mirror of
https://github.com/hashicorp/vault.git
synced 2025-08-23 07:31:09 +02:00
ce5885279b
As the Vault pipeline and release processes evolve over time, so too must the tooling that drives them. Historically we've utilized a combination of CI features and shell scripts that are wrapped into make targets to drive our CI. While this approach has worked, it requires careful consideration of what features to use (bash in CI almost never matches bash in developer machines, etc.) and often requires a deep understanding of several CLI tools (jq, etc). `make` itself also has limitations in user experience, e.g. passing flags. As we're all in on Github Actions as our pipeline coordinator, continuing to utilize and build CLI tools to perform our pipeline tasks makes sense. This PR adds a new CLI tool called `pipeline` which we can use to build new isolated tasks that we can string together in Github Actions. We intend to use this utility as the interface for future release automation work, see VAULT-27514. For the first task in this new `pipeline` tool, I've chosen to build two small sub-commands: * `pipeline releases list-versions` - Allows us to list Vault versions between a range. The range is configurable either by setting `--upper` and/or `--lower` bounds, or by using the `--nminus` to set the N-X to go back from the current branches version. As CE and ENT do not have version parity we also consider the `--edition`, as well as none-to-many `--skip` flags to exclude specific versions. * `pipeline generate enos-dynamic-config` - Which creates dynamic enos configuration based on the branch and the current list of release versions. It takes largely the same flags as the `release list-versions` command, however it also expects a `--dir` for the enos directory and a `--file` where the dynamic configuration will be written. This allows us to dynamically update and feed the latest versions into our sampling algorithm to get coverage over all supported prior versions. We then integrate these new tools into the pipeline itself and cache the dynamic config on a weekly basis. We also cache the pipeline tool itself as it will likely become a repository for pipeline specific tooling. The caching strategy for the `pipeline` tool itself will make most workflows that require it super fast. Signed-off-by: Ryan Cragun <me@ryan.ec>
202 lines
5.4 KiB
HCL
202 lines
5.4 KiB
HCL
// Copyright (c) HashiCorp, Inc.
|
|
// SPDX-License-Identifier: BUSL-1.1
|
|
|
|
variable "artifactory_username" {
|
|
type = string
|
|
description = "The username to use when testing an artifact from artifactory"
|
|
default = null
|
|
sensitive = true
|
|
}
|
|
|
|
variable "artifactory_token" {
|
|
type = string
|
|
description = "The token to use when authenticating to artifactory"
|
|
default = null
|
|
sensitive = true
|
|
}
|
|
|
|
variable "artifactory_host" {
|
|
type = string
|
|
description = "The artifactory host to search for vault artifacts"
|
|
default = "https://artifactory.hashicorp.engineering/artifactory"
|
|
}
|
|
|
|
variable "artifactory_repo" {
|
|
type = string
|
|
description = "The artifactory repo to search for vault artifacts"
|
|
default = "hashicorp-crt-stable-local*"
|
|
}
|
|
|
|
variable "aws_region" {
|
|
description = "The AWS region where we'll create infrastructure"
|
|
type = string
|
|
default = "us-east-1"
|
|
}
|
|
|
|
variable "aws_ssh_keypair_name" {
|
|
description = "The AWS keypair to use for SSH"
|
|
type = string
|
|
default = "enos-ci-ssh-key"
|
|
}
|
|
|
|
variable "aws_ssh_private_key_path" {
|
|
description = "The path to the AWS keypair private key"
|
|
type = string
|
|
default = "./support/private_key.pem"
|
|
}
|
|
|
|
variable "backend_edition" {
|
|
description = "The backend release edition if applicable"
|
|
type = string
|
|
default = "ce" // or "ent"
|
|
}
|
|
|
|
variable "backend_instance_type" {
|
|
description = "The instance type to use for the Vault backend. Must be arm64/nitro compatible"
|
|
type = string
|
|
default = "t4g.small"
|
|
}
|
|
|
|
variable "backend_license_path" {
