self-hosted/teleport
self-hosted/teleport
1
0
Fork 0
mirror of https://github.com/gravitational/teleport synced 2024-10-22 18:23:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
teleport/.drone.yml
Gus Luxton d1cd94535c
Bump Go to 1.15.5 (#4853)
2020-11-16 15:18:10 -04:00

3164 lines
100 KiB
YAML
Raw Blame History

---
kind: pipeline
type: kubernetes
name: test
environment:
RUNTIME: go1.15.5
UID: 1000
GID: 1000
trigger:
event:
include:
- pull_request
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
steps:
- name: Check out code
image: docker:git
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
volumes:
- name: tmpfs
path: /tmpfs
commands:
- mkdir -p /tmpfs/go/src/github.com/gravitational/teleport /tmpfs/go/cache
- cd /tmpfs/go/src/github.com/gravitational/teleport
- git init && git remote add origin ${DRONE_REMOTE_URL}
- |
# handle pull requests
if [ "${DRONE_BUILD_EVENT}" = "pull_request" ]; then
git fetch origin +refs/heads/${DRONE_COMMIT_BRANCH}:
git checkout ${DRONE_COMMIT_BRANCH}
git fetch origin ${DRONE_COMMIT_REF}:
git merge ${DRONE_COMMIT}
# handle tags
elif [ "${DRONE_BUILD_EVENT}" = "tag" ]; then
git fetch origin +refs/tags/${DRONE_TAG}:
git checkout -qf FETCH_HEAD
# handle pushes/other events
else
if [ "${DRONE_COMMIT_BRANCH}" = "" ]; then
git fetch origin
git checkout -qf ${DRONE_COMMIT_SHA}
else
git fetch origin +refs/heads/${DRONE_COMMIT_BRANCH}:
git checkout ${DRONE_COMMIT} -b ${DRONE_COMMIT_BRANCH}
fi
fi
# this is allowed to fail because pre-4.3 Teleport versions don't use the webassets submodule
- git submodule update --init webassets || true
# use the Github API to check whether this PR comes from a forked repo or not
# if it does, don't check out the Enterprise code
- |
if [ "${DRONE_BUILD_EVENT}" = "pull_request" ]; then
apk add --no-cache curl jq
export PR_REPO=$(curl -Ls https://api.github.com/repos/gravitational/teleport/pulls/${DRONE_PULL_REQUEST} | jq -r '.head.repo.full_name')
echo "---> Source repo for PR ${DRONE_PULL_REQUEST}: $${PR_REPO}"
# if the source repo for the PR matches DRONE_REPO, then this is not a PR raised from a fork
if [ "$${PR_REPO}" = "${DRONE_REPO}" ]; then
mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa
ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
git submodule update --init e
# do a recursive submodule checkout to get both webassets and webassets/e
# this is allowed to fail because pre-4.3 Teleport versions don't use the webassets submodule
git submodule update --init --recursive webassets || true
rm -f /root/.ssh/id_rsa
fi
fi
- name: Build buildbox
image: docker
volumes:
- name: dockersock
path: /var/run
- name: tmpfs
path: /tmpfs
commands:
- apk add --no-cache make
- chown -R $UID:$GID /tmpfs/go
- docker pull quay.io/gravitational/teleport-buildbox:$RUNTIME || true
- cd /tmpfs/go/src/github.com/gravitational/teleport
- make -C build.assets buildbox
- name: Run linter
image: docker
environment:
GOCACHE: /tmpfs/go/cache
GOPATH: /tmpfs/go
volumes:
- name: dockersock
path: /var/run
- name: tmpfs
path: /tmpfs
commands:
- apk add --no-cache make
- chown -R $UID:$GID /tmpfs/go
- cd /tmpfs/go/src/github.com/gravitational/teleport
- make -C build.assets lint
# https://discourse.drone.io/t/how-to-exit-a-pipeline-early-without-failing/3951
# this step looks at the output of git diff --raw to determine whether any files
# which don't match the pattern '^docs/' or '.md$' were changed. if there are no
# changes to non-docs code, we skip the Teleport tests and exit early with a special
# Drone exit code to speed up iteration on docs (as milv is much quicker to run)
- name: Optionally skip tests
image: docker:git
volumes:
- name: tmpfs
path: /tmpfs
commands:
- |
cd /tmpfs/go/src/github.com/gravitational/teleport
echo -e "\n---> git diff --raw ${DRONE_COMMIT}..origin/${DRONE_COMMIT_BRANCH:-master}\n"
git diff --raw ${DRONE_COMMIT}..origin/${DRONE_COMMIT_BRANCH:-master}
