* Build version checker - multiple fixes
In several files, the command 'go run' has been updated to 'CC=gcc go run'. This ensures that gcc is used when compiling the Go code, to provide better cross platform support. Prior to this change, the Go compiler was making platform specific builds.
This was a significant issue with the 'kube operator' goal where the built binary could not operate across different platforms.
The change has been applied consistently throughout the codebase in 'Makefile', 'container_image_triggers.go', 'version.mk', 'os_repos.go', and 'build.assets/Makefile' files. Compliance with this new standard should be maintained going forward for any new compilation requests.
* Update .drone.yml
* Replace CC=gcc environment variable with CGO_ENABLED=0
The CC=gcc environment variable was replaced with CGO_ENABLED=0 as CGO is not needed.
* Update .drone.yml
* Deleted OPRT from this repo
* Migrated dronegen to call gha workflow
* Removed dead pipelines
* Removed unused function to appease linter
* Accounted for private repo promotions
* Updated to use package name filter
* Accounted for teleport-ent-updater publishing
* Added `--target-cloud` flag to OS package repo tool
* Updated OS package repo tool to use "version channel" instead of "artifact version"
* Added help flag examples
* Serialize apt/yum promote pipelines
These were running in parallel, but we want them to run serially.
Therefore, we add a dependency between each step and its previous step.
* Allow dev build promotes to proceed in deb/rpm pipelines
This helps test a couple more changes from this pipeline when cutting a
dev build. Particularly, we saw the download and role assumption steps
fail in https://github.com/gravitational/teleport/pull/17334, and this
change would have allowed us to catch that error during testing.
* Fix globbing bug
This bug does not appear to affect anything currently. However it
should be fixed in case the rm is important at some point in the future.
The bug is: when a wildcard is inside quotes, it is treated as a literal
filename. So rm -rf "$ARTIFACT_PATH/*" tries to remove the file named
'*' instead of trying to remove everything in artifact path.
* Swap YUM_REPO_NEW_ROLE to YUM_REPO_NEW_AWS_ROLE
All other roles environment variables end in AWS_ROLE, and consistency
is our friend here.
* Added multiarch build support for teleport oss, ent, and fips
* Exported image/imageTag types
* Resigned dronegen
* Removed remainder of testing changes
* Removed changes to submodules
* Reverted dockerfile-fips change
* FIxed docs wording
* Un-exported most constants
* Removed teleport.e makefile deb call
* Moved "sed | cut magic" to files
* Re-added `mkdir -pv /go/cache` to push.go
* Command deterministic order fix
* Added staging-only tag pipeline
* Moved PR to teleport operator to minimize potential issue impact
* Updated promote to pull and push without build
* Made cron triggers not affect canonical tags
* Added check for pre-existing tags on immutable CRs
* Added immutability check to manifests
* Updated staging ecr to only apply $TIMESTAMP tag on cron triggers
* Updated triggerinfo struct to use a triggerflag struct
* Fixed makefile after git mistake
* Makefile fix
* PR fixes
* Moved internal tools Go version to constant
* Separated container images gofile into multiple files
* Moved testing comment
* Added licenses
* Reorganized and added docs for container images
* Moved const to correct file
* Tag trigger logic test
* Testing specific fix
* Moved testing to v10.3.2
* Make semver dirs
* Refactored local registry name/socket
* Merged previous dockerfile changes
* Added TARGETOS TARGETARCH args
* Updatd tag to testing tag
* Promotion logic test
* Promotion fixes
* Testing specific fix
* Removed prerelease check for testing
* Added staging login commands to promote
* Fixed missing credentials on promotion pull
* Rerun tag test with new "full" semver
* Made staging builds only publish full semver
* Added semver logging command
* Empty commit to trigger Drone
* Promotion test
* Fixed preceeding v on promote pull
* Empty commit to trigger Drone
* Re-enabled verify not prerelease step on promote
* Cron trigger test
* Testing fix
* Testing fix 2
* Added sleep timer on docker buildx build
* Testing cleanup
* Refactor build-buildboxes to uses multiple profiles
This greatly reduces the number of steps in the pipeline, allowing drone-runner-kube to successfully schedule the pipeline.
Fixes https://github.com/gravitational/teleport/issues/17310
Furthermore, I also updated un-dronegen'ed pipelines to have same syntax as dronegen'd ones, which is nice for consistency.
Previously, "${ARTIFACT_PATH}" was interpreted as Drone variable
subsitution, resulting in "rm -rf ${ARTIFACT_PATH}/*" becoming
"rm -rf /*", which deleted credentials on the filesystem.
This PR updates our various Drone pipelines to use AWS roles for publishing.
Our AWS FTR requires that we do not use any long lived credentials in our AWS accounts and instead use roles. This means we need to move from attaching policies directly to users to attaching policies to roles and having policyless users assume those roles.
https://aws.amazon.com/partners/foundational-technical-review/
Contributes to https://github.com/gravitational/SecOps/issues/213
Without these changes, the promote step will always fail because of a
mismatch between where the repo is cloned and where it is referenced:
/go/src/.../teleport.git
vs
/go/src/.../teleport
(cherry picked from commit b209b98f0d)
Update metalinter, fix a few lint warnings and replace deprecated linters.
`deadcode`, `structcheck` and `varcheck` are abandoned and now replaced by [`unused`][1].
Since 1.19, `go fmt` reformats godocs according to https://go.dev/doc/comment. I've done a bulk-reformatting of the codebase to keep the linter happy. Backporting is mostly harmless (the exception being `lib/services/role_test.go`, that for some reason breaks the _old_ linter using the new format).
[1]: https://golangci-lint.run/usage/linters/
* Bump golangci-lint version
* Replace abandoned linters
* Fix bodyclose on lib/auth/github.com
* Fix bodyclose on lib/kube/proxy/streamproto/proto_test.go
* Fix bodyclose on lib/srv/alpnproxy/proxy_test.go
* Fix bodyclose on lib/web/conn_upgrade_test.go
* Silence staticcheck on lib/kube/proxy/forwarder_test.go
* Silence staticcheck on lib/utils/certs_test.go
* Address BuildNameToCertificate deprecation warnings
* Run `go fmt ./...`
* Run `go fmt ./...` on api/
* Ignore formatting in role_test.go
* Remove redundant initializers in lib/srv/uacc/
* Update e/