name: ce # The inputs and outputs for this workflow have been carefully defined as a sort of workflow # interface as defined in the build.yml workflow. The inputs and outputs here must be consistent # across the build-artifacts-ce workflow and the build-artifacts-ent workflow. on: workflow_dispatch: inputs: build-all: type: boolean description: Build all extended artifacts default: false build-date: type: string description: The date associated with the revision SHA required: true checkout-ref: type: string description: The repo Git SHA to checkout default: "" compute-build: type: string # JSON encoded to support passing arrays description: A JSON encoded "runs-on" for build worfkflows required: true compute-build-compat: type: string # JSON encoded to support passing arrays description: A JSON encoded "runs-on" for build workflows that need older glibc required: true compute-small: type: string # JSON encoded to support passing arrays description: A JSON encoded "runs-on" for non-resource-intensive workflows required: true vault-revision: type: string description: The revision SHA of vault required: true vault-version: type: string description: The version of vault required: true vault-version-package: type: string description: Whether or not to package the binary as Debian and RPM packages required: true web-ui-cache-key: type: string description: The UI asset cache key required: true workflow_call: inputs: build-all: type: boolean default: false build-date: type: string required: true checkout-ref: type: string default: "" compute-build: type: string # JSON encoded to support passing arrays description: A JSON encoded "runs-on" for build worfkflows required: true compute-build-compat: type: string # JSON encoded to support passing arrays description: A JSON encoded "runs-on" for build workflows that need older glibc required: true compute-small: type: string # JSON encoded to support passing arrays description: A JSON encoded "runs-on" for non-resource-intensive workflows required: true vault-revision: type: string required: true vault-version: type: string required: true vault-version-package: type: string required: true web-ui-cache-key: type: string required: true outputs: testable-containers: value: ${{ jobs.core.outputs.testable-containers }} testable-packages: value: ${{ jobs.core.outputs.testable-packages }} jobs: # Core are the Linux builds that are officially supported and tested as part of the normal # CI/CD pipeline. core: strategy: matrix: include: - goos: linux goarch: amd64 redhat: true - goos: linux goarch: arm64 redhat: true fail-fast: true runs-on: ${{ fromJSON(inputs.compute-build) }} name: (${{ matrix.goos }}, ${{ matrix.goarch }}) steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: ref: ${{ inputs.checkout-ref }} - uses: ./.github/actions/build-vault with: cgo-enabled: 0 create-docker-container: true create-packages: true create-redhat-container: ${{ matrix.redhat }} github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} goarch: ${{ matrix.goarch }} goos: ${{ matrix.goos }} go-tags: ui vault-binary-name: vault vault-edition: ce vault-version: ${{ inputs.vault-version }} web-ui-cache-key: ${{ inputs.web-ui-cache-key }} outputs: # Outputs are strings so we need to encode our collection outputs as JSON. testable-containers: | [ { "sample": "ce_default_linux_amd64_ent_docker", "artifact": "${{ github.event.repository.name }}_default_linux_amd64_${{ inputs.vault-version }}_${{ inputs.vault-revision }}.docker.tar", "edition": "ce" }, { "sample": "ce_default_linux_arm64_ce_docker", "artifact": "${{ github.event.repository.name }}_default_linux_arm64_${{ inputs.vault-version }}_${{ inputs.vault-revision }}.docker.tar", "edition": "ce" }, { "sample": "ce_ubi_linux_amd64_ce_redhat", "artifact": "${{ github.event.repository.name}}_ubi_linux_amd64_${{ inputs.vault-version}}_${{ inputs.vault-revision }}.docker.redhat.tar", "edition": "ce" }, { "sample": "ce_ubi_linux_arm64_ce_redhat", "artifact": "${{ github.event.repository.name}}_ubi_linux_arm64_${{ inputs.vault-version}}_${{ inputs.vault-revision }}.docker.redhat.tar", "edition": "ce" } ] testable-packages: | [ { "sample": "build_ce_linux_amd64_deb", "artifact": "vault_${{ inputs.vault-version-package }}-1_amd64.deb", "edition": "ce" }, { "sample": "build_ce_linux_arm64_deb", "artifact": "vault_${{ inputs.vault-version-package }}-1_arm64.deb", "edition": "ce" }, { "sample": "build_ce_linux_amd64_rpm", "artifact": "vault-${{ inputs.vault-version-package }}-1.x86_64.rpm", "edition": "ce" }, { "sample": "build_ce_linux_arm64_rpm", "artifact": "vault-${{ inputs.vault-version-package }}-1.aarch64.rpm", "edition": "ce" }, { "sample": "build_ce_linux_amd64_zip", "artifact": "vault_${{ inputs.vault-version }}_linux_amd64.zip", "edition": "ce" }, { "sample": "build_ce_linux_arm64_zip", "artifact": "vault_${{ inputs.vault-version }}_linux_arm64.zip", "edition": "ce" } ] # Extended build targets are best-case builds for non-Linux platforms that we create for # convenience but are not built or tested as part our normal CI pipeline. extended: if: inputs.build-all == true strategy: matrix: docker: - false packages: - false goos: - freebsd - netbsd - openbsd - solaris - windows goarch: - 386 - amd64 - arm exclude: - goos: solaris goarch: 386 - goos: solaris goarch: arm - goos: windows goarch: arm include: - goos: darwin goarch: amd64 go-tags: ui netcgo docker: false packages: false - goos: darwin goarch: arm64 go-tags: ui netcgo docker: false packages: false - goos: linux goarch: 386 docker: true packages: true - goos: linux docker: true goarch: arm goarm: 6 packages: true fail-fast: true name: (${{ matrix.goos }}, ${{ matrix.goarch }}${{ matrix.goarm && ' ' || '' }}${{ matrix.goarm }}) runs-on: ${{ fromJSON(inputs.compute-build) }} steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: ref: ${{ inputs.checkout-ref }} - uses: ./.github/actions/build-vault with: github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} create-docker-container: ${{ matrix.docker }} create-packages: ${{ matrix.packages }} create-redhat-container: false goarch: ${{ matrix.goarch }} goos: ${{ matrix.goos }} goarm: ${{ matrix.goarm }} go-tags: ${{ matrix.go-tags != '' && matrix.go-tags || 'ui' }} vault-binary-name: vault vault-edition: ce vault-version: ${{ inputs.vault-version }} web-ui-cache-key: ${{ inputs.web-ui-cache-key }} status: if: always() runs-on: ${{ fromJSON(inputs.compute-small) }} permissions: id-token: write contents: read needs: - core - extended steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: ref: ${{ inputs.checkout-ref }} - name: Determine status run: | results=$(tr -d '\n' <<< '${{ toJSON(needs.*.result) }}') if ! grep -q -v -E '(failure|cancelled)' <<< "$results"; then echo "One or more required build workflows failed: ${results}" exit 1 fi exit 0