git diff --raw ${DRONE_COMMIT}..origin/${DRONE_COMMIT_BRANCH:-master} | awk '{print $6}' | grep -Ev '^docs/' | grep -Ev '.md$' | grep -v ^$ | wc -l > /tmp/.change_count.txt
export CHANGE_COUNT=$(cat /tmp/.change_count.txt | tr -d '\n')
echo -e "\n---> Non-docs changes detected: $$CHANGE_COUNT"
if [ $$CHANGE_COUNT -gt 0 ]; then
echo "---> Teleport tests will run normally"
else
echo "---> Skipping Teleport tests and exiting early"
exit 78
fi
echo ""
- name: Run unit and chaos tests
image: docker
environment:
GOCACHE: /tmpfs/go/cache
GOPATH: /tmpfs/go
volumes:
- name: dockersock
path: /var/run
- name: tmpfs
path: /tmpfs
commands:
- apk add --no-cache make
- chown -R $UID:$GID /tmpfs/go
- cd /tmpfs/go/src/github.com/gravitational/teleport
- make -C build.assets test
- name: Run integration tests
image: docker
environment:
GOCACHE: /tmpfs/go/cache
GOPATH: /tmpfs/go
INTEGRATION_CI_KUBECONFIG:
from_secret: INTEGRATION_CI_KUBECONFIG
KUBECONFIG: /tmpfs/go/kubeconfig.ci
TEST_KUBE: true
volumes:
- name: dockersock
path: /var/run
- name: tmp-integration
path: /tmp
- name: tmpfs
path: /tmpfs
commands:
- apk add --no-cache make
# write kubeconfig to disk for use in kube integrations tests
- echo "$INTEGRATION_CI_KUBECONFIG" > "$KUBECONFIG"
- chown -R $UID:$GID /tmpfs/go
- cd /tmpfs/go/src/github.com/gravitational/teleport
- make -C build.assets integration
- rm -f "$KUBECONFIG"
services:
- name: Start Docker
image: docker:dind
volumes:
- name: dockersock
path: /var/run
- name: tmp-dind
path: /tmp
- name: tmpfs
path: /tmpfs
volumes:
- name: dockersock
temp: {}
- name: tmp-dind
temp: {}
- name: tmp-integration
temp: {}
- name: tmpfs
temp:
medium: memory
---
kind: pipeline
type: kubernetes
name: build-on-push
environment:
RUNTIME: go1.15.5
UID: 1000
GID: 1000
trigger:
event:
include:
- push
exclude:
- pull_request
branch:
include:
- master
- branch/*
- stratus
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
steps:
- name: Check out code
image: docker:git
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
commands:
- mkdir -p /go/src/github.com/gravitational/teleport /go/cache
- cd /go/src/github.com/gravitational/teleport
- git init && git remote add origin ${DRONE_REMOTE_URL}
- git fetch origin
- git checkout -qf ${DRONE_COMMIT_SHA}
# this is allowed to fail because pre-4.3 Teleport versions don't use the webassets submodule
- git submodule update --init webassets || true
- mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
# do a recursive submodule checkout to get both webassets and webassets/e
# this is allowed to fail because pre-4.3 Teleport versions don't use the webassets submodule
- git submodule update --init --recursive webassets || true
- rm -f /root/.ssh/id_rsa
- name: Pull buildbox image
image: docker
volumes:
- name: dockersock
path: /var/run
commands:
- apk add --no-cache make
- chown -R $UID:$GID /go
- docker pull quay.io/gravitational/teleport-buildbox:$RUNTIME || true
- name: Build release
image: docker
environment:
GOPATH: /go
volumes:
- name: dockersock
path: /var/run
commands:
- apk add --no-cache make
- chown -R $UID:$GID /go
- cd /go/src/github.com/gravitational/teleport
- make -C build.assets release
- name: Send Slack notification
image: plugins/slack
settings:
webhook:
from_secret: SLACK_WEBHOOK_DEV_TELEPORT
channel: dev-teleport
template: |
*{{#success build.status}}✔{{ else }}✘{{/success}} {{ uppercasefirst build.status }}: Build #{{ build.number }}* (type: `{{ build.event }}`)
Commit: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commit/{{ build.commit }}|{{ truncate build.commit 8 }}>
Branch: <https://github.com/{{ repo.owner }}/{{ repo.name }}/commits/{{ build.branch }}|{{ build.branch }}>
Author: <https://github.com/{{ build.author }}|{{ build.author }}>
<{{ build.link }}|Visit Drone build page ↗>
*Warning:* This is a genuine failure to build the Teleport binary from a branch (likely due to a bad merge or commit) and should be investigated immediately.
