mirror of
https://github.com/gravitational/teleport
synced 2024-10-20 01:03:40 +00:00
b4c94ebf9b
* Add proof of concept of Connect pipeline The proof of concept includes a lot of copy-pasted lines which will get cleared up in subsequent commits. * Extract copying artifacts into separate functions The tag pipeline no longer needs to worry about Connect artifacts. * Reuse steps to install & cleanup toolchains * Share toolchain configuration commands between pipelines * Share build commands among different pipelines * Download webapps only if a pipeline builds Connect As seen by the changes to .drone.yml, this removes unnecessary webapps clones from these tag pipelines: build-darwin-amd64, build-darwin-amd64-pkg, build-darwin-amd64-pkg-tsh. None of them needs webapps to function anymore and the pkg pipelines never needed webapps in the first place.
6745 lines
234 KiB
YAML
6745 lines
234 KiB
YAML
---
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: update-docs-webhook
|
|
|
|
trigger:
|
|
event:
|
|
include:
|
|
- push
|
|
exclude:
|
|
- pull_request
|
|
branch:
|
|
include:
|
|
- master
|
|
- branch/*
|
|
repo:
|
|
include:
|
|
- gravitational/teleport
|
|
|
|
clone:
|
|
disable: true
|
|
|
|
steps:
|
|
- name: Trigger docs deployment
|
|
image: plugins/webhook
|
|
settings:
|
|
urls:
|
|
from_secret: DOCS_DEPLOY_HOOK
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/push.go (main.pushPipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: push-build-linux-amd64
|
|
environment:
|
|
BUILDBOX_VERSION: teleport11
|
|
GID: "1000"
|
|
RUNTIME: go1.18.3
|
|
UID: "1000"
|
|
trigger:
|
|
event:
|
|
include:
|
|
- push
|
|
exclude:
|
|
- pull_request
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
branch:
|
|
include:
|
|
- master
|
|
- branch/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/webapps
|
|
- mkdir -p /go/src/github.com/gravitational/teleport /go/cache
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git init && git remote add origin ${DRONE_REMOTE_URL}
|
|
- git fetch origin
|
|
- git checkout -qf ${DRONE_COMMIT_SHA}
|
|
- git submodule update --init webassets || true
|
|
- mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa &&
|
|
chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- cd /go/src/github.com/gravitational/webapps
|
|
- git clone https://github.com/gravitational/webapps.git .
|
|
- git checkout "$(/go/src/github.com/gravitational/teleport/build.assets/webapps/webapps-version.sh)"
|
|
- git submodule update --init packages/webapps.e
|
|
- cd -
|
|
- rm -f /root/.ssh/id_rsa
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make
|
|
- chown -R $UID:$GID /go
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- make -C build.assets release-amd64-centos7
|
|
- make -C build.assets teleterm
|
|
environment:
|
|
ARCH: amd64
|
|
GID: "1000"
|
|
GOCACHE: /go/cache
|
|
GOPATH: /go
|
|
OS: linux
|
|
UID: "1000"
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Send Slack notification
|
|
image: plugins/slack
|
|
settings:
|
|
webhook:
|
|
from_secret: SLACK_WEBHOOK_DEV_TELEPORT
|
|
template:
|
|
- |
|
|
*{{#success build.status}}✔{{ else }}✘{{/success}} {{ uppercasefirst build.status }}: Build #{{ build.number }}* (type: `{{ build.event }}`)
|
|
`${DRONE_STAGE_NAME}` artifact build failed.
|
|
*Warning:* This is a genuine failure to build the Teleport binary from `{{ build.branch }}` (likely due to a bad merge or commit) and should be investigated immediately.
|
|
Commit: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commit/{{ build.commit }}|{{ truncate build.commit 8 }}>
|
|
Branch: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commits/{{ build.branch }}|{{ repo.owner }}/{{ repo.name }}:{{ build.branch }}>
|
|
Author: <https://github.com/{{ build.author }}|{{ build.author }}>
|
|
<{{ build.link }}|Visit Drone build page ↗>
|
|
when:
|
|
status:
|
|
- failure
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/push.go (main.pushPipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: push-build-linux-386
|
|
environment:
|
|
BUILDBOX_VERSION: teleport11
|
|
GID: "1000"
|
|
RUNTIME: go1.18.3
|
|
UID: "1000"
|
|
trigger:
|
|
event:
|
|
include:
|
|
- push
|
|
exclude:
|
|
- pull_request
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
branch:
|
|
include:
|
|
- master
|
|
- branch/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport /go/cache
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git init && git remote add origin ${DRONE_REMOTE_URL}
|
|
- git fetch origin
|
|
- git checkout -qf ${DRONE_COMMIT_SHA}
|
|
- git submodule update --init webassets || true
|
|
- mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa &&
|
|
chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make
|
|
- chown -R $UID:$GID /go
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- make -C build.assets release-386
|
|
environment:
|
|
ARCH: "386"
|
|
GID: "1000"
|
|
GOCACHE: /go/cache
|
|
GOPATH: /go
|
|
OS: linux
|
|
UID: "1000"
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Send Slack notification
|
|
image: plugins/slack
|
|
settings:
|
|
webhook:
|
|
from_secret: SLACK_WEBHOOK_DEV_TELEPORT
|
|
template:
|
|
- |
|
|
*{{#success build.status}}✔{{ else }}✘{{/success}} {{ uppercasefirst build.status }}: Build #{{ build.number }}* (type: `{{ build.event }}`)
|
|
`${DRONE_STAGE_NAME}` artifact build failed.
|
|
*Warning:* This is a genuine failure to build the Teleport binary from `{{ build.branch }}` (likely due to a bad merge or commit) and should be investigated immediately.
|
|
Commit: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commit/{{ build.commit }}|{{ truncate build.commit 8 }}>
|
|
Branch: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commits/{{ build.branch }}|{{ repo.owner }}/{{ repo.name }}:{{ build.branch }}>
|
|
Author: <https://github.com/{{ build.author }}|{{ build.author }}>
|
|
<{{ build.link }}|Visit Drone build page ↗>
|
|
when:
|
|
status:
|
|
- failure
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/push.go (main.pushPipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: push-build-linux-amd64-fips
|
|
environment:
|
|
BUILDBOX_VERSION: teleport11
|
|
GID: "1000"
|
|
RUNTIME: go1.18.3
|
|
UID: "1000"
|
|
trigger:
|
|
event:
|
|
include:
|
|
- push
|
|
exclude:
|
|
- pull_request
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
branch:
|
|
include:
|
|
- master
|
|
- branch/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport /go/cache
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git init && git remote add origin ${DRONE_REMOTE_URL}
|
|
- git fetch origin
|
|
- git checkout -qf ${DRONE_COMMIT_SHA}
|
|
- git submodule update --init webassets || true
|
|
- mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa &&
|
|
chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt;
|
|
else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make
|
|
- chown -R $UID:$GID /go
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- make -C build.assets release-amd64-centos7-fips
|
|
environment:
|
|
ARCH: amd64
|
|
FIPS: "yes"
|
|
GID: "1000"
|
|
GOCACHE: /go/cache
|
|
GOPATH: /go
|
|
OS: linux
|
|
UID: "1000"
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Send Slack notification
|
|
image: plugins/slack
|
|
settings:
|
|
webhook:
|
|
from_secret: SLACK_WEBHOOK_DEV_TELEPORT
|
|
template:
|
|
- |
|
|
*{{#success build.status}}✔{{ else }}✘{{/success}} {{ uppercasefirst build.status }}: Build #{{ build.number }}* (type: `{{ build.event }}`)
|
|
`${DRONE_STAGE_NAME}` artifact build failed.
|
|
*Warning:* This is a genuine failure to build the Teleport binary from `{{ build.branch }}` (likely due to a bad merge or commit) and should be investigated immediately.
|
|
Commit: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commit/{{ build.commit }}|{{ truncate build.commit 8 }}>
|
|
Branch: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commits/{{ build.branch }}|{{ repo.owner }}/{{ repo.name }}:{{ build.branch }}>
|
|
Author: <https://github.com/{{ build.author }}|{{ build.author }}>
|
|
<{{ build.link }}|Visit Drone build page ↗>
|
|
when:
|
|
status:
|
|
- failure
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/push.go (main.pushPipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: push-build-windows-amd64
|
|
environment:
|
|
BUILDBOX_VERSION: teleport11
|
|
GID: "1000"
|
|
RUNTIME: go1.18.3
|
|
UID: "1000"
|
|
trigger:
|
|
event:
|
|
include:
|
|
- push
|
|
exclude:
|
|
- pull_request
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
branch:
|
|
include:
|
|
- master
|
|
- branch/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport /go/cache
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git init && git remote add origin ${DRONE_REMOTE_URL}
|
|
- git fetch origin
|
|
- git checkout -qf ${DRONE_COMMIT_SHA}
|
|
- git submodule update --init webassets || true
|
|
- mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa &&
|
|
chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make
|
|
- chown -R $UID:$GID /go
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- make -C build.assets release-windows-unsigned
|
|
environment:
|
|
ARCH: amd64
|
|
GID: "1000"
|
|
GOCACHE: /go/cache
|
|
GOPATH: /go
|
|
OS: windows
|
|
UID: "1000"
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Send Slack notification
|
|
image: plugins/slack
|
|
settings:
|
|
webhook:
|
|
from_secret: SLACK_WEBHOOK_DEV_TELEPORT
|
|
template:
|
|
- |
|
|
*{{#success build.status}}✔{{ else }}✘{{/success}} {{ uppercasefirst build.status }}: Build #{{ build.number }}* (type: `{{ build.event }}`)
|
|
`${DRONE_STAGE_NAME}` artifact build failed.
|
|
*Warning:* This is a genuine failure to build the Teleport binary from `{{ build.branch }}` (likely due to a bad merge or commit) and should be investigated immediately.
|
|
Commit: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commit/{{ build.commit }}|{{ truncate build.commit 8 }}>
|
|
Branch: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commits/{{ build.branch }}|{{ repo.owner }}/{{ repo.name }}:{{ build.branch }}>
|
|
Author: <https://github.com/{{ build.author }}|{{ build.author }}>
|
|
<{{ build.link }}|Visit Drone build page ↗>
|
|
when:
|
|
status:
|
|
- failure
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/mac.go (main.newDarwinPipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: exec
|
|
name: push-build-darwin-amd64
|
|
trigger:
|
|
event:
|
|
include:
|
|
- push
|
|
exclude:
|
|
- pull_request
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
branch:
|
|
include:
|
|
- master
|
|
- branch/*
|
|
workspace:
|
|
path: /tmp/push-build-darwin-amd64
|
|
platform:
|
|
os: darwin
|
|
arch: amd64
|
|
clone:
|
|
disable: true
|
|
concurrency:
|
|
limit: 1
|
|
steps:
|
|
- name: Set up exec runner storage
|
|
commands:
|
|
- set -u
|
|
- mkdir -p $WORKSPACE_DIR
|
|
- chmod -R u+rw $WORKSPACE_DIR
|
|
- rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/push-build-darwin-amd64
|
|
- name: Check out code
|
|
commands:
|
|
- set -u
|
|
- mkdir -p $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -p $WORKSPACE_DIR/go/src/github.com/gravitational/webapps
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/webapps
|
|
- git clone https://github.com/gravitational/webapps.git .
|
|
- git checkout $($WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets/webapps/webapps-version.sh)
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- mkdir -m 0700 $WORKSPACE_DIR/.ssh && echo "$GITHUB_PRIVATE_KEY" > $WORKSPACE_DIR/.ssh/id_rsa
|
|
&& chmod 600 $WORKSPACE_DIR/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > $WORKSPACE_DIR/.ssh/known_hosts 2>/dev/null
|
|
- chmod 600 $WORKSPACE_DIR/.ssh/known_hosts
|
|
- GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts
|
|
-F /dev/null' git submodule update --init e
|
|
- GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts
|
|
-F /dev/null' git submodule update --init --recursive webassets || true
|
|
- rm -rf $WORKSPACE_DIR/.ssh
|
|
- mkdir -p $WORKSPACE_DIR/go/cache
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
WORKSPACE_DIR: /tmp/push-build-darwin-amd64
|
|
- name: Install Go Toolchain
|
|
commands:
|
|
- set -u
|
|
- mkdir -p /tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains
|
|
- curl --silent -O https://dl.google.com/go/$RUNTIME.darwin-amd64.tar.gz
|
|
- tar -C /tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains -xzf $RUNTIME.darwin-amd64.tar.gz
|
|
- rm -rf $RUNTIME.darwin-amd64.tar.gz
|
|
environment:
|
|
RUNTIME: go1.18.3
|
|
- name: Install Rust Toolchain
|
|
commands:
|
|
- set -u
|
|
- export PATH=/Users/$(whoami)/.cargo/bin:$PATH
|
|
- mkdir -p /tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains
|
|
- export RUST_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets
|
|
print-rust-version)
|
|
- export CARGO_HOME=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains/cargo
|
|
- export RUST_HOME=$CARGO_HOME
|
|
- export RUSTUP_HOME=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains/rustup
|
|
- rustup toolchain install $RUST_VERSION
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/push-build-darwin-amd64
|
|
- name: Install Node Toolchain
|
|
commands:
|
|
- set -u
|
|
- export NODE_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets
|
|
print-node-version)
|
|
- export TOOLCHAIN_DIR=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains
|
|
- export NODE_DIR=$TOOLCHAIN_DIR/node-v$NODE_VERSION-darwin-x64
|
|
- mkdir -p $TOOLCHAIN_DIR
|
|
- curl --silent -O https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-darwin-x64.tar.gz
|
|
- tar -C $TOOLCHAIN_DIR -xzf node-v$NODE_VERSION-darwin-x64.tar.gz
|
|
- rm -f node-v$NODE_VERSION-darwin-x64.tar.gz
|
|
- export PATH=$NODE_DIR/bin:$PATH
|
|
- corepack enable yarn
|
|
- echo Node reporting version $(node --version)
|
|
- echo Yarn reporting version $(yarn --version)
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/push-build-darwin-amd64
|
|
- name: Build Mac artifacts (binaries and Teleport Connect)
|
|
commands:
|
|
- set -u
|
|
- export HOME=/Users/$(whoami)
|
|
- export TOOLCHAIN_DIR=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains
|
|
- export NODE_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets
|
|
print-node-version)
|
|
- export NODE_HOME=$TOOLCHAIN_DIR/node-v$NODE_VERSION-darwin-x64
|
|
- export PATH=$NODE_HOME/bin:$PATH
|
|
- export RUST_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets
|
|
print-rust-version)
|
|
- export CARGO_HOME=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains/cargo
|
|
- export RUST_HOME=$CARGO_HOME
|
|
- export RUSTUP_HOME=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains/rustup
|
|
- export PATH=$CARGO_HOME/bin:/Users/build/.cargo/bin:$PATH
|
|
- rustup override set $RUST_VERSION
|
|
- export PATH=$TOOLCHAIN_DIR/go/bin:$PATH
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- build.assets/build-fido2-macos.sh build
|
|
- export PKG_CONFIG_PATH="$(build.assets/build-fido2-macos.sh pkg_config_path)"
|
|
- make clean release OS=$OS ARCH=$ARCH FIDO2=yes TOUCHID=yes
|
|
- export VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
print-version)
|
|
- export BUILD_NUMBER=$DRONE_BUILD_NUMBER
|
|
- security unlock-keychain -p $${BUILDBOX_PASSWORD} login.keychain
|
|
- security find-identity -v
|
|
- export CSC_NAME=0FFD3E3413AB4C599C53FBB1D8CA690915E33D83
|
|
- export CONNECT_TSH_BIN_PATH=$WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build/tsh
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/webapps
|
|
- yarn install && yarn build-term && yarn package-term -c.extraMetadata.version=$VERSION
|
|
environment:
|
|
ARCH: amd64
|
|
BUILDBOX_PASSWORD:
|
|
from_secret: BUILDBOX_PASSWORD
|
|
GOCACHE: /tmp/push-build-darwin-amd64/go/cache
|
|
GOPATH: /tmp/push-build-darwin-amd64/go
|
|
OS: darwin
|
|
WORKSPACE_DIR: /tmp/push-build-darwin-amd64
|
|
- name: Clean up toolchains (post)
|
|
commands:
|
|
- set -u
|
|
- export PATH=/Users/$(whoami)/.cargo/bin:$PATH
|
|
- export CARGO_HOME=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains/cargo
|
|
- export RUST_HOME=$CARGO_HOME
|
|
- export RUSTUP_HOME=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains/rustup
|
|
- export RUST_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets
|
|
print-rust-version)
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- rustup override unset
|
|
- rustup toolchain uninstall $RUST_VERSION
|
|
- rm -rf /tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/push-build-darwin-amd64
|
|
when:
|
|
status:
|
|
- success
|
|
- failure
|
|
- name: Clean up exec runner storage (post)
|
|
commands:
|
|
- set -u
|
|
- chmod -R u+rw $WORKSPACE_DIR
|
|
- rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/push-build-darwin-amd64
|
|
- name: Send Slack notification (exec)
|
|
commands:
|
|
- |2
|
|
|
|
export DRONE_BUILD_LINK="${DRONE_SYSTEM_PROTO}://${DRONE_SYSTEM_HOSTNAME}/${DRONE_REPO_OWNER}/${DRONE_REPO_NAME}/${DRONE_BUILD_NUMBER}"
|
|
export GOOS=$(go env GOOS)
|
|
export GOARCH=$(go env GOARCH)
|
|
- |2-
|
|
|
|
curl -sL -X POST -H 'Content-type: application/json' --data "{\"text\":\"Warning: \`${GOOS}-${GOARCH}\` artifact build failed for [\`${DRONE_REPO_NAME}\`] - please investigate immediately!\nBranch: \`${DRONE_BRANCH}\`\nCommit: \`${DRONE_COMMIT_SHA}\`\nLink: $DRONE_BUILD_LINK\"}" $SLACK_WEBHOOK_DEV_TELEPORT
|
|
environment:
|
|
SLACK_WEBHOOK_DEV_TELEPORT:
|
|
from_secret: SLACK_WEBHOOK_DEV_TELEPORT
|
|
when:
|
|
status:
|
|
- failure
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/push.go (main.pushPipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: push-build-linux-arm
|
|
environment:
|
|
BUILDBOX_VERSION: teleport11
|
|
GID: "1000"
|
|
RUNTIME: go1.18.3
|
|
UID: "1000"
|
|
trigger:
|
|
event:
|
|
include:
|
|
- push
|
|
exclude:
|
|
- pull_request
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
branch:
|
|
include:
|
|
- master
|
|
- branch/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport /go/cache
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git init && git remote add origin ${DRONE_REMOTE_URL}
|
|
- git fetch origin
|
|
- git checkout -qf ${DRONE_COMMIT_SHA}
|
|
- git submodule update --init webassets || true
|
|
- mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa &&
|
|
chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make
|
|
- chown -R $UID:$GID /go
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- make -C build.assets release-arm
|
|
environment:
|
|
ARCH: arm
|
|
GID: "1000"
|
|
GOCACHE: /go/cache
|
|
GOPATH: /go
|
|
OS: linux
|
|
UID: "1000"
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Send Slack notification
|
|
image: plugins/slack
|
|
settings:
|
|
webhook:
|
|
from_secret: SLACK_WEBHOOK_DEV_TELEPORT
|
|
template:
|
|
- |
|
|
*{{#success build.status}}✔{{ else }}✘{{/success}} {{ uppercasefirst build.status }}: Build #{{ build.number }}* (type: `{{ build.event }}`)
|
|
`${DRONE_STAGE_NAME}` artifact build failed.
