Commit Graph

69 Commits

Author SHA1 Message Date
Chris Hut ee2f046383
Upgrade Consul UI to Node 18 (#19252)
* Upgrading node to node 18

* Ensure we're on latest version of yarn as well

* add comma to make frontend tests run

* Use Node 18 Alpine image in UI build dockerfile

* delete package-lock.json

---------

Co-authored-by: wenincode <tyler.wendlandt@hashicorp.com>
Co-authored-by: Ella Cai <ella.y.cai@gmail.com>
Co-authored-by: Ella Cai <ella@hashicorp.com>
2023-10-23 12:29:04 -06:00
Dan Stough a94c013c8d
build(docker): always publish full and minor version tags for dev images (#19278) 2023-10-18 19:39:52 +00:00
Michael Zalimeni 8eb074e7c1
[NET-5944] security: Update Go version to 1.20.10 and `x/net` to 0.17.0 (#19225)
* Bump golang.org/x/net to 0.17.0

This resolves [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325)
/ [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487).

* Update Go version to 1.20.10

This resolves [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325)
/ [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487)
(`net/http`).
2023-10-16 17:49:04 -04:00
Michael Zalimeni 5e7afdf9a1
[NET-5574] Update Go version to 1.20.8 (#18742)
Update Go version to 1.20.8

This resolves several CVEs (see changelog entry).
2023-09-12 11:40:51 -04:00
Semir Patel 53e28a4963
OSS -> CE (community edition) changes (#18517) 2023-08-22 09:46:03 -05:00
Michael Zalimeni 905e371607
[NET-5146] security: Update Go version to 1.20.7 and `x/net` to 0.13.0 (#18358)
* Update Go version to 1.20.7

This resolves [CVE-2023-29409]
(https://nvd.nist.gov/vuln/detail/CVE-2023-29409)(`crypto/tls`).

* Bump golang.org/x/net to 0.13.0

Addresses [CVE-2023-3978](https://nvd.nist.gov/vuln/detail/CVE-2023-3978)
for security scans (non-impacting).
2023-08-02 13:10:29 -04:00
Michael Zalimeni 8b46bac36d
Align build arch matrix with enterprise (#18235)
Ensure that OSS remains in sync w/ Enterprise by aligning the format of
arch matrix args for various build jobs.
2023-07-24 11:22:34 -04:00
Dan Bond 7e01fcf5c0
ci: don't verify s390x (#18224) 2023-07-21 10:00:37 -07:00
hashicorp-tsccr[bot] 1ef5dfcfc6
SEC-090: Automated trusted workflow pinning (2023-07-18) (#18174)
Result of tsccr-helper -log-level=info -pin-all-workflows .

Co-authored-by: hashicorp-tsccr[bot] <hashicorp-tsccr[bot]@users.noreply.github.com>
2023-07-19 16:56:50 -07:00
Michael Zalimeni e8dd04d662
[NET-4865] security: Update Go version to 1.20.6 (#18190)
Update Go version to 1.20.6

This resolves [CVE-2023-29406]
(https://nvd.nist.gov/vuln/detail/CVE-2023-29406) for uses of the
`net/http` standard library.

Note that until the follow-up to #18124 is done, the version of Go used
in those impacted tests will need to remain on 1.20.5.
2023-07-19 17:02:18 -04:00
Dan Bond 3b3aa1f260
[NET-4103] ci: build s390x (#18067)
* ci: build s390x

* ci: test s390x

* ci: dev build s390x

* no GOOS

* ent only

* build: publish s390x

* fix syntax error

* fix syntax error again

* fix syntax error again x2

* test branch

* Move s390x conditionals to step level

* remove test branch

---------

Co-authored-by: emilymianeil <eneil@hashicorp.com>
2023-07-12 16:10:34 -07:00
Michael Zalimeni 500dcb1f21
Set GOPRIVATE for all hashicorp repos in CI (#17817)
Consistently set GOPRIVATE to include all hashicorp repos, s.t. private
modules are successfully pulled in enterprise CI.
2023-06-21 11:26:27 -04:00
Curt Bushko 0c15748c5a
[core]: Pin github action workflows (#17695) 2023-06-13 13:00:55 -04:00
modrake b74e87b70c
remove deprecated set-output calls in gha (#17494) 2023-05-30 08:17:53 -07:00
John Murret 6fa104409e
security: update go version to 1.20.4 (#17240)
* update go version to 1.20.3

* add changelog

* rename changelog file to remove underscore

* update to use 1.20.4

* update change log entry to reflect 1.20.4
2023-05-08 11:57:11 -06:00
Ronald e818fdead0
Copyright headers for config files git + circleci (#16703)
* Copyright headers for config files git + circleci

