mirror of
https://github.com/gravitational/teleport
synced 2024-10-21 01:34:01 +00:00
86f3a3d618
This commit updates drone to build Teleport Connect by: * cloning `gravitational/webapps` as a sibling directory to gravitational/teleport * checkout out the right version of webapps by running a simple Go program (this step is only necessary until we move webapps into the teleport repo) * Running the Teleport Connect build and copying artifacts Code signing should run on tag builds automatically as part the electron build, assuming the Apple Account credentials are properly loaded into the keychain. Notarization will also happen automatically if both `$APPLE_USERNAME` and `$APPLE_PASSWORD` are set. In order to make the above happen, this patch also includes: * Installing and removing a per-build Node instance in the toolchain directory on Darwin * Moving the toolchain temporary directory out of ~/ and into /tmp. Drone usually sets `$HOME` to a temporary directory for each build, but unfortunately we need it to point to the actual build user's home directory in order for the notarisation tooling to find the right keychain. Having $HOME point to a long-lived directory risks both pollution from build detritus and builds stomping on one another. In an in an attempt to isolate the builds from each other and protect `~build` as best we can, as much of the build state as possible (including ephemeral toolchains) has been moved under `/tmp`. Co-authored-by: Trent Clarke <trent@goteleport.com>
5486 lines
180 KiB
YAML
5486 lines
180 KiB
YAML
---
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: update-docs-webhook
|
|
|
|
trigger:
|
|
event:
|
|
include:
|
|
- push
|
|
exclude:
|
|
- pull_request
|
|
branch:
|
|
include:
|
|
- master
|
|
- branch/*
|
|
repo:
|
|
include:
|
|
- gravitational/teleport
|
|
|
|
clone:
|
|
disable: true
|
|
|
|
steps:
|
|
- name: Trigger docs deployment
|
|
image: plugins/webhook
|
|
settings:
|
|
urls:
|
|
from_secret: DOCS_DEPLOY_HOOK
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/push.go:104
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: push-build-linux-amd64
|
|
environment:
|
|
BUILDBOX_VERSION: teleport10
|
|
GID: "1000"
|
|
RUNTIME: go1.18.3
|
|
UID: "1000"
|
|
trigger:
|
|
event:
|
|
include:
|
|
- push
|
|
exclude:
|
|
- pull_request
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
branch:
|
|
include:
|
|
- master
|
|
- branch/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport /go/cache
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git init && git remote add origin ${DRONE_REMOTE_URL}
|
|
- git fetch origin
|
|
- git checkout -qf ${DRONE_COMMIT_SHA}
|
|
- git submodule update --init webassets || true
|
|
- mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa &&
|
|
chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make
|
|
- chown -R $UID:$GID /go
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- make -C build.assets release-amd64
|
|
environment:
|
|
ARCH: amd64
|
|
GID: "1000"
|
|
GOCACHE: /go/cache
|
|
GOPATH: /go
|
|
OS: linux
|
|
UID: "1000"
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Send Slack notification
|
|
image: plugins/slack
|
|
settings:
|
|
webhook:
|
|
from_secret: SLACK_WEBHOOK_DEV_TELEPORT
|
|
template:
|
|
- |
|
|
*{{#success build.status}}✔{{ else }}✘{{/success}} {{ uppercasefirst build.status }}: Build #{{ build.number }}* (type: `{{ build.event }}`)
|
|
`${DRONE_STAGE_NAME}` artifact build failed.
|
|
*Warning:* This is a genuine failure to build the Teleport binary from `{{ build.branch }}` (likely due to a bad merge or commit) and should be investigated immediately.
|
|
Commit: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commit/{{ build.commit }}|{{ truncate build.commit 8 }}>
|
|
Branch: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commits/{{ build.branch }}|{{ repo.owner }}/{{ repo.name }}:{{ build.branch }}>
|
|
Author: <https://github.com/{{ build.author }}|{{ build.author }}>
|
|
<{{ build.link }}|Visit Drone build page ↗>
|
|
when:
|
|
status:
|
|
- failure
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/push.go:104
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: push-build-linux-386
|
|
environment:
|
|
BUILDBOX_VERSION: teleport10
|
|
GID: "1000"
|
|
RUNTIME: go1.18.3
|
|
UID: "1000"
|
|
trigger:
|
|
event:
|
|
include:
|
|
- push
|
|
exclude:
|
|
- pull_request
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
branch:
|
|
include:
|
|
- master
|
|
- branch/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport /go/cache
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git init && git remote add origin ${DRONE_REMOTE_URL}
|
|
- git fetch origin
|
|
- git checkout -qf ${DRONE_COMMIT_SHA}
|
|
- git submodule update --init webassets || true
|
|
- mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa &&
|
|
chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make
|
|
- chown -R $UID:$GID /go
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- make -C build.assets release-386
|
|
environment:
|
|
ARCH: "386"
|
|
GID: "1000"
|
|
GOCACHE: /go/cache
|
|
GOPATH: /go
|
|
OS: linux
|
|
UID: "1000"
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Send Slack notification
|
|
image: plugins/slack
|
|
settings:
|
|
webhook:
|
|
from_secret: SLACK_WEBHOOK_DEV_TELEPORT
|
|
template:
|
|
- |
|
|
*{{#success build.status}}✔{{ else }}✘{{/success}} {{ uppercasefirst build.status }}: Build #{{ build.number }}* (type: `{{ build.event }}`)
|
|
`${DRONE_STAGE_NAME}` artifact build failed.
|
|
*Warning:* This is a genuine failure to build the Teleport binary from `{{ build.branch }}` (likely due to a bad merge or commit) and should be investigated immediately.
|
|
Commit: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commit/{{ build.commit }}|{{ truncate build.commit 8 }}>
|
|
Branch: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commits/{{ build.branch }}|{{ repo.owner }}/{{ repo.name }}:{{ build.branch }}>
|
|
Author: <https://github.com/{{ build.author }}|{{ build.author }}>
|
|
<{{ build.link }}|Visit Drone build page ↗>
|
|
when:
|
|
status:
|
|
- failure
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/push.go:104
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: push-build-linux-amd64-fips
|
|
environment:
|
|
BUILDBOX_VERSION: teleport10
|
|
GID: "1000"
|
|
RUNTIME: go1.18.3
|
|
UID: "1000"
|
|
trigger:
|
|
event:
|
|
include:
|
|
- push
|
|
exclude:
|
|
- pull_request
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
branch:
|
|
include:
|
|
- master
|
|
- branch/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport /go/cache
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git init && git remote add origin ${DRONE_REMOTE_URL}
|
|
- git fetch origin
|
|
- git checkout -qf ${DRONE_COMMIT_SHA}
|
|
- git submodule update --init webassets || true
|
|
- mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa &&
|
|
chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt;
|
|
else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make
|
|
- chown -R $UID:$GID /go
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- make -C build.assets release-amd64-fips
|
|
environment:
|
|
ARCH: amd64
|
|
FIPS: "yes"
|
|
GID: "1000"
|
|
GOCACHE: /go/cache
|
|
GOPATH: /go
|
|
OS: linux
|
|
UID: "1000"
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Send Slack notification
|
|
image: plugins/slack
|
|
settings:
|
|
webhook:
|
|
from_secret: SLACK_WEBHOOK_DEV_TELEPORT
|
|
template:
|
|
- |
|
|
*{{#success build.status}}✔{{ else }}✘{{/success}} {{ uppercasefirst build.status }}: Build #{{ build.number }}* (type: `{{ build.event }}`)
|
|
`${DRONE_STAGE_NAME}` artifact build failed.
|
|
*Warning:* This is a genuine failure to build the Teleport binary from `{{ build.branch }}` (likely due to a bad merge or commit) and should be investigated immediately.
|
|
Commit: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commit/{{ build.commit }}|{{ truncate build.commit 8 }}>
|
|
Branch: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commits/{{ build.branch }}|{{ repo.owner }}/{{ repo.name }}:{{ build.branch }}>
|
|
Author: <https://github.com/{{ build.author }}|{{ build.author }}>
|
|
<{{ build.link }}|Visit Drone build page ↗>
|
|
when:
|
|
status:
|
|
- failure
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/push.go:104
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: push-build-windows-amd64
|
|
environment:
|
|
BUILDBOX_VERSION: teleport10
|
|
GID: "1000"
|
|
RUNTIME: go1.18.3
|
|
UID: "1000"
|
|
trigger:
|
|
event:
|
|
include:
|
|
- push
|
|
exclude:
|
|
- pull_request
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
branch:
|
|
include:
|
|
- master
|
|
- branch/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport /go/cache
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git init && git remote add origin ${DRONE_REMOTE_URL}
|
|
- git fetch origin
|
|
- git checkout -qf ${DRONE_COMMIT_SHA}
|
|
- git submodule update --init webassets || true
|
|
- mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa &&
|
|
chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make
|
|
- chown -R $UID:$GID /go
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- make -C build.assets release-windows-unsigned
|
|
environment:
|
|
ARCH: amd64
|
|
GID: "1000"
|
|
GOCACHE: /go/cache
|
|
GOPATH: /go
|
|
OS: windows
|
|
UID: "1000"
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Send Slack notification
|
|
image: plugins/slack
|
|
settings:
|
|
webhook:
|
|
from_secret: SLACK_WEBHOOK_DEV_TELEPORT
|
|
template:
|
|
- |
|
|
*{{#success build.status}}✔{{ else }}✘{{/success}} {{ uppercasefirst build.status }}: Build #{{ build.number }}* (type: `{{ build.event }}`)
|
|
`${DRONE_STAGE_NAME}` artifact build failed.
|
|
*Warning:* This is a genuine failure to build the Teleport binary from `{{ build.branch }}` (likely due to a bad merge or commit) and should be investigated immediately.
|
|
Commit: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commit/{{ build.commit }}|{{ truncate build.commit 8 }}>
|
|
Branch: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commits/{{ build.branch }}|{{ repo.owner }}/{{ repo.name }}:{{ build.branch }}>
|
|
Author: <https://github.com/{{ build.author }}|{{ build.author }}>
|
|
<{{ build.link }}|Visit Drone build page ↗>
|
|
when:
|
|
status:
|
|
- failure
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/mac.go:39
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: exec
|
|
name: push-build-darwin-amd64
|
|
trigger:
|
|
event:
|
|
include:
|
|
- push
|
|
exclude:
|
|
- pull_request
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
branch:
|
|
include:
|
|
- master
|
|
- branch/*
|
|
workspace:
|
|
path: /tmp/push-build-darwin-amd64
|
|
platform:
|
|
os: darwin
|
|
arch: amd64
|
|
clone:
|
|
disable: true
|
|
concurrency:
|
|
limit: 1
|
|
steps:
|
|
- name: Set up exec runner storage
|
|
commands:
|
|
- set -u
|
|
- mkdir -p $WORKSPACE_DIR
|
|
- chmod -R u+rw $WORKSPACE_DIR
|
|
- rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/push-build-darwin-amd64
|
|
- name: Check out code
|
|
commands:
|
|
- set -u
|
|
- mkdir -p $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -p $WORKSPACE_DIR/go/src/github.com/gravitational/webapps
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/webapps
|
|
- git clone https://github.com/gravitational/webapps.git .