|
|
*Warning:* This is a genuine failure to build the Teleport binary from `{{ build.branch }}` (likely due to a bad merge or commit) and should be investigated immediately.
|
|
Commit: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commit/{{ build.commit }}|{{ truncate build.commit 8 }}>
|
|
Branch: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commits/{{ build.branch }}|{{ repo.owner }}/{{ repo.name }}:{{ build.branch }}>
|
|
Author: <https://github.com/{{ build.author }}|{{ build.author }}>
|
|
<{{ build.link }}|Visit Drone build page ↗>
|
|
when:
|
|
status:
|
|
- failure
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/push.go (main.pushPipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: push-build-linux-arm64
|
|
environment:
|
|
BUILDBOX_VERSION: teleport11
|
|
GID: "1000"
|
|
RUNTIME: go1.18.3
|
|
UID: "1000"
|
|
trigger:
|
|
event:
|
|
include:
|
|
- push
|
|
exclude:
|
|
- pull_request
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
branch:
|
|
include:
|
|
- master
|
|
- branch/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport /go/cache
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git init && git remote add origin ${DRONE_REMOTE_URL}
|
|
- git fetch origin
|
|
- git checkout -qf ${DRONE_COMMIT_SHA}
|
|
- git submodule update --init webassets || true
|
|
- mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa &&
|
|
chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make
|
|
- chown -R $UID:$GID /go
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- make -C build.assets release-arm64
|
|
environment:
|
|
ARCH: arm64
|
|
GID: "1000"
|
|
GOCACHE: /go/cache
|
|
GOPATH: /go
|
|
OS: linux
|
|
UID: "1000"
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Send Slack notification
|
|
image: plugins/slack
|
|
settings:
|
|
webhook:
|
|
from_secret: SLACK_WEBHOOK_DEV_TELEPORT
|
|
template:
|
|
- |
|
|
*{{#success build.status}}✔{{ else }}✘{{/success}} {{ uppercasefirst build.status }}: Build #{{ build.number }}* (type: `{{ build.event }}`)
|
|
`${DRONE_STAGE_NAME}` artifact build failed.
|
|
*Warning:* This is a genuine failure to build the Teleport binary from `{{ build.branch }}` (likely due to a bad merge or commit) and should be investigated immediately.
|
|
Commit: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commit/{{ build.commit }}|{{ truncate build.commit 8 }}>
|
|
Branch: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commits/{{ build.branch }}|{{ repo.owner }}/{{ repo.name }}:{{ build.branch }}>
|
|
Author: <https://github.com/{{ build.author }}|{{ build.author }}>
|
|
<{{ build.link }}|Visit Drone build page ↗>
|
|
when:
|
|
status:
|
|
- failure
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: teleport-docker-cron
|
|
|
|
trigger:
|
|
cron:
|
|
- teleport-docker-cron
|
|
repo:
|
|
include:
|
|
- gravitational/teleport
|
|
|
|
workspace:
|
|
path: /go
|
|
|
|
clone:
|
|
disable: false
|
|
|
|
steps:
|
|
- name: Set up variables and Dockerfile
|
|
image: docker:git
|
|
environment:
|
|
# increment these variables when a new major/minor version is released to bump the automatic builds
|
|
# this only needs to be done on the master branch, as that's the branch that the Drone cron is configured for
|
|
# build major version images which are just teleport:x
|
|
CURRENT_VERSION_ROOT: v10
|
|
PREVIOUS_VERSION_ONE_ROOT: v9
|
|
PREVIOUS_VERSION_TWO_ROOT: v8
|
|
commands:
|
|
- apk --update --no-cache add curl go
|
|
- mkdir -p /go/build && cd /go/build
|
|
# CURRENT_VERSION
|
|
- (cd /go/build.assets/tooling && go run ./cmd/query-latest $CURRENT_VERSION_ROOT > /go/build/CURRENT_VERSION_TAG.txt)
|
|
- echo "$(cat /go/build/CURRENT_VERSION_TAG.txt | cut -d. -f1 | tr -d '^v')" > /go/build/CURRENT_VERSION_TAG_GENERIC.txt
|
|
# PREVIOUS_VERSION_ONE
|
|
- (cd /go/build.assets/tooling && go run ./cmd/query-latest $PREVIOUS_VERSION_ONE_ROOT > /go/build/PREVIOUS_VERSION_ONE_TAG.txt)
|
|
- echo "$(cat /go/build/PREVIOUS_VERSION_ONE_TAG.txt | cut -d. -f1 | tr -d '^v')" > /go/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt
|
|
# PREVIOUS_VERSION_TWO
|
|
- (cd /go/build.assets/tooling && go run ./cmd/query-latest $PREVIOUS_VERSION_TWO_ROOT > /go/build/PREVIOUS_VERSION_TWO_TAG.txt)
|
|
- echo "$(cat /go/build/PREVIOUS_VERSION_TWO_TAG.txt | cut -d. -f1 | tr -d '^v')" > /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt
|
|
# list versions
|
|
- for FILE in /go/build/*.txt; do echo $FILE; cat $FILE; done
|
|
# get Dockerfiles
|
|
- curl -Ls -o /go/build/Dockerfile-cron https://raw.githubusercontent.com/gravitational/teleport/${DRONE_SOURCE_BRANCH:-master}/build.assets/Dockerfile-cron
|
|
- curl -Ls -o /go/build/Dockerfile-cron-v8 https://raw.githubusercontent.com/gravitational/teleport/${DRONE_SOURCE_BRANCH:-master}/build.assets/Dockerfile-cron-v8
|
|
|
|
# wait for Docker to be ready
|
|
- sleep 3
|
|
|
|
- name: Build and push Teleport containers (CURRENT_VERSION)
|
|
image: docker
|
|
environment:
|
|
OS: linux
|
|
ARCH: amd64
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
commands:
|
|
- export VERSION_TAG=$(cat /go/build/CURRENT_VERSION_TAG.txt)
|
|
- export OSS_IMAGE_NAME="quay.io/gravitational/teleport:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)"
|
|
- export ENT_IMAGE_NAME="quay.io/gravitational/teleport-ent:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)"
|
|
- export ENT_FIPS_IMAGE_NAME="quay.io/gravitational/teleport-ent:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)-fips"
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" quay.io
|
|
# OSS
|
|
- docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $OSS_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build
|
|
- docker push $OSS_IMAGE_NAME
|
|
# Enterprise
|
|
- docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build
|
|
- docker push $ENT_IMAGE_NAME
|
|
# Enterprise FIPS
|
|
- docker build --target teleport-fips --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg EXTRA_DOWNLOAD_ARGS="-fips" --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_FIPS_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build
|
|
- docker push $ENT_FIPS_IMAGE_NAME
|
|
|
|
- name: Build and push Teleport containers (PREVIOUS_VERSION_ONE)
|
|
image: docker
|
|
environment:
|
|
OS: linux
|
|
ARCH: amd64
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
commands:
|
|
- export VERSION_TAG=$(cat /go/build/PREVIOUS_VERSION_ONE_TAG.txt)
|
|
- export OSS_IMAGE_NAME="quay.io/gravitational/teleport:$(cat /go/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt)"
|
|
- export ENT_IMAGE_NAME="quay.io/gravitational/teleport-ent:$(cat /go/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt)"
|
|
- export ENT_FIPS_IMAGE_NAME="quay.io/gravitational/teleport-ent:$(cat /go/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt)-fips"
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" quay.io
|
|
# OSS
|
|
- docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $OSS_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build
|
|
- docker push $OSS_IMAGE_NAME
|
|
# Enterprise
|
|
- docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build
|
|
- docker push $ENT_IMAGE_NAME
|
|
# Enterprise FIPS
|
|
- docker build --target teleport-fips --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg EXTRA_DOWNLOAD_ARGS="-fips" --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_FIPS_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build
|
|
- docker push $ENT_FIPS_IMAGE_NAME
|
|
|
|
- name: Build and push Teleport containers (PREVIOUS_VERSION_TWO)
|
|
image: docker
|
|
environment:
|
|
OS: linux
|
|
ARCH: amd64
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
commands:
|
|
- export VERSION_TAG=$(cat /go/build/PREVIOUS_VERSION_TWO_TAG.txt)
|
|
- export OSS_IMAGE_NAME="quay.io/gravitational/teleport:$(cat /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt)"
|
|
- export ENT_IMAGE_NAME="quay.io/gravitational/teleport-ent:$(cat /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt)"
|
|
- export ENT_FIPS_IMAGE_NAME="quay.io/gravitational/teleport-ent:$(cat /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt)-fips"
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" quay.io
|
|
# OSS
|
|
# TODO(logand22): Remove v8 when Teleport 11 is released
|
|
- docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $OSS_IMAGE_NAME -f /go/build/Dockerfile-cron-v8 /go/build
|
|
- docker push $OSS_IMAGE_NAME
|
|
# Enterprise
|
|
# TODO(logand22): Remove v8 when Teleport 11 is released
|
|
- docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_IMAGE_NAME -f /go/build/Dockerfile-cron-v8 /go/build
|
|
- docker push $ENT_IMAGE_NAME
|
|
# Enterprise FIPS
|
|
# TODO(logand22): Remove v8 when Teleport 11 is released
|
|
- docker build --target teleport-fips --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg EXTRA_DOWNLOAD_ARGS="-fips" --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_FIPS_IMAGE_NAME -f /go/build/Dockerfile-cron-v8 /go/build
|
|
- docker push $ENT_FIPS_IMAGE_NAME
|
|
|
|
- name: Build/push Teleport Lab Docker image
|
|
image: docker:git
|
|
environment:
|
|
OS: linux
|
|
ARCH: amd64
|
|
settings:
|
|
username:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
password:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
commands:
|
|
- export TELEPORT_TAG=$(cat /go/build/CURRENT_VERSION_TAG.txt | tr -d '^v')
|
|
- export TELEPORT_LAB_IMAGE_NAME="quay.io/gravitational/teleport-lab:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)"
|
|
# Check out code
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git init && git remote add origin ${DRONE_REMOTE_URL}
|
|
- git fetch origin
|
|
- git checkout -qf ${DRONE_COMMIT_SHA}
|
|
# Build and push Teleport lab image
|
|
- docker login -u="$PLUGIN_USERNAME" -p="$PLUGIN_PASSWORD" quay.io
|
|
- docker build --build-arg TELEPORT_TAG=$TELEPORT_TAG -t $TELEPORT_LAB_IMAGE_NAME /go/src/github.com/gravitational/teleport/docker/sshd
|
|
- docker push $TELEPORT_LAB_IMAGE_NAME
|
|
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: teleport-docker-cron-ecr
|
|
|
|
trigger:
|
|
cron:
|
|
- teleport-docker-cron-ecr
|
|
repo:
|
|
include:
|
|
- gravitational/teleport
|
|
|
|
workspace:
|
|
path: /go
|
|
|
|
clone:
|
|
disable: false
|
|
|
|
steps:
|
|
- name: Set up variables and Dockerfile
|
|
image: docker:git
|
|
environment:
|
|
# increment these variables when a new major/minor version is released to bump the automatic builds
|
|
# this only needs to be done on the master branch, as that's the branch that the Drone cron is configured for
|
|
# build major version images which are just teleport:x
|
|
CURRENT_VERSION_ROOT: v10
|
|
PREVIOUS_VERSION_ONE_ROOT: v9
|
|
PREVIOUS_VERSION_TWO_ROOT: v8
|
|
commands:
|
|
- apk --update --no-cache add curl go
|
|
- mkdir -p /go/build && cd /go/build
|
|
# CURRENT_VERSION
|
|
- (cd /go/build.assets/tooling && go run ./cmd/query-latest $CURRENT_VERSION_ROOT > /go/build/CURRENT_VERSION_TAG.txt)
|
|
- echo "$(cat /go/build/CURRENT_VERSION_TAG.txt | cut -d. -f1 | tr -d '^v')" > /go/build/CURRENT_VERSION_TAG_GENERIC.txt
|
|
# PREVIOUS_VERSION_ONE
|
|
- (cd /go/build.assets/tooling && go run ./cmd/query-latest $PREVIOUS_VERSION_ONE_ROOT > /go/build/PREVIOUS_VERSION_ONE_TAG.txt)
|
|
- echo "$(cat /go/build/PREVIOUS_VERSION_ONE_TAG.txt | cut -d. -f1 | tr -d '^v')" > /go/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt
|
|
# PREVIOUS_VERSION_TWO
|
|
- (cd /go/build.assets/tooling && go run ./cmd/query-latest $PREVIOUS_VERSION_TWO_ROOT > /go/build/PREVIOUS_VERSION_TWO_TAG.txt)
|
|
- echo "$(cat /go/build/PREVIOUS_VERSION_TWO_TAG.txt | cut -d. -f1 | tr -d '^v')" > /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt
|
|
# list versions
|
|
- for FILE in /go/build/*.txt; do echo $FILE; cat $FILE; done
|
|
# get Dockerfiles
|
|
- curl -Ls -o /go/build/Dockerfile-cron https://raw.githubusercontent.com/gravitational/teleport/${DRONE_SOURCE_BRANCH:-master}/build.assets/Dockerfile-cron
|
|
- curl -Ls -o /go/build/Dockerfile-cron-v8 https://raw.githubusercontent.com/gravitational/teleport/${DRONE_SOURCE_BRANCH:-master}/build.assets/Dockerfile-cron-v8
|
|
# wait for Docker to be ready
|
|
- sleep 3
|
|
|
|
- name: Build and push Teleport containers (CURRENT_VERSION)
|
|
image: docker
|
|
environment:
|
|
OS: linux
|
|
ARCH: amd64
|
|
STAGING_AWS_ACCESS_KEY_ID:
|
|
from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY
|
|
STAGING_AWS_SECRET_ACCESS_KEY:
|
|
from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET
|
|
PROD_AWS_ACCESS_KEY_ID:
|
|
from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY
|
|
PROD_AWS_SECRET_ACCESS_KEY:
|
|
from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- export VERSION_TAG=$(cat /go/build/CURRENT_VERSION_TAG.txt)
|
|
- export CURRENT_DATE=$(date '+%Y%m%d%H%M')
|
|
# Staging image names
|
|
- export OSS_IMAGE_NAME_STAGE="146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)-$CURRENT_DATE"
|
|
- export ENT_IMAGE_NAME_STAGE="146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)-$CURRENT_DATE"
|
|
- export ENT_FIPS_IMAGE_NAME_STAGE="146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)-fips-$CURRENT_DATE"
|
|
# Production image names
|
|
- export OSS_IMAGE_NAME_PROD="public.ecr.aws/gravitational/teleport:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)"
|
|
- export ENT_IMAGE_NAME_PROD="public.ecr.aws/gravitational/teleport-ent:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)"
|
|
- export ENT_FIPS_IMAGE_NAME_PROD="public.ecr.aws/gravitational/teleport-ent:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)-fips"
|
|
# Authenticate to staging registry
|
|
- export AWS_ACCESS_KEY_ID="$STAGING_AWS_ACCESS_KEY_ID"
|
|
- export AWS_SECRET_ACCESS_KEY="$STAGING_AWS_SECRET_ACCESS_KEY"
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
# OSS
|
|
- docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $OSS_IMAGE_NAME_STAGE -f /go/build/Dockerfile-cron /go/build
|
|
- docker push $OSS_IMAGE_NAME_STAGE
|
|
# Enterprise
|
|
- docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_IMAGE_NAME_STAGE -f /go/build/Dockerfile-cron /go/build
|
|
- docker push $ENT_IMAGE_NAME_STAGE
|
|
# Enterprise FIPS
|
|
- docker build --target teleport-fips --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg EXTRA_DOWNLOAD_ARGS="-fips" --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_FIPS_IMAGE_NAME_STAGE -f /go/build/Dockerfile-cron /go/build
|
|
- docker push $ENT_FIPS_IMAGE_NAME_STAGE
|
|
# Authenticate to production registry
|
|
- docker logout 146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- export AWS_ACCESS_KEY_ID="$PROD_AWS_ACCESS_KEY_ID"
|
|
- export AWS_SECRET_ACCESS_KEY="$PROD_AWS_SECRET_ACCESS_KEY"
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws
|
|
# Retag images
|
|
- docker tag $OSS_IMAGE_NAME_STAGE $OSS_IMAGE_NAME_PROD
|
|
- docker tag $ENT_IMAGE_NAME_STAGE $ENT_IMAGE_NAME_PROD
|
|
- docker tag $ENT_FIPS_IMAGE_NAME_STAGE $ENT_FIPS_IMAGE_NAME_PROD
|
|
# Promote to production registry
|
|
- docker push $ENT_IMAGE_NAME_PROD
|
|
- docker push $OSS_IMAGE_NAME_PROD
|
|
- docker push $ENT_FIPS_IMAGE_NAME_PROD
|
|
|
|
- name: Build and push Teleport containers (PREVIOUS_VERSION_ONE)
|
|
image: docker
|
|
environment:
|
|
OS: linux
|
|
ARCH: amd64
|
|
STAGING_AWS_ACCESS_KEY_ID:
|
|
from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY
|
|
STAGING_AWS_SECRET_ACCESS_KEY:
|
|
from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET
|
|
PROD_AWS_ACCESS_KEY_ID:
|
|
from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY
|
|
PROD_AWS_SECRET_ACCESS_KEY:
|
|
from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- export VERSION_TAG=$(cat /go/build/PREVIOUS_VERSION_ONE_TAG.txt)
|
|
- export CURRENT_DATE=$(date '+%Y%m%d%H%M')
|
|
# Staging image names
|
|
- export OSS_IMAGE_NAME_STAGE="146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat /go/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt)-$CURRENT_DATE"
|
|
- export ENT_IMAGE_NAME_STAGE="146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat /go/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt)-$CURRENT_DATE"
|
|
- export ENT_FIPS_IMAGE_NAME_STAGE="146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat /go/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt)-fips-$CURRENT_DATE"
|
|
# Production image names
|
|
- export OSS_IMAGE_NAME_PROD="public.ecr.aws/gravitational/teleport:$(cat /go/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt)"
|
|
- export ENT_IMAGE_NAME_PROD="public.ecr.aws/gravitational/teleport-ent:$(cat /go/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt)"
|
|
- export ENT_FIPS_IMAGE_NAME_PROD="public.ecr.aws/gravitational/teleport-ent:$(cat /go/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt)-fips"
|
|
# Authenticate to staging registry
|
|
- export AWS_ACCESS_KEY_ID="$STAGING_AWS_ACCESS_KEY_ID"
|
|
- export AWS_SECRET_ACCESS_KEY="$STAGING_AWS_SECRET_ACCESS_KEY"
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
# OSS
|
|
- docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $OSS_IMAGE_NAME_STAGE -f /go/build/Dockerfile-cron /go/build
|
|
- docker push $OSS_IMAGE_NAME_STAGE
|
|
# Enterprise
|
|
- docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_IMAGE_NAME_STAGE -f /go/build/Dockerfile-cron /go/build
|
|
- docker push $ENT_IMAGE_NAME_STAGE
|
|
# Enterprise FIPS
|
|
- docker build --target teleport-fips --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg EXTRA_DOWNLOAD_ARGS="-fips" --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_FIPS_IMAGE_NAME_STAGE -f /go/build/Dockerfile-cron /go/build
|
|
- docker push $ENT_FIPS_IMAGE_NAME_STAGE
|
|
# Authenticate to production registry
|
|
- docker logout 146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- export AWS_ACCESS_KEY_ID="$PROD_AWS_ACCESS_KEY_ID"
|
|
- export AWS_SECRET_ACCESS_KEY="$PROD_AWS_SECRET_ACCESS_KEY"
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws
|
|
# Retag images
|
|
- docker tag $OSS_IMAGE_NAME_STAGE $OSS_IMAGE_NAME_PROD
|
|
- docker tag $ENT_IMAGE_NAME_STAGE $ENT_IMAGE_NAME_PROD
|
|
- docker tag $ENT_FIPS_IMAGE_NAME_STAGE $ENT_FIPS_IMAGE_NAME_PROD
|
|
# Promote to production registry
|
|
- docker push $ENT_IMAGE_NAME_PROD
|
|
- docker push $OSS_IMAGE_NAME_PROD
|
|
- docker push $ENT_FIPS_IMAGE_NAME_PROD
|
|
|
|
- name: Build and push Teleport containers (PREVIOUS_VERSION_TWO)
|
|
image: docker
|
|
environment:
|
|
OS: linux
|
|
ARCH: amd64
|
|
STAGING_AWS_ACCESS_KEY_ID:
|
|
from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY
|
|
STAGING_AWS_SECRET_ACCESS_KEY:
|
|
from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET
|
|
PROD_AWS_ACCESS_KEY_ID:
|
|
from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY
|
|
PROD_AWS_SECRET_ACCESS_KEY:
|
|
from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- export CURRENT_DATE=$(date '+%Y%m%d%H%M')
|
|
- export VERSION_TAG=$(cat /go/build/PREVIOUS_VERSION_TWO_TAG.txt)
|
|
# Staging image names
|
|
- export OSS_IMAGE_NAME_STAGE="146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$(cat /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt)-$CURRENT_DATE"
|
|
- export ENT_IMAGE_NAME_STAGE="146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt)-$CURRENT_DATE"
|
|
- export ENT_FIPS_IMAGE_NAME_STAGE="146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$(cat /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt)-fips-$CURRENT_DATE"
|
|
# Production image names
|
|
- export OSS_IMAGE_NAME_PROD="public.ecr.aws/gravitational/teleport:$(cat /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt)"
|
|
- export ENT_IMAGE_NAME_PROD="public.ecr.aws/gravitational/teleport-ent:$(cat /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt)"
|
|
- export ENT_FIPS_IMAGE_NAME_PROD="public.ecr.aws/gravitational/teleport-ent:$(cat /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt)-fips"
|
|
# Authenticate to staging registry
|
|
- export AWS_ACCESS_KEY_ID="$STAGING_AWS_ACCESS_KEY_ID"
|
|
- export AWS_SECRET_ACCESS_KEY="$STAGING_AWS_SECRET_ACCESS_KEY"
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
# OSS
|
|
- docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $OSS_IMAGE_NAME_STAGE -f /go/build/Dockerfile-cron-v8 /go/build
|
|
- docker push $OSS_IMAGE_NAME_STAGE
|
|
# Enterprise
|
|
- docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_IMAGE_NAME_STAGE -f /go/build/Dockerfile-cron-v8 /go/build
|
|
- docker push $ENT_IMAGE_NAME_STAGE
|
|
# Enterprise FIPS
|
|
- docker build --target teleport-fips --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg EXTRA_DOWNLOAD_ARGS="-fips" --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_FIPS_IMAGE_NAME_STAGE -f /go/build/Dockerfile-cron-v8 /go/build
