFileContents
.toString()
.split('\n')
.find(function (item, i, arr) {
return item.indexOf('Version =') !== -1;
})
.trim()
.split('"')[1];
};
};
const env = function ($) {

1
version/VERSION Normal file
View File

@ -0,0 +1 @@
1.15.0-dev

View File

@ -1,6 +1,7 @@
package version
import (
_ "embed"
"fmt"
"strings"
)
@ -10,20 +11,20 @@ var (
// compiler.
GitCommit string
// The next version number that will be released. This will be updated after every release.
//
// The next version number that will be released. This will be updated after every release
// Version must conform to the format expected by github.com/hashicorp/go-version
// for tests to work.
Version = "1.15.0"
// A pre-release marker for the version can also be specified (e.g -dev). If this is omitted
// then it means that it is a final release. Otherwise, this is a pre-release
// such as "dev" (in development), "beta", "rc1", etc.
//go:embed VERSION
fullVersion string
Version, VersionPrerelease, _ = strings.Cut(fullVersion, "-")
// https://semver.org/#spec-item-10
VersionMetadata = ""
// A pre-release marker for the version. If this is "" (empty string)
// then it means that it is a final release. Otherwise, this is a pre-release
// such as "dev" (in development), "beta", "rc1", etc.
VersionPrerelease = "dev"
// The date/time of the build (actually the HEAD commit in git, to preserve stability)
// This isn't just informational, but is also used by the licensing system. Default is chosen to be flagantly wrong.
BuildDate string = "1970-01-01T00:00:01Z"