mirror of
https://github.com/kemko/nomad.git
synced 2026-01-05 18:05:42 +03:00
b17c0f7ff9
Trusted Supply Chain Component Registry (TSCCR) enforcement starts Monday and an internal report shows our semgrep action is pinned to a version that's not currently permitted. Update all the action versions to whatever's the new hotness to maximum the time-to-live on these until we have automated pinning setup. Also version bumps our chromedriver action, which randomly broke upstream today.
374 lines
14 KiB
YAML
374 lines
14 KiB
YAML
name: build
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
- release/**
|
|
workflow_dispatch:
|
|
inputs:
|
|
build-ref:
|
|
description: 'The git ref to build from'
|
|
type: string
|
|
default: ''
|
|
required: false
|
|
make-prerelease:
|
|
description: "Run prerelease to generate files"
|
|
type: "boolean"
|
|
required: false
|
|
default: true
|
|
|
|
env:
|
|
PKG_NAME: "nomad"
|
|
GO_TAGS: "release"
|
|
|
|
jobs:
|
|
get-go-version:
|
|
runs-on: ubuntu-20.04
|
|
outputs:
|
|
go-version: ${{ steps.get-go-version.outputs.go-version }}
|
|
steps:
|
|
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
|
|
with:
|
|
ref: ${{ github.event.inputs.build-ref }}
|
|
- name: Determine Go version
|
|
id: get-go-version
|
|
# We use .go-version as our source of truth for current Go
|
|
# version, because "goenv" can react to it automatically.
|
|
run: |-
|
|
echo "Building with Go $(cat .go-version)"
|
|
echo "go-version=$(cat .go-version)" >> "$GITHUB_OUTPUT"
|
|
get-product-version:
|
|
runs-on: ubuntu-20.04
|
|
outputs:
|
|
product-version: ${{ steps.get-product-version.outputs.product-version }}
|
|
steps:
|
|
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
|
|
with:
|
|
ref: ${{ github.event.inputs.build-ref }}
|
|
- name: get product version
|
|
id: get-product-version
|
|
run: |-
|
|
make version
|
|
echo "product-version=$(make version)" >> "$GITHUB_OUTPUT"
|
|
generate-metadata-file:
|
|
needs: get-product-version
|
|
runs-on: ubuntu-20.04
|
|
outputs:
|
|
filepath: ${{ steps.generate-metadata-file.outputs.filepath }}
|
|
steps:
|
|
- name: "Checkout directory"
|
|
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
|
|
with:
|
|
ref: ${{ github.event.inputs.build-ref }}
|
|
- name: Generate metadata file
|
|
id: generate-metadata-file
|
|
uses: hashicorp/actions-generate-metadata@v1.1.1
|
|
with:
|
|
version: ${{ needs.get-product-version.outputs.product-version }}
|
|
product: ${{ env.PKG_NAME }}
|
|
repositoryOwner: "hashicorp"
|
|
sha: ${{ github.event.inputs.build-ref }}
|
|
- uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
|
|
with:
|
|
name: metadata.json
|
|
path: ${{ steps.generate-metadata-file.outputs.filepath }}
|
|
|
|
build-other:
|
|
needs: [get-go-version, get-product-version]
|
|
runs-on: [ custom, linux, xxl, 20.04 ]
|
|
strategy:
|
|
matrix:
|
|
goos: [windows]
|
|
goarch: ["amd64"]
|
|
fail-fast: true
|
|
|
|
name: Go ${{ needs.get-go-version.outputs.go-version }} ${{ matrix.goos }} ${{ matrix.goarch }} build
|
|
|
|
steps:
|
|
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
|
|
with:
|
|
ref: ${{ github.event.inputs.build-ref }}
|
|
- name: Setup go
|
|
uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
|
|
with:
|
|
go-version: ${{ needs.get-go-version.outputs.go-version }}
|
|
|
|
- name: Build dependencies
|
|
run: make deps
|
|
|
|
- name: Setup node and yarn
|
|
uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
|
|
with:
|
|
node-version: "18"
|
|
cache-dependency-path: "ui/yarn.lock"
|
|
|
|
- name: Install Yarn