* Release folder copyright headers
2023-03-22 09:17:19 -04:00
Dan Bond 036ee5669e
fix build workflow (#16719)
Signed-off-by: Dan Bond <danbond@protonmail.com>
2023-03-21 18:16:37 +00:00
Dan Bond eca8b0277d
[NET-3029] Migrate build-distros to GHA (#16669)
* migrate build distros to GHA

Signed-off-by: Dan Bond <danbond@protonmail.com>

* build-arm

Signed-off-by: Dan Bond <danbond@protonmail.com>

* don't use matrix

Signed-off-by: Dan Bond <danbond@protonmail.com>

* check-go-mod

Signed-off-by: Dan Bond <danbond@protonmail.com>

* add notify slack script

Signed-off-by: Dan Bond <danbond@protonmail.com>

* notify slack if failure

Signed-off-by: Dan Bond <danbond@protonmail.com>

* rm notify slack script

Signed-off-by: Dan Bond <danbond@protonmail.com>

* fix check-go-mod job

Signed-off-by: Dan Bond <danbond@protonmail.com>

---------

Signed-off-by: Dan Bond <danbond@protonmail.com>
2023-03-21 10:37:32 -07:00
Dan Stough f1436109ea
[OSS] security: update go to 1.20.1 (#16263)
* security: update go to 1.20.1
2023-02-17 15:04:12 -05:00
claire labry 590ae5fa5c
Onboard consul to use new version/VERSION file and reproducible actions (#15631)
* Onboard consul to use new .release/VERSION file and reproducible actions-go-build

* Onboard consul to use new .release/VERSION file and reproducible actions

* Onboard consul to use new .release/VERSION file and reproducible actions

* fix to consul

* Onboard consul to use new .release/VERSION file and reproducible actions

* Onboard consul to use new .release/VERSION file and reproducible actions

* Onboard consul to use new .release/VERSION file and reproducible actions

* test out ent changes

* just or testing

* Added setup go for build ui

* try removing VERSION file out of .release dir

* add checkout action for build ui and update checkout version

* try no -dev marker

* try removing extra ldflags

* test version

* add back in setup-go step?

* Update utils.js

read from static VERSION file

* remove actions-setup go

* add 1.15.0-dev

* Using prepare workflow for pre-stable channel workflow

* Test prepare workflow

* Remove set-product-version branch from release pipeline

* Use METADATA in environment

* Correct env vars

* Remove current branch from build trigger list

Co-authored-by: emilymianeil <emilymianeil@gmail.com>
Co-authored-by: Sarah <sthompson@hashicorp.com>
Co-authored-by: hc-github-team-nomad-core <github-team-nomad-core@hashicorp.com>
Co-authored-by: emily neil <63985869+emilymianeil@users.noreply.github.com>
2023-01-05 12:16:47 -08:00
Dhia Ayachi 0402fd23a3
update go version to 1.19.4 (#15705)
* update go version to 1.19.4

* add changelog
2022-12-07 15:11:22 -05:00
Chris S. Kim 41019adf56 Update go version to 1.19 2022-10-24 16:12:08 -04:00
Sam Salisbury 7b4da9d4f4
docker: update redhat_tag 2022-10-20 16:01:38 +01:00
Michele Degges 45cfb1272f
[CI-only] Update RedHat registry tag
There are a few changes being made to RedHat's registry on October 20, 2022 that affect the way images need to be tagged prior to being pushed to the registry. This PR changes the tag to conform to the new standard. 

We have other work queued up in crt-workflows-common and actions-docker-build to support the other required changes. 

This PR should be merged to `main` and all release branches on or after October 20, 2022, and MUST be merged before your next production release. Otherwise, the automation to push to the RedHat registry will not work.

----

A detailed list of changes shared from RedHat (as an FYI):

The following changes will occur for container certification projects that leverage the Red Hat hosted registry [[registry.connect.redhat.com](http://registry.connect.redhat.com/)] for image distribution:

- All currently published images are migrating to a NEW, Red Hat hosted quay registry. Partners do not have to do anything for this migration, and this will not impact customers. The registry will still utilize [registry.connect.redhat.com](http://registry.connect.redhat.com/) as the registry URL.

- The registry URL currently used to push, tag, and certify images, as well as the registry login key, will change. You can see these changes under the “Images” tab of the container certification project. You will now see a [quay.io](http://quay.io/) address and will no longer see [scan.connect.redhat.com](http://scan.connect.redhat.com/).

- Partners will have the opportunity to auto-publish images by selecting “Auto-publish” in the Settings tab of your certification project. This will automatically publish images that pass all certification tests.

