2020-03-27 17:48:57 +01:00
|
|
|
version: 2.1
|
2020-03-27 15:41:33 +01:00
|
|
|
|
2020-04-22 17:11:12 +02:00
|
|
|
orbs:
|
|
|
|
slack: circleci/slack@3.4.2
|
|
|
|
|
2021-01-05 00:35:13 +01:00
|
|
|
references:
|
|
|
|
images:
|
|
|
|
middleman: &MIDDLEMAN_IMAGE docker.mirror.hashicorp.services/hashicorp/middleman-hashicorp:0.3.44
|
|
|
|
|
2020-03-27 15:41:33 +01:00
|
|
|
executors:
|
|
|
|
go:
|
2020-03-27 17:48:57 +01:00
|
|
|
docker:
|
Upgrade to Go 1.17
This includes the addition of the new "//go:build" comment form in addition
to the legacy "// +build" notation, as produced by gofmt to ensure
consistent behavior between Go versions. The new directives are all
equivalent to what was present before, so there's no change in behavior.
Go 1.17 continues to use the Unicode 13 tables as in Go 1.16, so this
upgrade does not require also upgrading our Unicode-related dependencies.
This upgrade includes the following breaking changes which will also
appear as breaking changes for Terraform users, but that are consistent
with the Terraform v1.0 compatibility promises.
- On MacOS, Terraform now requires macOS 10.13 High Sierra or later.
This upgrade also includes the following breaking changes which will
appear as breaking changes for Terraform users that are inconsistent with
our compatibility promises, but have justified exceptions as follows:
- cidrsubnet, cidrhost, and cidrnetmask will now reject IPv4 CIDR
addresses whose decimal components have leading zeros, where previously
they would just silently ignore those leading zeros.
This is a security-motivated exception to our compatibility promises,
because some external systems interpret zero-prefixed octets as octal
numbers rather than decimal, and thus the previous lenient parsing could
lead to a different interpretation of the address between systems, and
thus potentially allow bypassing policy when configuring firewall rules
etc.
This upgrade also includes the following breaking changes which could
_potentially_ appear as breaking changes for Terraform users, but that do
not in practice for the reasons given:
- The Go net/url package no longer allows query strings with pairs
separated by semicolons instead of ampersands. This primarily affects
HTTP servers written in Go, and Terraform includes a special temporary
HTTP server as part of its implementation of OAuth for "terraform login",
but that server only needs to accept URLs created by Terraform itself
and Terraform does not generate any URLs that would be rejected.
2021-08-17 02:19:17 +02:00
|
|
|
- image: docker.mirror.hashicorp.services/cimg/go:1.17
|
2020-03-27 15:41:33 +01:00
|
|
|
environment:
|
|
|
|
CONSUL_VERSION: 1.7.2
|
|
|
|
GOMAXPROCS: 4
|
|
|
|
GO111MODULE: "on"
|
|
|
|
GOPROXY: https://proxy.golang.org/
|
|
|
|
TEST_RESULTS_DIR: &TEST_RESULTS_DIR /tmp/test-results
|
|
|
|
ARTIFACTS_DIR: &ARTIFACTS_DIR /tmp/artifacts
|
|
|
|
|
|
|
|
jobs:
|
|
|
|
go-checks:
|
|
|
|
executor:
|
|
|
|
name: go
|
|
|
|
steps:
|
|
|
|
- checkout
|
|
|
|
- run: go mod verify
|
2020-12-02 18:16:14 +01:00
|
|
|
- run: go install honnef.co/go/tools/cmd/staticcheck
|
|
|
|
- run: make fmtcheck generate staticcheck
|
2020-03-27 15:41:33 +01:00
|
|
|
- run:
|
|
|
|
name: verify no code was generated
|
|
|
|
command: |
|
|
|
|
if [[ -z $(git status --porcelain) ]]; then
|
2020-04-06 16:49:55 +02:00
|
|
|
echo "Git directory is clean."
|
2020-03-27 15:41:33 +01:00
|
|
|
else
|
2020-04-06 16:49:55 +02:00
|
|
|
echo "Git is dirty. Run `make fmtcheck` and `make generate` locally and commit any formatting fixes or generated code."
|
2020-03-27 15:41:33 +01:00
|
|
|
git status --porcelain
|
|
|
|
exit 1
|
|
|
|
fi
|
2021-07-28 20:51:20 +02:00
|
|
|
- run:
|
|
|
|
name: verify go.mod and go.sum are correct
|
|
|
|
command: |
|
|
|
|
go mod tidy
|
|
|
|
git diff --quiet && exit 0
|
|
|
|
echo "please run 'go mod tidy' to ensure go.mod and go.sum are up to date"
|
|
|
|
exit 1
|
2021-08-21 01:12:39 +02:00
|
|
|
- run:
|
|
|
|
name: verify that our protobuf stubs are up-to-date
|
|
|
|
command: |
|
|
|
|
make protobuf
|
|
|
|
git diff --quiet && exit 0
|
|
|
|
echo "Run 'make protobuf' to ensure that the protobuf stubs are up-to-date."
