Update changelog with links to discuss for v5.5.0 release (#2668) #3170
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: build | |
| on: | |
| push: | |
| workflow_dispatch: | |
| permissions: | |
| # Permission for checking out code | |
| contents: read | |
| env: | |
| PKG_NAME: "terraform-provider-vault" | |
| jobs: | |
| go-version: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| version: ${{ steps.go-version.outputs.version }} | |
| steps: | |
| - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
| - id: go-version | |
| run: echo "version=$(cat .go-version)" >> "$GITHUB_OUTPUT" | |
| # Parses the version/VERSION file. Reference: https://github.com/hashicorp/actions-set-product-version/blob/main/README.md | |
| # | |
| # > This action should be implemented in product repo `build.yml` files. The action is intended to grab the version | |
| # > from the version file at the beginning of the build, then passes those versions (along with metadata, where | |
| # > necessary) to any workflow jobs that need version information. | |
| set-product-version: | |
| name: "Parse version file" | |
| runs-on: ubuntu-latest | |
| outputs: | |
| product-version: ${{ steps.set-product-version.outputs.product-version }} | |
| product-base-version: ${{ steps.set-product-version.outputs.base-product-version }} | |
| product-prerelease-version: ${{ steps.set-product-version.outputs.prerelease-product-version }} | |
| product-minor-version: ${{ steps.set-product-version.outputs.minor-product-version }} | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| - name: Set variables | |
| id: set-product-version | |
| uses: hashicorp/actions-set-product-version@v2 | |
| # Creates metadata.json file containing build metadata for consumption by CRT workflows. | |
| # | |
| # Reference: https://github.com/hashicorp/actions-generate-metadata/blob/main/README.md | |
| generate-metadata-file: | |
| needs: set-product-version | |
| runs-on: ubuntu-latest | |
| outputs: | |
| filepath: ${{ steps.generate-metadata-file.outputs.filepath }} | |
| steps: | |
| - name: "Checkout directory" | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| - name: Generate metadata file | |
| id: generate-metadata-file | |
| uses: hashicorp/actions-generate-metadata@v1 | |
| with: | |
| version: ${{ needs.set-product-version.outputs.product-version }} | |
| product: ${{ env.PKG_NAME }} | |
| repositoryOwner: "hashicorp" | |
| repository: "terraform-provider-vault" | |
| - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 | |
| with: | |
| name: metadata.json | |
| path: ${{ steps.generate-metadata-file.outputs.filepath }} | |
| build-pre: | |
| needs: [go-version] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
| - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 | |
| with: | |
| go-version-file: '.go-version' | |
| cache: false | |
| # setup-terraform is used to install the Terraform CLI. If we don't do | |
| # this then the terraform-plugin-sdk will attempt to download it for each test! | |
| - uses: hashicorp/setup-terraform@v3 | |
| with: | |
| terraform_version: '1.12.*' | |
| terraform_wrapper: false | |
| - name: Cache go build | |
| uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| ~/Library/Caches/go-build | |
| key: ${{ runner.os }}-golang-${{ hashFiles('**/go.sum') }} | |
| restore-keys: | | |
| ${{ runner.os }}-golang- | |
| - name: Run unit tests | |
| # here to short-circuit the acceptance tests, in the case of a failure. | |