|
|
- git checkout $(go run $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets/tooling/cmd/get-webapps-version/main.go)
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- mkdir -m 0700 $WORKSPACE_DIR/.ssh && echo "$GITHUB_PRIVATE_KEY" > $WORKSPACE_DIR/.ssh/id_rsa
|
|
&& chmod 600 $WORKSPACE_DIR/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > $WORKSPACE_DIR/.ssh/known_hosts 2>/dev/null
|
|
- chmod 600 $WORKSPACE_DIR/.ssh/known_hosts
|
|
- GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts
|
|
-F /dev/null' git submodule update --init e
|
|
- GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts
|
|
-F /dev/null' git submodule update --init --recursive webassets || true
|
|
- rm -rf $WORKSPACE_DIR/.ssh
|
|
- mkdir -p $WORKSPACE_DIR/go/cache
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
WORKSPACE_DIR: /tmp/push-build-darwin-amd64
|
|
- name: Install Go Toolchain
|
|
commands:
|
|
- set -u
|
|
- mkdir -p /tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains
|
|
- curl --silent -O https://dl.google.com/go/$RUNTIME.darwin-amd64.tar.gz
|
|
- tar -C /tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains -xzf $RUNTIME.darwin-amd64.tar.gz
|
|
- rm -rf $RUNTIME.darwin-amd64.tar.gz
|
|
environment:
|
|
RUNTIME: go1.18.3
|
|
- name: Install Rust Toolchain
|
|
commands:
|
|
- set -u
|
|
- export PATH=/Users/$(whoami)/.cargo/bin:$PATH
|
|
- mkdir -p /tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains
|
|
- export RUST_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets
|
|
print-rust-version)
|
|
- export CARGO_HOME=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains/cargo
|
|
- export RUST_HOME=$CARGO_HOME
|
|
- export RUSTUP_HOME=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains/rustup
|
|
- rustup toolchain install $RUST_VERSION
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/push-build-darwin-amd64
|
|
- name: Install Node Toolchain
|
|
commands:
|
|
- set -u
|
|
- export NODE_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets
|
|
print-node-version)
|
|
- export TOOLCHAIN_DIR=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains
|
|
- export NODE_DIR=$TOOLCHAIN_DIR/node-v$NODE_VERSION-darwin-x64
|
|
- mkdir -p $TOOLCHAIN_DIR
|
|
- curl --silent -O https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-darwin-x64.tar.gz
|
|
- tar -C $TOOLCHAIN_DIR -xzf node-v$NODE_VERSION-darwin-x64.tar.gz
|
|
- rm -f node-v$NODE_VERSION-darwin-x64.tar.gz
|
|
- export PATH=$NODE_DIR/bin:$PATH
|
|
- corepack enable yarn
|
|
- echo Node reporting version $(node --version)
|
|
- echo Yarn reporting version $(yarn --version)
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/push-build-darwin-amd64
|
|
- name: Build Mac artifacts
|
|
commands:
|
|
- set -u
|
|
- echo HOME=$${HOME}
|
|
- export HOME=/Users/$(whoami)
|
|
- export TOOLCHAIN_DIR=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains
|
|
- export NODE_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets
|
|
print-node-version)
|
|
- export RUST_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets
|
|
print-rust-version)
|
|
- export CARGO_HOME=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains/cargo
|
|
- export RUST_HOME=$CARGO_HOME
|
|
- export RUSTUP_HOME=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains/rustup
|
|
- export NODE_HOME=$TOOLCHAIN_DIR/node-v$NODE_VERSION-darwin-x64
|
|
- export PATH=$TOOLCHAIN_DIR/go/bin:$CARGO_HOME/bin:/Users/build/.cargo/bin:$NODE_HOME/bin:$PATH
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- build.assets/build-fido2-macos.sh build
|
|
- export PKG_CONFIG_PATH="$(build.assets/build-fido2-macos.sh pkg_config_path)"
|
|
- rustup override set $RUST_VERSION
|
|
- make clean release OS=$OS ARCH=$ARCH FIDO2=yes TOUCHID=yes
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/webapps
|
|
- yarn install --frozen-lockfile && yarn build-term && yarn package-term
|
|
environment:
|
|
ARCH: amd64
|
|
GOCACHE: /tmp/push-build-darwin-amd64/go/cache
|
|
GOPATH: /tmp/push-build-darwin-amd64/go
|
|
OS: darwin
|
|
WORKSPACE_DIR: /tmp/push-build-darwin-amd64
|
|
- name: Clean up toolchains (post)
|
|
commands:
|
|
- set -u
|
|
- export PATH=/Users/$(whoami)/.cargo/bin:$PATH
|
|
- export CARGO_HOME=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains/cargo
|
|
- export RUST_HOME=$CARGO_HOME
|
|
- export RUSTUP_HOME=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains/rustup
|
|
- export RUST_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets
|
|
print-rust-version)
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- rustup override unset
|
|
- rustup toolchain uninstall $RUST_VERSION
|
|
- rm -rf /tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/push-build-darwin-amd64
|
|
when:
|
|
status:
|
|
- success
|
|
- failure
|
|
- name: Clean up exec runner storage (post)
|
|
commands:
|
|
- set -u
|
|
- chmod -R u+rw $WORKSPACE_DIR
|
|
- rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/push-build-darwin-amd64
|
|
- name: Send Slack notification (exec)
|
|
commands:
|
|
- |2
|
|
|
|
export DRONE_BUILD_LINK="${DRONE_SYSTEM_PROTO}://${DRONE_SYSTEM_HOSTNAME}/${DRONE_REPO_OWNER}/${DRONE_REPO_NAME}/${DRONE_BUILD_NUMBER}"
|
|
export GOOS=$(go env GOOS)
|
|
export GOARCH=$(go env GOARCH)
|
|
- |2-
|
|
|
|
curl -sL -X POST -H 'Content-type: application/json' --data "{\"text\":\"Warning: \`${GOOS}-${GOARCH}\` artifact build failed for [\`${DRONE_REPO_NAME}\`] - please investigate immediately!\nBranch: \`${DRONE_BRANCH}\`\nCommit: \`${DRONE_COMMIT_SHA}\`\nLink: $DRONE_BUILD_LINK\"}" $SLACK_WEBHOOK_DEV_TELEPORT
|
|
environment:
|
|
SLACK_WEBHOOK_DEV_TELEPORT:
|
|
from_secret: SLACK_WEBHOOK_DEV_TELEPORT
|
|
when:
|
|
status:
|
|
- failure
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/push.go:104
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: push-build-linux-arm
|
|
environment:
|
|
BUILDBOX_VERSION: teleport10
|
|
GID: "1000"
|
|
RUNTIME: go1.18.3
|
|
UID: "1000"
|
|
trigger:
|
|
event:
|
|
include:
|
|
- push
|
|
exclude:
|
|
- pull_request
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
branch:
|
|
include:
|
|
- master
|
|
- branch/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport /go/cache
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git init && git remote add origin ${DRONE_REMOTE_URL}
|
|
- git fetch origin
|
|
- git checkout -qf ${DRONE_COMMIT_SHA}
|
|
- git submodule update --init webassets || true
|
|
- mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa &&
|
|
chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make
|
|
- chown -R $UID:$GID /go
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- make -C build.assets release-arm
|
|
environment:
|
|
ARCH: arm
|
|
GID: "1000"
|
|
GOCACHE: /go/cache
|
|
GOPATH: /go
|
|
OS: linux
|
|
UID: "1000"
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Send Slack notification
|
|
image: plugins/slack
|
|
settings:
|
|
webhook:
|
|
from_secret: SLACK_WEBHOOK_DEV_TELEPORT
|
|
template:
|
|
- |
|
|
*{{#success build.status}}✔{{ else }}✘{{/success}} {{ uppercasefirst build.status }}: Build #{{ build.number }}* (type: `{{ build.event }}`)
|
|
`${DRONE_STAGE_NAME}` artifact build failed.
|
|
*Warning:* This is a genuine failure to build the Teleport binary from `{{ build.branch }}` (likely due to a bad merge or commit) and should be investigated immediately.
|
|
Commit: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commit/{{ build.commit }}|{{ truncate build.commit 8 }}>
|
|
Branch: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commits/{{ build.branch }}|{{ repo.owner }}/{{ repo.name }}:{{ build.branch }}>
|
|
Author: <https://github.com/{{ build.author }}|{{ build.author }}>
|
|
<{{ build.link }}|Visit Drone build page ↗>
|
|
when:
|
|
status:
|
|
- failure
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/push.go:104
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: push-build-linux-arm64
|
|
environment:
|
|
BUILDBOX_VERSION: teleport10
|
|
GID: "1000"
|
|
RUNTIME: go1.18.3
|
|
UID: "1000"
|
|
trigger:
|
|
event:
|
|
include:
|
|
- push
|
|
exclude:
|
|
- pull_request
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
branch:
|
|
include:
|
|
- master
|
|
- branch/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport /go/cache
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git init && git remote add origin ${DRONE_REMOTE_URL}
|
|
- git fetch origin
|
|
- git checkout -qf ${DRONE_COMMIT_SHA}
|
|
- git submodule update --init webassets || true
|
|
- mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa &&
|
|
chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make
|
|
- chown -R $UID:$GID /go
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- make -C build.assets release-arm64
|
|
environment:
|
|
ARCH: arm64
|
|
GID: "1000"
|
|
GOCACHE: /go/cache
|
|
GOPATH: /go
|
|
OS: linux
|
|
UID: "1000"
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Send Slack notification
|
|
image: plugins/slack
|
|
settings:
|
|
webhook:
|
|
from_secret: SLACK_WEBHOOK_DEV_TELEPORT
|
|
template:
|
|
- |
|
|
*{{#success build.status}}✔{{ else }}✘{{/success}} {{ uppercasefirst build.status }}: Build #{{ build.number }}* (type: `{{ build.event }}`)
|
|
`${DRONE_STAGE_NAME}` artifact build failed.
|
|
*Warning:* This is a genuine failure to build the Teleport binary from `{{ build.branch }}` (likely due to a bad merge or commit) and should be investigated immediately.
|
|
Commit: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commit/{{ build.commit }}|{{ truncate build.commit 8 }}>
|
|
Branch: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commits/{{ build.branch }}|{{ repo.owner }}/{{ repo.name }}:{{ build.branch }}>
|
|
Author: <https://github.com/{{ build.author }}|{{ build.author }}>
|
|
<{{ build.link }}|Visit Drone build page ↗>
|
|
when:
|
|
status:
|
|
- failure
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: teleport-docker-cron
|
|
|
|
trigger:
|
|
cron:
|
|
- teleport-docker-cron
|
|
repo:
|
|
include:
|
|
- gravitational/teleport
|
|
|
|
workspace:
|
|
path: /go
|
|
|
|
clone:
|
|
disable: false
|
|
|
|
steps:
|
|
- name: Set up variables and Dockerfile
|
|
image: docker:git
|
|
environment:
|
|
# increment these variables when a new major/minor version is released to bump the automatic builds
|
|
# this only needs to be done on the master branch, as that's the branch that the Drone cron is configured for
|
|
# build major version images which are just teleport:x
|
|
CURRENT_VERSION_ROOT: v9
|
|
PREVIOUS_VERSION_ONE_ROOT: v8
|
|
PREVIOUS_VERSION_TWO_ROOT: v7
|
|
commands:
|
|
- apk --update --no-cache add curl go
|
|
- mkdir -p /go/build && cd /go/build
|
|
# CURRENT_VERSION (9)
|
|
- (cd /go/build.assets/tooling && go run ./cmd/query-latest $CURRENT_VERSION_ROOT > /go/build/CURRENT_VERSION_TAG.txt)
|
|
- echo "$(cat /go/build/CURRENT_VERSION_TAG.txt | cut -d. -f1 | tr -d '^v')" > /go/build/CURRENT_VERSION_TAG_GENERIC.txt
|
|
# PREVIOUS_VERSION_ONE (8)
|
|
- (cd /go/build.assets/tooling && go run ./cmd/query-latest $PREVIOUS_VERSION_ONE_ROOT > /go/build/PREVIOUS_VERSION_ONE_TAG.txt)
|
|
- echo "$(cat /go/build/PREVIOUS_VERSION_ONE_TAG.txt | cut -d. -f1 | tr -d '^v')" > /go/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt
|
|
# PREVIOUS_VERSION_TWO (7)
|
|
- (cd /go/build.assets/tooling && go run ./cmd/query-latest $PREVIOUS_VERSION_TWO_ROOT > /go/build/PREVIOUS_VERSION_TWO_TAG.txt)
|
|
- echo "$(cat /go/build/PREVIOUS_VERSION_TWO_TAG.txt | cut -d. -f1 | tr -d '^v')" > /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt
|
|
# list versions
|
|
- for FILE in /go/build/*.txt; do echo $FILE; cat $FILE; done
|
|
# get Dockerfiles
|
|
- curl -Ls -o /go/build/Dockerfile-cron https://raw.githubusercontent.com/gravitational/teleport/${DRONE_SOURCE_BRANCH:-master}/build.assets/Dockerfile-cron
|
|
# wait for Docker to be ready
|
|
- sleep 3
|
|
|
|
- name: Build and push Teleport containers (CURRENT_VERSION)
|
|
image: docker
|
|
environment:
|
|
OS: linux
|
|
ARCH: amd64
|
|
settings:
|
|
username:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
password:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
commands:
|
|
- export VERSION_TAG=$(cat /go/build/CURRENT_VERSION_TAG.txt)
|
|
- export OSS_IMAGE_NAME="quay.io/gravitational/teleport:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)"
|
|
- export ENT_IMAGE_NAME="quay.io/gravitational/teleport-ent:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)"
|
|
- export ENT_FIPS_IMAGE_NAME="quay.io/gravitational/teleport-ent:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)-fips"
|
|
- docker login -u="$PLUGIN_USERNAME" -p="$PLUGIN_PASSWORD" quay.io
|
|
# OSS
|
|
- docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $OSS_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build
|
|
- docker push $OSS_IMAGE_NAME
|
|
# Enterprise
|
|
- docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build
|
|
- docker push $ENT_IMAGE_NAME
|
|
# Enterprise FIPS
|
|
- docker build --target teleport-fips --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg EXTRA_DOWNLOAD_ARGS="-fips" --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_FIPS_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build
|
|
- docker push $ENT_FIPS_IMAGE_NAME
|
|
|
|
- name: Build and push Teleport containers (PREVIOUS_VERSION_ONE)
|
|
image: docker
|
|
environment:
|
|
OS: linux
|
|
ARCH: amd64
|
|
settings:
|
|
username:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
password:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
commands:
|
|
- export VERSION_TAG=$(cat /go/build/PREVIOUS_VERSION_ONE_TAG.txt)
|
|
- export OSS_IMAGE_NAME="quay.io/gravitational/teleport:$(cat /go/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt)"
|
|
- export ENT_IMAGE_NAME="quay.io/gravitational/teleport-ent:$(cat /go/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt)"
|
|
- export ENT_FIPS_IMAGE_NAME="quay.io/gravitational/teleport-ent:$(cat /go/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt)-fips"
|
|
- docker login -u="$PLUGIN_USERNAME" -p="$PLUGIN_PASSWORD" quay.io
|
|
# OSS
|
|
- docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $OSS_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build
|
|
- docker push $OSS_IMAGE_NAME
|
|
# Enterprise
|
|
- docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build
|
|
- docker push $ENT_IMAGE_NAME
|
|
# Enterprise FIPS
|
|
- docker build --target teleport-fips --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg EXTRA_DOWNLOAD_ARGS="-fips" --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_FIPS_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build
|
|
- docker push $ENT_FIPS_IMAGE_NAME
|
|
|
|
- name: Build and push Teleport containers (PREVIOUS_VERSION_TWO)
|
|
image: docker
|
|
environment:
|
|
OS: linux
|
|
ARCH: amd64
|
|
settings:
|
|
username:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
password:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
commands:
|
|
- export VERSION_TAG=$(cat /go/build/PREVIOUS_VERSION_TWO_TAG.txt)
|
|
- export OSS_IMAGE_NAME="quay.io/gravitational/teleport:$(cat /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt)"
|
|
