mirror of
https://github.com/hashicorp/vault.git
synced 2026-06-27 18:10:26 -04:00
74940f107c
- actions/add-to-project@5afcf98fcd => v2.0.0 - Dependency bumps - Node 24 updates - actions/cache@27d5ce7f10 => v5.0.5 - ts-http-runtime update - actions/checkout@df4cb1c069 => v6.0.3 - Fixes for sha256 repositories - actions/setup-go@4a3601121d => v6.4.0 - Dependency bumps - Support custom distributions - actions/setup-node@48b55a011b => v6.4.0 - Dependency bumps - actions/upload-artifact@043fb46d1a => v7.0.1 - ts-http-runtime update - aws-actions/configure-aws-credentials@e7f100cf4c => v6.2.0 - Various bug fixes and improvements - browser-actions/setup-chrome@2e1d749697 => v2.1.2 - Drop 32 bit support - docker/build-push-action@f9f3042f7e => v7.2.0 - Dependency bumps - docker/setup-buildx-action@d7f5e7f509 => v4.1.0 - Dependency bumps - hashicorp/actions-generate-metadata@a43468dfb1 # v1.1.4 - Node 24 updates - hashicorp/actions-set-product-version@d9be602dfa => v2.0.2 - Node 24 updates - hashicorp/action-setup-enos@3817610f3f => v1.53 - Dependency bumps - New enos release - hashicorp/setup-terraform@dfe3c3f878 => v4.0.1 - Node 24 updates - hashicorp/vault-action@892a26828f => v4.0.0 - Node 24 updates - hashicorp-forge/actions-pao-tool/*@0409050df899ec0612745ca17e47c0fba18b7c10 => v1.1.0 - Node 24 updates - peter-evans/create-pull-request@5f6978faf0 => v8.1.1 - Dependency bumps - pnpm/action-setup@0e279bb959 => v6.0.8 - Added support for pnpm 11 and various fixes around its support - slackapi/slack-github-action@45a88b9581 => v3.0.3 - Bug fixes - Improved telemetry - sqlc-dev/setup-sqlc@bac53b7fb2 => v5.0.0 - Dependency bumps - test-summary/action@37b508cfee => v2.6 - Fixing tags Signed-off-by: Ryan Cragun <me@ryan.ec> Co-authored-by: Ryan Cragun <me@ryan.ec>
148 lines
8.1 KiB
YAML
148 lines
8.1 KiB
YAML
# Copyright IBM Corp. 2016, 2025
|
|
# SPDX-License-Identifier: BUSL-1.1
|
|
|
|
---
|
|
name: Containerize Binary
|
|
description: |
|
|
Containerize vault binaries and annotate them with the correct registry tags. Artifacts will be
|
|
uploaded to the Github artifact store. This action is used for both CE and Ent and thus needs to
|
|
stay compatible for both repository contexts.
|
|
|
|
inputs:
|
|
docker:
|
|
description: |
|
|
Package the binary into a Docker container suitable for the Docker and AWS registries. We'll
|
|
automatically determine the correct tags and target depending on the vault edition.
|
|
default: 'true'
|
|
goarch:
|
|
description: The Go GOARCH value environment variable to set during the build.
|
|
goos:
|
|
description: The Go GOOS value environment variable to set during the build.
|
|
redhat:
|
|
description: Package the binary into a UBI container suitable for the Redhat Quay registry.
|
|
default: 'false'
|
|
vault-binary-path:
|
|
description: The path to the vault binary.
|
|
default: dist/vault
|
|
vault-edition:
|
|
description: The edition of vault to build.
|
|
default: ce
|
|
vault-version:
|
|
description: The vault version.