|
|
- docker push $ENT_FIPS_IMAGE_NAME_STAGE
|
|
# Authenticate to production registry
|
|
- docker logout 146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- export AWS_ACCESS_KEY_ID="$PROD_AWS_ACCESS_KEY_ID"
|
|
- export AWS_SECRET_ACCESS_KEY="$PROD_AWS_SECRET_ACCESS_KEY"
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws
|
|
# Retag images
|
|
- docker tag $OSS_IMAGE_NAME_STAGE $OSS_IMAGE_NAME_PROD
|
|
- docker tag $ENT_IMAGE_NAME_STAGE $ENT_IMAGE_NAME_PROD
|
|
- docker tag $ENT_FIPS_IMAGE_NAME_STAGE $ENT_FIPS_IMAGE_NAME_PROD
|
|
# Promote to production registry
|
|
- docker push $ENT_IMAGE_NAME_PROD
|
|
- docker push $OSS_IMAGE_NAME_PROD
|
|
- docker push $ENT_FIPS_IMAGE_NAME_PROD
|
|
|
|
- name: Build/push Teleport Lab Docker image
|
|
image: docker:git
|
|
environment:
|
|
OS: linux
|
|
ARCH: amd64
|
|
STAGING_AWS_ACCESS_KEY_ID:
|
|
from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY
|
|
STAGING_AWS_SECRET_ACCESS_KEY:
|
|
from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET
|
|
PROD_AWS_ACCESS_KEY_ID:
|
|
from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY
|
|
PROD_AWS_SECRET_ACCESS_KEY:
|
|
from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- export CURRENT_DATE=$(date '+%Y%m%d%H%M')
|
|
- export TELEPORT_TAG=$(cat /go/build/CURRENT_VERSION_TAG.txt | tr -d '^v')
|
|
- export TELEPORT_LAB_IMAGE_NAME_STAGING="146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-lab:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)-$CURRENT_DATE"
|
|
- export TELEPORT_LAB_IMAGE_NAME_PROD="public.ecr.aws/gravitational/teleport-lab:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)"
|
|
# Check out code
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git init && git remote add origin ${DRONE_REMOTE_URL}
|
|
- git fetch origin
|
|
- git checkout -qf ${DRONE_COMMIT_SHA}
|
|
# Authenticate to staging registry
|
|
- export AWS_ACCESS_KEY_ID="$STAGING_AWS_ACCESS_KEY_ID"
|
|
- export AWS_SECRET_ACCESS_KEY="$STAGING_AWS_SECRET_ACCESS_KEY"
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
# Build and push image
|
|
- docker build --build-arg TELEPORT_TAG=$TELEPORT_TAG -t $TELEPORT_LAB_IMAGE_NAME_STAGING /go/src/github.com/gravitational/teleport/docker/sshd
|
|
- docker push $TELEPORT_LAB_IMAGE_NAME_STAGING
|
|
# Authenticate to production registry
|
|
- docker logout 146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- export AWS_ACCESS_KEY_ID="$PROD_AWS_ACCESS_KEY_ID"
|
|
- export AWS_SECRET_ACCESS_KEY="$PROD_AWS_SECRET_ACCESS_KEY"
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin public.ecr.aws
|
|
# Push to production registry
|
|
- docker tag $TELEPORT_LAB_IMAGE_NAME_STAGING $TELEPORT_LAB_IMAGE_NAME_PROD
|
|
- docker push $TELEPORT_LAB_IMAGE_NAME_PROD
|
|
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: teleport-helm-cron
|
|
|
|
trigger:
|
|
cron:
|
|
- teleport-helm-cron
|
|
repo:
|
|
include:
|
|
- gravitational/teleport
|
|
|
|
workspace:
|
|
path: /go
|
|
|
|
clone:
|
|
disable: true
|
|
|
|
steps:
|
|
- name: Check out code
|
|
image: alpine/git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_COMMIT}
|
|
- mkdir -p /go/chart
|
|
- cd /go/chart
|
|
|
|
- name: Download chart repo contents
|
|
image: amazon/aws-cli
|
|
environment:
|
|
AWS_S3_BUCKET:
|
|
from_secret: PRODUCTION_CHARTS_AWS_S3_BUCKET
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: PRODUCTION_CHARTS_AWS_ACCESS_KEY_ID
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: PRODUCTION_CHARTS_AWS_SECRET_ACCESS_KEY
|
|
commands:
|
|
- mkdir -p /go/chart
|
|
# download all previously packaged chart versions from the S3 bucket
|
|
- aws s3 sync s3://$AWS_S3_BUCKET/ /go/chart
|
|
|
|
- name: Package helm charts
|
|
image: alpine/helm:latest
|
|
commands:
|
|
- cd /go/chart
|
|
- helm package /go/src/github.com/gravitational/teleport/examples/chart/teleport-cluster
|
|
- helm package /go/src/github.com/gravitational/teleport/examples/chart/teleport-kube-agent
|
|
# copy index.html to root of the S3 bucket
|
|
- cp /go/src/github.com/gravitational/teleport/examples/chart/index.html /go/chart
|
|
# this will index all previous versions of the charts downloaded from the S3 bucket,
|
|
# plus the just-packaged charts listed above
|
|
- helm repo index /go/chart
|
|
|
|
- name: Upload to S3
|
|
image: plugins/s3
|
|
settings:
|
|
bucket:
|
|
from_secret: PRODUCTION_CHARTS_AWS_S3_BUCKET
|
|
access_key:
|
|
from_secret: PRODUCTION_CHARTS_AWS_ACCESS_KEY_ID
|
|
secret_key:
|
|
from_secret: PRODUCTION_CHARTS_AWS_SECRET_ACCESS_KEY
|
|
region: us-east-2
|
|
acl: public-read
|
|
source: /go/chart/*
|
|
target: /
|
|
strip_prefix: /go/chart
|
|
|
|
- name: Send Slack notification
|
|
image: plugins/slack
|
|
settings:
|
|
webhook:
|
|
from_secret: SLACK_WEBHOOK_DEV_TELEPORT
|
|
template: |
|
|
*{{#success build.status}}✔{{ else }}✘{{/success}} {{ uppercasefirst build.status }}: Build #{{ build.number }}* (type: `{{ build.event }}`)
|
|
Details: The `teleport-helm-cron` job in Drone failed to publish Helm charts to S3. This is unusual and should be investigated.
|
|
Commit: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commit/{{ build.commit }}|{{ truncate build.commit 8 }}>
|
|
Branch: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commits/{{ build.branch }}|{{ build.branch }}>
|
|
Author: <https://github.com/{{ build.author }}|{{ build.author }}>
|
|
<{{ build.link }}|Visit Drone build page ↗>
|
|
when:
|
|
status: [failure]
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go (main.tagPipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-amd64-centos7
|
|
environment:
|
|
BUILDBOX_VERSION: teleport11
|
|
RUNTIME: go1.18.3
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- |-
|
|
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
|
|
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
|
|
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
|
|
exit 1
|
|
fi
|
|
echo "$$VERSION" > /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make
|
|
- chown -R $UID:$GID /go
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- make -C build.assets release-amd64-centos7
|
|
environment:
|
|
ARCH: amd64
|
|
GID: "1000"
|
|
GOCACHE: /go/cache
|
|
GOPATH: /go
|
|
OS: linux
|
|
UID: "1000"
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find . -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- mv /go/artifacts/teleport-v$${VERSION}-linux-amd64-bin.tar.gz /go/artifacts/teleport-v$${VERSION}-linux-amd64-centos7-bin.tar.gz
|
|
- mv /go/artifacts/teleport-ent-v$${VERSION}-linux-amd64-bin.tar.gz /go/artifacts/teleport-ent-v$${VERSION}-linux-amd64-centos7-bin.tar.gz
|
|
- cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256;
|
|
done && ls -l
|
|
- name: Upload to S3
|
|
image: plugins/s3
|
|
settings:
|
|
access_key:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
bucket:
|
|
from_secret: AWS_S3_BUCKET
|
|
region: us-west-2
|
|
secret_key:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
source: /go/artifacts/*
|
|
strip_prefix: /go/artifacts/
|
|
target: teleport/tag/${DRONE_TAG##v}
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
description="Linux 64-bit (RHEL/CentOS 7.x compatible)"
|
|
products="$name"
|
|
if [ "$name" = "tsh" ]; then
|
|
products="teleport teleport-ent"
|
|
elif [ "$name" = "Teleport Connect" ]; then
|
|
description="Teleport Connect"
|
|
products="teleport teleport-ent"
|
|
fi
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets";
|
|
|
|
for product in $products; do
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename "$file" | sed 's/ /%20/g')"
|
|
done
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT_STAGING
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY_STAGING
|
|
failure: ignore
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go (main.tagPipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-amd64-centos7-fips
|
|
environment:
|
|
BUILDBOX_VERSION: teleport11
|
|
RUNTIME: go1.18.3
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- |-
|
|
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
|
|
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
|
|
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
|
|
exit 1
|
|
fi
|
|
echo "$$VERSION" > /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make
|
|
- chown -R $UID:$GID /go
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- make -C build.assets release-amd64-centos7-fips
|
|
environment:
|
|
ARCH: amd64
|
|
FIPS: "yes"
|
|
GID: "1000"
|
|
GOCACHE: /go/cache
|
|
GOPATH: /go
|
|
OS: linux
|
|
UID: "1000"
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- mv /go/artifacts/teleport-ent-v$${VERSION}-linux-amd64-fips-bin.tar.gz /go/artifacts/teleport-ent-v$${VERSION}-linux-amd64-centos7-fips-bin.tar.gz
|
|
- cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256;
|
|
done && ls -l
|
|
- name: Upload to S3
|
|
image: plugins/s3
|
|
settings:
|
|
access_key:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
bucket:
|
|
from_secret: AWS_S3_BUCKET
|
|
region: us-west-2
|
|
secret_key:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
source: /go/artifacts/*
|
|
strip_prefix: /go/artifacts/
|
|
target: teleport/tag/${DRONE_TAG##v}
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
description="Linux 64-bit (RHEL/CentOS 7.x compatible, FedRAMP/FIPS)"
|
|
products="$name"
|
|
if [ "$name" = "tsh" ]; then
|
|
products="teleport teleport-ent"
|
|
elif [ "$name" = "Teleport Connect" ]; then
|
|
description="Teleport Connect"
|
|
products="teleport teleport-ent"
|
|
fi
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets";
|
|
|
|
for product in $products; do
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename "$file" | sed 's/ /%20/g')"
|
|
done
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT_STAGING
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY_STAGING
|
|
failure: ignore
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go (main.tagPipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-amd64
|
|
environment:
|
|
BUILDBOX_VERSION: teleport11
|
|
RUNTIME: go1.18.3
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/webapps
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- cd /go/src/github.com/gravitational/webapps
|
|
- git clone https://github.com/gravitational/webapps.git .
|
|
- git checkout "$(/go/src/github.com/gravitational/teleport/build.assets/webapps/webapps-version.sh)"
|
|
- git submodule update --init packages/webapps.e
|
|
- cd -
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- |-
|
|
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
|
|
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
|
|
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
|
|
exit 1
|
|
fi
|
|
echo "$$VERSION" > /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make
|
|
- chown -R $UID:$GID /go
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- make -C build.assets release-amd64-centos7
|
|
- make -C build.assets teleterm
|
|
environment:
|
|
ARCH: amd64
|
|
GID: "1000"
|
|
GOCACHE: /go/cache
|
|
GOPATH: /go
|
|
OS: linux
|
|
UID: "1000"
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find . -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- find /go/src/github.com/gravitational/webapps/packages/teleterm/build/release
|
|
-maxdepth 1 \( -iname "teleport-connect*.tar.gz" -o -iname "teleport-connect*.rpm"
|
|
-o -iname "teleport-connect*.deb" \) -print -exec cp {} /go/artifacts/ \;
|
|
- cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256;
|
|
done && ls -l
|
|
- name: Upload to S3
|
|
image: plugins/s3
|
|
settings:
|
|
access_key:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
bucket:
|
|
from_secret: AWS_S3_BUCKET
|
|
region: us-west-2
|
|
secret_key:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
source: /go/artifacts/*
|
|
strip_prefix: /go/artifacts/
|
|
target: teleport/tag/${DRONE_TAG##v}
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
description="Linux 64-bit"
|
|
products="$name"
|
|
if [ "$name" = "tsh" ]; then
|
|
products="teleport teleport-ent"
|
|
elif [ "$name" = "Teleport Connect" ]; then
|
|
description="Teleport Connect"
|
|
products="teleport teleport-ent"
|
|
fi
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets";
|
|
|
|
for product in $products; do
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename "$file" | sed 's/ /%20/g')"
|
|
done
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT_STAGING
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY_STAGING
|
|
failure: ignore
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go (main.tagPipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-amd64-fips
|
|
environment:
|
|
BUILDBOX_VERSION: teleport11
|
|
RUNTIME: go1.18.3
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- |-
|
|
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
|
|
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
|
|
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
|
|
exit 1
|
|
fi
|
|
echo "$$VERSION" > /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make
|
|
- chown -R $UID:$GID /go
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- make -C build.assets release-amd64-centos7-fips
|
|
environment:
|
|
ARCH: amd64
|
|
FIPS: "yes"
|
|
GID: "1000"
|
|
GOCACHE: /go/cache
|
|
GOPATH: /go
|
|
OS: linux
|
|
UID: "1000"
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256;
|
|
done && ls -l
|
|
- name: Upload to S3
|
|
image: plugins/s3
|
|
settings:
|
|
access_key:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
bucket:
|
|
from_secret: AWS_S3_BUCKET
|
|
region: us-west-2
|
|
secret_key:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
source: /go/artifacts/*
|
|
strip_prefix: /go/artifacts/
|
|
target: teleport/tag/${DRONE_TAG##v}
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
description="Linux 64-bit (FedRAMP/FIPS)"
|
|
products="$name"
|
|
if [ "$name" = "tsh" ]; then
|
|
products="teleport teleport-ent"
|
|
elif [ "$name" = "Teleport Connect" ]; then
|
|
description="Teleport Connect"
|
|
products="teleport teleport-ent"
|
|
fi
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets";
|
|
|
|
for product in $products; do
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename "$file" | sed 's/ /%20/g')"
|
|
done
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT_STAGING
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY_STAGING
|
|
failure: ignore
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go (main.tagPackagePipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-amd64-centos7-rpm
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
depends_on:
|
|
- build-linux-amd64-centos7
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- |-
|
|
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
|
|
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
|
|
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
|
|
exit 1
|
|
fi
|
|
echo "$$VERSION" > /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Download artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
|
|
export S3_PATH="tag/"; fi
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-amd64-centos7-bin.tar.gz
|
|
/go/artifacts/
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-centos7-bin.tar.gz
|
|
/go/artifacts/
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache bash curl gzip make tar go
|
|
- apk add --no-cache aws-cli
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- aws ecr-public get-login-password --region us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- mkdir -m0700 $GNUPG_DIR
|
|
- echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPG_DIR
|
|
- chown -R root:root $GNUPG_DIR
|
|
- make rpm
|
|
- rm -rf $GNUPG_DIR
|
|
environment:
|
|
ARCH: amd64
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET
|
|
ENT_TARBALL_PATH: /go/artifacts
|
|
GNUPG_DIR: /tmpfs/gnupg
|
|
GPG_RPM_SIGNING_ARCHIVE:
|
|
from_secret: GPG_RPM_SIGNING_ARCHIVE
|
|
OSS_TARBALL_PATH: /go/artifacts
|
|
TMPDIR: /go
|
|
volumes:
|
|
- name: tmpfs
|
|
path: /tmpfs
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- find e/build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- name: Upload to S3
|
|
image: plugins/s3
|
|
settings:
|
|
access_key:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
bucket:
|
|
from_secret: AWS_S3_BUCKET
|
|
region: us-west-2
|
|
secret_key:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
source: /go/artifacts/*
|
|
strip_prefix: /go/artifacts/
|
|
target: teleport/tag/${DRONE_TAG##v}
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
description="Linux 64-bit RPM (RHEL/CentOS 7.x compatible)"
|
|
products="$name"
|
|
if [ "$name" = "tsh" ]; then
|
|
products="teleport teleport-ent"
|
|
elif [ "$name" = "Teleport Connect" ]; then
|
|
description="Teleport Connect"
|
|
products="teleport teleport-ent"
|
|
fi
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets";
|
|
|
|
for product in $products; do
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename "$file" | sed 's/ /%20/g')"
|
|
done
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT_STAGING
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY_STAGING
|
|
failure: ignore
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: tmpfs
|
|
path: /tmpfs
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: tmpfs
|
|
temp:
|
|
medium: memory
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go (main.tagPackagePipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-amd64-centos7-fips-rpm
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
depends_on:
|
|
- build-linux-amd64-centos7-fips
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- |-
|
|
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
|
|
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
|
|
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
|
|
exit 1
|
|
fi
|
|
echo "$$VERSION" > /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Download artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
|
|
export S3_PATH="tag/"; fi
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-centos7-fips-bin.tar.gz
|
|
/go/artifacts/
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache bash curl gzip make tar go
|
|
- apk add --no-cache aws-cli
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- aws ecr-public get-login-password --region us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- mkdir -m0700 $GNUPG_DIR
|
|
- echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPG_DIR
|
|
- chown -R root:root $GNUPG_DIR
|
|
- make -C e rpm
|
|
- rm -rf $GNUPG_DIR
|
|
environment:
|
|
ARCH: amd64
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET
|
|
ENT_TARBALL_PATH: /go/artifacts
|
|
FIPS: "yes"
|
|
GNUPG_DIR: /tmpfs/gnupg
|
|
GPG_RPM_SIGNING_ARCHIVE:
|
|
from_secret: GPG_RPM_SIGNING_ARCHIVE
|
|
RUNTIME: fips
|
|
TMPDIR: /go
|
|
volumes:
|
|
- name: tmpfs
|
|
path: /tmpfs
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find e/build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- name: Upload to S3
|
|
image: plugins/s3
|
|
settings:
|
|
access_key:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
bucket:
|
|
from_secret: AWS_S3_BUCKET
|
|
region: us-west-2
|
|
secret_key:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
source: /go/artifacts/*
|
|
strip_prefix: /go/artifacts/
|
|
target: teleport/tag/${DRONE_TAG##v}
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
description="Linux 64-bit RPM (RHEL/CentOS 7.x compatible, FedRAMP/FIPS)"
|
|
products="$name"
|
|
if [ "$name" = "tsh" ]; then
|
|
products="teleport teleport-ent"
|
|
elif [ "$name" = "Teleport Connect" ]; then
|
|
description="Teleport Connect"
|
|
products="teleport teleport-ent"
|
|
fi
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets";
|
|
|
|
for product in $products; do
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename "$file" | sed 's/ /%20/g')"
|
|
done
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT_STAGING
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY_STAGING
|
|
failure: ignore
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: tmpfs
|
|
path: /tmpfs
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: tmpfs
|
|
temp:
|
|
medium: memory
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go (main.tagPackagePipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-amd64-deb
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
depends_on:
|
|
- build-linux-amd64
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/webapps
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- cd /go/src/github.com/gravitational/webapps
|
|
- git clone https://github.com/gravitational/webapps.git .