when:
status: [failure]
services:
- name: Start Docker
image: docker:dind
volumes:
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
---
kind: pipeline
type: kubernetes
name: test-docs-internal
trigger:
event:
include:
- pull_request
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
steps:
- name: Check out code
image: golang:1.14.4
volumes:
- name: tmpfs
path: /tmpfs
commands:
- mkdir -p /tmpfs/go/src/github.com/gravitational/teleport
- cd /tmpfs/go/src/github.com/gravitational/teleport
- git init && git remote add origin ${DRONE_REMOTE_URL}
- |
# handle pull requests
if [ "${DRONE_BUILD_EVENT}" = "pull_request" ]; then
git fetch origin +refs/heads/${DRONE_COMMIT_BRANCH}:
git checkout ${DRONE_COMMIT_BRANCH}
git fetch origin ${DRONE_COMMIT_REF}:
git merge ${DRONE_COMMIT}
# handle tags
elif [ "${DRONE_BUILD_EVENT}" = "tag" ]; then
git fetch origin +refs/tags/${DRONE_TAG}:
git checkout -qf FETCH_HEAD
# handle pushes/other events
else
if [ "${DRONE_COMMIT_BRANCH}" = "" ]; then
git fetch origin
git checkout -qf ${DRONE_COMMIT_SHA}
else
git fetch origin +refs/heads/${DRONE_COMMIT_BRANCH}:
git checkout ${DRONE_COMMIT} -b ${DRONE_COMMIT_BRANCH}
fi
fi
- name: Run docs tests (internal links only)
image: golang:1.14.4
volumes:
- name: tmpfs
path: /tmpfs
commands:
- |
cd /tmpfs/go/src/github.com/gravitational/teleport
git diff --raw ${DRONE_COMMIT}..origin/${DRONE_COMMIT_BRANCH:-master} | awk '{print $6}' | grep -E '^docs' | grep -v ^$ | cut -d/ -f2 | sort | uniq > /tmp/docs-versions-changed.txt
if [ $(stat --printf="%s" /tmp/docs-versions-changed.txt) -gt 0 ]; then
echo "---> Changes to docs detected, versions $(cat /tmp/docs-versions-changed.txt | tr '\n' ' ')"
# Check trailing whitespace
make docs-test-whitespace
# Check links
for VERSION in $(cat /tmp/docs-versions-changed.txt); do
if [ -f docs/$VERSION/milv.config.yaml ]; then
go get github.com/magicmatatjahu/milv
cd docs/$VERSION
echo "---> Running milv on docs/$VERSION:"
milv -ignore-external
echo "------------------------------\n"
cd -
else
echo "---> No milv config found, skipping docs/$VERSION"
fi
done
else echo "---> No changes to docs detected, not running tests"
fi
volumes:
- name: tmpfs
temp:
medium: memory
---
kind: pipeline
type: kubernetes
name: test-docs-external
trigger:
event:
include:
- pull_request
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
steps:
- name: Check out code
image: golang:1.14.4
volumes:
- name: tmpfs
path: /tmpfs
commands:
- mkdir -p /tmpfs/go/src/github.com/gravitational/teleport
- cd /tmpfs/go/src/github.com/gravitational/teleport
- git init && git remote add origin ${DRONE_REMOTE_URL}
- |
# handle pull requests
if [ "${DRONE_BUILD_EVENT}" = "pull_request" ]; then
git fetch origin +refs/heads/${DRONE_COMMIT_BRANCH}:
git checkout ${DRONE_COMMIT_BRANCH}
git fetch origin ${DRONE_COMMIT_REF}:
git merge ${DRONE_COMMIT}
# handle tags
elif [ "${DRONE_BUILD_EVENT}" = "tag" ]; then
git fetch origin +refs/tags/${DRONE_TAG}:
git checkout -qf FETCH_HEAD
# handle pushes/other events
else
if [ "${DRONE_COMMIT_BRANCH}" = "" ]; then
git fetch origin
git checkout -qf ${DRONE_COMMIT_SHA}
else
git fetch origin +refs/heads/${DRONE_COMMIT_BRANCH}:
git checkout ${DRONE_COMMIT} -b ${DRONE_COMMIT_BRANCH}
fi
fi
- name: Run docs tests (external links only)
image: golang:1.14.4
failure: ignore
volumes:
- name: tmpfs
path: /tmpfs
commands:
- |
cd /tmpfs/go/src/github.com/gravitational/teleport
git diff --raw ${DRONE_COMMIT}..origin/${DRONE_COMMIT_BRANCH:-master} | awk '{print $6}' | grep -E '^docs' | grep -v ^$ | cut -d/ -f2 | sort | uniq > /tmp/docs-versions-changed.txt