|
|
|
|
outputs:
|
|
vault-binary-path:
|
|
description: The location of the binary after containerization
|
|
value: ${{ inputs.vault-binary-path }}
|
|
|
|
runs:
|
|
using: composite
|
|
steps:
|
|
- if: inputs.vault-edition != 'ce' && (inputs.docker == 'true' || inputs.redhat == 'true')
|
|
uses: hashicorp-forge/actions-pao-tool/select-license@0409050df899ec0612745ca17e47c0fba18b7c10 # v1.1.0
|
|
id: build-vault-select-license
|
|
with:
|
|
arch: ${{ matrix.goarch }}
|
|
- id: vars
|
|
shell: bash
|
|
run: |
|
|
case '${{ inputs.vault-edition }}' in
|
|
"ce")
|
|
container_version='${{ inputs.vault-version }}'
|
|
docker_container_tags='docker.io/hashicorp/vault:${{ inputs.vault-version }} public.ecr.aws/hashicorp/vault:${{ inputs.vault-version }}'
|
|
docker_container_target='default'
|
|
redhat_container_tags='quay.io/redhat-isv-containers/5f89bb5e0b94cf64cfeb500a:${{ inputs.vault-version }}-ubi'
|
|
redhat_container_target='ubi'
|
|
license_source='LICENSE'
|
|
license_dest='/usr/share/doc/vault/LICENSE.txt'
|
|
;;
|
|
"ent")
|
|
container_version='${{ inputs.vault-version }}+${{ inputs.vault-edition }}'
|
|
docker_container_tags='docker.io/hashicorp/vault-enterprise:${{ inputs.vault-version }}-${{ inputs.vault-edition}} public.ecr.aws/hashicorp/vault-enterprise:${{ inputs.vault-version }}-${{ inputs.vault-edition }}'
|
|
docker_container_target='default'
|
|
redhat_container_tags='quay.io/redhat-isv-containers/5f89bb9242e382c85087dce2:${{ inputs.vault-version }}-${{ inputs.vault-edition }}-ubi'
|
|
redhat_container_target='ubi'
|
|
license_source='${{ steps.build-vault-select-license.outputs.license-path }}/Softcopy'
|
|
license_dest='/usr/share/doc/vault/Softcopy/'
|
|
;;
|
|
"ent.hsm")
|
|
container_version='${{ inputs.vault-version }}+${{ inputs.vault-edition }}'
|
|
docker_container_tags='docker.io/hashicorp/vault-enterprise:${{ inputs.vault-version }}-${{ inputs.vault-edition}} public.ecr.aws/hashicorp/vault-enterprise:${{ inputs.vault-version }}-${{ inputs.vault-edition }}'
|
|
docker_container_target='ubi-hsm'
|
|
redhat_container_tags='quay.io/redhat-isv-containers/5f89bb9242e382c85087dce2:${{ inputs.vault-version }}-${{ inputs.vault-edition }}-ubi'
|
|
redhat_container_target='ubi-hsm'
|
|
license_source='${{ steps.build-vault-select-license.outputs.license-path }}/Softcopy'
|
|
license_dest='/usr/share/doc/vault/Softcopy/'
|
|
;;
|
|
"ent.hsm.fips1403")
|
|
container_version='${{ inputs.vault-version }}+${{ inputs.vault-edition }}'
|
|
docker_container_tags='docker.io/hashicorp/vault-enterprise:${{ inputs.vault-version }}-${{ inputs.vault-edition}} public.ecr.aws/hashicorp/vault-enterprise:${{ inputs.vault-version }}-${{ inputs.vault-edition }}'
|
|
docker_container_target='ubi-hsm-fips'
|
|
redhat_container_tags='quay.io/redhat-isv-containers/5f89bb9242e382c85087dce2:${{ inputs.vault-version }}-${{ inputs.vault-edition }}-ubi'
|
|
redhat_container_target='ubi-hsm-fips'
|
|
license_source='${{ steps.build-vault-select-license.outputs.license-path }}/Softcopy'
|
|
license_dest='/usr/share/doc/vault/Softcopy/'
|
|
;;
|
|
"ent.fips1403")