|
|
|
|
exit 1
|
2020-03-27 15:41:33 +01:00
|
|
|
|
|
|
|
go-test:
|
|
|
|
executor:
|
|
|
|
name: go
|
2020-09-11 18:51:15 +02:00
|
|
|
environment:
|
|
|
|
TF_CONSUL_TEST: 1
|
2020-03-27 15:41:33 +01:00
|
|
|
parallelism: 4
|
|
|
|
steps:
|
|
|
|
- checkout
|
|
|
|
- attach_workspace:
|
|
|
|
at: .
|
|
|
|
- run:
|
|
|
|
name: install consul
|
|
|
|
command: |
|
|
|
|
curl -sLo consul.zip https://releases.hashicorp.com/consul/${CONSUL_VERSION}/consul_${CONSUL_VERSION}_linux_amd64.zip
|
|
|
|
unzip consul.zip
|
|
|
|
mkdir -p ~/bin
|
|
|
|
mv consul ~/bin
|
|
|
|
echo 'export PATH="~/bin:$PATH"'
|
|
|
|
- run: mkdir -p $TEST_RESULTS_DIR
|
2020-03-31 23:56:30 +02:00
|
|
|
- run:
|
|
|
|
name: Run Go Tests
|
|
|
|
command: |
|
|
|
|
PACKAGE_NAMES=$(go list ./... | circleci tests split --split-by=timings --timings-type=classname)
|
|
|
|
echo "Running $(echo $PACKAGE_NAMES | wc -w) packages"
|
|
|
|
echo $PACKAGE_NAMES
|
|
|
|
gotestsum --format=short-verbose --junitfile $TEST_RESULTS_DIR/gotestsum-report.xml -- -p 2 -cover -coverprofile=cov_$CIRCLE_NODE_INDEX.part $PACKAGE_NAMES
|
2020-03-27 15:41:33 +01:00
|
|
|
|
|
|
|
# save coverage report parts
|
|
|
|
- persist_to_workspace:
|
|
|
|
root: .
|
|
|
|
paths:
|
|
|
|
- cov_*.part
|
|
|
|
|
|
|
|
- store_test_results:
|
|
|
|
path: *TEST_RESULTS_DIR
|
|
|
|
- store_artifacts:
|
|
|
|
path: *TEST_RESULTS_DIR
|
|
|
|
|
2020-04-22 17:21:32 +02:00
|
|
|
- slack/status:
|
2020-04-22 17:26:44 +02:00
|
|
|
fail_only: true
|
2021-02-24 19:36:47 +01:00
|
|
|
only_for_branches: main
|
2020-04-22 17:21:32 +02:00
|
|
|
|
2020-03-27 15:41:33 +01:00
|
|
|
go-test-e2e:
|
|
|
|
executor:
|
|
|
|
name: go
|
|
|
|
environment:
|
|
|
|
TF_ACC: 1
|
2020-03-27 17:48:57 +01:00
|
|
|
steps:
|
2020-03-27 15:41:33 +01:00
|
|
|
- checkout
|
|
|
|
- attach_workspace:
|
|
|
|
at: .
|
|
|
|
- run: mkdir -p $TEST_RESULTS_DIR
|
2020-03-31 23:56:30 +02:00
|
|
|
- run:
|
|
|
|
name: Run Go E2E Tests
|
|
|
|
command: |
|
2021-06-03 20:08:04 +02:00
|
|
|
gotestsum --format=short-verbose --junitfile $TEST_RESULTS_DIR/gotestsum-report.xml -- -p 2 -cover -coverprofile=cov_e2e.part ./internal/command/e2etest
|
2020-03-27 15:41:33 +01:00
|
|
|
|
|
|
|
# save coverage report parts
|
|
|
|
- persist_to_workspace:
|
|
|
|
root: .