if [ $(stat --printf="%s" /tmp/docs-versions-changed.txt) -gt 0 ]; then
echo "---> Changes to docs detected, versions $(cat /tmp/docs-versions-changed.txt | tr '\n' ' ')"
# Check trailing whitespace
make docs-test-whitespace
# Check links
for VERSION in $(cat /tmp/docs-versions-changed.txt); do
if [ -f docs/$VERSION/milv.config.yaml ]; then
go get github.com/magicmatatjahu/milv
cd docs/$VERSION
echo "---> Running milv on docs/$VERSION:"
milv -ignore-internal
echo "------------------------------\n"
cd -
else
echo "---> No milv config found, skipping docs/$VERSION"
fi
done
else echo "---> No changes to docs detected, not running tests"
fi
volumes:
- name: tmpfs
temp:
medium: memory
---
kind: pipeline
type: kubernetes
name: teleport-docker-cron
trigger:
cron:
- teleport-docker-cron
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
steps:
- name: Set up variables and Dockerfile
image: docker:git
environment:
# increment these variables when a new major/minor version is released to bump the automatic builds
# this only needs to be done on the master branch, as that's the branch that the Drone cron is configured for
CURRENT_VERSION_ROOT: v4.4
PREVIOUS_VERSION_ONE_ROOT: v4.3
PREVIOUS_VERSION_TWO_ROOT: v4.2
commands:
- apk --update --no-cache add curl
- mkdir -p /go/build && cd /go/build
# CURRENT_VERSION
- echo $(git ls-remote --tags https://github.com/gravitational/teleport | cut -d'/' -f3 | grep $CURRENT_VERSION_ROOT | grep -Ev '(alpha|beta|dev|rc)' | sort -rV | head -n1) > /go/build/CURRENT_VERSION_TAG.txt
- echo "$(cat /go/build/CURRENT_VERSION_TAG.txt | cut -d. -f1-2 | cut -dv -f2)" > /go/build/CURRENT_VERSION_TAG_GENERIC.txt
# PREVIOUS_VERSION_ONE
- echo $(git ls-remote --tags https://github.com/gravitational/teleport | cut -d'/' -f3 | grep $PREVIOUS_VERSION_ONE_ROOT | grep -Ev '(alpha|beta|dev|rc)' | sort -rV | head -n1) > /go/build/PREVIOUS_VERSION_ONE_TAG.txt
- echo "$(cat /go/build/PREVIOUS_VERSION_ONE_TAG.txt | cut -d. -f1-2 | cut -dv -f2)" > /go/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt
# PREVIOUS_VERSION_TWO
- echo $(git ls-remote --tags https://github.com/gravitational/teleport | cut -d'/' -f3 | grep $PREVIOUS_VERSION_TWO_ROOT | grep -Ev '(alpha|beta|dev|rc)' | sort -rV | head -n1) > /go/build/PREVIOUS_VERSION_TWO_TAG.txt
- echo "$(cat /go/build/PREVIOUS_VERSION_TWO_TAG.txt | cut -d. -f1-2 | cut -dv -f2)" > /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt
- for FILE in /go/build/*.txt; do echo $FILE; cat $FILE; done
# get Dockerfiles
- curl -Ls -o /go/build/Dockerfile-cron https://raw.githubusercontent.com/gravitational/teleport/${DRONE_SOURCE_BRANCH:-master}/build.assets/Dockerfile-cron
# wait for Docker to be ready
- sleep 3
- name: Build and push Teleport containers (CURRENT_VERSION)
image: docker
environment:
OS: linux
ARCH: amd64
settings:
username:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
password:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
volumes:
- name: dockersock
path: /var/run
commands:
- export VERSION_TAG=$(cat /go/build/CURRENT_VERSION_TAG.txt)
- export OSS_IMAGE_NAME="quay.io/gravitational/teleport:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)"
- export ENT_IMAGE_NAME="quay.io/gravitational/teleport-ent:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)"
- export ENT_FIPS_IMAGE_NAME="quay.io/gravitational/teleport-ent:$(cat /go/build/CURRENT_VERSION_TAG_GENERIC.txt)-fips"
- docker login -u="$PLUGIN_USERNAME" -p="$PLUGIN_PASSWORD" quay.io
# OSS
- docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $OSS_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build
