From 54022da0a159d4ce0726ab8a0ccf7fb1e571b45e Mon Sep 17 00:00:00 2001 From: Kristoffer <123738040+zs-ko@users.noreply.github.com> Date: Mon, 3 Jun 2024 14:13:20 +0200 Subject: [PATCH 1/3] feat: add multiarch build using matrix strategy (#29) * feat: add multiarch build using matrix strategy --------- Co-authored-by: zs-ko --- .github/workflows/release.yml | 67 +++++++++++++++++++++++------- .releaserc.json | 7 +--- Makefile | 4 +- build/vault/Dockerfile | 2 +- ci/semantic-release-patch-files.sh | 12 +++++- 5 files changed, 67 insertions(+), 25 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f697382..16e1f08 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -10,8 +10,8 @@ on: - completed jobs: - on-success: - name: Release + test: + name: Test runs-on: ubuntu-latest steps: - name: Checkout @@ -19,23 +19,64 @@ jobs: with: fetch-depth: 0 - - name: Setup Node.js - uses: actions/setup-node@v3 - with: - node-version: "lts/*" - - - name: Set up Go 1.18 - uses: actions/setup-go@v3 + - name: Set up Go 1.21.10 + uses: actions/setup-go@v5 with: - go-version: 1.18 + go-version: '1.21.10' - name: Run Tests run: | make test + build: + name: Build + needs: test + runs-on: ubuntu-latest + strategy: + matrix: + os: ['linux', 'windows', 'darwin'] + architecture: [amd64, arm64] + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - name: Set up Go 1.21.10 + uses: actions/setup-go@v5 + with: + go-version: '1.21.10' - name: Build the artifacts run: | - make build + make OS=${{ matrix.os }} GOARCH=${{ matrix.architecture }} build + + - name: uplpoad built artifacts + uses: actions/upload-artifact@v4 + with: + name: vault-plugin-secrets-nats-${{ matrix.os }}-${{ matrix.architecture }} + path: build/vault/plugins/vault-plugin-secrets-nats-* + retention-days: 1 + overwrite: true + release: + name: Release + runs-on: ubuntu-latest + needs: build + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - name: Setup Node.js + uses: actions/setup-node@v3 + with: + node-version: "lts/*" + + - name: Download built artifacts + uses: actions/download-artifact@v4 + with: + path: build/vault/plugins/ + merge-multiple: true - name: Release env: @@ -45,6 +86,4 @@ jobs: #!/bin/bash set -e npm install @semantic-release/exec @eclass/semantic-release-docker @semantic-release/git -D - # the ... || true is to prevent the script from failing caused by a bug in semantic-release regarding - # rate limit changes on github. See https://github.com/semantic-release/github/pull/487 - npx -c semantic-release || true + npx -c semantic-release \ No newline at end of file diff --git a/.releaserc.json b/.releaserc.json index 95acff6..ecd7323 100644 --- a/.releaserc.json +++ b/.releaserc.json @@ -52,12 +52,7 @@ { "assets": [ { - "path": "build/vault/plugins/vault-plugin-secrets-nats", - "label": "vault-plugin-secrets-nats" - }, - { - "path": "build/vault/plugins/vault-plugin-secrets-nats.sha256", - "label": "vault-plugin-secrets-nats.sha256" + "path": "build/vault/plugins/vault-plugin-secrets-*" } ] } diff --git a/Makefile b/Makefile index 81dc5d6..bce8b27 100644 --- a/Makefile +++ b/Makefile @@ -21,7 +21,7 @@ generate: all: fmt build start build: generate - CGO_ENABLED=0 GOOS=$(OS) GOARCH="$(GOARCH)" go build -o build/vault/plugins/vault-plugin-secrets-nats -gcflags "all=-N -l" -ldflags '-extldflags "-static"' cmd/vault-plugin-secrets-nats/main.go + CGO_ENABLED=0 GOOS=$(OS) GOARCH=$(GOARCH) go build -o build/vault/plugins/vault-plugin-secrets-nats-$(OS)-$(GOARCH) -gcflags "all=-N -l" -ldflags '-extldflags "-static"' cmd/vault-plugin-secrets-nats/main.go docker: build docker build -t $(DOCKER_REGISTRY)/vault-with-nats-secrets:$(VERSION) -f build/vault/Dockerfile . @@ -36,7 +36,7 @@ enable: VAULT_ADDR='http://127.0.0.1:8200' vault secrets enable -path=nats-secrets vault-plugin-secrets-nats clean: - rm -f ./build/vault/plugins/vault-plugin-secrets-nats + rm -f ./build/vault/plugins/vault-plugin-secrets-nats-* fmt: go fmt $$(go list ./...) diff --git a/build/vault/Dockerfile b/build/vault/Dockerfile index 664247d..3b3637e 100644 --- a/build/vault/Dockerfile +++ b/build/vault/Dockerfile @@ -1,7 +1,7 @@ FROM vault:1.12.5 RUN mkdir -p /etc/vault/vault_plugins RUN mkdir -p /etc/vault/vault_plugins_checksums -COPY build/vault/plugins/vault-plugin-secrets-nats /etc/vault/vault_plugins +COPY build/vault/plugins/vault-plugin-secrets-nats-linux-amd64 /etc/vault/vault_plugins/vault-plugin-secrets-nats RUN sha256sum /etc/vault/vault_plugins/vault-plugin-secrets-nats > /etc/vault/vault_plugins_checksums/vault-plugin-secrets-nats.sha256 RUN cat /etc/vault/vault_plugins_checksums/* diff --git a/ci/semantic-release-patch-files.sh b/ci/semantic-release-patch-files.sh index e3a5d77..1d6fd2d 100755 --- a/ci/semantic-release-patch-files.sh +++ b/ci/semantic-release-patch-files.sh @@ -1,9 +1,17 @@ #!/bin/sh set -e NEXTVERSION=$1 -sha256sum build/vault/plugins/vault-plugin-secrets-nats > build/vault/plugins/vault-plugin-secrets-nats.sha256 +for file in build/vault/plugins/vault-plugin-secrets-nats-*; do + sha256sum $file > $file.sha256 + # this is to retain backward compatibility with the old naming convention + if echo "$file" | grep -q "amd64"; then + cp $file ./build/vault/plugins/vault-plugin-secrets-nats + cp $file.sha256 build/vault/plugins/vault-plugin-secrets-nats.sha256 + fi +done +# only use x86 for the README.md and dev/manifests/vault/vault.yaml export SHA256SUM=$(cat build/vault/plugins/vault-plugin-secrets-nats.sha256 | cut -d ' ' -f1) sed -i "s#sha256: .*#sha256: ${SHA256SUM}#g" README.md sed -i "s#image: ghcr.io/edgefarm/vault-plugin-secrets-nats/vault-with-nats-secrets:.*#image: ghcr.io/edgefarm/vault-plugin-secrets-nats/vault-with-nats-secrets:${NEXTVERSION}#g" README.md sed -i "s#sha256: .*#sha256: ${SHA256SUM}#g" dev/manifests/vault/vault.yaml -sed -i "s#image: ghcr.io/edgefarm/vault-plugin-secrets-nats/vault-with-nats-secrets:.*#image: ghcr.io/edgefarm/vault-plugin-secrets-nats/vault-with-nats-secrets:${NEXTVERSION}#g" dev/manifests/vault/vault.yaml +sed -i "s#image: ghcr.io/edgefarm/vault-plugin-secrets-nats/vault-with-nats-secrets:.*#image: ghcr.io/edgefarm/vault-plugin-secrets-nats/vault-with-nats-secrets:${NEXTVERSION}#g" dev/manifests/vault/vault.yaml \ No newline at end of file From 0708776a8bd7a86695779a2a909d158b7f73c730 Mon Sep 17 00:00:00 2001 From: Armin Schlegel Date: Mon, 3 Jun 2024 14:16:30 +0200 Subject: [PATCH 2/3] Revert "feat: add multiarch build using matrix strategy (#29)" (#30) This reverts commit 54022da0a159d4ce0726ab8a0ccf7fb1e571b45e. --- .github/workflows/release.yml | 67 +++++++----------------------- .releaserc.json | 7 +++- Makefile | 4 +- build/vault/Dockerfile | 2 +- ci/semantic-release-patch-files.sh | 12 +----- 5 files changed, 25 insertions(+), 67 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 16e1f08..f697382 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -10,8 +10,8 @@ on: - completed jobs: - test: - name: Test + on-success: + name: Release runs-on: ubuntu-latest steps: - name: Checkout @@ -19,64 +19,23 @@ jobs: with: fetch-depth: 0 - - name: Set up Go 1.21.10 - uses: actions/setup-go@v5 + - name: Setup Node.js + uses: actions/setup-node@v3 + with: + node-version: "lts/*" + + - name: Set up Go 1.18 + uses: actions/setup-go@v3 with: - go-version: '1.21.10' + go-version: 1.18 - name: Run Tests run: | make test - build: - name: Build - needs: test - runs-on: ubuntu-latest - strategy: - matrix: - os: ['linux', 'windows', 'darwin'] - architecture: [amd64, arm64] - steps: - - name: Checkout - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - - name: Set up Go 1.21.10 - uses: actions/setup-go@v5 - with: - go-version: '1.21.10' - name: Build the artifacts run: | - make OS=${{ matrix.os }} GOARCH=${{ matrix.architecture }} build - - - name: uplpoad built artifacts - uses: actions/upload-artifact@v4 - with: - name: vault-plugin-secrets-nats-${{ matrix.os }}-${{ matrix.architecture }} - path: build/vault/plugins/vault-plugin-secrets-nats-* - retention-days: 1 - overwrite: true - release: - name: Release - runs-on: ubuntu-latest - needs: build - steps: - - name: Checkout - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - - name: Setup Node.js - uses: actions/setup-node@v3 - with: - node-version: "lts/*" - - - name: Download built artifacts - uses: actions/download-artifact@v4 - with: - path: build/vault/plugins/ - merge-multiple: true + make build - name: Release env: @@ -86,4 +45,6 @@ jobs: #!/bin/bash set -e npm install @semantic-release/exec @eclass/semantic-release-docker @semantic-release/git -D - npx -c semantic-release \ No newline at end of file + # the ... || true is to prevent the script from failing caused by a bug in semantic-release regarding + # rate limit changes on github. See https://github.com/semantic-release/github/pull/487 + npx -c semantic-release || true diff --git a/.releaserc.json b/.releaserc.json index ecd7323..95acff6 100644 --- a/.releaserc.json +++ b/.releaserc.json @@ -52,7 +52,12 @@ { "assets": [ { - "path": "build/vault/plugins/vault-plugin-secrets-*" + "path": "build/vault/plugins/vault-plugin-secrets-nats", + "label": "vault-plugin-secrets-nats" + }, + { + "path": "build/vault/plugins/vault-plugin-secrets-nats.sha256", + "label": "vault-plugin-secrets-nats.sha256" } ] } diff --git a/Makefile b/Makefile index bce8b27..81dc5d6 100644 --- a/Makefile +++ b/Makefile @@ -21,7 +21,7 @@ generate: all: fmt build start build: generate - CGO_ENABLED=0 GOOS=$(OS) GOARCH=$(GOARCH) go build -o build/vault/plugins/vault-plugin-secrets-nats-$(OS)-$(GOARCH) -gcflags "all=-N -l" -ldflags '-extldflags "-static"' cmd/vault-plugin-secrets-nats/main.go + CGO_ENABLED=0 GOOS=$(OS) GOARCH="$(GOARCH)" go build -o build/vault/plugins/vault-plugin-secrets-nats -gcflags "all=-N -l" -ldflags '-extldflags "-static"' cmd/vault-plugin-secrets-nats/main.go docker: build docker build -t $(DOCKER_REGISTRY)/vault-with-nats-secrets:$(VERSION) -f build/vault/Dockerfile . @@ -36,7 +36,7 @@ enable: VAULT_ADDR='http://127.0.0.1:8200' vault secrets enable -path=nats-secrets vault-plugin-secrets-nats clean: - rm -f ./build/vault/plugins/vault-plugin-secrets-nats-* + rm -f ./build/vault/plugins/vault-plugin-secrets-nats fmt: go fmt $$(go list ./...) diff --git a/build/vault/Dockerfile b/build/vault/Dockerfile index 3b3637e..664247d 100644 --- a/build/vault/Dockerfile +++ b/build/vault/Dockerfile @@ -1,7 +1,7 @@ FROM vault:1.12.5 RUN mkdir -p /etc/vault/vault_plugins RUN mkdir -p /etc/vault/vault_plugins_checksums -COPY build/vault/plugins/vault-plugin-secrets-nats-linux-amd64 /etc/vault/vault_plugins/vault-plugin-secrets-nats +COPY build/vault/plugins/vault-plugin-secrets-nats /etc/vault/vault_plugins RUN sha256sum /etc/vault/vault_plugins/vault-plugin-secrets-nats > /etc/vault/vault_plugins_checksums/vault-plugin-secrets-nats.sha256 RUN cat /etc/vault/vault_plugins_checksums/* diff --git a/ci/semantic-release-patch-files.sh b/ci/semantic-release-patch-files.sh index 1d6fd2d..e3a5d77 100755 --- a/ci/semantic-release-patch-files.sh +++ b/ci/semantic-release-patch-files.sh @@ -1,17 +1,9 @@ #!