add changelog #709

Workflow file for this run

	name: build

	on:
	workflow_dispatch:
	push:

	env:
	PKG_NAME: "consul-ecs"

	# cancel existing runs of the same workflow on the same ref
	concurrency:
	group: ${{ github.workflow }}-${{ github.head_ref \|\| github.ref }}
	cancel-in-progress: true

	jobs:
	get-go-version:
	uses: ./.github/workflows/reusable-get-go-version.yml

	get-product-version:
	runs-on: ubuntu-latest
	outputs:
	product-version: ${{ steps.get-product-version.outputs.product-version }}
	ldflags: ${{ steps.get-product-version.outputs.ldflags }}
	git-short-sha: ${{ steps.get-product-version.outputs.git-short-sha }}
	steps:
	- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
	- name: get product version
	id: get-product-version
	run: \|
	make version
	echo "product-version=$(make version)" >> $GITHUB_OUTPUT
	echo "git-short-sha=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
	echo "ldflags=-s -w -X github.com/hashicorp/consul-ecs/version.GitCommit=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT

	generate-metadata-file:
	needs: get-product-version
	runs-on: ubuntu-latest
	outputs:
	filepath: ${{ steps.generate-metadata-file.outputs.filepath }}
	steps:
	- name: "Checkout directory"
	uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
	- name: Generate metadata file
	id: generate-metadata-file
	uses: hashicorp/actions-generate-metadata@v1
	with:
	version: ${{ needs.get-product-version.outputs.product-version }}
	product: ${{ env.PKG_NAME }}
	repositoryOwner: "hashicorp"
	- uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
	with:
	name: metadata.json
	path: ${{ steps.generate-metadata-file.outputs.filepath }}

	build-linux:
	needs:
	- get-go-version
	- get-product-version
	# Warning: Updating the ubuntu version for this job may cause FIPS builds on arm64 to
	# have issues running mesh-init, which copies the Cgo dynamically linked binary to a
	# remote host. Compiling against a secure-but-older GLibC version (by using an older
	# Ubuntu image) is the easiest way to avoid this issue.
	# See https://groups.google.com/g/pat-users/c/dawmYvN4DBc
	runs-on: ubuntu-20.04
	strategy:
	matrix:
	include:
	- {goos: "linux", goarch: "arm"}
	- {goos: "linux", goarch: "arm64"}
	- {goos: "linux", goarch: "386"}
	- {goos: "linux", goarch: "amd64"}
	- {goos: "linux", goarch: "arm64", gotags: "fips", env: "CGO_ENABLED=1 GOEXPERIMENT=boringcrypto CC=aarch64-linux-gnu-gcc", fips: "+fips1402" }
	- {goos: "linux", goarch: "amd64", gotags: "fips", env: "CGO_ENABLED=1 GOEXPERIMENT=boringcrypto", fips: "+fips1402"}

	fail-fast: true

	name: Go ${{ needs.get-go-version.outputs.go-version }} ${{ matrix.goos }} ${{ matrix.goarch }} ${{ matrix.fips }} build

	steps:
	- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4

	- name: Setup go
	uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
	with:
	go-version: ${{ needs.get-go-version.outputs.go-version }}

	- name: CGO Dependencies
	if: ${{ matrix.fips }} == "+fips1402" && ${{ matrix.goarch }} == "arm64"
	run: \|
	sudo apt-get update --allow-releaseinfo-change-suite --allow-releaseinfo-change-version && sudo apt-get install -y gcc-aarch64-linux-gnu

	- name: Build
	env:
	# Env may be overridden by matrix values, e.g. CGO_ENABLED for FIPS builds.
	GOOS: ${{ matrix.goos }}
	GOARCH: ${{ matrix.goarch }}
	LDFLAGS: ${{ needs.get-product-version.outputs.ldflags }}
	CGO_ENABLED: "0"
	run: \|
	${{ matrix.env }} go env
	mkdir dist out
	cp $GITHUB_WORKSPACE/LICENSE dist/LICENSE.txt
	${{ matrix.env }} go build -tags=${{ matrix.gotags }} -ldflags="$LDFLAGS" -o dist/ .
	zip -r -j out/${{ env.PKG_NAME }}_${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip dist/
	if [ "${{ matrix.goarch }}" = "amd64" ]; then
	bin=$(find dist -name consul-ecs)
	$bin version
	fi

	- uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
	with:
	name: ${{ env.PKG_NAME }}_${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip
	path: out/${{ env.PKG_NAME }}_${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip

	build-docker-default:
	name: Docker ${{ matrix.arch }} default release build
	needs:
	- get-product-version
	- build-linux
	runs-on: ubuntu-latest
	strategy:
	matrix:
	arch: ["arm", "arm64", "386", "amd64"]
	env:
	repo: ${{ github.event.repository.name }}
	version: ${{ needs.get-product-version.outputs.product-version }}

