self-hosted/teleport
self-hosted/teleport
1
0
Fork 0
mirror of https://github.com/gravitational/teleport synced 2024-10-21 01:34:01 +00:00
Code Issues Packages Projects Releases Wiki Activity
teleport/.drone.yml
Walt 4e324e74e3
Sign rpm repo metadata (#9027) 
This helps support zypper on Suse, and improves our general RPM
distribution security posture.  The threat model is someone compromises
AWS, but not our signing keys.  In this case, they could update repo
metatdata to point to an unsigned package.  With metadata signed, this
is no longer possible -- both the index and the package are verified.

For more info on this change, see this very helpful blog post:

  https://blog.packagecloud.io/eng/2014/11/24/howto-gpg-sign-verify-rpm-packages-yum-repositories/
2022-01-07 01:10:38 +00:00

5172 lines
170 KiB
YAML
Raw Blame History

---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/push.go:104
################################################
kind: pipeline
type: kubernetes
name: push-build-linux-amd64
environment:
GID: "1000"
RUNTIME: go1.17.2
UID: "1000"
trigger:
event:
include:
- push
exclude:
- pull_request
repo:
include:
- gravitational/*
branch:
include:
- master
- branch/*
workspace:
path: /go
clone:
disable: true
steps:
- name: Check out code
image: docker:git
commands:
- mkdir -p /go/src/github.com/gravitational/teleport /go/cache
- cd /go/src/github.com/gravitational/teleport
- git init && git remote add origin ${DRONE_REMOTE_URL}
- git fetch origin
- git checkout -qf ${DRONE_COMMIT_SHA}
- git submodule update --init webassets || true
- mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa &&
chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- git submodule update --init --recursive webassets || true
- rm -f /root/.ssh/id_rsa
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Wait for docker
image: docker
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
volumes:
- name: dockersock
path: /var/run
- name: Build artifacts
image: docker
commands:
- apk add --no-cache make
- chown -R $UID:$GID /go
- cd /go/src/github.com/gravitational/teleport
- make -C build.assets release-amd64
environment:
ARCH: amd64
GID: "1000"
GOCACHE: /go/cache
GOPATH: /go
OS: linux
UID: "1000"
volumes:
- name: dockersock
path: /var/run
- name: Send Slack notification
image: plugins/slack
settings:
webhook:
from_secret: SLACK_WEBHOOK_DEV_TELEPORT
template:
- |
*{{#success build.status}}✔{{ else }}✘{{/success}} {{ uppercasefirst build.status }}: Build #{{ build.number }}* (type: `{{ build.event }}`)
`${DRONE_STAGE_NAME}` artifact build failed.
*Warning:* This is a genuine failure to build the Teleport binary from `{{ build.branch }}` (likely due to a bad merge or commit) and should be investigated immediately.
Commit: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commit/{{ build.commit }}|{{ truncate build.commit 8 }}>
Branch: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commits/{{ build.branch }}|{{ repo.owner }}/{{ repo.name }}:{{ build.branch }}>
Author: <https://github.com/{{ build.author }}|{{ build.author }}>
<{{ build.link }}|Visit Drone build page ↗>
when:
status:
- failure
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/push.go:104
################################################
kind: pipeline
type: kubernetes
name: push-build-linux-386
environment:
GID: "1000"
RUNTIME: go1.17.2
UID: "1000"
trigger:
event:
include:
- push
exclude:
- pull_request
repo:
include:
- gravitational/*
branch:
include:
- master
- branch/*
workspace:
path: /go
clone:
disable: true
steps:
- name: Check out code
image: docker:git
commands:
- mkdir -p /go/src/github.com/gravitational/teleport /go/cache
- cd /go/src/github.com/gravitational/teleport
- git init && git remote add origin ${DRONE_REMOTE_URL}
- git fetch origin
- git checkout -qf ${DRONE_COMMIT_SHA}
- git submodule update --init webassets || true
- mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa &&
chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- git submodule update --init --recursive webassets || true
- rm -f /root/.ssh/id_rsa
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Wait for docker
image: docker
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
volumes:
- name: dockersock
path: /var/run
- name: Build artifacts
image: docker
commands:
- apk add --no-cache make
- chown -R $UID:$GID /go
- cd /go/src/github.com/gravitational/teleport
- make -C build.assets release-386
environment:
ARCH: "386"
GID: "1000"
GOCACHE: /go/cache
GOPATH: /go
OS: linux
UID: "1000"
volumes:
- name: dockersock
path: /var/run
- name: Send Slack notification
image: plugins/slack
settings:
webhook:
from_secret: SLACK_WEBHOOK_DEV_TELEPORT
template:
- |
*{{#success build.status}}✔{{ else }}✘{{/success}} {{ uppercasefirst build.status }}: Build #{{ build.number }}* (type: `{{ build.event }}`)
`${DRONE_STAGE_NAME}` artifact build failed.
*Warning:* This is a genuine failure to build the Teleport binary from `{{ build.branch }}` (likely due to a bad merge or commit) and should be investigated immediately.
Commit: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commit/{{ build.commit }}|{{ truncate build.commit 8 }}>
Branch: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commits/{{ build.branch }}|{{ repo.owner }}/{{ repo.name }}:{{ build.branch }}>
Author: <https://github.com/{{ build.author }}|{{ build.author }}>
<{{ build.link }}|Visit Drone build page ↗>
when:
status:
- failure
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/push.go:104
################################################
kind: pipeline
type: kubernetes
name: push-build-linux-amd64-fips
environment:
GID: "1000"
RUNTIME: go1.17.2
UID: "1000"
trigger:
event:
include:
- push
exclude:
- pull_request
repo:
include:
- gravitational/*
branch:
include:
- master
- branch/*
workspace:
path: /go
clone:
disable: true
steps:
- name: Check out code
image: docker:git
commands:
- mkdir -p /go/src/github.com/gravitational/teleport /go/cache
- cd /go/src/github.com/gravitational/teleport
- git init && git remote add origin ${DRONE_REMOTE_URL}
- git fetch origin
- git checkout -qf ${DRONE_COMMIT_SHA}
- git submodule update --init webassets || true
- mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa &&
chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- git submodule update --init --recursive webassets || true
- rm -f /root/.ssh/id_rsa
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt;
else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Wait for docker
image: docker
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
volumes:
- name: dockersock
path: /var/run
- name: Build artifacts
image: docker
commands:
- apk add --no-cache make
- chown -R $UID:$GID /go
- cd /go/src/github.com/gravitational/teleport
- export VERSION=$(cat /go/.version.txt)
- make -C build.assets release-amd64-fips
environment:
ARCH: amd64
FIPS: "yes"
GID: "1000"
GOCACHE: /go/cache
GOPATH: /go
OS: linux
UID: "1000"
volumes:
- name: dockersock
path: /var/run
- name: Send Slack notification
image: plugins/slack
settings:
webhook:
from_secret: SLACK_WEBHOOK_DEV_TELEPORT
template:
- |
*{{#success build.status}}✔{{ else }}✘{{/success}} {{ uppercasefirst build.status }}: Build #{{ build.number }}* (type: `{{ build.event }}`)
`${DRONE_STAGE_NAME}` artifact build failed.
*Warning:* This is a genuine failure to build the Teleport binary from `{{ build.branch }}` (likely due to a bad merge or commit) and should be investigated immediately.
Commit: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commit/{{ build.commit }}|{{ truncate build.commit 8 }}>
Branch: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commits/{{ build.branch }}|{{ repo.owner }}/{{ repo.name }}:{{ build.branch }}>
Author: <https://github.com/{{ build.author }}|{{ build.author }}>
<{{ build.link }}|Visit Drone build page ↗>
when:
status:
- failure
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/push.go:104
################################################
kind: pipeline
type: kubernetes
name: push-build-windows-amd64
environment:
GID: "1000"
RUNTIME: go1.17.2
UID: "1000"
trigger:
event:
include:
- push
exclude:
- pull_request
repo:
include:
- gravitational/*
branch:
include:
- master
- branch/*
workspace:
path: /go
clone:
disable: true
steps:
- name: Check out code
image: docker:git
commands:
- mkdir -p /go/src/github.com/gravitational/teleport /go/cache
- cd /go/src/github.com/gravitational/teleport
- git init && git remote add origin ${DRONE_REMOTE_URL}
- git fetch origin
- git checkout -qf ${DRONE_COMMIT_SHA}
- git submodule update --init webassets || true
- mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa &&
chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- git submodule update --init --recursive webassets || true
- rm -f /root/.ssh/id_rsa
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Wait for docker
image: docker
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
volumes:
- name: dockersock
path: /var/run
- name: Build artifacts
image: docker
commands:
- apk add --no-cache make
- chown -R $UID:$GID /go
- cd /go/src/github.com/gravitational/teleport
- make -C build.assets release-windows-unsigned
environment:
ARCH: amd64
GID: "1000"
GOCACHE: /go/cache
GOPATH: /go
OS: windows
UID: "1000"
volumes:
- name: dockersock
path: /var/run
- name: Send Slack notification
image: plugins/slack
settings:
webhook:
from_secret: SLACK_WEBHOOK_DEV_TELEPORT
template:
- |
*{{#success build.status}}✔{{ else }}✘{{/success}} {{ uppercasefirst build.status }}: Build #{{ build.number }}* (type: `{{ build.event }}`)
`${DRONE_STAGE_NAME}` artifact build failed.
*Warning:* This is a genuine failure to build the Teleport binary from `{{ build.branch }}` (likely due to a bad merge or commit) and should be investigated immediately.
Commit: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commit/{{ build.commit }}|{{ truncate build.commit 8 }}>
Branch: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commits/{{ build.branch }}|{{ repo.owner }}/{{ repo.name }}:{{ build.branch }}>
Author: <https://github.com/{{ build.author }}|{{ build.author }}>
<{{ build.link }}|Visit Drone build page ↗>
when:
status:
- failure
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/mac.go:32
################################################
kind: pipeline
type: exec
name: push-build-darwin-amd64
trigger:
event:
include:
- push
exclude:
- pull_request
repo:
include:
- gravitational/*
branch:
include:
- master
- branch/*
workspace:
path: /tmp/push-build-darwin-amd64
platform:
os: darwin
arch: amd64
clone:
disable: true
concurrency:
limit: 1
steps:
- name: Set up exec runner storage
commands:
- set -u
- mkdir -p $WORKSPACE_DIR
- chmod -R u+rw $WORKSPACE_DIR
- rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh
environment:
WORKSPACE_DIR: /tmp/push-build-darwin-amd64
- name: Check out code
commands:
- set -u
- mkdir -p $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
- mkdir -m 0700 $WORKSPACE_DIR/.ssh && echo "$GITHUB_PRIVATE_KEY" > $WORKSPACE_DIR/.ssh/id_rsa
&& chmod 600 $WORKSPACE_DIR/.ssh/id_rsa
- ssh-keyscan -H github.com > $WORKSPACE_DIR/.ssh/known_hosts 2>/dev/null
- chmod 600 $WORKSPACE_DIR/.ssh/known_hosts
- GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts
-F /dev/null' git submodule update --init e
- GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts
-F /dev/null' git submodule update --init --recursive webassets || true
- rm -rf $WORKSPACE_DIR/.ssh
- mkdir -p $WORKSPACE_DIR/go/cache
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
WORKSPACE_DIR: /tmp/push-build-darwin-amd64
- name: Install Go Toolchain
commands:
- set -u
- mkdir -p ~/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED-toolchains
- curl --silent -O https://dl.google.com/go/$RUNTIME.darwin-amd64.tar.gz
- tar -C ~/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED-toolchains -xzf $RUNTIME.darwin-amd64.tar.gz
- rm -rf $RUNTIME.darwin-amd64.tar.gz
environment:
RUNTIME: go1.17.2
- name: Install Rust Toolchain
commands:
- set -u
- export PATH=/Users/build/.cargo/bin:$PATH
- mkdir -p ~/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED-toolchains
- export RUST_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets
print-rust-version)
- export CARGO_HOME=~/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED-toolchains
- export RUST_HOME=$CARGO_HOME
- rustup toolchain install $RUST_VERSION
environment:
WORKSPACE_DIR: /tmp/push-build-darwin-amd64
- name: Build Mac artifacts
commands:
- set -u
- export RUST_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets
print-rust-version)
- export CARGO_HOME=~/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED-toolchains
- export RUST_HOME=$CARGO_HOME
- export PATH=~/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED-toolchains/go/bin:$CARGO_HOME/bin:/Users/build/.cargo/bin:$PATH
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
- rustup override set $RUST_VERSION
- make clean release OS=$OS ARCH=$ARCH
environment:
ARCH: amd64
GOCACHE: /tmp/push-build-darwin-amd64/go/cache
GOPATH: /tmp/push-build-darwin-amd64/go
OS: darwin
WORKSPACE_DIR: /tmp/push-build-darwin-amd64
- name: Clean up toolchains (post)
commands:
- set -u
- export PATH=/Users/build/.cargo/bin:$PATH
- export CARGO_HOME=~/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED-toolchains
- export RUST_HOME=$CARGO_HOME
- export RUST_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets
print-rust-version)
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
- rustup override unset
- rustup toolchain uninstall $RUST_VERSION
- rm -rf ~/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED-toolchains
environment:
WORKSPACE_DIR: /tmp/push-build-darwin-amd64
when:
status:
- success
- failure
- name: Clean up exec runner storage (post)
commands:
- set -u
- chmod -R u+rw $WORKSPACE_DIR
- rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh
environment:
WORKSPACE_DIR: /tmp/push-build-darwin-amd64
- name: Send Slack notification (exec)
commands:
- |2
export DRONE_BUILD_LINK="${DRONE_SYSTEM_PROTO}://${DRONE_SYSTEM_HOSTNAME}/${DRONE_REPO_OWNER}/${DRONE_REPO_NAME}/${DRONE_BUILD_NUMBER}"
export GOOS=$(go env GOOS)
export GOARCH=$(go env GOARCH)
- |2-
curl -sL -X POST -H 'Content-type: application/json' --data "{\"text\":\"Warning: \`${GOOS}-${GOARCH}\` artifact build failed for [\`${DRONE_REPO_NAME}\`] - please investigate immediately!\nBranch: \`${DRONE_BRANCH}\`\nCommit: \`${DRONE_COMMIT_SHA}\`\nLink: $DRONE_BUILD_LINK\"}" $SLACK_WEBHOOK_DEV_TELEPORT
environment:
SLACK_WEBHOOK_DEV_TELEPORT:
from_secret: SLACK_WEBHOOK_DEV_TELEPORT
when:
status:
- failure
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/push.go:104
################################################
kind: pipeline
type: kubernetes
name: push-build-linux-arm
environment:
GID: "1000"
RUNTIME: go1.17.2
UID: "1000"
trigger:
event:
include:
- push
exclude:
- pull_request
repo:
include:
- gravitational/*
branch:
include:
- master
- branch/*
workspace:
path: /go
clone:
disable: true
steps:
- name: Check out code
image: docker:git
commands:
- mkdir -p /go/src/github.com/gravitational/teleport /go/cache
- cd /go/src/github.com/gravitational/teleport
- git init && git remote add origin ${DRONE_REMOTE_URL}
- git fetch origin
- git checkout -qf ${DRONE_COMMIT_SHA}
- git submodule update --init webassets || true
- mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa &&
chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- git submodule update --init --recursive webassets || true
- rm -f /root/.ssh/id_rsa
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Wait for docker
image: docker
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
volumes:
- name: dockersock
path: /var/run
- name: Build artifacts
image: docker
commands:
- apk add --no-cache make
- chown -R $UID:$GID /go
- cd /go/src/github.com/gravitational/teleport
- make -C build.assets release-arm
environment:
ARCH: arm
GID: "1000"
GOCACHE: /go/cache
GOPATH: /go
OS: linux
UID: "1000"
volumes:
- name: dockersock
path: /var/run
- name: Send Slack notification
image: plugins/slack
settings:
webhook:
from_secret: SLACK_WEBHOOK_DEV_TELEPORT
template:
- |
*{{#success build.status}}✔{{ else }}✘{{/success}} {{ uppercasefirst build.status }}: Build #{{ build.number }}* (type: `{{ build.event }}`)
`${DRONE_STAGE_NAME}` artifact build failed.