- docker push $OSS_IMAGE_NAME
# Enterprise
- docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build
- docker push $ENT_IMAGE_NAME
# Enterprise FIPS
- docker build --target teleport-fips --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg EXTRA_DOWNLOAD_ARGS="-fips" --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_FIPS_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build
- docker push $ENT_FIPS_IMAGE_NAME
- name: Build and push Teleport containers (PREVIOUS_VERSION_ONE)
image: docker
environment:
OS: linux
ARCH: amd64
settings:
username:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
password:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
volumes:
- name: dockersock
path: /var/run
commands:
- export VERSION_TAG=$(cat /go/build/PREVIOUS_VERSION_ONE_TAG.txt)
- export OSS_IMAGE_NAME="quay.io/gravitational/teleport:$(cat /go/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt)"
- export ENT_IMAGE_NAME="quay.io/gravitational/teleport-ent:$(cat /go/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt)"
- export ENT_FIPS_IMAGE_NAME="quay.io/gravitational/teleport-ent:$(cat /go/build/PREVIOUS_VERSION_ONE_TAG_GENERIC.txt)-fips"
- docker login -u="$PLUGIN_USERNAME" -p="$PLUGIN_PASSWORD" quay.io
# OSS
- docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $OSS_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build
- docker push $OSS_IMAGE_NAME
# Enterprise
- docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build
- docker push $ENT_IMAGE_NAME
# Enterprise FIPS
- docker build --target teleport-fips --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg EXTRA_DOWNLOAD_ARGS="-fips" --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_FIPS_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build
- docker push $ENT_FIPS_IMAGE_NAME
- name: Build and push Teleport containers (PREVIOUS_VERSION_TWO)
image: docker
environment:
OS: linux
ARCH: amd64
settings:
username:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
password:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
volumes:
- name: dockersock
path: /var/run
commands:
- export VERSION_TAG=$(cat /go/build/PREVIOUS_VERSION_TWO_TAG.txt)
- export OSS_IMAGE_NAME="quay.io/gravitational/teleport:$(cat /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt)"
- export ENT_IMAGE_NAME="quay.io/gravitational/teleport-ent:$(cat /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt)"
- export ENT_FIPS_IMAGE_NAME="quay.io/gravitational/teleport-ent:$(cat /go/build/PREVIOUS_VERSION_TWO_TAG_GENERIC.txt)-fips"
- docker login -u="$PLUGIN_USERNAME" -p="$PLUGIN_PASSWORD" quay.io
# OSS
- docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $OSS_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build
- docker push $OSS_IMAGE_NAME
# Enterprise
- docker build --target teleport --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build
- docker push $ENT_IMAGE_NAME
# Enterprise FIPS
- docker build --target teleport-fips --build-arg DOWNLOAD_TYPE=teleport-ent --build-arg EXTRA_DOWNLOAD_ARGS="-fips" --build-arg VERSION_TAG=$VERSION_TAG --build-arg OS=$OS --build-arg ARCH=$ARCH -t $ENT_FIPS_IMAGE_NAME -f /go/build/Dockerfile-cron /go/build
- docker push $ENT_FIPS_IMAGE_NAME
services:
- name: Start Docker
image: docker:dind
volumes:
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
---
kind: pipeline
type: kubernetes
name: teleport-helm-cron
trigger:
cron:
- teleport-helm-cron
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
steps:
- name: Check out code
image: alpine/git
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/teleport.git .