|
|
# NOTE: For compatibility we still publish the ent.fips1403 containers to different
|
|
# namespaces. All ent, ent.hsm, and ent.hsm.fips1403 containers are released in the
|
|
# enterprise namespaces. After we've updated the upstream docker action to support
|
|
# multiple tags we can start to tag images with both namespaces, publish to both, and
|
|
# eventually sunset the fips1403 specific namespaces.
|
|
container_version='${{ inputs.vault-version }}+${{ inputs.vault-edition }}'
|
|
docker_container_tags='docker.io/hashicorp/vault-enterprise-fips:${{ inputs.vault-version }}-${{ inputs.vault-edition }} public.ecr.aws/hashicorp/vault-enterprise-fips:${{ inputs.vault-version }}-${{ inputs.vault-edition }}'
|
|
docker_container_target='ubi-fips'
|
|
redhat_container_tags='quay.io/redhat-isv-containers/6283f645d02c6b16d9caeb8e:${{ inputs.vault-version }}-${{ inputs.vault-edition }}-ubi'
|
|
redhat_container_target='ubi-fips'
|
|
license_source='${{ steps.build-vault-select-license.outputs.license-path }}/Softcopy'
|
|
license_dest='/usr/share/doc/vault/Softcopy/'
|
|
;;
|
|
*)
|
|
echo "Cannot generate container tags for unknown vault edition: ${{ inputs.vault-edition }}" 2>&1
|
|
exit 1
|
|
;;
|
|
esac
|
|
{
|
|
echo "container-version=${container_version}"
|
|
echo "docker-container-tags=${docker_container_tags}"
|
|
echo "docker-container-target=${docker_container_target}"
|
|
echo "redhat-container-tags=${redhat_container_tags}"
|
|
echo "redhat-container-target=${redhat_container_target}"
|
|
echo "license_source=${license_source}"
|
|
echo "license_dest=${license_dest}"
|
|
echo "revision=$(make ci-get-revision)"
|
|
} | tee -a "$GITHUB_OUTPUT"
|
|
- if: inputs.docker == 'true' || inputs.redhat == 'true'
|
|
id: copy-binary
|
|
shell: bash
|
|
run: |
|
|
dest_path='dist/${{ inputs.goos }}/${{ inputs.goarch }}/vault'
|
|
dest_dir=$(dirname "$dest_path")
|
|
[[ ! -d "$dest_dir" ]] && mkdir -p "$dest_dir"
|
|
[[ ! -f "$dest_path" ]] && cp ${{ inputs.vault-binary-path }} "${dest_path}"
|
|
- if: inputs.docker == 'true'
|
|
uses: hashicorp/actions-docker-build@ryan/VAULT-34830-allow-repo-configuration
|
|
with:
|
|
arch: ${{ inputs.goarch }}
|
|
do_zip_extract_step: 'false' # Don't download and extract an already present binary
|
|
extra_build_args: |
|
|
LICENSE_SOURCE=${{ steps.vars.outputs.license_source }}
|
|
LICENSE_DEST=${{ steps.vars.outputs.license_dest }}
|
|
repo_name: ${{ inputs.vault-edition == 'ce' && 'vault' || 'vault-enterprise' }}
|
|
revision: ${{ steps.vars.outputs.revision }}
|
|
tags: ${{ steps.vars.outputs.docker-container-tags }}
|
|
target: ${{ steps.vars.outputs.docker-container-target }}
|
|
version: ${{ steps.vars.outputs.container-version }}
|
|
- if: inputs.redhat == 'true'
|
|
uses: hashicorp/actions-docker-build@ryan/VAULT-34830-allow-repo-configuration
|
|
with:
|
|
arch: ${{ inputs.goarch }}
|
|
do_zip_extract_step: 'false' # Don't download and extract an already present binary
|
|
extra_build_args: |
|
|
LICENSE_SOURCE=${{ steps.vars.outputs.license_source }}
|
|
LICENSE_DEST=${{ steps.vars.outputs.license_dest }}
|
|
redhat_tag: ${{ steps.vars.outputs.redhat-container-tags }}
|
|
repo_name: ${{ inputs.vault-edition == 'ce' && 'vault' || 'vault-enterprise' }}
|
|
revision: ${{ steps.vars.outputs.revision }}
|
|
target: ${{ steps.vars.outputs.redhat-container-target }}
|
|
version: ${{ steps.vars.outputs.container-version }}
|