*Warning:* This is a genuine failure to build the Teleport binary from `{{ build.branch }}` (likely due to a bad merge or commit) and should be investigated immediately.
Commit: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commit/{{ build.commit }}|{{ truncate build.commit 8 }}>
Branch: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commits/{{ build.branch }}|{{ repo.owner }}/{{ repo.name }}:{{ build.branch }}>
Author: <https://github.com/{{ build.author }}|{{ build.author }}>
<{{ build.link }}|Visit Drone build page ↗>
when:
status:
- failure
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/push.go:104
################################################
kind: pipeline
type: kubernetes
name: push-build-linux-arm64
environment:
GID: "1000"
RUNTIME: go1.17.2
UID: "1000"
trigger:
event:
include:
- push
exclude:
- pull_request
repo:
include:
- gravitational/*
branch:
include:
- master
- branch/*
workspace:
path: /go
clone:
disable: true
steps:
- name: Check out code
image: docker:git
commands:
- mkdir -p /go/src/github.com/gravitational/teleport /go/cache
- cd /go/src/github.com/gravitational/teleport
- git init && git remote add origin ${DRONE_REMOTE_URL}
- git fetch origin
- git checkout -qf ${DRONE_COMMIT_SHA}
- git submodule update --init webassets || true
- mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa &&
chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- git submodule update --init --recursive webassets || true
- rm -f /root/.ssh/id_rsa
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Wait for docker
image: docker
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
volumes:
- name: dockersock
path: /var/run
- name: Build artifacts
image: docker
commands:
- apk add --no-cache make
- chown -R $UID:$GID /go
- cd /go/src/github.com/gravitational/teleport
- make -C build.assets release-arm64
environment:
ARCH: arm64
GID: "1000"
GOCACHE: /go/cache
GOPATH: /go
OS: linux
UID: "1000"
volumes:
- name: dockersock
path: /var/run
- name: Send Slack notification
image: plugins/slack
settings:
webhook:
from_secret: SLACK_WEBHOOK_DEV_TELEPORT
template:
- |
*{{#success build.status}}✔{{ else }}✘{{/success}} {{ uppercasefirst build.status }}: Build #{{ build.number }}* (type: `{{ build.event }}`)
`${DRONE_STAGE_NAME}` artifact build failed.
*Warning:* This is a genuine failure to build the Teleport binary from `{{ build.branch }}` (likely due to a bad merge or commit) and should be investigated immediately.
Commit: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commit/{{ build.commit }}|{{ truncate build.commit 8 }}>
Branch: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commits/{{ build.branch }}|{{ repo.owner }}/{{ repo.name }}:{{ build.branch }}>
Author: <https://github.com/{{ build.author }}|{{ build.author }}>
<{{ build.link }}|Visit Drone build page ↗>
when:
status:
- failure
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
---
kind: pipeline
type: kubernetes
name: teleport-docker-cron
trigger:
cron:
- teleport-docker-cron
repo:
include:
- gravitational/teleport
workspace:
path: /go
clone:
disable: true
steps:
- name: Set up variables and Dockerfile
image: docker:git
environment:
# increment these variables when a new major/minor version is released to bump the automatic builds
# this only needs to be done on the master branch, as that's the branch that the Drone cron is configured for
# build major version images which are just teleport:x
CURRENT_VERSION_ROOT: v8
PREVIOUS_VERSION_ONE_ROOT: v7
PREVIOUS_VERSION_TWO_ROOT: v6
commands:
- apk --update --no-cache add curl
- mkdir -p /go/build && cd /go/build
# CURRENT_VERSION (8)
- echo $(git ls-remote --tags https://github.com/gravitational/teleport | cut -d'/' -f3 | grep $CURRENT_VERSION_ROOT | grep -Ev '(alpha|beta|dev|rc)' | sort -rV | head -n1) > /go/build/CURRENT_VERSION_TAG.txt
- echo "$(cat /go/build/CURRENT_VERSION_TAG.txt | cut -d. -f1 | tr -d '^v')" > /go/build/CURRENT_VERSION_TAG_GENERIC.txt
# PREVIOUS_VERSION_ONE (7)
- echo $(git ls-remote --tags https://github.com/gravitational/teleport | cut -d'/' -f3 | grep $PREVIOUS_VERSION_ONE_ROOT | grep -Ev '(alpha|beta|dev|rc)' | sort -rV | head -n1) > /go/build/PREVIOUS_VERSION_ONE_TAG.txt
- echo "$(cat /go/build/PREVIOUS_VERSION_ONE_TAG.txt | cut -d. -f1 | tr -d '^v')" > /go/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt
# PREVIOUS_VERSION_TWO (6)
- echo $(git ls-remote --tags https://github.com/gravitational/teleport | cut -d'/' -f3 | grep $PREVIOUS_VERSION_TWO_ROOT | grep -Ev '(alpha|beta|dev|rc)' | sort -rV | head -n1) > /go/build/PREVIOUS_VERSION_TWO_TAG.txt
- echo "$(cat /go/build/PREVIOUS_VERSION_TWO_TAG.txt | cut -d. -f1 | tr -d '^v')" > /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt
# list versions
- for FILE in /go/build/*.txt; do echo $FILE; cat $FILE; done
# get Dockerfiles
- curl -Ls -o /go/build/Dockerfile-cron https://raw.githubusercontent.com/gravitational/teleport/${DRONE_SOURCE_BRANCH:-master}/build.assets/Dockerfile-cron
# wait for Docker to be ready
- sleep 3
- name: Build and push Teleport containers (CURRENT_VERSION)
image: docker
environment:
OS: linux
ARCH: amd64
settings:
username:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
password:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
volumes:
- name: dockersock
path: /var/run
commands:
- export VERSION_TAG=$(cat /go/build/CURRENT_VERSION_TAG.txt)
- export OSS_IMAGE_NAME="quay.io/gravitational/teleport:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)"
- export ENT_IMAGE_NAME="quay.io/gravitational/teleport-ent:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)"
- export ENT_FIPS_IMAGE_NAME="quay.io/gravitational/teleport-ent:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)-fips"
- docker login -u="$PLUGIN_USERNAME" -p="$PLUGIN_PASSWORD" quay.io
# OSS
- docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $OSS_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build
- docker push $OSS_IMAGE_NAME
# Enterprise
- docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build
- docker push $ENT_IMAGE_NAME
# Enterprise FIPS
- docker build --target teleport-fips --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg EXTRA_DOWNLOAD_ARGS="-fips" --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_FIPS_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build
- docker push $ENT_FIPS_IMAGE_NAME
- name: Build and push Teleport containers (PREVIOUS_VERSION_ONE)
image: docker
environment:
OS: linux
ARCH: amd64
settings:
username:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
password:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
volumes:
- name: dockersock
path: /var/run
commands:
- export VERSION_TAG=$(cat /go/build/PREVIOUS_VERSION_ONE_TAG.txt)
- export OSS_IMAGE_NAME="quay.io/gravitational/teleport:$(cat /go/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt)"
- export ENT_IMAGE_NAME="quay.io/gravitational/teleport-ent:$(cat /go/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt)"
- export ENT_FIPS_IMAGE_NAME="quay.io/gravitational/teleport-ent:$(cat /go/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt)-fips"
- docker login -u="$PLUGIN_USERNAME" -p="$PLUGIN_PASSWORD" quay.io
# OSS
- docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $OSS_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build
- docker push $OSS_IMAGE_NAME
# Enterprise
- docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build
- docker push $ENT_IMAGE_NAME
# Enterprise FIPS
- docker build --target teleport-fips --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg EXTRA_DOWNLOAD_ARGS="-fips" --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_FIPS_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build
- docker push $ENT_FIPS_IMAGE_NAME
- name: Build and push Teleport containers (PREVIOUS_VERSION_TWO)
image: docker
environment:
OS: linux
ARCH: amd64
settings:
username:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
password:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
volumes:
- name: dockersock
path: /var/run
commands:
- export VERSION_TAG=$(cat /go/build/PREVIOUS_VERSION_TWO_TAG.txt)
- export OSS_IMAGE_NAME="quay.io/gravitational/teleport:$(cat /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt)"
- export ENT_IMAGE_NAME="quay.io/gravitational/teleport-ent:$(cat /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt)"
- export ENT_FIPS_IMAGE_NAME="quay.io/gravitational/teleport-ent:$(cat /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt)-fips"
- docker login -u="$PLUGIN_USERNAME" -p="$PLUGIN_PASSWORD" quay.io
# OSS
- docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $OSS_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build
- docker push $OSS_IMAGE_NAME
# Enterprise
- docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build
- docker push $ENT_IMAGE_NAME
# Enterprise FIPS
- docker build --target teleport-fips --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg EXTRA_DOWNLOAD_ARGS="-fips" --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_FIPS_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build
- docker push $ENT_FIPS_IMAGE_NAME
- name: Build/push Teleport Lab Docker image
image: docker:git
environment:
OS: linux
ARCH: amd64
settings:
username:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
password:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
volumes:
- name: dockersock
path: /var/run
commands:
- export TELEPORT_TAG=$(cat /go/build/CURRENT_VERSION_TAG.txt | tr -d '^v')
- export TELEPORT_LAB_IMAGE_NAME="quay.io/gravitational/teleport-lab:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)"
# Check out code
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git init && git remote add origin ${DRONE_REMOTE_URL}
- git fetch origin
- git checkout -qf ${DRONE_COMMIT_SHA}
# Build and push Teleport lab image
- docker login -u="$PLUGIN_USERNAME" -p="$PLUGIN_PASSWORD" quay.io
- docker build --build-arg TELEPORT_TAG=$TELEPORT_TAG -t $TELEPORT_LAB_IMAGE_NAME /go/src/github.com/gravitational/teleport/docker/sshd
- docker push $TELEPORT_LAB_IMAGE_NAME
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
---
kind: pipeline
type: kubernetes
name: teleport-helm-cron
trigger:
cron:
- teleport-helm-cron
repo:
include:
- gravitational/teleport
workspace:
path: /go
clone:
disable: true
steps:
- name: Check out code
image: alpine/git
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_COMMIT}
- mkdir -p /go/chart
- cd /go/chart
- name: Download chart repo contents
image: amazon/aws-cli
environment:
AWS_S3_BUCKET:
from_secret: PRODUCTION_CHARTS_AWS_S3_BUCKET
AWS_ACCESS_KEY_ID:
from_secret: PRODUCTION_CHARTS_AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: PRODUCTION_CHARTS_AWS_SECRET_ACCESS_KEY
commands:
- mkdir -p /go/chart
# download all previously packaged chart versions from the S3 bucket
- aws s3 sync s3://$AWS_S3_BUCKET/ /go/chart
- name: Package helm charts
image: alpine/helm:latest
commands:
- cd /go/chart
- helm package /go/src/github.com/gravitational/teleport/examples/chart/teleport-cluster
- helm package /go/src/github.com/gravitational/teleport/examples/chart/teleport-kube-agent
# copy index.html to root of the S3 bucket
- cp /go/src/github.com/gravitational/teleport/examples/chart/index.html /go/chart
# this will index all previous versions of the charts downloaded from the S3 bucket,
# plus the just-packaged charts listed above
- helm repo index /go/chart
- name: Upload to S3
image: plugins/s3
settings:
bucket:
from_secret: PRODUCTION_CHARTS_AWS_S3_BUCKET
access_key:
from_secret: PRODUCTION_CHARTS_AWS_ACCESS_KEY_ID
secret_key:
from_secret: PRODUCTION_CHARTS_AWS_SECRET_ACCESS_KEY
region: us-east-2
acl: public-read
source: /go/chart/*
target: /
strip_prefix: /go/chart
- name: Send Slack notification
image: plugins/slack
settings:
webhook:
from_secret: SLACK_WEBHOOK_DEV_TELEPORT
template: |
*{{#success build.status}}✔{{ else }}✘{{/success}} {{ uppercasefirst build.status }}: Build #{{ build.number }}* (type: `{{ build.event }}`)
Details: The `teleport-helm-cron` job in Drone failed to publish Helm charts to S3. This is unusual and should be investigated.
Commit: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commit/{{ build.commit }}|{{ truncate build.commit 8 }}>
Branch: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commits/{{ build.branch }}|{{ build.branch }}>
Author: <https://github.com/{{ build.author }}|{{ build.author }}>
<{{ build.link }}|Visit Drone build page ↗>
when:
status: [failure]
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go:235
################################################
kind: pipeline
type: kubernetes
name: build-linux-amd64-centos7
environment:
RUNTIME: go1.17.2
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
steps:
- name: Check out code
image: docker:git
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
&& chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- git submodule update --init --recursive webassets || true
- rm -f /root/.ssh/id_rsa
- mkdir -p /go/cache /go/artifacts
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt;
else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Wait for docker
image: docker
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
volumes:
- name: dockersock
path: /var/run
- name: Build artifacts
image: docker
commands:
- apk add --no-cache make
- chown -R $UID:$GID /go
- cd /go/src/github.com/gravitational/teleport
- make -C build.assets release-amd64-centos7
environment:
ARCH: amd64
GID: "1000"
GOCACHE: /go/cache
GOPATH: /go
OS: linux
UID: "1000"
volumes:
- name: dockersock
path: /var/run
- name: Copy artifacts
image: docker
commands:
- cd /go/src/github.com/gravitational/teleport
- find . -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
\;
- find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
\;
- export VERSION=$(cat /go/.version.txt)
- mv /go/artifacts/teleport-v$${VERSION}-linux-amd64-bin.tar.gz /go/artifacts/teleport-v$${VERSION}-linux-amd64-centos7-bin.tar.gz
- mv /go/artifacts/teleport-ent-v$${VERSION}-linux-amd64-bin.tar.gz /go/artifacts/teleport-ent-v$${VERSION}-linux-amd64-centos7-bin.tar.gz
- cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256;
done && ls -l
- name: Upload to S3
image: plugins/s3
settings:
access_key:
from_secret: AWS_ACCESS_KEY_ID
bucket:
from_secret: AWS_S3_BUCKET
region: us-west-2
secret_key:
from_secret: AWS_SECRET_ACCESS_KEY
source: /go/artifacts/*
strip_prefix: /go/artifacts/
target: teleport/tag/${DRONE_TAG##v}
- name: Register artifacts
image: docker
commands:
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
- which curl || apk add --no-cache curl
- |-
cd "$WORKSPACE_DIR/go/artifacts"
for file in $(find . -type f ! -iname '*.sha256'); do
# Skip files that are not results of this build
# (e.g. tarballs from which OS packages are made)
[ -f "$file.sha256" ] || continue
product="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
echo "curl HTTP status: $status_code"
cat $WORKSPACE_DIR/curl_out.txt
exit 1
fi
curl $CREDENTIALS --fail -o /dev/null -F description="TODO" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" -F "releaseId=$product@$VERSION" "$RELEASES_HOST/assets";
done
environment:
RELEASES_CERT:
from_secret: RELEASES_CERT_STAGING
RELEASES_KEY:
from_secret: RELEASES_KEY_STAGING
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go:235
################################################
kind: pipeline
type: kubernetes
name: build-linux-amd64-centos7-fips
environment:
RUNTIME: go1.17.2
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
steps:
- name: Check out code
image: docker:git
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
&& chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- git submodule update --init --recursive webassets || true
- rm -f /root/.ssh/id_rsa
- mkdir -p /go/cache /go/artifacts
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt;
else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Wait for docker
image: docker
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
volumes:
- name: dockersock
path: /var/run
- name: Build artifacts
image: docker
commands:
- apk add --no-cache make
- chown -R $UID:$GID /go
- cd /go/src/github.com/gravitational/teleport
- export VERSION=$(cat /go/.version.txt)
- make -C build.assets release-amd64-centos7-fips
environment:
ARCH: amd64
FIPS: "yes"
GID: "1000"
GOCACHE: /go/cache
GOPATH: /go
OS: linux
UID: "1000"
volumes:
- name: dockersock
path: /var/run
- name: Copy artifacts
image: docker
commands:
- cd /go/src/github.com/gravitational/teleport
- find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
\;
- export VERSION=$(cat /go/.version.txt)
- mv /go/artifacts/teleport-ent-v$${VERSION}-linux-amd64-fips-bin.tar.gz /go/artifacts/teleport-ent-v$${VERSION}-linux-amd64-centos7-fips-bin.tar.gz
- cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256;
done && ls -l
- name: Upload to S3
image: plugins/s3
settings:
access_key:
from_secret: AWS_ACCESS_KEY_ID
bucket:
from_secret: AWS_S3_BUCKET
region: us-west-2
secret_key:
from_secret: AWS_SECRET_ACCESS_KEY
source: /go/artifacts/*
strip_prefix: /go/artifacts/
target: teleport/tag/${DRONE_TAG##v}
- name: Register artifacts
image: docker
commands:
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
- which curl || apk add --no-cache curl
- |-
cd "$WORKSPACE_DIR/go/artifacts"
for file in $(find . -type f ! -iname '*.sha256'); do
# Skip files that are not results of this build
# (e.g. tarballs from which OS packages are made)
[ -f "$file.sha256" ] || continue
product="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
echo "curl HTTP status: $status_code"
cat $WORKSPACE_DIR/curl_out.txt
exit 1
fi
curl $CREDENTIALS --fail -o /dev/null -F description="TODO" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" -F "releaseId=$product@$VERSION" "$RELEASES_HOST/assets";
done
environment:
RELEASES_CERT:
from_secret: RELEASES_CERT_STAGING
RELEASES_KEY:
from_secret: RELEASES_KEY_STAGING
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go:235
################################################
kind: pipeline
type: kubernetes
name: build-linux-amd64
environment:
RUNTIME: go1.17.2
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
steps:
- name: Check out code
image: docker:git
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
&& chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- git submodule update --init --recursive webassets || true
- rm -f /root/.ssh/id_rsa
- mkdir -p /go/cache /go/artifacts
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt;
else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Wait for docker
image: docker
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
volumes:
- name: dockersock
path: /var/run
- name: Build artifacts
image: docker
commands:
- apk add --no-cache make
- chown -R $UID:$GID /go
- cd /go/src/github.com/gravitational/teleport
- make -C build.assets release-amd64
environment:
ARCH: amd64
GID: "1000"
GOCACHE: /go/cache
GOPATH: /go
OS: linux
UID: "1000"
volumes:
- name: dockersock
path: /var/run
- name: Copy artifacts
image: docker
commands:
- cd /go/src/github.com/gravitational/teleport
- find . -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
\;
- find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
\;
- cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256;
done && ls -l
- name: Upload to S3
image: plugins/s3
settings:
access_key:
from_secret: AWS_ACCESS_KEY_ID
bucket:
from_secret: AWS_S3_BUCKET
region: us-west-2
secret_key:
from_secret: AWS_SECRET_ACCESS_KEY
source: /go/artifacts/*
strip_prefix: /go/artifacts/
target: teleport/tag/${DRONE_TAG##v}
- name: Register artifacts
image: docker
commands:
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
- which curl || apk add --no-cache curl
- |-
cd "$WORKSPACE_DIR/go/artifacts"
for file in $(find . -type f ! -iname '*.sha256'); do
# Skip files that are not results of this build
# (e.g. tarballs from which OS packages are made)
[ -f "$file.sha256" ] || continue
product="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
echo "curl HTTP status: $status_code"
cat $WORKSPACE_DIR/curl_out.txt
exit 1
fi
curl $CREDENTIALS --fail -o /dev/null -F description="TODO" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" -F "releaseId=$product@$VERSION" "$RELEASES_HOST/assets";
done
environment:
RELEASES_CERT:
from_secret: RELEASES_CERT_STAGING
RELEASES_KEY:
from_secret: RELEASES_KEY_STAGING
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go:235
################################################
kind: pipeline
type: kubernetes
name: build-linux-amd64-fips
environment:
RUNTIME: go1.17.2
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
steps:
- name: Check out code
image: docker:git
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
&& chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- git submodule update --init --recursive webassets || true
- rm -f /root/.ssh/id_rsa
- mkdir -p /go/cache /go/artifacts
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt;
else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Wait for docker
image: docker
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
volumes:
- name: dockersock
path: /var/run
- name: Build artifacts
image: docker
commands:
- apk add --no-cache make
- chown -R $UID:$GID /go
- cd /go/src/github.com/gravitational/teleport
- export VERSION=$(cat /go/.version.txt)
- make -C build.assets release-amd64-fips
environment:
ARCH: amd64
FIPS: "yes"
GID: "1000"
GOCACHE: /go/cache
GOPATH: /go
OS: linux
UID: "1000"
volumes:
- name: dockersock
path: /var/run
- name: Copy artifacts
image: docker
commands:
- cd /go/src/github.com/gravitational/teleport
- find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
\;
- cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256;
done && ls -l
- name: Upload to S3
image: plugins/s3
settings:
access_key:
from_secret: AWS_ACCESS_KEY_ID
bucket:
from_secret: AWS_S3_BUCKET
region: us-west-2
secret_key:
from_secret: AWS_SECRET_ACCESS_KEY
source: /go/artifacts/*
strip_prefix: /go/artifacts/
target: teleport/tag/${DRONE_TAG##v}
- name: Register artifacts
image: docker
commands:
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
- which curl || apk add --no-cache curl
- |-
cd "$WORKSPACE_DIR/go/artifacts"
for file in $(find . -type f ! -iname '*.sha256'); do
# Skip files that are not results of this build
# (e.g. tarballs from which OS packages are made)
[ -f "$file.sha256" ] || continue
product="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
echo "curl HTTP status: $status_code"
cat $WORKSPACE_DIR/curl_out.txt
exit 1
fi
curl $CREDENTIALS --fail -o /dev/null -F description="TODO" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" -F "releaseId=$product@$VERSION" "$RELEASES_HOST/assets";
done
environment:
RELEASES_CERT:
from_secret: RELEASES_CERT_STAGING
RELEASES_KEY:
from_secret: RELEASES_KEY_STAGING
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go:235
################################################
kind: pipeline
type: kubernetes
name: build-linux-amd64-centos6
environment:
RUNTIME: go1.17.2
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
steps:
- name: Check out code
image: docker:git
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
&& chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- git submodule update --init --recursive webassets || true
- rm -f /root/.ssh/id_rsa
- mkdir -p /go/cache /go/artifacts
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt;
else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Wait for docker
image: docker
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
volumes:
- name: dockersock
path: /var/run
- name: Build artifacts
image: docker
commands:
- apk add --no-cache make
- chown -R $UID:$GID /go
- cd /go/src/github.com/gravitational/teleport
- make -C build.assets release-amd64-centos6
environment:
ARCH: amd64
GID: "1000"
GOCACHE: /go/cache
GOPATH: /go
OS: linux
UID: "1000"
volumes:
- name: dockersock
path: /var/run
- name: Copy artifacts
image: docker
commands:
- cd /go/src/github.com/gravitational/teleport
- find . -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
\;
- find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
\;
- export VERSION=$(cat /go/.version.txt)
- mv /go/artifacts/teleport-v$${VERSION}-linux-amd64-bin.tar.gz /go/artifacts/teleport-v$${VERSION}-linux-amd64-centos6-bin.tar.gz
- mv /go/artifacts/teleport-ent-v$${VERSION}-linux-amd64-bin.tar.gz /go/artifacts/teleport-ent-v$${VERSION}-linux-amd64-centos6-bin.tar.gz
- cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256;
done && ls -l
- name: Upload to S3
image: plugins/s3
settings:
access_key:
from_secret: AWS_ACCESS_KEY_ID
bucket:
from_secret: AWS_S3_BUCKET
region: us-west-2
secret_key:
from_secret: AWS_SECRET_ACCESS_KEY
source: /go/artifacts/*
strip_prefix: /go/artifacts/
target: teleport/tag/${DRONE_TAG##v}
- name: Register artifacts
image: docker
commands:
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
- which curl || apk add --no-cache curl
- |-
cd "$WORKSPACE_DIR/go/artifacts"
for file in $(find . -type f ! -iname '*.sha256'); do
# Skip files that are not results of this build
# (e.g. tarballs from which OS packages are made)
[ -f "$file.sha256" ] || continue
product="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
echo "curl HTTP status: $status_code"
cat $WORKSPACE_DIR/curl_out.txt
exit 1
fi
curl $CREDENTIALS --fail -o /dev/null -F description="TODO" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" -F "releaseId=$product@$VERSION" "$RELEASES_HOST/assets";
done
environment:
RELEASES_CERT:
from_secret: RELEASES_CERT_STAGING
RELEASES_KEY:
from_secret: RELEASES_KEY_STAGING
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go:418
################################################
kind: pipeline
type: kubernetes
name: build-linux-amd64-rpm
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
depends_on:
- build-linux-amd64
steps:
- name: Check out code
image: docker:git
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
&& chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- git submodule update --init --recursive webassets || true
- rm -f /root/.ssh/id_rsa
- mkdir -p /go/cache /go/artifacts
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt;
else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Wait for docker
image: docker
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
volumes:
- name: dockersock
path: /var/run
- name: Download artifacts from S3
image: amazon/aws-cli
commands:
- export VERSION=$(cat /go/.version.txt)
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
export S3_PATH="tag/"; fi
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-amd64-bin.tar.gz
/go/artifacts/
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-bin.tar.gz
/go/artifacts/
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
- name: Build artifacts
image: docker
commands:
- apk add --no-cache bash curl gzip make tar
- cd /go/src/github.com/gravitational/teleport
- export VERSION=$(cat /go/.version.txt)
- mkdir -m0700 $GNUPG_DIR
- echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPG_DIR
- chown -R root:root $GNUPG_DIR
- make rpm
- rm -rf $GNUPG_DIR
environment:
ARCH: amd64
ENT_TARBALL_PATH: /go/artifacts
GNUPG_DIR: /tmpfs/gnupg
GPG_RPM_SIGNING_ARCHIVE:
from_secret: GPG_RPM_SIGNING_ARCHIVE
OSS_TARBALL_PATH: /go/artifacts
TMPDIR: /go
volumes:
- name: tmpfs
path: /tmpfs
- name: dockersock
path: /var/run
- name: Copy artifacts
image: docker
commands:
- cd /go/src/github.com/gravitational/teleport
- find build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts
\;
- find e/build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts
\;
- name: Upload to S3
image: plugins/s3
settings:
access_key:
from_secret: AWS_ACCESS_KEY_ID
bucket:
from_secret: AWS_S3_BUCKET
region: us-west-2
secret_key:
from_secret: AWS_SECRET_ACCESS_KEY
source: /go/artifacts/*
strip_prefix: /go/artifacts/
target: teleport/tag/${DRONE_TAG##v}
- name: Register artifacts
image: docker
commands:
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
- which curl || apk add --no-cache curl
- |-
cd "$WORKSPACE_DIR/go/artifacts"
for file in $(find . -type f ! -iname '*.sha256'); do
# Skip files that are not results of this build
# (e.g. tarballs from which OS packages are made)
[ -f "$file.sha256" ] || continue
product="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
echo "curl HTTP status: $status_code"
cat $WORKSPACE_DIR/curl_out.txt
exit 1
fi
curl $CREDENTIALS --fail -o /dev/null -F description="TODO" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" -F "releaseId=$product@$VERSION" "$RELEASES_HOST/assets";
done
environment:
RELEASES_CERT:
from_secret: RELEASES_CERT_STAGING
RELEASES_KEY:
from_secret: RELEASES_KEY_STAGING
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: tmpfs
path: /tmpfs
- name: dockersock
path: /var/run
volumes:
- name: tmpfs
temp:
medium: memory
- name: dockersock
temp: {}
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go:418
################################################
kind: pipeline
type: kubernetes
name: build-linux-amd64-fips-rpm
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
depends_on:
- build-linux-amd64-fips
steps:
- name: Check out code
image: docker:git
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
&& chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- git submodule update --init --recursive webassets || true
- rm -f /root/.ssh/id_rsa
- mkdir -p /go/cache /go/artifacts
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt;
else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Wait for docker
image: docker
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
volumes:
- name: dockersock
path: /var/run
- name: Download artifacts from S3
image: amazon/aws-cli
commands:
- export VERSION=$(cat /go/.version.txt)
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
export S3_PATH="tag/"; fi
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-fips-bin.tar.gz
/go/artifacts/
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
- name: Build artifacts
image: docker
commands:
- apk add --no-cache bash curl gzip make tar
- cd /go/src/github.com/gravitational/teleport
- export VERSION=$(cat /go/.version.txt)
- mkdir -m0700 $GNUPG_DIR
- echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPG_DIR
- chown -R root:root $GNUPG_DIR
- make -C e rpm
- rm -rf $GNUPG_DIR
environment:
ARCH: amd64
ENT_TARBALL_PATH: /go/artifacts
FIPS: "yes"
GNUPG_DIR: /tmpfs/gnupg
GPG_RPM_SIGNING_ARCHIVE:
from_secret: GPG_RPM_SIGNING_ARCHIVE
RUNTIME: fips
TMPDIR: /go
volumes:
- name: tmpfs
path: /tmpfs
- name: dockersock
path: /var/run
- name: Copy artifacts
image: docker
commands:
- cd /go/src/github.com/gravitational/teleport
- find e/build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts
\;
- name: Upload to S3
image: plugins/s3
settings:
access_key:
from_secret: AWS_ACCESS_KEY_ID
bucket:
from_secret: AWS_S3_BUCKET
region: us-west-2
secret_key:
from_secret: AWS_SECRET_ACCESS_KEY
source: /go/artifacts/*
strip_prefix: /go/artifacts/
target: teleport/tag/${DRONE_TAG##v}
- name: Register artifacts
image: docker
commands:
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
- which curl || apk add --no-cache curl
- |-
cd "$WORKSPACE_DIR/go/artifacts"
for file in $(find . -type f ! -iname '*.sha256'); do
# Skip files that are not results of this build
# (e.g. tarballs from which OS packages are made)
[ -f "$file.sha256" ] || continue
product="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
echo "curl HTTP status: $status_code"
cat $WORKSPACE_DIR/curl_out.txt
exit 1
fi
curl $CREDENTIALS --fail -o /dev/null -F description="TODO" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" -F "releaseId=$product@$VERSION" "$RELEASES_HOST/assets";
done
environment:
RELEASES_CERT:
from_secret: RELEASES_CERT_STAGING
RELEASES_KEY:
from_secret: RELEASES_KEY_STAGING
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: tmpfs
path: /tmpfs
- name: dockersock
path: /var/run
volumes:
- name: tmpfs
temp:
medium: memory
- name: dockersock
temp: {}
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go:418
################################################
kind: pipeline
type: kubernetes
name: build-linux-amd64-deb
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
depends_on:
- build-linux-amd64
steps:
- name: Check out code
image: docker:git
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
&& chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- git submodule update --init --recursive webassets || true
- rm -f /root/.ssh/id_rsa
- mkdir -p /go/cache /go/artifacts
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt;
else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Wait for docker
image: docker
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
volumes:
- name: dockersock
path: /var/run
- name: Download artifacts from S3
image: amazon/aws-cli
commands:
- export VERSION=$(cat /go/.version.txt)
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
export S3_PATH="tag/"; fi
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-amd64-bin.tar.gz
/go/artifacts/
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-bin.tar.gz
/go/artifacts/
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
- name: Build artifacts
image: docker
commands:
- apk add --no-cache bash curl gzip make tar
- cd /go/src/github.com/gravitational/teleport
- export VERSION=$(cat /go/.version.txt)
- make deb
environment:
ARCH: amd64
ENT_TARBALL_PATH: /go/artifacts
OSS_TARBALL_PATH: /go/artifacts
TMPDIR: /go
volumes:
- name: dockersock
path: /var/run
- name: Copy artifacts
image: docker
commands:
- cd /go/src/github.com/gravitational/teleport
- find build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts
\;
- find e/build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts
\;
- name: Upload to S3
image: plugins/s3
settings:
access_key:
from_secret: AWS_ACCESS_KEY_ID
bucket:
from_secret: AWS_S3_BUCKET
region: us-west-2
secret_key:
from_secret: AWS_SECRET_ACCESS_KEY
source: /go/artifacts/*
strip_prefix: /go/artifacts/
target: teleport/tag/${DRONE_TAG##v}
- name: Register artifacts
image: docker
commands:
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
- which curl || apk add --no-cache curl
- |-
cd "$WORKSPACE_DIR/go/artifacts"
for file in $(find . -type f ! -iname '*.sha256'); do
# Skip files that are not results of this build
# (e.g. tarballs from which OS packages are made)
[ -f "$file.sha256" ] || continue
product="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
echo "curl HTTP status: $status_code"
cat $WORKSPACE_DIR/curl_out.txt
exit 1
fi
curl $CREDENTIALS --fail -o /dev/null -F description="TODO" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" -F "releaseId=$product@$VERSION" "$RELEASES_HOST/assets";
done
environment:
RELEASES_CERT:
from_secret: RELEASES_CERT_STAGING
RELEASES_KEY:
from_secret: RELEASES_KEY_STAGING
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go:418
################################################
kind: pipeline
type: kubernetes
name: build-linux-amd64-fips-deb
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
depends_on:
- build-linux-amd64-fips
steps:
- name: Check out code
image: docker:git
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
&& chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- git submodule update --init --recursive webassets || true
- rm -f /root/.ssh/id_rsa
- mkdir -p /go/cache /go/artifacts
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt;
else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Wait for docker
image: docker
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
volumes:
- name: dockersock
path: /var/run
- name: Download artifacts from S3
image: amazon/aws-cli
commands:
- export VERSION=$(cat /go/.version.txt)
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
export S3_PATH="tag/"; fi
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-fips-bin.tar.gz
/go/artifacts/
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
- name: Build artifacts
image: docker
commands:
- apk add --no-cache bash curl gzip make tar
- cd /go/src/github.com/gravitational/teleport
- export VERSION=$(cat /go/.version.txt)
- make -C e deb
environment:
ARCH: amd64
ENT_TARBALL_PATH: /go/artifacts
FIPS: "yes"
RUNTIME: fips
TMPDIR: /go
volumes:
- name: dockersock
path: /var/run
- name: Copy artifacts
image: docker
commands:
- cd /go/src/github.com/gravitational/teleport
- find e/build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts
\;
- name: Upload to S3
image: plugins/s3
settings:
access_key:
from_secret: AWS_ACCESS_KEY_ID
bucket:
from_secret: AWS_S3_BUCKET
region: us-west-2
secret_key:
from_secret: AWS_SECRET_ACCESS_KEY
source: /go/artifacts/*
strip_prefix: /go/artifacts/
target: teleport/tag/${DRONE_TAG##v}
- name: Register artifacts
image: docker
commands:
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
- which curl || apk add --no-cache curl
- |-
cd "$WORKSPACE_DIR/go/artifacts"
for file in $(find . -type f ! -iname '*.sha256'); do
# Skip files that are not results of this build
# (e.g. tarballs from which OS packages are made)
[ -f "$file.sha256" ] || continue
product="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
echo "curl HTTP status: $status_code"
cat $WORKSPACE_DIR/curl_out.txt
exit 1
fi
curl $CREDENTIALS --fail -o /dev/null -F description="TODO" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" -F "releaseId=$product@$VERSION" "$RELEASES_HOST/assets";
done
environment:
RELEASES_CERT:
from_secret: RELEASES_CERT_STAGING
RELEASES_KEY:
from_secret: RELEASES_KEY_STAGING
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go:235
################################################
kind: pipeline
type: kubernetes
name: build-linux-386
environment:
RUNTIME: go1.17.2
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
steps:
- name: Check out code
image: docker:git
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
&& chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- git submodule update --init --recursive webassets || true
- rm -f /root/.ssh/id_rsa
- mkdir -p /go/cache /go/artifacts
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt;
else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Wait for docker
image: docker
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
volumes:
- name: dockersock
path: /var/run
- name: Build artifacts
image: docker
commands:
- apk add --no-cache make
- chown -R $UID:$GID /go
- cd /go/src/github.com/gravitational/teleport
- make -C build.assets release-386
environment:
ARCH: "386"
GID: "1000"
GOCACHE: /go/cache
GOPATH: /go
OS: linux
UID: "1000"
volumes:
- name: dockersock
path: /var/run
- name: Copy artifacts
image: docker
commands:
- cd /go/src/github.com/gravitational/teleport
- find . -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
\;
- find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
\;
- cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256;
done && ls -l
- name: Upload to S3
image: plugins/s3
settings:
access_key:
from_secret: AWS_ACCESS_KEY_ID
bucket:
from_secret: AWS_S3_BUCKET
region: us-west-2
secret_key:
from_secret: AWS_SECRET_ACCESS_KEY
source: /go/artifacts/*
strip_prefix: /go/artifacts/
target: teleport/tag/${DRONE_TAG##v}
- name: Register artifacts
image: docker
commands:
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
- which curl || apk add --no-cache curl
- |-
cd "$WORKSPACE_DIR/go/artifacts"
for file in $(find . -type f ! -iname '*.sha256'); do
# Skip files that are not results of this build
# (e.g. tarballs from which OS packages are made)
[ -f "$file.sha256" ] || continue
product="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
echo "curl HTTP status: $status_code"
cat $WORKSPACE_DIR/curl_out.txt
exit 1
fi
curl $CREDENTIALS --fail -o /dev/null -F description="TODO" -F os="linux" -F arch="386" -F "file=@$file" -F "sha256=$shasum" -F "releaseId=$product@$VERSION" "$RELEASES_HOST/assets";
done
environment:
RELEASES_CERT:
from_secret: RELEASES_CERT_STAGING
RELEASES_KEY:
from_secret: RELEASES_KEY_STAGING
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go:418
################################################
kind: pipeline
type: kubernetes
name: build-linux-386-rpm
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
depends_on:
- build-linux-386
steps:
- name: Check out code
image: docker:git
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
&& chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- git submodule update --init --recursive webassets || true
- rm -f /root/.ssh/id_rsa
- mkdir -p /go/cache /go/artifacts
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt;
else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Wait for docker
image: docker
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
volumes:
- name: dockersock
path: /var/run
- name: Download artifacts from S3
image: amazon/aws-cli
commands:
- export VERSION=$(cat /go/.version.txt)
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
export S3_PATH="tag/"; fi
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-386-bin.tar.gz
/go/artifacts/
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-386-bin.tar.gz
/go/artifacts/
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
- name: Build artifacts
image: docker
commands:
- apk add --no-cache bash curl gzip make tar
- cd /go/src/github.com/gravitational/teleport
- export VERSION=$(cat /go/.version.txt)
- mkdir -m0700 $GNUPG_DIR
- echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPG_DIR
- chown -R root:root $GNUPG_DIR
- make rpm
- rm -rf $GNUPG_DIR
environment:
ARCH: "386"
ENT_TARBALL_PATH: /go/artifacts
GNUPG_DIR: /tmpfs/gnupg
GPG_RPM_SIGNING_ARCHIVE:
from_secret: GPG_RPM_SIGNING_ARCHIVE
OSS_TARBALL_PATH: /go/artifacts
TMPDIR: /go
volumes:
- name: tmpfs
path: /tmpfs
- name: dockersock
path: /var/run
- name: Copy artifacts
image: docker
commands:
- cd /go/src/github.com/gravitational/teleport
- find build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts
\;
- find e/build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts
\;
- name: Upload to S3
image: plugins/s3
settings:
access_key:
from_secret: AWS_ACCESS_KEY_ID
bucket:
from_secret: AWS_S3_BUCKET
region: us-west-2
secret_key:
from_secret: AWS_SECRET_ACCESS_KEY
source: /go/artifacts/*
strip_prefix: /go/artifacts/
target: teleport/tag/${DRONE_TAG##v}
- name: Register artifacts
image: docker
commands:
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
- which curl || apk add --no-cache curl
- |-
cd "$WORKSPACE_DIR/go/artifacts"
for file in $(find . -type f ! -iname '*.sha256'); do
# Skip files that are not results of this build
# (e.g. tarballs from which OS packages are made)
[ -f "$file.sha256" ] || continue
product="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
echo "curl HTTP status: $status_code"
cat $WORKSPACE_DIR/curl_out.txt
exit 1
fi
curl $CREDENTIALS --fail -o /dev/null -F description="TODO" -F os="linux" -F arch="386" -F "file=@$file" -F "sha256=$shasum" -F "releaseId=$product@$VERSION" "$RELEASES_HOST/assets";
done
environment:
RELEASES_CERT:
from_secret: RELEASES_CERT_STAGING
RELEASES_KEY:
from_secret: RELEASES_KEY_STAGING
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: tmpfs
path: /tmpfs
- name: dockersock
path: /var/run
volumes:
- name: tmpfs
temp:
medium: memory
- name: dockersock
temp: {}
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go:418
################################################
kind: pipeline
type: kubernetes
name: build-linux-386-deb
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
depends_on:
- build-linux-386
steps:
- name: Check out code
image: docker:git
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
&& chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- git submodule update --init --recursive webassets || true
- rm -f /root/.ssh/id_rsa
- mkdir -p /go/cache /go/artifacts
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt;
else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Wait for docker
image: docker
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
volumes:
- name: dockersock
path: /var/run
- name: Download artifacts from S3
image: amazon/aws-cli
commands:
- export VERSION=$(cat /go/.version.txt)
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
export S3_PATH="tag/"; fi
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-386-bin.tar.gz
/go/artifacts/
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-386-bin.tar.gz
/go/artifacts/
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
- name: Build artifacts
image: docker
commands:
- apk add --no-cache bash curl gzip make tar
- cd /go/src/github.com/gravitational/teleport
- export VERSION=$(cat /go/.version.txt)
- make deb
environment:
ARCH: "386"
ENT_TARBALL_PATH: /go/artifacts
OSS_TARBALL_PATH: /go/artifacts
TMPDIR: /go
volumes:
- name: dockersock
path: /var/run
- name: Copy artifacts
image: docker
commands:
- cd /go/src/github.com/gravitational/teleport
- find build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts
\;
- find e/build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts
\;
- name: Upload to S3
image: plugins/s3
settings:
access_key:
from_secret: AWS_ACCESS_KEY_ID
bucket:
from_secret: AWS_S3_BUCKET
region: us-west-2
secret_key:
from_secret: AWS_SECRET_ACCESS_KEY
source: /go/artifacts/*
strip_prefix: /go/artifacts/
target: teleport/tag/${DRONE_TAG##v}
- name: Register artifacts
image: docker
commands:
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
- which curl || apk add --no-cache curl
- |-
cd "$WORKSPACE_DIR/go/artifacts"
for file in $(find . -type f ! -iname '*.sha256'); do
# Skip files that are not results of this build
# (e.g. tarballs from which OS packages are made)
[ -f "$file.sha256" ] || continue
product="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
echo "curl HTTP status: $status_code"
cat $WORKSPACE_DIR/curl_out.txt
exit 1
fi
curl $CREDENTIALS --fail -o /dev/null -F description="TODO" -F os="linux" -F arch="386" -F "file=@$file" -F "sha256=$shasum" -F "releaseId=$product@$VERSION" "$RELEASES_HOST/assets";
done
environment:
RELEASES_CERT:
from_secret: RELEASES_CERT_STAGING
RELEASES_KEY:
from_secret: RELEASES_KEY_STAGING
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/mac.go:32
################################################
kind: pipeline
type: exec
name: build-darwin-amd64
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /tmp/build-darwin-amd64
platform:
os: darwin
arch: amd64
clone:
disable: true
concurrency:
limit: 1
steps:
- name: Set up exec runner storage
commands:
- set -u
- mkdir -p $WORKSPACE_DIR
- chmod -R u+rw $WORKSPACE_DIR
- rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh
environment:
WORKSPACE_DIR: /tmp/build-darwin-amd64
- name: Check out code
commands:
- set -u
- mkdir -p $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
- mkdir -m 0700 $WORKSPACE_DIR/.ssh && echo "$GITHUB_PRIVATE_KEY" > $WORKSPACE_DIR/.ssh/id_rsa
&& chmod 600 $WORKSPACE_DIR/.ssh/id_rsa
- ssh-keyscan -H github.com > $WORKSPACE_DIR/.ssh/known_hosts 2>/dev/null
- chmod 600 $WORKSPACE_DIR/.ssh/known_hosts
- GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts
-F /dev/null' git submodule update --init e
- GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts
-F /dev/null' git submodule update --init --recursive webassets || true
- rm -rf $WORKSPACE_DIR/.ssh
- mkdir -p $WORKSPACE_DIR/go/cache
- mkdir -p $WORKSPACE_DIR/go/artifacts
- echo "${DRONE_TAG##v}" > $WORKSPACE_DIR/go/.version.txt
- cat $WORKSPACE_DIR/go/.version.txt
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
WORKSPACE_DIR: /tmp/build-darwin-amd64
- name: Install Go Toolchain
commands:
- set -u
- mkdir -p ~/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED-toolchains
- curl --silent -O https://dl.google.com/go/$RUNTIME.darwin-amd64.tar.gz
- tar -C ~/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED-toolchains -xzf $RUNTIME.darwin-amd64.tar.gz
- rm -rf $RUNTIME.darwin-amd64.tar.gz
environment:
RUNTIME: go1.17.2
- name: Install Rust Toolchain
commands:
- set -u
- export PATH=/Users/build/.cargo/bin:$PATH
- mkdir -p ~/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED-toolchains
- export RUST_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets
print-rust-version)
- export CARGO_HOME=~/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED-toolchains
- export RUST_HOME=$CARGO_HOME
- rustup toolchain install $RUST_VERSION
environment:
WORKSPACE_DIR: /tmp/build-darwin-amd64
- name: Build Mac release artifacts
commands:
- set -u
- export RUST_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets
print-rust-version)
- export CARGO_HOME=~/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED-toolchains
- export RUST_HOME=$CARGO_HOME
- export PATH=~/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED-toolchains/go/bin:$CARGO_HOME/bin:/Users/build/.cargo/bin:$PATH
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
- rustup override set $RUST_VERSION
- make clean release OS=$OS ARCH=$ARCH
environment:
ARCH: amd64
GOCACHE: /tmp/build-darwin-amd64/go/cache
GOPATH: /tmp/build-darwin-amd64/go
OS: darwin
WORKSPACE_DIR: /tmp/build-darwin-amd64
- name: Copy Mac artifacts
commands:
- set -u
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
- cp teleport*.tar.gz $WORKSPACE_DIR/go/artifacts
- cp e/teleport-ent*.tar.gz $WORKSPACE_DIR/go/artifacts
- cd $WORKSPACE_DIR/go/artifacts && for FILE in teleport*.tar.gz; do shasum -a 256
$FILE > $FILE.sha256; done && ls -l
environment:
WORKSPACE_DIR: /tmp/build-darwin-amd64
- name: Upload to S3
commands:
- set -u
- cd $WORKSPACE_DIR/go/artifacts
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
WORKSPACE_DIR: /tmp/build-darwin-amd64
- name: Register artifacts
commands:
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
- which curl || apk add --no-cache curl
- |-
cd "$WORKSPACE_DIR/go/artifacts"
for file in $(find . -type f ! -iname '*.sha256'); do
# Skip files that are not results of this build
# (e.g. tarballs from which OS packages are made)
[ -f "$file.sha256" ] || continue
product="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
echo "curl HTTP status: $status_code"
cat $WORKSPACE_DIR/curl_out.txt
exit 1
fi
curl $CREDENTIALS --fail -o /dev/null -F description="TODO" -F os="darwin" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" -F "releaseId=$product@$VERSION" "$RELEASES_HOST/assets";
done
environment:
RELEASES_CERT:
from_secret: RELEASES_CERT_STAGING
RELEASES_KEY:
from_secret: RELEASES_KEY_STAGING
WORKSPACE_DIR: /tmp/build-darwin-amd64
- name: Clean up toolchains (post)
commands:
- set -u
- export PATH=/Users/build/.cargo/bin:$PATH
- export CARGO_HOME=~/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED-toolchains
- export RUST_HOME=$CARGO_HOME
- export RUST_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets
print-rust-version)
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
- rustup override unset
- rustup toolchain uninstall $RUST_VERSION
- rm -rf ~/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED-toolchains
environment:
WORKSPACE_DIR: /tmp/build-darwin-amd64
when:
status:
- success
- failure
- name: Clean up exec runner storage (post)
commands:
- set -u
- chmod -R u+rw $WORKSPACE_DIR
- rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh
environment:
WORKSPACE_DIR: /tmp/build-darwin-amd64
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/mac.go:32
################################################
kind: pipeline
type: exec
name: build-darwin-amd64-pkg
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /tmp/build-darwin-amd64-pkg
platform:
os: darwin
arch: amd64
clone:
disable: true
depends_on:
- build-darwin-amd64
concurrency:
limit: 1
steps:
- name: Set up exec runner storage
commands:
- set -u
- mkdir -p $WORKSPACE_DIR
- chmod -R u+rw $WORKSPACE_DIR
- rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh
environment:
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg
- name: Check out code
commands:
- set -u
- mkdir -p $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
- mkdir -m 0700 $WORKSPACE_DIR/.ssh && echo "$GITHUB_PRIVATE_KEY" > $WORKSPACE_DIR/.ssh/id_rsa
&& chmod 600 $WORKSPACE_DIR/.ssh/id_rsa
- ssh-keyscan -H github.com > $WORKSPACE_DIR/.ssh/known_hosts 2>/dev/null
- chmod 600 $WORKSPACE_DIR/.ssh/known_hosts
- GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts
-F /dev/null' git submodule update --init e
- GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts
-F /dev/null' git submodule update --init --recursive webassets || true
- rm -rf $WORKSPACE_DIR/.ssh
- mkdir -p $WORKSPACE_DIR/go/cache
- mkdir -p $WORKSPACE_DIR/go/artifacts
- echo "${DRONE_TAG##v}" > $WORKSPACE_DIR/go/.version.txt
- cat $WORKSPACE_DIR/go/.version.txt
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg
- name: Download built tarball artifacts from S3
commands:
- set -u
- export VERSION=$(cat $WORKSPACE_DIR/go/.version.txt)
- export S3_PATH="tag/$${DRONE_TAG##v}/"
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-darwin-amd64-bin.tar.gz
$WORKSPACE_DIR/go/artifacts/
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-darwin-amd64-bin.tar.gz
$WORKSPACE_DIR/go/artifacts/
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg
- name: Build Mac pkg release artifacts
commands:
- set -u
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
- export VERSION=$(cat $WORKSPACE_DIR/go/.version.txt)
- export HOME=/Users/build
- security unlock-keychain -p $${BUILDBOX_PASSWORD} login.keychain
- security find-identity -v
- make pkg OS=$OS ARCH=$ARCH
environment:
APPLE_PASSWORD:
from_secret: APPLE_PASSWORD
APPLE_USERNAME:
from_secret: APPLE_USERNAME
ARCH: amd64
BUILDBOX_PASSWORD:
from_secret: BUILDBOX_PASSWORD
ENT_TARBALL_PATH: /tmp/build-darwin-amd64-pkg/go/artifacts
OS: darwin
OSS_TARBALL_PATH: /tmp/build-darwin-amd64-pkg/go/artifacts
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg
- name: Copy Mac pkg artifacts
commands:
- set -u
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
- rm -rf $WORKSPACE_DIR/go/artifacts/*.tar.gz
- cp build/teleport*.pkg e/build/teleport-ent*.pkg $WORKSPACE_DIR/go/artifacts/
- cd $WORKSPACE_DIR/go/artifacts && for FILE in *.pkg; do shasum -a 256 $FILE >
$FILE.sha256; done && ls -l
environment:
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg
- name: Upload to S3
commands:
- set -u
- cd $WORKSPACE_DIR/go/artifacts
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg
- name: Register artifacts
commands:
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
- which curl || apk add --no-cache curl
- |-
cd "$WORKSPACE_DIR/go/artifacts"
for file in $(find . -type f ! -iname '*.sha256'); do
# Skip files that are not results of this build
# (e.g. tarballs from which OS packages are made)
[ -f "$file.sha256" ] || continue
product="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
echo "curl HTTP status: $status_code"
cat $WORKSPACE_DIR/curl_out.txt
exit 1
fi
curl $CREDENTIALS --fail -o /dev/null -F description="TODO" -F os="darwin" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" -F "releaseId=$product@$VERSION" "$RELEASES_HOST/assets";
done
environment:
RELEASES_CERT:
from_secret: RELEASES_CERT_STAGING
RELEASES_KEY:
from_secret: RELEASES_KEY_STAGING
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg
- name: Clean up exec runner storage (post)
commands:
- set -u
- chmod -R u+rw $WORKSPACE_DIR
- rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh
environment:
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/mac.go:32
################################################
kind: pipeline
type: exec
name: build-darwin-amd64-pkg-tsh
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /tmp/build-darwin-amd64-pkg-tsh
platform:
os: darwin
arch: amd64
clone:
disable: true
depends_on:
- build-darwin-amd64
concurrency:
limit: 1
steps:
- name: Set up exec runner storage
commands:
- set -u
- mkdir -p $WORKSPACE_DIR
- chmod -R u+rw $WORKSPACE_DIR
- rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh
environment:
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg-tsh
- name: Check out code
commands:
- set -u
- mkdir -p $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
- mkdir -m 0700 $WORKSPACE_DIR/.ssh && echo "$GITHUB_PRIVATE_KEY" > $WORKSPACE_DIR/.ssh/id_rsa
&& chmod 600 $WORKSPACE_DIR/.ssh/id_rsa
- ssh-keyscan -H github.com > $WORKSPACE_DIR/.ssh/known_hosts 2>/dev/null
- chmod 600 $WORKSPACE_DIR/.ssh/known_hosts
- GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts
-F /dev/null' git submodule update --init e
- GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts
-F /dev/null' git submodule update --init --recursive webassets || true
- rm -rf $WORKSPACE_DIR/.ssh
- mkdir -p $WORKSPACE_DIR/go/cache
- mkdir -p $WORKSPACE_DIR/go/artifacts
- echo "${DRONE_TAG##v}" > $WORKSPACE_DIR/go/.version.txt
- cat $WORKSPACE_DIR/go/.version.txt
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg-tsh
- name: Download built tarball artifacts from S3
commands:
- set -u
- export VERSION=$(cat $WORKSPACE_DIR/go/.version.txt)
- export S3_PATH="tag/$${DRONE_TAG##v}/"
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-darwin-amd64-bin.tar.gz
$WORKSPACE_DIR/go/artifacts/
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-darwin-amd64-bin.tar.gz
$WORKSPACE_DIR/go/artifacts/
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg-tsh
- name: Build Mac pkg release artifacts
commands:
- set -u
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
- export VERSION=$(cat $WORKSPACE_DIR/go/.version.txt)
- export HOME=/Users/build
- security unlock-keychain -p $${BUILDBOX_PASSWORD} login.keychain
- security find-identity -v
- make pkg-tsh OS=$OS ARCH=$ARCH
environment:
APPLE_PASSWORD:
from_secret: APPLE_PASSWORD
APPLE_USERNAME:
from_secret: APPLE_USERNAME
ARCH: amd64
BUILDBOX_PASSWORD:
from_secret: BUILDBOX_PASSWORD
ENT_TARBALL_PATH: /tmp/build-darwin-amd64-pkg/go/artifacts
OS: darwin
OSS_TARBALL_PATH: /tmp/build-darwin-amd64-pkg/go/artifacts
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg-tsh
- name: Copy Mac pkg artifacts
commands:
- set -u
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
- rm -rf $WORKSPACE_DIR/go/artifacts/*.tar.gz
- cp build/tsh*.pkg $WORKSPACE_DIR/go/artifacts/
- cd $WORKSPACE_DIR/go/artifacts && for FILE in *.pkg; do shasum -a 256 $FILE >
$FILE.sha256; done && ls -l
environment:
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg-tsh
- name: Upload to S3
commands:
- set -u
- cd $WORKSPACE_DIR/go/artifacts
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg-tsh
- name: Register artifacts
commands:
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
- which curl || apk add --no-cache curl
- |-
cd "$WORKSPACE_DIR/go/artifacts"
for file in $(find . -type f ! -iname '*.sha256'); do
# Skip files that are not results of this build
# (e.g. tarballs from which OS packages are made)
[ -f "$file.sha256" ] || continue
product="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
echo "curl HTTP status: $status_code"
cat $WORKSPACE_DIR/curl_out.txt
exit 1
fi
curl $CREDENTIALS --fail -o /dev/null -F description="TODO" -F os="darwin" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" -F "releaseId=$product@$VERSION" "$RELEASES_HOST/assets";
done
environment:
RELEASES_CERT:
from_secret: RELEASES_CERT_STAGING
RELEASES_KEY:
from_secret: RELEASES_KEY_STAGING
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg-tsh
- name: Clean up exec runner storage (post)
commands:
- set -u
- chmod -R u+rw $WORKSPACE_DIR
- rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh
environment:
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg-tsh
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go:235
################################################
kind: pipeline
type: kubernetes
name: build-linux-arm
environment:
RUNTIME: go1.17.2
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
steps:
- name: Check out code
image: docker:git
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
&& chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- git submodule update --init --recursive webassets || true
- rm -f /root/.ssh/id_rsa
- mkdir -p /go/cache /go/artifacts
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt;
else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Wait for docker
image: docker
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
volumes:
- name: dockersock
path: /var/run
- name: Build artifacts
image: docker
commands:
- apk add --no-cache make
- chown -R $UID:$GID /go
- cd /go/src/github.com/gravitational/teleport
- make -C build.assets release-arm
environment:
ARCH: arm
GID: "1000"
GOCACHE: /go/cache
GOPATH: /go
OS: linux
UID: "1000"
volumes:
- name: dockersock
path: /var/run
- name: Copy artifacts
image: docker
commands:
- cd /go/src/github.com/gravitational/teleport
- find . -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
\;
- find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
\;
- cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256;
done && ls -l
- name: Upload to S3
image: plugins/s3
settings:
access_key:
from_secret: AWS_ACCESS_KEY_ID
bucket:
from_secret: AWS_S3_BUCKET
region: us-west-2
secret_key:
from_secret: AWS_SECRET_ACCESS_KEY
source: /go/artifacts/*
strip_prefix: /go/artifacts/
target: teleport/tag/${DRONE_TAG##v}
- name: Register artifacts
image: docker
commands:
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
- which curl || apk add --no-cache curl
- |-
cd "$WORKSPACE_DIR/go/artifacts"
for file in $(find . -type f ! -iname '*.sha256'); do
# Skip files that are not results of this build
# (e.g. tarballs from which OS packages are made)
[ -f "$file.sha256" ] || continue
product="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
echo "curl HTTP status: $status_code"
cat $WORKSPACE_DIR/curl_out.txt
exit 1
fi
curl $CREDENTIALS --fail -o /dev/null -F description="TODO" -F os="linux" -F arch="arm" -F "file=@$file" -F "sha256=$shasum" -F "releaseId=$product@$VERSION" "$RELEASES_HOST/assets";
done
environment:
RELEASES_CERT:
from_secret: RELEASES_CERT_STAGING
RELEASES_KEY:
from_secret: RELEASES_KEY_STAGING
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go:235
################################################
kind: pipeline
type: kubernetes
name: build-linux-arm64
environment:
RUNTIME: go1.17.2
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
steps:
- name: Check out code
image: docker:git
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
&& chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- git submodule update --init --recursive webassets || true
- rm -f /root/.ssh/id_rsa
- mkdir -p /go/cache /go/artifacts
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt;
else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Wait for docker
image: docker
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
volumes:
- name: dockersock
path: /var/run
- name: Build artifacts
image: docker
commands:
- apk add --no-cache make
- chown -R $UID:$GID /go
- cd /go/src/github.com/gravitational/teleport
- make -C build.assets release-arm64
environment:
ARCH: arm64
GID: "1000"
GOCACHE: /go/cache
GOPATH: /go
OS: linux
UID: "1000"
volumes:
- name: dockersock
path: /var/run
- name: Copy artifacts
image: docker
commands:
- cd /go/src/github.com/gravitational/teleport
- find . -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
\;
- find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
\;
- cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256;
done && ls -l
- name: Upload to S3
image: plugins/s3
settings:
access_key:
from_secret: AWS_ACCESS_KEY_ID
bucket:
from_secret: AWS_S3_BUCKET
region: us-west-2
secret_key:
from_secret: AWS_SECRET_ACCESS_KEY
source: /go/artifacts/*
strip_prefix: /go/artifacts/
target: teleport/tag/${DRONE_TAG##v}
- name: Register artifacts
image: docker
commands:
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
- which curl || apk add --no-cache curl
- |-
cd "$WORKSPACE_DIR/go/artifacts"
for file in $(find . -type f ! -iname '*.sha256'); do
# Skip files that are not results of this build
# (e.g. tarballs from which OS packages are made)
[ -f "$file.sha256" ] || continue
product="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
echo "curl HTTP status: $status_code"
cat $WORKSPACE_DIR/curl_out.txt
exit 1
fi
curl $CREDENTIALS --fail -o /dev/null -F description="TODO" -F os="linux" -F arch="arm64" -F "file=@$file" -F "sha256=$shasum" -F "releaseId=$product@$VERSION" "$RELEASES_HOST/assets";
done
environment:
RELEASES_CERT:
from_secret: RELEASES_CERT_STAGING
RELEASES_KEY:
from_secret: RELEASES_KEY_STAGING
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go:418
################################################
kind: pipeline
type: kubernetes
name: build-linux-arm64-deb
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
depends_on:
- build-linux-arm64
steps:
- name: Check out code
image: docker:git
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
&& chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- git submodule update --init --recursive webassets || true
- rm -f /root/.ssh/id_rsa
- mkdir -p /go/cache /go/artifacts
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt;
else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Wait for docker
image: docker
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
volumes:
- name: dockersock
path: /var/run
- name: Download artifacts from S3
image: amazon/aws-cli
commands:
- export VERSION=$(cat /go/.version.txt)
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
export S3_PATH="tag/"; fi
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-arm64-bin.tar.gz
/go/artifacts/
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-arm64-bin.tar.gz
/go/artifacts/
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
- name: Build artifacts
image: docker
commands:
- apk add --no-cache bash curl gzip make tar
- cd /go/src/github.com/gravitational/teleport
- export VERSION=$(cat /go/.version.txt)
- make deb
environment:
ARCH: arm64
ENT_TARBALL_PATH: /go/artifacts
OSS_TARBALL_PATH: /go/artifacts
TMPDIR: /go
volumes:
- name: dockersock
path: /var/run
- name: Copy artifacts
image: docker
commands:
- cd /go/src/github.com/gravitational/teleport
- find build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts
\;
- find e/build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts
\;
- name: Upload to S3
image: plugins/s3
settings:
access_key:
from_secret: AWS_ACCESS_KEY_ID
bucket:
from_secret: AWS_S3_BUCKET
region: us-west-2
secret_key:
from_secret: AWS_SECRET_ACCESS_KEY
source: /go/artifacts/*
strip_prefix: /go/artifacts/
target: teleport/tag/${DRONE_TAG##v}
- name: Register artifacts
image: docker
commands:
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
- which curl || apk add --no-cache curl
- |-
cd "$WORKSPACE_DIR/go/artifacts"
for file in $(find . -type f ! -iname '*.sha256'); do
# Skip files that are not results of this build
# (e.g. tarballs from which OS packages are made)
[ -f "$file.sha256" ] || continue
product="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
echo "curl HTTP status: $status_code"
cat $WORKSPACE_DIR/curl_out.txt
exit 1
fi
curl $CREDENTIALS --fail -o /dev/null -F description="TODO" -F os="linux" -F arch="arm64" -F "file=@$file" -F "sha256=$shasum" -F "releaseId=$product@$VERSION" "$RELEASES_HOST/assets";
done
environment:
RELEASES_CERT:
from_secret: RELEASES_CERT_STAGING
RELEASES_KEY:
from_secret: RELEASES_KEY_STAGING
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go:418
################################################
kind: pipeline
type: kubernetes
name: build-linux-arm-deb
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
depends_on:
- build-linux-arm
steps:
- name: Check out code
image: docker:git
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
&& chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- git submodule update --init --recursive webassets || true
- rm -f /root/.ssh/id_rsa
- mkdir -p /go/cache /go/artifacts
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt;
else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Wait for docker
image: docker
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
volumes:
- name: dockersock
path: /var/run
- name: Download artifacts from S3
image: amazon/aws-cli
commands:
- export VERSION=$(cat /go/.version.txt)
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
export S3_PATH="tag/"; fi
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-arm-bin.tar.gz
/go/artifacts/
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-arm-bin.tar.gz
/go/artifacts/
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
- name: Build artifacts
image: docker
commands:
- apk add --no-cache bash curl gzip make tar
- cd /go/src/github.com/gravitational/teleport
- export VERSION=$(cat /go/.version.txt)
- make deb
environment:
ARCH: arm
ENT_TARBALL_PATH: /go/artifacts
OSS_TARBALL_PATH: /go/artifacts
TMPDIR: /go
volumes:
- name: dockersock
path: /var/run
- name: Copy artifacts
image: docker
commands:
- cd /go/src/github.com/gravitational/teleport
- find build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts
\;
- find e/build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts
\;
- name: Upload to S3
image: plugins/s3
settings:
access_key:
from_secret: AWS_ACCESS_KEY_ID
bucket:
from_secret: AWS_S3_BUCKET
region: us-west-2
secret_key:
from_secret: AWS_SECRET_ACCESS_KEY
source: /go/artifacts/*
strip_prefix: /go/artifacts/
target: teleport/tag/${DRONE_TAG##v}
- name: Register artifacts
image: docker
commands:
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
- which curl || apk add --no-cache curl
- |-
cd "$WORKSPACE_DIR/go/artifacts"
for file in $(find . -type f ! -iname '*.sha256'); do
# Skip files that are not results of this build
# (e.g. tarballs from which OS packages are made)
[ -f "$file.sha256" ] || continue
product="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
echo "curl HTTP status: $status_code"
cat $WORKSPACE_DIR/curl_out.txt
exit 1
fi
curl $CREDENTIALS --fail -o /dev/null -F description="TODO" -F os="linux" -F arch="arm" -F "file=@$file" -F "sha256=$shasum" -F "releaseId=$product@$VERSION" "$RELEASES_HOST/assets";
done
environment:
RELEASES_CERT:
from_secret: RELEASES_CERT_STAGING
RELEASES_KEY:
from_secret: RELEASES_KEY_STAGING
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go:418
################################################
kind: pipeline
type: kubernetes
name: build-linux-arm64-rpm
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
depends_on:
- build-linux-arm64
steps:
- name: Check out code
image: docker:git
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
&& chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- git submodule update --init --recursive webassets || true
- rm -f /root/.ssh/id_rsa
- mkdir -p /go/cache /go/artifacts
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt;
else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Wait for docker
image: docker
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
volumes:
- name: dockersock
path: /var/run
- name: Download artifacts from S3
image: amazon/aws-cli
commands:
- export VERSION=$(cat /go/.version.txt)
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
export S3_PATH="tag/"; fi
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-arm64-bin.tar.gz
/go/artifacts/
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-arm64-bin.tar.gz
/go/artifacts/
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
- name: Build artifacts
image: docker
commands:
- apk add --no-cache bash curl gzip make tar
- cd /go/src/github.com/gravitational/teleport
- export VERSION=$(cat /go/.version.txt)
- mkdir -m0700 $GNUPG_DIR
- echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPG_DIR
- chown -R root:root $GNUPG_DIR
- make rpm
- rm -rf $GNUPG_DIR
environment:
ARCH: arm64
ENT_TARBALL_PATH: /go/artifacts
GNUPG_DIR: /tmpfs/gnupg
GPG_RPM_SIGNING_ARCHIVE:
from_secret: GPG_RPM_SIGNING_ARCHIVE
OSS_TARBALL_PATH: /go/artifacts
TMPDIR: /go
volumes:
- name: tmpfs
path: /tmpfs
- name: dockersock
path: /var/run
- name: Copy artifacts
image: docker
commands:
- cd /go/src/github.com/gravitational/teleport
- find build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts
\;
- find e/build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts
\;
- name: Upload to S3
image: plugins/s3
settings:
access_key:
from_secret: AWS_ACCESS_KEY_ID
bucket:
from_secret: AWS_S3_BUCKET
region: us-west-2
secret_key:
from_secret: AWS_SECRET_ACCESS_KEY
source: /go/artifacts/*
strip_prefix: /go/artifacts/
target: teleport/tag/${DRONE_TAG##v}
- name: Register artifacts
image: docker
commands:
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
- which curl || apk add --no-cache curl
- |-
cd "$WORKSPACE_DIR/go/artifacts"
for file in $(find . -type f ! -iname '*.sha256'); do
# Skip files that are not results of this build
# (e.g. tarballs from which OS packages are made)
[ -f "$file.sha256" ] || continue
product="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
echo "curl HTTP status: $status_code"
cat $WORKSPACE_DIR/curl_out.txt
exit 1
fi
curl $CREDENTIALS --fail -o /dev/null -F description="TODO" -F os="linux" -F arch="arm64" -F "file=@$file" -F "sha256=$shasum" -F "releaseId=$product@$VERSION" "$RELEASES_HOST/assets";
done
environment:
RELEASES_CERT:
from_secret: RELEASES_CERT_STAGING
RELEASES_KEY:
from_secret: RELEASES_KEY_STAGING
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: tmpfs
path: /tmpfs
- name: dockersock
path: /var/run
volumes:
- name: tmpfs
temp:
medium: memory
- name: dockersock
temp: {}
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go:418
################################################
kind: pipeline
type: kubernetes
name: build-linux-arm-rpm
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
depends_on:
- build-linux-arm
steps:
- name: Check out code
image: docker:git
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
&& chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- git submodule update --init --recursive webassets || true
- rm -f /root/.ssh/id_rsa
- mkdir -p /go/cache /go/artifacts
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt;
else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Wait for docker
image: docker
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
volumes:
- name: dockersock
path: /var/run
- name: Download artifacts from S3
image: amazon/aws-cli
commands:
- export VERSION=$(cat /go/.version.txt)
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
export S3_PATH="tag/"; fi
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-arm-bin.tar.gz
/go/artifacts/
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-arm-bin.tar.gz
/go/artifacts/
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_REGION: us-west-2
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
- name: Build artifacts
image: docker
commands:
- apk add --no-cache bash curl gzip make tar
- cd /go/src/github.com/gravitational/teleport
- export VERSION=$(cat /go/.version.txt)
- mkdir -m0700 $GNUPG_DIR
- echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPG_DIR
- chown -R root:root $GNUPG_DIR
- make rpm
- rm -rf $GNUPG_DIR
environment:
ARCH: arm
ENT_TARBALL_PATH: /go/artifacts
GNUPG_DIR: /tmpfs/gnupg
GPG_RPM_SIGNING_ARCHIVE:
from_secret: GPG_RPM_SIGNING_ARCHIVE
OSS_TARBALL_PATH: /go/artifacts
TMPDIR: /go
volumes:
- name: tmpfs
path: /tmpfs
- name: dockersock
path: /var/run
- name: Copy artifacts
image: docker
commands:
- cd /go/src/github.com/gravitational/teleport
- find build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts
\;
- find e/build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts
\;
- name: Upload to S3
image: plugins/s3
settings:
access_key:
from_secret: AWS_ACCESS_KEY_ID
bucket:
from_secret: AWS_S3_BUCKET
region: us-west-2
secret_key:
from_secret: AWS_SECRET_ACCESS_KEY
source: /go/artifacts/*
strip_prefix: /go/artifacts/
target: teleport/tag/${DRONE_TAG##v}
- name: Register artifacts
image: docker
commands:
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
- which curl || apk add --no-cache curl
- |-
cd "$WORKSPACE_DIR/go/artifacts"
for file in $(find . -type f ! -iname '*.sha256'); do
# Skip files that are not results of this build
# (e.g. tarballs from which OS packages are made)
[ -f "$file.sha256" ] || continue
product="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
echo "curl HTTP status: $status_code"
cat $WORKSPACE_DIR/curl_out.txt
exit 1
fi
curl $CREDENTIALS --fail -o /dev/null -F description="TODO" -F os="linux" -F arch="arm" -F "file=@$file" -F "sha256=$shasum" -F "releaseId=$product@$VERSION" "$RELEASES_HOST/assets";
done
environment:
RELEASES_CERT:
from_secret: RELEASES_CERT_STAGING
RELEASES_KEY:
from_secret: RELEASES_KEY_STAGING
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: tmpfs
path: /tmpfs
- name: dockersock
path: /var/run
volumes:
- name: tmpfs
temp:
medium: memory
- name: dockersock
temp: {}
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/tag.go:235
################################################
kind: pipeline
type: kubernetes
name: build-windows-amd64
environment:
RUNTIME: go1.17.2
trigger:
event:
include:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
steps:
- name: Check out code
image: docker:git
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
&& chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
- git submodule update --init --recursive webassets || true
- rm -f /root/.ssh/id_rsa
- mkdir -p /go/cache /go/artifacts
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt;
else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
- name: Wait for docker
image: docker
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
volumes:
- name: dockersock
path: /var/run
- name: Build artifacts
image: docker
commands:
- apk add --no-cache make
- chown -R $UID:$GID /go
- cd /go/src/github.com/gravitational/teleport
- echo -n "$WINDOWS_SIGNING_CERT" | base64 -d > windows-signing-cert.pfx
- make -C build.assets release-amd64
- rm -f windows-signing-cert.pfx
environment:
ARCH: amd64
GID: "1000"
GOCACHE: /go/cache
GOPATH: /go
OS: windows
UID: "1000"
WINDOWS_SIGNING_CERT:
from_secret: WINDOWS_SIGNING_CERT
volumes:
- name: dockersock
path: /var/run
- name: Copy artifacts
image: docker
commands:
- cd /go/src/github.com/gravitational/teleport
- find . -maxdepth 1 -iname "teleport*.zip" -print -exec cp {} /go/artifacts \;
- export VERSION=$(cat /go/.version.txt)
- cp /go/artifacts/teleport-v$${VERSION}-windows-amd64-bin.zip /go/artifacts/teleport-ent-v$${VERSION}-windows-amd64-bin.zip
- cd /go/artifacts && for FILE in teleport*.zip; do sha256sum $FILE > $FILE.sha256;
done && ls -l
- name: Upload to S3
image: plugins/s3
settings:
access_key:
from_secret: AWS_ACCESS_KEY_ID
bucket:
from_secret: AWS_S3_BUCKET
region: us-west-2
secret_key:
from_secret: AWS_SECRET_ACCESS_KEY
source: /go/artifacts/*
strip_prefix: /go/artifacts/
target: teleport/tag/${DRONE_TAG##v}
- name: Register artifacts
image: docker
commands:
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
- which curl || apk add --no-cache curl
- |-
cd "$WORKSPACE_DIR/go/artifacts"
for file in $(find . -type f ! -iname '*.sha256'); do
# Skip files that are not results of this build
# (e.g. tarballs from which OS packages are made)
[ -f "$file.sha256" ] || continue
product="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
echo "curl HTTP status: $status_code"
cat $WORKSPACE_DIR/curl_out.txt
exit 1
fi
curl $CREDENTIALS --fail -o /dev/null -F description="TODO" -F os="windows" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" -F "releaseId=$product@$VERSION" "$RELEASES_HOST/assets";
done
environment:
RELEASES_CERT:
from_secret: RELEASES_CERT_STAGING
RELEASES_KEY:
from_secret: RELEASES_KEY_STAGING
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
---
kind: pipeline
type: kubernetes
name: build-docker-images
environment:
RUNTIME: go1.17.2
trigger:
event:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
steps:
- name: Check out code
image: docker:git
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
GOCACHE: /go/cache
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
# fetch enterprise submodules
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
# this is allowed to fail because pre-4.3 Teleport versions don't use the webassets submodule
- git submodule update --init --recursive webassets || true
- rm -f /root/.ssh/id_rsa
# create necessary directories
- mkdir -p /go/artifacts $GOCACHE
# set version
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
- name: Build/push OSS/Enterprise Docker images
image: docker
environment:
UID: 1000
GID: 1000
GOCACHE: /go/cache
GOPATH: /go
OS: linux
ARCH: amd64
settings:
username:
from_secret: QUAYIO_DOCKER_USERNAME
password:
from_secret: QUAYIO_DOCKER_PASSWORD
volumes:
- name: dockersock
path: /var/run
commands:
- apk add --no-cache make
- chown -R $UID:$GID /go
- docker login -u="$PLUGIN_USERNAME" -p="$PLUGIN_PASSWORD" quay.io
- docker pull quay.io/gravitational/teleport-buildbox:$RUNTIME || true
- cd /go/src/github.com/gravitational/teleport
- make image-ci publish-ci
- name: Build/push FIPS Docker image
image: docker
environment:
UID: 1000
GID: 1000
GOCACHE: /go/cache
GOPATH: /go
OS: linux
ARCH: amd64
settings:
username:
from_secret: QUAYIO_DOCKER_USERNAME
password:
from_secret: QUAYIO_DOCKER_PASSWORD
volumes:
- name: dockersock
path: /var/run
commands:
- apk add --no-cache make
- chown -R $UID:$GID /go
- docker login -u="$PLUGIN_USERNAME" -p="$PLUGIN_PASSWORD" quay.io
- docker pull quay.io/gravitational/teleport-buildbox:$RUNTIME || true
- cd /go/src/github.com/gravitational/teleport
# VERSION needs to be set manually when running in the e directory.
# Normally, the version is set and exported by the root Makefile and then inherited,
# but this is not the case for FIPS builds (which only run in e/Makefile)
- export VERSION=$(cat /go/.version.txt)
- make -C e image-fips-ci publish-fips-ci
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
---
kind: pipeline
type: kubernetes
name: build-oss-amis
trigger:
event:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
depends_on:
- build-linux-amd64
workspace:
path: /go
clone:
disable: true
steps:
- name: Check out code
image: docker:git
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
# set version
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
- name: Download built tarball artifacts from S3
image: amazon/aws-cli
environment:
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
AWS_REGION: us-west-2
commands:
- export VERSION=$(cat /go/.version.txt)
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else export S3_PATH="tag/"; fi
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-amd64-bin.tar.gz /go/src/github.com/gravitational/teleport/assets/aws/files
- name: Build OSS AMIs
image: hashicorp/packer:1.7.6
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_PACKER_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_PACKER_SECRET_ACCESS_KEY
volumes:
- name: dockersock
path: /var/run
commands:
- apk add --no-cache aws-cli jq make
- cd /go/src/github.com/gravitational/teleport/assets/aws
- export TELEPORT_VERSION=$(cat /go/.version.txt)
- export PUBLIC_AMI_NAME=gravitational-teleport-ami-oss-$TELEPORT_VERSION
- |
if [ "${DRONE_BUILD_EVENT}" = "tag" ]; then
echo "---> Building production OSS AMIs"
echo "---> Note: these AMIs will not be made public until the 'promote' step is run"
make oss-ci-build
else
echo "---> Building debug OSS AMIs"
make oss
fi
- name: Sync OSS build timestamp to S3
image: amazon/aws-cli
environment:
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
AWS_REGION: us-west-2
commands:
- export VERSION=$(cat /go/.version.txt)
- aws s3 cp /go/src/github.com/gravitational/teleport/assets/aws/files/build/oss_build_timestamp.txt s3://$AWS_S3_BUCKET/teleport/ami/$${VERSION}/
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
---
kind: pipeline
type: kubernetes
name: build-ent-amis
trigger:
event:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
depends_on:
- build-linux-amd64
- build-linux-amd64-fips
workspace:
path: /go
clone:
disable: true
steps:
- name: Check out code
image: docker:git
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
# set version
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
- name: Download built tarball artifacts from S3
image: amazon/aws-cli
environment:
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
AWS_REGION: us-west-2
commands:
- export VERSION=$(cat /go/.version.txt)
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else export S3_PATH="tag/"; fi
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-bin.tar.gz /go/src/github.com/gravitational/teleport/assets/aws/files
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-fips-bin.tar.gz /go/src/github.com/gravitational/teleport/assets/aws/files
- name: Build Enterprise AMIs
image: hashicorp/packer:1.7.6
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_PACKER_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_PACKER_SECRET_ACCESS_KEY
volumes:
- name: dockersock
path: /var/run
commands:
- apk add --no-cache aws-cli jq make
- cd /go/src/github.com/gravitational/teleport/assets/aws
- export TELEPORT_VERSION=$(cat /go/.version.txt)
- export PUBLIC_AMI_NAME=gravitational-teleport-ami-ent-$TELEPORT_VERSION
- export FIPS_AMI_NAME=gravitational-teleport-ami-ent-$TELEPORT_VERSION-fips
- |
if [ "${DRONE_BUILD_EVENT}" = "tag" ]; then
echo "---> Building production Enterprise AMIs"
echo "---> Note: these AMIs will not be made public until the 'promote' step is run"
make ent-ci-build
else
echo "---> Building debug Enterprise AMIs"
make ent
fi
- name: Sync Enterprise build timestamp to S3
image: amazon/aws-cli
environment:
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
AWS_REGION: us-west-2
commands:
- export VERSION=$(cat /go/.version.txt)
- aws s3 cp /go/src/github.com/gravitational/teleport/assets/aws/files/build/ent_build_timestamp.txt s3://$AWS_S3_BUCKET/teleport/ami/$${VERSION}/
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
---
################################################
# Generated using dronegen, do not edit by hand!
# Use 'make dronegen' to update.
# Generated at dronegen/buildbox.go:72
################################################
kind: pipeline
type: kubernetes
name: build-buildboxes
environment:
GID: "1000"
RUNTIME: go1.17.2
UID: "1000"
trigger:
event:
include:
- push
repo:
include:
- gravitational/teleport
branch:
include:
- master
workspace:
path: /go/src/github.com/gravitational/teleport
clone:
disable: true
steps:
- name: Check out code
image: docker:git
commands:
- git clone --depth 1 --single-branch --branch ${DRONE_SOURCE_BRANCH:-master} https://github.com/gravitational/${DRONE_REPO_NAME}.git
.
- git checkout ${DRONE_COMMIT}
- name: Wait for docker
image: docker
commands:
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
volumes:
- name: dockersock
path: /var/run
- name: buildbox
image: docker
commands:
- apk add --no-cache make
- chown -R $UID:$GID /go
- docker login -u="$$QUAYIO_DOCKER_USERNAME" -p="$$QUAYIO_DOCKER_PASSWORD" quay.io
- make -C build.assets buildbox
- docker push quay.io/gravitational/teleport-buildbox:$RUNTIME
environment:
QUAYIO_DOCKER_PASSWORD:
from_secret: QUAYIO_DOCKER_PASSWORD
QUAYIO_DOCKER_USERNAME:
from_secret: QUAYIO_DOCKER_USERNAME
volumes:
- name: dockersock
path: /var/run
- name: buildbox-fips
image: docker
commands:
- apk add --no-cache make
- chown -R $UID:$GID /go
- docker login -u="$$QUAYIO_DOCKER_USERNAME" -p="$$QUAYIO_DOCKER_PASSWORD" quay.io
- make -C build.assets buildbox-fips
- docker push quay.io/gravitational/teleport-buildbox-fips:$RUNTIME
environment:
QUAYIO_DOCKER_PASSWORD:
from_secret: QUAYIO_DOCKER_PASSWORD
QUAYIO_DOCKER_USERNAME:
from_secret: QUAYIO_DOCKER_USERNAME
volumes:
- name: dockersock
path: /var/run
- name: buildbox-centos6
image: docker
commands:
- apk add --no-cache make
- chown -R $UID:$GID /go
- docker login -u="$$QUAYIO_DOCKER_USERNAME" -p="$$QUAYIO_DOCKER_PASSWORD" quay.io
- make -C build.assets buildbox-centos6
- docker push quay.io/gravitational/teleport-buildbox-centos6:$RUNTIME
environment:
QUAYIO_DOCKER_PASSWORD:
from_secret: QUAYIO_DOCKER_PASSWORD
QUAYIO_DOCKER_USERNAME:
from_secret: QUAYIO_DOCKER_USERNAME
volumes:
- name: dockersock
path: /var/run
- name: buildbox-arm
image: docker
commands:
- apk add --no-cache make
- chown -R $UID:$GID /go
- docker login -u="$$QUAYIO_DOCKER_USERNAME" -p="$$QUAYIO_DOCKER_PASSWORD" quay.io
- make -C build.assets buildbox-arm
- docker push quay.io/gravitational/teleport-buildbox-arm:$RUNTIME
environment:
QUAYIO_DOCKER_PASSWORD:
from_secret: QUAYIO_DOCKER_PASSWORD
QUAYIO_DOCKER_USERNAME:
from_secret: QUAYIO_DOCKER_USERNAME
volumes:
- name: dockersock
path: /var/run
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
---
kind: pipeline
type: kubernetes
name: promote-build
trigger:
event:
- promote
target:
- production
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
steps:
- name: Download artifacts from S3
image: amazon/aws-cli
environment:
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
AWS_REGION: us-west-2
commands:
- mkdir -p /go/artifacts
- aws s3 sync s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}/ /go/artifacts/
- name: Upload artifacts to production S3
image: plugins/s3
settings:
bucket:
from_secret: PRODUCTION_AWS_S3_BUCKET
access_key:
from_secret: PRODUCTION_AWS_ACCESS_KEY_ID
secret_key:
from_secret: PRODUCTION_AWS_SECRET_ACCESS_KEY
region: us-east-1
acl: public-read
source: /go/artifacts/*
target: teleport/${DRONE_TAG##v}/
strip_prefix: /go/artifacts/
- name: Pull/retag Docker images
image: docker
settings:
docker_staging_username:
from_secret: QUAYIO_DOCKER_USERNAME
docker_staging_password:
from_secret: QUAYIO_DOCKER_PASSWORD
docker_production_username:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
docker_production_password:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
volumes:
- name: dockersock
path: /var/run
commands:
# wait for docker to start
- sleep 3
- export VERSION=${DRONE_TAG##v}
# authenticate with staging credentials
- docker login -u="$PLUGIN_DOCKER_STAGING_USERNAME" -p="$PLUGIN_DOCKER_STAGING_PASSWORD" quay.io
# pull 'temporary' CI-built images
- echo "---> Pulling images for $${VERSION}"
- docker pull quay.io/gravitational/teleport-ci:$${VERSION}
- docker pull quay.io/gravitational/teleport-ent-ci:$${VERSION}
- docker pull quay.io/gravitational/teleport-ent-ci:$${VERSION}-fips
# retag images to production naming
- echo "---> Tagging images for $${VERSION}"
- docker tag quay.io/gravitational/teleport-ci:$${VERSION} quay.io/gravitational/teleport:$${VERSION}
- docker tag quay.io/gravitational/teleport-ent-ci:$${VERSION} quay.io/gravitational/teleport-ent:$${VERSION}
- docker tag quay.io/gravitational/teleport-ent-ci:$${VERSION}-fips quay.io/gravitational/teleport-ent:$${VERSION}-fips
# reauthenticate with production credentials
- docker logout quay.io
- docker login -u="$PLUGIN_DOCKER_PRODUCTION_USERNAME" -p="$PLUGIN_DOCKER_PRODUCTION_PASSWORD" quay.io
# push production images
- echo "---> Pushing images for $${VERSION}"
- docker push quay.io/gravitational/teleport:$${VERSION}
- docker push quay.io/gravitational/teleport-ent:$${VERSION}
- docker push quay.io/gravitational/teleport-ent:$${VERSION}-fips
- name: Check out code
image: docker:git
commands:
- |
mkdir -p /go/src/github.com/gravitational/teleport
cd /go/src/github.com/gravitational/teleport
git init && git remote add origin ${DRONE_REMOTE_URL}
git fetch origin +refs/tags/${DRONE_TAG}:
git checkout -qf FETCH_HEAD
- name: Download AMI timestamps
image: docker
environment:
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
commands:
- apk add --no-cache aws-cli
- mkdir -p /go/src/github.com/gravitational/teleport/assets/aws/files/build
- aws s3 sync s3://$AWS_S3_BUCKET/teleport/ami/${DRONE_TAG##v}/ /go/src/github.com/gravitational/teleport/assets/aws/files/build
- name: Make AMIs public
image: docker
environment:
AWS_ACCESS_KEY_ID:
from_secret: PRODUCTION_AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: PRODUCTION_AWS_SECRET_ACCESS_KEY
commands:
- apk add --no-cache aws-cli bash jq make
- cd /go/src/github.com/gravitational/teleport/assets/aws
- |
make change-amis-to-public-oss
make change-amis-to-public-ent
make change-amis-to-public-ent-fips
# Download all previously packaged charts. This is needed to rebuild the
# index and re-publish the repository.
- name: "Helm: Download chart repository"
image: amazon/aws-cli
environment:
AWS_S3_BUCKET:
from_secret: PRODUCTION_CHARTS_AWS_S3_BUCKET
AWS_ACCESS_KEY_ID:
from_secret: PRODUCTION_CHARTS_AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: PRODUCTION_CHARTS_AWS_SECRET_ACCESS_KEY
commands:
- mkdir -p /go/chart
- aws s3 sync s3://$AWS_S3_BUCKET/ /go/chart
- name: "Helm: Package chart repository"
image: alpine/helm:latest
commands:
- cd /go/chart
- helm package /go/src/github.com/gravitational/teleport/examples/chart/teleport-cluster
- helm package /go/src/github.com/gravitational/teleport/examples/chart/teleport-kube-agent
# copy index.html to root of the S3 bucket.
- cp /go/src/github.com/gravitational/teleport/examples/chart/index.html /go/chart
# this will index all previous versions of the charts downloaded from the S3 bucket,
# plus the just-packaged charts listed above
- helm repo index /go/chart
- ls /go/chart
- name: "Helm: Publish chart repository to S3"
image: plugins/s3
settings:
bucket:
from_secret: PRODUCTION_CHARTS_AWS_S3_BUCKET
access_key:
from_secret: PRODUCTION_CHARTS_AWS_ACCESS_KEY_ID
secret_key:
from_secret: PRODUCTION_CHARTS_AWS_SECRET_ACCESS_KEY
region: us-east-2
acl: public-read
source: /go/chart/*
target: /
strip_prefix: /go/chart
# NOTE: all mandatory steps for a release promotion need to go BEFORE this
# step, as there is a chance that everything afterwards will be skipped.
#
# this step exits early and skips all remanining steps in the pipeline if the
# tag looks like a pre-release, to avoid publishing RPMs for pre-release builds.
- name: Determine whether RPM/DEB packages should be published to repos
image: docker
commands:
- |
if [ "${DRONE_REPO}" != "gravitational/teleport" ]; then
echo "---> Not publishing ${DRONE_REPO} packages to repos"
exit 78
fi
# length will be 0 after filtering if this is a pre-release, >0 otherwise
FILTERED_TAG_LENGTH=$(echo ${DRONE_TAG} | egrep -v '(alpha|beta|dev|rc)' | wc -c)
if [ $$FILTERED_TAG_LENGTH -eq 0 ]; then
echo "---> ${DRONE_TAG} looks like a pre-release, not publishing packages to repos"
# exit pipeline early with success status
exit 78
else
echo "---> Publishing packages to repos for ${DRONE_TAG}"
fi
- name: Download RPM repo contents
image: amazon/aws-cli
environment:
AWS_S3_BUCKET:
from_secret: RPMREPO_AWS_S3_BUCKET
AWS_ACCESS_KEY_ID:
from_secret: RPMREPO_AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: RPMREPO_AWS_SECRET_ACCESS_KEY
volumes:
- name: rpmrepo
path: /rpmrepo
commands:
- mkdir -p /rpmrepo/teleport/cache
# we explicitly want to delete anything present locally which has been deleted
# from the upstream S3 bucket
- aws s3 sync s3://$AWS_S3_BUCKET/teleport/ /rpmrepo/teleport/ --delete
- mkdir -p /rpmrepo/teleport/${DRONE_TAG##v}
- cp -a /go/artifacts/*.rpm /rpmrepo/teleport/${DRONE_TAG##v}/
# we do this using a CentOS 7 container to make sure that the repo files are
# compatible with older versions, also there's no createrepo package in alpine main
- name: Regenerate RPM repo metadata
image: centos:7
volumes:
- name: rpmrepo
path: /rpmrepo
commands:
- yum -y install createrepo
- createrepo --cachedir /rpmrepo/teleport/cache --update /rpmrepo/teleport
# This step requires centos:8 to get gpg 2.2+
# centos:7's gpg 2.0 doesn't understand the format of GPG_RPM_SIGNING_ARCHIVE
- name: Sign RPM repo metadata
image: centos:8
volumes:
- name: rpmrepo
path: /rpmrepo
# for in-memory tmpfs for key material
- name: tmpfs
path: /tmpfs
environment:
GNUPGHOME: /tmpfs/gnupg
GPG_RPM_SIGNING_ARCHIVE:
from_secret: GPG_RPM_SIGNING_ARCHIVE
commands:
- |
# extract signing key
mkdir -m0700 $GNUPGHOME
echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPGHOME
chown -R root:root $GNUPGHOME
# Sign rpm repo metadata (yum clients will automatically look for and verify repodata/repomd.xml.asc)
- gpg --detach-sign --armor /rpmrepo/teleport/repodata/repomd.xml
- cat /rpmrepo/teleport/repodata/repomd.xml.asc
- rm -rf $GNUPGHOME
- name: Sync RPM repo changes to S3
image: amazon/aws-cli
environment:
AWS_S3_BUCKET:
from_secret: RPMREPO_AWS_S3_BUCKET
AWS_ACCESS_KEY_ID:
from_secret: RPMREPO_AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: RPMREPO_AWS_SECRET_ACCESS_KEY
volumes:
- name: rpmrepo
path: /rpmrepo
commands:
- aws s3 sync /rpmrepo/teleport/ s3://$AWS_S3_BUCKET/teleport/
- name: Download DEB repo contents
image: amazon/aws-cli
environment:
AWS_S3_BUCKET:
from_secret: DEBREPO_AWS_S3_BUCKET
AWS_ACCESS_KEY_ID:
from_secret: DEBREPO_AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: DEBREPO_AWS_SECRET_ACCESS_KEY
volumes:
- name: debrepo
path: /debrepo
commands:
# we explicitly want to delete anything present locally which has been deleted
# from the upstream S3 bucket
- mkdir -p /debrepo/teleport
- aws s3 sync s3://$AWS_S3_BUCKET/teleport /debrepo/teleport --delete
- name: Build DEB repo
image: ubuntu:20.04
environment:
DEBIAN_FRONTEND: noninteractive
GNUPGHOME: /tmpfs/gnupg
GPG_RPM_SIGNING_ARCHIVE:
from_secret: GPG_RPM_SIGNING_ARCHIVE
volumes:
- name: dockersock
path: /var/run
- name: debrepo
path: /debrepo
# for in-memory tmpfs for key material
- name: tmpfs
path: /tmpfs
commands:
- |
# install needed tools
apt-get -y update && apt-get -y install curl gzip gnupg2 reprepro tar
- |
# write config files
mkdir -p /go/reprepro/teleport/conf /go/reprepro/teleport/public
cat << EOF > /go/reprepro/teleport/conf/distributions
Origin: teleport
Label: teleport
Codename: stable
Architectures: i386 amd64 arm arm64
Components: main
Description: apt repository for teleport
SignWith: 6282C411
EOF
cat << EOF > /go/reprepro/teleport/conf/options
verbose
basedir /go/reprepro/teleport
EOF
- |
# extract signing key
mkdir -m0700 $GNUPGHOME
echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPGHOME
chown -R root:root $GNUPGHOME
- |
# create repo
cd /go/reprepro/teleport
reprepro --outdir /go/reprepro/teleport/public includedeb stable /go/artifacts/teleport*.deb
- |
# clean up gnupg
rm -rf $GNUPGHOME
- |
# copy artifacts to PVC
cp -r /go/reprepro/teleport /debrepo/
- name: Sync DEB repo changes to S3
image: amazon/aws-cli
environment:
AWS_S3_BUCKET:
from_secret: DEBREPO_AWS_S3_BUCKET
AWS_ACCESS_KEY_ID:
from_secret: DEBREPO_AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: DEBREPO_AWS_SECRET_ACCESS_KEY
volumes:
- name: debrepo
path: /debrepo
commands:
- aws s3 sync /debrepo/teleport/ s3://$AWS_S3_BUCKET/teleport/
services:
- name: Start Docker
image: docker:dind
privileged: true
volumes:
- name: dockersock
path: /var/run
- name: tmpfs
path: /tmpfs
volumes:
- name: dockersock
temp: {}
- name: tmpfs
temp:
medium: memory
# these persistent volumes cache RPMs/DEBs near Drone so that we don't need to download the
# entire repo contents from S3 every time to build the repo, we just sync any differences
- name: rpmrepo
claim:
name: drone-s3-rpmrepo-pvc
- name: debrepo
claim:
name: drone-s3-debrepo-pvc
---
kind: signature
hmac: 1473746cd33150de6ce4e6be53478ad6961414d1e34987d9eff4b3e17bcfe5a2
...
Reference in a new issue View git blame Copy permalink