|
|
|
|
paths:
|
|
|
|
- cov_*.part
|
|
|
|
|
|
|
|
- store_test_results:
|
|
|
|
path: *TEST_RESULTS_DIR
|
|
|
|
- store_artifacts:
|
|
|
|
path: *TEST_RESULTS_DIR
|
|
|
|
|
2020-04-22 17:21:32 +02:00
|
|
|
- slack/status:
|
2020-04-22 17:26:44 +02:00
|
|
|
fail_only: true
|
2021-02-24 19:36:47 +01:00
|
|
|
only_for_branches: main
|
2020-04-22 17:21:32 +02:00
|
|
|
|
2020-03-27 15:41:33 +01:00
|
|
|
# build all distros
|
|
|
|
build-distros: &build-distros
|
|
|
|
executor: go
|
|
|
|
environment: &build-env
|
|
|
|
TF_RELEASE: 1
|
|
|
|
steps:
|
|
|
|
- run: go get -u github.com/mitchellh/gox # go get gox before detecting go mod
|
|
|
|
- checkout
|
|
|
|
- run: ./scripts/build.sh
|
|
|
|
- run: mkdir -p $ARTIFACTS_DIR
|
|
|
|
- run: cp pkg/*.zip /tmp/artifacts
|
|
|
|
# save dev build to CircleCI
|
|
|
|
- store_artifacts:
|
|
|
|
path: *ARTIFACTS_DIR
|
|
|
|
|
|
|
|
# build all amd64 architecture supported OS binaries
|
|
|
|
build-amd64:
|
|
|
|
<<: *build-distros
|
|
|
|
environment:
|
|
|
|
<<: *build-env
|
2021-03-30 17:07:01 +02:00
|
|
|
XC_OS: "darwin linux windows"
|
2020-03-27 15:41:33 +01:00
|
|
|
XC_ARCH: "amd64"
|
|
|
|
|
|
|
|
# build all arm architecture supported OS binaries
|
|
|
|
build-arm:
|
|
|
|
<<: *build-distros
|
|
|
|
environment:
|
|
|
|
<<: *build-env
|
2021-03-30 17:07:01 +02:00
|
|
|
XC_OS: "linux"
|
2020-03-27 15:41:33 +01:00
|
|
|
XC_ARCH: "arm"
|
2020-03-27 17:48:57 +01:00
|
|
|
|
2021-06-30 13:44:46 +02:00
|
|
|
# build all arm64 architecture supported OS binaries
|
|
|
|
build-arm64:
|
|
|
|
<<: *build-distros
|
|
|
|
environment:
|
|
|
|
<<: *build-env
|
|
|
|
XC_OS: "darwin"
|
|
|
|
XC_ARCH: "arm64"
|
|
|
|
|
2020-06-17 15:53:21 +02:00
|
|
|
test-docker-full:
|
|
|
|
executor:
|
|
|
|
name: go
|
|
|
|
steps:
|
|
|
|
- checkout
|
|
|
|
- setup_remote_docker
|
|
|
|
- run:
|
|
|
|
name: test docker build for 'full' image
|
|
|
|
command: docker build -t test-docker-full .
|
|
|
|
|
2021-01-05 00:35:13 +01:00
|
|
|
# Based on a similar job in terraform-website repo.
|
|
|
|
website-link-check:
|
|
|
|
docker:
|
|
|
|
- image: *MIDDLEMAN_IMAGE
|
|
|
|
steps:
|
|
|
|
- checkout:
|
|
|
|
path: terraform
|
|
|
|
|
|
|
|
- run:
|
|
|
|
name: Determine changed website files, if any
|
|
|
|
working_directory: terraform
|
|
|
|
command: |
|
|
|
|
# Figure out what the current branch forked from. Compare against
|
2021-02-24 19:36:47 +01:00
|
|
|
# main and the set of "vX.Y" branches, and choose whichever branch
|
2021-01-05 00:35:13 +01:00
|
|
|
# we're the *fewest* commits ahead of.
|
|
|
|
# The point here isn't to perfectly predict where this will be
|
|
|
|
# merged; all we really care about is determining which commits are
|
|
|
|
# *unique to this PR,* so we don't accidentally complain about
|
|
|
|
# problems you had nothing to do with.
|
|
|
|
PARENT_BRANCH=$(
|
2021-02-24 19:36:47 +01:00
|
|
|
for br in $(git branch -rl --format='%(refname:short)' | grep -E '^origin/(main|v\d+\.\d+)$'); do
|
2021-01-05 00:35:13 +01:00
|
|
|
new_commits=$(git rev-list --first-parent ^${br} HEAD | wc -l);
|
|
|
|
echo "${br} ${new_commits}";
|
|
|
|
done \
|
|
|
|
| sort -n -k2 \
|
|
|
|
| head -n1 \
|
|
|
|
| awk '{print $1}';
|
|
|
|
)
|
|
|
|
echo "Checking current branch against: ${PARENT_BRANCH}"
|
|
|
|
MERGE_BASE=$(git merge-base HEAD ${PARENT_BRANCH})
|
|
|
|
git diff --name-only -z --diff-filter=AMRCT ${MERGE_BASE}..HEAD -- ./website/ > /tmp/changed-website-files.txt