- export ENT_IMAGE_NAME="quay.io/gravitational/teleport-ent:$(cat /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt)"
|
|
- export ENT_FIPS_IMAGE_NAME="quay.io/gravitational/teleport-ent:$(cat /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt)-fips"
|
|
- docker login -u="$PLUGIN_USERNAME" -p="$PLUGIN_PASSWORD" quay.io
|
|
# OSS
|
|
- docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $OSS_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build
|
|
- docker push $OSS_IMAGE_NAME
|
|
# Enterprise
|
|
- docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build
|
|
- docker push $ENT_IMAGE_NAME
|
|
# Enterprise FIPS
|
|
- docker build --target teleport-fips --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg EXTRA_DOWNLOAD_ARGS="-fips" --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_FIPS_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build
|
|
- docker push $ENT_FIPS_IMAGE_NAME
|
|
|
|
- name: Build/push Teleport Lab Docker image
|
|
image: docker:git
|
|
environment:
|
|
OS: linux
|
|
ARCH: amd64
|
|
settings:
|
|
username:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
password:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
commands:
|
|
- export TELEPORT_TAG=$(cat /go/build/CURRENT_VERSION_TAG.txt | tr -d '^v')
|
|
- export TELEPORT_LAB_IMAGE_NAME="quay.io/gravitational/teleport-lab:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)"
|
|
# Check out code
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git init && git remote add origin ${DRONE_REMOTE_URL}
|
|
- git fetch origin
|
|
- git checkout -qf ${DRONE_COMMIT_SHA}
|
|
# Build and push Teleport lab image
|
|
- docker login -u="$PLUGIN_USERNAME" -p="$PLUGIN_PASSWORD" quay.io
|
|
- docker build --build-arg TELEPORT_TAG=$TELEPORT_TAG -t $TELEPORT_LAB_IMAGE_NAME /go/src/github.com/gravitational/teleport/docker/sshd
|
|
- docker push $TELEPORT_LAB_IMAGE_NAME
|
|
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: teleport-helm-cron
|
|
|
|
trigger:
|
|
cron:
|
|
- teleport-helm-cron
|
|
repo:
|
|
include:
|
|
- gravitational/teleport
|
|
|
|
workspace:
|
|
path: /go
|
|
|
|
clone:
|
|
disable: true
|
|
|
|
steps:
|
|
- name: Check out code
|
|
image: alpine/git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_COMMIT}
|
|
- mkdir -p /go/chart
|
|
- cd /go/chart
|
|
|
|
- name: Download chart repo contents
|
|
image: amazon/aws-cli
|
|
environment:
|
|
AWS_S3_BUCKET:
|
|
from_secret: PRODUCTION_CHARTS_AWS_S3_BUCKET
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: PRODUCTION_CHARTS_AWS_ACCESS_KEY_ID
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: PRODUCTION_CHARTS_AWS_SECRET_ACCESS_KEY
|
|
commands:
|
|
- mkdir -p /go/chart
|
|
# download all previously packaged chart versions from the S3 bucket
|
|
- aws s3 sync s3://$AWS_S3_BUCKET/ /go/chart
|
|
|
|
- name: Package helm charts
|
|
image: alpine/helm:latest
|
|
commands:
|
|
- cd /go/chart
|
|
- helm package /go/src/github.com/gravitational/teleport/examples/chart/teleport-cluster
|
|
- helm package /go/src/github.com/gravitational/teleport/examples/chart/teleport-kube-agent
|
|
# copy index.html to root of the S3 bucket
|
|
- cp /go/src/github.com/gravitational/teleport/examples/chart/index.html /go/chart
|
|
# this will index all previous versions of the charts downloaded from the S3 bucket,
|
|
# plus the just-packaged charts listed above
|
|
- helm repo index /go/chart
|
|
|
|
- name: Upload to S3
|
|
image: plugins/s3
|
|
settings:
|
|
bucket:
|
|
from_secret: PRODUCTION_CHARTS_AWS_S3_BUCKET
|
|
access_key:
|
|
from_secret: PRODUCTION_CHARTS_AWS_ACCESS_KEY_ID
|
|
secret_key:
|
|
from_secret: PRODUCTION_CHARTS_AWS_SECRET_ACCESS_KEY
|
|
region: us-east-2
|
|
acl: public-read
|
|
source: /go/chart/*
|
|
target: /
|
|
strip_prefix: /go/chart
|
|
|
|
- name: Send Slack notification
|
|
image: plugins/slack
|
|
settings:
|
|
webhook:
|
|
from_secret: SLACK_WEBHOOK_DEV_TELEPORT
|
|
template: |
|
|
*{{#success build.status}}✔{{ else }}✘{{/success}} {{ uppercasefirst build.status }}: Build #{{ build.number }}* (type: `{{ build.event }}`)
|
|
Details: The `teleport-helm-cron` job in Drone failed to publish Helm charts to S3. This is unusual and should be investigated.
|
|
Commit: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commit/{{ build.commit }}|{{ truncate build.commit 8 }}>
|
|
Branch: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commits/{{ build.branch }}|{{ build.branch }}>
|
|
Author: <https://github.com/{{ build.author }}|{{ build.author }}>
|
|
<{{ build.link }}|Visit Drone build page ↗>
|
|
when:
|
|
status: [failure]
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go:250
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-amd64-centos7
|
|
environment:
|
|
BUILDBOX_VERSION: teleport10
|
|
RUNTIME: go1.18.3
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- |-
|
|
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
|
|
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
|
|
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
|
|
exit 1
|
|
fi
|
|
echo "$$VERSION" > /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make
|
|
- chown -R $UID:$GID /go
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- make -C build.assets release-amd64-centos7
|
|
environment:
|
|
ARCH: amd64
|
|
GID: "1000"
|
|
GOCACHE: /go/cache
|
|
GOPATH: /go
|
|
OS: linux
|
|
UID: "1000"
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find . -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- mv /go/artifacts/teleport-v$${VERSION}-linux-amd64-bin.tar.gz /go/artifacts/teleport-v$${VERSION}-linux-amd64-centos7-bin.tar.gz
|
|
- mv /go/artifacts/teleport-ent-v$${VERSION}-linux-amd64-bin.tar.gz /go/artifacts/teleport-ent-v$${VERSION}-linux-amd64-centos7-bin.tar.gz
|
|
- cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256;
|
|
done && ls -l
|
|
- name: Upload to S3
|
|
image: plugins/s3
|
|
settings:
|
|
access_key:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
bucket:
|
|
from_secret: AWS_S3_BUCKET
|
|
region: us-west-2
|
|
secret_key:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
source: /go/artifacts/*
|
|
strip_prefix: /go/artifacts/
|
|
target: teleport/tag/${DRONE_TAG##v}
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
for file in $(find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*'); do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
if [ "$name" = "tsh" ]; then
|
|
products="teleport teleport-ent";
|
|
else
|
|
products="$name"
|
|
fi
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="Linux 64-bit (RHEL/CentOS 7.x compatible)" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets";
|
|
|
|
for product in $products; do
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename $file)"
|
|
done
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT_STAGING
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY_STAGING
|
|
failure: ignore
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go:250
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-amd64-centos7-fips
|
|
environment:
|
|
BUILDBOX_VERSION: teleport10
|
|
RUNTIME: go1.18.3
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- |-
|
|
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
|
|
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
|
|
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
|
|
exit 1
|
|
fi
|
|
echo "$$VERSION" > /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make
|
|
- chown -R $UID:$GID /go
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- make -C build.assets release-amd64-centos7-fips
|
|
environment:
|
|
ARCH: amd64
|
|
FIPS: "yes"
|
|
GID: "1000"
|
|
GOCACHE: /go/cache
|
|
GOPATH: /go
|
|
OS: linux
|
|
UID: "1000"
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- mv /go/artifacts/teleport-ent-v$${VERSION}-linux-amd64-fips-bin.tar.gz /go/artifacts/teleport-ent-v$${VERSION}-linux-amd64-centos7-fips-bin.tar.gz
|
|
- cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256;
|
|
done && ls -l
|
|
- name: Upload to S3
|
|
image: plugins/s3
|
|
settings:
|
|
access_key:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
bucket:
|
|
from_secret: AWS_S3_BUCKET
|
|
region: us-west-2
|
|
secret_key:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
source: /go/artifacts/*
|
|
strip_prefix: /go/artifacts/
|
|
target: teleport/tag/${DRONE_TAG##v}
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
for file in $(find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*'); do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
if [ "$name" = "tsh" ]; then
|
|
products="teleport teleport-ent";
|
|
else
|
|
products="$name"
|
|
fi
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="Linux 64-bit (RHEL/CentOS 7.x compatible, FedRAMP/FIPS)" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets";
|
|
|
|
for product in $products; do
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename $file)"
|
|
done
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT_STAGING
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY_STAGING
|
|
failure: ignore
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go:250
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-amd64
|
|
environment:
|
|
BUILDBOX_VERSION: teleport10
|
|
RUNTIME: go1.18.3
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- |-
|
|
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
|
|
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
|
|
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
|
|
exit 1
|
|
fi
|
|
echo "$$VERSION" > /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make
|
|
- chown -R $UID:$GID /go
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- make -C build.assets release-amd64
|
|
environment:
|
|
ARCH: amd64
|
|
GID: "1000"
|
|
GOCACHE: /go/cache
|
|
GOPATH: /go
|
|
OS: linux
|
|
UID: "1000"
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find . -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256;
|
|
done && ls -l
|
|
- name: Upload to S3
|
|
image: plugins/s3
|
|
settings:
|
|
access_key:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
bucket:
|
|
from_secret: AWS_S3_BUCKET
|
|
region: us-west-2
|
|
secret_key:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
source: /go/artifacts/*
|
|
strip_prefix: /go/artifacts/
|
|
target: teleport/tag/${DRONE_TAG##v}
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
for file in $(find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*'); do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
if [ "$name" = "tsh" ]; then
|
|
products="teleport teleport-ent";
|
|
else
|
|
products="$name"
|
|
fi
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="Linux 64-bit" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets";
|
|
|
|
for product in $products; do
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename $file)"
|
|
done
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT_STAGING
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY_STAGING
|
|
failure: ignore
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go:250
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-amd64-fips
|
|
environment:
|
|
BUILDBOX_VERSION: teleport10
|
|
RUNTIME: go1.18.3
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- |-
|
|
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
|
|
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
|
|
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
|
|
exit 1
|
|
fi
|
|
echo "$$VERSION" > /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make
|
|
- chown -R $UID:$GID /go
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- make -C build.assets release-amd64-fips
|
|
environment:
|
|
ARCH: amd64
|
|
FIPS: "yes"
|
|
GID: "1000"
|
|
GOCACHE: /go/cache
|
|
GOPATH: /go
|
|
OS: linux
|
|
UID: "1000"
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256;
|
|
done && ls -l
|
|
- name: Upload to S3
|
|
image: plugins/s3
|
|
settings:
|
|
access_key:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
bucket:
|
|
from_secret: AWS_S3_BUCKET
|
|
region: us-west-2
|
|
secret_key:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
source: /go/artifacts/*
|
|
strip_prefix: /go/artifacts/
|
|
target: teleport/tag/${DRONE_TAG##v}
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
for file in $(find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*'); do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
if [ "$name" = "tsh" ]; then
|
|
products="teleport teleport-ent";
|
|
else
|
|
products="$name"
|
|
fi
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="Linux 64-bit (FedRAMP/FIPS)" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets";
|
|
|
|
for product in $products; do
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename $file)"
|
|
done
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT_STAGING
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY_STAGING
|
|
failure: ignore
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go:461
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-amd64-centos7-rpm
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
depends_on:
|
|
- build-linux-amd64-centos7
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- |-
|
|
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
|
|
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
|
|
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
|
|
exit 1
|
|
fi
|
|
echo "$$VERSION" > /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Download artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
|
|
export S3_PATH="tag/"; fi
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-amd64-centos7-bin.tar.gz
|
|
/go/artifacts/
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-centos7-bin.tar.gz
|
|
/go/artifacts/
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache bash curl gzip make tar go
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- mkdir -m0700 $GNUPG_DIR
|
|
- echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPG_DIR
|
|
- chown -R root:root $GNUPG_DIR
|
|
- make rpm
|
|
- rm -rf $GNUPG_DIR
|
|
environment:
|
|
ARCH: amd64
|
|
ENT_TARBALL_PATH: /go/artifacts
|
|
GNUPG_DIR: /tmpfs/gnupg
|
|
GPG_RPM_SIGNING_ARCHIVE:
|
|
from_secret: GPG_RPM_SIGNING_ARCHIVE
|
|
OSS_TARBALL_PATH: /go/artifacts
|
|
TMPDIR: /go
|
|
volumes:
|
|
- name: tmpfs
|
|
path: /tmpfs
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- find e/build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- name: Upload to S3
|
|
image: plugins/s3
|
|
settings:
|
|
access_key:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
bucket:
|
|
from_secret: AWS_S3_BUCKET
|
|
region: us-west-2
|
|
secret_key:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
source: /go/artifacts/*
|
|
strip_prefix: /go/artifacts/
|
|
target: teleport/tag/${DRONE_TAG##v}
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
for file in $(find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*'); do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
if [ "$name" = "tsh" ]; then
|
|
products="teleport teleport-ent";
|
|
else
|
|
products="$name"
|
|
fi
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="Linux 64-bit RPM (RHEL/CentOS 7.x compatible)" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets";
|
|
|
|
for product in $products; do