|
|
run: |
|
|
npm install -g yarn
|
|
|
|
- name: Build prerelease
|
|
run: make prerelease
|
|
if: ${{ github.event_name != 'workflow_dispatch' || github.event.inputs.make-prerelease == 'true' }}
|
|
|
|
- name: Build
|
|
env:
|
|
GOOS: ${{ matrix.goos }}
|
|
GOARCH: ${{ matrix.goarch }}
|
|
GO_TAGS: ${{ env.GO_TAGS }}
|
|
CGO_ENABLED: 1
|
|
run: |
|
|
go clean -cache
|
|
make pkg/${{ matrix.goos }}_${{ matrix.goarch }}.zip
|
|
mv pkg/${{ matrix.goos }}_${{ matrix.goarch }}.zip ${{ env.PKG_NAME }}_${{ needs.get-product-version.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip
|
|
- uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
|
|
with:
|
|
name: ${{ env.PKG_NAME }}_${{ needs.get-product-version.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip
|
|
path: ${{ env.PKG_NAME }}_${{ needs.get-product-version.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip
|
|
|
|
build-linux:
|
|
needs: [get-go-version, get-product-version]
|
|
runs-on: [ custom, linux, xxl, 20.04 ]
|
|
strategy:
|
|
matrix:
|
|
goos: [linux]
|
|
goarch: ["arm", "arm64", "amd64"]
|
|
fail-fast: true
|
|
|
|
name: Go ${{ needs.get-go-version.outputs.go-version }} ${{ matrix.goos }} ${{ matrix.goarch }} build
|
|
|
|
steps:
|
|
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
|
|
with:
|
|
ref: ${{ github.event.inputs.build-ref }}
|
|
- name: Setup go
|
|
uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
|
|
with:
|
|
go-version: ${{ needs.get-go-version.outputs.go-version }}
|
|
|
|
- name: Build dependencies
|
|
run: make deps
|
|
|
|
- name: Setup node and yarn
|
|
uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
|
|
with:
|
|
node-version: "18"
|
|
cache-dependency-path: "ui/yarn.lock"
|
|
|
|
- name: Install Yarn
|
|
run: |
|
|
npm install -g yarn
|
|
|
|
- name: Build prerelease
|
|
run: make prerelease
|
|
if: ${{ github.event_name != 'workflow_dispatch' || github.event.inputs.make-prerelease == 'true' }}
|
|
|
|
- name: Install Linux build utilties
|
|
run: |
|
|
sudo apt-get update
|
|
sudo apt-get install -y software-properties-common
|
|
sudo apt-get update
|
|
sudo apt-get install -y \
|
|
binutils-aarch64-linux-gnu \
|
|
binutils-arm-linux-gnueabihf \
|
|
gcc-aarch64-linux-gnu \
|
|
gcc-arm-linux-gnueabihf \
|
|
gcc-multilib-arm-linux-gnueabihf
|
|
|
|
- name: Set gcc
|
|
run: |
|
|
if [ "${{ matrix.goarch }}" == "arm" ]; then
|
|
echo "CC=arm-linux-gnueabihf-gcc" >> "$GITHUB_ENV"
|
|
elif [ "${{ matrix.goarch }}" == "arm64" ]; then
|
|
echo "CC=aarch64-linux-gnu-gcc" >> "$GITHUB_ENV"
|
|
fi
|
|
|
|
- name: Build
|
|
env:
|
|
GOOS: ${{ matrix.goos }}
|
|
GOARCH: ${{ matrix.goarch }}
|
|
GO_TAGS: ${{ env.GO_TAGS }}
|
|
CGO_ENABLED: 1
|
|
run: |
|
|
go clean -cache
|
|
make pkg/${{ matrix.goos }}_${{ matrix.goarch }}.zip
|
|
mv pkg/${{ matrix.goos }}_${{ matrix.goarch }}.zip ${{ env.PKG_NAME }}_${{ needs.get-product-version.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip
|
|
- uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
|
|
with:
|
|
name: ${{ env.PKG_NAME }}_${{ needs.get-product-version.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip
|
|
path: ${{ env.PKG_NAME }}_${{ needs.get-product-version.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip
|
|
|
|
- name: Package
|
|
uses: hashicorp/actions-packaging-linux@v1
|
|
with:
|
|
name: ${{ env.PKG_NAME }}
|
|
description: "Nomad is an easy-to-use, flexible, and performant workload orchestrator that can deploy a mix of microservice, batch, containerized, and non-containerized applications."