|
|
- git checkout "$(/go/src/github.com/gravitational/teleport/build.assets/webapps/webapps-version.sh)"
|
|
- git submodule update --init packages/webapps.e
|
|
- cd -
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- |-
|
|
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
|
|
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
|
|
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
|
|
exit 1
|
|
fi
|
|
echo "$$VERSION" > /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Download artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
|
|
export S3_PATH="tag/"; fi
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-amd64-bin.tar.gz
|
|
/go/artifacts/
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-bin.tar.gz
|
|
/go/artifacts/
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache bash curl gzip make tar
|
|
- apk add --no-cache aws-cli
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- aws ecr-public get-login-password --region us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- make deb
|
|
environment:
|
|
ARCH: amd64
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET
|
|
ENT_TARBALL_PATH: /go/artifacts
|
|
OSS_TARBALL_PATH: /go/artifacts
|
|
TMPDIR: /go
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- find e/build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- name: Upload to S3
|
|
image: plugins/s3
|
|
settings:
|
|
access_key:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
bucket:
|
|
from_secret: AWS_S3_BUCKET
|
|
region: us-west-2
|
|
secret_key:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
source: /go/artifacts/*
|
|
strip_prefix: /go/artifacts/
|
|
target: teleport/tag/${DRONE_TAG##v}
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
description="Linux 64-bit DEB"
|
|
products="$name"
|
|
if [ "$name" = "tsh" ]; then
|
|
products="teleport teleport-ent"
|
|
elif [ "$name" = "Teleport Connect" ]; then
|
|
description="Teleport Connect"
|
|
products="teleport teleport-ent"
|
|
fi
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets";
|
|
|
|
for product in $products; do
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename "$file" | sed 's/ /%20/g')"
|
|
done
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT_STAGING
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY_STAGING
|
|
failure: ignore
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go (main.tagPackagePipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-amd64-fips-deb
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
depends_on:
|
|
- build-linux-amd64-fips
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- |-
|
|
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
|
|
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
|
|
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
|
|
exit 1
|
|
fi
|
|
echo "$$VERSION" > /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Download artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
|
|
export S3_PATH="tag/"; fi
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-fips-bin.tar.gz
|
|
/go/artifacts/
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache bash curl gzip make tar
|
|
- apk add --no-cache aws-cli
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- aws ecr-public get-login-password --region us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- make -C e deb
|
|
environment:
|
|
ARCH: amd64
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET
|
|
ENT_TARBALL_PATH: /go/artifacts
|
|
FIPS: "yes"
|
|
RUNTIME: fips
|
|
TMPDIR: /go
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find e/build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- name: Upload to S3
|
|
image: plugins/s3
|
|
settings:
|
|
access_key:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
bucket:
|
|
from_secret: AWS_S3_BUCKET
|
|
region: us-west-2
|
|
secret_key:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
source: /go/artifacts/*
|
|
strip_prefix: /go/artifacts/
|
|
target: teleport/tag/${DRONE_TAG##v}
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
description="Linux 64-bit DEB (FedRAMP/FIPS)"
|
|
products="$name"
|
|
if [ "$name" = "tsh" ]; then
|
|
products="teleport teleport-ent"
|
|
elif [ "$name" = "Teleport Connect" ]; then
|
|
description="Teleport Connect"
|
|
products="teleport teleport-ent"
|
|
fi
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets";
|
|
|
|
for product in $products; do
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename "$file" | sed 's/ /%20/g')"
|
|
done
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT_STAGING
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY_STAGING
|
|
failure: ignore
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go (main.tagPipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-386
|
|
environment:
|
|
BUILDBOX_VERSION: teleport11
|
|
RUNTIME: go1.18.3
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- |-
|
|
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
|
|
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
|
|
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
|
|
exit 1
|
|
fi
|
|
echo "$$VERSION" > /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make
|
|
- chown -R $UID:$GID /go
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- make -C build.assets release-386
|
|
environment:
|
|
ARCH: "386"
|
|
GID: "1000"
|
|
GOCACHE: /go/cache
|
|
GOPATH: /go
|
|
OS: linux
|
|
UID: "1000"
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find . -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256;
|
|
done && ls -l
|
|
- name: Upload to S3
|
|
image: plugins/s3
|
|
settings:
|
|
access_key:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
bucket:
|
|
from_secret: AWS_S3_BUCKET
|
|
region: us-west-2
|
|
secret_key:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
source: /go/artifacts/*
|
|
strip_prefix: /go/artifacts/
|
|
target: teleport/tag/${DRONE_TAG##v}
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
description="Linux 32-bit"
|
|
products="$name"
|
|
if [ "$name" = "tsh" ]; then
|
|
products="teleport teleport-ent"
|
|
elif [ "$name" = "Teleport Connect" ]; then
|
|
description="Teleport Connect"
|
|
products="teleport teleport-ent"
|
|
fi
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="386" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets";
|
|
|
|
for product in $products; do
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename "$file" | sed 's/ /%20/g')"
|
|
done
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT_STAGING
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY_STAGING
|
|
failure: ignore
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go (main.tagPackagePipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-386-rpm
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
depends_on:
|
|
- build-linux-386
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- |-
|
|
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
|
|
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
|
|
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
|
|
exit 1
|
|
fi
|
|
echo "$$VERSION" > /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Download artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
|
|
export S3_PATH="tag/"; fi
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-386-bin.tar.gz
|
|
/go/artifacts/
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-386-bin.tar.gz
|
|
/go/artifacts/
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache bash curl gzip make tar go
|
|
- apk add --no-cache aws-cli
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- aws ecr-public get-login-password --region us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- mkdir -m0700 $GNUPG_DIR
|
|
- echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPG_DIR
|
|
- chown -R root:root $GNUPG_DIR
|
|
- make rpm
|
|
- rm -rf $GNUPG_DIR
|
|
environment:
|
|
ARCH: "386"
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET
|
|
ENT_TARBALL_PATH: /go/artifacts
|
|
GNUPG_DIR: /tmpfs/gnupg
|
|
GPG_RPM_SIGNING_ARCHIVE:
|
|
from_secret: GPG_RPM_SIGNING_ARCHIVE
|
|
OSS_TARBALL_PATH: /go/artifacts
|
|
TMPDIR: /go
|
|
volumes:
|
|
- name: tmpfs
|
|
path: /tmpfs
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- find e/build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- name: Upload to S3
|
|
image: plugins/s3
|
|
settings:
|
|
access_key:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
bucket:
|
|
from_secret: AWS_S3_BUCKET
|
|
region: us-west-2
|
|
secret_key:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
source: /go/artifacts/*
|
|
strip_prefix: /go/artifacts/
|
|
target: teleport/tag/${DRONE_TAG##v}
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
description="Linux 32-bit RPM"
|
|
products="$name"
|
|
if [ "$name" = "tsh" ]; then
|
|
products="teleport teleport-ent"
|
|
elif [ "$name" = "Teleport Connect" ]; then
|
|
description="Teleport Connect"
|
|
products="teleport teleport-ent"
|
|
fi
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="386" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets";
|
|
|
|
for product in $products; do
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename "$file" | sed 's/ /%20/g')"
|
|
done
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT_STAGING
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY_STAGING
|
|
failure: ignore
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: tmpfs
|
|
path: /tmpfs
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: tmpfs
|
|
temp:
|
|
medium: memory
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go (main.tagPackagePipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-386-deb
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
depends_on:
|
|
- build-linux-386
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- |-
|
|
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
|
|
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
|
|
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
|
|
exit 1
|
|
fi
|
|
echo "$$VERSION" > /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Download artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
|
|
export S3_PATH="tag/"; fi
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-386-bin.tar.gz
|
|
/go/artifacts/
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-386-bin.tar.gz
|
|
/go/artifacts/
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache bash curl gzip make tar
|
|
- apk add --no-cache aws-cli
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- aws ecr-public get-login-password --region us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- make deb
|
|
environment:
|
|
ARCH: "386"
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET
|
|
ENT_TARBALL_PATH: /go/artifacts
|
|
OSS_TARBALL_PATH: /go/artifacts
|
|
TMPDIR: /go
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- find e/build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- name: Upload to S3
|
|
image: plugins/s3
|
|
settings:
|
|
access_key:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
bucket:
|
|
from_secret: AWS_S3_BUCKET
|
|
region: us-west-2
|
|
secret_key:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
source: /go/artifacts/*
|
|
strip_prefix: /go/artifacts/
|
|
target: teleport/tag/${DRONE_TAG##v}
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
description="Linux 32-bit DEB"
|
|
products="$name"
|
|
if [ "$name" = "tsh" ]; then
|
|
products="teleport teleport-ent"
|
|
elif [ "$name" = "Teleport Connect" ]; then
|
|
description="Teleport Connect"
|
|
products="teleport teleport-ent"
|
|
fi
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="386" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets";
|
|
|
|
for product in $products; do
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename "$file" | sed 's/ /%20/g')"
|
|
done
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT_STAGING
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY_STAGING
|
|
failure: ignore
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/mac.go (main.newDarwinPipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: exec
|
|
name: build-darwin-amd64
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /tmp/build-darwin-amd64
|
|
platform:
|
|
os: darwin
|
|
arch: amd64
|
|
clone:
|
|
disable: true
|
|
concurrency:
|
|
limit: 1
|
|
steps:
|
|
- name: Set up exec runner storage
|
|
commands:
|
|
- set -u
|
|
- mkdir -p $WORKSPACE_DIR
|
|
- chmod -R u+rw $WORKSPACE_DIR
|
|
- rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64
|
|
- name: Check out code
|
|
commands:
|
|
- set -u
|
|
- mkdir -p $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 $WORKSPACE_DIR/.ssh && echo "$GITHUB_PRIVATE_KEY" > $WORKSPACE_DIR/.ssh/id_rsa
|
|
&& chmod 600 $WORKSPACE_DIR/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > $WORKSPACE_DIR/.ssh/known_hosts 2>/dev/null
|
|
- chmod 600 $WORKSPACE_DIR/.ssh/known_hosts
|
|
- GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts
|
|
-F /dev/null' git submodule update --init e
|
|
- GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts
|
|
-F /dev/null' git submodule update --init --recursive webassets || true
|
|
- rm -rf $WORKSPACE_DIR/.ssh
|
|
- mkdir -p $WORKSPACE_DIR/go/cache
|
|
- mkdir -p $WORKSPACE_DIR/go/artifacts
|
|
- echo "${DRONE_TAG##v}" > $WORKSPACE_DIR/go/.version.txt
|
|
- cat $WORKSPACE_DIR/go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64
|
|
- name: Install Go Toolchain
|
|
commands:
|
|
- set -u
|
|
- mkdir -p /tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains
|
|
- curl --silent -O https://dl.google.com/go/$RUNTIME.darwin-amd64.tar.gz
|
|
- tar -C /tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains -xzf $RUNTIME.darwin-amd64.tar.gz
|
|
- rm -rf $RUNTIME.darwin-amd64.tar.gz
|
|
environment:
|
|
RUNTIME: go1.18.3
|
|
- name: Install Rust Toolchain
|
|
commands:
|
|
- set -u
|
|
- export PATH=/Users/$(whoami)/.cargo/bin:$PATH
|
|
- mkdir -p /tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains
|
|
- export RUST_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets
|
|
print-rust-version)
|
|
- export CARGO_HOME=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains/cargo
|
|
- export RUST_HOME=$CARGO_HOME
|
|
- export RUSTUP_HOME=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains/rustup
|
|
- rustup toolchain install $RUST_VERSION
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64
|
|
- name: Build Mac artifacts (binaries)
|
|
commands:
|
|
- set -u
|
|
- export HOME=/Users/$(whoami)
|
|
- export TOOLCHAIN_DIR=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains
|
|
- export RUST_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets
|
|
print-rust-version)
|
|
- export CARGO_HOME=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains/cargo
|
|
- export RUST_HOME=$CARGO_HOME
|
|
- export RUSTUP_HOME=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains/rustup
|
|
- export PATH=$CARGO_HOME/bin:/Users/build/.cargo/bin:$PATH
|
|
- rustup override set $RUST_VERSION
|
|
- export PATH=$TOOLCHAIN_DIR/go/bin:$PATH
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- build.assets/build-fido2-macos.sh build
|
|
- export PKG_CONFIG_PATH="$(build.assets/build-fido2-macos.sh pkg_config_path)"
|
|
- make clean release OS=$OS ARCH=$ARCH FIDO2=yes TOUCHID=yes
|
|
environment:
|
|
ARCH: amd64
|
|
BUILDBOX_PASSWORD:
|
|
from_secret: BUILDBOX_PASSWORD
|
|
GOCACHE: /tmp/build-darwin-amd64/go/cache
|
|
GOPATH: /tmp/build-darwin-amd64/go
|
|
OS: darwin
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64
|
|
- name: Copy Mac artifacts
|
|
commands:
|
|
- set -u
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- cp teleport*.tar.gz $WORKSPACE_DIR/go/artifacts
|
|
- cp e/teleport-ent*.tar.gz $WORKSPACE_DIR/go/artifacts
|
|
- cd $WORKSPACE_DIR/go/artifacts && for FILE in teleport*.tar.gz; do shasum -a 256
|
|
$FILE > $FILE.sha256; done && ls -l
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64
|
|
- name: Upload to S3
|
|
commands:
|
|
- set -u
|
|
- cd $WORKSPACE_DIR/go/artifacts
|
|
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64
|
|
- name: Register artifacts
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
description="MacOS Intel"
|
|
products="$name"
|
|
if [ "$name" = "tsh" ]; then
|
|
products="teleport teleport-ent"
|
|
elif [ "$name" = "Teleport Connect" ]; then
|
|
description="Teleport Connect"
|
|
products="teleport teleport-ent"
|
|
fi
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="darwin" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets";
|
|
|
|
for product in $products; do
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename "$file" | sed 's/ /%20/g')"
|
|
done
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT_STAGING
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY_STAGING
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64
|
|
failure: ignore
|
|
- name: Clean up toolchains (post)
|
|
commands:
|
|
- set -u
|
|
- export PATH=/Users/$(whoami)/.cargo/bin:$PATH
|
|
- export CARGO_HOME=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains/cargo
|
|
- export RUST_HOME=$CARGO_HOME
|
|
- export RUSTUP_HOME=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains/rustup
|
|
- export RUST_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets
|
|
print-rust-version)
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- rustup override unset
|
|
- rustup toolchain uninstall $RUST_VERSION
|
|
- rm -rf /tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64
|
|
when:
|
|
status:
|
|
- success
|
|
- failure
|
|
- name: Clean up exec runner storage (post)
|
|
commands:
|
|
- set -u
|
|
- chmod -R u+rw $WORKSPACE_DIR
|
|
- rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/mac.go (main.newDarwinPipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: exec
|
|
name: build-darwin-amd64-pkg
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /tmp/build-darwin-amd64-pkg
|
|
platform:
|
|
os: darwin
|
|
arch: amd64
|
|
clone:
|
|
disable: true
|
|
depends_on:
|
|
- build-darwin-amd64
|
|
concurrency:
|
|
limit: 1
|
|
steps:
|
|
- name: Set up exec runner storage
|
|
commands:
|
|
- set -u
|
|
- mkdir -p $WORKSPACE_DIR
|
|
- chmod -R u+rw $WORKSPACE_DIR
|
|
- rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg
|
|
- name: Check out code
|
|
commands:
|
|
- set -u
|
|
- mkdir -p $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 $WORKSPACE_DIR/.ssh && echo "$GITHUB_PRIVATE_KEY" > $WORKSPACE_DIR/.ssh/id_rsa
|
|
&& chmod 600 $WORKSPACE_DIR/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > $WORKSPACE_DIR/.ssh/known_hosts 2>/dev/null
|
|
- chmod 600 $WORKSPACE_DIR/.ssh/known_hosts
|
|
- GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts
|
|
-F /dev/null' git submodule update --init e
|
|
- GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts
|
|
-F /dev/null' git submodule update --init --recursive webassets || true
|
|
- rm -rf $WORKSPACE_DIR/.ssh
|
|
- mkdir -p $WORKSPACE_DIR/go/cache
|
|
- mkdir -p $WORKSPACE_DIR/go/artifacts
|
|
- echo "${DRONE_TAG##v}" > $WORKSPACE_DIR/go/.version.txt
|
|
- cat $WORKSPACE_DIR/go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg
|
|
- name: Download built tarball artifacts from S3
|
|
commands:
|
|
- set -u
|
|
- export VERSION=$(cat $WORKSPACE_DIR/go/.version.txt)
|
|
- export S3_PATH="tag/$${DRONE_TAG##v}/"
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-darwin-amd64-bin.tar.gz
|
|
$WORKSPACE_DIR/go/artifacts/
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-darwin-amd64-bin.tar.gz
|
|
$WORKSPACE_DIR/go/artifacts/
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg
|
|
- name: Build Mac pkg release artifacts
|
|
commands:
|
|
- set -u
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- export VERSION=$(cat $WORKSPACE_DIR/go/.version.txt)
|
|
- export HOME=/Users/build
|
|
- security unlock-keychain -p $${BUILDBOX_PASSWORD} login.keychain
|
|
- security find-identity -v
|
|
- make pkg OS=$OS ARCH=$ARCH
|
|
environment:
|
|
APPLE_PASSWORD:
|
|
from_secret: APPLE_PASSWORD
|
|
APPLE_USERNAME:
|
|
from_secret: APPLE_USERNAME
|
|
ARCH: amd64
|
|
BUILDBOX_PASSWORD:
|
|
from_secret: BUILDBOX_PASSWORD
|
|
ENT_TARBALL_PATH: /tmp/build-darwin-amd64-pkg/go/artifacts
|
|
OS: darwin
|
|
OSS_TARBALL_PATH: /tmp/build-darwin-amd64-pkg/go/artifacts
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg
|
|
- name: Copy Mac pkg artifacts
|
|
commands:
|
|
- set -u
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- rm -rf $WORKSPACE_DIR/go/artifacts/*.tar.gz
|
|
- cp build/teleport*.pkg e/build/teleport-ent*.pkg $WORKSPACE_DIR/go/artifacts/
|
|
- cd $WORKSPACE_DIR/go/artifacts && for FILE in *.pkg; do shasum -a 256 $FILE >
|
|
$FILE.sha256; done && ls -l
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg
|
|
- name: Upload to S3
|
|
commands:
|
|
- set -u
|
|
- cd $WORKSPACE_DIR/go/artifacts
|
|
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg
|
|
- name: Register artifacts
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
description="MacOS Intel .pkg installer"
|
|
products="$name"
|
|
if [ "$name" = "tsh" ]; then
|
|
products="teleport teleport-ent"
|
|
elif [ "$name" = "Teleport Connect" ]; then
|
|
description="Teleport Connect"
|
|
products="teleport teleport-ent"
|
|
fi
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="darwin" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets";
|
|
|
|
for product in $products; do
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename "$file" | sed 's/ /%20/g')"
|
|
done
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT_STAGING
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY_STAGING
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg
|
|
failure: ignore
|
|
- name: Clean up exec runner storage (post)
|
|
commands:
|
|
- set -u
|
|
- chmod -R u+rw $WORKSPACE_DIR
|
|
- rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/mac.go (main.newDarwinPipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: exec
|
|
name: build-darwin-amd64-pkg-tsh
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /tmp/build-darwin-amd64-pkg-tsh
|
|
platform:
|
|
os: darwin
|
|
arch: amd64
|
|
clone:
|
|
disable: true
|
|
depends_on:
|
|
- build-darwin-amd64
|
|
concurrency:
|
|
limit: 1
|
|
steps:
|
|
- name: Set up exec runner storage
|
|
commands:
|
|
- set -u
|
|
- mkdir -p $WORKSPACE_DIR
|
|
- chmod -R u+rw $WORKSPACE_DIR
|
|
- rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg-tsh
|
|
- name: Check out code
|
|
commands:
|
|
- set -u
|
|
- mkdir -p $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 $WORKSPACE_DIR/.ssh && echo "$GITHUB_PRIVATE_KEY" > $WORKSPACE_DIR/.ssh/id_rsa
|
|