- git checkout ${DRONE_COMMIT}
- name: Package helm charts
image: alpine/helm:latest
commands:
- mkdir -p /go/chart
- cd /go/chart
- helm package /go/src/github.com/gravitational/teleport/examples/chart/*
- helm repo index /go/chart
- name: Upload to S3
image: plugins/s3
settings:
bucket:
from_secret: PRODUCTION_CHARTS_AWS_S3_BUCKET
access_key:
from_secret: PRODUCTION_CHARTS_AWS_ACCESS_KEY_ID
secret_key:
from_secret: PRODUCTION_CHARTS_AWS_SECRET_ACCESS_KEY
region: us-east-2
acl: public-read
source: /go/chart/*
target: /
strip_prefix: /go/chart
---
kind: pipeline
type: kubernetes
name: build-linux-amd64
environment:
RUNTIME: go1.15.5
trigger:
event:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
steps:
- name: Check out code
image: docker:git
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/teleport.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
# fetch enterprise submodules
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
# this is allowed to fail because pre-4.3 Teleport versions don't use the webassets submodule
- git submodule update --init --recursive webassets || true
- rm -f /root/.ssh/id_rsa
# create necessary directories
- mkdir -p /go/cache /go/artifacts/e
# set version
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
- name: Build release artifacts
image: docker
environment:
UID: 1000
GID: 1000
GOPATH: /go
OS: linux
ARCH: amd64
volumes:
- name: dockersock
path: /var/run
commands:
- apk add --no-cache make
- chown -R $UID:$GID /go
- docker pull quay.io/gravitational/teleport-buildbox:$RUNTIME || true
- cd /go/src/github.com/gravitational/teleport
- make -C build.assets release OS=$OS ARCH=$ARCH RUNTIME=$RUNTIME
- name: Copy artifacts
image: docker
commands:
- cd /go/src/github.com/gravitational/teleport
# copy release archives to artifact directory
- find . -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts \;
- find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts/e \;
# rename artifact
- export VERSION=$(cat /go/.version.txt)
- mv /go/artifacts/e/teleport-v$${VERSION}-linux-amd64-bin.tar.gz /go/artifacts/teleport-ent-v$${VERSION}-linux-amd64-bin.tar.gz
# generate checksums
- cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256; done && ls -l
- name: Upload to S3
image: plugins/s3
settings:
bucket:
from_secret: AWS_S3_BUCKET
access_key:
from_secret: AWS_ACCESS_KEY_ID
secret_key:
from_secret: AWS_SECRET_ACCESS_KEY
region: us-west-2
source: /go/artifacts/*
target: teleport/tag/${DRONE_TAG##v}
strip_prefix: /go/artifacts/
services:
- name: Start Docker
image: docker:dind
volumes:
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
---
kind: pipeline
type: kubernetes
name: build-linux-amd64-fips
environment:
RUNTIME: go1.15.5
trigger:
event:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
steps:
- name: Check out code
image: docker:git
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/teleport.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
# fetch enterprise submodules
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
# this is allowed to fail because pre-4.3 Teleport versions don't use the webassets submodule
- git submodule update --init --recursive webassets || true
- rm -f /root/.ssh/id_rsa
# create necessary directories
- mkdir -p /go/cache /go/artifacts
# set version
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
- name: Build FIPS release artifacts
image: docker
environment:
UID: 1000
GID: 1000
GOPATH: /go
OS: linux
ARCH: amd64
FIPS: "yes"
volumes:
- name: dockersock
path: /var/run
commands:
- apk add --no-cache make
- chown -R $UID:$GID /go
- docker pull quay.io/gravitational/teleport-buildbox-fips:$RUNTIME || true
- cd /go/src/github.com/gravitational/teleport
- export VERSION=$(cat /go/.version.txt)
- make -C build.assets release-fips VERSION=$VERSION OS=$OS ARCH=$ARCH RUNTIME=$RUNTIME FIPS=$FIPS
- name: Copy FIPS artifacts
image: docker
commands:
- cd /go/src/github.com/gravitational/teleport
# copy release archives to artifact directory
- find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts \;
# rename artifact
- export VERSION=$(cat /go/.version.txt)