|
|
|
|
# --name-only: Return a list of affected files but don't show the changes.
|
|
|
|
# -z: Make that a null-separated list (instead of newline-separated), and
|
|
|
|
# DON'T mangle non-ASCII characters.
|
|
|
|
# --diff-filter=AMRCT: Only list files that were added, modified, renamed,
|
|
|
|
# copied, or had their type changed (file, symlink, etc.). In
|
|
|
|
# particular, we don't want to check deleted files.
|
|
|
|
# ${MERGE_BASE}..HEAD: Only consider files that have
|
|
|
|
# changed since this branch diverged from its parent branch.
|
|
|
|
# -- ./website/: Only consider files in the website directory.
|
|
|
|
echo "Changed website files:"
|
|
|
|
cat /tmp/changed-website-files.txt | tr '\0' '\n'
|
|
|
|
# Need to use "tr" for display because it's a null-separated list.
|
|
|
|
|
|
|
|
- run:
|
|
|
|
name: Exit early if there's nothing to check
|
|
|
|
command: |
|
|
|
|
if [ ! -s /tmp/changed-website-files.txt ]; then
|
|
|
|
circleci-agent step halt
|
|
|
|
fi
|
|
|
|
|
|
|
|
- run:
|
|
|
|
name: Check out terraform-website repo
|
|
|
|
command: git clone git@github.com:hashicorp/terraform-website.git
|
|
|
|
|
|
|
|
- run:
|
|
|
|
name: Use local checkout for terraform submodule, instead of cloning again
|
|
|
|
working_directory: terraform-website
|
|
|
|
command: |
|
|
|
|
# Set submodule's URL to our existing checkout.
|
|
|
|
# (Using `pwd` because git's behavior with strictly relative paths is unreliable.)
|
|
|
|
git config --file=.gitmodules submodule.ext/terraform.url $(pwd)/../terraform/.git
|
|
|
|
# Make it so `make sync` will grab our current branch instead of stable-website.
|
|
|
|
git config --file=.gitmodules submodule.ext/terraform.branch HEAD
|
|
|
|
|
|
|
|
- run:
|
|
|
|
name: Init/update terraform-website submodules
|
|
|
|
working_directory: terraform-website
|
|
|
|
command: make sync
|
|
|
|
|
|
|
|
- run:
|
|
|
|
name: Set up terraform-website dependencies
|
|
|
|
working_directory: terraform-website/content
|
|
|
|
# If this does anything interesting, then the container needs an update.
|
|
|
|
command: bundle check || bundle install --path vendor/bundle --retry=3
|
|
|
|
|
|
|
|
- run:
|
|
|
|
name: Run middleman in background
|
|
|
|
working_directory: terraform-website/content
|
|
|
|
background: true
|
|
|
|
command: bundle exec middleman server
|
|
|
|
|
|
|
|
- run:
|
|
|
|
name: Wait for server to start
|
|
|
|
command: until curl -sS http://localhost:4567/ > /dev/null; do sleep 1; done
|
|
|
|
|
|
|
|
- run:
|
|
|
|
name: Check links in changed pages
|
|
|
|
working_directory: terraform-website/content
|
|
|
|
command: cat /tmp/changed-website-files.txt | bundle exec ./scripts/check-pr-links.rb
|
|
|
|
|
2020-03-27 17:48:57 +01:00
|
|
|
workflows:
|
|
|
|
version: 2
|
2020-03-27 15:41:33 +01:00
|
|
|
test:
|
|
|
|
jobs:
|
|
|
|
- go-checks
|
|
|
|
- go-test:
|
|
|
|
requires:
|
|
|
|
- go-checks
|
|
|
|
- go-test-e2e:
|
|
|
|
requires:
|
|
|
|
- go-checks
|
2020-06-17 15:53:21 +02:00
|
|
|
- test-docker-full:
|
|
|
|
filters:
|
|
|
|
branches:
|
|
|
|
only:
|
2021-02-24 19:36:47 +01:00
|
|
|
- main
|
2020-06-17 15:53:21 +02:00
|
|
|
- /^v\d+\.\d+$/ # v0.11, v0.12, etc.
|
|
|
|
|
2020-03-27 15:41:33 +01:00
|
|
|
build-distros:
|
2020-03-27 17:48:57 +01:00
|
|
|
jobs:
|
2020-03-27 15:41:33 +01:00
|
|
|
- build-amd64
|
|
|
|
- build-arm
|
2021-06-30 13:45:53 +02:00
|
|
|
- build-arm64
|
2021-01-05 00:35:13 +01:00
|
|
|
|
|
|
|
website-test:
|
|
|
|
jobs:
|
|
|
|
- website-link-check
|