&& chmod 600 $WORKSPACE_DIR/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > $WORKSPACE_DIR/.ssh/known_hosts 2>/dev/null
|
|
- chmod 600 $WORKSPACE_DIR/.ssh/known_hosts
|
|
- GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts
|
|
-F /dev/null' git submodule update --init e
|
|
- GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts
|
|
-F /dev/null' git submodule update --init --recursive webassets || true
|
|
- rm -rf $WORKSPACE_DIR/.ssh
|
|
- mkdir -p $WORKSPACE_DIR/go/cache
|
|
- mkdir -p $WORKSPACE_DIR/go/artifacts
|
|
- echo "${DRONE_TAG##v}" > $WORKSPACE_DIR/go/.version.txt
|
|
- cat $WORKSPACE_DIR/go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg-tsh
|
|
- name: Download built tarball artifacts from S3
|
|
commands:
|
|
- set -u
|
|
- export VERSION=$(cat $WORKSPACE_DIR/go/.version.txt)
|
|
- export S3_PATH="tag/$${DRONE_TAG##v}/"
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-darwin-amd64-bin.tar.gz
|
|
$WORKSPACE_DIR/go/artifacts/
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-darwin-amd64-bin.tar.gz
|
|
$WORKSPACE_DIR/go/artifacts/
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg-tsh
|
|
- name: Build Mac pkg release artifacts
|
|
commands:
|
|
- set -u
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- export VERSION=$(cat $WORKSPACE_DIR/go/.version.txt)
|
|
- export HOME=/Users/build
|
|
- security unlock-keychain -p $${BUILDBOX_PASSWORD} login.keychain
|
|
- security find-identity -v
|
|
- make pkg-tsh OS=$OS ARCH=$ARCH
|
|
environment:
|
|
APPLE_PASSWORD:
|
|
from_secret: APPLE_PASSWORD
|
|
APPLE_USERNAME:
|
|
from_secret: APPLE_USERNAME
|
|
ARCH: amd64
|
|
BUILDBOX_PASSWORD:
|
|
from_secret: BUILDBOX_PASSWORD
|
|
ENT_TARBALL_PATH: /tmp/build-darwin-amd64-pkg-tsh/go/artifacts
|
|
OS: darwin
|
|
OSS_TARBALL_PATH: /tmp/build-darwin-amd64-pkg-tsh/go/artifacts
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg-tsh
|
|
- name: Copy Mac pkg artifacts
|
|
commands:
|
|
- set -u
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- rm -rf $WORKSPACE_DIR/go/artifacts/*.tar.gz
|
|
- cp build/tsh*.pkg $WORKSPACE_DIR/go/artifacts/
|
|
- cd $WORKSPACE_DIR/go/artifacts && for FILE in *.pkg; do shasum -a 256 $FILE >
|
|
$FILE.sha256; done && ls -l
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg-tsh
|
|
- name: Upload to S3
|
|
commands:
|
|
- set -u
|
|
- cd $WORKSPACE_DIR/go/artifacts
|
|
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg-tsh
|
|
- name: Register artifacts
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
description="MacOS Intel .pkg installer (tsh client only)"
|
|
products="$name"
|
|
if [ "$name" = "tsh" ]; then
|
|
products="teleport teleport-ent"
|
|
elif [ "$name" = "Teleport Connect" ]; then
|
|
description="Teleport Connect"
|
|
products="teleport teleport-ent"
|
|
fi
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="darwin" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets";
|
|
|
|
for product in $products; do
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename "$file" | sed 's/ /%20/g')"
|
|
done
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT_STAGING
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY_STAGING
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg-tsh
|
|
failure: ignore
|
|
- name: Clean up exec runner storage (post)
|
|
commands:
|
|
- set -u
|
|
- chmod -R u+rw $WORKSPACE_DIR
|
|
- rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-pkg-tsh
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go (main.tagPipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-arm
|
|
environment:
|
|
BUILDBOX_VERSION: teleport11
|
|
RUNTIME: go1.18.3
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- |-
|
|
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
|
|
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
|
|
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
|
|
exit 1
|
|
fi
|
|
echo "$$VERSION" > /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make
|
|
- chown -R $UID:$GID /go
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- make -C build.assets release-arm
|
|
environment:
|
|
ARCH: arm
|
|
GID: "1000"
|
|
GOCACHE: /go/cache
|
|
GOPATH: /go
|
|
OS: linux
|
|
UID: "1000"
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find . -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256;
|
|
done && ls -l
|
|
- name: Upload to S3
|
|
image: plugins/s3
|
|
settings:
|
|
access_key:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
bucket:
|
|
from_secret: AWS_S3_BUCKET
|
|
region: us-west-2
|
|
secret_key:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
source: /go/artifacts/*
|
|
strip_prefix: /go/artifacts/
|
|
target: teleport/tag/${DRONE_TAG##v}
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
description="Linux ARMv7 (32-bit)"
|
|
products="$name"
|
|
if [ "$name" = "tsh" ]; then
|
|
products="teleport teleport-ent"
|
|
elif [ "$name" = "Teleport Connect" ]; then
|
|
description="Teleport Connect"
|
|
products="teleport teleport-ent"
|
|
fi
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="arm" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets";
|
|
|
|
for product in $products; do
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename "$file" | sed 's/ /%20/g')"
|
|
done
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT_STAGING
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY_STAGING
|
|
failure: ignore
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go (main.tagPipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-arm64
|
|
environment:
|
|
BUILDBOX_VERSION: teleport11
|
|
RUNTIME: go1.18.3
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- |-
|
|
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
|
|
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
|
|
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
|
|
exit 1
|
|
fi
|
|
echo "$$VERSION" > /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make
|
|
- chown -R $UID:$GID /go
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- make -C build.assets release-arm64
|
|
environment:
|
|
ARCH: arm64
|
|
GID: "1000"
|
|
GOCACHE: /go/cache
|
|
GOPATH: /go
|
|
OS: linux
|
|
UID: "1000"
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find . -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256;
|
|
done && ls -l
|
|
- name: Upload to S3
|
|
image: plugins/s3
|
|
settings:
|
|
access_key:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
bucket:
|
|
from_secret: AWS_S3_BUCKET
|
|
region: us-west-2
|
|
secret_key:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
source: /go/artifacts/*
|
|
strip_prefix: /go/artifacts/
|
|
target: teleport/tag/${DRONE_TAG##v}
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
description="Linux ARM64/ARMv8 (64-bit)"
|
|
products="$name"
|
|
if [ "$name" = "tsh" ]; then
|
|
products="teleport teleport-ent"
|
|
elif [ "$name" = "Teleport Connect" ]; then
|
|
description="Teleport Connect"
|
|
products="teleport teleport-ent"
|
|
fi
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="arm64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets";
|
|
|
|
for product in $products; do
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename "$file" | sed 's/ /%20/g')"
|
|
done
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT_STAGING
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY_STAGING
|
|
failure: ignore
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go (main.tagPackagePipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-arm64-deb
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
depends_on:
|
|
- build-linux-arm64
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- |-
|
|
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
|
|
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
|
|
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
|
|
exit 1
|
|
fi
|
|
echo "$$VERSION" > /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Download artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
|
|
export S3_PATH="tag/"; fi
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-arm64-bin.tar.gz
|
|
/go/artifacts/
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-arm64-bin.tar.gz
|
|
/go/artifacts/
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache bash curl gzip make tar
|
|
- apk add --no-cache aws-cli
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- aws ecr-public get-login-password --region us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- make deb
|
|
environment:
|
|
ARCH: arm64
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET
|
|
ENT_TARBALL_PATH: /go/artifacts
|
|
OSS_TARBALL_PATH: /go/artifacts
|
|
TMPDIR: /go
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- find e/build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- name: Upload to S3
|
|
image: plugins/s3
|
|
settings:
|
|
access_key:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
bucket:
|
|
from_secret: AWS_S3_BUCKET
|
|
region: us-west-2
|
|
secret_key:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
source: /go/artifacts/*
|
|
strip_prefix: /go/artifacts/
|
|
target: teleport/tag/${DRONE_TAG##v}
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
description="Linux ARM64/ARMv8 (64-bit) DEB"
|
|
products="$name"
|
|
if [ "$name" = "tsh" ]; then
|
|
products="teleport teleport-ent"
|
|
elif [ "$name" = "Teleport Connect" ]; then
|
|
description="Teleport Connect"
|
|
products="teleport teleport-ent"
|
|
fi
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="arm64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets";
|
|
|
|
for product in $products; do
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename "$file" | sed 's/ /%20/g')"
|
|
done
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT_STAGING
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY_STAGING
|
|
failure: ignore
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go (main.tagPackagePipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-arm-deb
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
depends_on:
|
|
- build-linux-arm
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- |-
|
|
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
|
|
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
|
|
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
|
|
exit 1
|
|
fi
|
|
echo "$$VERSION" > /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Download artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
|
|
export S3_PATH="tag/"; fi
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-arm-bin.tar.gz
|
|
/go/artifacts/
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-arm-bin.tar.gz
|
|
/go/artifacts/
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache bash curl gzip make tar
|
|
- apk add --no-cache aws-cli
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- aws ecr-public get-login-password --region us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- make deb
|
|
environment:
|
|
ARCH: arm
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET
|
|
ENT_TARBALL_PATH: /go/artifacts
|
|
OSS_TARBALL_PATH: /go/artifacts
|
|
TMPDIR: /go
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- find e/build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- name: Upload to S3
|
|
image: plugins/s3
|
|
settings:
|
|
access_key:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
bucket:
|
|
from_secret: AWS_S3_BUCKET
|
|
region: us-west-2
|
|
secret_key:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
source: /go/artifacts/*
|
|
strip_prefix: /go/artifacts/
|
|
target: teleport/tag/${DRONE_TAG##v}
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
description="Linux ARMv7 (32-bit) DEB"
|
|
products="$name"
|
|
if [ "$name" = "tsh" ]; then
|
|
products="teleport teleport-ent"
|
|
elif [ "$name" = "Teleport Connect" ]; then
|
|
description="Teleport Connect"
|
|
products="teleport teleport-ent"
|
|
fi
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="arm" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets";
|
|
|
|
for product in $products; do
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename "$file" | sed 's/ /%20/g')"
|
|
done
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT_STAGING
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY_STAGING
|
|
failure: ignore
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go (main.tagPackagePipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-arm64-rpm
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
depends_on:
|
|
- build-linux-arm64
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- |-
|
|
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
|
|
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
|
|
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
|
|
exit 1
|
|
fi
|
|
echo "$$VERSION" > /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Download artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
|
|
export S3_PATH="tag/"; fi
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-arm64-bin.tar.gz
|
|
/go/artifacts/
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-arm64-bin.tar.gz
|
|
/go/artifacts/
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache bash curl gzip make tar go
|
|
- apk add --no-cache aws-cli
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- aws ecr-public get-login-password --region us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- mkdir -m0700 $GNUPG_DIR
|
|
- echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPG_DIR
|
|
- chown -R root:root $GNUPG_DIR
|
|
- make rpm
|
|
- rm -rf $GNUPG_DIR
|
|
environment:
|
|
ARCH: arm64
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET
|
|
ENT_TARBALL_PATH: /go/artifacts
|
|
GNUPG_DIR: /tmpfs/gnupg
|
|
GPG_RPM_SIGNING_ARCHIVE:
|
|
from_secret: GPG_RPM_SIGNING_ARCHIVE
|
|
OSS_TARBALL_PATH: /go/artifacts
|
|
TMPDIR: /go
|
|
volumes:
|
|
- name: tmpfs
|
|
path: /tmpfs
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- find e/build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- name: Upload to S3
|
|
image: plugins/s3
|
|
settings:
|
|
access_key:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
bucket:
|
|
from_secret: AWS_S3_BUCKET
|
|
region: us-west-2
|
|
secret_key:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
source: /go/artifacts/*
|
|
strip_prefix: /go/artifacts/
|
|
target: teleport/tag/${DRONE_TAG##v}
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
description="Linux ARM64/ARMv8 (64-bit) RPM"
|
|
products="$name"
|
|
if [ "$name" = "tsh" ]; then
|
|
products="teleport teleport-ent"
|
|
elif [ "$name" = "Teleport Connect" ]; then
|
|
description="Teleport Connect"
|
|
products="teleport teleport-ent"
|
|
fi
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="arm64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets";
|
|
|
|
for product in $products; do
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename "$file" | sed 's/ /%20/g')"
|
|
done
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT_STAGING
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY_STAGING
|
|
failure: ignore
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: tmpfs
|
|
path: /tmpfs
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: tmpfs
|
|
temp:
|
|
medium: memory
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go (main.tagPackagePipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-linux-arm-rpm
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
depends_on:
|
|
- build-linux-arm
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- |-
|
|
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
|
|
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
|
|
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
|
|
exit 1
|
|
fi
|
|
echo "$$VERSION" > /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Download artifacts from S3
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else
|
|
export S3_PATH="tag/"; fi
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-arm-bin.tar.gz
|
|
/go/artifacts/
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-arm-bin.tar.gz
|
|
/go/artifacts/
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache bash curl gzip make tar go
|
|
- apk add --no-cache aws-cli
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- aws ecr-public get-login-password --region us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- mkdir -m0700 $GNUPG_DIR
|
|
- echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPG_DIR
|
|
- chown -R root:root $GNUPG_DIR
|
|
- make rpm
|
|
- rm -rf $GNUPG_DIR
|
|
environment:
|
|
ARCH: arm
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET
|
|
ENT_TARBALL_PATH: /go/artifacts
|
|
GNUPG_DIR: /tmpfs/gnupg
|
|
GPG_RPM_SIGNING_ARCHIVE:
|
|
from_secret: GPG_RPM_SIGNING_ARCHIVE
|
|
OSS_TARBALL_PATH: /go/artifacts
|
|
TMPDIR: /go
|
|
volumes:
|
|
- name: tmpfs
|
|
path: /tmpfs
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- find e/build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts
|
|
\;
|
|
- name: Upload to S3
|
|
image: plugins/s3
|
|
settings:
|
|
access_key:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
bucket:
|
|
from_secret: AWS_S3_BUCKET
|
|
region: us-west-2
|
|
secret_key:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
source: /go/artifacts/*
|
|
strip_prefix: /go/artifacts/
|
|
target: teleport/tag/${DRONE_TAG##v}
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
description="Linux ARMv7 (32-bit) RPM"
|
|
products="$name"
|
|
if [ "$name" = "tsh" ]; then
|
|
products="teleport teleport-ent"
|
|
elif [ "$name" = "Teleport Connect" ]; then
|
|
description="Teleport Connect"
|
|
products="teleport teleport-ent"
|
|
fi
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="linux" -F arch="arm" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets";
|
|
|
|
for product in $products; do
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename "$file" | sed 's/ /%20/g')"
|
|
done
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT_STAGING
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY_STAGING
|
|
failure: ignore
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: tmpfs
|
|
path: /tmpfs
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: tmpfs
|
|
temp:
|
|
medium: memory
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/tag.go (main.tagPipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-windows-amd64
|
|
environment:
|
|
BUILDBOX_VERSION: teleport11
|
|
RUNTIME: go1.18.3
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa
|
|
&& chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
- mkdir -p /go/cache /go/artifacts
|
|
- |-
|
|
VERSION=$(egrep ^VERSION Makefile | cut -d= -f2)
|
|
if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then
|
|
echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG"
|
|
exit 1
|
|
fi
|
|
echo "$$VERSION" > /go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Build artifacts
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make
|
|
- chown -R $UID:$GID /go
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- echo -n "$WINDOWS_SIGNING_CERT" | base64 -d > windows-signing-cert.pfx
|
|
- make -C build.assets release-windows
|
|
- rm -f windows-signing-cert.pfx
|
|
environment:
|
|
ARCH: amd64
|
|
GID: "1000"
|
|
GOCACHE: /go/cache
|
|
GOPATH: /go
|
|
OS: windows
|
|
UID: "1000"
|
|
WINDOWS_SIGNING_CERT:
|
|
from_secret: WINDOWS_SIGNING_CERT
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Copy artifacts
|
|
image: docker
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- find . -maxdepth 1 -iname "teleport*.zip" -print -exec cp {} /go/artifacts \;
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- cp /go/artifacts/teleport-v$${VERSION}-windows-amd64-bin.zip /go/artifacts/teleport-ent-v$${VERSION}-windows-amd64-bin.zip
|
|
- cd /go/artifacts && for FILE in teleport*.zip; do sha256sum $FILE > $FILE.sha256;
|
|
done && ls -l
|
|
- name: Upload to S3
|
|
image: plugins/s3
|
|
settings:
|
|
access_key:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
bucket:
|
|
from_secret: AWS_S3_BUCKET
|
|
region: us-west-2
|
|
secret_key:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
source: /go/artifacts/*
|
|
strip_prefix: /go/artifacts/
|
|
target: teleport/tag/${DRONE_TAG##v}
|
|
- name: Register artifacts
|
|
image: docker
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
description="Windows 64-bit (tsh client only)"
|
|
products="$name"
|
|
if [ "$name" = "tsh" ]; then
|
|
products="teleport teleport-ent"
|
|
elif [ "$name" = "Teleport Connect" ]; then
|
|
description="Teleport Connect"
|
|
products="teleport teleport-ent"
|
|
fi
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="windows" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets";
|
|
|
|
for product in $products; do
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename "$file" | sed 's/ /%20/g')"
|
|
done
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT_STAGING
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY_STAGING
|
|
failure: ignore
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-docker-images
|
|
|
|
environment:
|
|
BUILDBOX_VERSION: "teleport11"
|
|
RUNTIME: go1.17.9
|
|
|
|
trigger:
|
|
event:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
|
|
workspace:
|
|
path: /go
|
|
|
|
clone:
|
|
disable: true
|
|
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
GOCACHE: /go/cache
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
# fetch enterprise submodules
|
|
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
|
|
- git submodule update --init e
|
|
# this is allowed to fail because pre-4.3 Teleport versions don't use the webassets submodule
|
|
- git submodule update --init --recursive webassets || true
|
|
- rm -f /root/.ssh/id_rsa
|
|
# create necessary directories
|
|
- mkdir -p /go/artifacts $GOCACHE
|
|
# set version
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
|
|
|
|
- name: Build/push OSS/Enterprise Docker images
|
|
image: docker
|
|
environment:
|
|
UID: 1000
|
|
GID: 1000
|
|
GOCACHE: /go/cache
|
|
GOPATH: /go
|
|
OS: linux
|
|
ARCH: amd64
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
commands:
|
|
- apk add --no-cache make bash aws-cli
|
|
- chown -R $UID:$GID /go
|
|
- aws ecr get-login-password --region us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- make image-ci publish-ci
|
|
- make publish-operator-ci
|
|
|
|
- name: Build/push FIPS Docker image
|
|
image: docker
|
|
environment:
|
|
UID: 1000
|
|
GID: 1000
|
|
GOCACHE: /go/cache
|
|
GOPATH: /go
|
|
OS: linux
|
|
ARCH: amd64
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
commands:
|
|
- apk add --no-cache make aws-cli
|
|
- chown -R $UID:$GID /go
|
|
- aws ecr get-login-password --region us-west-2 | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