| env: | |
| GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" | |
| run: | | |
| make test | |
| build: | |
| needs: | |
| - build-pre | |
| - go-version | |
| - set-product-version | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: true | |
| matrix: | |
| goos: [ freebsd, windows, linux, darwin ] | |
| goarch: [ "386", "amd64", "arm", "arm64" ] | |
| exclude: | |
| - goos: freebsd | |
| goarch: arm64 | |
| - goos: windows | |
| goarch: arm64 | |
| - goos: windows | |
| goarch: arm | |
| - goos: darwin | |
| goarch: 386 | |
| - goos: darwin | |
| goarch: arm | |
| name: Go ${{ needs.go-version.outputs.version }} ${{ matrix.goos }} ${{ matrix.goarch }} build | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| - uses: hashicorp/actions-go-build@v1 | |
| env: | |
| CGO_ENABLED: 0 | |
| BASE_VERSION: ${{ needs.set-product-version.outputs.product-base-version }} | |
| PRERELEASE_VERSION: ${{ needs.set-product-version.outputs.product-prerelease-version}} | |
| METADATA_VERSION: ${{ env.METADATA }} | |
| with: | |
| bin_name: "${{ env.PKG_NAME }}_v${{ needs.set-product-version.outputs.product-version }}_x5" | |
| product_name: ${{ env.PKG_NAME }} | |
| product_version: ${{ needs.set-product-version.outputs.product-version }} | |
| go_version: ${{ needs.go-version.outputs.version }} | |
| os: ${{ matrix.goos }} | |
| arch: ${{ matrix.goarch }} | |
| reproducible: report | |
| instructions: | | |
| go build \ | |
| -o "$BIN_PATH" \ | |
| -trimpath \ | |
| -buildvcs=false \ | |
| -ldflags "-s -w" | |
| cp LICENSE "$TARGET_DIR/LICENSE.txt" | |
| acceptance: | |
| name: vault_image:${{ matrix.image }} tf_version:${{ matrix.terraform_version }} | |
| needs: [go-version, build-pre] | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| image: | |
| - "vault-enterprise:1.16.27-ent" | |
| - "vault-enterprise:1.17.18-ent" | |
| - "vault-enterprise:1.18.15-ent" | |
| - "vault-enterprise:1.19.12-ent" | |
| - "vault-enterprise:1.20.5-ent" | |
| - "vault-enterprise:1.21.1-ent" | |
| - "vault:latest" | |
| terraform_version: | |
| - "latest" # always test against the latest stable, which might be a duplicate matrix member. | |
| - "1.12.2" | |
| - "1.11.4" | |
| #- "1.10.5" # tests do not seem to pass with this version set, skipping for now. | |
| services: | |
| vault: | |
| image: hashicorp/${{ matrix.image }} | |
| env: | |
| VAULT_DEV_ROOT_TOKEN_ID: root | |
| VAULT_LICENSE: ${{ secrets.VAULT_LICENSE }} | |
| VAULT_AUTH_CONFIG_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| VAULT_LOCAL_CONFIG: | | |
| {"plugin_directory": "/vault/plugins"} | |
| options: >- | |
| --health-cmd "VAULT_ADDR=http://127.0.0.1:8200 vault status" | |
| --health-interval 1s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| ports: | |
| - 8200:8200 | |
| volumes: | |
| - ${{ github.workspace }}:/vault/plugins | |
| mysql: | |
| image: docker.mirror.hashicorp.services/mysql:latest | |
| env: | |
| MYSQL_ROOT_PASSWORD: mysql | |
| ports: | |
| - 3306:3306 | |
| mssql: | |
| image: mcr.microsoft.com/mssql/server:2017-latest-ubuntu | |
| env: | |
| ACCEPT_EULA: Y | |
| SA_PASSWORD: ${{ secrets.MSSQL_SA_PASSWORD }} | |
| ports: | |
| - 1433:1433 | |
| mongo: | |
| image: mongo:latest | |
| env: | |
| MONGO_INITDB_ROOT_USERNAME: root | |
| MONGO_INITDB_ROOT_PASSWORD: mongodb | |
| MONGO_INITDB_DATABASE: admin | |
| ports: | |
| - 27017:27017 | |
| postgres: | |
| image: docker.mirror.hashicorp.services/postgres:latest | |