|
|
description = "The license for the backend if applicable (Consul Enterprise)"
|
|
type = string
|
|
default = null
|
|
}
|
|
|
|
variable "backend_log_level" {
|
|
description = "The server log level for the backend. Supported values include 'trace', 'debug', 'info', 'warn', 'error'"
|
|
type = string
|
|
default = "trace"
|
|
}
|
|
|
|
variable "project_name" {
|
|
description = "The description of the project"
|
|
type = string
|
|
default = "vault-enos-integration"
|
|
}
|
|
|
|
variable "distro_version_amzn" {
|
|
description = "The version of Amazon Linux 2 to use"
|
|
type = string
|
|
default = "2023" // or "2", though pkcs11 has not been tested with 2
|
|
}
|
|
|
|
variable "distro_version_leap" {
|
|
description = "The version of openSUSE leap to use"
|
|
type = string
|
|
default = "15.6"
|
|
}
|
|
|
|
variable "distro_version_rhel" {
|
|
description = "The version of RHEL to use"
|
|
type = string
|
|
default = "9.4" // or "8.10"
|
|
}
|
|
|
|
variable "distro_version_sles" {
|
|
description = "The version of SUSE SLES to use"
|
|
type = string
|
|
default = "15.6"
|
|
}
|
|
|
|
variable "distro_version_ubuntu" {
|
|
description = "The version of ubuntu to use"
|
|
type = string
|
|
default = "24.04" // or "20.04", "22.04"
|
|
}
|
|
|
|
variable "tags" {
|
|
description = "Tags that will be applied to infrastructure resources that support tagging"
|
|
type = map(string)
|
|
default = null
|
|
}
|
|
|
|
variable "terraform_plugin_cache_dir" {
|
|
description = "The directory to cache Terraform modules and providers"
|
|
type = string
|
|
default = null
|
|
}
|
|
|
|
variable "ui_test_filter" {
|
|
type = string
|
|
description = "A test filter to limit the ui tests to execute. Will be appended to the ember test command as '-f=\"<filter>\"'"
|
|
default = null
|
|
}
|
|
|
|
variable "ui_run_tests" {
|
|
type = bool
|
|
description = "Whether to run the UI tests or not. If set to false a cluster will be created but no tests will be run"
|
|
default = true
|
|
}
|
|
|
|
variable "vault_artifact_type" {
|
|
description = "The type of Vault artifact to use when installing Vault from artifactory. It should be 'package' for .deb or .rpm package and 'bundle' for .zip bundles"
|
|
default = "bundle"
|
|
}
|
|
|
|
variable "vault_artifact_path" {
|
|
description = "Path to CRT generated or local vault.zip bundle"
|
|
type = string
|
|
default = "/tmp/vault.zip"
|
|
}
|
|
|
|
variable "vault_build_date" {
|
|
description = "The build date for Vault artifact"
|
|
type = string
|
|
default = ""
|
|
}
|
|
|
|
variable "vault_enable_audit_devices" {
|
|
description = "If true every audit device will be enabled"
|
|
type = bool
|
|
default = true
|
|
}
|
|
|
|
variable "vault_install_dir" {
|
|
type = string
|
|
description = "The directory where the Vault binary will be installed"
|
|
default = "/opt/vault/bin"
|
|
}
|
|
|
|
variable "vault_instance_count" {
|
|
description = "How many instances to create for the Vault cluster"
|
|
type = number
|
|
default = 3
|
|
}
|
|
|
|
variable "vault_license_path" {
|
|
description = "The path to a valid Vault enterprise edition license. This is only required for non-ce editions"
|
|
type = string
|
|
default = null
|
|
}
|
|
|
|
variable "vault_local_build_tags" {
|
|
description = "The build tags to pass to the Go compiler for builder:local variants"
|
|
type = list(string)
|
|
default = null
|
|
}
|
|
|
|
variable "vault_log_level" {
|
|
description = "The server log level for Vault logs. Supported values (in order of detail) are trace, debug, info, warn, and err."
|
|
type = string
|
|
default = "trace"
|
|
}
|
|
|
|
variable "vault_product_version" {
|
|
description = "The version of Vault we are testing"
|
|
type = string
|
|
default = null
|
|
}
|
|
|
|
variable "vault_revision" {
|
|
description = "The git sha of Vault artifact we are testing"
|
|
type = string
|
|
default = null
|
|
}
|
|
|
|
variable "vault_upgrade_initial_version" {
|
|
description = "The Vault release to deploy before upgrading"
|
|
type = string
|
|
default = "1.13.13"
|
|
}
|