# VERSION needs to be set manually when running in the e directory.
|
|
# Normally, the version is set and exported by the root Makefile and then inherited,
|
|
# but this is not the case for FIPS builds (which only run in e/Makefile)
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- make -C e image-fips-ci publish-fips-ci
|
|
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-oss-amis
|
|
|
|
trigger:
|
|
event:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
|
|
depends_on:
|
|
- build-linux-amd64
|
|
|
|
workspace:
|
|
path: /go
|
|
|
|
clone:
|
|
disable: true
|
|
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
# set version
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
|
|
|
|
- name: Download built tarball artifacts from S3
|
|
image: amazon/aws-cli
|
|
environment:
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
AWS_REGION: us-west-2
|
|
commands:
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else export S3_PATH="tag/"; fi
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-amd64-bin.tar.gz /go/src/github.com/gravitational/teleport/assets/aws/files
|
|
|
|
- name: Build OSS AMIs
|
|
image: hashicorp/packer:1.7.6
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_PACKER_ACCESS_KEY_ID
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_PACKER_SECRET_ACCESS_KEY
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
commands:
|
|
- apk add --no-cache aws-cli jq make
|
|
- cd /go/src/github.com/gravitational/teleport/assets/aws
|
|
- export TELEPORT_VERSION=$(cat /go/.version.txt)
|
|
- export PUBLIC_AMI_NAME=gravitational-teleport-ami-oss-$TELEPORT_VERSION
|
|
- |
|
|
if [ "${DRONE_BUILD_EVENT}" = "tag" ]; then
|
|
echo "---> Building production OSS AMIs"
|
|
echo "---> Note: these AMIs will not be made public until the 'promote' step is run"
|
|
make oss-ci-build
|
|
else
|
|
echo "---> Building debug OSS AMIs"
|
|
make oss
|
|
fi
|
|
|
|
- name: Sync OSS build timestamp to S3
|
|
image: amazon/aws-cli
|
|
environment:
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
AWS_REGION: us-west-2
|
|
commands:
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- aws s3 cp /go/src/github.com/gravitational/teleport/assets/aws/files/build/oss_build_timestamp.txt s3://$AWS_S3_BUCKET/teleport/ami/$${VERSION}/
|
|
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-ent-amis
|
|
|
|
trigger:
|
|
event:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
|
|
depends_on:
|
|
- build-linux-amd64
|
|
- build-linux-amd64-fips
|
|
|
|
workspace:
|
|
path: /go
|
|
|
|
clone:
|
|
disable: true
|
|
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- mkdir -p /go/src/github.com/gravitational/teleport
|
|
- cd /go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
# set version
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
|
|
|
|
- name: Download built tarball artifacts from S3
|
|
image: amazon/aws-cli
|
|
environment:
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
AWS_REGION: us-west-2
|
|
commands:
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else export S3_PATH="tag/"; fi
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-bin.tar.gz /go/src/github.com/gravitational/teleport/assets/aws/files
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-fips-bin.tar.gz /go/src/github.com/gravitational/teleport/assets/aws/files
|
|
|
|
- name: Build Enterprise AMIs
|
|
image: hashicorp/packer:1.7.6
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_PACKER_ACCESS_KEY_ID
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_PACKER_SECRET_ACCESS_KEY
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
commands:
|
|
- apk add --no-cache aws-cli jq make
|
|
- cd /go/src/github.com/gravitational/teleport/assets/aws
|
|
- export TELEPORT_VERSION=$(cat /go/.version.txt)
|
|
- export PUBLIC_AMI_NAME=gravitational-teleport-ami-ent-$TELEPORT_VERSION
|
|
- export FIPS_AMI_NAME=gravitational-teleport-ami-ent-$TELEPORT_VERSION-fips
|
|
- |
|
|
if [ "${DRONE_BUILD_EVENT}" = "tag" ]; then
|
|
echo "---> Building production Enterprise AMIs"
|
|
echo "---> Note: these AMIs will not be made public until the 'promote' step is run"
|
|
make ent-ci-build
|
|
else
|
|
echo "---> Building debug Enterprise AMIs"
|
|
make ent
|
|
fi
|
|
|
|
- name: Sync Enterprise build timestamp to S3
|
|
image: amazon/aws-cli
|
|
environment:
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
AWS_REGION: us-west-2
|
|
commands:
|
|
- export VERSION=$(cat /go/.version.txt)
|
|
- aws s3 cp /go/src/github.com/gravitational/teleport/assets/aws/files/build/ent_build_timestamp.txt s3://$AWS_S3_BUCKET/teleport/ami/$${VERSION}/
|
|
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/buildbox.go (main.buildboxPipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: build-buildboxes
|
|
environment:
|
|
BUILDBOX_VERSION: teleport11
|
|
GID: "1000"
|
|
UID: "1000"
|
|
trigger:
|
|
event:
|
|
include:
|
|
- push
|
|
repo:
|
|
include:
|
|
- gravitational/teleport
|
|
branch:
|
|
include:
|
|
- master
|
|
- branch/*
|
|
workspace:
|
|
path: /go/src/github.com/gravitational/teleport
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- git clone --depth 1 --single-branch --branch ${DRONE_SOURCE_BRANCH:-master} https://github.com/gravitational/${DRONE_REPO_NAME}.git
|
|
.
|
|
- git checkout ${DRONE_COMMIT}
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: buildbox
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make aws-cli
|
|
- chown -R $UID:$GID /go
|
|
- export AWS_ACCESS_KEY_ID="$STAGING_AWS_ACCESS_KEY_ID"
|
|
- export AWS_SECRET_ACCESS_KEY="$STAGING_AWS_SECRET_ACCESS_KEY"
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- make -C build.assets buildbox
|
|
- docker tag public.ecr.aws/gravitational/teleport-buildbox:$BUILDBOX_VERSION 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA
|
|
- docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA
|
|
- docker logout 146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- export AWS_ACCESS_KEY_ID="$PROD_AWS_ACCESS_KEY_ID"
|
|
- export AWS_SECRET_ACCESS_KEY="$PROD_AWS_SECRET_ACCESS_KEY"
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker push public.ecr.aws/gravitational/teleport-buildbox:$BUILDBOX_VERSION
|
|
environment:
|
|
PROD_AWS_ACCESS_KEY_ID:
|
|
from_secret: PRODUCTION_BUILDBOX_DRONE_USER_ECR_KEY
|
|
PROD_AWS_SECRET_ACCESS_KEY:
|
|
from_secret: PRODUCTION_BUILDBOX_DRONE_USER_ECR_SECRET
|
|
STAGING_AWS_ACCESS_KEY_ID:
|
|
from_secret: STAGING_BUILDBOX_DRONE_USER_ECR_KEY
|
|
STAGING_AWS_SECRET_ACCESS_KEY:
|
|
from_secret: STAGING_BUILDBOX_DRONE_USER_ECR_SECRET
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: buildbox-fips
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make aws-cli
|
|
- chown -R $UID:$GID /go
|
|
- export AWS_ACCESS_KEY_ID="$STAGING_AWS_ACCESS_KEY_ID"
|
|
- export AWS_SECRET_ACCESS_KEY="$STAGING_AWS_SECRET_ACCESS_KEY"
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- make -C build.assets buildbox-fips
|
|
- docker tag public.ecr.aws/gravitational/teleport-buildbox-fips:$BUILDBOX_VERSION
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox-fips:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA
|
|
- docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox-fips:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA
|
|
- docker logout 146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- export AWS_ACCESS_KEY_ID="$PROD_AWS_ACCESS_KEY_ID"
|
|
- export AWS_SECRET_ACCESS_KEY="$PROD_AWS_SECRET_ACCESS_KEY"
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker push public.ecr.aws/gravitational/teleport-buildbox-fips:$BUILDBOX_VERSION
|
|
environment:
|
|
PROD_AWS_ACCESS_KEY_ID:
|
|
from_secret: PRODUCTION_BUILDBOX_DRONE_USER_ECR_KEY
|
|
PROD_AWS_SECRET_ACCESS_KEY:
|
|
from_secret: PRODUCTION_BUILDBOX_DRONE_USER_ECR_SECRET
|
|
STAGING_AWS_ACCESS_KEY_ID:
|
|
from_secret: STAGING_BUILDBOX_DRONE_USER_ECR_KEY
|
|
STAGING_AWS_SECRET_ACCESS_KEY:
|
|
from_secret: STAGING_BUILDBOX_DRONE_USER_ECR_SECRET
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: buildbox-arm
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make aws-cli
|
|
- chown -R $UID:$GID /go
|
|
- export AWS_ACCESS_KEY_ID="$STAGING_AWS_ACCESS_KEY_ID"
|
|
- export AWS_SECRET_ACCESS_KEY="$STAGING_AWS_SECRET_ACCESS_KEY"
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- make -C build.assets buildbox-arm
|
|
- docker tag public.ecr.aws/gravitational/teleport-buildbox-arm:$BUILDBOX_VERSION
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox-arm:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA
|
|
- docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox-arm:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA
|
|
- docker logout 146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- export AWS_ACCESS_KEY_ID="$PROD_AWS_ACCESS_KEY_ID"
|
|
- export AWS_SECRET_ACCESS_KEY="$PROD_AWS_SECRET_ACCESS_KEY"
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker push public.ecr.aws/gravitational/teleport-buildbox-arm:$BUILDBOX_VERSION
|
|
environment:
|
|
PROD_AWS_ACCESS_KEY_ID:
|
|
from_secret: PRODUCTION_BUILDBOX_DRONE_USER_ECR_KEY
|
|
PROD_AWS_SECRET_ACCESS_KEY:
|
|
from_secret: PRODUCTION_BUILDBOX_DRONE_USER_ECR_SECRET
|
|
STAGING_AWS_ACCESS_KEY_ID:
|
|
from_secret: STAGING_BUILDBOX_DRONE_USER_ECR_KEY
|
|
STAGING_AWS_SECRET_ACCESS_KEY:
|
|
from_secret: STAGING_BUILDBOX_DRONE_USER_ECR_SECRET
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: buildbox-centos7
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make aws-cli
|
|
- chown -R $UID:$GID /go
|
|
- export AWS_ACCESS_KEY_ID="$STAGING_AWS_ACCESS_KEY_ID"
|
|
- export AWS_SECRET_ACCESS_KEY="$STAGING_AWS_SECRET_ACCESS_KEY"
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- make -C build.assets buildbox-centos7
|
|
- docker tag public.ecr.aws/gravitational/teleport-buildbox-centos7:$BUILDBOX_VERSION
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox-centos7:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA
|
|
- docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox-centos7:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA
|
|
- docker logout 146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- export AWS_ACCESS_KEY_ID="$PROD_AWS_ACCESS_KEY_ID"
|
|
- export AWS_SECRET_ACCESS_KEY="$PROD_AWS_SECRET_ACCESS_KEY"
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker push public.ecr.aws/gravitational/teleport-buildbox-centos7:$BUILDBOX_VERSION
|
|
environment:
|
|
PROD_AWS_ACCESS_KEY_ID:
|
|
from_secret: PRODUCTION_BUILDBOX_DRONE_USER_ECR_KEY
|
|
PROD_AWS_SECRET_ACCESS_KEY:
|
|
from_secret: PRODUCTION_BUILDBOX_DRONE_USER_ECR_SECRET
|
|
STAGING_AWS_ACCESS_KEY_ID:
|
|
from_secret: STAGING_BUILDBOX_DRONE_USER_ECR_KEY
|
|
STAGING_AWS_SECRET_ACCESS_KEY:
|
|
from_secret: STAGING_BUILDBOX_DRONE_USER_ECR_SECRET
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: buildbox-centos7-fips
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache make aws-cli
|
|
- chown -R $UID:$GID /go
|
|
- export AWS_ACCESS_KEY_ID="$STAGING_AWS_ACCESS_KEY_ID"
|
|
- export AWS_SECRET_ACCESS_KEY="$STAGING_AWS_SECRET_ACCESS_KEY"
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- make -C build.assets buildbox-centos7-fips
|
|
- docker tag public.ecr.aws/gravitational/teleport-buildbox-centos7-fips:$BUILDBOX_VERSION
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox-centos7-fips:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA
|
|
- docker push 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-buildbox-centos7-fips:$BUILDBOX_VERSION-$DRONE_COMMIT_SHA
|
|
- docker logout 146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- export AWS_ACCESS_KEY_ID="$PROD_AWS_ACCESS_KEY_ID"
|
|
- export AWS_SECRET_ACCESS_KEY="$PROD_AWS_SECRET_ACCESS_KEY"
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- docker push public.ecr.aws/gravitational/teleport-buildbox-centos7-fips:$BUILDBOX_VERSION
|
|
environment:
|
|
PROD_AWS_ACCESS_KEY_ID:
|
|
from_secret: PRODUCTION_BUILDBOX_DRONE_USER_ECR_KEY
|
|
PROD_AWS_SECRET_ACCESS_KEY:
|
|
from_secret: PRODUCTION_BUILDBOX_DRONE_USER_ECR_SECRET
|
|
STAGING_AWS_ACCESS_KEY_ID:
|
|
from_secret: STAGING_BUILDBOX_DRONE_USER_ECR_KEY
|
|
STAGING_AWS_SECRET_ACCESS_KEY:
|
|
from_secret: STAGING_BUILDBOX_DRONE_USER_ECR_SECRET
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/os_repos.go (main.buildNeverTriggerPipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: migrate-apt-new-repos
|
|
trigger:
|
|
event:
|
|
include:
|
|
- custom
|
|
repo:
|
|
include:
|
|
- non-existent-repository
|
|
branch:
|
|
include:
|
|
- non-existent-branch
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Placeholder
|
|
image: alpine:latest
|
|
commands:
|
|
- echo "This command, step, and pipeline never runs"
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/os_repos.go (main.(*OsPackageToolPipelineBuilder).buildBaseOsPackagePipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: publish-apt-new-repos
|
|
trigger:
|
|
event:
|
|
include:
|
|
- promote
|
|
target:
|
|
include:
|
|
- production
|
|
repo:
|
|
include:
|
|
- gravitational/teleport
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Verify build is tagged
|
|
image: alpine:latest
|
|
commands:
|
|
- '[ -n ${DRONE_TAG} ] || (echo ''DRONE_TAG is not set. Is the commit tagged?''
