| --- |
| name: build_vault |
| |
| # This workflow is intended to be called by the build workflow for each Vault |
| # binary that needs to be built and packaged. The ci make targets that are |
| # utilized automatically determine build metadata and handle building and |
| # packing vault. |
| |
| on: |
| workflow_call: |
| inputs: |
| cgo-enabled: |
| type: string |
| default: 0 |
| create-packages: |
| type: boolean |
| default: true |
| goos: |
| required: true |
| type: string |
| goarch: |
| required: true |
| type: string |
| go-tags: |
| type: string |
| package-name: |
| type: string |
| default: vault |
| vault-version: |
| type: string |
| required: true |
| web-ui-cache-key: |
| type: string |
| required: true |
| |
| jobs: |
| build: |
| runs-on: custom-linux-xl-vault-latest |
| name: Vault ${{ inputs.goos }} ${{ inputs.goarch }} v${{ inputs.vault-version }} |
| steps: |
| - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 |
| - uses: ./.github/actions/set-up-go |
| with: |
| github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} |
| - name: Restore UI from cache |
| uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 |
| with: |
| # Restore the UI asset from the UI build workflow. Never use a partial restore key. |
| enableCrossOsArchive: true |
| fail-on-cache-miss: true |
| path: http/web_ui |
| key: ${{ inputs.web-ui-cache-key }} |
| - name: Build Vault |
| env: |
| GO_TAGS: ${{ inputs.go-tags }} |
| CGO_ENABLED: ${{ inputs.cgo-enabled }} |
| GOARCH: ${{ inputs.goarch }} |
| GOOS: ${{ inputs.goos }} |
| VERSION: ${{ inputs.vault-version }} |
| run: |
| make ci-build |
| - name: Determine artifact basename |
| env: |
| GOARCH: ${{ inputs.goarch }} |
| GOOS: ${{ inputs.goos }} |
| VERSION: ${{ inputs.vault-version }} |
| run: echo "ARTIFACT_BASENAME=$(make ci-get-artifact-basename)" >> "$GITHUB_ENV" |
| - name: Bundle Vault |
| env: |
| BUNDLE_PATH: out/${{ env.ARTIFACT_BASENAME }}.zip |
| run: make ci-bundle |
| - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 |
| with: |
| name: ${{ env.ARTIFACT_BASENAME }}.zip |
| path: out/${{ env.ARTIFACT_BASENAME }}.zip |
| if-no-files-found: error |
| - if: ${{ inputs.create-packages }} |
| uses: hashicorp/actions-packaging-linux@v1 |
| with: |
| name: ${{ github.event.repository.name }} |
| description: Vault is a tool for secrets management, encryption as a service, and privileged access management. |
| arch: ${{ inputs.goarch }} |
| version: ${{ inputs.vault-version }} |
| maintainer: HashiCorp |
| homepage: https://github.com/hashicorp/vault |
| license: MPL-2.0 |
| binary: dist/${{ inputs.package-name }} |
| deb_depends: openssl |
| rpm_depends: openssl |
| config_dir: .release/linux/package/ |
| preinstall: .release/linux/preinst |
| postinstall: .release/linux/postinst |
| postremove: .release/linux/postrm |
| - if: ${{ inputs.create-packages }} |
| name: Determine package file names |
| run: | |
| echo "RPM_PACKAGE=$(basename out/*.rpm)" >> "$GITHUB_ENV" |
| echo "DEB_PACKAGE=$(basename out/*.deb)" >> "$GITHUB_ENV" |
| - if: ${{ inputs.create-packages }} |
| uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 |
| with: |
| name: ${{ env.RPM_PACKAGE }} |
| path: out/${{ env.RPM_PACKAGE }} |
| if-no-files-found: error |
| - if: ${{ inputs.create-packages }} |
| uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 |
| with: |
| name: ${{ env.DEB_PACKAGE }} |
| path: out/${{ env.DEB_PACKAGE }} |
| if-no-files-found: error |