| env: | |
| POSTGRES_PASSWORD: secret | |
| POSTGRES_DB: database | |
| ports: | |
| - 5432:5432 | |
| couchbase: | |
| image: docker.io/couchbase/server-sandbox:7.1.1 | |
| ports: | |
| - 8091:8091 | |
| - 8092:8092 | |
| - 8093:8093 | |
| - 8094:8094 | |
| - 11207:11207 | |
| - 11210:11210 | |
| - 18091:18091 | |
| - 18092:18092 | |
| - 18093:18093 | |
| - 18094:18094 | |
| options: >- | |
| --health-cmd "curl -f http://Administrator:[email protected]:8091/sampleBuckets" | |
| --health-interval 1s | |
| --health-timeout 5s | |
| --health-retries 60 | |
| consul: | |
| image: docker.mirror.hashicorp.services/hashicorp/consul:latest | |
| env: | |
| CONSUL_LOCAL_CONFIG: "{\"acl\":{\"enabled\":true}}" | |
| ports: | |
| - 8500:8500 | |
| - 8600:8600 | |
| options: >- | |
| --health-cmd "curl -f 'http://127.0.0.1:8500/v1/health/node/server-1'" | |
| --health-interval 1s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| openldap: | |
| image: osixia/openldap:1.5.0 | |
| ports: | |
| - 10389:389 | |
| options: >- | |
| --health-cmd "sleep 10" | |
| --health-interval 1s | |
| --health-timeout 30s | |
| --health-retries 30 | |
| steps: | |
| - name: install ldap utils | |
| run: | |
| sudo apt-get install -y ldap-utils | |
| - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
| - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 | |
| with: | |
| go-version-file: '.go-version' | |
| cache: false | |
| # setup-terraform is used to install the Terraform CLI. If we don't do | |
| # this then the terraform-plugin-sdk will attempt to download it for each test! | |
| - uses: hashicorp/setup-terraform@v3 | |
| with: | |
| terraform_version: ${{ matrix.terraform_version }} | |
| terraform_wrapper: false | |
| - name: Check Terraform CLI version | |
| run: terraform --version | |
| - name: Download external plugin | |
| id: plugin | |
| env: | |
| PLUGIN: "vault-plugin-auth-jwt" | |
| VERSION: "0.17.0" | |
| run: | | |
| ZIP="${PLUGIN}_${VERSION}_linux_amd64.zip" | |
| SHA256SUMS="${PLUGIN}_${VERSION}_SHA256SUMS" | |
| curl -sO "https://releases.hashicorp.com/${PLUGIN}/${VERSION}/{${ZIP},${SHA256SUMS}}" | |
| shasum -a 256 -c "${PLUGIN}_${VERSION}_SHA256SUMS" --ignore-missing | |
| unzip "${ZIP}"; rm "${ZIP}" "${SHA256SUMS}" | |
| echo "command=${PLUGIN}" >> "${GITHUB_OUTPUT}" | |
| - name: Cache go build | |
| uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| ~/Library/Caches/go-build | |
| key: ${{ runner.os }}-golang-${{ hashFiles('**/go.sum') }} | |
| restore-keys: | | |
| ${{ runner.os }}-golang- | |
| - name: Acceptance Tests | |
| env: | |
| VAULT_TOKEN: "root" | |
| VAULT_ADDR: "http://localhost:8200" | |
| # RUNS_IN_CONTAINER is false if not using jobs.<job_id>.container | |
| RUNS_IN_CONTAINER: "false" | |
| MYSQL_URL: "root:mysql@tcp(mysql:3306)/" | |
| MYSQL_CONNECTION_URL: "{{username}}:{{password}}@tcp(mysql:3306)/" | |
| MYSQL_CONNECTION_USERNAME: "root" | |
| MYSQL_CONNECTION_PASSWORD: "mysql" | |
| MONGODB_URL: "mongodb://root:mongodb@mongo:27017/admin?ssl=false" | |
| MSSQL_URL: "sqlserver://sa:${{ secrets.MSSQL_SA_PASSWORD }}@mssql:1433" | |
| # POSTGRES_URL is the standard root conn URL for Vault | |
| POSTGRES_URL: "postgres://postgres:secret@postgres:5432/database?sslmode=disable" | |
| # POSTGRES_URL_TEST is used by the TFVP test to connect directly to | |
| # the postgres container so that it can create static users. | |
| # Note: the host is "localhost" because the TFVP tests do not run in | |