|
|
arch: ${{ matrix.goarch }}
|
|
version: ${{ needs.get-product-version.outputs.product-version }}
|
|
maintainer: "HashiCorp"
|
|
homepage: "https://github.com/hashicorp/nomad"
|
|
license: "MPL-2.0"
|
|
binary: "pkg/${{ matrix.goos }}_${{ matrix.goarch }}/${{ env.PKG_NAME }}"
|
|
deb_depends: "openssl"
|
|
rpm_depends: "openssl"
|
|
config_dir: ".release/linux/package/"
|
|
preinstall: ".release/linux/preinst"
|
|
postinstall: ".release/linux/postinst"
|
|
postremove: ".release/linux/postrm"
|
|
|
|
- name: Set Package Names
|
|
run: |
|
|
echo "RPM_PACKAGE=$(basename out/*.rpm)" >> "$GITHUB_ENV"
|
|
echo "DEB_PACKAGE=$(basename out/*.deb)" >> "$GITHUB_ENV"
|
|
|
|
- uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
|
|
with:
|
|
name: ${{ env.RPM_PACKAGE }}
|
|
path: out/${{ env.RPM_PACKAGE }}
|
|
|
|
- uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
|
|
with:
|
|
name: ${{ env.DEB_PACKAGE }}
|
|
path: out/${{ env.DEB_PACKAGE }}
|
|
|
|
build-darwin:
|
|
needs: [get-go-version, get-product-version]
|
|
runs-on: ${{ endsWith(github.repository, '-enterprise') && fromJSON('["self-hosted", "ondemand", "macos"]') || 'macos-latest' }}
|
|
strategy:
|
|
matrix:
|
|
goos: [darwin]
|
|
goarch: ["arm64", "amd64"]
|
|
fail-fast: true
|
|
|
|
name: Go ${{ needs.get-go-version.outputs.go-version }} ${{ matrix.goos }} ${{ matrix.goarch }} build
|
|
|
|
steps:
|
|
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
|
|
with:
|
|
ref: ${{ github.event.inputs.build-ref }}
|
|
|
|
- uses: ./.github/actions/vault-secrets
|
|
with:
|
|
paths: |-
|
|
kv/data/github/hashicorp/nomad-enterprise/gha ELEVATED_GITHUB_TOKEN ;
|
|
- name: Git config token
|
|
if: endsWith(github.repository, '-enterprise')
|
|
run: git config --global url.'https://${{ env.ELEVATED_GITHUB_TOKEN }}@github.com'.insteadOf 'https://github.com'
|
|
|
|
- name: Setup go
|
|
uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
|
|
with:
|
|
go-version: ${{ needs.get-go-version.outputs.go-version }}
|
|
|
|
- name: Build dependencies
|
|
run: make deps
|
|
|
|
- name: Setup node and yarn
|
|
uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
|
|
with:
|
|
node-version: "18"
|
|
cache-dependency-path: "ui/yarn.lock"
|
|
|
|
- name: Install Yarn
|
|
run: |
|
|
npm install -g yarn
|
|
|
|
- name: Build prerelease
|
|
run: make prerelease
|
|
if: ${{ github.event_name != 'workflow_dispatch' || github.event.inputs.make-prerelease == 'true' }}
|
|
|
|
- name: Build
|
|
env:
|
|
GOOS: ${{ matrix.goos }}
|
|
GOARCH: ${{ matrix.goarch }}
|
|
GO_TAGS: "${{ env.GO_TAGS }} netcgo"
|
|
CGO_ENABLED: 1
|
|
run: |
|
|
go clean -cache
|
|
make pkg/${{ matrix.goos }}_${{ matrix.goarch }}.zip
|
|
mv pkg/${{ matrix.goos }}_${{ matrix.goarch }}.zip ${{ env.PKG_NAME }}_${{ needs.get-product-version.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip
|
|
- uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
|
|
with:
|
|
name: ${{ env.PKG_NAME }}_${{ needs.get-product-version.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip
|
|
