--- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/tests.go:84 ################################################ kind: pipeline type: kubernetes name: test environment: GID: "1000" RUNTIME: go1.16.2 UID: "1000" trigger: event: include: - pull_request repo: include: - gravitational/* workspace: path: /go clone: disable: true steps: - name: Check out code image: docker:git commands: - mkdir -p /tmpfs/go/src/github.com/gravitational/teleport /tmpfs/go/cache - cd /tmpfs/go/src/github.com/gravitational/teleport - git init && git remote add origin ${DRONE_REMOTE_URL} - | # handle pull requests if [ "${DRONE_BUILD_EVENT}" = "pull_request" ]; then git fetch origin +refs/heads/${DRONE_COMMIT_BRANCH}: git checkout ${DRONE_COMMIT_BRANCH} git fetch origin ${DRONE_COMMIT_REF}: git merge ${DRONE_COMMIT} # handle tags elif [ "${DRONE_BUILD_EVENT}" = "tag" ]; then git fetch origin +refs/tags/${DRONE_TAG}: git checkout -qf FETCH_HEAD # handle pushes/other events else if [ "${DRONE_COMMIT_BRANCH}" = "" ]; then git fetch origin git checkout -qf ${DRONE_COMMIT_SHA} else git fetch origin +refs/heads/${DRONE_COMMIT_BRANCH}: git checkout ${DRONE_COMMIT} -b ${DRONE_COMMIT_BRANCH} fi fi - git submodule update --init webassets || true - | if [ "${DRONE_BUILD_EVENT}" = "pull_request" ]; then apk add --no-cache curl jq export PR_REPO=$(curl -Ls https://api.github.com/repos/gravitational/${DRONE_REPO_NAME}/pulls/${DRONE_PULL_REQUEST} | jq -r '.head.repo.full_name') echo "---> Source repo for PR ${DRONE_PULL_REQUEST}: $${PR_REPO}" # if the source repo for the PR matches DRONE_REPO, then this is not a PR raised from a fork if [ "$${PR_REPO}" = "${DRONE_REPO}" ] || [ "${DRONE_REPO}" = "gravitational/teleport-private" ]; then mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts git submodule update --init e # do a recursive submodule checkout to get both webassets and webassets/e # this is allowed to fail because pre-4.3 Teleport versions don't use the webassets submodule git submodule update --init --recursive webassets || true rm -f /root/.ssh/id_rsa fi fi environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY volumes: - name: tmpfs path: /tmpfs - name: Wait for docker image: docker commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' volumes: - name: dockersock path: /var/run - name: Build buildbox image: docker commands: - apk add --no-cache make - chown -R $UID:$GID /tmpfs/go - docker pull quay.io/gravitational/teleport-buildbox:$RUNTIME || true - cd /tmpfs/go/src/github.com/gravitational/teleport - make -C build.assets buildbox volumes: - name: tmpfs path: /tmpfs - name: dockersock path: /var/run - name: Run linter image: docker commands: - apk add --no-cache make - chown -R $UID:$GID /tmpfs/go - cd /tmpfs/go/src/github.com/gravitational/teleport - make -C build.assets lint environment: GOCACHE: /tmpfs/go/cache GOPATH: /tmpfs/go volumes: - name: tmpfs path: /tmpfs - name: dockersock path: /var/run - name: Optionally skip tests image: docker:git commands: - | cd /tmpfs/go/src/github.com/gravitational/teleport echo -e "\n---> git diff --raw ${DRONE_COMMIT}..origin/${DRONE_COMMIT_BRANCH:-master}\n" git diff --raw ${DRONE_COMMIT}..origin/${DRONE_COMMIT_BRANCH:-master} git diff --raw ${DRONE_COMMIT}..origin/${DRONE_COMMIT_BRANCH:-master} | awk '{print $6}' | grep -Ev '^docs/' | grep -Ev '.mdx$' | grep -Ev '.md$' | grep -v ^$ | wc -l > /tmp/.change_count.txt export CHANGE_COUNT=$(cat /tmp/.change_count.txt | tr -d '\n') echo -e "\n---> Non-docs changes detected: $$CHANGE_COUNT" if [ $$CHANGE_COUNT -gt 0 ]; then echo "---> Teleport tests will run normally" else echo "---> Skipping Teleport tests and exiting early" exit 78 fi echo "" volumes: - name: tmpfs path: /tmpfs - name: Run unit and chaos tests image: docker commands: - apk add --no-cache make - chown -R $UID:$GID /tmpfs/go - cd /tmpfs/go/src/github.com/gravitational/teleport - make -C build.assets test environment: GOCACHE: /tmpfs/go/cache GOPATH: /tmpfs/go volumes: - name: tmpfs path: /tmpfs - name: dockersock path: /var/run - name: Run root-only integration tests image: docker commands: - apk add --no-cache make - cd /tmpfs/go/src/github.com/gravitational/teleport - make -C build.assets integration-root environment: GOCACHE: /tmpfs/go/cache GOPATH: /tmpfs/go volumes: - name: tmpfs path: /tmpfs - name: tmp-integration path: /tmp - name: dockersock path: /var/run - name: Run integration tests image: docker commands: - apk add --no-cache make - echo "$INTEGRATION_CI_KUBECONFIG" > "$KUBECONFIG" - chown -R $UID:$GID /tmpfs/go - cd /tmpfs/go/src/github.com/gravitational/teleport - make -C build.assets integration - rm -f "$KUBECONFIG" environment: GOCACHE: /tmpfs/go/cache GOPATH: /tmpfs/go INTEGRATION_CI_KUBECONFIG: from_secret: INTEGRATION_CI_KUBECONFIG KUBECONFIG: /tmpfs/go/kubeconfig.ci TEST_KUBE: "true" volumes: - name: tmpfs path: /tmpfs - name: tmp-integration path: /tmp - name: dockersock path: /var/run services: - name: Start Docker image: docker:dind privileged: true volumes: - name: tmpfs path: /tmpfs - name: dockertmpfs path: /var/lib/docker - name: tmp-integration path: /tmp - name: dockersock path: /var/run volumes: - name: tmpfs temp: medium: memory - name: tmp-integration temp: {} - name: dockertmpfs temp: {} - name: dockersock temp: {} --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/tests.go:226 ################################################ kind: pipeline type: kubernetes name: test-docs trigger: event: include: - pull_request repo: include: - gravitational/* workspace: path: /go clone: disable: true steps: - name: Check out code image: docker:git commands: - mkdir -p /tmpfs/go/src/github.com/gravitational/teleport /tmpfs/go/cache - cd /tmpfs/go/src/github.com/gravitational/teleport - git init && git remote add origin ${DRONE_REMOTE_URL} - | # handle pull requests if [ "${DRONE_BUILD_EVENT}" = "pull_request" ]; then git fetch origin +refs/heads/${DRONE_COMMIT_BRANCH}: git checkout ${DRONE_COMMIT_BRANCH} git fetch origin ${DRONE_COMMIT_REF}: git merge ${DRONE_COMMIT} # handle tags elif [ "${DRONE_BUILD_EVENT}" = "tag" ]; then git fetch origin +refs/tags/${DRONE_TAG}: git checkout -qf FETCH_HEAD # handle pushes/other events else if [ "${DRONE_COMMIT_BRANCH}" = "" ]; then git fetch origin git checkout -qf ${DRONE_COMMIT_SHA} else git fetch origin +refs/heads/${DRONE_COMMIT_BRANCH}: git checkout ${DRONE_COMMIT} -b ${DRONE_COMMIT_BRANCH} fi fi volumes: - name: tmpfs path: /tmpfs - name: Wait for docker image: docker commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' volumes: - name: dockersock path: /var/run - name: Run docs tests image: docker:git commands: - apk add --no-cache make - cd /tmpfs/go/src/github.com/gravitational/teleport - chown -R $UID:$GID /tmpfs/go - git diff --raw ${DRONE_COMMIT}..origin/${DRONE_COMMIT_BRANCH:-master} | awk '{print $6}' | grep -E '^docs' | { grep -v ^$ || true; } > /tmp/docs-changes.txt - | if [ $(cat /tmp/docs-changes.txt | wc -l) -gt 0 ]; then echo "---> Changes to docs detected" cat /tmp/docs-changes.txt echo "---> Checking for trailing whitespace" make docs-test-whitespace echo "---> Checking for dead links" make -C build.assets test-docs else echo "---> No changes to docs detected, not running tests" fi environment: GID: "1000" GOCACHE: /tmpfs/go/cache UID: "1000" volumes: - name: tmpfs path: /tmpfs - name: dockersock path: /var/run services: - name: Start Docker image: docker:dind privileged: true volumes: - name: tmpfs path: /tmpfs - name: dockertmpfs path: /var/lib/docker - name: dockersock path: /var/run volumes: - name: tmpfs temp: medium: memory - name: dockertmpfs temp: {} - name: dockersock temp: {} --- kind: pipeline type: kubernetes name: update-docs-webhook trigger: event: include: - push exclude: - pull_request branch: include: - master - branch/* repo: include: - gravitational/teleport clone: disable: true steps: - name: Trigger docs deployment image: plugins/webhook settings: urls: from_secret: DOCS_DEPLOY_HOOK --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/push.go:104 ################################################ kind: pipeline type: kubernetes name: push-build-linux-amd64 environment: GID: "1000" RUNTIME: go1.16.2 UID: "1000" trigger: event: include: - push exclude: - pull_request repo: include: - gravitational/* branch: include: - master - branch/* workspace: path: /go clone: disable: true steps: - name: Check out code image: docker:git commands: - mkdir -p /go/src/github.com/gravitational/teleport /go/cache - cd /go/src/github.com/gravitational/teleport - git init && git remote add origin ${DRONE_REMOTE_URL} - git fetch origin - git checkout -qf ${DRONE_COMMIT_SHA} - git submodule update --init webassets || true - mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa - ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts - git submodule update --init e - git submodule update --init --recursive webassets || true - rm -f /root/.ssh/id_rsa environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY - name: Wait for docker image: docker commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' volumes: - name: dockersock path: /var/run - name: Build artifacts image: docker commands: - apk add --no-cache make - chown -R $UID:$GID /go - cd /go/src/github.com/gravitational/teleport - make -C build.assets release-amd64 environment: ARCH: amd64 GID: "1000" GOCACHE: /go/cache GOPATH: /go OS: linux UID: "1000" volumes: - name: dockersock path: /var/run - name: Send Slack notification image: plugins/slack settings: webhook: from_secret: SLACK_WEBHOOK_DEV_TELEPORT template: - | *{{#success build.status}}✔{{ else }}✘{{/success}} {{ uppercasefirst build.status }}: Build #{{ build.number }}* (type: `{{ build.event }}`) `${DRONE_STAGE_NAME}` artifact build failed. *Warning:* This is a genuine failure to build the Teleport binary from `{{ build.branch }}` (likely due to a bad merge or commit) and should be investigated immediately. Commit: Branch: Author: <{{ build.link }}|Visit Drone build page ↗> when: status: - failure services: - name: Start Docker image: docker:dind privileged: true volumes: - name: dockersock path: /var/run volumes: - name: dockersock temp: {} --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/push.go:104 ################################################ kind: pipeline type: kubernetes name: push-build-linux-386 environment: GID: "1000" RUNTIME: go1.16.2 UID: "1000" trigger: event: include: - push exclude: - pull_request repo: include: - gravitational/* branch: include: - master - branch/* workspace: path: /go clone: disable: true steps: - name: Check out code image: docker:git commands: - mkdir -p /go/src/github.com/gravitational/teleport /go/cache - cd /go/src/github.com/gravitational/teleport - git init && git remote add origin ${DRONE_REMOTE_URL} - git fetch origin - git checkout -qf ${DRONE_COMMIT_SHA} - git submodule update --init webassets || true - mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa - ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts - git submodule update --init e - git submodule update --init --recursive webassets || true - rm -f /root/.ssh/id_rsa environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY - name: Wait for docker image: docker commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' volumes: - name: dockersock path: /var/run - name: Build artifacts image: docker commands: - apk add --no-cache make - chown -R $UID:$GID /go - cd /go/src/github.com/gravitational/teleport - make -C build.assets release-386 environment: ARCH: "386" GID: "1000" GOCACHE: /go/cache GOPATH: /go OS: linux UID: "1000" volumes: - name: dockersock path: /var/run - name: Send Slack notification image: plugins/slack settings: webhook: from_secret: SLACK_WEBHOOK_DEV_TELEPORT template: - | *{{#success build.status}}✔{{ else }}✘{{/success}} {{ uppercasefirst build.status }}: Build #{{ build.number }}* (type: `{{ build.event }}`) `${DRONE_STAGE_NAME}` artifact build failed. *Warning:* This is a genuine failure to build the Teleport binary from `{{ build.branch }}` (likely due to a bad merge or commit) and should be investigated immediately. Commit: Branch: Author: <{{ build.link }}|Visit Drone build page ↗> when: status: - failure services: - name: Start Docker image: docker:dind privileged: true volumes: - name: dockersock path: /var/run volumes: - name: dockersock temp: {} --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/push.go:104 ################################################ kind: pipeline type: kubernetes name: push-build-linux-amd64-fips environment: GID: "1000" RUNTIME: go1.16.2 UID: "1000" trigger: event: include: - push exclude: - pull_request repo: include: - gravitational/* branch: include: - master - branch/* workspace: path: /go clone: disable: true steps: - name: Check out code image: docker:git commands: - mkdir -p /go/src/github.com/gravitational/teleport /go/cache - cd /go/src/github.com/gravitational/teleport - git init && git remote add origin ${DRONE_REMOTE_URL} - git fetch origin - git checkout -qf ${DRONE_COMMIT_SHA} - git submodule update --init webassets || true - mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa - ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts - git submodule update --init e - git submodule update --init --recursive webassets || true - rm -f /root/.ssh/id_rsa - if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY - name: Wait for docker image: docker commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' volumes: - name: dockersock path: /var/run - name: Build artifacts image: docker commands: - apk add --no-cache make - chown -R $UID:$GID /go - cd /go/src/github.com/gravitational/teleport - export VERSION=$(cat /go/.version.txt) - make -C build.assets release-amd64-fips environment: ARCH: amd64 FIPS: "yes" GID: "1000" GOCACHE: /go/cache GOPATH: /go OS: linux UID: "1000" volumes: - name: dockersock path: /var/run - name: Send Slack notification image: plugins/slack settings: webhook: from_secret: SLACK_WEBHOOK_DEV_TELEPORT template: - | *{{#success build.status}}✔{{ else }}✘{{/success}} {{ uppercasefirst build.status }}: Build #{{ build.number }}* (type: `{{ build.event }}`) `${DRONE_STAGE_NAME}` artifact build failed. *Warning:* This is a genuine failure to build the Teleport binary from `{{ build.branch }}` (likely due to a bad merge or commit) and should be investigated immediately. Commit: Branch: Author: <{{ build.link }}|Visit Drone build page ↗> when: status: - failure services: - name: Start Docker image: docker:dind privileged: true volumes: - name: dockersock path: /var/run volumes: - name: dockersock temp: {} --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/push.go:104 ################################################ kind: pipeline type: kubernetes name: push-build-windows-amd64 environment: GID: "1000" RUNTIME: go1.16.2 UID: "1000" trigger: event: include: - push exclude: - pull_request repo: include: - gravitational/* branch: include: - master - branch/* workspace: path: /go clone: disable: true steps: - name: Check out code image: docker:git commands: - mkdir -p /go/src/github.com/gravitational/teleport /go/cache - cd /go/src/github.com/gravitational/teleport - git init && git remote add origin ${DRONE_REMOTE_URL} - git fetch origin - git checkout -qf ${DRONE_COMMIT_SHA} - git submodule update --init webassets || true - mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa - ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts - git submodule update --init e - git submodule update --init --recursive webassets || true - rm -f /root/.ssh/id_rsa environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY - name: Wait for docker image: docker commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' volumes: - name: dockersock path: /var/run - name: Build artifacts image: docker commands: - apk add --no-cache make - chown -R $UID:$GID /go - cd /go/src/github.com/gravitational/teleport - make -C build.assets release-windows-unsigned environment: ARCH: amd64 GID: "1000" GOCACHE: /go/cache GOPATH: /go OS: windows UID: "1000" volumes: - name: dockersock path: /var/run - name: Send Slack notification image: plugins/slack settings: webhook: from_secret: SLACK_WEBHOOK_DEV_TELEPORT template: - | *{{#success build.status}}✔{{ else }}✘{{/success}} {{ uppercasefirst build.status }}: Build #{{ build.number }}* (type: `{{ build.event }}`) `${DRONE_STAGE_NAME}` artifact build failed. *Warning:* This is a genuine failure to build the Teleport binary from `{{ build.branch }}` (likely due to a bad merge or commit) and should be investigated immediately. Commit: Branch: Author: <{{ build.link }}|Visit Drone build page ↗> when: status: - failure services: - name: Start Docker image: docker:dind privileged: true volumes: - name: dockersock path: /var/run volumes: - name: dockersock temp: {} --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/mac.go:32 ################################################ kind: pipeline type: exec name: push-build-darwin-amd64 trigger: event: include: - push exclude: - pull_request repo: include: - gravitational/* branch: include: - master - branch/* workspace: path: /tmp/push-build-darwin-amd64 platform: os: darwin arch: amd64 clone: disable: true concurrency: limit: 1 steps: - name: Set up exec runner storage commands: - set -u - mkdir -p $WORKSPACE_DIR - chmod -R u+rw $WORKSPACE_DIR - rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh environment: WORKSPACE_DIR: /tmp/push-build-darwin-amd64 - name: Check out code commands: - set -u - mkdir -p $WORKSPACE_DIR/go/src/github.com/gravitational/teleport - cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . - git checkout ${DRONE_TAG:-$DRONE_COMMIT} - mkdir -m 0700 $WORKSPACE_DIR/.ssh && echo "$GITHUB_PRIVATE_KEY" > $WORKSPACE_DIR/.ssh/id_rsa && chmod 600 $WORKSPACE_DIR/.ssh/id_rsa - ssh-keyscan -H github.com > $WORKSPACE_DIR/.ssh/known_hosts 2>/dev/null - chmod 600 $WORKSPACE_DIR/.ssh/known_hosts - GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts -F /dev/null' git submodule update --init e - GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts -F /dev/null' git submodule update --init --recursive webassets || true - rm -rf $WORKSPACE_DIR/.ssh - mkdir -p $WORKSPACE_DIR/go/cache environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY WORKSPACE_DIR: /tmp/push-build-darwin-amd64 - name: Build Mac artifacts commands: - set -u - cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport - make clean release OS=$OS ARCH=$ARCH environment: ARCH: amd64 GOCACHE: /tmp/push-build-darwin-amd64/go/cache GOPATH: /tmp/push-build-darwin-amd64/go OS: darwin WORKSPACE_DIR: /tmp/push-build-darwin-amd64 - name: Clean up exec runner storage (post) commands: - set -u - chmod -R u+rw $WORKSPACE_DIR - rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh environment: WORKSPACE_DIR: /tmp/push-build-darwin-amd64 - name: Send Slack notification (exec) commands: - |2 export DRONE_BUILD_LINK="${DRONE_SYSTEM_PROTO}://${DRONE_SYSTEM_HOSTNAME}/${DRONE_REPO_OWNER}/${DRONE_REPO_NAME}/${DRONE_BUILD_NUMBER}" export GOOS=$(go env GOOS) export GOARCH=$(go env GOARCH) - |2- curl -sL -X POST -H 'Content-type: application/json' --data "{\"text\":\"Warning: \`${GOOS}-${GOARCH}\` artifact build failed for [\`${DRONE_REPO_NAME}\`] - please investigate immediately!\nBranch: \`${DRONE_BRANCH}\`\nCommit: \`${DRONE_COMMIT_SHA}\`\nLink: $DRONE_BUILD_LINK\"}" $SLACK_WEBHOOK_DEV_TELEPORT environment: SLACK_WEBHOOK_DEV_TELEPORT: from_secret: SLACK_WEBHOOK_DEV_TELEPORT when: status: - failure --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/push.go:104 ################################################ kind: pipeline type: kubernetes name: push-build-linux-arm environment: GID: "1000" RUNTIME: go1.16.2 UID: "1000" trigger: event: include: - push exclude: - pull_request repo: include: - gravitational/* branch: include: - master - branch/* workspace: path: /go clone: disable: true steps: - name: Check out code image: docker:git commands: - mkdir -p /go/src/github.com/gravitational/teleport /go/cache - cd /go/src/github.com/gravitational/teleport - git init && git remote add origin ${DRONE_REMOTE_URL} - git fetch origin - git checkout -qf ${DRONE_COMMIT_SHA} - git submodule update --init webassets || true - mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa - ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts - git submodule update --init e - git submodule update --init --recursive webassets || true - rm -f /root/.ssh/id_rsa environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY - name: Wait for docker image: docker commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' volumes: - name: dockersock path: /var/run - name: Build artifacts image: docker commands: - apk add --no-cache make - chown -R $UID:$GID /go - cd /go/src/github.com/gravitational/teleport - make -C build.assets release-arm environment: ARCH: arm GID: "1000" GOCACHE: /go/cache GOPATH: /go OS: linux UID: "1000" volumes: - name: dockersock path: /var/run - name: Send Slack notification image: plugins/slack settings: webhook: from_secret: SLACK_WEBHOOK_DEV_TELEPORT template: - | *{{#success build.status}}✔{{ else }}✘{{/success}} {{ uppercasefirst build.status }}: Build #{{ build.number }}* (type: `{{ build.event }}`) `${DRONE_STAGE_NAME}` artifact build failed. *Warning:* This is a genuine failure to build the Teleport binary from `{{ build.branch }}` (likely due to a bad merge or commit) and should be investigated immediately. Commit: Branch: Author: <{{ build.link }}|Visit Drone build page ↗> when: status: - failure services: - name: Start Docker image: docker:dind privileged: true volumes: - name: dockersock path: /var/run volumes: - name: dockersock temp: {} --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/push.go:104 ################################################ kind: pipeline type: kubernetes name: push-build-linux-arm64 environment: GID: "1000" RUNTIME: go1.16.2 UID: "1000" trigger: event: include: - push exclude: - pull_request repo: include: - gravitational/* branch: include: - master - branch/* workspace: path: /go clone: disable: true steps: - name: Check out code image: docker:git commands: - mkdir -p /go/src/github.com/gravitational/teleport /go/cache - cd /go/src/github.com/gravitational/teleport - git init && git remote add origin ${DRONE_REMOTE_URL} - git fetch origin - git checkout -qf ${DRONE_COMMIT_SHA} - git submodule update --init webassets || true - mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa - ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts - git submodule update --init e - git submodule update --init --recursive webassets || true - rm -f /root/.ssh/id_rsa environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY - name: Wait for docker image: docker commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' volumes: - name: dockersock path: /var/run - name: Build artifacts image: docker commands: - apk add --no-cache make - chown -R $UID:$GID /go - cd /go/src/github.com/gravitational/teleport - make -C build.assets release-arm64 environment: ARCH: arm64 GID: "1000" GOCACHE: /go/cache GOPATH: /go OS: linux UID: "1000" volumes: - name: dockersock path: /var/run - name: Send Slack notification image: plugins/slack settings: webhook: from_secret: SLACK_WEBHOOK_DEV_TELEPORT template: - | *{{#success build.status}}✔{{ else }}✘{{/success}} {{ uppercasefirst build.status }}: Build #{{ build.number }}* (type: `{{ build.event }}`) `${DRONE_STAGE_NAME}` artifact build failed. *Warning:* This is a genuine failure to build the Teleport binary from `{{ build.branch }}` (likely due to a bad merge or commit) and should be investigated immediately. Commit: Branch: Author: <{{ build.link }}|Visit Drone build page ↗> when: status: - failure services: - name: Start Docker image: docker:dind privileged: true volumes: - name: dockersock path: /var/run volumes: - name: dockersock temp: {} --- kind: pipeline type: kubernetes name: teleport-docker-cron trigger: cron: - teleport-docker-cron repo: include: - gravitational/teleport workspace: path: /go clone: disable: true steps: - name: Set up variables and Dockerfile image: docker:git environment: # increment these variables when a new major/minor version is released to bump the automatic builds # this only needs to be done on the master branch, as that's the branch that the Drone cron is configured for # build major version images which are just teleport:x CURRENT_VERSION_ROOT: v7 PREVIOUS_VERSION_ONE_ROOT: v6 PREVIOUS_VERSION_TWO_ROOT: v5 commands: - apk --update --no-cache add curl - mkdir -p /go/build && cd /go/build # CURRENT_VERSION (7) - echo $(git ls-remote --tags https://github.com/gravitational/teleport | cut -d'/' -f3 | grep $CURRENT_VERSION_ROOT | grep -Ev '(alpha|beta|dev|rc)' | sort -rV | head -n1) > /go/build/CURRENT_VERSION_TAG.txt - echo "$(cat /go/build/CURRENT_VERSION_TAG.txt | cut -d. -f1 | tr -d '^v')" > /go/build/CURRENT_VERSION_TAG_GENERIC.txt # PREVIOUS_VERSION_ONE (6) - echo $(git ls-remote --tags https://github.com/gravitational/teleport | cut -d'/' -f3 | grep $PREVIOUS_VERSION_ONE_ROOT | grep -Ev '(alpha|beta|dev|rc)' | sort -rV | head -n1) > /go/build/PREVIOUS_VERSION_ONE_TAG.txt - echo "$(cat /go/build/PREVIOUS_VERSION_ONE_TAG.txt | cut -d. -f1 | tr -d '^v')" > /go/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt # PREVIOUS_VERSION_TWO (5) - echo $(git ls-remote --tags https://github.com/gravitational/teleport | cut -d'/' -f3 | grep $PREVIOUS_VERSION_TWO_ROOT | grep -Ev '(alpha|beta|dev|rc)' | sort -rV | head -n1) > /go/build/PREVIOUS_VERSION_TWO_TAG.txt - echo "$(cat /go/build/PREVIOUS_VERSION_TWO_TAG.txt | cut -d. -f1 | tr -d '^v')" > /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt # list versions - for FILE in /go/build/*.txt; do echo $FILE; cat $FILE; done # get Dockerfiles - curl -Ls -o /go/build/Dockerfile-cron https://raw.githubusercontent.com/gravitational/teleport/${DRONE_SOURCE_BRANCH:-master}/build.assets/Dockerfile-cron # wait for Docker to be ready - sleep 3 - name: Build and push Teleport containers (CURRENT_VERSION) image: docker environment: OS: linux ARCH: amd64 settings: username: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME password: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD volumes: - name: dockersock path: /var/run commands: - export VERSION_TAG=$(cat /go/build/CURRENT_VERSION_TAG.txt) - export OSS_IMAGE_NAME="quay.io/gravitational/teleport:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)" - export ENT_IMAGE_NAME="quay.io/gravitational/teleport-ent:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)" - export ENT_FIPS_IMAGE_NAME="quay.io/gravitational/teleport-ent:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)-fips" - docker login -u="$PLUGIN_USERNAME" -p="$PLUGIN_PASSWORD" quay.io # OSS - docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $OSS_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build - docker push $OSS_IMAGE_NAME # Enterprise - docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build - docker push $ENT_IMAGE_NAME # Enterprise FIPS - docker build --target teleport-fips --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg EXTRA_DOWNLOAD_ARGS="-fips" --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_FIPS_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build - docker push $ENT_FIPS_IMAGE_NAME - name: Build and push Teleport containers (PREVIOUS_VERSION_ONE) image: docker environment: OS: linux ARCH: amd64 settings: username: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME password: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD volumes: - name: dockersock path: /var/run commands: - export VERSION_TAG=$(cat /go/build/PREVIOUS_VERSION_ONE_TAG.txt) - export OSS_IMAGE_NAME="quay.io/gravitational/teleport:$(cat /go/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt)" - export ENT_IMAGE_NAME="quay.io/gravitational/teleport-ent:$(cat /go/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt)" - export ENT_FIPS_IMAGE_NAME="quay.io/gravitational/teleport-ent:$(cat /go/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt)-fips" - docker login -u="$PLUGIN_USERNAME" -p="$PLUGIN_PASSWORD" quay.io # OSS - docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $OSS_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build - docker push $OSS_IMAGE_NAME # Enterprise - docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build - docker push $ENT_IMAGE_NAME # Enterprise FIPS - docker build --target teleport-fips --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg EXTRA_DOWNLOAD_ARGS="-fips" --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_FIPS_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build - docker push $ENT_FIPS_IMAGE_NAME - name: Build and push Teleport containers (PREVIOUS_VERSION_TWO) image: docker environment: OS: linux ARCH: amd64 settings: username: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME password: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD volumes: - name: dockersock path: /var/run commands: - export VERSION_TAG=$(cat /go/build/PREVIOUS_VERSION_TWO_TAG.txt) - export OSS_IMAGE_NAME="quay.io/gravitational/teleport:$(cat /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt)" - export ENT_IMAGE_NAME="quay.io/gravitational/teleport-ent:$(cat /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt)" - export ENT_FIPS_IMAGE_NAME="quay.io/gravitational/teleport-ent:$(cat /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt)-fips" - docker login -u="$PLUGIN_USERNAME" -p="$PLUGIN_PASSWORD" quay.io # OSS - docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $OSS_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build - docker push $OSS_IMAGE_NAME # Enterprise - docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build - docker push $ENT_IMAGE_NAME # Enterprise FIPS - docker build --target teleport-fips --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg EXTRA_DOWNLOAD_ARGS="-fips" --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_FIPS_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build - docker push $ENT_FIPS_IMAGE_NAME - name: Build/push Teleport Lab Docker image image: docker:git environment: OS: linux ARCH: amd64 settings: username: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME password: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD volumes: - name: dockersock path: /var/run commands: - export TELEPORT_TAG=$(cat /go/build/CURRENT_VERSION_TAG.txt | tr -d '^v') - export TELEPORT_LAB_IMAGE_NAME="quay.io/gravitational/teleport-lab:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)" # Check out code - mkdir -p /go/src/github.com/gravitational/teleport - cd /go/src/github.com/gravitational/teleport - git init && git remote add origin ${DRONE_REMOTE_URL} - git fetch origin - git checkout -qf ${DRONE_COMMIT_SHA} # Build and push Teleport lab image - docker login -u="$PLUGIN_USERNAME" -p="$PLUGIN_PASSWORD" quay.io - docker build --build-arg TELEPORT_TAG=$TELEPORT_TAG -t $TELEPORT_LAB_IMAGE_NAME /go/src/github.com/gravitational/teleport/docker/sshd - docker push $TELEPORT_LAB_IMAGE_NAME services: - name: Start Docker image: docker:dind privileged: true volumes: - name: dockersock path: /var/run volumes: - name: dockersock temp: {} --- kind: pipeline type: kubernetes name: teleport-helm-cron trigger: cron: - teleport-helm-cron repo: include: - gravitational/teleport workspace: path: /go clone: disable: true steps: - name: Check out code image: alpine/git commands: - mkdir -p /go/src/github.com/gravitational/teleport - cd /go/src/github.com/gravitational/teleport - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . - git checkout ${DRONE_COMMIT} - mkdir -p /go/chart - cd /go/chart - name: Download chart repo contents image: amazon/aws-cli environment: AWS_S3_BUCKET: from_secret: PRODUCTION_CHARTS_AWS_S3_BUCKET AWS_ACCESS_KEY_ID: from_secret: PRODUCTION_CHARTS_AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY: from_secret: PRODUCTION_CHARTS_AWS_SECRET_ACCESS_KEY commands: - mkdir -p /go/chart # download all previously packaged chart versions from the S3 bucket - aws s3 sync s3://$AWS_S3_BUCKET/ /go/chart - name: Package helm charts image: alpine/helm:latest commands: - cd /go/chart - helm package /go/src/github.com/gravitational/teleport/examples/chart/teleport-cluster - helm package /go/src/github.com/gravitational/teleport/examples/chart/teleport-kube-agent # copy index.html to root of the S3 bucket - cp /go/src/github.com/gravitational/teleport/examples/chart/index.html /go/chart # this will index all previous versions of the charts downloaded from the S3 bucket, # plus the just-packaged charts listed above - helm repo index /go/chart - name: Upload to S3 image: plugins/s3 settings: bucket: from_secret: PRODUCTION_CHARTS_AWS_S3_BUCKET access_key: from_secret: PRODUCTION_CHARTS_AWS_ACCESS_KEY_ID secret_key: from_secret: PRODUCTION_CHARTS_AWS_SECRET_ACCESS_KEY region: us-east-2 acl: public-read source: /go/chart/* target: / strip_prefix: /go/chart - name: Send Slack notification image: plugins/slack settings: webhook: from_secret: SLACK_WEBHOOK_DEV_TELEPORT template: | *{{#success build.status}}✔{{ else }}✘{{/success}} {{ uppercasefirst build.status }}: Build #{{ build.number }}* (type: `{{ build.event }}`) Details: The `teleport-helm-cron` job in Drone failed to publish Helm charts to S3. This is unusual and should be investigated. Commit: Branch: Author: <{{ build.link }}|Visit Drone build page ↗> when: status: [failure] --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/tag.go:221 ################################################ kind: pipeline type: kubernetes name: build-linux-amd64 environment: RUNTIME: go1.16.2 trigger: event: include: - tag ref: include: - refs/tags/v* repo: include: - gravitational/* workspace: path: /go clone: disable: true steps: - name: Check out code image: docker:git commands: - mkdir -p /go/src/github.com/gravitational/teleport - cd /go/src/github.com/gravitational/teleport - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . - git checkout ${DRONE_TAG:-$DRONE_COMMIT} - mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa - ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts - git submodule update --init e - git submodule update --init --recursive webassets || true - rm -f /root/.ssh/id_rsa - mkdir -p /go/cache /go/artifacts - if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY - name: Wait for docker image: docker commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' volumes: - name: dockersock path: /var/run - name: Build artifacts image: docker commands: - apk add --no-cache make - chown -R $UID:$GID /go - cd /go/src/github.com/gravitational/teleport - make -C build.assets release-amd64 environment: ARCH: amd64 GID: "1000" GOCACHE: /go/cache GOPATH: /go OS: linux UID: "1000" volumes: - name: dockersock path: /var/run - name: Copy artifacts image: docker commands: - cd /go/src/github.com/gravitational/teleport - find . -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts \; - find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts \; - cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256; done && ls -l - name: Upload to S3 image: plugins/s3 settings: access_key: from_secret: AWS_ACCESS_KEY_ID bucket: from_secret: AWS_S3_BUCKET region: us-west-2 secret_key: from_secret: AWS_SECRET_ACCESS_KEY source: /go/artifacts/* strip_prefix: /go/artifacts/ target: teleport/tag/${DRONE_TAG##v} services: - name: Start Docker image: docker:dind privileged: true volumes: - name: dockersock path: /var/run volumes: - name: dockersock temp: {} --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/tag.go:221 ################################################ kind: pipeline type: kubernetes name: build-linux-amd64-fips environment: RUNTIME: go1.16.2 trigger: event: include: - tag ref: include: - refs/tags/v* repo: include: - gravitational/* workspace: path: /go clone: disable: true steps: - name: Check out code image: docker:git commands: - mkdir -p /go/src/github.com/gravitational/teleport - cd /go/src/github.com/gravitational/teleport - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . - git checkout ${DRONE_TAG:-$DRONE_COMMIT} - mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa - ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts - git submodule update --init e - git submodule update --init --recursive webassets || true - rm -f /root/.ssh/id_rsa - mkdir -p /go/cache /go/artifacts - if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY - name: Wait for docker image: docker commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' volumes: - name: dockersock path: /var/run - name: Build artifacts image: docker commands: - apk add --no-cache make - chown -R $UID:$GID /go - cd /go/src/github.com/gravitational/teleport - export VERSION=$(cat /go/.version.txt) - make -C build.assets release-amd64-fips environment: ARCH: amd64 FIPS: "yes" GID: "1000" GOCACHE: /go/cache GOPATH: /go OS: linux UID: "1000" volumes: - name: dockersock path: /var/run - name: Copy artifacts image: docker commands: - cd /go/src/github.com/gravitational/teleport - find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts \; - cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256; done && ls -l - name: Upload to S3 image: plugins/s3 settings: access_key: from_secret: AWS_ACCESS_KEY_ID bucket: from_secret: AWS_S3_BUCKET region: us-west-2 secret_key: from_secret: AWS_SECRET_ACCESS_KEY source: /go/artifacts/* strip_prefix: /go/artifacts/ target: teleport/tag/${DRONE_TAG##v} services: - name: Start Docker image: docker:dind privileged: true volumes: - name: dockersock path: /var/run volumes: - name: dockersock temp: {} --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/tag.go:221 ################################################ kind: pipeline type: kubernetes name: build-linux-amd64-centos6 environment: RUNTIME: go1.16.2 trigger: event: include: - tag ref: include: - refs/tags/v* repo: include: - gravitational/* workspace: path: /go clone: disable: true steps: - name: Check out code image: docker:git commands: - mkdir -p /go/src/github.com/gravitational/teleport - cd /go/src/github.com/gravitational/teleport - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . - git checkout ${DRONE_TAG:-$DRONE_COMMIT} - mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa - ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts - git submodule update --init e - git submodule update --init --recursive webassets || true - rm -f /root/.ssh/id_rsa - mkdir -p /go/cache /go/artifacts - if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY - name: Wait for docker image: docker commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' volumes: - name: dockersock path: /var/run - name: Build artifacts image: docker commands: - apk add --no-cache make - chown -R $UID:$GID /go - cd /go/src/github.com/gravitational/teleport - make -C build.assets release-amd64-centos6 environment: ARCH: amd64 GID: "1000" GOCACHE: /go/cache GOPATH: /go OS: linux UID: "1000" volumes: - name: dockersock path: /var/run - name: Copy artifacts image: docker commands: - cd /go/src/github.com/gravitational/teleport - find . -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts \; - find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts \; - export VERSION=$(cat /go/.version.txt) - mv /go/artifacts/teleport-v$${VERSION}-linux-amd64-bin.tar.gz /go/artifacts/teleport-v$${VERSION}-linux-amd64-centos6-bin.tar.gz - mv /go/artifacts/teleport-ent-v$${VERSION}-linux-amd64-bin.tar.gz /go/artifacts/teleport-ent-v$${VERSION}-linux-amd64-centos6-bin.tar.gz - cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256; done && ls -l - name: Upload to S3 image: plugins/s3 settings: access_key: from_secret: AWS_ACCESS_KEY_ID bucket: from_secret: AWS_S3_BUCKET region: us-west-2 secret_key: from_secret: AWS_SECRET_ACCESS_KEY source: /go/artifacts/* strip_prefix: /go/artifacts/ target: teleport/tag/${DRONE_TAG##v} services: - name: Start Docker image: docker:dind privileged: true volumes: - name: dockersock path: /var/run volumes: - name: dockersock temp: {} --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/tag.go:363 ################################################ kind: pipeline type: kubernetes name: build-linux-amd64-rpm trigger: event: include: - tag ref: include: - refs/tags/v* repo: include: - gravitational/* workspace: path: /go clone: disable: true depends_on: - build-linux-amd64 steps: - name: Check out code image: docker:git commands: - mkdir -p /go/src/github.com/gravitational/teleport - cd /go/src/github.com/gravitational/teleport - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . - git checkout ${DRONE_TAG:-$DRONE_COMMIT} - mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa - ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts - git submodule update --init e - git submodule update --init --recursive webassets || true - rm -f /root/.ssh/id_rsa - mkdir -p /go/cache /go/artifacts - if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY - name: Wait for docker image: docker commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' volumes: - name: dockersock path: /var/run - name: Download artifacts from S3 image: amazon/aws-cli commands: - export VERSION=$(cat /go/.version.txt) - if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else export S3_PATH="tag/"; fi - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-amd64-bin.tar.gz /go/artifacts/ - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-bin.tar.gz /go/artifacts/ environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY - name: Build artifacts image: docker commands: - apk add --no-cache bash curl gzip make tar - cd /go/src/github.com/gravitational/teleport - export VERSION=$(cat /go/.version.txt) - mkdir -m0700 $GNUPG_DIR - echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPG_DIR - chown -R root:root $GNUPG_DIR - make rpm - rm -rf $GNUPG_DIR environment: ARCH: amd64 ENT_TARBALL_PATH: /go/artifacts GNUPG_DIR: /tmpfs/gnupg GPG_RPM_SIGNING_ARCHIVE: from_secret: GPG_RPM_SIGNING_ARCHIVE OSS_TARBALL_PATH: /go/artifacts TMPDIR: /go volumes: - name: tmpfs path: /tmpfs - name: dockersock path: /var/run - name: Copy artifacts image: docker commands: - cd /go/src/github.com/gravitational/teleport - find build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts \; - find e/build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts \; - name: Upload to S3 image: plugins/s3 settings: access_key: from_secret: AWS_ACCESS_KEY_ID bucket: from_secret: AWS_S3_BUCKET region: us-west-2 secret_key: from_secret: AWS_SECRET_ACCESS_KEY source: /go/artifacts/* strip_prefix: /go/artifacts/ target: teleport/tag/${DRONE_TAG##v} services: - name: Start Docker image: docker:dind privileged: true volumes: - name: tmpfs path: /tmpfs - name: dockersock path: /var/run volumes: - name: tmpfs temp: medium: memory - name: dockersock temp: {} --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/tag.go:363 ################################################ kind: pipeline type: kubernetes name: build-linux-amd64-fips-rpm trigger: event: include: - tag ref: include: - refs/tags/v* repo: include: - gravitational/* workspace: path: /go clone: disable: true depends_on: - build-linux-amd64-fips steps: - name: Check out code image: docker:git commands: - mkdir -p /go/src/github.com/gravitational/teleport - cd /go/src/github.com/gravitational/teleport - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . - git checkout ${DRONE_TAG:-$DRONE_COMMIT} - mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa - ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts - git submodule update --init e - git submodule update --init --recursive webassets || true - rm -f /root/.ssh/id_rsa - mkdir -p /go/cache /go/artifacts - if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY - name: Wait for docker image: docker commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' volumes: - name: dockersock path: /var/run - name: Download artifacts from S3 image: amazon/aws-cli commands: - export VERSION=$(cat /go/.version.txt) - if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else export S3_PATH="tag/"; fi - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-fips-bin.tar.gz /go/artifacts/ environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY - name: Build artifacts image: docker commands: - apk add --no-cache bash curl gzip make tar - cd /go/src/github.com/gravitational/teleport - export VERSION=$(cat /go/.version.txt) - mkdir -m0700 $GNUPG_DIR - echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPG_DIR - chown -R root:root $GNUPG_DIR - make -C e rpm - rm -rf $GNUPG_DIR environment: ARCH: amd64 ENT_TARBALL_PATH: /go/artifacts FIPS: "yes" GNUPG_DIR: /tmpfs/gnupg GPG_RPM_SIGNING_ARCHIVE: from_secret: GPG_RPM_SIGNING_ARCHIVE RUNTIME: fips TMPDIR: /go volumes: - name: tmpfs path: /tmpfs - name: dockersock path: /var/run - name: Copy artifacts image: docker commands: - cd /go/src/github.com/gravitational/teleport - find e/build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts \; - name: Upload to S3 image: plugins/s3 settings: access_key: from_secret: AWS_ACCESS_KEY_ID bucket: from_secret: AWS_S3_BUCKET region: us-west-2 secret_key: from_secret: AWS_SECRET_ACCESS_KEY source: /go/artifacts/* strip_prefix: /go/artifacts/ target: teleport/tag/${DRONE_TAG##v} services: - name: Start Docker image: docker:dind privileged: true volumes: - name: tmpfs path: /tmpfs - name: dockersock path: /var/run volumes: - name: tmpfs temp: medium: memory - name: dockersock temp: {} --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/tag.go:363 ################################################ kind: pipeline type: kubernetes name: build-linux-amd64-deb trigger: event: include: - tag ref: include: - refs/tags/v* repo: include: - gravitational/* workspace: path: /go clone: disable: true depends_on: - build-linux-amd64 steps: - name: Check out code image: docker:git commands: - mkdir -p /go/src/github.com/gravitational/teleport - cd /go/src/github.com/gravitational/teleport - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . - git checkout ${DRONE_TAG:-$DRONE_COMMIT} - mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa - ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts - git submodule update --init e - git submodule update --init --recursive webassets || true - rm -f /root/.ssh/id_rsa - mkdir -p /go/cache /go/artifacts - if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY - name: Wait for docker image: docker commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' volumes: - name: dockersock path: /var/run - name: Download artifacts from S3 image: amazon/aws-cli commands: - export VERSION=$(cat /go/.version.txt) - if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else export S3_PATH="tag/"; fi - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-amd64-bin.tar.gz /go/artifacts/ - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-bin.tar.gz /go/artifacts/ environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY - name: Build artifacts image: docker commands: - apk add --no-cache bash curl gzip make tar - cd /go/src/github.com/gravitational/teleport - export VERSION=$(cat /go/.version.txt) - make deb environment: ARCH: amd64 ENT_TARBALL_PATH: /go/artifacts OSS_TARBALL_PATH: /go/artifacts TMPDIR: /go volumes: - name: dockersock path: /var/run - name: Copy artifacts image: docker commands: - cd /go/src/github.com/gravitational/teleport - find build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts \; - find e/build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts \; - name: Upload to S3 image: plugins/s3 settings: access_key: from_secret: AWS_ACCESS_KEY_ID bucket: from_secret: AWS_S3_BUCKET region: us-west-2 secret_key: from_secret: AWS_SECRET_ACCESS_KEY source: /go/artifacts/* strip_prefix: /go/artifacts/ target: teleport/tag/${DRONE_TAG##v} services: - name: Start Docker image: docker:dind privileged: true volumes: - name: dockersock path: /var/run volumes: - name: dockersock temp: {} --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/tag.go:363 ################################################ kind: pipeline type: kubernetes name: build-linux-amd64-fips-deb trigger: event: include: - tag ref: include: - refs/tags/v* repo: include: - gravitational/* workspace: path: /go clone: disable: true depends_on: - build-linux-amd64-fips steps: - name: Check out code image: docker:git commands: - mkdir -p /go/src/github.com/gravitational/teleport - cd /go/src/github.com/gravitational/teleport - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . - git checkout ${DRONE_TAG:-$DRONE_COMMIT} - mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa - ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts - git submodule update --init e - git submodule update --init --recursive webassets || true - rm -f /root/.ssh/id_rsa - mkdir -p /go/cache /go/artifacts - if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY - name: Wait for docker image: docker commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' volumes: - name: dockersock path: /var/run - name: Download artifacts from S3 image: amazon/aws-cli commands: - export VERSION=$(cat /go/.version.txt) - if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else export S3_PATH="tag/"; fi - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-fips-bin.tar.gz /go/artifacts/ environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY - name: Build artifacts image: docker commands: - apk add --no-cache bash curl gzip make tar - cd /go/src/github.com/gravitational/teleport - export VERSION=$(cat /go/.version.txt) - make -C e deb environment: ARCH: amd64 ENT_TARBALL_PATH: /go/artifacts FIPS: "yes" RUNTIME: fips TMPDIR: /go volumes: - name: dockersock path: /var/run - name: Copy artifacts image: docker commands: - cd /go/src/github.com/gravitational/teleport - find e/build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts \; - name: Upload to S3 image: plugins/s3 settings: access_key: from_secret: AWS_ACCESS_KEY_ID bucket: from_secret: AWS_S3_BUCKET region: us-west-2 secret_key: from_secret: AWS_SECRET_ACCESS_KEY source: /go/artifacts/* strip_prefix: /go/artifacts/ target: teleport/tag/${DRONE_TAG##v} services: - name: Start Docker image: docker:dind privileged: true volumes: - name: dockersock path: /var/run volumes: - name: dockersock temp: {} --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/tag.go:221 ################################################ kind: pipeline type: kubernetes name: build-linux-386 environment: RUNTIME: go1.16.2 trigger: event: include: - tag ref: include: - refs/tags/v* repo: include: - gravitational/* workspace: path: /go clone: disable: true steps: - name: Check out code image: docker:git commands: - mkdir -p /go/src/github.com/gravitational/teleport - cd /go/src/github.com/gravitational/teleport - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . - git checkout ${DRONE_TAG:-$DRONE_COMMIT} - mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa - ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts - git submodule update --init e - git submodule update --init --recursive webassets || true - rm -f /root/.ssh/id_rsa - mkdir -p /go/cache /go/artifacts - if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY - name: Wait for docker image: docker commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' volumes: - name: dockersock path: /var/run - name: Build artifacts image: docker commands: - apk add --no-cache make - chown -R $UID:$GID /go - cd /go/src/github.com/gravitational/teleport - make -C build.assets release-386 environment: ARCH: "386" GID: "1000" GOCACHE: /go/cache GOPATH: /go OS: linux UID: "1000" volumes: - name: dockersock path: /var/run - name: Copy artifacts image: docker commands: - cd /go/src/github.com/gravitational/teleport - find . -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts \; - find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts \; - cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256; done && ls -l - name: Upload to S3 image: plugins/s3 settings: access_key: from_secret: AWS_ACCESS_KEY_ID bucket: from_secret: AWS_S3_BUCKET region: us-west-2 secret_key: from_secret: AWS_SECRET_ACCESS_KEY source: /go/artifacts/* strip_prefix: /go/artifacts/ target: teleport/tag/${DRONE_TAG##v} services: - name: Start Docker image: docker:dind privileged: true volumes: - name: dockersock path: /var/run volumes: - name: dockersock temp: {} --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/tag.go:363 ################################################ kind: pipeline type: kubernetes name: build-linux-386-rpm trigger: event: include: - tag ref: include: - refs/tags/v* repo: include: - gravitational/* workspace: path: /go clone: disable: true depends_on: - build-linux-386 steps: - name: Check out code image: docker:git commands: - mkdir -p /go/src/github.com/gravitational/teleport - cd /go/src/github.com/gravitational/teleport - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . - git checkout ${DRONE_TAG:-$DRONE_COMMIT} - mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa - ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts - git submodule update --init e - git submodule update --init --recursive webassets || true - rm -f /root/.ssh/id_rsa - mkdir -p /go/cache /go/artifacts - if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY - name: Wait for docker image: docker commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' volumes: - name: dockersock path: /var/run - name: Download artifacts from S3 image: amazon/aws-cli commands: - export VERSION=$(cat /go/.version.txt) - if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else export S3_PATH="tag/"; fi - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-386-bin.tar.gz /go/artifacts/ - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-386-bin.tar.gz /go/artifacts/ environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY - name: Build artifacts image: docker commands: - apk add --no-cache bash curl gzip make tar - cd /go/src/github.com/gravitational/teleport - export VERSION=$(cat /go/.version.txt) - mkdir -m0700 $GNUPG_DIR - echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPG_DIR - chown -R root:root $GNUPG_DIR - make rpm - rm -rf $GNUPG_DIR environment: ARCH: "386" ENT_TARBALL_PATH: /go/artifacts GNUPG_DIR: /tmpfs/gnupg GPG_RPM_SIGNING_ARCHIVE: from_secret: GPG_RPM_SIGNING_ARCHIVE OSS_TARBALL_PATH: /go/artifacts TMPDIR: /go volumes: - name: tmpfs path: /tmpfs - name: dockersock path: /var/run - name: Copy artifacts image: docker commands: - cd /go/src/github.com/gravitational/teleport - find build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts \; - find e/build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts \; - name: Upload to S3 image: plugins/s3 settings: access_key: from_secret: AWS_ACCESS_KEY_ID bucket: from_secret: AWS_S3_BUCKET region: us-west-2 secret_key: from_secret: AWS_SECRET_ACCESS_KEY source: /go/artifacts/* strip_prefix: /go/artifacts/ target: teleport/tag/${DRONE_TAG##v} services: - name: Start Docker image: docker:dind privileged: true volumes: - name: tmpfs path: /tmpfs - name: dockersock path: /var/run volumes: - name: tmpfs temp: medium: memory - name: dockersock temp: {} --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/tag.go:363 ################################################ kind: pipeline type: kubernetes name: build-linux-386-deb trigger: event: include: - tag ref: include: - refs/tags/v* repo: include: - gravitational/* workspace: path: /go clone: disable: true depends_on: - build-linux-386 steps: - name: Check out code image: docker:git commands: - mkdir -p /go/src/github.com/gravitational/teleport - cd /go/src/github.com/gravitational/teleport - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . - git checkout ${DRONE_TAG:-$DRONE_COMMIT} - mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa - ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts - git submodule update --init e - git submodule update --init --recursive webassets || true - rm -f /root/.ssh/id_rsa - mkdir -p /go/cache /go/artifacts - if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY - name: Wait for docker image: docker commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' volumes: - name: dockersock path: /var/run - name: Download artifacts from S3 image: amazon/aws-cli commands: - export VERSION=$(cat /go/.version.txt) - if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else export S3_PATH="tag/"; fi - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-386-bin.tar.gz /go/artifacts/ - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-386-bin.tar.gz /go/artifacts/ environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY - name: Build artifacts image: docker commands: - apk add --no-cache bash curl gzip make tar - cd /go/src/github.com/gravitational/teleport - export VERSION=$(cat /go/.version.txt) - make deb environment: ARCH: "386" ENT_TARBALL_PATH: /go/artifacts OSS_TARBALL_PATH: /go/artifacts TMPDIR: /go volumes: - name: dockersock path: /var/run - name: Copy artifacts image: docker commands: - cd /go/src/github.com/gravitational/teleport - find build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts \; - find e/build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts \; - name: Upload to S3 image: plugins/s3 settings: access_key: from_secret: AWS_ACCESS_KEY_ID bucket: from_secret: AWS_S3_BUCKET region: us-west-2 secret_key: from_secret: AWS_SECRET_ACCESS_KEY source: /go/artifacts/* strip_prefix: /go/artifacts/ target: teleport/tag/${DRONE_TAG##v} services: - name: Start Docker image: docker:dind privileged: true volumes: - name: dockersock path: /var/run volumes: - name: dockersock temp: {} --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/mac.go:32 ################################################ kind: pipeline type: exec name: build-darwin-amd64 trigger: event: include: - tag ref: include: - refs/tags/v* repo: include: - gravitational/* workspace: path: /tmp/build-darwin-amd64 platform: os: darwin arch: amd64 clone: disable: true concurrency: limit: 1 steps: - name: Set up exec runner storage commands: - set -u - mkdir -p $WORKSPACE_DIR - chmod -R u+rw $WORKSPACE_DIR - rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh environment: WORKSPACE_DIR: /tmp/build-darwin-amd64 - name: Check out code commands: - set -u - mkdir -p $WORKSPACE_DIR/go/src/github.com/gravitational/teleport - cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . - git checkout ${DRONE_TAG:-$DRONE_COMMIT} - mkdir -m 0700 $WORKSPACE_DIR/.ssh && echo "$GITHUB_PRIVATE_KEY" > $WORKSPACE_DIR/.ssh/id_rsa && chmod 600 $WORKSPACE_DIR/.ssh/id_rsa - ssh-keyscan -H github.com > $WORKSPACE_DIR/.ssh/known_hosts 2>/dev/null - chmod 600 $WORKSPACE_DIR/.ssh/known_hosts - GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts -F /dev/null' git submodule update --init e - GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts -F /dev/null' git submodule update --init --recursive webassets || true - rm -rf $WORKSPACE_DIR/.ssh - mkdir -p $WORKSPACE_DIR/go/cache - mkdir -p $WORKSPACE_DIR/go/artifacts - echo "${DRONE_TAG##v}" > $WORKSPACE_DIR/go/.version.txt - cat $WORKSPACE_DIR/go/.version.txt environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY WORKSPACE_DIR: /tmp/build-darwin-amd64 - name: Build Mac release artifacts commands: - set -u - cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport - make clean release OS=$OS ARCH=$ARCH environment: ARCH: amd64 GOCACHE: /tmp/build-darwin-amd64/go/cache GOPATH: /tmp/build-darwin-amd64/go OS: darwin WORKSPACE_DIR: /tmp/build-darwin-amd64 - name: Copy Mac artifacts commands: - set -u - cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport - cp teleport*.tar.gz $WORKSPACE_DIR/go/artifacts - cp e/teleport-ent*.tar.gz $WORKSPACE_DIR/go/artifacts - cd $WORKSPACE_DIR/go/artifacts && for FILE in teleport*.tar.gz; do shasum -a 256 $FILE > $FILE.sha256; done && ls -l environment: WORKSPACE_DIR: /tmp/build-darwin-amd64 - name: Upload to S3 commands: - set -u - cd $WORKSPACE_DIR/go/artifacts - aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v} environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY WORKSPACE_DIR: /tmp/build-darwin-amd64 - name: Clean up exec runner storage (post) commands: - set -u - chmod -R u+rw $WORKSPACE_DIR - rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh environment: WORKSPACE_DIR: /tmp/build-darwin-amd64 --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/mac.go:32 ################################################ kind: pipeline type: exec name: build-darwin-amd64-pkg trigger: event: include: - tag ref: include: - refs/tags/v* repo: include: - gravitational/* workspace: path: /tmp/build-darwin-amd64-pkg platform: os: darwin arch: amd64 clone: disable: true depends_on: - build-darwin-amd64 concurrency: limit: 1 steps: - name: Set up exec runner storage commands: - set -u - mkdir -p $WORKSPACE_DIR - chmod -R u+rw $WORKSPACE_DIR - rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh environment: WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg - name: Check out code commands: - set -u - mkdir -p $WORKSPACE_DIR/go/src/github.com/gravitational/teleport - cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . - git checkout ${DRONE_TAG:-$DRONE_COMMIT} - mkdir -m 0700 $WORKSPACE_DIR/.ssh && echo "$GITHUB_PRIVATE_KEY" > $WORKSPACE_DIR/.ssh/id_rsa && chmod 600 $WORKSPACE_DIR/.ssh/id_rsa - ssh-keyscan -H github.com > $WORKSPACE_DIR/.ssh/known_hosts 2>/dev/null - chmod 600 $WORKSPACE_DIR/.ssh/known_hosts - GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts -F /dev/null' git submodule update --init e - GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts -F /dev/null' git submodule update --init --recursive webassets || true - rm -rf $WORKSPACE_DIR/.ssh - mkdir -p $WORKSPACE_DIR/go/cache - mkdir -p $WORKSPACE_DIR/go/artifacts - echo "${DRONE_TAG##v}" > $WORKSPACE_DIR/go/.version.txt - cat $WORKSPACE_DIR/go/.version.txt environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg - name: Download built tarball artifacts from S3 commands: - set -u - export VERSION=$(cat $WORKSPACE_DIR/go/.version.txt) - export S3_PATH="tag/$${DRONE_TAG##v}/" - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-darwin-amd64-bin.tar.gz $WORKSPACE_DIR/go/artifacts/ - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-darwin-amd64-bin.tar.gz $WORKSPACE_DIR/go/artifacts/ environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg - name: Build Mac pkg release artifacts commands: - set -u - cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport - export VERSION=$(cat $WORKSPACE_DIR/go/.version.txt) - export HOME=/Users/build - security unlock-keychain -p $${BUILDBOX_PASSWORD} login.keychain - security find-identity -v - make pkg OS=$OS ARCH=$ARCH environment: APPLE_PASSWORD: from_secret: APPLE_PASSWORD APPLE_USERNAME: from_secret: APPLE_USERNAME ARCH: amd64 BUILDBOX_PASSWORD: from_secret: BUILDBOX_PASSWORD ENT_TARBALL_PATH: /tmp/build-darwin-amd64-pkg/go/artifacts OS: darwin OSS_TARBALL_PATH: /tmp/build-darwin-amd64-pkg/go/artifacts WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg - name: Copy Mac pkg artifacts commands: - set -u - cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport - rm -rf $WORKSPACE_DIR/go/artifacts/*.tar.gz - cp build/teleport*.pkg e/build/teleport-ent*.pkg $WORKSPACE_DIR/go/artifacts/ - cd $WORKSPACE_DIR/go/artifacts && for FILE in *.pkg; do shasum -a 256 $FILE > $FILE.sha256; done && ls -l environment: WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg - name: Upload to S3 commands: - set -u - cd $WORKSPACE_DIR/go/artifacts - aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v} environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg - name: Clean up exec runner storage (post) commands: - set -u - chmod -R u+rw $WORKSPACE_DIR - rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh environment: WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/mac.go:32 ################################################ kind: pipeline type: exec name: build-darwin-amd64-pkg-tsh trigger: event: include: - tag ref: include: - refs/tags/v* repo: include: - gravitational/* workspace: path: /tmp/build-darwin-amd64-pkg-tsh platform: os: darwin arch: amd64 clone: disable: true depends_on: - build-darwin-amd64 concurrency: limit: 1 steps: - name: Set up exec runner storage commands: - set -u - mkdir -p $WORKSPACE_DIR - chmod -R u+rw $WORKSPACE_DIR - rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh environment: WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg-tsh - name: Check out code commands: - set -u - mkdir -p $WORKSPACE_DIR/go/src/github.com/gravitational/teleport - cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . - git checkout ${DRONE_TAG:-$DRONE_COMMIT} - mkdir -m 0700 $WORKSPACE_DIR/.ssh && echo "$GITHUB_PRIVATE_KEY" > $WORKSPACE_DIR/.ssh/id_rsa && chmod 600 $WORKSPACE_DIR/.ssh/id_rsa - ssh-keyscan -H github.com > $WORKSPACE_DIR/.ssh/known_hosts 2>/dev/null - chmod 600 $WORKSPACE_DIR/.ssh/known_hosts - GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts -F /dev/null' git submodule update --init e - GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts -F /dev/null' git submodule update --init --recursive webassets || true - rm -rf $WORKSPACE_DIR/.ssh - mkdir -p $WORKSPACE_DIR/go/cache - mkdir -p $WORKSPACE_DIR/go/artifacts - echo "${DRONE_TAG##v}" > $WORKSPACE_DIR/go/.version.txt - cat $WORKSPACE_DIR/go/.version.txt environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg-tsh - name: Download built tarball artifacts from S3 commands: - set -u - export VERSION=$(cat $WORKSPACE_DIR/go/.version.txt) - export S3_PATH="tag/$${DRONE_TAG##v}/" - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-darwin-amd64-bin.tar.gz $WORKSPACE_DIR/go/artifacts/ - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-darwin-amd64-bin.tar.gz $WORKSPACE_DIR/go/artifacts/ environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg-tsh - name: Build Mac pkg release artifacts commands: - set -u - cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport - export VERSION=$(cat $WORKSPACE_DIR/go/.version.txt) - export HOME=/Users/build - security unlock-keychain -p $${BUILDBOX_PASSWORD} login.keychain - security find-identity -v - make pkg-tsh OS=$OS ARCH=$ARCH environment: APPLE_PASSWORD: from_secret: APPLE_PASSWORD APPLE_USERNAME: from_secret: APPLE_USERNAME ARCH: amd64 BUILDBOX_PASSWORD: from_secret: BUILDBOX_PASSWORD ENT_TARBALL_PATH: /tmp/build-darwin-amd64-pkg/go/artifacts OS: darwin OSS_TARBALL_PATH: /tmp/build-darwin-amd64-pkg/go/artifacts WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg-tsh - name: Copy Mac pkg artifacts commands: - set -u - cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport - rm -rf $WORKSPACE_DIR/go/artifacts/*.tar.gz - cp build/tsh*.pkg $WORKSPACE_DIR/go/artifacts/ - cd $WORKSPACE_DIR/go/artifacts && for FILE in *.pkg; do shasum -a 256 $FILE > $FILE.sha256; done && ls -l environment: WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg-tsh - name: Upload to S3 commands: - set -u - cd $WORKSPACE_DIR/go/artifacts - aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v} environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg-tsh - name: Clean up exec runner storage (post) commands: - set -u - chmod -R u+rw $WORKSPACE_DIR - rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh environment: WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg-tsh --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/tag.go:221 ################################################ kind: pipeline type: kubernetes name: build-linux-arm environment: RUNTIME: go1.16.2 trigger: event: include: - tag ref: include: - refs/tags/v* repo: include: - gravitational/* workspace: path: /go clone: disable: true steps: - name: Check out code image: docker:git commands: - mkdir -p /go/src/github.com/gravitational/teleport - cd /go/src/github.com/gravitational/teleport - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . - git checkout ${DRONE_TAG:-$DRONE_COMMIT} - mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa - ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts - git submodule update --init e - git submodule update --init --recursive webassets || true - rm -f /root/.ssh/id_rsa - mkdir -p /go/cache /go/artifacts - if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY - name: Wait for docker image: docker commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' volumes: - name: dockersock path: /var/run - name: Build artifacts image: docker commands: - apk add --no-cache make - chown -R $UID:$GID /go - cd /go/src/github.com/gravitational/teleport - make -C build.assets release-arm environment: ARCH: arm GID: "1000" GOCACHE: /go/cache GOPATH: /go OS: linux UID: "1000" volumes: - name: dockersock path: /var/run - name: Copy artifacts image: docker commands: - cd /go/src/github.com/gravitational/teleport - find . -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts \; - find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts \; - cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256; done && ls -l - name: Upload to S3 image: plugins/s3 settings: access_key: from_secret: AWS_ACCESS_KEY_ID bucket: from_secret: AWS_S3_BUCKET region: us-west-2 secret_key: from_secret: AWS_SECRET_ACCESS_KEY source: /go/artifacts/* strip_prefix: /go/artifacts/ target: teleport/tag/${DRONE_TAG##v} services: - name: Start Docker image: docker:dind privileged: true volumes: - name: dockersock path: /var/run volumes: - name: dockersock temp: {} --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/tag.go:221 ################################################ kind: pipeline type: kubernetes name: build-linux-arm64 environment: RUNTIME: go1.16.2 trigger: event: include: - tag ref: include: - refs/tags/v* repo: include: - gravitational/* workspace: path: /go clone: disable: true steps: - name: Check out code image: docker:git commands: - mkdir -p /go/src/github.com/gravitational/teleport - cd /go/src/github.com/gravitational/teleport - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . - git checkout ${DRONE_TAG:-$DRONE_COMMIT} - mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa - ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts - git submodule update --init e - git submodule update --init --recursive webassets || true - rm -f /root/.ssh/id_rsa - mkdir -p /go/cache /go/artifacts - if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY - name: Wait for docker image: docker commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' volumes: - name: dockersock path: /var/run - name: Build artifacts image: docker commands: - apk add --no-cache make - chown -R $UID:$GID /go - cd /go/src/github.com/gravitational/teleport - make -C build.assets release-arm64 environment: ARCH: arm64 GID: "1000" GOCACHE: /go/cache GOPATH: /go OS: linux UID: "1000" volumes: - name: dockersock path: /var/run - name: Copy artifacts image: docker commands: - cd /go/src/github.com/gravitational/teleport - find . -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts \; - find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts \; - cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256; done && ls -l - name: Upload to S3 image: plugins/s3 settings: access_key: from_secret: AWS_ACCESS_KEY_ID bucket: from_secret: AWS_S3_BUCKET region: us-west-2 secret_key: from_secret: AWS_SECRET_ACCESS_KEY source: /go/artifacts/* strip_prefix: /go/artifacts/ target: teleport/tag/${DRONE_TAG##v} services: - name: Start Docker image: docker:dind privileged: true volumes: - name: dockersock path: /var/run volumes: - name: dockersock temp: {} --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/tag.go:363 ################################################ kind: pipeline type: kubernetes name: build-linux-arm64-deb trigger: event: include: - tag ref: include: - refs/tags/v* repo: include: - gravitational/* workspace: path: /go clone: disable: true depends_on: - build-linux-arm64 steps: - name: Check out code image: docker:git commands: - mkdir -p /go/src/github.com/gravitational/teleport - cd /go/src/github.com/gravitational/teleport - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . - git checkout ${DRONE_TAG:-$DRONE_COMMIT} - mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa - ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts - git submodule update --init e - git submodule update --init --recursive webassets || true - rm -f /root/.ssh/id_rsa - mkdir -p /go/cache /go/artifacts - if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY - name: Wait for docker image: docker commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' volumes: - name: dockersock path: /var/run - name: Download artifacts from S3 image: amazon/aws-cli commands: - export VERSION=$(cat /go/.version.txt) - if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else export S3_PATH="tag/"; fi - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-arm64-bin.tar.gz /go/artifacts/ - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-arm64-bin.tar.gz /go/artifacts/ environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY - name: Build artifacts image: docker commands: - apk add --no-cache bash curl gzip make tar - cd /go/src/github.com/gravitational/teleport - export VERSION=$(cat /go/.version.txt) - make deb environment: ARCH: arm64 ENT_TARBALL_PATH: /go/artifacts OSS_TARBALL_PATH: /go/artifacts TMPDIR: /go volumes: - name: dockersock path: /var/run - name: Copy artifacts image: docker commands: - cd /go/src/github.com/gravitational/teleport - find build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts \; - find e/build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts \; - name: Upload to S3 image: plugins/s3 settings: access_key: from_secret: AWS_ACCESS_KEY_ID bucket: from_secret: AWS_S3_BUCKET region: us-west-2 secret_key: from_secret: AWS_SECRET_ACCESS_KEY source: /go/artifacts/* strip_prefix: /go/artifacts/ target: teleport/tag/${DRONE_TAG##v} services: - name: Start Docker image: docker:dind privileged: true volumes: - name: dockersock path: /var/run volumes: - name: dockersock temp: {} --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/tag.go:363 ################################################ kind: pipeline type: kubernetes name: build-linux-arm-deb trigger: event: include: - tag ref: include: - refs/tags/v* repo: include: - gravitational/* workspace: path: /go clone: disable: true depends_on: - build-linux-arm steps: - name: Check out code image: docker:git commands: - mkdir -p /go/src/github.com/gravitational/teleport - cd /go/src/github.com/gravitational/teleport - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . - git checkout ${DRONE_TAG:-$DRONE_COMMIT} - mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa - ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts - git submodule update --init e - git submodule update --init --recursive webassets || true - rm -f /root/.ssh/id_rsa - mkdir -p /go/cache /go/artifacts - if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY - name: Wait for docker image: docker commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' volumes: - name: dockersock path: /var/run - name: Download artifacts from S3 image: amazon/aws-cli commands: - export VERSION=$(cat /go/.version.txt) - if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else export S3_PATH="tag/"; fi - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-arm-bin.tar.gz /go/artifacts/ - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-arm-bin.tar.gz /go/artifacts/ environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY - name: Build artifacts image: docker commands: - apk add --no-cache bash curl gzip make tar - cd /go/src/github.com/gravitational/teleport - export VERSION=$(cat /go/.version.txt) - make deb environment: ARCH: arm ENT_TARBALL_PATH: /go/artifacts OSS_TARBALL_PATH: /go/artifacts TMPDIR: /go volumes: - name: dockersock path: /var/run - name: Copy artifacts image: docker commands: - cd /go/src/github.com/gravitational/teleport - find build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts \; - find e/build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts \; - name: Upload to S3 image: plugins/s3 settings: access_key: from_secret: AWS_ACCESS_KEY_ID bucket: from_secret: AWS_S3_BUCKET region: us-west-2 secret_key: from_secret: AWS_SECRET_ACCESS_KEY source: /go/artifacts/* strip_prefix: /go/artifacts/ target: teleport/tag/${DRONE_TAG##v} services: - name: Start Docker image: docker:dind privileged: true volumes: - name: dockersock path: /var/run volumes: - name: dockersock temp: {} --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/tag.go:363 ################################################ kind: pipeline type: kubernetes name: build-linux-arm64-rpm trigger: event: include: - tag ref: include: - refs/tags/v* repo: include: - gravitational/* workspace: path: /go clone: disable: true depends_on: - build-linux-arm64 steps: - name: Check out code image: docker:git commands: - mkdir -p /go/src/github.com/gravitational/teleport - cd /go/src/github.com/gravitational/teleport - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . - git checkout ${DRONE_TAG:-$DRONE_COMMIT} - mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa - ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts - git submodule update --init e - git submodule update --init --recursive webassets || true - rm -f /root/.ssh/id_rsa - mkdir -p /go/cache /go/artifacts - if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY - name: Wait for docker image: docker commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' volumes: - name: dockersock path: /var/run - name: Download artifacts from S3 image: amazon/aws-cli commands: - export VERSION=$(cat /go/.version.txt) - if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else export S3_PATH="tag/"; fi - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-arm64-bin.tar.gz /go/artifacts/ - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-arm64-bin.tar.gz /go/artifacts/ environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY - name: Build artifacts image: docker commands: - apk add --no-cache bash curl gzip make tar - cd /go/src/github.com/gravitational/teleport - export VERSION=$(cat /go/.version.txt) - mkdir -m0700 $GNUPG_DIR - echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPG_DIR - chown -R root:root $GNUPG_DIR - make rpm - rm -rf $GNUPG_DIR environment: ARCH: arm64 ENT_TARBALL_PATH: /go/artifacts GNUPG_DIR: /tmpfs/gnupg GPG_RPM_SIGNING_ARCHIVE: from_secret: GPG_RPM_SIGNING_ARCHIVE OSS_TARBALL_PATH: /go/artifacts TMPDIR: /go volumes: - name: tmpfs path: /tmpfs - name: dockersock path: /var/run - name: Copy artifacts image: docker commands: - cd /go/src/github.com/gravitational/teleport - find build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts \; - find e/build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts \; - name: Upload to S3 image: plugins/s3 settings: access_key: from_secret: AWS_ACCESS_KEY_ID bucket: from_secret: AWS_S3_BUCKET region: us-west-2 secret_key: from_secret: AWS_SECRET_ACCESS_KEY source: /go/artifacts/* strip_prefix: /go/artifacts/ target: teleport/tag/${DRONE_TAG##v} services: - name: Start Docker image: docker:dind privileged: true volumes: - name: tmpfs path: /tmpfs - name: dockersock path: /var/run volumes: - name: tmpfs temp: medium: memory - name: dockersock temp: {} --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/tag.go:363 ################################################ kind: pipeline type: kubernetes name: build-linux-arm-rpm trigger: event: include: - tag ref: include: - refs/tags/v* repo: include: - gravitational/* workspace: path: /go clone: disable: true depends_on: - build-linux-arm steps: - name: Check out code image: docker:git commands: - mkdir -p /go/src/github.com/gravitational/teleport - cd /go/src/github.com/gravitational/teleport - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . - git checkout ${DRONE_TAG:-$DRONE_COMMIT} - mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa - ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts - git submodule update --init e - git submodule update --init --recursive webassets || true - rm -f /root/.ssh/id_rsa - mkdir -p /go/cache /go/artifacts - if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY - name: Wait for docker image: docker commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' volumes: - name: dockersock path: /var/run - name: Download artifacts from S3 image: amazon/aws-cli commands: - export VERSION=$(cat /go/.version.txt) - if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else export S3_PATH="tag/"; fi - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-arm-bin.tar.gz /go/artifacts/ - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-arm-bin.tar.gz /go/artifacts/ environment: AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_REGION: us-west-2 AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY - name: Build artifacts image: docker commands: - apk add --no-cache bash curl gzip make tar - cd /go/src/github.com/gravitational/teleport - export VERSION=$(cat /go/.version.txt) - mkdir -m0700 $GNUPG_DIR - echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPG_DIR - chown -R root:root $GNUPG_DIR - make rpm - rm -rf $GNUPG_DIR environment: ARCH: arm ENT_TARBALL_PATH: /go/artifacts GNUPG_DIR: /tmpfs/gnupg GPG_RPM_SIGNING_ARCHIVE: from_secret: GPG_RPM_SIGNING_ARCHIVE OSS_TARBALL_PATH: /go/artifacts TMPDIR: /go volumes: - name: tmpfs path: /tmpfs - name: dockersock path: /var/run - name: Copy artifacts image: docker commands: - cd /go/src/github.com/gravitational/teleport - find build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts \; - find e/build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts \; - name: Upload to S3 image: plugins/s3 settings: access_key: from_secret: AWS_ACCESS_KEY_ID bucket: from_secret: AWS_S3_BUCKET region: us-west-2 secret_key: from_secret: AWS_SECRET_ACCESS_KEY source: /go/artifacts/* strip_prefix: /go/artifacts/ target: teleport/tag/${DRONE_TAG##v} services: - name: Start Docker image: docker:dind privileged: true volumes: - name: tmpfs path: /tmpfs - name: dockersock path: /var/run volumes: - name: tmpfs temp: medium: memory - name: dockersock temp: {} --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/tag.go:221 ################################################ kind: pipeline type: kubernetes name: build-windows-amd64 environment: RUNTIME: go1.16.2 trigger: event: include: - tag ref: include: - refs/tags/v* repo: include: - gravitational/* workspace: path: /go clone: disable: true steps: - name: Check out code image: docker:git commands: - mkdir -p /go/src/github.com/gravitational/teleport - cd /go/src/github.com/gravitational/teleport - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . - git checkout ${DRONE_TAG:-$DRONE_COMMIT} - mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa - ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts - git submodule update --init e - git submodule update --init --recursive webassets || true - rm -f /root/.ssh/id_rsa - mkdir -p /go/cache /go/artifacts - if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY - name: Wait for docker image: docker commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' volumes: - name: dockersock path: /var/run - name: Build artifacts image: docker commands: - apk add --no-cache make - chown -R $UID:$GID /go - cd /go/src/github.com/gravitational/teleport - echo -n "$WINDOWS_SIGNING_CERT" | base64 -d > windows-signing-cert.pfx - make -C build.assets release-amd64 - rm -f windows-signing-cert.pfx environment: ARCH: amd64 GID: "1000" GOCACHE: /go/cache GOPATH: /go OS: windows UID: "1000" WINDOWS_SIGNING_CERT: from_secret: WINDOWS_SIGNING_CERT volumes: - name: dockersock path: /var/run - name: Copy artifacts image: docker commands: - cd /go/src/github.com/gravitational/teleport - find . -maxdepth 1 -iname "teleport*.zip" -print -exec cp {} /go/artifacts \; - export VERSION=$(cat /go/.version.txt) - cp /go/artifacts/teleport-v$${VERSION}-windows-amd64-bin.zip /go/artifacts/teleport-ent-v$${VERSION}-windows-amd64-bin.zip - cd /go/artifacts && for FILE in teleport*.zip; do sha256sum $FILE > $FILE.sha256; done && ls -l - name: Upload to S3 image: plugins/s3 settings: access_key: from_secret: AWS_ACCESS_KEY_ID bucket: from_secret: AWS_S3_BUCKET region: us-west-2 secret_key: from_secret: AWS_SECRET_ACCESS_KEY source: /go/artifacts/* strip_prefix: /go/artifacts/ target: teleport/tag/${DRONE_TAG##v} services: - name: Start Docker image: docker:dind privileged: true volumes: - name: dockersock path: /var/run volumes: - name: dockersock temp: {} --- kind: pipeline type: kubernetes name: build-docker-images environment: RUNTIME: go1.16.2 trigger: event: - tag ref: include: - refs/tags/v* repo: include: - gravitational/* workspace: path: /go clone: disable: true steps: - name: Check out code image: docker:git environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY GOCACHE: /go/cache commands: - mkdir -p /go/src/github.com/gravitational/teleport - cd /go/src/github.com/gravitational/teleport - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . - git checkout ${DRONE_TAG:-$DRONE_COMMIT} # fetch enterprise submodules - mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa - ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts - git submodule update --init e # this is allowed to fail because pre-4.3 Teleport versions don't use the webassets submodule - git submodule update --init --recursive webassets || true - rm -f /root/.ssh/id_rsa # create necessary directories - mkdir -p /go/artifacts $GOCACHE # set version - if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt - name: Build/push OSS/Enterprise Docker images image: docker environment: UID: 1000 GID: 1000 GOCACHE: /go/cache GOPATH: /go OS: linux ARCH: amd64 settings: username: from_secret: QUAYIO_DOCKER_USERNAME password: from_secret: QUAYIO_DOCKER_PASSWORD volumes: - name: dockersock path: /var/run commands: - apk add --no-cache make - chown -R $UID:$GID /go - docker login -u="$PLUGIN_USERNAME" -p="$PLUGIN_PASSWORD" quay.io - docker pull quay.io/gravitational/teleport-buildbox:$RUNTIME || true - cd /go/src/github.com/gravitational/teleport - make image-ci publish-ci - name: Build/push FIPS Docker image image: docker environment: UID: 1000 GID: 1000 GOCACHE: /go/cache GOPATH: /go OS: linux ARCH: amd64 settings: username: from_secret: QUAYIO_DOCKER_USERNAME password: from_secret: QUAYIO_DOCKER_PASSWORD volumes: - name: dockersock path: /var/run commands: - apk add --no-cache make - chown -R $UID:$GID /go - docker login -u="$PLUGIN_USERNAME" -p="$PLUGIN_PASSWORD" quay.io - docker pull quay.io/gravitational/teleport-buildbox:$RUNTIME || true - cd /go/src/github.com/gravitational/teleport # VERSION needs to be set manually when running in the e directory. # Normally, the version is set and exported by the root Makefile and then inherited, # but this is not the case for FIPS builds (which only run in e/Makefile) - export VERSION=$(cat /go/.version.txt) - make -C e image-fips-ci publish-fips-ci services: - name: Start Docker image: docker:dind privileged: true volumes: - name: dockersock path: /var/run volumes: - name: dockersock temp: {} --- kind: pipeline type: kubernetes name: build-oss-amis trigger: event: - tag ref: include: - refs/tags/v* repo: include: - gravitational/* depends_on: - build-linux-amd64 workspace: path: /go clone: disable: true steps: - name: Check out code image: docker:git commands: - mkdir -p /go/src/github.com/gravitational/teleport - cd /go/src/github.com/gravitational/teleport - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . - git checkout ${DRONE_TAG:-$DRONE_COMMIT} # set version - if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt - name: Download built tarball artifacts from S3 image: amazon/aws-cli environment: AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY AWS_REGION: us-west-2 commands: - export VERSION=$(cat /go/.version.txt) - if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else export S3_PATH="tag/"; fi - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-amd64-bin.tar.gz /go/src/github.com/gravitational/teleport/assets/aws/files - name: Build OSS AMIs image: hashicorp/packer environment: AWS_ACCESS_KEY_ID: from_secret: AWS_PACKER_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY: from_secret: AWS_PACKER_SECRET_ACCESS_KEY volumes: - name: dockersock path: /var/run commands: - apk add --no-cache aws-cli jq make - cd /go/src/github.com/gravitational/teleport/assets/aws - export TELEPORT_VERSION=$(cat /go/.version.txt) - export PUBLIC_AMI_NAME=gravitational-teleport-ami-oss-$TELEPORT_VERSION - | if [ "${DRONE_BUILD_EVENT}" = "tag" ]; then echo "---> Building production OSS AMIs" echo "---> Note: these AMIs will not be made public until the 'promote' step is run" make oss-ci-build else echo "---> Building debug OSS AMIs" make oss fi - name: Sync OSS build timestamp to S3 image: amazon/aws-cli environment: AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY AWS_REGION: us-west-2 commands: - export VERSION=$(cat /go/.version.txt) - aws s3 cp /go/src/github.com/gravitational/teleport/assets/aws/files/build/oss_build_timestamp.txt s3://$AWS_S3_BUCKET/teleport/ami/$${VERSION}/ services: - name: Start Docker image: docker:dind privileged: true volumes: - name: dockersock path: /var/run volumes: - name: dockersock temp: {} --- kind: pipeline type: kubernetes name: build-ent-amis trigger: event: - tag ref: include: - refs/tags/v* repo: include: - gravitational/* depends_on: - build-linux-amd64 - build-linux-amd64-fips workspace: path: /go clone: disable: true steps: - name: Check out code image: docker:git commands: - mkdir -p /go/src/github.com/gravitational/teleport - cd /go/src/github.com/gravitational/teleport - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . - git checkout ${DRONE_TAG:-$DRONE_COMMIT} # set version - if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt - name: Download built tarball artifacts from S3 image: amazon/aws-cli environment: AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY AWS_REGION: us-west-2 commands: - export VERSION=$(cat /go/.version.txt) - if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else export S3_PATH="tag/"; fi - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-bin.tar.gz /go/src/github.com/gravitational/teleport/assets/aws/files - aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-fips-bin.tar.gz /go/src/github.com/gravitational/teleport/assets/aws/files - name: Build Enterprise AMIs image: hashicorp/packer environment: AWS_ACCESS_KEY_ID: from_secret: AWS_PACKER_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY: from_secret: AWS_PACKER_SECRET_ACCESS_KEY volumes: - name: dockersock path: /var/run commands: - apk add --no-cache aws-cli jq make - cd /go/src/github.com/gravitational/teleport/assets/aws - export TELEPORT_VERSION=$(cat /go/.version.txt) - export PUBLIC_AMI_NAME=gravitational-teleport-ami-ent-$TELEPORT_VERSION - export FIPS_AMI_NAME=gravitational-teleport-ami-ent-$TELEPORT_VERSION-fips - | if [ "${DRONE_BUILD_EVENT}" = "tag" ]; then echo "---> Building production Enterprise AMIs" echo "---> Note: these AMIs will not be made public until the 'promote' step is run" make ent-ci-build else echo "---> Building debug Enterprise AMIs" make ent fi - name: Sync Enterprise build timestamp to S3 image: amazon/aws-cli environment: AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY AWS_REGION: us-west-2 commands: - export VERSION=$(cat /go/.version.txt) - aws s3 cp /go/src/github.com/gravitational/teleport/assets/aws/files/build/ent_build_timestamp.txt s3://$AWS_S3_BUCKET/teleport/ami/$${VERSION}/ services: - name: Start Docker image: docker:dind privileged: true volumes: - name: dockersock path: /var/run volumes: - name: dockersock temp: {} --- ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. # Generated at dronegen/buildbox.go:72 ################################################ kind: pipeline type: kubernetes name: build-buildboxes environment: GID: "1000" RUNTIME: go1.16.2 UID: "1000" trigger: event: include: - push repo: include: - gravitational/teleport branch: include: - master workspace: path: /go/src/github.com/gravitational/teleport clone: disable: true steps: - name: Check out code image: docker:git commands: - git clone --depth 1 --single-branch --branch ${DRONE_SOURCE_BRANCH:-master} https://github.com/gravitational/${DRONE_REPO_NAME}.git . - git checkout ${DRONE_COMMIT} - name: Wait for docker image: docker commands: - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' volumes: - name: dockersock path: /var/run - name: buildbox image: docker commands: - apk add --no-cache make - chown -R $UID:$GID /go - docker login -u="$$QUAYIO_DOCKER_USERNAME" -p="$$QUAYIO_DOCKER_PASSWORD" quay.io - make -C build.assets buildbox - docker push quay.io/gravitational/teleport-buildbox:$RUNTIME environment: QUAYIO_DOCKER_PASSWORD: from_secret: QUAYIO_DOCKER_PASSWORD QUAYIO_DOCKER_USERNAME: from_secret: QUAYIO_DOCKER_USERNAME volumes: - name: dockersock path: /var/run - name: buildbox-fips image: docker commands: - apk add --no-cache make - chown -R $UID:$GID /go - docker login -u="$$QUAYIO_DOCKER_USERNAME" -p="$$QUAYIO_DOCKER_PASSWORD" quay.io - make -C build.assets buildbox-fips - docker push quay.io/gravitational/teleport-buildbox-fips:$RUNTIME environment: QUAYIO_DOCKER_PASSWORD: from_secret: QUAYIO_DOCKER_PASSWORD QUAYIO_DOCKER_USERNAME: from_secret: QUAYIO_DOCKER_USERNAME volumes: - name: dockersock path: /var/run - name: buildbox-centos6 image: docker commands: - apk add --no-cache make - chown -R $UID:$GID /go - docker login -u="$$QUAYIO_DOCKER_USERNAME" -p="$$QUAYIO_DOCKER_PASSWORD" quay.io - make -C build.assets buildbox-centos6 - docker push quay.io/gravitational/teleport-buildbox-centos6:$RUNTIME environment: QUAYIO_DOCKER_PASSWORD: from_secret: QUAYIO_DOCKER_PASSWORD QUAYIO_DOCKER_USERNAME: from_secret: QUAYIO_DOCKER_USERNAME volumes: - name: dockersock path: /var/run - name: buildbox-arm image: docker commands: - apk add --no-cache make - chown -R $UID:$GID /go - docker login -u="$$QUAYIO_DOCKER_USERNAME" -p="$$QUAYIO_DOCKER_PASSWORD" quay.io - make -C build.assets buildbox-arm - docker push quay.io/gravitational/teleport-buildbox-arm:$RUNTIME environment: QUAYIO_DOCKER_PASSWORD: from_secret: QUAYIO_DOCKER_PASSWORD QUAYIO_DOCKER_USERNAME: from_secret: QUAYIO_DOCKER_USERNAME volumes: - name: dockersock path: /var/run services: - name: Start Docker image: docker:dind privileged: true volumes: - name: dockersock path: /var/run volumes: - name: dockersock temp: {} --- kind: pipeline type: kubernetes name: promote-build trigger: event: - promote target: - production repo: include: - gravitational/* workspace: path: /go clone: disable: true steps: - name: Download artifacts from S3 image: amazon/aws-cli environment: AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY AWS_REGION: us-west-2 commands: - mkdir -p /go/artifacts - aws s3 sync s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}/ /go/artifacts/ - name: Upload artifacts to production S3 image: plugins/s3 settings: bucket: from_secret: PRODUCTION_AWS_S3_BUCKET access_key: from_secret: PRODUCTION_AWS_ACCESS_KEY_ID secret_key: from_secret: PRODUCTION_AWS_SECRET_ACCESS_KEY region: us-east-1 acl: public-read source: /go/artifacts/* target: teleport/${DRONE_TAG##v}/ strip_prefix: /go/artifacts/ - name: Pull/retag Docker images image: docker settings: docker_staging_username: from_secret: QUAYIO_DOCKER_USERNAME docker_staging_password: from_secret: QUAYIO_DOCKER_PASSWORD docker_production_username: from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME docker_production_password: from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD volumes: - name: dockersock path: /var/run commands: # wait for docker to start - sleep 3 - export VERSION=${DRONE_TAG##v} # authenticate with staging credentials - docker login -u="$PLUGIN_DOCKER_STAGING_USERNAME" -p="$PLUGIN_DOCKER_STAGING_PASSWORD" quay.io # pull 'temporary' CI-built images - echo "---> Pulling images for $${VERSION}" - docker pull quay.io/gravitational/teleport-ci:$${VERSION} - docker pull quay.io/gravitational/teleport-ent-ci:$${VERSION} - docker pull quay.io/gravitational/teleport-ent-ci:$${VERSION}-fips # retag images to production naming - echo "---> Tagging images for $${VERSION}" - docker tag quay.io/gravitational/teleport-ci:$${VERSION} quay.io/gravitational/teleport:$${VERSION} - docker tag quay.io/gravitational/teleport-ent-ci:$${VERSION} quay.io/gravitational/teleport-ent:$${VERSION} - docker tag quay.io/gravitational/teleport-ent-ci:$${VERSION}-fips quay.io/gravitational/teleport-ent:$${VERSION}-fips # reauthenticate with production credentials - docker logout quay.io - docker login -u="$PLUGIN_DOCKER_PRODUCTION_USERNAME" -p="$PLUGIN_DOCKER_PRODUCTION_PASSWORD" quay.io # push production images - echo "---> Pushing images for $${VERSION}" - docker push quay.io/gravitational/teleport:$${VERSION} - docker push quay.io/gravitational/teleport-ent:$${VERSION} - docker push quay.io/gravitational/teleport-ent:$${VERSION}-fips - name: Check out code image: docker:git commands: - | mkdir -p /go/src/github.com/gravitational/teleport cd /go/src/github.com/gravitational/teleport git init && git remote add origin ${DRONE_REMOTE_URL} git fetch origin +refs/tags/${DRONE_TAG}: git checkout -qf FETCH_HEAD - name: Download AMI timestamps image: docker environment: AWS_S3_BUCKET: from_secret: AWS_S3_BUCKET AWS_ACCESS_KEY_ID: from_secret: AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY: from_secret: AWS_SECRET_ACCESS_KEY commands: - apk add --no-cache aws-cli - mkdir -p /go/src/github.com/gravitational/teleport/assets/aws/files/build - aws s3 sync s3://$AWS_S3_BUCKET/teleport/ami/${DRONE_TAG##v}/ /go/src/github.com/gravitational/teleport/assets/aws/files/build - name: Make AMIs public image: docker environment: AWS_ACCESS_KEY_ID: from_secret: PRODUCTION_AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY: from_secret: PRODUCTION_AWS_SECRET_ACCESS_KEY commands: - apk add --no-cache aws-cli bash jq make - cd /go/src/github.com/gravitational/teleport/assets/aws - | make change-amis-to-public-oss make change-amis-to-public-ent make change-amis-to-public-ent-fips # NOTE: all mandatory steps for a release promotion need to go BEFORE this # step, as there is a chance that everything afterwards will be skipped. # # this step exits early and skips all remanining steps in the pipeline if the # tag looks like a pre-release, to avoid publishing RPMs for pre-release builds. - name: Determine whether RPM/DEB packages should be published to repos image: docker commands: - | # length will be 0 after filtering if this is a pre-release, >0 otherwise FILTERED_TAG_LENGTH=$(echo ${DRONE_TAG} | egrep -v '(alpha|beta|dev|rc)' | wc -c) if [ $$FILTERED_TAG_LENGTH -eq 0 ]; then echo "---> ${DRONE_TAG} looks like a pre-release, not publishing packages to repos" # exit pipeline early with success status exit 78 else echo "---> Publishing packages to repos for ${DRONE_TAG}" fi - name: Download RPM repo contents image: amazon/aws-cli environment: AWS_S3_BUCKET: from_secret: RPMREPO_AWS_S3_BUCKET AWS_ACCESS_KEY_ID: from_secret: RPMREPO_AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY: from_secret: RPMREPO_AWS_SECRET_ACCESS_KEY volumes: - name: rpmrepo path: /rpmrepo commands: - mkdir -p /rpmrepo/teleport/cache # we explicitly want to delete anything present locally which has been deleted # from the upstream S3 bucket - aws s3 sync s3://$AWS_S3_BUCKET/teleport/ /rpmrepo/teleport/ --delete - mkdir -p /rpmrepo/teleport/${DRONE_TAG##v} - cp -a /go/artifacts/*.rpm /rpmrepo/teleport/${DRONE_TAG##v}/ # we do this using a CentOS 7 container to make sure that the repo files are # compatible with older versions, also there's no createrepo package in alpine main - name: Regenerate RPM repo metadata image: centos:7 volumes: - name: rpmrepo path: /rpmrepo commands: - yum -y install createrepo - createrepo --cachedir /rpmrepo/teleport/cache --update /rpmrepo/teleport - name: Sync RPM repo changes to S3 image: amazon/aws-cli environment: AWS_S3_BUCKET: from_secret: RPMREPO_AWS_S3_BUCKET AWS_ACCESS_KEY_ID: from_secret: RPMREPO_AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY: from_secret: RPMREPO_AWS_SECRET_ACCESS_KEY volumes: - name: rpmrepo path: /rpmrepo commands: - aws s3 sync /rpmrepo/teleport/ s3://$AWS_S3_BUCKET/teleport/ - name: Download DEB repo contents image: amazon/aws-cli environment: AWS_S3_BUCKET: from_secret: DEBREPO_AWS_S3_BUCKET AWS_ACCESS_KEY_ID: from_secret: DEBREPO_AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY: from_secret: DEBREPO_AWS_SECRET_ACCESS_KEY volumes: - name: debrepo path: /debrepo commands: # we explicitly want to delete anything present locally which has been deleted # from the upstream S3 bucket - mkdir -p /debrepo/teleport - aws s3 sync s3://$AWS_S3_BUCKET/teleport /debrepo/teleport --delete - name: Build DEB repo image: ubuntu:20.04 environment: DEBIAN_FRONTEND: noninteractive GNUPGHOME: /tmpfs/gnupg GPG_RPM_SIGNING_ARCHIVE: from_secret: GPG_RPM_SIGNING_ARCHIVE volumes: - name: dockersock path: /var/run - name: debrepo path: /debrepo # for in-memory tmpfs for key material - name: tmpfs path: /tmpfs commands: - | # install needed tools apt-get -y update && apt-get -y install curl gzip gnupg2 reprepro tar - | # write config files mkdir -p /go/reprepro/teleport/conf /go/reprepro/teleport/public cat << EOF > /go/reprepro/teleport/conf/distributions Origin: teleport Label: teleport Codename: stable Architectures: i386 amd64 arm arm64 Components: main Description: apt repository for teleport SignWith: 6282C411 EOF cat << EOF > /go/reprepro/teleport/conf/options verbose basedir /go/reprepro/teleport EOF - | # extract signing key mkdir -m0700 $GNUPGHOME echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPGHOME chown -R root:root $GNUPGHOME - | # create repo cd /go/reprepro/teleport reprepro --outdir /go/reprepro/teleport/public includedeb stable /go/artifacts/teleport*.deb - | # clean up gnupg rm -rf $GNUPGHOME - | # copy artifacts to PVC cp -r /go/reprepro/teleport /debrepo/ - name: Sync DEB repo changes to S3 image: amazon/aws-cli environment: AWS_S3_BUCKET: from_secret: DEBREPO_AWS_S3_BUCKET AWS_ACCESS_KEY_ID: from_secret: DEBREPO_AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY: from_secret: DEBREPO_AWS_SECRET_ACCESS_KEY volumes: - name: debrepo path: /debrepo commands: - aws s3 sync /debrepo/teleport/ s3://$AWS_S3_BUCKET/teleport/ services: - name: Start Docker image: docker:dind privileged: true volumes: - name: dockersock path: /var/run - name: tmpfs path: /tmpfs volumes: - name: dockersock temp: {} - name: tmpfs temp: medium: memory # these persistent volumes cache RPMs/DEBs near Drone so that we don't need to download the # entire repo contents from S3 every time to build the repo, we just sync any differences - name: rpmrepo claim: name: drone-s3-rpmrepo-pvc - name: debrepo claim: name: drone-s3-debrepo-pvc --- kind: signature hmac: 0c1c6a29b4b1707a52cbad665f6188f8cfd766dfa847e99ec4656a8e65a6c9b4 ...