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename $file)"
|
|
done
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT_STAGING
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY_STAGING
|
|
failure: ignore
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: tmpfs
|
|
path: /tmpfs
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: tmpfs
|
|
temp:
|
|
medium: memory
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go:461
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-amd64-centos7-fips-rpm
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
depends_on:
|
|
- build-linux-amd64-centos7-fips
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- |-
|
|
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
|
|
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
|
|
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
|
|
exit 1
|
|
fi
|
|
echo "$$VERSION" > /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Download artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
|
|
export S3_PATH="tag/"; fi
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-centos7-fips-bin.tar.gz
|
|
/go/artifacts/
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache bash curl gzip make tar go
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- mkdir -m0700 $GNUPG_DIR
|
|
- echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPG_DIR
|
|
- chown -R root:root $GNUPG_DIR
|
|
- make -C e rpm
|
|
- rm -rf $GNUPG_DIR
|
|
environment:
|
|
ARCH: amd64
|
|
ENT_TARBALL_PATH: /go/artifacts
|
|
FIPS: "yes"
|
|
GNUPG_DIR: /tmpfs/gnupg
|
|
GPG_RPM_SIGNING_ARCHIVE:
|
|
from_secret: GPG_RPM_SIGNING_ARCHIVE
|
|
RUNTIME: fips
|
|
TMPDIR: /go
|
|
volumes:
|
|
- name: tmpfs
|
|
path: /tmpfs
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find e/build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- name: Upload to S3
|
|
image: plugins/s3
|
|
settings:
|
|
access_key:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
bucket:
|
|
from_secret: AWS_S3_BUCKET
|
|
region: us-west-2
|
|
secret_key:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
source: /go/artifacts/*
|
|
strip_prefix: /go/artifacts/
|
|
target: teleport/tag/${DRONE_TAG##v}
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
for file in $(find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*'); do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
if [ "$name" = "tsh" ]; then
|
|
products="teleport teleport-ent";
|
|
else
|
|
products="$name"
|
|
fi
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="Linux 64-bit RPM (RHEL/CentOS 7.x compatible, FedRAMP/FIPS)" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets";
|
|
|
|
for product in $products; do
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename $file)"
|
|
done
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT_STAGING
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY_STAGING
|
|
failure: ignore
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: tmpfs
|
|
path: /tmpfs
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: tmpfs
|
|
temp:
|
|
medium: memory
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go:461
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-amd64-deb
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
depends_on:
|
|
- build-linux-amd64
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- |-
|
|
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
|
|
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
|
|
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
|
|
exit 1
|
|
fi
|
|
echo "$$VERSION" > /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Download artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
|
|
export S3_PATH="tag/"; fi
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-amd64-bin.tar.gz
|
|
/go/artifacts/
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-bin.tar.gz
|
|
/go/artifacts/
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache bash curl gzip make tar
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- make deb
|
|
environment:
|
|
ARCH: amd64
|
|
ENT_TARBALL_PATH: /go/artifacts
|
|
OSS_TARBALL_PATH: /go/artifacts
|
|
TMPDIR: /go
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- find e/build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- name: Upload to S3
|
|
image: plugins/s3
|
|
settings:
|
|
access_key:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
bucket:
|
|
from_secret: AWS_S3_BUCKET
|
|
region: us-west-2
|
|
secret_key:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
source: /go/artifacts/*
|
|
strip_prefix: /go/artifacts/
|
|
target: teleport/tag/${DRONE_TAG##v}
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
for file in $(find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*'); do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
if [ "$name" = "tsh" ]; then
|
|
products="teleport teleport-ent";
|
|
else
|
|
products="$name"
|
|
fi
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="Linux 64-bit DEB" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets";
|
|
|
|
for product in $products; do
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename $file)"
|
|
done
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT_STAGING
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY_STAGING
|
|
failure: ignore
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go:461
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-amd64-fips-deb
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
depends_on:
|
|
- build-linux-amd64-fips
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- |-
|
|
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
|
|
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
|
|
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
|
|
exit 1
|
|
fi
|
|
echo "$$VERSION" > /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Download artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
|
|
export S3_PATH="tag/"; fi
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-fips-bin.tar.gz
|
|
/go/artifacts/
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache bash curl gzip make tar
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- make -C e deb
|
|
environment:
|
|
ARCH: amd64
|
|
ENT_TARBALL_PATH: /go/artifacts
|
|
FIPS: "yes"
|
|
RUNTIME: fips
|
|
TMPDIR: /go
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find e/build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- name: Upload to S3
|
|
image: plugins/s3
|
|
settings:
|
|
access_key:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
bucket:
|
|
from_secret: AWS_S3_BUCKET
|
|
region: us-west-2
|
|
secret_key:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
source: /go/artifacts/*
|
|
strip_prefix: /go/artifacts/
|
|
target: teleport/tag/${DRONE_TAG##v}
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
for file in $(find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*'); do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
if [ "$name" = "tsh" ]; then
|
|
products="teleport teleport-ent";
|
|
else
|
|
products="$name"
|
|
fi
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="Linux 64-bit DEB (FedRAMP/FIPS)" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets";
|
|
|
|
for product in $products; do
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename $file)"
|
|
done
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT_STAGING
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY_STAGING
|
|
failure: ignore
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go:250
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-386
|
|
environment:
|
|
BUILDBOX_VERSION: teleport10
|
|
RUNTIME: go1.18.3
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- |-
|
|
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
|
|
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
|
|
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
|
|
exit 1
|
|
fi
|
|
echo "$$VERSION" > /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make
|
|
- chown -R $UID:$GID /go
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- make -C build.assets release-386
|
|
environment:
|
|
ARCH: "386"
|
|
GID: "1000"
|
|
GOCACHE: /go/cache
|
|
GOPATH: /go
|
|
OS: linux
|
|
UID: "1000"
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find . -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256;
|
|
done && ls -l
|
|
- name: Upload to S3
|
|
image: plugins/s3
|
|
settings:
|
|
access_key:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
bucket:
|
|
from_secret: AWS_S3_BUCKET
|
|
region: us-west-2
|
|
secret_key:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
source: /go/artifacts/*
|
|
strip_prefix: /go/artifacts/
|
|
target: teleport/tag/${DRONE_TAG##v}
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
for file in $(find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*'); do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
if [ "$name" = "tsh" ]; then
|
|
products="teleport teleport-ent";
|
|
else
|
|
products="$name"
|
|
fi
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="Linux 32-bit" -F os="linux" -F arch="386" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets";
|
|
|
|
for product in $products; do
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename $file)"
|
|
done
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT_STAGING
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY_STAGING
|
|
failure: ignore
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go:461
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-386-rpm
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
depends_on:
|
|
- build-linux-386
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- |-
|
|
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
|
|
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
|
|
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
|
|
exit 1
|
|
fi
|
|
echo "$$VERSION" > /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Download artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
|
|
export S3_PATH="tag/"; fi
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-386-bin.tar.gz
|
|
/go/artifacts/
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-386-bin.tar.gz
|
|
/go/artifacts/
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache bash curl gzip make tar go
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- mkdir -m0700 $GNUPG_DIR
|
|
- echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPG_DIR
|
|
- chown -R root:root $GNUPG_DIR
|
|
- make rpm
|
|
- rm -rf $GNUPG_DIR
|
|
environment:
|
|
ARCH: "386"
|
|
ENT_TARBALL_PATH: /go/artifacts
|
|
GNUPG_DIR: /tmpfs/gnupg
|
|
GPG_RPM_SIGNING_ARCHIVE:
|
|
from_secret: GPG_RPM_SIGNING_ARCHIVE
|
|
OSS_TARBALL_PATH: /go/artifacts
|
|
TMPDIR: /go
|
|
volumes:
|
|
- name: tmpfs
|
|
path: /tmpfs
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- find e/build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- name: Upload to S3
|
|
image: plugins/s3
|
|
settings:
|
|
access_key:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
bucket:
|
|
from_secret: AWS_S3_BUCKET
|
|
region: us-west-2
|
|
secret_key:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
source: /go/artifacts/*
|
|
strip_prefix: /go/artifacts/
|
|
target: teleport/tag/${DRONE_TAG##v}
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
for file in $(find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*'); do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
if [ "$name" = "tsh" ]; then
|
|
products="teleport teleport-ent";
|
|
else
|
|
products="$name"
|
|
fi
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="Linux 32-bit RPM" -F os="linux" -F arch="386" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets";
|
|
|
|
for product in $products; do
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename $file)"
|
|
done
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT_STAGING
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY_STAGING
|
|
failure: ignore
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: tmpfs
|
|
path: /tmpfs
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: tmpfs
|
|
temp:
|
|
medium: memory
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go:461
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-386-deb
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
depends_on:
|
|
- build-linux-386
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- |-
|
|
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
|
|
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
|
|
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
|
|
exit 1
|
|
fi
|
|
echo "$$VERSION" > /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Download artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
|
|
export S3_PATH="tag/"; fi
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-386-bin.tar.gz
|
|
/go/artifacts/
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-386-bin.tar.gz
|
|
/go/artifacts/
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache bash curl gzip make tar
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- make deb
|
|
environment:
|
|
ARCH: "386"
|
|
ENT_TARBALL_PATH: /go/artifacts
|
|
OSS_TARBALL_PATH: /go/artifacts
|
|
TMPDIR: /go
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- find e/build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- name: Upload to S3
|
|
image: plugins/s3
|
|
settings:
|
|
access_key:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
bucket:
|
|
from_secret: AWS_S3_BUCKET
|
|
region: us-west-2
|
|
secret_key:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
source: /go/artifacts/*
|
|
strip_prefix: /go/artifacts/
|
|
target: teleport/tag/${DRONE_TAG##v}
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
for file in $(find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*'); do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
if [ "$name" = "tsh" ]; then
|
|
products="teleport teleport-ent";
|
|
else
|
|
products="$name"
|
|
fi
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="Linux 32-bit DEB" -F os="linux" -F arch="386" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets";
|
|
|
|
for product in $products; do
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename $file)"
|
|
done
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT_STAGING
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY_STAGING
|
|
failure: ignore
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/mac.go:39
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: exec
|
|
name: build-darwin-amd64
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /tmp/build-darwin-amd64
|
|
platform:
|
|
os: darwin
|
|
arch: amd64
|
|
clone:
|
|
disable: true
|
|
concurrency:
|
|
limit: 1
|
|
steps:
|
|
- name: Set up exec runner storage
|
|
commands:
|
|
- set -u
|
|
- mkdir -p $WORKSPACE_DIR
|
|
- chmod -R u+rw $WORKSPACE_DIR
|
|
- rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64
|
|
- name: Check out code
|
|
commands:
|
|
- set -u
|
|
- mkdir -p $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -p $WORKSPACE_DIR/go/src/github.com/gravitational/webapps
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/webapps
|
|
- git clone https://github.com/gravitational/webapps.git .