- For new container image projects, partners will have the option to host within their own chosen image registry while using [registry.connect.redhat.com](http://registry.connect.redhat.com/) as a proxy address. This means the end user can authenticate to the Red Hat registry to pull a partner image without having to provide additional authentication to the partner’s registry.
2022-10-19 10:55:48 -07:00
Evan Culver 6336d75da7
ci: Disable Arm RPM verifications (#14142) 2022-08-11 10:26:21 -07:00
Evan Culver ca5d2e1c00
ci: Use pattern for CRT release branch config (#13955) 2022-08-01 12:56:55 -07:00
Iryna Shustava a1df5ae9b7
build: add a build job to build and push UBI images to DockerHub (#13808) 2022-07-25 15:43:24 -07:00
Evan Culver d4fdddf8d4
Fix verifications by using updated arm package names (#13601)
Co-authored-by: alex <8968914+acpana@users.noreply.github.com>
2022-06-27 14:00:27 -07:00
Michele Degges 0b3f90c3e7
[CI-only] Dev tag update for main (#13541) 2022-06-24 13:45:57 -07:00
Sam Salisbury 2070d41fe9 correct redgat_tag ospid 2022-06-16 13:28:36 +01:00
Sam Salisbury 49a89e2b5a strip trailing whitespace 2022-06-16 13:27:37 +01:00
Mark Anderson 8945b68a9d Cleanup and extend basic build date
Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-06-09 17:04:05 -07:00
Mark Anderson d8663a741d Fixup build scripts
Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-06-09 17:04:05 -07:00
Evan Culver 596432fe38
ci: Add package verifications to build workflow (#13294)
Co-authored-by: cskh <hui.kang@hashicorp.com>
2022-06-06 14:42:11 -07:00
Chris S. Kim f0a9b30174
Update repo to use go:embed (#10996)
Replace bindata packages with stdlib go:embed.
Modernize some uiserver code with newer interfaces introduced in go 1.16 (mainly working with fs.File instead of http.File.
Remove steps that are no longer used from our build files.
Add Github Action to detect differences in agent/uiserver/dist and verify that the files are correct (by compiling UI assets and comparing contents).
2022-05-31 15:33:56 -04:00
Evan Culver 9a13be3881
ci: add docker build smoke test (#13200) 2022-05-27 13:29:57 -07:00
cskh 64cfe245dd
CI: Verify built binaries in build job (#13221)
Co-authored-by: Evan Culver <eculver@hashicorp.com>
2022-05-27 14:50:41 -04:00
Michele Degges 407cd332ff
[CI-only] Support UBI images (#13232)
Co-authored-by: David Yu <dyu@hashicorp.com>
2022-05-26 09:49:47 -07:00
Michele Degges bfe7f0ad63
[CI-only] Update tagging for dev_tags (#13199)
Remove the hardcoded `-dev` suffix from dev_tags, which is causing tags to be in the format `1.12.0-dev-dev` instead of just `1.12.0-dev`. I'll clean up the old tags before making the dockerhub repo public, which will be available https://hub.docker.com/r/hashicorppreview/consul
2022-05-24 15:23:01 -07:00
R.B. Boyer 7b72ddfb60
build: wire up remaining 5 helper tools into the same auto-install logic used for protobuf tools (#13184) 2022-05-23 10:50:45 -05:00
Michele Degges b4ea16dd83
[CI-only] Build and publish dev dockerhub images (#13084) 2022-05-17 12:23:03 -07:00
Claire Labry 38aa1fcadd
change action to pull v1 instead of main 2022-04-22 12:26:12 -04:00
DanStough 95250e7915 Update go version to 1.18.1 2022-04-18 11:41:10 -04:00
Michele Degges 45f2abfbba
Remove setup-qemu step from Docker build job (#12387) 2022-02-24 12:35:47 -08:00
Michele Degges d032fb52a2
Merge branch 'main' into fix-broken-dockerfile 2022-02-04 12:30:20 -08:00
claire labry 985ac9f185
Merge branch 'main' into enable-security-scan 2022-02-02 13:36:48 -05:00
JG d433a9d085
packaging: fix issues in pre/postremove scripts (#12147)
Fixes several issues with the pre/postremove scripts for both rpm and
deb packages. Specifically:

For postremove:
- the postremove script now functions correctly (i.e. restarts consul
  after a package upgrade) on rpm-based systems (where $1 is numeric
  rather than `purge` or `upgrade`)
- `systemctl daemon-reload` is called on package removal (rather than
  only on upgrade)
- calls `systemctl try-restart` instead of `systemctl restart`, which
  will only (re)start consul if it was already running when the upgrade
  happened.

For preremove:
- if the package is being completely uninstalled (rather than upgraded),
  stop consul before removing the package
2022-02-01 12:07:18 -08:00
Michele Degges 857ae2e94b Merge remote-tracking branch 'origin/main' into fix-broken-dockerfile 2022-01-30 20:09:59 -08:00
Michele Degges 987e9d3258 Remove trailing ,'s to keep commit history clean 2022-01-25 18:55:20 -08:00
Michele Degges ec3cf44240 Remove testing build trigger 2022-01-25 17:10:39 -08:00