	steps:
	- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
	- name: Docker Build (Action)
	uses: hashicorp/actions-docker-build@v2
	with:
	smoke_test: \|
	TEST_VERSION="$(docker run "${IMAGE_NAME}" version \| awk '{print $2}')"
	echo "TEST_VERSION=${TEST_VERSION}"
	echo "version=${version}"
	if [ "${TEST_VERSION}" != "v${version}" ]; then
	echo "Test FAILED"
	exit 1
	fi
	echo "Test PASSED"
	version: ${{ env.version }}
	target: release-default
	arch: ${{ matrix.arch }}
	tags: \|
	docker.io/hashicorp/${{ env.repo }}:${{ env.version }}
	public.ecr.aws/hashicorp/${{ env.repo }}:${{ env.version }}
	dev_tags: \|
	hashicorppreview/${{ env.repo }}:${{ env.version }}
	docker.io/hashicorppreview/${{ env.repo }}:${{ env.version }}-${{ github.sha }}

	build-docker-fips:
	name: Docker ${{ matrix.arch }} FIPS release build
	needs:
	- get-product-version
	- build-linux
	runs-on: ubuntu-latest
	strategy:
	matrix:
	include:
	- { arch: "arm64" }
	- { arch: "amd64" }
	env:
	repo: ${{ github.event.repository.name }}
	version: ${{ needs.get-product-version.outputs.product-version }}+fips1402

	steps:
	- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
	- name: Docker FIPS Build (Action)
	uses: hashicorp/actions-docker-build@v2
	with:
	smoke_test: \|
	TEST_VERSION="$(docker run "${IMAGE_NAME}" version \| awk '{print $2}')"
	echo "TEST_VERSION=${TEST_VERSION}"
	echo "version=${version}"
	if [ "${TEST_VERSION}" != "v${version}" ]; then
	echo "Test FAILED"
	exit 1
	fi
	echo "Test PASSED"
	version: ${{ env.version }}
	target: release-fips-default
	arch: ${{ matrix.arch }}
	tags: \|
	docker.io/hashicorp/${{ env.repo }}-fips:${{ env.version }}
	public.ecr.aws/hashicorp/${{ env.repo }}-fips:${{ env.version }}
	dev_tags: \|
	hashicorppreview/${{ env.repo }}-fips:${{ env.version }}
	docker.io/hashicorppreview/${{ env.repo }}-fips:${{ env.version }}-${{ github.sha }}

	upload-dev-docker:
	name: Upload dev image (hashicorpdev/consul-ecs:<commit>)
	environment: dockerhub/hashicorpdev
	needs:
	- get-product-version
	- build-docker-default
	runs-on: ubuntu-latest
	strategy:
	matrix:
	arch: ["amd64"]
	env:
	repo: ${{ github.event.repository.name }}
	version: ${{ needs.get-product-version.outputs.product-version }}
	target: release-default
	git-short-sha: ${{ needs.get-product-version.outputs.git-short-sha }}
	steps:
	- name: download image artifact
	uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
	with:
	name: ${{ env.repo }}_${{ env.target }}_linux_${{ matrix.arch }}_${{ env.version }}_${{ github.sha }}.docker.dev.tar
	- name: docker push
	shell: bash
	run: \|
	TAG=hashicorpdev/${{ env.repo }}:${{ env.git-short-sha }}
	echo "==> Load docker image from tar archive"
	docker load -i "${{ env.repo }}_${{ env.target }}_linux_${{ matrix.arch }}_${{ env.version }}_${{ github.sha }}.docker.dev.tar"
	echo "==> Tag docker image $TAG"
	docker tag "hashicorppreview/${{ env.repo }}:${{ env.version }}-${{ github.sha }}" "$TAG"
	echo "==> Docker login"
	echo ${{ secrets.DOCKER_PASS }} \| docker login -u=${{ secrets.DOCKER_USER }} --password-stdin

	echo "==> Push docker image $TAG"
	docker push "$TAG"

	- name: docker push (latest)
	shell: bash
	if: ${{ github.ref == 'refs/heads/main' }}
	run: \|
	TAG=hashicorpdev/${{ env.repo }}:latest
	echo "==> Tag docker image $TAG as :latest"
	docker tag "hashicorpdev/${{ env.repo }}:${{ env.git-short-sha }}" "$TAG"

	echo "==> Push docker image $TAG"
	docker push "$TAG"

	# This is job is required for branch protection as a required GitHub check
	# because GitHub actions show up as checks at the job level and not the
	# workflow level. This is currently a feature request:
	# https://github.com/orgs/community/discussions/12395
	#
	# This job must:
	# - be placed after the fanout of a workflow so that everything fans back in
	# to this job.
	# - "need" any job that is part of the fan out / fan in
	# - include if: always() logic because we may have conditional jobs that this job
	# needs, and this would potentially get skipped if a previous job got skipped.
	# The if clause ensures it does not get skipped.
	build-success:
	needs:
	- generate-metadata-file
	- build-linux
	- build-docker-default
	- build-docker-fips
	runs-on: ubuntu-latest
	if: always()
	steps:
	- name: evaluate upstream job results
	run: \|
	# exit 1 if failure or cancelled result for any upstream job
	# this ensures that we fail the PR check regardless of cancellation, rather than skip-passing it
	# see https://docs.github.com/en/actions/using-jobs/using-conditions-to-control-job-execution#overview
	if printf '${{ toJSON(needs) }}' \| grep -E -i '\"result\": \"(failure\|cancelled)\"'; then
	printf "Tests failed or workflow cancelled:\n\n${{ toJSON(needs) }}"
	exit 1
	fi

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

add changelog #709

Workflow file

add changelog #709

Jobs

Run details

Workflow file for this run