|
|
- git checkout $(go run $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets/tooling/cmd/get-webapps-version/main.go)
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- mkdir -m 0700 $WORKSPACE_DIR/.ssh && echo "$GITHUB_PRIVATE_KEY" > $WORKSPACE_DIR/.ssh/id_rsa
|
|
&& chmod 600 $WORKSPACE_DIR/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > $WORKSPACE_DIR/.ssh/known_hosts 2>/dev/null
|
|
- chmod 600 $WORKSPACE_DIR/.ssh/known_hosts
|
|
- GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts
|
|
-F /dev/null' git submodule update --init e
|
|
- GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts
|
|
-F /dev/null' git submodule update --init --recursive webassets || true
|
|
- rm -rf $WORKSPACE_DIR/.ssh
|
|
- mkdir -p $WORKSPACE_DIR/go/cache
|
|
- mkdir -p $WORKSPACE_DIR/go/artifacts
|
|
- echo "${DRONE_TAG##v}" > $WORKSPACE_DIR/go/.version.txt
|
|
- cat $WORKSPACE_DIR/go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64
|
|
- name: Install Go Toolchain
|
|
commands:
|
|
- set -u
|
|
- mkdir -p /tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains
|
|
- curl --silent -O https://dl.google.com/go/$RUNTIME.darwin-amd64.tar.gz
|
|
- tar -C /tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains -xzf $RUNTIME.darwin-amd64.tar.gz
|
|
- rm -rf $RUNTIME.darwin-amd64.tar.gz
|
|
environment:
|
|
RUNTIME: go1.18.3
|
|
- name: Install Rust Toolchain
|
|
commands:
|
|
- set -u
|
|
- export PATH=/Users/$(whoami)/.cargo/bin:$PATH
|
|
- mkdir -p /tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains
|
|
- export RUST_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets
|
|
print-rust-version)
|
|
- export CARGO_HOME=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains/cargo
|
|
- export RUST_HOME=$CARGO_HOME
|
|
- export RUSTUP_HOME=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains/rustup
|
|
- rustup toolchain install $RUST_VERSION
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64
|
|
- name: Install Node Toolchain
|
|
commands:
|
|
- set -u
|
|
- export NODE_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets
|
|
print-node-version)
|
|
- export TOOLCHAIN_DIR=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains
|
|
- export NODE_DIR=$TOOLCHAIN_DIR/node-v$NODE_VERSION-darwin-x64
|
|
- mkdir -p $TOOLCHAIN_DIR
|
|
- curl --silent -O https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-darwin-x64.tar.gz
|
|
- tar -C $TOOLCHAIN_DIR -xzf node-v$NODE_VERSION-darwin-x64.tar.gz
|
|
- rm -f node-v$NODE_VERSION-darwin-x64.tar.gz
|
|
- export PATH=$NODE_DIR/bin:$PATH
|
|
- corepack enable yarn
|
|
- echo Node reporting version $(node --version)
|
|
- echo Yarn reporting version $(yarn --version)
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64
|
|
- name: Build Mac release artifacts
|
|
commands:
|
|
- set -u
|
|
- echo HOME=$${HOME}
|
|
- export HOME=/Users/$(whoami)
|
|
- export TOOLCHAIN_DIR=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains
|
|
- export NODE_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets
|
|
print-node-version)
|
|
- export RUST_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets
|
|
print-rust-version)
|
|
- export CARGO_HOME=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains/cargo
|
|
- export RUST_HOME=$CARGO_HOME
|
|
- export RUSTUP_HOME=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains/rustup
|
|
- export NODE_HOME=$TOOLCHAIN_DIR/node-v$NODE_VERSION-darwin-x64
|
|
- export PATH=$TOOLCHAIN_DIR/go/bin:$CARGO_HOME/bin:/Users/build/.cargo/bin:$NODE_HOME/bin:$PATH
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- build.assets/build-fido2-macos.sh build
|
|
- export PKG_CONFIG_PATH="$(build.assets/build-fido2-macos.sh pkg_config_path)"
|
|
- rustup override set $RUST_VERSION
|
|
- security unlock-keychain -p $${BUILDBOX_PASSWORD} login.keychain
|
|
- security find-identity -v
|
|
- make clean release OS=$OS ARCH=$ARCH FIDO2=yes TOUCHID=yes
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/webapps
|
|
- yarn install --frozen-lockfile && yarn build-term && yarn package-term
|
|
environment:
|
|
APPLE_PASSWORD:
|
|
from_secret: APPLE_PASSWORD
|
|
APPLE_USERNAME:
|
|
from_secret: APPLE_USERNAME
|
|
ARCH: amd64
|
|
BUILDBOX_PASSWORD:
|
|
from_secret: BUILDBOX_PASSWORD
|
|
GOCACHE: /tmp/build-darwin-amd64/go/cache
|
|
GOPATH: /tmp/build-darwin-amd64/go
|
|
OS: darwin
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64
|
|
- name: Copy Mac artifacts
|
|
commands:
|
|
- set -u
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- cp teleport*.tar.gz $WORKSPACE_DIR/go/artifacts
|
|
- cp e/teleport-ent*.tar.gz $WORKSPACE_DIR/go/artifacts
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/webapps/packages/teleterm/build/release
|
|
- cp *.dmg $WORKSPACE_DIR/go/artifacts
|
|
- cd $WORKSPACE_DIR/go/artifacts && for FILE in teleport*.tar.gz; do shasum -a 256
|
|
$FILE > $FILE.sha256; done && ls -l
|
|
- cd $WORKSPACE_DIR/go/artifacts && for FILE in *.dmg; do shasum -a 256 "$FILE"
|
|
> "$FILE.sha256"; done && ls -l
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64
|
|
- name: Upload to S3
|
|
commands:
|
|
- set -u
|
|
- cd $WORKSPACE_DIR/go/artifacts
|
|
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64
|
|
- name: Register artifacts
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
for file in $(find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*'); do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
if [ "$name" = "tsh" ]; then
|
|
products="teleport teleport-ent";
|
|
else
|
|
products="$name"
|
|
fi
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="MacOS Intel" -F os="darwin" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets";
|
|
|
|
for product in $products; do
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename $file)"
|
|
done
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT_STAGING
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY_STAGING
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64
|
|
failure: ignore
|
|
- name: Clean up toolchains (post)
|
|
commands:
|
|
- set -u
|
|
- export PATH=/Users/$(whoami)/.cargo/bin:$PATH
|
|
- export CARGO_HOME=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains/cargo
|
|
- export RUST_HOME=$CARGO_HOME
|
|
- export RUSTUP_HOME=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains/rustup
|
|
- export RUST_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets
|
|
print-rust-version)
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- rustup override unset
|
|
- rustup toolchain uninstall $RUST_VERSION
|
|
- rm -rf /tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64
|
|
when:
|
|
status:
|
|
- success
|
|
- failure
|
|
- name: Clean up exec runner storage (post)
|
|
commands:
|
|
- set -u
|
|
- chmod -R u+rw $WORKSPACE_DIR
|
|
- rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/mac.go:39
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: exec
|
|
name: build-darwin-amd64-pkg
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /tmp/build-darwin-amd64-pkg
|
|
platform:
|
|
os: darwin
|
|
arch: amd64
|
|
clone:
|
|
disable: true
|
|
depends_on:
|
|
- build-darwin-amd64
|
|
concurrency:
|
|
limit: 1
|
|
steps:
|
|
- name: Set up exec runner storage
|
|
commands:
|
|
- set -u
|
|
- mkdir -p $WORKSPACE_DIR
|
|
- chmod -R u+rw $WORKSPACE_DIR
|
|
- rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg
|
|
- name: Check out code
|
|
commands:
|
|
- set -u
|
|
- mkdir -p $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -p $WORKSPACE_DIR/go/src/github.com/gravitational/webapps
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/webapps
|
|
- git clone https://github.com/gravitational/webapps.git .
|
|
- git checkout $(go run $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets/tooling/cmd/get-webapps-version/main.go)
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- mkdir -m 0700 $WORKSPACE_DIR/.ssh && echo "$GITHUB_PRIVATE_KEY" > $WORKSPACE_DIR/.ssh/id_rsa
|
|
&& chmod 600 $WORKSPACE_DIR/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > $WORKSPACE_DIR/.ssh/known_hosts 2>/dev/null
|
|
- chmod 600 $WORKSPACE_DIR/.ssh/known_hosts
|
|
- GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts
|
|
-F /dev/null' git submodule update --init e
|
|
- GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts
|
|
-F /dev/null' git submodule update --init --recursive webassets || true
|
|
- rm -rf $WORKSPACE_DIR/.ssh
|
|
- mkdir -p $WORKSPACE_DIR/go/cache
|
|
- mkdir -p $WORKSPACE_DIR/go/artifacts
|
|
- echo "${DRONE_TAG##v}" > $WORKSPACE_DIR/go/.version.txt
|
|
- cat $WORKSPACE_DIR/go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg
|
|
- name: Download built tarball artifacts from S3
|
|
commands:
|
|
- set -u
|
|
- export VERSION=$(cat $WORKSPACE_DIR/go/.version.txt)
|
|
- export S3_PATH="tag/$${DRONE_TAG##v}/"
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-darwin-amd64-bin.tar.gz
|
|
$WORKSPACE_DIR/go/artifacts/
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-darwin-amd64-bin.tar.gz
|
|
$WORKSPACE_DIR/go/artifacts/
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg
|
|
- name: Build Mac pkg release artifacts
|
|
commands:
|
|
- set -u
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- export VERSION=$(cat $WORKSPACE_DIR/go/.version.txt)
|
|
- export HOME=/Users/build
|
|
- security unlock-keychain -p $${BUILDBOX_PASSWORD} login.keychain
|
|
- security find-identity -v
|
|
- make pkg OS=$OS ARCH=$ARCH
|
|
environment:
|
|
APPLE_PASSWORD:
|
|
from_secret: APPLE_PASSWORD
|
|
APPLE_USERNAME:
|
|
from_secret: APPLE_USERNAME
|
|
ARCH: amd64
|
|
BUILDBOX_PASSWORD:
|
|
from_secret: BUILDBOX_PASSWORD
|
|
ENT_TARBALL_PATH: /tmp/build-darwin-amd64-pkg/go/artifacts
|
|
OS: darwin
|
|
OSS_TARBALL_PATH: /tmp/build-darwin-amd64-pkg/go/artifacts
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg
|
|
- name: Copy Mac pkg artifacts
|
|
commands:
|
|
- set -u
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- rm -rf $WORKSPACE_DIR/go/artifacts/*.tar.gz
|
|
- cp build/teleport*.pkg e/build/teleport-ent*.pkg $WORKSPACE_DIR/go/artifacts/
|
|
- cd $WORKSPACE_DIR/go/artifacts && for FILE in *.pkg; do shasum -a 256 $FILE >
|
|
$FILE.sha256; done && ls -l
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg
|
|
- name: Upload to S3
|
|
commands:
|
|
- set -u
|
|
- cd $WORKSPACE_DIR/go/artifacts
|
|
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg
|
|
- name: Register artifacts
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
for file in $(find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*'); do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
if [ "$name" = "tsh" ]; then
|
|
products="teleport teleport-ent";
|
|
else
|
|
products="$name"
|
|
fi
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="MacOS Intel .pkg installer" -F os="darwin" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets";
|
|
|
|
for product in $products; do
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename $file)"
|
|
done
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT_STAGING
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY_STAGING
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg
|
|
failure: ignore
|
|
- name: Clean up exec runner storage (post)
|
|
commands:
|
|
- set -u
|
|
- chmod -R u+rw $WORKSPACE_DIR
|
|
- rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/mac.go:39
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: exec
|
|
name: build-darwin-amd64-pkg-tsh
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /tmp/build-darwin-amd64-pkg-tsh
|
|
platform:
|
|
os: darwin
|
|
arch: amd64
|
|
clone:
|
|
disable: true
|
|
depends_on:
|
|
- build-darwin-amd64
|
|
concurrency:
|
|
limit: 1
|
|
steps:
|
|
- name: Set up exec runner storage
|
|
commands:
|
|
- set -u
|
|
- mkdir -p $WORKSPACE_DIR
|
|
- chmod -R u+rw $WORKSPACE_DIR
|
|
- rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg-tsh
|
|
- name: Check out code
|
|
commands:
|
|
- set -u
|
|
- mkdir -p $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -p $WORKSPACE_DIR/go/src/github.com/gravitational/webapps
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/webapps
|
|
- git clone https://github.com/gravitational/webapps.git .