|
|
&& exit 1)'
|
|
- name: Check out code
|
|
image: alpine/git:latest
|
|
commands:
|
|
- mkdir -p "/go/src/github.com/gravitational/teleport"
|
|
- cd "/go/src/github.com/gravitational/teleport"
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout "${DRONE_TAG}"
|
|
- name: Check if tag is prerelease
|
|
image: golang:1.17-alpine
|
|
commands:
|
|
- cd "/go/src/github.com/gravitational/teleport/build.assets/tooling"
|
|
- go run ./cmd/check -tag ${DRONE_TAG} -check prerelease || (echo '---> This is
|
|
a prerelease, not publishing ${DRONE_TAG} packages to APT repos' && exit 78)
|
|
- name: Download artifacts for "${DRONE_TAG}"
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- mkdir -pv "$ARTIFACT_PATH"
|
|
- rm -rf "${ARTIFACT_PATH}/*"
|
|
- aws s3 sync --no-progress --delete --exclude "*" --include "*.deb*" s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}/
|
|
"$ARTIFACT_PATH"
|
|
environment:
|
|
ARTIFACT_PATH: /go/artifacts
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
depends_on:
|
|
- Verify build is tagged
|
|
- Check out code
|
|
- Check if tag is prerelease
|
|
- name: Publish debs to APT repos for "${DRONE_TAG}"
|
|
image: golang:1.18.4-bullseye
|
|
commands:
|
|
- apt update
|
|
- apt install -y aptly
|
|
- mkdir -pv -m0700 "$GNUPGHOME"
|
|
- echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPGHOME
|
|
- chown -R root:root "$GNUPGHOME"
|
|
- cd "/go/src/github.com/gravitational/teleport/build.assets/tooling"
|
|
- export VERSION="${DRONE_TAG}"
|
|
- export RELEASE_CHANNEL="stable"
|
|
- go run ./cmd/build-os-package-repos apt -bucket "$REPO_S3_BUCKET" -local-bucket-path
|
|
"$BUCKET_CACHE_PATH" -artifact-version "$VERSION" -release-channel "$RELEASE_CHANNEL"
|
|
-artifact-path "$ARTIFACT_PATH" -log-level 4 -aptly-root-dir "$APTLY_ROOT_DIR"
|
|
environment:
|
|
APTLY_ROOT_DIR: /mnt/aptly
|
|
ARTIFACT_PATH: /go/artifacts
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: APT_REPO_NEW_AWS_ACCESS_KEY_ID
|
|
AWS_REGION: us-west-2
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: APT_REPO_NEW_AWS_SECRET_ACCESS_KEY
|
|
BUCKET_CACHE_PATH: /tmp/bucket
|
|
DEBIAN_FRONTEND: noninteractive
|
|
GNUPGHOME: /tmpfs/gnupg
|
|
GPG_RPM_SIGNING_ARCHIVE:
|
|
from_secret: GPG_RPM_SIGNING_ARCHIVE
|
|
REPO_S3_BUCKET:
|
|
from_secret: APT_REPO_NEW_AWS_S3_BUCKET
|
|
volumes:
|
|
- name: apt-persistence
|
|
path: /mnt
|
|
- name: tmpfs
|
|
path: /tmpfs
|
|
depends_on:
|
|
- Download artifacts for "${DRONE_TAG}"
|
|
- Verify build is tagged
|
|
- Check out code
|
|
- Check if tag is prerelease
|
|
volumes:
|
|
- name: apt-persistence
|
|
claim:
|
|
name: drone-s3-aptrepo-pvc
|
|
- name: tmpfs
|
|
temp:
|
|
medium: memory
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/os_repos.go (main.buildNeverTriggerPipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: migrate-yum-new-repos
|
|
trigger:
|
|
event:
|
|
include:
|
|
- custom
|
|
repo:
|
|
include:
|
|
- non-existent-repository
|
|
branch:
|
|
include:
|
|
- non-existent-branch
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Placeholder
|
|
image: alpine:latest
|
|
commands:
|
|
- echo "This command, step, and pipeline never runs"
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/os_repos.go (main.(*OsPackageToolPipelineBuilder).buildBaseOsPackagePipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: publish-yum-new-repos
|
|
trigger:
|
|
event:
|
|
include:
|
|
- promote
|
|
target:
|
|
include:
|
|
- production
|
|
repo:
|
|
include:
|
|
- gravitational/teleport
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Verify build is tagged
|
|
image: alpine:latest
|
|
commands:
|
|
- '[ -n ${DRONE_TAG} ] || (echo ''DRONE_TAG is not set. Is the commit tagged?''
|
|
&& exit 1)'
|
|
- name: Check out code
|
|
image: alpine/git:latest
|
|
commands:
|
|
- mkdir -p "/go/src/github.com/gravitational/teleport"
|
|
- cd "/go/src/github.com/gravitational/teleport"
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout "${DRONE_TAG}"
|
|
- name: Check if tag is prerelease
|
|
image: golang:1.17-alpine
|
|
commands:
|
|
- cd "/go/src/github.com/gravitational/teleport/build.assets/tooling"
|
|
- go run ./cmd/check -tag ${DRONE_TAG} -check prerelease || (echo '---> This is
|
|
a prerelease, not publishing ${DRONE_TAG} packages to APT repos' && exit 78)
|
|
- name: Download artifacts for "${DRONE_TAG}"
|
|
image: amazon/aws-cli
|
|
commands:
|
|
- mkdir -pv "$ARTIFACT_PATH"
|
|
- rm -rf "${ARTIFACT_PATH}/*"
|
|
- aws s3 sync --no-progress --delete --exclude "*" --include "*.rpm*" s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}/
|
|
"$ARTIFACT_PATH"
|
|
environment:
|
|
ARTIFACT_PATH: /go/artifacts
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
depends_on:
|
|
- Verify build is tagged
|
|
- Check out code
|
|
- Check if tag is prerelease
|
|
- name: Publish rpms to YUM repos for "${DRONE_TAG}"
|
|
image: golang:1.18.4-bullseye
|
|
commands:
|
|
- apt update
|
|
- apt install -y createrepo-c
|
|
- mkdir -pv "$CACHE_DIR"
|
|
- mkdir -pv -m0700 "$GNUPGHOME"
|
|
- echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPGHOME
|
|
- chown -R root:root "$GNUPGHOME"
|
|
- cd "/go/src/github.com/gravitational/teleport/build.assets/tooling"
|
|
- export VERSION="${DRONE_TAG}"
|
|
- export RELEASE_CHANNEL="stable"
|
|
- go run ./cmd/build-os-package-repos yum -bucket "$REPO_S3_BUCKET" -local-bucket-path
|
|
"$BUCKET_CACHE_PATH" -artifact-version "$VERSION" -release-channel "$RELEASE_CHANNEL"
|
|
-artifact-path "$ARTIFACT_PATH" -log-level 4 -cache-dir "$CACHE_DIR"
|
|
environment:
|
|
ARTIFACT_PATH: /go/artifacts
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: YUM_REPO_NEW_AWS_ACCESS_KEY_ID
|
|
AWS_REGION: us-west-2
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: YUM_REPO_NEW_AWS_SECRET_ACCESS_KEY
|
|
BUCKET_CACHE_PATH: /mnt/bucket
|
|
CACHE_DIR: /mnt/createrepo_cache
|
|
DEBIAN_FRONTEND: noninteractive
|
|
GNUPGHOME: /tmpfs/gnupg
|
|
GPG_RPM_SIGNING_ARCHIVE:
|
|
from_secret: GPG_RPM_SIGNING_ARCHIVE
|
|
REPO_S3_BUCKET:
|
|
from_secret: YUM_REPO_NEW_AWS_S3_BUCKET
|
|
volumes:
|
|
- name: yum-persistence
|
|
path: /mnt
|
|
- name: tmpfs
|
|
path: /tmpfs
|
|
depends_on:
|
|
- Download artifacts for "${DRONE_TAG}"
|
|
- Verify build is tagged
|
|
- Check out code
|
|
- Check if tag is prerelease
|
|
volumes:
|
|
- name: yum-persistence
|
|
claim:
|
|
name: drone-s3-yumrepo-pvc
|
|
- name: tmpfs
|
|
temp:
|
|
medium: memory
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/promote.go (main.buildDockerPromotionPipelineECR)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: promote-docker-ecr
|
|
trigger:
|
|
event:
|
|
include:
|
|
- promote
|
|
target:
|
|
include:
|
|
- production
|
|
- promote-docker
|
|
- promote-docker-ecr
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Verify build is tagged
|
|
image: alpine:latest
|
|
commands:
|
|
- '[ -n ${DRONE_TAG} ] || (echo ''DRONE_TAG is not set. Is the commit tagged?''
|
|
&& exit 1)'
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Pull/retag Docker images
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- export VERSION=${DRONE_TAG##v}
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- echo "---> Pulling images for $${VERSION}"
|
|
- docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$${VERSION}
|
|
- docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$${VERSION}
|
|
- docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$${VERSION}-fips
|
|
- docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$${VERSION}
|
|
- echo "---> Tagging images for $${VERSION}"
|
|
- docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$${VERSION}
|
|
public.ecr.aws/gravitational/teleport:$${VERSION}
|
|
- docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$${VERSION}
|
|
public.ecr.aws/gravitational/teleport-ent:$${VERSION}
|
|
- docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$${VERSION}-fips
|
|
public.ecr.aws/gravitational/teleport-ent:$${VERSION}-fips
|
|
- docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$${VERSION}
|
|
public.ecr.aws/gravitational/teleport-operator:$${VERSION}
|
|
- docker logout 146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- aws ecr-public get-login-password --region=us-east-1 | docker login -u="AWS" --password-stdin
|
|
public.ecr.aws
|
|
- echo "---> Pushing images for $${VERSION}"
|
|
- docker push public.ecr.aws/gravitational/teleport:$${VERSION}
|
|
- docker push public.ecr.aws/gravitational/teleport-ent:$${VERSION}
|
|
- docker push public.ecr.aws/gravitational/teleport-ent:$${VERSION}-fips
|
|
- docker push public.ecr.aws/gravitational/teleport-operator:$${VERSION}
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_KEY
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: PRODUCTION_TELEPORT_DRONE_USER_ECR_SECRET
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/promote.go (main.buildDockerPromotionPipelineQuay)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: promote-docker-quay
|
|
trigger:
|
|
event:
|
|
include:
|
|
- promote
|
|
target:
|
|
include:
|
|
- production
|
|
- promote-docker
|
|
- promote-docker-quay
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /go
|
|
clone:
|
|
disable: true
|
|
steps:
|
|
- name: Verify build is tagged
|
|
image: alpine:latest
|
|
commands:
|
|
- '[ -n ${DRONE_TAG} ] || (echo ''DRONE_TAG is not set. Is the commit tagged?''
|
|
&& exit 1)'
|
|
- name: Wait for docker
|
|
image: docker
|
|
commands:
|
|
- timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done'
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: Pull/retag Docker images
|
|
image: docker
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- export VERSION=${DRONE_TAG##v}
|
|
- aws ecr get-login-password --region=us-west-2 | docker login -u="AWS" --password-stdin
|
|
146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- echo "---> Pulling images for $${VERSION}"
|
|
- docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$${VERSION}
|
|
- docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$${VERSION}
|
|
- docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$${VERSION}-fips
|
|
- docker pull 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$${VERSION}
|
|
- echo "---> Tagging images for $${VERSION}"
|
|
- docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport:$${VERSION}
|
|
quay.io/gravitational/teleport:$${VERSION}
|
|
- docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$${VERSION}
|
|
quay.io/gravitational/teleport-ent:$${VERSION}
|
|
- docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-ent:$${VERSION}-fips
|
|
quay.io/gravitational/teleport-ent:$${VERSION}-fips
|
|
- docker tag 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/teleport-operator:$${VERSION}
|
|
quay.io/gravitational/teleport-operator:$${VERSION}
|
|
- docker logout 146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- docker login -u="$QUAY_USERNAME" -p="$QUAY_PASSWORD" quay.io
|
|
- echo "---> Pushing images for $${VERSION}"
|
|
- docker push quay.io/gravitational/teleport:$${VERSION}
|
|
- docker push quay.io/gravitational/teleport-ent:$${VERSION}
|
|
- docker push quay.io/gravitational/teleport-ent:$${VERSION}-fips
|
|
- docker push quay.io/gravitational/teleport-operator:$${VERSION}
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: STAGING_TELEPORT_DRONE_USER_ECR_KEY
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: STAGING_TELEPORT_DRONE_USER_ECR_SECRET
|
|
QUAY_PASSWORD:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
QUAY_USERNAME:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
|
|
---
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: promote-build
|
|
|
|
trigger:
|
|
event:
|
|
- promote
|
|
target:
|
|
- production
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
|
|
workspace:
|
|
path: /go
|
|
|
|
clone:
|
|
disable: true
|
|
|
|
steps:
|
|
- name: Check if commit is tagged
|
|
image: alpine
|
|
commands:
|
|
- "[ -n ${DRONE_TAG} ] || (echo 'DRONE_TAG is not set. Is the commit tagged?' && exit 1)"
|
|
|
|
- name: Download artifacts from S3
|
|
image: amazon/aws-cli
|
|
environment:
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
AWS_REGION: us-west-2
|
|
commands:
|
|
- mkdir -p /go/artifacts
|
|
- aws s3 sync s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}/ /go/artifacts/
|
|
|
|
- name: Upload artifacts to production S3
|
|
image: plugins/s3
|
|
settings:
|
|
bucket:
|
|
from_secret: PRODUCTION_AWS_S3_BUCKET
|
|
access_key:
|
|
from_secret: PRODUCTION_AWS_ACCESS_KEY_ID
|
|
secret_key:
|
|
from_secret: PRODUCTION_AWS_SECRET_ACCESS_KEY
|
|
region: us-east-1
|
|
acl: public-read
|
|
source: /go/artifacts/*
|
|
target: teleport/${DRONE_TAG##v}/
|
|
strip_prefix: /go/artifacts/
|
|
|
|
- name: Pull/retag Docker images
|
|
image: docker
|
|
settings:
|
|
docker_staging_username:
|
|
from_secret: QUAYIO_DOCKER_USERNAME
|
|
docker_staging_password:
|
|
from_secret: QUAYIO_DOCKER_PASSWORD
|
|
docker_production_username:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
|
|
docker_production_password:
|
|
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
commands:
|
|
# wait for docker to start
|
|
- sleep 3
|
|
- export VERSION=${DRONE_TAG##v}
|
|
# authenticate with staging credentials
|
|
- docker login -u="$PLUGIN_DOCKER_STAGING_USERNAME" -p="$PLUGIN_DOCKER_STAGING_PASSWORD" quay.io
|
|
# pull 'temporary' CI-built images
|
|
- echo "---> Pulling images for $${VERSION}"
|
|
- docker pull quay.io/gravitational/teleport-ci:$${VERSION}
|
|
- docker pull quay.io/gravitational/teleport-ent-ci:$${VERSION}
|
|
- docker pull quay.io/gravitational/teleport-ent-ci:$${VERSION}-fips
|
|
- docker pull quay.io/gravitational/teleport-operator-ci:$${VERSION}
|
|
# retag images to production naming
|
|
- echo "---> Tagging images for $${VERSION}"
|
|
- docker tag quay.io/gravitational/teleport-ci:$${VERSION} quay.io/gravitational/teleport:$${VERSION}
|
|
- docker tag quay.io/gravitational/teleport-ent-ci:$${VERSION} quay.io/gravitational/teleport-ent:$${VERSION}
|
|
- docker tag quay.io/gravitational/teleport-ent-ci:$${VERSION}-fips quay.io/gravitational/teleport-ent:$${VERSION}-fips
|
|
- docker tag quay.io/gravitational/teleport-operator-ci:$${VERSION} quay.io/gravitational/teleport-operator:$${VERSION}
|
|
# reauthenticate with production credentials
|
|
- docker logout quay.io
|
|
- docker login -u="$PLUGIN_DOCKER_PRODUCTION_USERNAME" -p="$PLUGIN_DOCKER_PRODUCTION_PASSWORD" quay.io
|
|
# push production images
|
|
- echo "---> Pushing images for $${VERSION}"
|
|
- docker push quay.io/gravitational/teleport:$${VERSION}
|
|
- docker push quay.io/gravitational/teleport-ent:$${VERSION}
|
|
- docker push quay.io/gravitational/teleport-ent:$${VERSION}-fips
|
|
- docker push quay.io/gravitational/teleport-operator:$${VERSION}
|
|
|
|
- name: Check out code
|
|
image: docker:git
|
|
commands:
|
|
- |
|
|
mkdir -p /go/src/github.com/gravitational/teleport
|
|
cd /go/src/github.com/gravitational/teleport
|
|
git init && git remote add origin ${DRONE_REMOTE_URL}
|
|
git fetch origin +refs/tags/${DRONE_TAG}:
|
|
git checkout -qf FETCH_HEAD
|
|
|
|
- name: Download AMI timestamps
|
|
image: docker
|
|
environment:
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- mkdir -p /go/src/github.com/gravitational/teleport/assets/aws/files/build
|
|
- aws s3 sync s3://$AWS_S3_BUCKET/teleport/ami/${DRONE_TAG##v}/ /go/src/github.com/gravitational/teleport/assets/aws/files/build
|
|
|
|
- name: Make AMIs public
|
|
image: docker
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: PRODUCTION_AWS_ACCESS_KEY_ID
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: PRODUCTION_AWS_SECRET_ACCESS_KEY
|
|
commands:
|
|
- apk add --no-cache aws-cli bash jq make
|
|
- cd /go/src/github.com/gravitational/teleport/assets/aws
|
|
- |
|
|
make change-amis-to-public-oss
|
|
make change-amis-to-public-ent
|
|
make change-amis-to-public-ent-fips
|
|
|
|
# Download all previously packaged charts. This is needed to rebuild the
|
|
# index and re-publish the repository.
|
|
- name: "Helm: Download chart repository"
|
|
image: amazon/aws-cli
|
|
environment:
|
|
AWS_S3_BUCKET:
|
|
from_secret: PRODUCTION_CHARTS_AWS_S3_BUCKET
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: PRODUCTION_CHARTS_AWS_ACCESS_KEY_ID
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: PRODUCTION_CHARTS_AWS_SECRET_ACCESS_KEY
|
|
commands:
|
|
- mkdir -p /go/chart
|
|
- aws s3 sync s3://$AWS_S3_BUCKET/ /go/chart
|
|
|
|
- name: "Helm: Package chart repository"
|
|
image: alpine/helm:latest
|
|
commands:
|
|
- cd /go/chart
|
|
- helm package /go/src/github.com/gravitational/teleport/examples/chart/teleport-cluster
|
|
- helm package /go/src/github.com/gravitational/teleport/examples/chart/teleport-kube-agent
|
|
# copy index.html to root of the S3 bucket.
|
|
- cp /go/src/github.com/gravitational/teleport/examples/chart/index.html /go/chart
|
|
# this will index all previous versions of the charts downloaded from the S3 bucket,
|
|
# plus the just-packaged charts listed above
|
|
- helm repo index /go/chart
|
|
- ls /go/chart
|
|
|
|
- name: "Helm: Publish chart repository to S3"
|
|
image: plugins/s3
|
|
settings:
|
|
bucket:
|
|
from_secret: PRODUCTION_CHARTS_AWS_S3_BUCKET
|
|
access_key:
|
|
from_secret: PRODUCTION_CHARTS_AWS_ACCESS_KEY_ID
|
|
secret_key:
