mirror of
https://github.com/hashicorp/vault.git
synced 2026-02-03 20:40:45 -05:00
b3f173756d
Update to the latest actions. The primary motivation here is to get the
latest action-setup-enos.
- actions/cache => v5.0.3: security patches
- actions/checkout => v6.0.2: small fixes to git user-agent and tag
fetching
- hashicorp/action-setup-enos => v1.50: security patches
Signed-off-by: Ryan Cragun <me@ryan.ec>
Co-authored-by: Ryan Cragun <me@ryan.ec>
89 lines
3.6 KiB
YAML
89 lines
3.6 KiB
YAML
# Copyright IBM Corp. 2016, 2025
|
|
# SPDX-License-Identifier: BUSL-1.1
|
|
|
|
---
|
|
name: Install all of the developer tools
|
|
description: |
|
|
Install all of the developer tools that are defined in tools/tools.sh. When
|
|
possible we'll restore the tools from prior build that was cached. On a cache
|
|
miss we'll rebuild the tools. After the tools are restored the `cache-path`
|
|
will be added to the GITHUB_PATH.
|
|
|
|
inputs:
|
|
no-restore:
|
|
description: Whether or not to restore the Go module cache on a cache hit
|
|
default: "false"
|
|
no-save:
|
|
description: Whether or not to create a Go module cache on cache miss
|
|
default: "false"
|
|
destination:
|
|
description: "Where to install the tools (default: $HOME/bin/vault-tools)"
|
|
default: "$HOME/bin/vault-tools"
|
|
|
|
runs:
|
|
using: composite
|
|
steps:
|
|
- id: metadata
|
|
shell: bash
|
|
run: |
|
|
# Create the tool cache directory if it doesn't exist and add it to the
|
|
# GITHUB_PATH to make them available to other actions.
|
|
mkdir -p "${{ inputs.destination }}"
|
|
destination="$(readlink -f "${{ inputs.destination }}")"
|
|
echo "${destination}" >> "$GITHUB_PATH"
|
|
|
|
# actions/cache restore has some surprising relative pathing behavior we
|
|
# need to deal with. When it restores something it does it relative to
|
|
# the check working directory. Since that can be different depending on
|
|
# our self-hosted vs Github hosted runners, i.e.
|
|
# /home/runner/actions-runner/_work vs. /home/runner/work
|
|
# we need to factor in the absolute path of our working directory in our
|
|
# cache key. If we don't then caches created on one runner type will be
|
|
# incompatible on the other.
|
|
#
|
|
# See: https://github.com/actions/cache/issues/1127
|
|
wd_hash=$(realpath . | sha256sum | head -c 7)
|
|
|
|
# Caches automatically prevent cross distro but not cross arch. We'll
|
|
# include the os and arch in the key to make it easy to grok which cache
|
|
# is for which platform.
|
|
os="$(echo "$RUNNER_OS" | tr '[:upper:]' '[:lower:]')"
|
|
arch="$(echo "$RUNNER_ARCH" | tr '[:upper:]' '[:lower:]')"
|
|
if [ "${arch}" = "x64" ]; then
|
|
arch="amd64"
|
|
fi
|
|
|
|
# Hash the tools directory so that we update our cache automatically
|
|
# if a dep caches.
|
|
tools_hash=$(git ls-tree HEAD tools --object-only | head -c 7)
|
|
|
|
# Build the unique cache key
|
|
cache_key="tools-${os}-${arch}-${wd_hash}-${tools_hash}"
|
|
|
|
# Use GITHUB_ENV instead of GITHUB_OUTPUT because composite actions are
|
|
# broken if you embed them into another composite actions.
|
|
#
|
|
# See: https://github.com/actions/cache/issues/803#issuecomment-1793565071
|
|
{
|
|
echo "VAULT_TOOLS_PATH=${destination}"
|
|
echo "VAULT_TOOLS_CACHE_KEY=${cache_key}"
|
|
} | tee -a "$GITHUB_ENV"
|
|
- id: cache-tools
|
|
uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
|
|
with:
|
|
lookup-only: ${{ inputs.no-restore }}
|
|
path: ${{ env.VAULT_TOOLS_PATH }}
|
|
key: ${{ env.VAULT_TOOLS_CACHE_KEY }}
|
|
- if: steps.cache-tools.outputs.cache-hit != 'true' && inputs.no-save != 'true'
|
|
name: Install tools
|
|
shell: bash
|
|
env:
|
|
GOPRIVATE: github.com/hashicorp/*
|
|
# `go install` to our vault tool cache
|
|
GOBIN: ${{ env.VAULT_TOOLS_PATH }}
|
|
# Don't use the global mod cache because we don't want to pollute it
|
|
# with tool modules.
|
|
GOMODCACHE: /home/runner/.cache/vault-tool-mod-cache
|
|
run: |
|
|
make tools
|
|
du -h -d 1 ${{ env.VAULT_TOOLS_PATH }}
|