/bin/sh set -e NEXTVERSION=$1 -for file in build/vault/plugins/vault-plugin-secrets-nats-*; do - sha256sum $file > $file.sha256 - # this is to retain backward compatibility with the old naming convention - if echo "$file" | grep -q "amd64"; then - cp $file ./build/vault/plugins/vault-plugin-secrets-nats - cp $file.sha256 build/vault/plugins/vault-plugin-secrets-nats.sha256 - fi -done -# only use x86 for the README.md and dev/manifests/vault/vault.yaml +sha256sum build/vault/plugins/vault-plugin-secrets-nats > build/vault/plugins/vault-plugin-secrets-nats.sha256 export SHA256SUM=$(cat build/vault/plugins/vault-plugin-secrets-nats.sha256 | cut -d ' ' -f1) sed -i "s#sha256: .*#sha256: ${SHA256SUM}#g" README.md sed -i "s#image: ghcr.io/edgefarm/vault-plugin-secrets-nats/vault-with-nats-secrets:.*#image: ghcr.io/edgefarm/vault-plugin-secrets-nats/vault-with-nats-secrets:${NEXTVERSION}#g" README.md sed -i "s#sha256: .*#sha256: ${SHA256SUM}#g" dev/manifests/vault/vault.yaml -sed -i "s#image: ghcr.io/edgefarm/vault-plugin-secrets-nats/vault-with-nats-secrets:.*#image: ghcr.io/edgefarm/vault-plugin-secrets-nats/vault-with-nats-secrets:${NEXTVERSION}#g" dev/manifests/vault/vault.yaml \ No newline at end of file +sed -i "s#image: ghcr.io/edgefarm/vault-plugin-secrets-nats/vault-with-nats-secrets:.*#image: ghcr.io/edgefarm/vault-plugin-secrets-nats/vault-with-nats-secrets:${NEXTVERSION}#g" dev/manifests/vault/vault.yaml From e8e131f2918be0675ed938a09fb3189b9963ad23 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Mon, 3 Jun 2024 12:18:25 +0000 Subject: [PATCH 3/3] chore(release): 1.6.0 [skip ci] # [1.6.0](https://github.com/edgefarm/vault-plugin-secrets-nats/compare/v1.5.2...v1.6.0) (2024-06-03) ### Features * add multiarch build using matrix strategy ([#29](https://github.com/edgefarm/vault-plugin-secrets-nats/issues/29)) ([54022da](https://github.com/edgefarm/vault-plugin-secrets-nats/commit/54022da0a159d4ce0726ab8a0ccf7fb1e571b45e)) ### Reverts * Revert "feat: add multiarch build using matrix strategy ([#29](https://github.com/edgefarm/vault-plugin-secrets-nats/issues/29))" ([#30](https://github.com/edgefarm/vault-plugin-secrets-nats/issues/30)) ([0708776](https://github.com/edgefarm/vault-plugin-secrets-nats/commit/0708776a8bd7a86695779a2a909d158b7f73c730)) --- README.md | 2 +- dev/manifests/vault/vault.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 6dbbfc2..426d0b8 100644 --- a/README.md +++ b/README.md @@ -197,7 +197,7 @@ metadata: spec: size: 1 # Use the custom vault image containing the NATS secrets plugin - image: ghcr.io/edgefarm/vault-plugin-secrets-nats/vault-with-nats-secrets:1.5.2 + image: ghcr.io/edgefarm/vault-plugin-secrets-nats/vault-with-nats-secrets:1.6.0 config: disable_mlock: true plugin_directory: "/etc/vault/vault_plugins" diff --git a/dev/manifests/vault/vault.yaml b/dev/manifests/vault/vault.yaml index 8a777d6..701b4e3 100644 --- a/dev/manifests/vault/vault.yaml +++ b/dev/manifests/vault/vault.yaml @@ -5,7 +5,7 @@ metadata: spec: size: 1 # Use the custom vault image containing the NATS secrets plugin - image: ghcr.io/edgefarm/vault-plugin-secrets-nats/vault-with-nats-secrets:1.5.2 + image: ghcr.io/edgefarm/vault-plugin-secrets-nats/vault-with-nats-secrets:1.6.0 # Common annotations for all created resources annotations: