mirror of
https://github.com/gravitational/teleport
synced 2024-10-21 01:34:01 +00:00
4e324e74e3
This helps support zypper on Suse, and improves our general RPM distribution security posture. The threat model is someone compromises AWS, but not our signing keys. In this case, they could update repo metatdata to point to an unsigned package. With metadata signed, this is no longer possible -- both the index and the package are verified. For more info on this change, see this very helpful blog post: https://blog.packagecloud.io/eng/2014/11/24/howto-gpg-sign-verify-rpm-packages-yum-repositories/
5172 lines
170 KiB
YAML
5172 lines
170 KiB
YAML
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/push.go:104
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: push-build-linux-amd64
|
|
environment:
|
|
GID: "1000"
|
|
RUNTIME: go1.17.2
|
|
UID: "1000"
|
|
trigger:
|
|
event:
|
|
include:
|
|
- push
|
|
exclude:
|
|
- pull_request
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
branch:
|
|
include:
|
|
- master
|
|
- branch/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport /go/cache
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git init && git remote add origin ${DRONE_REMOTE_URL}
|
|
- git fetch origin
|
|
- git checkout -qf ${DRONE_COMMIT_SHA}
|
|
- git submodule update --init webassets || true
|
|
- mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa &&
|
|
chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make
|
|
- chown -R $UID:$GID /go
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- make -C build.assets release-amd64
|
|
environment:
|
|
ARCH: amd64
|
|
GID: "1000"
|
|
GOCACHE: /go/cache
|
|
GOPATH: /go
|
|
OS: linux
|
|
UID: "1000"
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Send Slack notification
|
|
image: plugins/slack
|
|
settings:
|
|
webhook:
|
|
from_secret: SLACK_WEBHOOK_DEV_TELEPORT
|
|
template:
|
|
- |
|
|
*{{#success build.status}}✔{{ else }}✘{{/success}} {{ uppercasefirst build.status }}: Build #{{ build.number }}* (type: `{{ build.event }}`)
|
|
`${DRONE_STAGE_NAME}` artifact build failed.
|
|
*Warning:* This is a genuine failure to build the Teleport binary from `{{ build.branch }}` (likely due to a bad merge or commit) and should be investigated immediately.
|
|
Commit: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commit/{{ build.commit }}|{{ truncate build.commit 8 }}>
|
|
Branch: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commits/{{ build.branch }}|{{ repo.owner }}/{{ repo.name }}:{{ build.branch }}>
|
|
Author: <https://github.com/{{ build.author }}|{{ build.author }}>
|
|
<{{ build.link }}|Visit Drone build page ↗>
|
|
when:
|
|
status:
|
|
- failure
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/push.go:104
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: push-build-linux-386
|
|
environment:
|
|
GID: "1000"
|
|
RUNTIME: go1.17.2
|
|
UID: "1000"
|
|
trigger:
|
|
event:
|
|
include:
|
|
- push
|
|
exclude:
|
|
- pull_request
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
branch:
|
|
include:
|
|
- master
|
|
- branch/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport /go/cache
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git init && git remote add origin ${DRONE_REMOTE_URL}
|
|
- git fetch origin
|
|
- git checkout -qf ${DRONE_COMMIT_SHA}
|
|
- git submodule update --init webassets || true
|
|
- mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa &&
|
|
chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make
|
|
- chown -R $UID:$GID /go
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- make -C build.assets release-386
|
|
environment:
|
|
ARCH: "386"
|
|
GID: "1000"
|
|
GOCACHE: /go/cache
|
|
GOPATH: /go
|
|
OS: linux
|
|
UID: "1000"
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Send Slack notification
|
|
image: plugins/slack
|
|
settings:
|
|
webhook:
|
|
from_secret: SLACK_WEBHOOK_DEV_TELEPORT
|
|
template:
|
|
- |
|
|
*{{#success build.status}}✔{{ else }}✘{{/success}} {{ uppercasefirst build.status }}: Build #{{ build.number }}* (type: `{{ build.event }}`)
|
|
`${DRONE_STAGE_NAME}` artifact build failed.
|
|
*Warning:* This is a genuine failure to build the Teleport binary from `{{ build.branch }}` (likely due to a bad merge or commit) and should be investigated immediately.
|
|
Commit: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commit/{{ build.commit }}|{{ truncate build.commit 8 }}>
|
|
Branch: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commits/{{ build.branch }}|{{ repo.owner }}/{{ repo.name }}:{{ build.branch }}>
|
|
Author: <https://github.com/{{ build.author }}|{{ build.author }}>
|
|
<{{ build.link }}|Visit Drone build page ↗>
|
|
when:
|
|
status:
|
|
- failure
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/push.go:104
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: push-build-linux-amd64-fips
|
|
environment:
|
|
GID: "1000"
|
|
RUNTIME: go1.17.2
|
|
UID: "1000"
|
|
trigger:
|
|
event:
|
|
include:
|
|
- push
|
|
exclude:
|
|
- pull_request
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
branch:
|
|
include:
|
|
- master
|
|
- branch/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport /go/cache
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git init && git remote add origin ${DRONE_REMOTE_URL}
|
|
- git fetch origin
|
|
- git checkout -qf ${DRONE_COMMIT_SHA}
|
|
- git submodule update --init webassets || true
|
|
- mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa &&
|
|
chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt;
|
|
else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make
|
|
- chown -R $UID:$GID /go
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- make -C build.assets release-amd64-fips
|
|
environment:
|
|
ARCH: amd64
|
|
FIPS: "yes"
|
|
GID: "1000"
|
|
GOCACHE: /go/cache
|
|
GOPATH: /go
|
|
OS: linux
|
|
UID: "1000"
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Send Slack notification
|
|
image: plugins/slack
|
|
settings:
|
|
webhook:
|
|
from_secret: SLACK_WEBHOOK_DEV_TELEPORT
|
|
template:
|
|
- |
|
|
*{{#success build.status}}✔{{ else }}✘{{/success}} {{ uppercasefirst build.status }}: Build #{{ build.number }}* (type: `{{ build.event }}`)
|
|
`${DRONE_STAGE_NAME}` artifact build failed.
|
|
*Warning:* This is a genuine failure to build the Teleport binary from `{{ build.branch }}` (likely due to a bad merge or commit) and should be investigated immediately.
|
|
Commit: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commit/{{ build.commit }}|{{ truncate build.commit 8 }}>
|
|
Branch: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commits/{{ build.branch }}|{{ repo.owner }}/{{ repo.name }}:{{ build.branch }}>
|
|
Author: <https://github.com/{{ build.author }}|{{ build.author }}>
|
|
<{{ build.link }}|Visit Drone build page ↗>
|
|
when:
|
|
status:
|
|
- failure
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/push.go:104
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: push-build-windows-amd64
|
|
environment:
|
|
GID: "1000"
|
|
RUNTIME: go1.17.2
|
|
UID: "1000"
|
|
trigger:
|
|
event:
|
|
include:
|
|
- push
|
|
exclude:
|
|
- pull_request
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
branch:
|
|
include:
|
|
- master
|
|
- branch/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport /go/cache
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git init && git remote add origin ${DRONE_REMOTE_URL}
|
|
- git fetch origin
|
|
- git checkout -qf ${DRONE_COMMIT_SHA}
|
|
- git submodule update --init webassets || true
|
|
- mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa &&
|
|
chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make
|
|
- chown -R $UID:$GID /go
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- make -C build.assets release-windows-unsigned
|
|
environment:
|
|
ARCH: amd64
|
|
GID: "1000"
|
|
GOCACHE: /go/cache
|
|
GOPATH: /go
|
|
OS: windows
|
|
UID: "1000"
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Send Slack notification
|
|
image: plugins/slack
|
|
settings:
|
|
webhook:
|
|
from_secret: SLACK_WEBHOOK_DEV_TELEPORT
|
|
template:
|
|
- |
|
|
*{{#success build.status}}✔{{ else }}✘{{/success}} {{ uppercasefirst build.status }}: Build #{{ build.number }}* (type: `{{ build.event }}`)
|
|
`${DRONE_STAGE_NAME}` artifact build failed.
|
|
*Warning:* This is a genuine failure to build the Teleport binary from `{{ build.branch }}` (likely due to a bad merge or commit) and should be investigated immediately.
|
|
Commit: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commit/{{ build.commit }}|{{ truncate build.commit 8 }}>
|
|
Branch: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commits/{{ build.branch }}|{{ repo.owner }}/{{ repo.name }}:{{ build.branch }}>
|
|
Author: <https://github.com/{{ build.author }}|{{ build.author }}>
|
|
<{{ build.link }}|Visit Drone build page ↗>
|
|
when:
|
|
status:
|
|
- failure
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/mac.go:32
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: exec
|
|
name: push-build-darwin-amd64
|
|
trigger:
|
|
event:
|
|
include:
|
|
- push
|
|
exclude:
|
|
- pull_request
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
branch:
|
|
include:
|
|
- master
|
|
- branch/*
|
|
workspace:
|
|
path: /tmp/push-build-darwin-amd64
|
|
platform:
|
|
os: darwin
|
|
arch: amd64
|
|
clone:
|
|
disable: true
|
|
concurrency:
|
|
limit: 1
|
|
steps:
|
|
- name: Set up exec runner storage
|
|
commands:
|
|
- set -u
|
|
- mkdir -p $WORKSPACE_DIR
|
|
- chmod -R u+rw $WORKSPACE_DIR
|
|
- rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/push-build-darwin-amd64
|
|
- name: Check out code
|
|
commands:
|
|
- set -u
|
|
- mkdir -p $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 $WORKSPACE_DIR/.ssh && echo "$GITHUB_PRIVATE_KEY" > $WORKSPACE_DIR/.ssh/id_rsa
|
|
&& chmod 600 $WORKSPACE_DIR/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > $WORKSPACE_DIR/.ssh/known_hosts 2>/dev/null
|
|
- chmod 600 $WORKSPACE_DIR/.ssh/known_hosts
|
|
- GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts
|
|
-F /dev/null' git submodule update --init e
|
|
- GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts
|
|
-F /dev/null' git submodule update --init --recursive webassets || true
|
|
- rm -rf $WORKSPACE_DIR/.ssh
|
|
- mkdir -p $WORKSPACE_DIR/go/cache
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
WORKSPACE_DIR: /tmp/push-build-darwin-amd64
|
|
- name: Install Go Toolchain
|
|
commands:
|
|
- set -u
|
|
- mkdir -p ~/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED-toolchains
|
|
- curl --silent -O https://dl.google.com/go/$RUNTIME.darwin-amd64.tar.gz
|
|
- tar -C ~/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED-toolchains -xzf $RUNTIME.darwin-amd64.tar.gz
|
|
- rm -rf $RUNTIME.darwin-amd64.tar.gz
|
|
environment:
|
|
RUNTIME: go1.17.2
|
|
- name: Install Rust Toolchain
|
|
commands:
|
|
- set -u
|
|
- export PATH=/Users/build/.cargo/bin:$PATH
|
|
- mkdir -p ~/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED-toolchains
|
|
- export RUST_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets
|
|
print-rust-version)
|
|
- export CARGO_HOME=~/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED-toolchains
|
|
- export RUST_HOME=$CARGO_HOME
|
|
- rustup toolchain install $RUST_VERSION
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/push-build-darwin-amd64
|
|
- name: Build Mac artifacts
|
|
commands:
|
|
- set -u
|
|
- export RUST_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets
|
|
print-rust-version)
|
|
- export CARGO_HOME=~/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED-toolchains
|
|
- export RUST_HOME=$CARGO_HOME
|
|
- export PATH=~/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED-toolchains/go/bin:$CARGO_HOME/bin:/Users/build/.cargo/bin:$PATH
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- rustup override set $RUST_VERSION
|
|
- make clean release OS=$OS ARCH=$ARCH
|
|
environment:
|
|
ARCH: amd64
|
|
GOCACHE: /tmp/push-build-darwin-amd64/go/cache
|
|
GOPATH: /tmp/push-build-darwin-amd64/go
|
|
OS: darwin
|
|
WORKSPACE_DIR: /tmp/push-build-darwin-amd64
|
|
- name: Clean up toolchains (post)
|
|
commands:
|
|
- set -u
|
|
- export PATH=/Users/build/.cargo/bin:$PATH
|
|
- export CARGO_HOME=~/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED-toolchains
|
|
- export RUST_HOME=$CARGO_HOME
|
|
- export RUST_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets
|
|
print-rust-version)
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- rustup override unset
|
|
- rustup toolchain uninstall $RUST_VERSION
|
|
- rm -rf ~/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED-toolchains
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/push-build-darwin-amd64
|
|
when:
|
|
status:
|
|
- success
|
|
- failure
|
|
- name: Clean up exec runner storage (post)
|
|
commands:
|
|
- set -u
|
|
- chmod -R u+rw $WORKSPACE_DIR
|
|
- rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/push-build-darwin-amd64
|
|
- name: Send Slack notification (exec)
|
|
commands:
|
|
- |2
|
|
|
|
export DRONE_BUILD_LINK="${DRONE_SYSTEM_PROTO}://${DRONE_SYSTEM_HOSTNAME}/${DRONE_REPO_OWNER}/${DRONE_REPO_NAME}/${DRONE_BUILD_NUMBER}"
|
|
export GOOS=$(go env GOOS)
|
|
export GOARCH=$(go env GOARCH)
|
|
- |2-
|
|
|
|
curl -sL -X POST -H 'Content-type: application/json' --data "{\"text\":\"Warning: \`${GOOS}-${GOARCH}\` artifact build failed for [\`${DRONE_REPO_NAME}\`] - please investigate immediately!\nBranch: \`${DRONE_BRANCH}\`\nCommit: \`${DRONE_COMMIT_SHA}\`\nLink: $DRONE_BUILD_LINK\"}" $SLACK_WEBHOOK_DEV_TELEPORT
|
|
environment:
|
|
SLACK_WEBHOOK_DEV_TELEPORT:
|
|
from_secret: SLACK_WEBHOOK_DEV_TELEPORT
|
|
when:
|
|
status:
|
|
- failure
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/push.go:104
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: push-build-linux-arm
|
|
environment:
|
|
GID: "1000"
|
|
RUNTIME: go1.17.2
|
|
UID: "1000"
|
|
trigger:
|
|
event:
|
|
include:
|
|
- push
|
|
exclude:
|
|
- pull_request
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
branch:
|
|
include:
|
|
- master
|
|
- branch/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport /go/cache
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git init && git remote add origin ${DRONE_REMOTE_URL}
|
|
- git fetch origin
|
|
- git checkout -qf ${DRONE_COMMIT_SHA}
|
|
- git submodule update --init webassets || true
|
|
- mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa &&
|
|
chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make
|
|
- chown -R $UID:$GID /go
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- make -C build.assets release-arm
|
|
environment:
|
|
ARCH: arm
|
|
GID: "1000"
|
|
GOCACHE: /go/cache
|
|
GOPATH: /go
|
|
OS: linux
|
|
UID: "1000"
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Send Slack notification
|
|
image: plugins/slack
|
|
settings:
|
|
webhook:
|
|
from_secret: SLACK_WEBHOOK_DEV_TELEPORT
|
|
template:
|
|
- |
|
|
*{{#success build.status}}✔{{ else }}✘{{/success}} {{ uppercasefirst build.status }}: Build #{{ build.number }}* (type: `{{ build.event }}`)
|
|
`${DRONE_STAGE_NAME}` artifact build failed.
|
|
*Warning:* This is a genuine failure to build the Teleport binary from `{{ build.branch }}` (likely due to a bad merge or commit) and should be investigated immediately.
|
|
Commit: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commit/{{ build.commit }}|{{ truncate build.commit 8 }}>
|
|
Branch: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commits/{{ build.branch }}|{{ repo.owner }}/{{ repo.name }}:{{ build.branch }}>
|
|
Author: <https://github.com/{{ build.author }}|{{ build.author }}>
|
|
<{{ build.link }}|Visit Drone build page ↗>
|
|
when:
|
|
status:
|
|
- failure
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/push.go:104
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: push-build-linux-arm64
|
|
environment:
|
|
GID: "1000"
|
|
RUNTIME: go1.17.2
|
|
UID: "1000"
|
|
trigger:
|
|
event:
|
|
include:
|
|
- push
|
|
exclude:
|
|
- pull_request
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
branch:
|
|
include:
|
|
- master
|
|
- branch/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport /go/cache
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git init && git remote add origin ${DRONE_REMOTE_URL}
|
|
- git fetch origin
|
|
- git checkout -qf ${DRONE_COMMIT_SHA}
|
|
- git submodule update --init webassets || true
|
|
- mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa &&
|
|
chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make
|
|
- chown -R $UID:$GID /go
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- make -C build.assets release-arm64
|
|
environment:
|
|
ARCH: arm64
|
|
GID: "1000"
|
|
GOCACHE: /go/cache
|
|
GOPATH: /go
|
|
OS: linux
|
|
UID: "1000"
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Send Slack notification
|
|
image: plugins/slack
|
|
settings:
|
|
webhook:
|
|
from_secret: SLACK_WEBHOOK_DEV_TELEPORT
|
|
template:
|
|
- |
|
|
*{{#success build.status}}✔{{ else }}✘{{/success}} {{ uppercasefirst build.status }}: Build #{{ build.number }}* (type: `{{ build.event }}`)
|
|
`${DRONE_STAGE_NAME}` artifact build failed.
|
|
*Warning:* This is a genuine failure to build the Teleport binary from `{{ build.branch }}` (likely due to a bad merge or commit) and should be investigated immediately.
|
|
Commit: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commit/{{ build.commit }}|{{ truncate build.commit 8 }}>
|
|
Branch: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commits/{{ build.branch }}|{{ repo.owner }}/{{ repo.name }}:{{ build.branch }}>
|
|
Author: <https://github.com/{{ build.author }}|{{ build.author }}>
|
|
<{{ build.link }}|Visit Drone build page ↗>
|
|
when:
|
|
status:
|
|
- failure
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: teleport-docker-cron
|
|
|
|
trigger:
|
|
cron:
|
|
- teleport-docker-cron
|
|
repo:
|
|
include:
|
|
- gravitational/teleport
|
|
|
|
workspace:
|
|
path: /go
|
|
|
|
clone:
|
|
disable: true
|
|
|
|
steps:
|
|
- name: Set up variables and Dockerfile
|
|
image: docker:git
|
|
environment:
|
|
# increment these variables when a new major/minor version is released to bump the automatic builds
|
|
# this only needs to be done on the master branch, as that's the branch that the Drone cron is configured for
|
|
# build major version images which are just teleport:x
|
|
CURRENT_VERSION_ROOT: v8
|
|
PREVIOUS_VERSION_ONE_ROOT: v7
|
|
PREVIOUS_VERSION_TWO_ROOT: v6
|
|
commands:
|
|
- apk --update --no-cache add curl
|
|
- mkdir -p /go/build && cd /go/build
|
|
# CURRENT_VERSION (8)
|
|
- echo $(git ls-remote --tags https://github.com/gravitational/teleport | cut -d'/' -f3 | grep $CURRENT_VERSION_ROOT | grep -Ev '(alpha|beta|dev|rc)' | sort -rV | head -n1) > /go/build/CURRENT_VERSION_TAG.txt
|
|
- echo "$(cat /go/build/CURRENT_VERSION_TAG.txt | cut -d. -f1 | tr -d '^v')" > /go/build/CURRENT_VERSION_TAG_GENERIC.txt
|
|
# PREVIOUS_VERSION_ONE (7)
|
|
- echo $(git ls-remote --tags https://github.com/gravitational/teleport | cut -d'/' -f3 | grep $PREVIOUS_VERSION_ONE_ROOT | grep -Ev '(alpha|beta|dev|rc)' | sort -rV | head -n1) > /go/build/PREVIOUS_VERSION_ONE_TAG.txt
|
|
- echo "$(cat /go/build/PREVIOUS_VERSION_ONE_TAG.txt | cut -d. -f1 | tr -d '^v')" > /go/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt
|
|
# PREVIOUS_VERSION_TWO (6)
|
|
- echo $(git ls-remote --tags https://github.com/gravitational/teleport | cut -d'/' -f3 | grep $PREVIOUS_VERSION_TWO_ROOT | grep -Ev '(alpha|beta|dev|rc)' | sort -rV | head -n1) > /go/build/PREVIOUS_VERSION_TWO_TAG.txt
|
|
- echo "$(cat /go/build/PREVIOUS_VERSION_TWO_TAG.txt | cut -d. -f1 | tr -d '^v')" > /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt
|
|
# list versions
|
|
- for FILE in /go/build/*.txt; do echo $FILE; cat $FILE; done
|
|
# get Dockerfiles
|
|
- curl -Ls -o /go/build/Dockerfile-cron https://raw.githubusercontent.com/gravitational/teleport/${DRONE_SOURCE_BRANCH:-master}/build.assets/Dockerfile-cron
|
|
# wait for Docker to be ready
|
|
- sleep 3
|
|
|
|
- name: Build and push Teleport containers (CURRENT_VERSION)
|
|
image: docker
|
|
environment:
|
|
OS: linux
|
|
ARCH: amd64
|
|
settings:
|
|
username:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
password:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
commands:
|
|
- export VERSION_TAG=$(cat /go/build/CURRENT_VERSION_TAG.txt)
|
|
- export OSS_IMAGE_NAME="quay.io/gravitational/teleport:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)"
|
|
- export ENT_IMAGE_NAME="quay.io/gravitational/teleport-ent:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)"
|
|
- export ENT_FIPS_IMAGE_NAME="quay.io/gravitational/teleport-ent:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)-fips"
|
|
- docker login -u="$PLUGIN_USERNAME" -p="$PLUGIN_PASSWORD" quay.io
|
|
# OSS
|
|
- docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $OSS_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build
|
|
- docker push $OSS_IMAGE_NAME
|
|
# Enterprise
|
|
- docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build
|
|
- docker push $ENT_IMAGE_NAME
|
|
# Enterprise FIPS
|
|
- docker build --target teleport-fips --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg EXTRA_DOWNLOAD_ARGS="-fips" --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_FIPS_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build
|
|
- docker push $ENT_FIPS_IMAGE_NAME
|
|
|
|
- name: Build and push Teleport containers (PREVIOUS_VERSION_ONE)
|
|
image: docker
|
|
environment:
|
|
OS: linux
|
|
ARCH: amd64
|
|
settings:
|
|
username:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
password:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
commands:
|
|
- export VERSION_TAG=$(cat /go/build/PREVIOUS_VERSION_ONE_TAG.txt)
|
|
- export OSS_IMAGE_NAME="quay.io/gravitational/teleport:$(cat /go/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt)"
|
|
- export ENT_IMAGE_NAME="quay.io/gravitational/teleport-ent:$(cat /go/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt)"
|
|
- export ENT_FIPS_IMAGE_NAME="quay.io/gravitational/teleport-ent:$(cat /go/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt)-fips"
|
|
- docker login -u="$PLUGIN_USERNAME" -p="$PLUGIN_PASSWORD" quay.io
|
|
# OSS
|
|
- docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $OSS_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build
|
|
- docker push $OSS_IMAGE_NAME
|
|
# Enterprise
|
|
- docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build
|
|
- docker push $ENT_IMAGE_NAME
|
|
# Enterprise FIPS
|
|
- docker build --target teleport-fips --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg EXTRA_DOWNLOAD_ARGS="-fips" --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_FIPS_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build
|
|
- docker push $ENT_FIPS_IMAGE_NAME
|
|
|
|
- name: Build and push Teleport containers (PREVIOUS_VERSION_TWO)
|
|
image: docker
|
|
environment:
|
|
OS: linux
|
|
ARCH: amd64
|
|
settings:
|
|
username:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
password:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
commands:
|
|
- export VERSION_TAG=$(cat /go/build/PREVIOUS_VERSION_TWO_TAG.txt)
|
|
- export OSS_IMAGE_NAME="quay.io/gravitational/teleport:$(cat /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt)"
|
|
- export ENT_IMAGE_NAME="quay.io/gravitational/teleport-ent:$(cat /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt)"
|
|
- export ENT_FIPS_IMAGE_NAME="quay.io/gravitational/teleport-ent:$(cat /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt)-fips"
|
|
- docker login -u="$PLUGIN_USERNAME" -p="$PLUGIN_PASSWORD" quay.io
|
|
# OSS
|
|
- docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $OSS_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build
|
|
- docker push $OSS_IMAGE_NAME
|
|
# Enterprise
|
|
- docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build
|
|
- docker push $ENT_IMAGE_NAME
|
|
# Enterprise FIPS
|
|
- docker build --target teleport-fips --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg EXTRA_DOWNLOAD_ARGS="-fips" --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_FIPS_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build
|
|
- docker push $ENT_FIPS_IMAGE_NAME
|
|
|
|
- name: Build/push Teleport Lab Docker image
|
|
image: docker:git
|
|
environment:
|
|
OS: linux
|
|
ARCH: amd64
|
|
settings:
|
|
username:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
password:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
commands:
|
|
- export TELEPORT_TAG=$(cat /go/build/CURRENT_VERSION_TAG.txt | tr -d '^v')
|
|
- export TELEPORT_LAB_IMAGE_NAME="quay.io/gravitational/teleport-lab:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)"
|
|
# Check out code
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git init && git remote add origin ${DRONE_REMOTE_URL}
|
|
- git fetch origin
|
|
- git checkout -qf ${DRONE_COMMIT_SHA}
|
|
# Build and push Teleport lab image
|
|
- docker login -u="$PLUGIN_USERNAME" -p="$PLUGIN_PASSWORD" quay.io
|
|
- docker build --build-arg TELEPORT_TAG=$TELEPORT_TAG -t $TELEPORT_LAB_IMAGE_NAME /go/src/github.com/gravitational/teleport/docker/sshd
|
|
- docker push $TELEPORT_LAB_IMAGE_NAME
|
|
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: teleport-helm-cron
|
|
|
|
trigger:
|
|
cron:
|
|
- teleport-helm-cron
|
|
repo:
|
|
include:
|
|
- gravitational/teleport
|
|
|
|
workspace:
|
|
path: /go
|
|
|
|
clone:
|
|
disable: true
|
|
|
|
steps:
|
|
- name: Check out code
|
|
image: alpine/git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_COMMIT}
|
|
- mkdir -p /go/chart
|
|
- cd /go/chart
|
|
|
|
- name: Download chart repo contents
|
|
image: amazon/aws-cli
|
|
environment:
|
|
AWS_S3_BUCKET:
|
|
from_secret: PRODUCTION_CHARTS_AWS_S3_BUCKET
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: PRODUCTION_CHARTS_AWS_ACCESS_KEY_ID
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: PRODUCTION_CHARTS_AWS_SECRET_ACCESS_KEY
|
|
commands:
|
|
- mkdir -p /go/chart
|
|
# download all previously packaged chart versions from the S3 bucket
|
|
- aws s3 sync s3://$AWS_S3_BUCKET/ /go/chart
|
|
|
|
- name: Package helm charts
|
|
image: alpine/helm:latest
|
|
commands:
|
|
- cd /go/chart
|
|
- helm package /go/src/github.com/gravitational/teleport/examples/chart/teleport-cluster
|
|
- helm package /go/src/github.com/gravitational/teleport/examples/chart/teleport-kube-agent
|
|
# copy index.html to root of the S3 bucket
|
|
- cp /go/src/github.com/gravitational/teleport/examples/chart/index.html /go/chart
|
|
# this will index all previous versions of the charts downloaded from the S3 bucket,
|
|
# plus the just-packaged charts listed above
|
|
- helm repo index /go/chart
|
|
|
|
- name: Upload to S3
|
|
image: plugins/s3
|
|
settings:
|
|
bucket:
|
|
from_secret: PRODUCTION_CHARTS_AWS_S3_BUCKET
|
|
access_key:
|
|
from_secret: PRODUCTION_CHARTS_AWS_ACCESS_KEY_ID
|
|
secret_key:
|
|
from_secret: PRODUCTION_CHARTS_AWS_SECRET_ACCESS_KEY
|
|
region: us-east-2
|
|
acl: public-read
|
|
source: /go/chart/*
|
|
target: /
|
|
strip_prefix: /go/chart
|
|
|
|
- name: Send Slack notification
|
|
image: plugins/slack
|
|
settings:
|
|
webhook:
|
|
from_secret: SLACK_WEBHOOK_DEV_TELEPORT
|
|
template: |
|
|
*{{#success build.status}}✔{{ else }}✘{{/success}} {{ uppercasefirst build.status }}: Build #{{ build.number }}* (type: `{{ build.event }}`)
|
|
Details: The `teleport-helm-cron` job in Drone failed to publish Helm charts to S3. This is unusual and should be investigated.
|
|
Commit: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commit/{{ build.commit }}|{{ truncate build.commit 8 }}>
|
|
Branch: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commits/{{ build.branch }}|{{ build.branch }}>
|
|
Author: <https://github.com/{{ build.author }}|{{ build.author }}>
|
|
<{{ build.link }}|Visit Drone build page ↗>
|
|
when:
|
|
status: [failure]
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go:235
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-amd64-centos7
|
|
environment:
|
|
RUNTIME: go1.17.2
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt;
|
|
else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make
|
|
- chown -R $UID:$GID /go
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- make -C build.assets release-amd64-centos7
|
|
environment:
|
|
ARCH: amd64
|
|
GID: "1000"
|
|
GOCACHE: /go/cache
|
|
GOPATH: /go
|
|
OS: linux
|
|
UID: "1000"
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find . -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- mv /go/artifacts/teleport-v$${VERSION}-linux-amd64-bin.tar.gz /go/artifacts/teleport-v$${VERSION}-linux-amd64-centos7-bin.tar.gz
|
|
- mv /go/artifacts/teleport-ent-v$${VERSION}-linux-amd64-bin.tar.gz /go/artifacts/teleport-ent-v$${VERSION}-linux-amd64-centos7-bin.tar.gz
|
|
- cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256;
|
|
done && ls -l
|
|
- name: Upload to S3
|
|
image: plugins/s3
|
|
settings:
|
|
access_key:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
bucket:
|
|
from_secret: AWS_S3_BUCKET
|
|
region: us-west-2
|
|
secret_key:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
source: /go/artifacts/*
|
|
strip_prefix: /go/artifacts/
|
|
target: teleport/tag/${DRONE_TAG##v}
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
for file in $(find . -type f ! -iname '*.sha256'); do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
product="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="TODO" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" -F "releaseId=$product@$VERSION" "$RELEASES_HOST/assets";
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT_STAGING
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY_STAGING
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go:235
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-amd64-centos7-fips
|
|
environment:
|
|
RUNTIME: go1.17.2
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt;
|
|
else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make
|
|
- chown -R $UID:$GID /go
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- make -C build.assets release-amd64-centos7-fips
|
|
environment:
|
|
ARCH: amd64
|
|
FIPS: "yes"
|
|
GID: "1000"
|
|
GOCACHE: /go/cache
|
|
GOPATH: /go
|
|
OS: linux
|
|
UID: "1000"
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- mv /go/artifacts/teleport-ent-v$${VERSION}-linux-amd64-fips-bin.tar.gz /go/artifacts/teleport-ent-v$${VERSION}-linux-amd64-centos7-fips-bin.tar.gz
|
|
- cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256;
|
|
done && ls -l
|
|
- name: Upload to S3
|
|
image: plugins/s3
|
|
settings:
|
|
access_key:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
bucket:
|
|
from_secret: AWS_S3_BUCKET
|
|
region: us-west-2
|
|
secret_key:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
source: /go/artifacts/*
|
|
strip_prefix: /go/artifacts/
|
|
target: teleport/tag/${DRONE_TAG##v}
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
for file in $(find . -type f ! -iname '*.sha256'); do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
product="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="TODO" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" -F "releaseId=$product@$VERSION" "$RELEASES_HOST/assets";
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT_STAGING
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY_STAGING
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go:235
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-amd64
|
|
environment:
|
|
RUNTIME: go1.17.2
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt;
|
|
else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make
|
|
- chown -R $UID:$GID /go
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- make -C build.assets release-amd64
|
|
environment:
|
|
ARCH: amd64
|
|
GID: "1000"
|
|
GOCACHE: /go/cache
|
|
GOPATH: /go
|
|
OS: linux
|
|
UID: "1000"
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find . -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256;
|
|
done && ls -l
|
|
- name: Upload to S3
|
|
image: plugins/s3
|
|
settings:
|
|
access_key:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
bucket:
|
|
from_secret: AWS_S3_BUCKET
|
|
region: us-west-2
|
|
secret_key:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
source: /go/artifacts/*
|
|
strip_prefix: /go/artifacts/
|
|
target: teleport/tag/${DRONE_TAG##v}
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
for file in $(find . -type f ! -iname '*.sha256'); do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
product="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="TODO" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" -F "releaseId=$product@$VERSION" "$RELEASES_HOST/assets";
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT_STAGING
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY_STAGING
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go:235
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-amd64-fips
|
|
environment:
|
|
RUNTIME: go1.17.2
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt;
|
|
else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make
|
|
- chown -R $UID:$GID /go
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- make -C build.assets release-amd64-fips
|
|
environment:
|
|
ARCH: amd64
|
|
FIPS: "yes"
|
|
GID: "1000"
|
|
GOCACHE: /go/cache
|
|
GOPATH: /go
|
|
OS: linux
|
|
UID: "1000"
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256;
|
|
done && ls -l
|
|
- name: Upload to S3
|
|
image: plugins/s3
|
|
settings:
|
|
access_key:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
bucket:
|
|
from_secret: AWS_S3_BUCKET
|
|
region: us-west-2
|
|
secret_key:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
source: /go/artifacts/*
|
|
strip_prefix: /go/artifacts/
|
|
target: teleport/tag/${DRONE_TAG##v}
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
for file in $(find . -type f ! -iname '*.sha256'); do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
product="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="TODO" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" -F "releaseId=$product@$VERSION" "$RELEASES_HOST/assets";
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT_STAGING
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY_STAGING
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go:235
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-amd64-centos6
|
|
environment:
|
|
RUNTIME: go1.17.2
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt;
|
|
else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make
|
|
- chown -R $UID:$GID /go
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- make -C build.assets release-amd64-centos6
|
|
environment:
|
|
ARCH: amd64
|
|
GID: "1000"
|
|
GOCACHE: /go/cache
|
|
GOPATH: /go
|
|
OS: linux
|
|
UID: "1000"
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find . -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- mv /go/artifacts/teleport-v$${VERSION}-linux-amd64-bin.tar.gz /go/artifacts/teleport-v$${VERSION}-linux-amd64-centos6-bin.tar.gz
|
|
- mv /go/artifacts/teleport-ent-v$${VERSION}-linux-amd64-bin.tar.gz /go/artifacts/teleport-ent-v$${VERSION}-linux-amd64-centos6-bin.tar.gz
|
|
- cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256;
|
|
done && ls -l
|
|
- name: Upload to S3
|
|
image: plugins/s3
|
|
settings:
|
|
access_key:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
bucket:
|
|
from_secret: AWS_S3_BUCKET
|
|
region: us-west-2
|
|
secret_key:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
source: /go/artifacts/*
|
|
strip_prefix: /go/artifacts/
|
|
target: teleport/tag/${DRONE_TAG##v}
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
for file in $(find . -type f ! -iname '*.sha256'); do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
product="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="TODO" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" -F "releaseId=$product@$VERSION" "$RELEASES_HOST/assets";
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT_STAGING
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY_STAGING
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go:418
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-amd64-rpm
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
depends_on:
|
|
- build-linux-amd64
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt;
|
|
else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Download artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
|
|
export S3_PATH="tag/"; fi
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-amd64-bin.tar.gz
|
|
/go/artifacts/
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-bin.tar.gz
|
|
/go/artifacts/
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache bash curl gzip make tar
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- mkdir -m0700 $GNUPG_DIR
|
|
- echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPG_DIR
|
|
- chown -R root:root $GNUPG_DIR
|
|
- make rpm
|
|
- rm -rf $GNUPG_DIR
|
|
environment:
|
|
ARCH: amd64
|
|
ENT_TARBALL_PATH: /go/artifacts
|
|
GNUPG_DIR: /tmpfs/gnupg
|
|
GPG_RPM_SIGNING_ARCHIVE:
|
|
from_secret: GPG_RPM_SIGNING_ARCHIVE
|
|
OSS_TARBALL_PATH: /go/artifacts
|
|
TMPDIR: /go
|
|
volumes:
|
|
- name: tmpfs
|
|
path: /tmpfs
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- find e/build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- name: Upload to S3
|
|
image: plugins/s3
|
|
settings:
|
|
access_key:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
bucket:
|
|
from_secret: AWS_S3_BUCKET
|
|
region: us-west-2
|
|
secret_key:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
source: /go/artifacts/*
|
|
strip_prefix: /go/artifacts/
|
|
target: teleport/tag/${DRONE_TAG##v}
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
for file in $(find . -type f ! -iname '*.sha256'); do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
product="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="TODO" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" -F "releaseId=$product@$VERSION" "$RELEASES_HOST/assets";
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT_STAGING
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY_STAGING
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: tmpfs
|
|
path: /tmpfs
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: tmpfs
|
|
temp:
|
|
medium: memory
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go:418
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-amd64-fips-rpm
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
depends_on:
|
|
- build-linux-amd64-fips
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt;
|
|
else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Download artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
|
|
export S3_PATH="tag/"; fi
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-fips-bin.tar.gz
|
|
/go/artifacts/
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache bash curl gzip make tar
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- mkdir -m0700 $GNUPG_DIR
|
|
- echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPG_DIR
|
|
- chown -R root:root $GNUPG_DIR
|
|
- make -C e rpm
|
|
- rm -rf $GNUPG_DIR
|
|
environment:
|
|
ARCH: amd64
|
|
ENT_TARBALL_PATH: /go/artifacts
|
|
FIPS: "yes"
|
|
GNUPG_DIR: /tmpfs/gnupg
|
|
GPG_RPM_SIGNING_ARCHIVE:
|
|
from_secret: GPG_RPM_SIGNING_ARCHIVE
|
|
RUNTIME: fips
|
|
TMPDIR: /go
|
|
volumes:
|
|
- name: tmpfs
|
|
path: /tmpfs
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find e/build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- name: Upload to S3
|
|
image: plugins/s3
|
|
settings:
|
|
access_key:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
bucket:
|
|
from_secret: AWS_S3_BUCKET
|
|
region: us-west-2
|
|
secret_key:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
source: /go/artifacts/*
|
|
strip_prefix: /go/artifacts/
|
|
target: teleport/tag/${DRONE_TAG##v}
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
for file in $(find . -type f ! -iname '*.sha256'); do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
product="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="TODO" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" -F "releaseId=$product@$VERSION" "$RELEASES_HOST/assets";
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT_STAGING
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY_STAGING
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: tmpfs
|
|
path: /tmpfs
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: tmpfs
|
|
temp:
|
|
medium: memory
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go:418
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-amd64-deb
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
depends_on:
|
|
- build-linux-amd64
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt;
|
|
else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Download artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
|
|
export S3_PATH="tag/"; fi
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-amd64-bin.tar.gz
|
|
/go/artifacts/
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-bin.tar.gz
|
|
/go/artifacts/
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache bash curl gzip make tar
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- make deb
|
|
environment:
|
|
ARCH: amd64
|
|
ENT_TARBALL_PATH: /go/artifacts
|
|
OSS_TARBALL_PATH: /go/artifacts
|
|
TMPDIR: /go
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- find e/build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- name: Upload to S3
|
|
image: plugins/s3
|
|
settings:
|
|
access_key:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
bucket:
|
|
from_secret: AWS_S3_BUCKET
|
|
region: us-west-2
|
|
secret_key:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
source: /go/artifacts/*
|
|
strip_prefix: /go/artifacts/
|
|
target: teleport/tag/${DRONE_TAG##v}
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
for file in $(find . -type f ! -iname '*.sha256'); do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
product="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="TODO" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" -F "releaseId=$product@$VERSION" "$RELEASES_HOST/assets";
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT_STAGING
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY_STAGING
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go:418
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-amd64-fips-deb
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
depends_on:
|
|
- build-linux-amd64-fips
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt;
|
|
else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Download artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
|
|
export S3_PATH="tag/"; fi
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-fips-bin.tar.gz
|
|
/go/artifacts/
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache bash curl gzip make tar
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- make -C e deb
|
|
environment:
|
|
ARCH: amd64
|
|
ENT_TARBALL_PATH: /go/artifacts
|
|
FIPS: "yes"
|
|
RUNTIME: fips
|
|
TMPDIR: /go
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find e/build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- name: Upload to S3
|
|
image: plugins/s3
|
|
settings:
|
|
access_key:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
bucket:
|
|
from_secret: AWS_S3_BUCKET
|
|
region: us-west-2
|
|
secret_key:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
source: /go/artifacts/*
|
|
strip_prefix: /go/artifacts/
|
|
target: teleport/tag/${DRONE_TAG##v}
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
for file in $(find . -type f ! -iname '*.sha256'); do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
product="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="TODO" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" -F "releaseId=$product@$VERSION" "$RELEASES_HOST/assets";
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT_STAGING
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY_STAGING
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go:235
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-386
|
|
environment:
|
|
RUNTIME: go1.17.2
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt;
|
|
else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make
|
|
- chown -R $UID:$GID /go
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- make -C build.assets release-386
|
|
environment:
|
|
ARCH: "386"
|
|
GID: "1000"
|
|
GOCACHE: /go/cache
|
|
GOPATH: /go
|
|
OS: linux
|
|
UID: "1000"
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find . -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256;
|
|
done && ls -l
|
|
- name: Upload to S3
|
|
image: plugins/s3
|
|
settings:
|
|
access_key:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
bucket:
|
|
from_secret: AWS_S3_BUCKET
|
|
region: us-west-2
|
|
secret_key:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
source: /go/artifacts/*
|
|
strip_prefix: /go/artifacts/
|
|
target: teleport/tag/${DRONE_TAG##v}
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
for file in $(find . -type f ! -iname '*.sha256'); do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
product="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="TODO" -F os="linux" -F arch="386" -F "file=@$file" -F "sha256=$shasum" -F "releaseId=$product@$VERSION" "$RELEASES_HOST/assets";
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT_STAGING
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY_STAGING
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go:418
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-386-rpm
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
depends_on:
|
|
- build-linux-386
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt;
|
|
else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Download artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
|
|
export S3_PATH="tag/"; fi
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-386-bin.tar.gz
|
|
/go/artifacts/
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-386-bin.tar.gz
|
|
/go/artifacts/
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache bash curl gzip make tar
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- mkdir -m0700 $GNUPG_DIR
|
|
- echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPG_DIR
|
|
- chown -R root:root $GNUPG_DIR
|
|
- make rpm
|
|
- rm -rf $GNUPG_DIR
|
|
environment:
|
|
ARCH: "386"
|
|
ENT_TARBALL_PATH: /go/artifacts
|
|
GNUPG_DIR: /tmpfs/gnupg
|
|
GPG_RPM_SIGNING_ARCHIVE:
|
|
from_secret: GPG_RPM_SIGNING_ARCHIVE
|
|
OSS_TARBALL_PATH: /go/artifacts
|
|
TMPDIR: /go
|
|
volumes:
|
|
- name: tmpfs
|
|
path: /tmpfs
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- find e/build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- name: Upload to S3
|
|
image: plugins/s3
|
|
settings:
|
|
access_key:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
bucket:
|
|
from_secret: AWS_S3_BUCKET
|
|
region: us-west-2
|
|
secret_key:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
source: /go/artifacts/*
|
|
strip_prefix: /go/artifacts/
|
|
target: teleport/tag/${DRONE_TAG##v}
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
for file in $(find . -type f ! -iname '*.sha256'); do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
product="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="TODO" -F os="linux" -F arch="386" -F "file=@$file" -F "sha256=$shasum" -F "releaseId=$product@$VERSION" "$RELEASES_HOST/assets";
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT_STAGING
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY_STAGING
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: tmpfs
|
|
path: /tmpfs
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: tmpfs
|
|
temp:
|
|
medium: memory
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go:418
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-386-deb
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
depends_on:
|
|
- build-linux-386
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt;
|
|
else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Download artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
|
|
export S3_PATH="tag/"; fi
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-386-bin.tar.gz
|
|
/go/artifacts/
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-386-bin.tar.gz
|
|
/go/artifacts/
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache bash curl gzip make tar
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- make deb
|
|
environment:
|
|
ARCH: "386"
|
|
ENT_TARBALL_PATH: /go/artifacts
|
|
OSS_TARBALL_PATH: /go/artifacts
|
|
TMPDIR: /go
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- find e/build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- name: Upload to S3
|
|
image: plugins/s3
|
|
settings:
|
|
access_key:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
bucket:
|
|
from_secret: AWS_S3_BUCKET
|
|
region: us-west-2
|
|
secret_key:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
source: /go/artifacts/*
|
|
strip_prefix: /go/artifacts/
|
|
target: teleport/tag/${DRONE_TAG##v}
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
for file in $(find . -type f ! -iname '*.sha256'); do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
product="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="TODO" -F os="linux" -F arch="386" -F "file=@$file" -F "sha256=$shasum" -F "releaseId=$product@$VERSION" "$RELEASES_HOST/assets";
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT_STAGING
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY_STAGING
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/mac.go:32
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: exec
|
|
name: build-darwin-amd64
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /tmp/build-darwin-amd64
|
|
platform:
|
|
os: darwin
|
|
arch: amd64
|
|
clone:
|
|
disable: true
|
|
concurrency:
|
|
limit: 1
|
|
steps:
|
|
- name: Set up exec runner storage
|
|
commands:
|
|
- set -u
|
|
- mkdir -p $WORKSPACE_DIR
|
|
- chmod -R u+rw $WORKSPACE_DIR
|
|
- rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64
|
|
- name: Check out code
|
|
commands:
|
|
- set -u
|
|
- mkdir -p $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 $WORKSPACE_DIR/.ssh && echo "$GITHUB_PRIVATE_KEY" > $WORKSPACE_DIR/.ssh/id_rsa
|
|
&& chmod 600 $WORKSPACE_DIR/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > $WORKSPACE_DIR/.ssh/known_hosts 2>/dev/null
|
|
- chmod 600 $WORKSPACE_DIR/.ssh/known_hosts
|
|
- GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts
|
|
-F /dev/null' git submodule update --init e
|
|
- GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts
|
|
-F /dev/null' git submodule update --init --recursive webassets || true
|
|
- rm -rf $WORKSPACE_DIR/.ssh
|
|
- mkdir -p $WORKSPACE_DIR/go/cache
|
|
- mkdir -p $WORKSPACE_DIR/go/artifacts
|
|
- echo "${DRONE_TAG##v}" > $WORKSPACE_DIR/go/.version.txt
|
|
- cat $WORKSPACE_DIR/go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64
|
|
- name: Install Go Toolchain
|
|
commands:
|
|
- set -u
|
|
- mkdir -p ~/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED-toolchains
|
|
- curl --silent -O https://dl.google.com/go/$RUNTIME.darwin-amd64.tar.gz
|
|
- tar -C ~/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED-toolchains -xzf $RUNTIME.darwin-amd64.tar.gz
|
|
- rm -rf $RUNTIME.darwin-amd64.tar.gz
|
|
environment:
|
|
RUNTIME: go1.17.2
|
|
- name: Install Rust Toolchain
|
|
commands:
|
|
- set -u
|
|
- export PATH=/Users/build/.cargo/bin:$PATH
|
|
- mkdir -p ~/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED-toolchains
|
|
- export RUST_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets
|
|
print-rust-version)
|
|
- export CARGO_HOME=~/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED-toolchains
|
|
- export RUST_HOME=$CARGO_HOME
|
|
- rustup toolchain install $RUST_VERSION
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64
|
|
- name: Build Mac release artifacts
|
|
commands:
|
|
- set -u
|
|
- export RUST_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets
|
|
print-rust-version)
|
|
- export CARGO_HOME=~/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED-toolchains
|
|
- export RUST_HOME=$CARGO_HOME
|
|
- export PATH=~/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED-toolchains/go/bin:$CARGO_HOME/bin:/Users/build/.cargo/bin:$PATH
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- rustup override set $RUST_VERSION
|
|
- make clean release OS=$OS ARCH=$ARCH
|
|
environment:
|
|
ARCH: amd64
|
|
GOCACHE: /tmp/build-darwin-amd64/go/cache
|
|
GOPATH: /tmp/build-darwin-amd64/go
|
|
OS: darwin
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64
|
|
- name: Copy Mac artifacts
|
|
commands:
|
|
- set -u
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- cp teleport*.tar.gz $WORKSPACE_DIR/go/artifacts
|
|
- cp e/teleport-ent*.tar.gz $WORKSPACE_DIR/go/artifacts
|
|
- cd $WORKSPACE_DIR/go/artifacts && for FILE in teleport*.tar.gz; do shasum -a 256
|
|
$FILE > $FILE.sha256; done && ls -l
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64
|
|
- name: Upload to S3
|
|
commands:
|
|
- set -u
|
|
- cd $WORKSPACE_DIR/go/artifacts
|
|
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64
|
|
- name: Register artifacts
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
for file in $(find . -type f ! -iname '*.sha256'); do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
product="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="TODO" -F os="darwin" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" -F "releaseId=$product@$VERSION" "$RELEASES_HOST/assets";
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT_STAGING
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY_STAGING
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64
|
|
- name: Clean up toolchains (post)
|
|
commands:
|
|
- set -u
|
|
- export PATH=/Users/build/.cargo/bin:$PATH
|
|
- export CARGO_HOME=~/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED-toolchains
|
|
- export RUST_HOME=$CARGO_HOME
|
|
- export RUST_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets
|
|
print-rust-version)
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- rustup override unset
|
|
- rustup toolchain uninstall $RUST_VERSION
|
|
- rm -rf ~/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED-toolchains
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64
|
|
when:
|
|
status:
|
|
- success
|
|
- failure
|
|
- name: Clean up exec runner storage (post)
|
|
commands:
|
|
- set -u
|
|
- chmod -R u+rw $WORKSPACE_DIR
|
|
- rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/mac.go:32
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: exec
|
|
name: build-darwin-amd64-pkg
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /tmp/build-darwin-amd64-pkg
|
|
platform:
|
|
os: darwin
|
|
arch: amd64
|
|
clone:
|
|
disable: true
|
|
depends_on:
|
|
- build-darwin-amd64
|
|
concurrency:
|
|
limit: 1
|
|
steps:
|
|
- name: Set up exec runner storage
|
|
commands:
|
|
- set -u
|
|
- mkdir -p $WORKSPACE_DIR
|
|
- chmod -R u+rw $WORKSPACE_DIR
|
|
- rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg
|
|
- name: Check out code
|
|
commands:
|
|
- set -u
|
|
- mkdir -p $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 $WORKSPACE_DIR/.ssh && echo "$GITHUB_PRIVATE_KEY" > $WORKSPACE_DIR/.ssh/id_rsa
|
|
&& chmod 600 $WORKSPACE_DIR/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > $WORKSPACE_DIR/.ssh/known_hosts 2>/dev/null
|
|
- chmod 600 $WORKSPACE_DIR/.ssh/known_hosts
|
|
- GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts
|
|
-F /dev/null' git submodule update --init e
|
|
- GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts
|
|
-F /dev/null' git submodule update --init --recursive webassets || true
|
|
- rm -rf $WORKSPACE_DIR/.ssh
|
|
- mkdir -p $WORKSPACE_DIR/go/cache
|
|
- mkdir -p $WORKSPACE_DIR/go/artifacts
|
|
- echo "${DRONE_TAG##v}" > $WORKSPACE_DIR/go/.version.txt
|
|
- cat $WORKSPACE_DIR/go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg
|
|
- name: Download built tarball artifacts from S3
|
|
commands:
|
|
- set -u
|
|
- export VERSION=$(cat $WORKSPACE_DIR/go/.version.txt)
|
|
- export S3_PATH="tag/$${DRONE_TAG##v}/"
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-darwin-amd64-bin.tar.gz
|
|
$WORKSPACE_DIR/go/artifacts/
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-darwin-amd64-bin.tar.gz
|
|
$WORKSPACE_DIR/go/artifacts/
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg
|
|
- name: Build Mac pkg release artifacts
|
|
commands:
|
|
- set -u
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- export VERSION=$(cat $WORKSPACE_DIR/go/.version.txt)
|
|
- export HOME=/Users/build
|
|
- security unlock-keychain -p $${BUILDBOX_PASSWORD} login.keychain
|
|
- security find-identity -v
|
|
- make pkg OS=$OS ARCH=$ARCH
|
|
environment:
|
|
APPLE_PASSWORD:
|
|
from_secret: APPLE_PASSWORD
|
|
APPLE_USERNAME:
|
|
from_secret: APPLE_USERNAME
|
|
ARCH: amd64
|
|
BUILDBOX_PASSWORD:
|
|
from_secret: BUILDBOX_PASSWORD
|
|
ENT_TARBALL_PATH: /tmp/build-darwin-amd64-pkg/go/artifacts
|
|
OS: darwin
|
|
OSS_TARBALL_PATH: /tmp/build-darwin-amd64-pkg/go/artifacts
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg
|
|
- name: Copy Mac pkg artifacts
|
|
commands:
|
|
- set -u
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- rm -rf $WORKSPACE_DIR/go/artifacts/*.tar.gz
|
|
- cp build/teleport*.pkg e/build/teleport-ent*.pkg $WORKSPACE_DIR/go/artifacts/
|
|
- cd $WORKSPACE_DIR/go/artifacts && for FILE in *.pkg; do shasum -a 256 $FILE >
|
|
$FILE.sha256; done && ls -l
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg
|
|
- name: Upload to S3
|
|
commands:
|
|
- set -u
|
|
- cd $WORKSPACE_DIR/go/artifacts
|
|
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg
|
|
- name: Register artifacts
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
for file in $(find . -type f ! -iname '*.sha256'); do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
product="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="TODO" -F os="darwin" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" -F "releaseId=$product@$VERSION" "$RELEASES_HOST/assets";
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT_STAGING
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY_STAGING
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg
|
|
- name: Clean up exec runner storage (post)
|
|
commands:
|
|
- set -u
|
|
- chmod -R u+rw $WORKSPACE_DIR
|
|
- rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/mac.go:32
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: exec
|
|
name: build-darwin-amd64-pkg-tsh
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /tmp/build-darwin-amd64-pkg-tsh
|
|
platform:
|
|
os: darwin
|
|
arch: amd64
|
|
clone:
|
|
disable: true
|
|
depends_on:
|
|
- build-darwin-amd64
|
|
concurrency:
|
|
limit: 1
|
|
steps:
|
|
- name: Set up exec runner storage
|
|
commands:
|
|
- set -u
|
|
- mkdir -p $WORKSPACE_DIR
|
|
- chmod -R u+rw $WORKSPACE_DIR
|
|
- rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg-tsh
|
|
- name: Check out code
|
|
commands:
|
|
- set -u
|
|
- mkdir -p $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 $WORKSPACE_DIR/.ssh && echo "$GITHUB_PRIVATE_KEY" > $WORKSPACE_DIR/.ssh/id_rsa
|
|
&& chmod 600 $WORKSPACE_DIR/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > $WORKSPACE_DIR/.ssh/known_hosts 2>/dev/null
|
|
- chmod 600 $WORKSPACE_DIR/.ssh/known_hosts
|
|
- GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts
|
|
-F /dev/null' git submodule update --init e
|
|
- GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts
|
|
-F /dev/null' git submodule update --init --recursive webassets || true
|
|
- rm -rf $WORKSPACE_DIR/.ssh
|
|
- mkdir -p $WORKSPACE_DIR/go/cache
|
|
- mkdir -p $WORKSPACE_DIR/go/artifacts
|
|
- echo "${DRONE_TAG##v}" > $WORKSPACE_DIR/go/.version.txt
|
|
- cat $WORKSPACE_DIR/go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg-tsh
|
|
- name: Download built tarball artifacts from S3
|
|
commands:
|
|
- set -u
|
|
- export VERSION=$(cat $WORKSPACE_DIR/go/.version.txt)
|
|
- export S3_PATH="tag/$${DRONE_TAG##v}/"
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-darwin-amd64-bin.tar.gz
|
|
$WORKSPACE_DIR/go/artifacts/
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-darwin-amd64-bin.tar.gz
|
|
$WORKSPACE_DIR/go/artifacts/
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg-tsh
|
|
- name: Build Mac pkg release artifacts
|
|
commands:
|
|
- set -u
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- export VERSION=$(cat $WORKSPACE_DIR/go/.version.txt)
|
|
- export HOME=/Users/build
|
|
- security unlock-keychain -p $${BUILDBOX_PASSWORD} login.keychain
|
|
- security find-identity -v
|
|
- make pkg-tsh OS=$OS ARCH=$ARCH
|
|
environment:
|
|
APPLE_PASSWORD:
|
|
from_secret: APPLE_PASSWORD
|
|
APPLE_USERNAME:
|
|
from_secret: APPLE_USERNAME
|
|
ARCH: amd64
|
|
BUILDBOX_PASSWORD:
|
|
from_secret: BUILDBOX_PASSWORD
|
|
ENT_TARBALL_PATH: /tmp/build-darwin-amd64-pkg/go/artifacts
|
|
OS: darwin
|
|
OSS_TARBALL_PATH: /tmp/build-darwin-amd64-pkg/go/artifacts
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg-tsh
|
|
- name: Copy Mac pkg artifacts
|
|
commands:
|
|
- set -u
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- rm -rf $WORKSPACE_DIR/go/artifacts/*.tar.gz
|
|
- cp build/tsh*.pkg $WORKSPACE_DIR/go/artifacts/
|
|
- cd $WORKSPACE_DIR/go/artifacts && for FILE in *.pkg; do shasum -a 256 $FILE >
|
|
$FILE.sha256; done && ls -l
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg-tsh
|
|
- name: Upload to S3
|
|
commands:
|
|
- set -u
|
|
- cd $WORKSPACE_DIR/go/artifacts
|
|
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg-tsh
|
|
- name: Register artifacts
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
for file in $(find . -type f ! -iname '*.sha256'); do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
product="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="TODO" -F os="darwin" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" -F "releaseId=$product@$VERSION" "$RELEASES_HOST/assets";
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT_STAGING
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY_STAGING
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg-tsh
|
|
- name: Clean up exec runner storage (post)
|
|
commands:
|
|
- set -u
|
|
- chmod -R u+rw $WORKSPACE_DIR
|
|
- rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg-tsh
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go:235
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-arm
|
|
environment:
|
|
RUNTIME: go1.17.2
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt;
|
|
else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make
|
|
- chown -R $UID:$GID /go
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- make -C build.assets release-arm
|
|
environment:
|
|
ARCH: arm
|
|
GID: "1000"
|
|
GOCACHE: /go/cache
|
|
GOPATH: /go
|
|
OS: linux
|
|
UID: "1000"
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find . -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256;
|
|
done && ls -l
|
|
- name: Upload to S3
|
|
image: plugins/s3
|
|
settings:
|
|
access_key:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
bucket:
|
|
from_secret: AWS_S3_BUCKET
|
|
region: us-west-2
|
|
secret_key:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
source: /go/artifacts/*
|
|
strip_prefix: /go/artifacts/
|
|
target: teleport/tag/${DRONE_TAG##v}
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
for file in $(find . -type f ! -iname '*.sha256'); do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
product="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="TODO" -F os="linux" -F arch="arm" -F "file=@$file" -F "sha256=$shasum" -F "releaseId=$product@$VERSION" "$RELEASES_HOST/assets";
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT_STAGING
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY_STAGING
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go:235
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-arm64
|
|
environment:
|
|
RUNTIME: go1.17.2
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt;
|
|
else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make
|
|
- chown -R $UID:$GID /go
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- make -C build.assets release-arm64
|
|
environment:
|
|
ARCH: arm64
|
|
GID: "1000"
|
|
GOCACHE: /go/cache
|
|
GOPATH: /go
|
|
OS: linux
|
|
UID: "1000"
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find . -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256;
|
|
done && ls -l
|
|
- name: Upload to S3
|
|
image: plugins/s3
|
|
settings:
|
|
access_key:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
bucket:
|
|
from_secret: AWS_S3_BUCKET
|
|
region: us-west-2
|
|
secret_key:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
source: /go/artifacts/*
|
|
strip_prefix: /go/artifacts/
|
|
target: teleport/tag/${DRONE_TAG##v}
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
for file in $(find . -type f ! -iname '*.sha256'); do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
product="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="TODO" -F os="linux" -F arch="arm64" -F "file=@$file" -F "sha256=$shasum" -F "releaseId=$product@$VERSION" "$RELEASES_HOST/assets";
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT_STAGING
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY_STAGING
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go:418
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-arm64-deb
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
depends_on:
|
|
- build-linux-arm64
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt;
|
|
else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Download artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
|
|
export S3_PATH="tag/"; fi
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-arm64-bin.tar.gz
|
|
/go/artifacts/
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-arm64-bin.tar.gz
|
|
/go/artifacts/
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache bash curl gzip make tar
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- make deb
|
|
environment:
|
|
ARCH: arm64
|
|
ENT_TARBALL_PATH: /go/artifacts
|
|
OSS_TARBALL_PATH: /go/artifacts
|
|
TMPDIR: /go
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- find e/build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- name: Upload to S3
|
|
image: plugins/s3
|
|
settings:
|
|
access_key:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
bucket:
|
|
from_secret: AWS_S3_BUCKET
|
|
region: us-west-2
|
|
secret_key:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
source: /go/artifacts/*
|
|
strip_prefix: /go/artifacts/
|
|
target: teleport/tag/${DRONE_TAG##v}
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
for file in $(find . -type f ! -iname '*.sha256'); do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
product="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="TODO" -F os="linux" -F arch="arm64" -F "file=@$file" -F "sha256=$shasum" -F "releaseId=$product@$VERSION" "$RELEASES_HOST/assets";
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT_STAGING
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY_STAGING
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go:418
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-arm-deb
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
depends_on:
|
|
- build-linux-arm
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt;
|
|
else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Download artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
|
|
export S3_PATH="tag/"; fi
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-arm-bin.tar.gz
|
|
/go/artifacts/
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-arm-bin.tar.gz
|
|
/go/artifacts/
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache bash curl gzip make tar
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- make deb
|
|
environment:
|
|
ARCH: arm
|
|
ENT_TARBALL_PATH: /go/artifacts
|
|
OSS_TARBALL_PATH: /go/artifacts
|
|
TMPDIR: /go
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- find e/build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- name: Upload to S3
|
|
image: plugins/s3
|
|
settings:
|
|
access_key:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
bucket:
|
|
from_secret: AWS_S3_BUCKET
|
|
region: us-west-2
|
|
secret_key:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
source: /go/artifacts/*
|
|
strip_prefix: /go/artifacts/
|
|
target: teleport/tag/${DRONE_TAG##v}
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
for file in $(find . -type f ! -iname '*.sha256'); do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
product="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="TODO" -F os="linux" -F arch="arm" -F "file=@$file" -F "sha256=$shasum" -F "releaseId=$product@$VERSION" "$RELEASES_HOST/assets";
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT_STAGING
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY_STAGING
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go:418
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-arm64-rpm
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
depends_on:
|
|
- build-linux-arm64
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt;
|
|
else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Download artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
|
|
export S3_PATH="tag/"; fi
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-arm64-bin.tar.gz
|
|
/go/artifacts/
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-arm64-bin.tar.gz
|
|
/go/artifacts/
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache bash curl gzip make tar
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- mkdir -m0700 $GNUPG_DIR
|
|
- echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPG_DIR
|
|
- chown -R root:root $GNUPG_DIR
|
|
- make rpm
|
|
- rm -rf $GNUPG_DIR
|
|
environment:
|
|
ARCH: arm64
|
|
ENT_TARBALL_PATH: /go/artifacts
|
|
GNUPG_DIR: /tmpfs/gnupg
|
|
GPG_RPM_SIGNING_ARCHIVE:
|
|
from_secret: GPG_RPM_SIGNING_ARCHIVE
|
|
OSS_TARBALL_PATH: /go/artifacts
|
|
TMPDIR: /go
|
|
volumes:
|
|
- name: tmpfs
|
|
path: /tmpfs
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- find e/build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- name: Upload to S3
|
|
image: plugins/s3
|
|
settings:
|
|
access_key:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
bucket:
|
|
from_secret: AWS_S3_BUCKET
|
|
region: us-west-2
|
|
secret_key:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
source: /go/artifacts/*
|
|
strip_prefix: /go/artifacts/
|
|
target: teleport/tag/${DRONE_TAG##v}
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
for file in $(find . -type f ! -iname '*.sha256'); do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
product="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="TODO" -F os="linux" -F arch="arm64" -F "file=@$file" -F "sha256=$shasum" -F "releaseId=$product@$VERSION" "$RELEASES_HOST/assets";
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT_STAGING
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY_STAGING
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: tmpfs
|
|
path: /tmpfs
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: tmpfs
|
|
temp:
|
|
medium: memory
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go:418
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-arm-rpm
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
depends_on:
|
|
- build-linux-arm
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt;
|
|
else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Download artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
|
|
export S3_PATH="tag/"; fi
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-arm-bin.tar.gz
|
|
/go/artifacts/
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-arm-bin.tar.gz
|
|
/go/artifacts/
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache bash curl gzip make tar
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- mkdir -m0700 $GNUPG_DIR
|
|
- echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPG_DIR
|
|
- chown -R root:root $GNUPG_DIR
|
|
- make rpm
|
|
- rm -rf $GNUPG_DIR
|
|
environment:
|
|
ARCH: arm
|
|
ENT_TARBALL_PATH: /go/artifacts
|
|
GNUPG_DIR: /tmpfs/gnupg
|
|
GPG_RPM_SIGNING_ARCHIVE:
|
|
from_secret: GPG_RPM_SIGNING_ARCHIVE
|
|
OSS_TARBALL_PATH: /go/artifacts
|
|
TMPDIR: /go
|
|
volumes:
|
|
- name: tmpfs
|
|
path: /tmpfs
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- find e/build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- name: Upload to S3
|
|
image: plugins/s3
|
|
settings:
|
|
access_key:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
bucket:
|
|
from_secret: AWS_S3_BUCKET
|
|
region: us-west-2
|
|
secret_key:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
source: /go/artifacts/*
|
|
strip_prefix: /go/artifacts/
|
|
target: teleport/tag/${DRONE_TAG##v}
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
for file in $(find . -type f ! -iname '*.sha256'); do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
product="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="TODO" -F os="linux" -F arch="arm" -F "file=@$file" -F "sha256=$shasum" -F "releaseId=$product@$VERSION" "$RELEASES_HOST/assets";
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT_STAGING
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY_STAGING
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: tmpfs
|
|
path: /tmpfs
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: tmpfs
|
|
temp:
|
|
medium: memory
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go:235
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-windows-amd64
|
|
environment:
|
|
RUNTIME: go1.17.2
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt;
|
|
else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make
|
|
- chown -R $UID:$GID /go
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- echo -n "$WINDOWS_SIGNING_CERT" | base64 -d > windows-signing-cert.pfx
|
|
- make -C build.assets release-amd64
|
|
- rm -f windows-signing-cert.pfx
|
|
environment:
|
|
ARCH: amd64
|
|
GID: "1000"
|
|
GOCACHE: /go/cache
|
|
GOPATH: /go
|
|
OS: windows
|
|
UID: "1000"
|
|
WINDOWS_SIGNING_CERT:
|
|
from_secret: WINDOWS_SIGNING_CERT
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find . -maxdepth 1 -iname "teleport*.zip" -print -exec cp {} /go/artifacts \;
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- cp /go/artifacts/teleport-v$${VERSION}-windows-amd64-bin.zip /go/artifacts/teleport-ent-v$${VERSION}-windows-amd64-bin.zip
|
|
- cd /go/artifacts && for FILE in teleport*.zip; do sha256sum $FILE > $FILE.sha256;
|
|
done && ls -l
|
|
- name: Upload to S3
|
|
image: plugins/s3
|
|
settings:
|
|
access_key:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
bucket:
|
|
from_secret: AWS_S3_BUCKET
|
|
region: us-west-2
|
|
secret_key:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
source: /go/artifacts/*
|
|
strip_prefix: /go/artifacts/
|
|
target: teleport/tag/${DRONE_TAG##v}
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
for file in $(find . -type f ! -iname '*.sha256'); do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
product="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="TODO" -F os="windows" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" -F "releaseId=$product@$VERSION" "$RELEASES_HOST/assets";
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT_STAGING
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY_STAGING
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-docker-images
|
|
|
|
environment:
|
|
RUNTIME: go1.17.2
|
|
|
|
trigger:
|
|
event:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
|
|
workspace:
|
|
path: /go
|
|
|
|
clone:
|
|
disable: true
|
|
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
GOCACHE: /go/cache
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
# fetch enterprise submodules
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
# this is allowed to fail because pre-4.3 Teleport versions don't use the webassets submodule
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
# create necessary directories
|
|
- mkdir -p /go/artifacts $GOCACHE
|
|
# set version
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
|
|
|
|
- name: Build/push OSS/Enterprise Docker images
|
|
image: docker
|
|
environment:
|
|
UID: 1000
|
|
GID: 1000
|
|
GOCACHE: /go/cache
|
|
GOPATH: /go
|
|
OS: linux
|
|
ARCH: amd64
|
|
settings:
|
|
username:
|
|
from_secret: QUAYIO_DOCKER_USERNAME
|
|
password:
|
|
from_secret: QUAYIO_DOCKER_PASSWORD
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
commands:
|
|
- apk add --no-cache make
|
|
- chown -R $UID:$GID /go
|
|
- docker login -u="$PLUGIN_USERNAME" -p="$PLUGIN_PASSWORD" quay.io
|
|
- docker pull quay.io/gravitational/teleport-buildbox:$RUNTIME || true
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- make image-ci publish-ci
|
|
|
|
- name: Build/push FIPS Docker image
|
|
image: docker
|
|
environment:
|
|
UID: 1000
|
|
GID: 1000
|
|
GOCACHE: /go/cache
|
|
GOPATH: /go
|
|
OS: linux
|
|
ARCH: amd64
|
|
settings:
|
|
username:
|
|
from_secret: QUAYIO_DOCKER_USERNAME
|
|
password:
|
|
from_secret: QUAYIO_DOCKER_PASSWORD
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
commands:
|
|
- apk add --no-cache make
|
|
- chown -R $UID:$GID /go
|
|
- docker login -u="$PLUGIN_USERNAME" -p="$PLUGIN_PASSWORD" quay.io
|
|
- docker pull quay.io/gravitational/teleport-buildbox:$RUNTIME || true
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
# VERSION needs to be set manually when running in the e directory.
|
|
# Normally, the version is set and exported by the root Makefile and then inherited,
|
|
# but this is not the case for FIPS builds (which only run in e/Makefile)
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- make -C e image-fips-ci publish-fips-ci
|
|
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-oss-amis
|
|
|
|
trigger:
|
|
event:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
|
|
depends_on:
|
|
- build-linux-amd64
|
|
|
|
workspace:
|
|
path: /go
|
|
|
|
clone:
|
|
disable: true
|
|
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
# set version
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
|
|
|
|
- name: Download built tarball artifacts from S3
|
|
image: amazon/aws-cli
|
|
environment:
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
AWS_REGION: us-west-2
|
|
commands:
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else export S3_PATH="tag/"; fi
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-amd64-bin.tar.gz /go/src/github.com/gravitational/teleport/assets/aws/files
|
|
|
|
- name: Build OSS AMIs
|
|
image: hashicorp/packer:1.7.6
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_PACKER_ACCESS_KEY_ID
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_PACKER_SECRET_ACCESS_KEY
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
commands:
|
|
- apk add --no-cache aws-cli jq make
|
|
- cd /go/src/github.com/gravitational/teleport/assets/aws
|
|
- export TELEPORT_VERSION=$(cat /go/.version.txt)
|
|
- export PUBLIC_AMI_NAME=gravitational-teleport-ami-oss-$TELEPORT_VERSION
|
|
- |
|
|
if [ "${DRONE_BUILD_EVENT}" = "tag" ]; then
|
|
echo "---> Building production OSS AMIs"
|
|
echo "---> Note: these AMIs will not be made public until the 'promote' step is run"
|
|
make oss-ci-build
|
|
else
|
|
echo "---> Building debug OSS AMIs"
|
|
make oss
|
|
fi
|
|
|
|
- name: Sync OSS build timestamp to S3
|
|
image: amazon/aws-cli
|
|
environment:
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
AWS_REGION: us-west-2
|
|
commands:
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- aws s3 cp /go/src/github.com/gravitational/teleport/assets/aws/files/build/oss_build_timestamp.txt s3://$AWS_S3_BUCKET/teleport/ami/$${VERSION}/
|
|
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-ent-amis
|
|
|
|
trigger:
|
|
event:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
|
|
depends_on:
|
|
- build-linux-amd64
|
|
- build-linux-amd64-fips
|
|
|
|
workspace:
|
|
path: /go
|
|
|
|
clone:
|
|
disable: true
|
|
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
# set version
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
|
|
|
|
- name: Download built tarball artifacts from S3
|
|
image: amazon/aws-cli
|
|
environment:
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
AWS_REGION: us-west-2
|
|
commands:
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else export S3_PATH="tag/"; fi
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-bin.tar.gz /go/src/github.com/gravitational/teleport/assets/aws/files
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-fips-bin.tar.gz /go/src/github.com/gravitational/teleport/assets/aws/files
|
|
|
|
- name: Build Enterprise AMIs
|
|
image: hashicorp/packer:1.7.6
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_PACKER_ACCESS_KEY_ID
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_PACKER_SECRET_ACCESS_KEY
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
commands:
|
|
- apk add --no-cache aws-cli jq make
|
|
- cd /go/src/github.com/gravitational/teleport/assets/aws
|
|
- export TELEPORT_VERSION=$(cat /go/.version.txt)
|
|
- export PUBLIC_AMI_NAME=gravitational-teleport-ami-ent-$TELEPORT_VERSION
|
|
- export FIPS_AMI_NAME=gravitational-teleport-ami-ent-$TELEPORT_VERSION-fips
|
|
- |
|
|
if [ "${DRONE_BUILD_EVENT}" = "tag" ]; then
|
|
echo "---> Building production Enterprise AMIs"
|
|
echo "---> Note: these AMIs will not be made public until the 'promote' step is run"
|
|
make ent-ci-build
|
|
else
|
|
echo "---> Building debug Enterprise AMIs"
|
|
make ent
|
|
fi
|
|
|
|
- name: Sync Enterprise build timestamp to S3
|
|
image: amazon/aws-cli
|
|
environment:
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
AWS_REGION: us-west-2
|
|
commands:
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- aws s3 cp /go/src/github.com/gravitational/teleport/assets/aws/files/build/ent_build_timestamp.txt s3://$AWS_S3_BUCKET/teleport/ami/$${VERSION}/
|
|
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/buildbox.go:72
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-buildboxes
|
|
environment:
|
|
GID: "1000"
|
|
RUNTIME: go1.17.2
|
|
UID: "1000"
|
|
trigger:
|
|
event:
|
|
include:
|
|
- push
|
|
repo:
|
|
include:
|
|
- gravitational/teleport
|
|
branch:
|
|
include:
|
|
- master
|
|
workspace:
|
|
path: /go/src/github.com/gravitational/teleport
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- git clone --depth 1 --single-branch --branch ${DRONE_SOURCE_BRANCH:-master} https://github.com/gravitational/${DRONE_REPO_NAME}.git
|
|
.
|
|
- git checkout ${DRONE_COMMIT}
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: buildbox
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make
|
|
- chown -R $UID:$GID /go
|
|
- docker login -u="$$QUAYIO_DOCKER_USERNAME" -p="$$QUAYIO_DOCKER_PASSWORD" quay.io
|
|
- make -C build.assets buildbox
|
|
- docker push quay.io/gravitational/teleport-buildbox:$RUNTIME
|
|
environment:
|
|
QUAYIO_DOCKER_PASSWORD:
|
|
from_secret: QUAYIO_DOCKER_PASSWORD
|
|
QUAYIO_DOCKER_USERNAME:
|
|
from_secret: QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: buildbox-fips
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make
|
|
- chown -R $UID:$GID /go
|
|
- docker login -u="$$QUAYIO_DOCKER_USERNAME" -p="$$QUAYIO_DOCKER_PASSWORD" quay.io
|
|
- make -C build.assets buildbox-fips
|
|
- docker push quay.io/gravitational/teleport-buildbox-fips:$RUNTIME
|
|
environment:
|
|
QUAYIO_DOCKER_PASSWORD:
|
|
from_secret: QUAYIO_DOCKER_PASSWORD
|
|
QUAYIO_DOCKER_USERNAME:
|
|
from_secret: QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: buildbox-centos6
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make
|
|
- chown -R $UID:$GID /go
|
|
- docker login -u="$$QUAYIO_DOCKER_USERNAME" -p="$$QUAYIO_DOCKER_PASSWORD" quay.io
|
|
- make -C build.assets buildbox-centos6
|
|
- docker push quay.io/gravitational/teleport-buildbox-centos6:$RUNTIME
|
|
environment:
|
|
QUAYIO_DOCKER_PASSWORD:
|
|
from_secret: QUAYIO_DOCKER_PASSWORD
|
|
QUAYIO_DOCKER_USERNAME:
|
|
from_secret: QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: buildbox-arm
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make
|
|
- chown -R $UID:$GID /go
|
|
- docker login -u="$$QUAYIO_DOCKER_USERNAME" -p="$$QUAYIO_DOCKER_PASSWORD" quay.io
|
|
- make -C build.assets buildbox-arm
|
|
- docker push quay.io/gravitational/teleport-buildbox-arm:$RUNTIME
|
|
environment:
|
|
QUAYIO_DOCKER_PASSWORD:
|
|
from_secret: QUAYIO_DOCKER_PASSWORD
|
|
QUAYIO_DOCKER_USERNAME:
|
|
from_secret: QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: promote-build
|
|
|
|
trigger:
|
|
event:
|
|
- promote
|
|
target:
|
|
- production
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
|
|
workspace:
|
|
path: /go
|
|
|
|
clone:
|
|
disable: true
|
|
|
|
steps:
|
|
- name: Download artifacts from S3
|
|
image: amazon/aws-cli
|
|
environment:
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
AWS_REGION: us-west-2
|
|
commands:
|
|
- mkdir -p /go/artifacts
|
|
- aws s3 sync s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}/ /go/artifacts/
|
|
|
|
- name: Upload artifacts to production S3
|
|
image: plugins/s3
|
|
settings:
|
|
bucket:
|
|
from_secret: PRODUCTION_AWS_S3_BUCKET
|
|
access_key:
|
|
from_secret: PRODUCTION_AWS_ACCESS_KEY_ID
|
|
secret_key:
|
|
from_secret: PRODUCTION_AWS_SECRET_ACCESS_KEY
|
|
region: us-east-1
|
|
acl: public-read
|
|
source: /go/artifacts/*
|
|
target: teleport/${DRONE_TAG##v}/
|
|
strip_prefix: /go/artifacts/
|
|
|
|
- name: Pull/retag Docker images
|
|
image: docker
|
|
settings:
|
|
docker_staging_username:
|
|
from_secret: QUAYIO_DOCKER_USERNAME
|
|
docker_staging_password:
|
|
from_secret: QUAYIO_DOCKER_PASSWORD
|
|
docker_production_username:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
docker_production_password:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
commands:
|
|
# wait for docker to start
|
|
- sleep 3
|
|
- export VERSION=${DRONE_TAG##v}
|
|
# authenticate with staging credentials
|
|
- docker login -u="$PLUGIN_DOCKER_STAGING_USERNAME" -p="$PLUGIN_DOCKER_STAGING_PASSWORD" quay.io
|
|
# pull 'temporary' CI-built images
|
|
- echo "---> Pulling images for $${VERSION}"
|
|
- docker pull quay.io/gravitational/teleport-ci:$${VERSION}
|
|
- docker pull quay.io/gravitational/teleport-ent-ci:$${VERSION}
|
|
- docker pull quay.io/gravitational/teleport-ent-ci:$${VERSION}-fips
|
|
# retag images to production naming
|
|
- echo "---> Tagging images for $${VERSION}"
|
|
- docker tag quay.io/gravitational/teleport-ci:$${VERSION} quay.io/gravitational/teleport:$${VERSION}
|
|
- docker tag quay.io/gravitational/teleport-ent-ci:$${VERSION} quay.io/gravitational/teleport-ent:$${VERSION}
|
|
- docker tag quay.io/gravitational/teleport-ent-ci:$${VERSION}-fips quay.io/gravitational/teleport-ent:$${VERSION}-fips
|
|
# reauthenticate with production credentials
|
|
- docker logout quay.io
|
|
- docker login -u="$PLUGIN_DOCKER_PRODUCTION_USERNAME" -p="$PLUGIN_DOCKER_PRODUCTION_PASSWORD" quay.io
|
|
# push production images
|
|
- echo "---> Pushing images for $${VERSION}"
|
|
- docker push quay.io/gravitational/teleport:$${VERSION}
|
|
- docker push quay.io/gravitational/teleport-ent:$${VERSION}
|
|
- docker push quay.io/gravitational/teleport-ent:$${VERSION}-fips
|
|
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- |
|
|
mkdir -p /go/src/github.com/gravitational/teleport
|
|
cd /go/src/github.com/gravitational/teleport
|
|
git init && git remote add origin ${DRONE_REMOTE_URL}
|
|
git fetch origin +refs/tags/${DRONE_TAG}:
|
|
git checkout -qf FETCH_HEAD
|
|
|
|
- name: Download AMI timestamps
|
|
image: docker
|
|
environment:
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- mkdir -p /go/src/github.com/gravitational/teleport/assets/aws/files/build
|
|
- aws s3 sync s3://$AWS_S3_BUCKET/teleport/ami/${DRONE_TAG##v}/ /go/src/github.com/gravitational/teleport/assets/aws/files/build
|
|
|
|
- name: Make AMIs public
|
|
image: docker
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: PRODUCTION_AWS_ACCESS_KEY_ID
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: PRODUCTION_AWS_SECRET_ACCESS_KEY
|
|
commands:
|
|
- apk add --no-cache aws-cli bash jq make
|
|
- cd /go/src/github.com/gravitational/teleport/assets/aws
|
|
- |
|
|
make change-amis-to-public-oss
|
|
make change-amis-to-public-ent
|
|
make change-amis-to-public-ent-fips
|
|
|
|
# Download all previously packaged charts. This is needed to rebuild the
|
|
# index and re-publish the repository.
|
|
- name: "Helm: Download chart repository"
|
|
image: amazon/aws-cli
|
|
environment:
|
|
AWS_S3_BUCKET:
|
|
from_secret: PRODUCTION_CHARTS_AWS_S3_BUCKET
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: PRODUCTION_CHARTS_AWS_ACCESS_KEY_ID
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: PRODUCTION_CHARTS_AWS_SECRET_ACCESS_KEY
|
|
commands:
|
|
- mkdir -p /go/chart
|
|
- aws s3 sync s3://$AWS_S3_BUCKET/ /go/chart
|
|
|
|
- name: "Helm: Package chart repository"
|
|
image: alpine/helm:latest
|
|
commands:
|
|
- cd /go/chart
|
|
- helm package /go/src/github.com/gravitational/teleport/examples/chart/teleport-cluster
|
|
- helm package /go/src/github.com/gravitational/teleport/examples/chart/teleport-kube-agent
|
|
# copy index.html to root of the S3 bucket.
|
|
- cp /go/src/github.com/gravitational/teleport/examples/chart/index.html /go/chart
|
|
# this will index all previous versions of the charts downloaded from the S3 bucket,
|
|
# plus the just-packaged charts listed above
|
|
- helm repo index /go/chart
|
|
- ls /go/chart
|
|
|
|
- name: "Helm: Publish chart repository to S3"
|
|
image: plugins/s3
|
|
settings:
|
|
bucket:
|
|
from_secret: PRODUCTION_CHARTS_AWS_S3_BUCKET
|
|
access_key:
|
|
from_secret: PRODUCTION_CHARTS_AWS_ACCESS_KEY_ID
|
|
secret_key:
|
|
from_secret: PRODUCTION_CHARTS_AWS_SECRET_ACCESS_KEY
|
|
region: us-east-2
|
|
acl: public-read
|
|
source: /go/chart/*
|
|
target: /
|
|
strip_prefix: /go/chart
|
|
|
|
# NOTE: all mandatory steps for a release promotion need to go BEFORE this
|
|
# step, as there is a chance that everything afterwards will be skipped.
|
|
#
|
|
# this step exits early and skips all remanining steps in the pipeline if the
|
|
# tag looks like a pre-release, to avoid publishing RPMs for pre-release builds.
|
|
- name: Determine whether RPM/DEB packages should be published to repos
|
|
image: docker
|
|
commands:
|
|
- |
|
|
if [ "${DRONE_REPO}" != "gravitational/teleport" ]; then
|
|
echo "---> Not publishing ${DRONE_REPO} packages to repos"
|
|
exit 78
|
|
fi
|
|
# length will be 0 after filtering if this is a pre-release, >0 otherwise
|
|
FILTERED_TAG_LENGTH=$(echo ${DRONE_TAG} | egrep -v '(alpha|beta|dev|rc)' | wc -c)
|
|
if [ $$FILTERED_TAG_LENGTH -eq 0 ]; then
|
|
echo "---> ${DRONE_TAG} looks like a pre-release, not publishing packages to repos"
|
|
# exit pipeline early with success status
|
|
exit 78
|
|
else
|
|
echo "---> Publishing packages to repos for ${DRONE_TAG}"
|
|
fi
|
|
|
|
- name: Download RPM repo contents
|
|
image: amazon/aws-cli
|
|
environment:
|
|
AWS_S3_BUCKET:
|
|
from_secret: RPMREPO_AWS_S3_BUCKET
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: RPMREPO_AWS_ACCESS_KEY_ID
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: RPMREPO_AWS_SECRET_ACCESS_KEY
|
|
volumes:
|
|
- name: rpmrepo
|
|
path: /rpmrepo
|
|
commands:
|
|
- mkdir -p /rpmrepo/teleport/cache
|
|
# we explicitly want to delete anything present locally which has been deleted
|
|
# from the upstream S3 bucket
|
|
- aws s3 sync s3://$AWS_S3_BUCKET/teleport/ /rpmrepo/teleport/ --delete
|
|
- mkdir -p /rpmrepo/teleport/${DRONE_TAG##v}
|
|
- cp -a /go/artifacts/*.rpm /rpmrepo/teleport/${DRONE_TAG##v}/
|
|
|
|
# we do this using a CentOS 7 container to make sure that the repo files are
|
|
# compatible with older versions, also there's no createrepo package in alpine main
|
|
- name: Regenerate RPM repo metadata
|
|
image: centos:7
|
|
volumes:
|
|
- name: rpmrepo
|
|
path: /rpmrepo
|
|
commands:
|
|
- yum -y install createrepo
|
|
- createrepo --cachedir /rpmrepo/teleport/cache --update /rpmrepo/teleport
|
|
|
|
# This step requires centos:8 to get gpg 2.2+
|
|
# centos:7's gpg 2.0 doesn't understand the format of GPG_RPM_SIGNING_ARCHIVE
|
|
- name: Sign RPM repo metadata
|
|
image: centos:8
|
|
volumes:
|
|
- name: rpmrepo
|
|
path: /rpmrepo
|
|
# for in-memory tmpfs for key material
|
|
- name: tmpfs
|
|
path: /tmpfs
|
|
environment:
|
|
GNUPGHOME: /tmpfs/gnupg
|
|
GPG_RPM_SIGNING_ARCHIVE:
|
|
from_secret: GPG_RPM_SIGNING_ARCHIVE
|
|
commands:
|
|
- |
|
|
# extract signing key
|
|
mkdir -m0700 $GNUPGHOME
|
|
echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPGHOME
|
|
chown -R root:root $GNUPGHOME
|
|
# Sign rpm repo metadata (yum clients will automatically look for and verify repodata/repomd.xml.asc)
|
|
- gpg --detach-sign --armor /rpmrepo/teleport/repodata/repomd.xml
|
|
- cat /rpmrepo/teleport/repodata/repomd.xml.asc
|
|
- rm -rf $GNUPGHOME
|
|
|
|
- name: Sync RPM repo changes to S3
|
|
image: amazon/aws-cli
|
|
environment:
|
|
AWS_S3_BUCKET:
|
|
from_secret: RPMREPO_AWS_S3_BUCKET
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: RPMREPO_AWS_ACCESS_KEY_ID
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: RPMREPO_AWS_SECRET_ACCESS_KEY
|
|
volumes:
|
|
- name: rpmrepo
|
|
path: /rpmrepo
|
|
commands:
|
|
- aws s3 sync /rpmrepo/teleport/ s3://$AWS_S3_BUCKET/teleport/
|
|
|
|
- name: Download DEB repo contents
|
|
image: amazon/aws-cli
|
|
environment:
|
|
AWS_S3_BUCKET:
|
|
from_secret: DEBREPO_AWS_S3_BUCKET
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: DEBREPO_AWS_ACCESS_KEY_ID
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: DEBREPO_AWS_SECRET_ACCESS_KEY
|
|
volumes:
|
|
- name: debrepo
|
|
path: /debrepo
|
|
commands:
|
|
# we explicitly want to delete anything present locally which has been deleted
|
|
# from the upstream S3 bucket
|
|
- mkdir -p /debrepo/teleport
|
|
- aws s3 sync s3://$AWS_S3_BUCKET/teleport /debrepo/teleport --delete
|
|
|
|
- name: Build DEB repo
|
|
image: ubuntu:20.04
|
|
environment:
|
|
DEBIAN_FRONTEND: noninteractive
|
|
GNUPGHOME: /tmpfs/gnupg
|
|
GPG_RPM_SIGNING_ARCHIVE:
|
|
from_secret: GPG_RPM_SIGNING_ARCHIVE
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: debrepo
|
|
path: /debrepo
|
|
# for in-memory tmpfs for key material
|
|
- name: tmpfs
|
|
path: /tmpfs
|
|
commands:
|
|
- |
|
|
# install needed tools
|
|
apt-get -y update && apt-get -y install curl gzip gnupg2 reprepro tar
|
|
- |
|
|
# write config files
|
|
mkdir -p /go/reprepro/teleport/conf /go/reprepro/teleport/public
|
|
cat << EOF > /go/reprepro/teleport/conf/distributions
|
|
Origin: teleport
|
|
Label: teleport
|
|
Codename: stable
|
|
Architectures: i386 amd64 arm arm64
|
|
Components: main
|
|
Description: apt repository for teleport
|
|
SignWith: 6282C411
|
|
EOF
|
|
cat << EOF > /go/reprepro/teleport/conf/options
|
|
verbose
|
|
basedir /go/reprepro/teleport
|
|
EOF
|
|
- |
|
|
# extract signing key
|
|
mkdir -m0700 $GNUPGHOME
|
|
echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPGHOME
|
|
chown -R root:root $GNUPGHOME
|
|
- |
|
|
# create repo
|
|
cd /go/reprepro/teleport
|
|
reprepro --outdir /go/reprepro/teleport/public includedeb stable /go/artifacts/teleport*.deb
|
|
- |
|
|
# clean up gnupg
|
|
rm -rf $GNUPGHOME
|
|
- |
|
|
# copy artifacts to PVC
|
|
cp -r /go/reprepro/teleport /debrepo/
|
|
|
|
- name: Sync DEB repo changes to S3
|
|
image: amazon/aws-cli
|
|
environment:
|
|
AWS_S3_BUCKET:
|
|
from_secret: DEBREPO_AWS_S3_BUCKET
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: DEBREPO_AWS_ACCESS_KEY_ID
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: DEBREPO_AWS_SECRET_ACCESS_KEY
|
|
volumes:
|
|
- name: debrepo
|
|
path: /debrepo
|
|
commands:
|
|
- aws s3 sync /debrepo/teleport/ s3://$AWS_S3_BUCKET/teleport/
|
|
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: tmpfs
|
|
path: /tmpfs
|
|
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
- name: tmpfs
|
|
temp:
|
|
medium: memory
|
|
# these persistent volumes cache RPMs/DEBs near Drone so that we don't need to download the
|
|
# entire repo contents from S3 every time to build the repo, we just sync any differences
|
|
- name: rpmrepo
|
|
claim:
|
|
name: drone-s3-rpmrepo-pvc
|
|
- name: debrepo
|
|
claim:
|
|
name: drone-s3-debrepo-pvc
|
|
---
|
|
kind: signature
|
|
hmac: 1473746cd33150de6ce4e6be53478ad6961414d1e34987d9eff4b3e17bcfe5a2
|
|
|
|
...
|