|
|
from_secret: PRODUCTION_CHARTS_AWS_SECRET_ACCESS_KEY
|
|
region: us-east-2
|
|
acl: public-read
|
|
source: /go/chart/*
|
|
target: /
|
|
strip_prefix: /go/chart
|
|
|
|
# NOTE: all mandatory steps for a release promotion need to go BEFORE this
|
|
# step, as there is a chance that everything afterwards will be skipped.
|
|
#
|
|
# this step exits early and skips all remaining steps in the pipeline if the
|
|
# tag looks like a pre-release, to avoid pushing pre-release RPMs and DEBs to
|
|
# our yum / apt repos.
|
|
- name: Check if repo is public
|
|
image: alpine
|
|
commands:
|
|
- if [ "${DRONE_REPO}" != "gravitational/teleport" ]; then echo "---> Not publishing ${DRONE_REPO} packages to RPM and DEB repos" && exit 78; fi
|
|
|
|
- name: Check if tag is prerelease
|
|
image: golang:1.17-alpine
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport/build.assets/tooling
|
|
- go run ./cmd/check -tag ${DRONE_TAG} -check prerelease || (echo '---> Not publishing ${DRONE_TAG} packages to RPM and DEB repos' && exit 78)
|
|
|
|
- name: Download RPM repo contents
|
|
image: amazon/aws-cli
|
|
environment:
|
|
AWS_S3_BUCKET:
|
|
from_secret: RPMREPO_AWS_S3_BUCKET
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: RPMREPO_AWS_ACCESS_KEY_ID
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: RPMREPO_AWS_SECRET_ACCESS_KEY
|
|
volumes:
|
|
- name: rpmrepo
|
|
path: /rpmrepo
|
|
commands:
|
|
- mkdir -p /rpmrepo/teleport/cache
|
|
# we explicitly want to delete anything present locally which has been deleted
|
|
# from the upstream S3 bucket
|
|
- aws s3 sync s3://$AWS_S3_BUCKET/teleport/ /rpmrepo/teleport/ --delete
|
|
- mkdir -p /rpmrepo/teleport/${DRONE_TAG##v}
|
|
- cp -a /go/artifacts/*.rpm /rpmrepo/teleport/${DRONE_TAG##v}/
|
|
|
|
# we do this using a CentOS 7 container to make sure that the repo files are
|
|
# compatible with older versions, also there's no createrepo package in alpine main
|
|
- name: Regenerate RPM repo metadata
|
|
image: centos:7
|
|
volumes:
|
|
- name: rpmrepo
|
|
path: /rpmrepo
|
|
commands:
|
|
- yum -y install createrepo
|
|
- createrepo --cachedir /rpmrepo/teleport/cache --update /rpmrepo/teleport
|
|
|
|
# This step requires centos:8 to get gpg 2.2+
|
|
# centos:7's gpg 2.0 doesn't understand the format of GPG_RPM_SIGNING_ARCHIVE
|
|
- name: Sign RPM repo metadata
|
|
image: centos:8
|
|
volumes:
|
|
- name: rpmrepo
|
|
path: /rpmrepo
|
|
# for in-memory tmpfs for key material
|
|
- name: tmpfs
|
|
path: /tmpfs
|
|
environment:
|
|
GNUPGHOME: /tmpfs/gnupg
|
|
GPG_RPM_SIGNING_ARCHIVE:
|
|
from_secret: GPG_RPM_SIGNING_ARCHIVE
|
|
commands:
|
|
- |
|
|
# extract signing key
|
|
mkdir -m0700 $GNUPGHOME
|
|
echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPGHOME
|
|
chown -R root:root $GNUPGHOME
|
|
# Sign rpm repo metadata (yum clients will automatically look for and verify repodata/repomd.xml.asc)
|
|
- gpg --batch --yes --detach-sign --armor /rpmrepo/teleport/repodata/repomd.xml
|
|
- cat /rpmrepo/teleport/repodata/repomd.xml.asc
|
|
- rm -rf $GNUPGHOME
|
|
|
|
- name: Sync RPM repo changes to S3
|
|
image: amazon/aws-cli
|
|
environment:
|
|
AWS_S3_BUCKET:
|
|
from_secret: RPMREPO_AWS_S3_BUCKET
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: RPMREPO_AWS_ACCESS_KEY_ID
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: RPMREPO_AWS_SECRET_ACCESS_KEY
|
|
volumes:
|
|
- name: rpmrepo
|
|
path: /rpmrepo
|
|
commands:
|
|
- aws s3 sync /rpmrepo/teleport/ s3://$AWS_S3_BUCKET/teleport/
|
|
|
|
# This step skips all remaining steps in the pipeline if the tag
|
|
# is not the highest semver *ever* released, to avoid publishing DEBs
|
|
# that would cause apt users to downgrade. For more info see:
|
|
# https://github.com/gravitational/teleport/issues/8166
|
|
- name: Check if tag is latest
|
|
image: golang:1.17-alpine
|
|
commands:
|
|
- cd /go/src/github.com/gravitational/teleport/build.assets/tooling
|
|
- go run ./cmd/check -tag ${DRONE_TAG} -check latest || (echo '---> Not publishing ${DRONE_REPO} packages to DEB repo' && exit 78)
|
|
|
|
- name: Download DEB repo contents
|
|
image: amazon/aws-cli
|
|
environment:
|
|
AWS_S3_BUCKET:
|
|
from_secret: DEBREPO_AWS_S3_BUCKET
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: DEBREPO_AWS_ACCESS_KEY_ID
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: DEBREPO_AWS_SECRET_ACCESS_KEY
|
|
volumes:
|
|
- name: debrepo
|
|
path: /debrepo
|
|
commands:
|
|
# we explicitly want to delete anything present locally which has been deleted
|
|
# from the upstream S3 bucket
|
|
- mkdir -p /debrepo/teleport
|
|
- aws s3 sync s3://$AWS_S3_BUCKET/teleport /debrepo/teleport --delete
|
|
|
|
- name: Build DEB repo
|
|
image: ubuntu:20.04
|
|
environment:
|
|
DEBIAN_FRONTEND: noninteractive
|
|
GNUPGHOME: /tmpfs/gnupg
|
|
GPG_RPM_SIGNING_ARCHIVE:
|
|
from_secret: GPG_RPM_SIGNING_ARCHIVE
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: debrepo
|
|
path: /debrepo
|
|
# for in-memory tmpfs for key material
|
|
- name: tmpfs
|
|
path: /tmpfs
|
|
commands:
|
|
- |
|
|
# install needed tools
|
|
apt-get -y update && apt-get -y install curl gzip gnupg2 reprepro tar
|
|
- |
|
|
# write config files
|
|
mkdir -p /go/reprepro/teleport/conf /go/reprepro/teleport/public
|
|
# we have to keep listing "arm" even though it's not a real debian arch
|
|
# because we have released packages for it that are currently in the
|
|
# repo bucket, and reprepro will error out if it's told to includedeb a
|
|
# package for an architecture that's not in its configuration
|
|
cat << EOF > /go/reprepro/teleport/conf/distributions
|
|
Origin: teleport
|
|
Label: teleport
|
|
Codename: stable
|
|
Architectures: i386 amd64 arm armhf arm64
|
|
Components: main
|
|
Description: apt repository for teleport
|
|
SignWith: 6282C411
|
|
EOF
|
|
cat << EOF > /go/reprepro/teleport/conf/options
|
|
verbose
|
|
basedir /go/reprepro/teleport
|
|
EOF
|
|
- |
|
|
# extract signing key
|
|
mkdir -m0700 $GNUPGHOME
|
|
echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPGHOME
|
|
chown -R root:root $GNUPGHOME
|
|
- |
|
|
# create repo
|
|
cd /go/reprepro/teleport
|
|
reprepro --outdir /go/reprepro/teleport/public includedeb stable /go/artifacts/teleport*.deb
|
|
- |
|
|
# clean up gnupg
|
|
rm -rf $GNUPGHOME
|
|
- |
|
|
# copy artifacts to PVC
|
|
cp -r /go/reprepro/teleport /debrepo/
|
|
|
|
- name: Sync DEB repo changes to S3
|
|
image: amazon/aws-cli
|
|
environment:
|
|
AWS_S3_BUCKET:
|
|
from_secret: DEBREPO_AWS_S3_BUCKET
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: DEBREPO_AWS_ACCESS_KEY_ID
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: DEBREPO_AWS_SECRET_ACCESS_KEY
|
|
volumes:
|
|
- name: debrepo
|
|
path: /debrepo
|
|
commands:
|
|
- aws s3 sync /debrepo/teleport/ s3://$AWS_S3_BUCKET/teleport/
|
|
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: tmpfs
|
|
path: /tmpfs
|
|
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
- name: tmpfs
|
|
temp:
|
|
medium: memory
|
|
# these persistent volumes cache RPMs/DEBs near Drone so that we don't need to download the
|
|
# entire repo contents from S3 every time to build the repo, we just sync any differences
|
|
- name: rpmrepo
|
|
claim:
|
|
name: drone-s3-rpmrepo-pvc
|
|
- name: debrepo
|
|
claim:
|
|
name: drone-s3-debrepo-pvc
|
|
---
|
|
kind: pipeline
|
|
type: kubernetes
|
|
name: publish-rlz
|
|
|
|
environment:
|
|
RELCLI_BASE_URL: https://releases-staging.platform.teleport.sh
|
|
RELCLI_IMAGE: 146628656107.dkr.ecr.us-west-2.amazonaws.com/gravitational/relcli:v1.1.65
|
|
|
|
trigger:
|
|
event:
|
|
- promote
|
|
target:
|
|
- production
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
|
|
workspace:
|
|
path: /go
|
|
|
|
clone:
|
|
disable: true
|
|
|
|
steps:
|
|
- name: Check if commit is tagged
|
|
image: alpine
|
|
commands:
|
|
- "[ -n ${DRONE_TAG} ] || (echo 'DRONE_TAG is not set. Is the commit tagged?' && exit 1)"
|
|
|
|
- name: Pull relcli
|
|
image: docker:git
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: TELEPORT_BUILD_USER_READ_ONLY_KEY
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: TELEPORT_BUILD_USER_READ_ONLY_SECRET
|
|
AWS_DEFAULT_REGION: us-west-2
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
commands:
|
|
- apk add --no-cache aws-cli
|
|
- aws ecr get-login-password | docker login -u="AWS" --password-stdin 146628656107.dkr.ecr.us-west-2.amazonaws.com
|
|
- docker pull $RELCLI_IMAGE
|
|
|
|
- name: Publish in Release API
|
|
image: docker:git
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT_STAGING
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY_STAGING
|
|
RELCLI_CERT: /tmpfs/creds/releases.crt
|
|
RELCLI_KEY: /tmpfs/creds/releases.key
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: tmpfs
|
|
path: /tmpfs
|
|
commands:
|
|
- mkdir -p /tmpfs/creds
|
|
- echo "$RELEASES_CERT" | base64 -d > "$RELCLI_CERT"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$RELCLI_KEY"
|
|
- trap "rm -rf /tmpfs/creds" EXIT
|
|
- |
|
|
docker run -i -v /tmpfs/creds:/tmpfs/creds \
|
|
-e DRONE_REPO -e DRONE_TAG -e RELCLI_BASE_URL -e RELCLI_CERT -e RELCLI_KEY \
|
|
$RELCLI_IMAGE relcli auto_publish -f -v 6
|
|
failure: ignore
|
|
|
|
services:
|
|
- name: Start Docker
|
|
image: docker:dind
|
|
privileged: true
|
|
volumes:
|
|
- name: dockersock
|
|
path: /var/run
|
|
- name: tmpfs
|
|
path: /tmpfs
|
|
|
|
volumes:
|
|
- name: dockersock
|
|
temp: {}
|
|
- name: tmpfs
|
|
temp:
|
|
medium: memory
|
|
---
|
|
################################################
|
|
# Generated using dronegen, do not edit by hand!
|
|
# Use 'make dronegen' to update.
|
|
# Generated at dronegen/mac.go (main.newDarwinPipeline)
|
|
################################################
|
|
|
|
kind: pipeline
|
|
type: exec
|
|
name: build-darwin-amd64-connect
|
|
trigger:
|
|
event:
|
|
include:
|
|
- tag
|
|
ref:
|
|
include:
|
|
- refs/tags/v*
|
|
repo:
|
|
include:
|
|
- gravitational/*
|
|
workspace:
|
|
path: /tmp/build-darwin-amd64-connect
|
|
platform:
|
|
os: darwin
|
|
arch: amd64
|
|
clone:
|
|
disable: true
|
|
depends_on:
|
|
- build-darwin-amd64-pkg-tsh
|
|
concurrency:
|
|
limit: 1
|
|
steps:
|
|
- name: Set up exec runner storage
|
|
commands:
|
|
- set -u
|
|
- mkdir -p $WORKSPACE_DIR
|
|
- chmod -R u+rw $WORKSPACE_DIR
|
|
- rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-connect
|
|
- name: Check out code
|
|
commands:
|
|
- set -u
|
|
- mkdir -p $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .
|
|
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
|
|
- mkdir -p $WORKSPACE_DIR/go/src/github.com/gravitational/webapps
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/webapps
|
|
- git clone https://github.com/gravitational/webapps.git .
|
|
- git checkout $($WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets/webapps/webapps-version.sh)
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
- mkdir -m 0700 $WORKSPACE_DIR/.ssh && echo "$GITHUB_PRIVATE_KEY" > $WORKSPACE_DIR/.ssh/id_rsa
|
|
&& chmod 600 $WORKSPACE_DIR/.ssh/id_rsa
|
|
- ssh-keyscan -H github.com > $WORKSPACE_DIR/.ssh/known_hosts 2>/dev/null
|
|
- chmod 600 $WORKSPACE_DIR/.ssh/known_hosts
|
|
- GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts
|
|
-F /dev/null' git submodule update --init e
|
|
- GIT_SSH_COMMAND='ssh -i $WORKSPACE_DIR/.ssh/id_rsa -o UserKnownHostsFile=$WORKSPACE_DIR/.ssh/known_hosts
|
|
-F /dev/null' git submodule update --init --recursive webassets || true
|
|
- rm -rf $WORKSPACE_DIR/.ssh
|
|
- mkdir -p $WORKSPACE_DIR/go/cache
|
|
- mkdir -p $WORKSPACE_DIR/go/artifacts
|
|
- echo "${DRONE_TAG##v}" > $WORKSPACE_DIR/go/.version.txt
|
|
- cat $WORKSPACE_DIR/go/.version.txt
|
|
environment:
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-connect
|
|
- name: Install Node Toolchain
|
|
commands:
|
|
- set -u
|
|
- export NODE_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets
|
|
print-node-version)
|
|
- export TOOLCHAIN_DIR=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains
|
|
- export NODE_DIR=$TOOLCHAIN_DIR/node-v$NODE_VERSION-darwin-x64
|
|
- mkdir -p $TOOLCHAIN_DIR
|
|
- curl --silent -O https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-darwin-x64.tar.gz
|
|
- tar -C $TOOLCHAIN_DIR -xzf node-v$NODE_VERSION-darwin-x64.tar.gz
|
|
- rm -f node-v$NODE_VERSION-darwin-x64.tar.gz
|
|
- export PATH=$NODE_DIR/bin:$PATH
|
|
- corepack enable yarn
|
|
- echo Node reporting version $(node --version)
|
|
- echo Yarn reporting version $(yarn --version)
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-connect
|
|
- name: Download tsh.pkg artifact from S3
|
|
commands:
|
|
- set -u
|
|
- export VERSION=$(cat $WORKSPACE_DIR/go/.version.txt)
|
|
- export S3_PATH="tag/$${DRONE_TAG##v}/"
|
|
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}tsh-$${VERSION}.pkg $WORKSPACE_DIR/go/src/github.com/gravitational/
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
GITHUB_PRIVATE_KEY:
|
|
from_secret: GITHUB_PRIVATE_KEY
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-connect
|
|
- name: Build Mac artifacts (Teleport Connect)
|
|
commands:
|
|
- set -u
|
|
- export HOME=/Users/$(whoami)
|
|
- export TOOLCHAIN_DIR=/tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED/toolchains
|
|
- export NODE_VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport/build.assets
|
|
print-node-version)
|
|
- export NODE_HOME=$TOOLCHAIN_DIR/node-v$NODE_VERSION-darwin-x64
|
|
- export PATH=$NODE_HOME/bin:$PATH
|
|
- export VERSION=$(make -C $WORKSPACE_DIR/go/src/github.com/gravitational/teleport
|
|
print-version)
|
|
- export BUILD_NUMBER=$DRONE_BUILD_NUMBER
|
|
- security unlock-keychain -p $${BUILDBOX_PASSWORD} login.keychain
|
|
- security find-identity -v
|
|
- export CSC_NAME=0FFD3E3413AB4C599C53FBB1D8CA690915E33D83
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational
|
|
- pkgutil --expand-full tsh-$${VERSION}.pkg tsh
|
|
- export CONNECT_TSH_APP_PATH=$WORKSPACE_DIR/go/src/github.com/gravitational/tsh/Payload/tsh.app
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/webapps
|
|
- yarn install && yarn build-term && yarn package-term -c.extraMetadata.version=$VERSION
|
|
environment:
|
|
APPLE_PASSWORD:
|
|
from_secret: APPLE_PASSWORD
|
|
APPLE_USERNAME:
|
|
from_secret: APPLE_USERNAME
|
|
ARCH: amd64
|
|
BUILDBOX_PASSWORD:
|
|
from_secret: BUILDBOX_PASSWORD
|
|
GOCACHE: /tmp/build-darwin-amd64-connect/go/cache
|
|
GOPATH: /tmp/build-darwin-amd64-connect/go
|
|
OS: darwin
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-connect
|
|
- name: Copy dmg artifact
|
|
commands:
|
|
- set -u
|
|
- cd $WORKSPACE_DIR/go/src/github.com/gravitational/webapps/packages/teleterm/build/release
|
|
- cp *.dmg $WORKSPACE_DIR/go/artifacts
|
|
- cd $WORKSPACE_DIR/go/artifacts && for FILE in *.dmg; do shasum -a 256 "$FILE"
|
|
> "$FILE.sha256"; done && ls -l
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-connect
|
|
- name: Upload to S3
|
|
commands:
|
|
- set -u
|
|
- cd $WORKSPACE_DIR/go/artifacts
|
|
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
|
|
environment:
|
|
AWS_ACCESS_KEY_ID:
|
|
from_secret: AWS_ACCESS_KEY_ID
|
|
AWS_REGION: us-west-2
|
|
AWS_S3_BUCKET:
|
|
from_secret: AWS_S3_BUCKET
|
|
AWS_SECRET_ACCESS_KEY:
|
|
from_secret: AWS_SECRET_ACCESS_KEY
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-connect
|
|
- name: Register artifact
|
|
commands:
|
|
- WORKSPACE_DIR=$${WORKSPACE_DIR:-/}
|
|
- VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")
|
|
- RELEASES_HOST='https://releases-staging.platform.teleport.sh'
|
|
- echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt"
|
|
- echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key"
|
|
- trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT
|
|
- CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key"
|
|
- which curl || apk add --no-cache curl
|
|
- |-
|
|
cd "$WORKSPACE_DIR/go/artifacts"
|
|
find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do
|
|
# Skip files that are not results of this build
|
|
# (e.g. tarballs from which OS packages are made)
|
|
[ -f "$file.sha256" ] || continue
|
|
|
|
name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z
|
|
description="MacOS Intel"
|
|
products="$name"
|
|
if [ "$name" = "tsh" ]; then
|
|
products="teleport teleport-ent"
|
|
elif [ "$name" = "Teleport Connect" ]; then
|
|
description="Teleport Connect"
|
|
products="teleport teleport-ent"
|
|
fi
|
|
shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)"
|
|
|
|
curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="darwin" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" "$RELEASES_HOST/assets";
|
|
|
|
for product in $products; do
|
|
status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases")
|
|
if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then
|
|
echo "curl HTTP status: $status_code"
|
|
cat $WORKSPACE_DIR/curl_out.txt
|
|
exit 1
|
|
fi
|
|
curl $CREDENTIALS --fail -o /dev/null -X PUT "$RELEASES_HOST/releases/$product@$VERSION/assets/$(basename "$file" | sed 's/ /%20/g')"
|
|
done
|
|
done
|
|
environment:
|
|
RELEASES_CERT:
|
|
from_secret: RELEASES_CERT_STAGING
|
|
RELEASES_KEY:
|
|
from_secret: RELEASES_KEY_STAGING
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-connect
|
|
failure: ignore
|
|
- name: Clean up toolchains (post)
|
|
commands:
|
|
- set -u
|
|
- rm -rf /tmp/build-$DRONE_BUILD_NUMBER-$DRONE_BUILD_CREATED
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-connect
|
|
when:
|
|
status:
|
|
- success
|
|
- failure
|
|
- name: Clean up exec runner storage (post)
|
|
commands:
|
|
- set -u
|
|
- chmod -R u+rw $WORKSPACE_DIR
|
|
- rm -rf $WORKSPACE_DIR/go $WORKSPACE_DIR/.ssh
|
|
environment:
|
|
WORKSPACE_DIR: /tmp/build-darwin-amd64-connect
|
|
---
|
|
kind: signature
|
|
hmac: 851e2877f720a4ae6e3077b5d7dcae426e9cffadb470592cf1f4a3b14a1fb553
|
|
|
|
...
|