|
|
- git checkout $(go run $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets/tooling/cmd/get-webapps-version/main.go)
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- mkdir -m 0700 $WORKSPACE_DIR/.ssh && echo "$GITHUB_PRIVATE_KEY" > $WORKSPACE_DIR/.ssh/id_rsa
|
|
&& chmod 600 $WORKSPACE_DIR/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > $WORKSPACE_DIR/.ssh/known_hosts 2>/dev/null
|
|
- chmod 600 $WORKSPACE_DIR/.ssh/known_hosts
|
|
- GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts
|
|
-F /dev/null' git submodule update --init e
|
|
- GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts
|
|
-F /dev/null' git submodule update --init --recursive webassets || true
|
|
- rm -rf $WORKSPACE_DIR/.ssh
|
|
- mkdir -p $WORKSPACE_DIR/go/cache
|
|
- mkdir -p $WORKSPACE_DIR/go/artifacts
|
|
- echo "${DRONE_TAG##v}" > $WORKSPACE_DIR/go/.version.txt
|
|
- cat $WORKSPACE_DIR/go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg-tsh
|
|
- name: Download built tarball artifacts from S3
|
|
commands:
|
|
- set -u
|
|
- export VERSION=$(cat $WORKSPACE_DIR/go/.version.txt)
|
|
- export S3_PATH="tag/$${DRONE_TAG##v}/"
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-darwin-amd64-bin.tar.gz
|
|
$WORKSPACE_DIR/go/artifacts/
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-darwin-amd64-bin.tar.gz
|
|
$WORKSPACE_DIR/go/artifacts/
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg-tsh
|
|
- name: Build Mac pkg release artifacts
|
|
commands:
|
|
- set -u
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- export VERSION=$(cat $WORKSPACE_DIR/go/.version.txt)
|
|
- export HOME=/Users/build
|
|
- security unlock-keychain -p $${BUILDBOX_PASSWORD} login.keychain
|
|
- security find-identity -v
|
|
- make pkg-tsh OS=$OS ARCH=$ARCH
|
|
environment:
|
|
APPLE_PASSWORD:
|
|
from_secret: APPLE_PASSWORD
|
|
APPLE_USERNAME:
|
|
from_secret: APPLE_USERNAME
|
|
ARCH: amd64
|
|
BUILDBOX_PASSWORD:
|
|
from_secret: BUILDBOX_PASSWORD
|
|
ENT_TARBALL_PATH: /tmp/build-darwin-amd64-pkg-tsh/go/artifacts
|
|
OS: darwin
|
|
OSS_TARBALL_PATH: /tmp/build-darwin-amd64-pkg-tsh/go/artifacts
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg-tsh
|
|
- name: Copy Mac pkg artifacts
|
|
commands:
|
|
- set -u
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- rm -rf $WORKSPACE_DIR/go/artifacts/*.tar.gz
|
|
- cp build/tsh*.pkg $WORKSPACE_DIR/go/artifacts/
|
|
- cd $WORKSPACE_DIR/go/artifacts && for FILE in *.pkg; do shasum -a 256 $FILE >
|
|
$FILE.sha256; done && ls -l
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg-tsh
|
|
- name: Upload to S3
|
|
commands:
|
|
- set -u
|
|
- cd $WORKSPACE_DIR/go/artifacts
|
|
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg-tsh
|
|
- name: Register artifacts
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
for file in $(find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*'); do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
if [ "$name" = "tsh" ]; then
|
|
products="teleport teleport-ent";
|
|
else
|
|
products="$name"
|
|
fi
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="MacOS Intel .pkg installer (tsh client only)" -F os="darwin" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets";
|
|
|
|
for product in $products; do
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename $file)"
|
|
done
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT_STAGING
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY_STAGING
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg-tsh
|
|
failure: ignore
|
|
- name: Clean up exec runner storage (post)
|
|
commands:
|
|
- set -u
|
|
- chmod -R u+rw $WORKSPACE_DIR
|
|
- rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg-tsh
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go:250
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-arm
|
|
environment:
|
|
BUILDBOX_VERSION: teleport10
|
|
RUNTIME: go1.18.3
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- |-
|
|
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
|
|
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
|
|
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
|
|
exit 1
|
|
fi
|
|
echo "$$VERSION" > /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make
|
|
- chown -R $UID:$GID /go
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- make -C build.assets release-arm
|
|
environment:
|
|
ARCH: arm
|
|
GID: "1000"
|
|
GOCACHE: /go/cache
|
|
GOPATH: /go
|
|
OS: linux
|
|
UID: "1000"
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find . -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256;
|
|
done && ls -l
|
|
- name: Upload to S3
|
|
image: plugins/s3
|
|
settings:
|
|
access_key:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
bucket:
|
|
from_secret: AWS_S3_BUCKET
|
|
region: us-west-2
|
|
secret_key:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
source: /go/artifacts/*
|
|
strip_prefix: /go/artifacts/
|
|
target: teleport/tag/${DRONE_TAG##v}
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
for file in $(find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*'); do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
if [ "$name" = "tsh" ]; then
|
|
products="teleport teleport-ent";
|
|
else
|
|
products="$name"
|
|
fi
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="Linux ARMv7 (32-bit)" -F os="linux" -F arch="arm" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets";
|
|
|
|
for product in $products; do
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename $file)"
|
|
done
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT_STAGING
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY_STAGING
|
|
failure: ignore
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go:250
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-arm64
|
|
environment:
|
|
BUILDBOX_VERSION: teleport10
|
|
RUNTIME: go1.18.3
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- |-
|
|
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
|
|
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
|
|
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
|
|
exit 1
|
|
fi
|
|
echo "$$VERSION" > /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make
|
|
- chown -R $UID:$GID /go
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- make -C build.assets release-arm64
|
|
environment:
|
|
ARCH: arm64
|
|
GID: "1000"
|
|
GOCACHE: /go/cache
|
|
GOPATH: /go
|
|
OS: linux
|
|
UID: "1000"
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find . -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256;
|
|
done && ls -l
|
|
- name: Upload to S3
|
|
image: plugins/s3
|
|
settings:
|
|
access_key:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
bucket:
|
|
from_secret: AWS_S3_BUCKET
|
|
region: us-west-2
|
|
secret_key:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
source: /go/artifacts/*
|
|
strip_prefix: /go/artifacts/
|
|
target: teleport/tag/${DRONE_TAG##v}
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
for file in $(find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*'); do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
if [ "$name" = "tsh" ]; then
|
|
products="teleport teleport-ent";
|
|
else
|
|
products="$name"
|
|
fi
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="Linux ARM64/ARMv8 (64-bit)" -F os="linux" -F arch="arm64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets";
|
|
|
|
for product in $products; do
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename $file)"
|
|
done
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT_STAGING
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY_STAGING
|
|
failure: ignore
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go:461
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-arm64-deb
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
depends_on:
|
|
- build-linux-arm64
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- |-
|
|
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
|
|
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
|
|
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
|
|
exit 1
|
|
fi
|
|
echo "$$VERSION" > /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Download artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
|
|
export S3_PATH="tag/"; fi
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-arm64-bin.tar.gz
|
|
/go/artifacts/
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-arm64-bin.tar.gz
|
|
/go/artifacts/
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache bash curl gzip make tar
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- make deb
|
|
environment:
|
|
ARCH: arm64
|
|
ENT_TARBALL_PATH: /go/artifacts
|
|
OSS_TARBALL_PATH: /go/artifacts
|
|
TMPDIR: /go
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- find e/build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- name: Upload to S3
|
|
image: plugins/s3
|
|
settings:
|
|
access_key:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
bucket:
|
|
from_secret: AWS_S3_BUCKET
|
|
region: us-west-2
|
|
secret_key:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
source: /go/artifacts/*
|
|
strip_prefix: /go/artifacts/
|
|
target: teleport/tag/${DRONE_TAG##v}
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
for file in $(find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*'); do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
if [ "$name" = "tsh" ]; then
|
|
products="teleport teleport-ent";
|
|
else
|
|
products="$name"
|
|
fi
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="Linux ARM64/ARMv8 (64-bit) DEB" -F os="linux" -F arch="arm64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets";
|
|
|
|
for product in $products; do
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename $file)"
|
|
done
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT_STAGING
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY_STAGING
|
|
failure: ignore
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go:461
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-arm-deb
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
depends_on:
|
|
- build-linux-arm
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- |-
|
|
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
|
|
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
|
|
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
|
|
exit 1
|
|
fi
|
|
echo "$$VERSION" > /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Download artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
|
|
export S3_PATH="tag/"; fi
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-arm-bin.tar.gz
|
|
/go/artifacts/
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-arm-bin.tar.gz
|
|
/go/artifacts/
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache bash curl gzip make tar
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- make deb
|
|
environment:
|
|
ARCH: arm
|
|
ENT_TARBALL_PATH: /go/artifacts
|
|
OSS_TARBALL_PATH: /go/artifacts
|
|
TMPDIR: /go
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- find e/build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- name: Upload to S3
|
|
image: plugins/s3
|
|
settings:
|
|
access_key:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
bucket:
|
|
from_secret: AWS_S3_BUCKET
|
|
region: us-west-2
|
|
secret_key:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
source: /go/artifacts/*
|
|
strip_prefix: /go/artifacts/
|
|
target: teleport/tag/${DRONE_TAG##v}
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
for file in $(find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*'); do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
if [ "$name" = "tsh" ]; then
|
|
products="teleport teleport-ent";
|
|
else
|
|
products="$name"
|
|
fi
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="Linux ARMv7 (32-bit) DEB" -F os="linux" -F arch="arm" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets";
|
|
|
|
for product in $products; do
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename $file)"
|
|
done
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT_STAGING
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY_STAGING
|
|
failure: ignore
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go:461
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-arm64-rpm
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
depends_on:
|
|
- build-linux-arm64
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- |-
|
|
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
|
|
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
|
|
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
|
|
exit 1
|
|
fi
|
|
echo "$$VERSION" > /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Download artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
|
|
export S3_PATH="tag/"; fi
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-arm64-bin.tar.gz
|
|
/go/artifacts/
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-arm64-bin.tar.gz
|
|
/go/artifacts/
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache bash curl gzip make tar go
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- mkdir -m0700 $GNUPG_DIR
|
|
- echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPG_DIR
|
|
- chown -R root:root $GNUPG_DIR
|
|
- make rpm
|
|
- rm -rf $GNUPG_DIR
|
|
environment:
|
|
ARCH: arm64
|
|
ENT_TARBALL_PATH: /go/artifacts
|
|
GNUPG_DIR: /tmpfs/gnupg
|
|
GPG_RPM_SIGNING_ARCHIVE:
|
|
from_secret: GPG_RPM_SIGNING_ARCHIVE
|
|
OSS_TARBALL_PATH: /go/artifacts
|
|
TMPDIR: /go
|
|
volumes:
|
|
- name: tmpfs
|
|
path: /tmpfs
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- find e/build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- name: Upload to S3
|
|
image: plugins/s3
|
|
settings:
|
|
access_key:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
bucket:
|
|
from_secret: AWS_S3_BUCKET
|
|
region: us-west-2
|
|
secret_key:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
source: /go/artifacts/*
|
|
strip_prefix: /go/artifacts/
|
|
target: teleport/tag/${DRONE_TAG##v}
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
for file in $(find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*'); do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
if [ "$name" = "tsh" ]; then
|
|
products="teleport teleport-ent";
|
|
else
|
|
products="$name"
|
|
fi
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="Linux ARM64/ARMv8 (64-bit) RPM" -F os="linux" -F arch="arm64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets";
|
|
|
|
for product in $products; do
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename $file)"
|
|
done
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT_STAGING
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY_STAGING
|
|
failure: ignore
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: tmpfs
|
|
path: /tmpfs
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: tmpfs
|
|
temp:
|
|
medium: memory
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go:461
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-arm-rpm
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
depends_on:
|
|
- build-linux-arm
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- |-
|
|
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
|
|
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
|
|
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
|
|
exit 1
|
|
fi
|
|
echo "$$VERSION" > /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Download artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
|
|
export S3_PATH="tag/"; fi
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-arm-bin.tar.gz
|
|
/go/artifacts/
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-arm-bin.tar.gz
|
|
/go/artifacts/
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache bash curl gzip make tar go
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- mkdir -m0700 $GNUPG_DIR
|
|
- echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPG_DIR
|
|
- chown -R root:root $GNUPG_DIR
|
|
- make rpm
|
|
- rm -rf $GNUPG_DIR
|
|
environment:
|
|
ARCH: arm
|
|
ENT_TARBALL_PATH: /go/artifacts
|
|
GNUPG_DIR: /tmpfs/gnupg
|
|
GPG_RPM_SIGNING_ARCHIVE:
|
|
from_secret: GPG_RPM_SIGNING_ARCHIVE
|
|
OSS_TARBALL_PATH: /go/artifacts
|
|
TMPDIR: /go
|
|
volumes:
|
|
- name: tmpfs
|
|
path: /tmpfs
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- find e/build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- name: Upload to S3
|
|
image: plugins/s3
|
|
settings:
|
|
access_key:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
bucket:
|
|
from_secret: AWS_S3_BUCKET
|
|
region: us-west-2
|
|
secret_key:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
source: /go/artifacts/*
|
|
strip_prefix: /go/artifacts/
|
|
target: teleport/tag/${DRONE_TAG##v}
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
for file in $(find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*'); do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
if [ "$name" = "tsh" ]; then
|
|
products="teleport teleport-ent";
|
|
else
|
|
products="$name"
|
|
fi
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="Linux ARMv7 (32-bit) RPM" -F os="linux" -F arch="arm" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets";
|
|
|
|
for product in $products; do
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename $file)"
|
|
done
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT_STAGING
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY_STAGING
|
|
failure: ignore
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: tmpfs
|
|
path: /tmpfs
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: tmpfs
|
|
temp:
|
|
medium: memory
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go:250
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-windows-amd64
|
|
environment:
|
|
BUILDBOX_VERSION: teleport10
|
|
RUNTIME: go1.18.3
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- |-
|
|
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
|
|
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
|
|
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
|
|
exit 1
|
|
fi
|
|
echo "$$VERSION" > /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make
|
|
- chown -R $UID:$GID /go
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- echo -n "$WINDOWS_SIGNING_CERT" | base64 -d > windows-signing-cert.pfx
|
|
- make -C build.assets release-amd64
|
|
- rm -f windows-signing-cert.pfx
|
|
environment:
|
|
ARCH: amd64
|
|
GID: "1000"
|
|
GOCACHE: /go/cache
|
|
GOPATH: /go
|
|
OS: windows
|
|
UID: "1000"
|
|
WINDOWS_SIGNING_CERT:
|
|
from_secret: WINDOWS_SIGNING_CERT
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find . -maxdepth 1 -iname "teleport*.zip" -print -exec cp {} /go/artifacts \;
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- cp /go/artifacts/teleport-v$${VERSION}-windows-amd64-bin.zip /go/artifacts/teleport-ent-v$${VERSION}-windows-amd64-bin.zip
|
|
- cd /go/artifacts && for FILE in teleport*.zip; do sha256sum $FILE > $FILE.sha256;
|
|
done && ls -l
|
|
- name: Upload to S3
|
|
image: plugins/s3
|
|
settings:
|
|
access_key:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
bucket:
|
|
from_secret: AWS_S3_BUCKET
|
|
region: us-west-2
|
|
secret_key:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
source: /go/artifacts/*
|
|
strip_prefix: /go/artifacts/
|
|
target: teleport/tag/${DRONE_TAG##v}
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
for file in $(find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*'); do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
if [ "$name" = "tsh" ]; then
|
|
products="teleport teleport-ent";
|
|
else
|
|
products="$name"
|
|
fi
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="Windows 64-bit (tsh client only)" -F os="windows" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets";
|
|
|
|
for product in $products; do
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename $file)"
|
|
done
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT_STAGING
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY_STAGING
|
|
failure: ignore
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-docker-images
|
|
|
|
environment:
|
|
BUILDBOX_VERSION: "teleport10"
|
|
RUNTIME: go1.17.9
|
|
|
|
trigger:
|
|
event:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
|
|
workspace:
|
|
path: /go
|
|
|
|
clone:
|
|
disable: true
|
|
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
GOCACHE: /go/cache
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
# fetch enterprise submodules
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
# this is allowed to fail because pre-4.3 Teleport versions don't use the webassets submodule
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
# create necessary directories
|
|
- mkdir -p /go/artifacts $GOCACHE
|
|
# set version
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
|
|
|
|
- name: Build/push OSS/Enterprise Docker images
|
|
image: docker
|
|
environment:
|
|
UID: 1000
|
|
GID: 1000
|
|
GOCACHE: /go/cache
|
|
GOPATH: /go
|
|
OS: linux
|
|
ARCH: amd64
|
|
settings:
|
|
username:
|
|
from_secret: QUAYIO_DOCKER_USERNAME
|
|
password:
|
|
from_secret: QUAYIO_DOCKER_PASSWORD
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
commands:
|
|
- apk add --no-cache make
|
|
- chown -R $UID:$GID /go
|
|
- docker login -u="$PLUGIN_USERNAME" -p="$PLUGIN_PASSWORD" quay.io
|
|
- docker pull quay.io/gravitational/teleport-buildbox:$BUILDBOX_VERSION || true
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- make image-ci publish-ci
|
|
|
|
- name: Build/push FIPS Docker image
|
|
image: docker
|
|
environment:
|
|
UID: 1000
|
|
GID: 1000
|
|
GOCACHE: /go/cache
|
|
GOPATH: /go
|
|
OS: linux
|
|
ARCH: amd64
|
|
settings:
|
|
username:
|
|
from_secret: QUAYIO_DOCKER_USERNAME
|
|
password:
|
|
from_secret: QUAYIO_DOCKER_PASSWORD
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
commands:
|
|
- apk add --no-cache make
|
|
- chown -R $UID:$GID /go
|
|
- docker login -u="$PLUGIN_USERNAME" -p="$PLUGIN_PASSWORD" quay.io
|
|
- docker pull quay.io/gravitational/teleport-buildbox:BUILDBOX_VERSION || true
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
# VERSION needs to be set manually when running in the e directory.
|
|
# Normally, the version is set and exported by the root Makefile and then inherited,
|
|
# but this is not the case for FIPS builds (which only run in e/Makefile)
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- make -C e image-fips-ci publish-fips-ci
|
|
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-oss-amis
|
|
|
|
trigger:
|
|
event:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
|
|
depends_on:
|
|
- build-linux-amd64
|
|
|
|
workspace:
|
|
path: /go
|
|
|
|
clone:
|
|
disable: true
|
|
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
# set version
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
|
|
|
|
- name: Download built tarball artifacts from S3
|
|
image: amazon/aws-cli
|
|
environment:
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
AWS_REGION: us-west-2
|
|
commands:
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else export S3_PATH="tag/"; fi
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-amd64-bin.tar.gz /go/src/github.com/gravitational/teleport/assets/aws/files
|
|
|
|
- name: Build OSS AMIs
|
|
image: hashicorp/packer:1.7.6
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_PACKER_ACCESS_KEY_ID
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_PACKER_SECRET_ACCESS_KEY
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
commands:
|
|
- apk add --no-cache aws-cli jq make
|
|
- cd /go/src/github.com/gravitational/teleport/assets/aws
|
|
- export TELEPORT_VERSION=$(cat /go/.version.txt)
|
|
- export PUBLIC_AMI_NAME=gravitational-teleport-ami-oss-$TELEPORT_VERSION
|
|
- |
|
|
if [ "${DRONE_BUILD_EVENT}" = "tag" ]; then
|
|
echo "---> Building production OSS AMIs"
|
|
echo "---> Note: these AMIs will not be made public until the 'promote' step is run"
|
|
make oss-ci-build
|
|
else
|
|
echo "---> Building debug OSS AMIs"
|
|
make oss
|
|
fi
|
|
|
|
- name: Sync OSS build timestamp to S3
|
|
image: amazon/aws-cli
|
|
environment:
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
AWS_REGION: us-west-2
|
|
commands:
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- aws s3 cp /go/src/github.com/gravitational/teleport/assets/aws/files/build/oss_build_timestamp.txt s3://$AWS_S3_BUCKET/teleport/ami/$${VERSION}/
|
|
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-ent-amis
|
|
|
|
trigger:
|
|
event:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
|
|
depends_on:
|
|
- build-linux-amd64
|
|
- build-linux-amd64-fips
|
|
|
|
workspace:
|
|
path: /go
|
|
|
|
clone:
|
|
disable: true
|
|
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
# set version
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
|
|
|
|
- name: Download built tarball artifacts from S3
|
|
image: amazon/aws-cli
|
|
environment:
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
AWS_REGION: us-west-2
|
|
commands:
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else export S3_PATH="tag/"; fi
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-bin.tar.gz /go/src/github.com/gravitational/teleport/assets/aws/files
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-fips-bin.tar.gz /go/src/github.com/gravitational/teleport/assets/aws/files
|
|
|
|
- name: Build Enterprise AMIs
|
|
image: hashicorp/packer:1.7.6
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_PACKER_ACCESS_KEY_ID
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_PACKER_SECRET_ACCESS_KEY
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
commands:
|
|
- apk add --no-cache aws-cli jq make
|
|
- cd /go/src/github.com/gravitational/teleport/assets/aws
|
|
- export TELEPORT_VERSION=$(cat /go/.version.txt)
|
|
- export PUBLIC_AMI_NAME=gravitational-teleport-ami-ent-$TELEPORT_VERSION
|
|
- export FIPS_AMI_NAME=gravitational-teleport-ami-ent-$TELEPORT_VERSION-fips
|
|
- |
|
|
if [ "${DRONE_BUILD_EVENT}" = "tag" ]; then
|
|
echo "---> Building production Enterprise AMIs"
|
|
echo "---> Note: these AMIs will not be made public until the 'promote' step is run"
|
|
make ent-ci-build
|
|
else
|
|
echo "---> Building debug Enterprise AMIs"
|
|
make ent
|
|
fi
|
|
|
|
- name: Sync Enterprise build timestamp to S3
|
|
image: amazon/aws-cli
|
|
environment:
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
AWS_REGION: us-west-2
|
|
commands:
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- aws s3 cp /go/src/github.com/gravitational/teleport/assets/aws/files/build/ent_build_timestamp.txt s3://$AWS_S3_BUCKET/teleport/ami/$${VERSION}/
|
|
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/buildbox.go:67
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-buildboxes
|
|
environment:
|
|
BUILDBOX_VERSION: teleport10
|
|
GID: "1000"
|
|
UID: "1000"
|
|
trigger:
|
|
event:
|
|
include:
|
|
- push
|
|
repo:
|
|
include:
|
|
- gravitational/teleport
|
|
branch:
|
|
include:
|
|
- master
|
|
- branch/*
|
|
workspace:
|
|
path: /go/src/github.com/gravitational/teleport
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- git clone --depth 1 --single-branch --branch ${DRONE_SOURCE_BRANCH:-master} https://github.com/gravitational/${DRONE_REPO_NAME}.git
|
|
.
|
|
- git checkout ${DRONE_COMMIT}
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: buildbox
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make
|
|
- chown -R $UID:$GID /go
|
|
- docker login -u="$$QUAYIO_DOCKER_USERNAME" -p="$$QUAYIO_DOCKER_PASSWORD" quay.io
|
|
- make -C build.assets buildbox
|
|
- docker push quay.io/gravitational/teleport-buildbox:$BUILDBOX_VERSION
|
|
environment:
|
|
QUAYIO_DOCKER_PASSWORD:
|
|
from_secret: QUAYIO_DOCKER_PASSWORD
|
|
QUAYIO_DOCKER_USERNAME:
|
|
from_secret: QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: buildbox-fips
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make
|
|
- chown -R $UID:$GID /go
|
|
- docker login -u="$$QUAYIO_DOCKER_USERNAME" -p="$$QUAYIO_DOCKER_PASSWORD" quay.io
|
|
- make -C build.assets buildbox-fips
|
|
- docker push quay.io/gravitational/teleport-buildbox-fips:$BUILDBOX_VERSION
|
|
environment:
|
|
QUAYIO_DOCKER_PASSWORD:
|
|
from_secret: QUAYIO_DOCKER_PASSWORD
|
|
QUAYIO_DOCKER_USERNAME:
|
|
from_secret: QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: buildbox-arm
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make
|
|
- chown -R $UID:$GID /go
|
|
- docker login -u="$$QUAYIO_DOCKER_USERNAME" -p="$$QUAYIO_DOCKER_PASSWORD" quay.io
|
|
- make -C build.assets buildbox-arm
|
|
- docker push quay.io/gravitational/teleport-buildbox-arm:$BUILDBOX_VERSION
|
|
environment:
|
|
QUAYIO_DOCKER_PASSWORD:
|
|
from_secret: QUAYIO_DOCKER_PASSWORD
|
|
QUAYIO_DOCKER_USERNAME:
|
|
from_secret: QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: promote-build
|
|
|
|
trigger:
|
|
event:
|
|
- promote
|
|
target:
|
|
- production
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
|
|
workspace:
|
|
path: /go
|
|
|
|
clone:
|
|
disable: true
|
|
|
|
steps:
|
|
- name: Check if commit is tagged
|
|
image: alpine
|
|
commands:
|
|
- "[ -n ${DRONE_TAG} ] || (echo 'DRONE_TAG is not set. Is the commit tagged?' && exit 1)"
|
|
|
|
- name: Download artifacts from S3
|
|
image: amazon/aws-cli
|
|
environment:
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
AWS_REGION: us-west-2
|
|
commands:
|
|
- mkdir -p /go/artifacts
|
|
- aws s3 sync s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}/ /go/artifacts/
|
|
|
|
- name: Upload artifacts to production S3
|
|
image: plugins/s3
|
|
settings:
|
|
bucket:
|
|
from_secret: PRODUCTION_AWS_S3_BUCKET
|
|
access_key:
|
|
from_secret: PRODUCTION_AWS_ACCESS_KEY_ID
|
|
secret_key:
|
|
from_secret: PRODUCTION_AWS_SECRET_ACCESS_KEY
|
|
region: us-east-1
|
|
acl: public-read
|
|
source: /go/artifacts/*
|
|
target: teleport/${DRONE_TAG##v}/
|
|
strip_prefix: /go/artifacts/
|
|
|
|
- name: Pull/retag Docker images
|
|
image: docker
|
|
settings:
|
|
docker_staging_username:
|
|
from_secret: QUAYIO_DOCKER_USERNAME
|
|
docker_staging_password:
|
|
from_secret: QUAYIO_DOCKER_PASSWORD
|
|
docker_production_username:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
docker_production_password:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
commands:
|
|
# wait for docker to start
|
|
- sleep 3
|
|
- export VERSION=${DRONE_TAG##v}
|
|
# authenticate with staging credentials
|
|
- docker login -u="$PLUGIN_DOCKER_STAGING_USERNAME" -p="$PLUGIN_DOCKER_STAGING_PASSWORD" quay.io
|
|
# pull 'temporary' CI-built images
|
|
- echo "---> Pulling images for $${VERSION}"
|
|
- docker pull quay.io/gravitational/teleport-ci:$${VERSION}
|
|
- docker pull quay.io/gravitational/teleport-ent-ci:$${VERSION}
|
|
- docker pull quay.io/gravitational/teleport-ent-ci:$${VERSION}-fips
|
|
# retag images to production naming
|
|
- echo "---> Tagging images for $${VERSION}"
|
|
- docker tag quay.io/gravitational/teleport-ci:$${VERSION} quay.io/gravitational/teleport:$${VERSION}
|
|
- docker tag quay.io/gravitational/teleport-ent-ci:$${VERSION} quay.io/gravitational/teleport-ent:$${VERSION}
|
|
- docker tag quay.io/gravitational/teleport-ent-ci:$${VERSION}-fips quay.io/gravitational/teleport-ent:$${VERSION}-fips
|
|
# reauthenticate with production credentials
|
|
- docker logout quay.io
|
|
- docker login -u="$PLUGIN_DOCKER_PRODUCTION_USERNAME" -p="$PLUGIN_DOCKER_PRODUCTION_PASSWORD" quay.io
|
|
# push production images
|
|
- echo "---> Pushing images for $${VERSION}"
|
|
- docker push quay.io/gravitational/teleport:$${VERSION}
|
|
- docker push quay.io/gravitational/teleport-ent:$${VERSION}
|
|
- docker push quay.io/gravitational/teleport-ent:$${VERSION}-fips
|
|
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- |
|
|
mkdir -p /go/src/github.com/gravitational/teleport
|
|
cd /go/src/github.com/gravitational/teleport
|
|
git init && git remote add origin ${DRONE_REMOTE_URL}
|
|
git fetch origin +refs/tags/${DRONE_TAG}:
|
|
git checkout -qf FETCH_HEAD
|
|
|
|
- name: Download AMI timestamps
|
|
image: docker
|
|
environment:
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- mkdir -p /go/src/github.com/gravitational/teleport/assets/aws/files/build
|
|
- aws s3 sync s3://$AWS_S3_BUCKET/teleport/ami/${DRONE_TAG##v}/ /go/src/github.com/gravitational/teleport/assets/aws/files/build
|
|
|
|
- name: Make AMIs public
|
|
image: docker
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: PRODUCTION_AWS_ACCESS_KEY_ID
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: PRODUCTION_AWS_SECRET_ACCESS_KEY
|
|
commands:
|
|
- apk add --no-cache aws-cli bash jq make
|
|
- cd /go/src/github.com/gravitational/teleport/assets/aws
|
|
- |
|
|
make change-amis-to-public-oss
|
|
make change-amis-to-public-ent
|
|
make change-amis-to-public-ent-fips
|
|
|
|
# Download all previously packaged charts. This is needed to rebuild the
|
|
# index and re-publish the repository.
|
|
- name: "Helm: Download chart repository"
|
|
image: amazon/aws-cli
|
|
environment:
|
|
AWS_S3_BUCKET:
|
|
from_secret: PRODUCTION_CHARTS_AWS_S3_BUCKET
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: PRODUCTION_CHARTS_AWS_ACCESS_KEY_ID
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: PRODUCTION_CHARTS_AWS_SECRET_ACCESS_KEY
|
|
commands:
|
|
- mkdir -p /go/chart
|
|
- aws s3 sync s3://$AWS_S3_BUCKET/ /go/chart
|
|
|
|
- name: "Helm: Package chart repository"
|
|
image: alpine/helm:latest
|
|
commands:
|
|
- cd /go/chart
|
|
- helm package /go/src/github.com/gravitational/teleport/examples/chart/teleport-cluster
|
|
- helm package /go/src/github.com/gravitational/teleport/examples/chart/teleport-kube-agent
|
|
# copy index.html to root of the S3 bucket.
|
|
- cp /go/src/github.com/gravitational/teleport/examples/chart/index.html /go/chart
|
|
# this will index all previous versions of the charts downloaded from the S3 bucket,
|
|
# plus the just-packaged charts listed above
|
|
- helm repo index /go/chart
|
|
- ls /go/chart
|
|
|
|
- name: "Helm: Publish chart repository to S3"
|
|
image: plugins/s3
|
|
settings:
|
|
bucket:
|
|
from_secret: PRODUCTION_CHARTS_AWS_S3_BUCKET
|
|
access_key:
|
|
from_secret: PRODUCTION_CHARTS_AWS_ACCESS_KEY_ID
|
|
secret_key:
|
|
from_secret: PRODUCTION_CHARTS_AWS_SECRET_ACCESS_KEY
|
|
region: us-east-2
|
|
acl: public-read
|
|
source: /go/chart/*
|
|
target: /
|
|
strip_prefix: /go/chart
|
|
|
|
# NOTE: all mandatory steps for a release promotion need to go BEFORE this
|
|
# step, as there is a chance that everything afterwards will be skipped.
|
|
#
|
|
# this step exits early and skips all remaining steps in the pipeline if the
|
|
# tag looks like a pre-release, to avoid pushing pre-release RPMs and DEBs to
|
|
# our yum / apt repos.
|
|
- name: Check if repo is public
|
|
image: alpine
|
|
commands:
|
|
- if [ "${DRONE_REPO}" != "gravitational/teleport" ]; then echo "---> Not publishing ${DRONE_REPO} packages to RPM and DEB repos" && exit 78; fi
|
|
|
|
- name: Check if tag is prerelease
|
|
image: golang:1.17-alpine
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport/build.assets/tooling
|
|
- go run ./cmd/check -tag ${DRONE_TAG} -check prerelease || (echo '---> Not publishing ${DRONE_TAG} packages to RPM and DEB repos' && exit 78)
|
|
|
|
- name: Download RPM repo contents
|
|
image: amazon/aws-cli
|
|
environment:
|
|
AWS_S3_BUCKET:
|
|
from_secret: RPMREPO_AWS_S3_BUCKET
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: RPMREPO_AWS_ACCESS_KEY_ID
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: RPMREPO_AWS_SECRET_ACCESS_KEY
|
|
volumes:
|
|
- name: rpmrepo
|
|
path: /rpmrepo
|
|
commands:
|
|
- mkdir -p /rpmrepo/teleport/cache
|
|
# we explicitly want to delete anything present locally which has been deleted
|
|
# from the upstream S3 bucket
|
|
- aws s3 sync s3://$AWS_S3_BUCKET/teleport/ /rpmrepo/teleport/ --delete
|
|
- mkdir -p /rpmrepo/teleport/${DRONE_TAG##v}
|
|
- cp -a /go/artifacts/*.rpm /rpmrepo/teleport/${DRONE_TAG##v}/
|
|
|
|
# we do this using a CentOS 7 container to make sure that the repo files are
|
|
# compatible with older versions, also there's no createrepo package in alpine main
|
|
- name: Regenerate RPM repo metadata
|
|
image: centos:7
|
|
volumes:
|
|
- name: rpmrepo
|
|
path: /rpmrepo
|
|
commands:
|
|
- yum -y install createrepo
|
|
- createrepo --cachedir /rpmrepo/teleport/cache --update /rpmrepo/teleport
|
|
|
|
# This step requires centos:8 to get gpg 2.2+
|
|
# centos:7's gpg 2.0 doesn't understand the format of GPG_RPM_SIGNING_ARCHIVE
|
|
- name: Sign RPM repo metadata
|
|
image: centos:8
|
|
volumes:
|
|
- name: rpmrepo
|
|
path: /rpmrepo
|
|
# for in-memory tmpfs for key material
|
|
- name: tmpfs
|
|
path: /tmpfs
|
|
environment:
|
|
GNUPGHOME: /tmpfs/gnupg
|
|
GPG_RPM_SIGNING_ARCHIVE:
|
|
from_secret: GPG_RPM_SIGNING_ARCHIVE
|
|
commands:
|
|
- |
|
|
# extract signing key
|
|
mkdir -m0700 $GNUPGHOME
|
|
echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPGHOME
|
|
chown -R root:root $GNUPGHOME
|
|
# Sign rpm repo metadata (yum clients will automatically look for and verify repodata/repomd.xml.asc)
|
|
- gpg --batch --yes --detach-sign --armor /rpmrepo/teleport/repodata/repomd.xml
|
|
- cat /rpmrepo/teleport/repodata/repomd.xml.asc
|
|
- rm -rf $GNUPGHOME
|
|
|
|
- name: Sync RPM repo changes to S3
|
|
image: amazon/aws-cli
|
|
environment:
|
|
AWS_S3_BUCKET:
|
|
from_secret: RPMREPO_AWS_S3_BUCKET
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: RPMREPO_AWS_ACCESS_KEY_ID
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: RPMREPO_AWS_SECRET_ACCESS_KEY
|
|
volumes:
|
|
- name: rpmrepo
|
|
path: /rpmrepo
|
|
commands:
|
|
- aws s3 sync /rpmrepo/teleport/ s3://$AWS_S3_BUCKET/teleport/
|
|
|
|
# This step skips all remaining steps in the pipeline if the tag
|
|
# is not the highest semver *ever* released, to avoid publishing DEBs
|
|
# that would cause apt users to downgrade. For more info see:
|
|
# https://github.com/gravitational/teleport/issues/8166
|
|
- name: Check if tag is latest
|
|
image: golang:1.17-alpine
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport/build.assets/tooling
|
|
- go run ./cmd/check -tag ${DRONE_TAG} -check latest || (echo '---> Not publishing ${DRONE_REPO} packages to DEB repo' && exit 78)
|
|
|
|
- name: Download DEB repo contents
|
|
image: amazon/aws-cli
|
|
environment:
|
|
AWS_S3_BUCKET:
|
|
from_secret: DEBREPO_AWS_S3_BUCKET
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: DEBREPO_AWS_ACCESS_KEY_ID
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: DEBREPO_AWS_SECRET_ACCESS_KEY
|
|
volumes:
|
|
- name: debrepo
|
|
path: /debrepo
|
|
commands:
|
|
# we explicitly want to delete anything present locally which has been deleted
|
|
# from the upstream S3 bucket
|
|
- mkdir -p /debrepo/teleport
|
|
- aws s3 sync s3://$AWS_S3_BUCKET/teleport /debrepo/teleport --delete
|
|
|
|
- name: Build DEB repo
|
|
image: ubuntu:20.04
|
|
environment:
|
|
DEBIAN_FRONTEND: noninteractive
|
|
GNUPGHOME: /tmpfs/gnupg
|
|
GPG_RPM_SIGNING_ARCHIVE:
|
|
from_secret: GPG_RPM_SIGNING_ARCHIVE
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: debrepo
|
|
path: /debrepo
|
|
# for in-memory tmpfs for key material
|
|
- name: tmpfs
|
|
path: /tmpfs
|
|
commands:
|
|
- |
|
|
# install needed tools
|
|
apt-get -y update && apt-get -y install curl gzip gnupg2 reprepro tar
|
|
- |
|
|
# write config files
|
|
mkdir -p /go/reprepro/teleport/conf /go/reprepro/teleport/public
|
|
# we have to keep listing "arm" even though it's not a real debian arch
|
|
# because we have released packages for it that are currently in the
|
|
# repo bucket, and reprepro will error out if it's told to includedeb a
|
|
# package for an architecture that's not in its configuration
|
|
cat << EOF > /go/reprepro/teleport/conf/distributions
|
|
Origin: teleport
|
|
Label: teleport
|
|
Codename: stable
|
|
Architectures: i386 amd64 arm armhf arm64
|
|
Components: main
|
|
Description: apt repository for teleport
|
|
SignWith: 6282C411
|
|
EOF
|
|
cat << EOF > /go/reprepro/teleport/conf/options
|
|
verbose
|
|
basedir /go/reprepro/teleport
|
|
EOF
|
|
- |
|
|
# extract signing key
|
|
mkdir -m0700 $GNUPGHOME
|
|
echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPGHOME
|
|
chown -R root:root $GNUPGHOME
|
|
- |
|
|
# create repo
|
|
cd /go/reprepro/teleport
|
|
reprepro --outdir /go/reprepro/teleport/public includedeb stable /go/artifacts/teleport*.deb
|
|
- |
|
|
# clean up gnupg
|
|
rm -rf $GNUPGHOME
|
|
- |
|
|
# copy artifacts to PVC
|
|
cp -r /go/reprepro/teleport /debrepo/
|
|
|
|
- name: Sync DEB repo changes to S3
|
|
image: amazon/aws-cli
|
|
environment:
|
|
AWS_S3_BUCKET:
|
|
from_secret: DEBREPO_AWS_S3_BUCKET
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: DEBREPO_AWS_ACCESS_KEY_ID
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: DEBREPO_AWS_SECRET_ACCESS_KEY
|
|
volumes:
|
|
- name: debrepo
|
|
path: /debrepo
|
|
commands:
|
|
- aws s3 sync /debrepo/teleport/ s3://$AWS_S3_BUCKET/teleport/
|
|
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: tmpfs
|
|
path: /tmpfs
|
|
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
- name: tmpfs
|
|
temp:
|
|
medium: memory
|
|
# these persistent volumes cache RPMs/DEBs near Drone so that we don't need to download the
|
|
# entire repo contents from S3 every time to build the repo, we just sync any differences
|
|
- name: rpmrepo
|
|
claim:
|
|
name: drone-s3-rpmrepo-pvc
|
|
- name: debrepo
|
|
claim:
|
|
name: drone-s3-debrepo-pvc
|
|
---
|
|
kind: signature
|
|
hmac: e83f39ac80fa38122a8cf34a6202f36a6d08163e8a31c30ce2e7599222f8b103
|
|
|
|
...
|