path: ${{ env.PKG_NAME }}_${{ needs.get-product-version.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip
|
|
|
|
build-docker:
|
|
name: Docker ${{ matrix.arch }} build
|
|
needs:
|
|
- get-product-version
|
|
- build-linux
|
|
runs-on: [ custom, linux, xxl, 20.04 ]
|
|
strategy:
|
|
matrix:
|
|
arch: ["arm64", "amd64"]
|
|
env:
|
|
version: ${{needs.get-product-version.outputs.product-version}}
|
|
revision: ${{github.sha}}
|
|
steps:
|
|
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
|
|
- name: Set revision
|
|
if: "${{ github.event.inputs.build-ref != '' }}"
|
|
run: |
|
|
echo "revision=${{ github.event.inputs.build-ref }}" >> "$GITHUB_ENV"
|
|
- name: Docker Build (Action)
|
|
uses: hashicorp/actions-docker-build@v1
|
|
with:
|
|
smoke_test: |
|
|
TEST_VERSION="$(docker run "${IMAGE_NAME}" version | awk '/Nomad v/{print $2}')"
|
|
if [ "${TEST_VERSION}" != "v${version}" ]; then
|
|
echo "Test FAILED"
|
|
exit 1
|
|
fi
|
|
echo "Test PASSED"
|
|
version: ${{env.version}}
|
|
revision: ${{env.revision}}
|
|
target: release
|
|
arch: ${{matrix.arch}}
|
|
tags: |
|
|
docker.io/hashicorp/${{env.PKG_NAME}}:${{env.version}}
|
|
dev_tags: |
|
|
docker.io/hashicorppreview/${{ env.PKG_NAME }}:${{ env.version }}-dev
|
|
docker.io/hashicorppreview/${{ env.PKG_NAME }}:${{ env.version }}-${{env.revision}}
|
|
|
|
minimum-os:
|
|
name: OS Compatibility
|
|
# A quick smoke test of our binaries on our minimum target OS (RHEL 7). Why RHEL 7? Because the glibc version is that old (2.17).
|
|
needs:
|
|
- get-go-version
|
|
- get-product-version
|
|
- build-linux
|
|
runs-on: ubuntu-22.04
|
|
strategy:
|
|
fail-fast: false
|
|
# Note: Ideally we'd test all our target archs, unfortunately availability of containers of these OS's vary.
|
|
# For instance there is no ubi7 image for arm64 (there is on ubi8), RHBZ#1728771. And none at all for arm.
|
|
# So we have to settle for only being able to validate where we can, which is just amd64.
|
|
matrix:
|
|
goos: [linux]
|
|
goarch: [amd64]
|
|
steps:
|
|
- uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
|
|
with:
|
|
go-version: ${{needs.get-go-version.outputs.go-version}}
|
|
- uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
|
|
with:
|
|
name: ${{ env.PKG_NAME }}_${{ needs.get-product-version.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip
|
|
- name: Test binary
|
|
env:
|
|
artifact_name: ${{ env.PKG_NAME }}_${{ needs.get-product-version.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip
|
|
run: |
|
|
echo "::group::Unpack and Prep"
|
|
docker pull registry.access.redhat.com/ubi7/ubi-minimal:7.9-1057
|
|
unzip "$artifact_name"
|
|
echo "::group::Diagnostics"
|
|
echo "CGO related build information:"
|
|
go version -m ./nomad | grep CGO
|
|
echo "GLIBC links:"
|
|
go tool nm ./nomad | grep -i glibc | cut -d @ -f 2-3 | sort --version-sort | uniq
|
|
echo "::group::Smoke test binary"
|
|
docker run --rm -v "$PWD:/src" registry.access.redhat.com/ubi7/ubi-minimal:7.9-1057 /src/nomad version
|
|
|
|
permissions:
|
|
contents: read
|
|
id-token: write
|