| # the same docker network. | |
| POSTGRES_URL_TEST: "postgres://postgres:secret@localhost:5432/database?sslmode=disable" | |
| # POSTGRES_URL_ROOTLESS is used by Vault to connect to the postgres | |
| # container for "rootless" static roles". | |
| POSTGRES_URL_ROOTLESS: "postgres://{{username}}:{{password}}@postgres:5432/database?sslmode=disable" | |
| COUCHBASE_HOST: couchbase | |
| COUCHBASE_USERNAME: Administrator | |
| COUCHBASE_PASSWORD: password | |
| CONSUL_HTTP_ADDR: "consul:8500" | |
| GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" | |
| LDAP_BINDDN: "cn=admin,dc=example,dc=org" | |
| LDAP_BINDPASS: "admin" | |
| # host and port of the openldap container, from the pov of the github runner | |
| LDAP_HOST_URL: "ldap://0.0.0.0:10389" | |
| # service URL of accessible from the Vault container | |
| LDAP_URL: "ldap://openldap:389" | |
| VAULT_PLUGIN_COMMAND: ${{ steps.plugin.outputs.command }} | |
| run: | | |
| if [[ ${{ matrix.image }} =~ "-ent" ]]; then | |
| target="testacc-ent" | |
| else | |
| target="testacc" | |
| fi | |
| if [ -n "${{ env.LDAP_HOST_URL }}" ]; then | |
| cat testdata/openldap/ldif/*.ldif | ldapadd -x -H ${{ env.LDAP_HOST_URL }} -D "${{ env.LDAP_BINDDN }}" -w "${{ env.LDAP_BINDPASS }}" | |
| fi | |
| make $target TESTARGS='-test.v' SKIP_MSSQL_MULTI_CI=true SKIP_RAFT_TESTS=true SKIP_VAULT_NEXT_TESTS=true TF_ACC_K8S_SKIP_IN_CLUSTER=true | |
| - name: "Generate Vault API Path Coverage Report" | |
| run: | | |
| go run cmd/coverage/main.go -openapi-doc=./testdata/openapi.json | |
| # | |
| # Uploads an Actions artifact named terraform-registry-manifest.json.zip. | |
| # | |
| # The artifact contains a single file with a filename that Terraform Registry expects | |
| # (example: terraform-provider-crt-example_2.3.6-alpha1_manifest.json). The file contents | |
| # are identical to the terraform-registry-manifest.json file in the source repository. | |
| upload-terraform-registry-manifest-artifact: | |
| needs: | |
| - set-product-version | |
| - build | |
| - acceptance | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: "Checkout directory" | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| path: ${{ env.PKG_NAME }} | |
| - name: "Copy manifest from checkout directory to a file with the desired name" | |
| id: terraform-registry-manifest | |
| run: | | |
| name="${{ env.PKG_NAME }}" | |
| version="${{ needs.set-product-version.outputs.product-version }}" | |
| source="${name}/terraform-registry-manifest.json" | |
| destination="${name}_${version}_manifest.json" | |
| cp "$source" "$destination" | |
| echo "filename=$destination" >> "$GITHUB_OUTPUT" | |
| - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 | |
| with: | |
| name: terraform-registry-manifest.json | |
| path: ${{ steps.terraform-registry-manifest.outputs.filename }} | |
| if-no-files-found: error | |
| # This job is used as a requirement for the repo's branch protection setup. | |
| build-done: | |
| runs-on: ubuntu-latest | |
| if: always() | |
| needs: | |
| - build | |
| - acceptance | |
| - upload-terraform-registry-manifest-artifact | |
| - generate-metadata-file | |
| steps: | |
| - name: cancelled | |
| if: ${{ (contains(needs.*.result, 'cancelled')) }} | |
| run: exit 2 | |
| - name: passed | |
| if: ${{ !(contains(needs.*.result, 'failure')) }} | |
| run: exit 0 | |
| - name: failed | |
| if: ${{ contains(needs.*.result, 'failure') }} | |
| run: exit 1 |