- mv /go/artifacts/teleport-ent-v$${VERSION}-linux-amd64-bin.tar.gz /go/artifacts/teleport-ent-v$${VERSION}-linux-amd64-fips-bin.tar.gz
# generate checksums
- cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256; done && ls -l
- name: Upload to S3
image: plugins/s3
settings:
bucket:
from_secret: AWS_S3_BUCKET
access_key:
from_secret: AWS_ACCESS_KEY_ID
secret_key:
from_secret: AWS_SECRET_ACCESS_KEY
region: us-west-2
source: /go/artifacts/*
target: teleport/tag/${DRONE_TAG##v}
strip_prefix: /go/artifacts/
services:
- name: Start Docker
image: docker:dind
volumes:
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
---
kind: pipeline
type: kubernetes
name: build-linux-amd64-centos6
environment:
RUNTIME: go1.15.5
trigger:
event:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
steps:
- name: Check out code
image: docker:git
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/teleport.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
# fetch enterprise submodules
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
# this is allowed to fail because pre-4.3 Teleport versions don't use the webassets submodule
- git submodule update --init --recursive webassets || true
- rm -f /root/.ssh/id_rsa
# create necessary directories
- mkdir -p /go/cache /go/artifacts/e
# set version
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
- name: Build CentOS 6 release artifacts
image: docker
environment:
UID: 1000
GID: 1000
GOPATH: /go
OS: linux
ARCH: amd64
volumes:
- name: dockersock
path: /var/run
commands:
- apk add --no-cache make
- chown -R $UID:$GID /go
- docker pull quay.io/gravitational/teleport-buildbox-centos6:$RUNTIME || true
- cd /go/src/github.com/gravitational/teleport
- make -C build.assets release-centos6 OS=$OS ARCH=$ARCH RUNTIME=$RUNTIME
- name: Copy CentOS 6 artifacts
image: docker
commands:
- cd /go/src/github.com/gravitational/teleport
# copy release archives to artifact directory
- find . -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts \;
- find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts/e \;
# rename artifacts
- export VERSION=$(cat /go/.version.txt)
- mv /go/artifacts/teleport-v$${VERSION}-linux-amd64-bin.tar.gz /go/artifacts/teleport-v$${VERSION}-linux-amd64-centos6-bin.tar.gz
- mv /go/artifacts/e/teleport-v$${VERSION}-linux-amd64-bin.tar.gz /go/artifacts/teleport-ent-v$${VERSION}-linux-amd64-centos6-bin.tar.gz
# generate checksums
- cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256; done && ls -l
- name: Upload to S3
image: plugins/s3
settings:
bucket:
from_secret: AWS_S3_BUCKET
access_key:
from_secret: AWS_ACCESS_KEY_ID
secret_key:
from_secret: AWS_SECRET_ACCESS_KEY
region: us-west-2
source: /go/artifacts/*
target: teleport/tag/${DRONE_TAG##v}
strip_prefix: /go/artifacts/
services:
- name: Start Docker
image: docker:dind
volumes:
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
---
kind: pipeline
type: kubernetes
name: build-linux-amd64-centos6-fips
environment:
RUNTIME: go1.15.5
trigger:
event:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
steps:
- name: Check out code
image: docker:git
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/teleport.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
# fetch enterprise submodules
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
# this is allowed to fail because pre-4.3 Teleport versions don't use the webassets submodule
- git submodule update --init --recursive webassets || true
- rm -f /root/.ssh/id_rsa
# create necessary directories
- mkdir -p /go/cache /go/artifacts
# set version
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
- name: Build CentOS 6 FIPS release artifacts
image: docker
environment:
UID: 1000
GID: 1000
GOPATH: /go
OS: linux
ARCH: amd64
FIPS: "yes"
volumes:
- name: dockersock
path: /var/run
commands:
- apk add --no-cache make
- chown -R $UID:$GID /go
- docker pull quay.io/gravitational/teleport-buildbox-centos6-fips:$RUNTIME || true
- cd /go/src/github.com/gravitational/teleport
- make -C build.assets release-centos6-fips OS=$OS ARCH=$ARCH RUNTIME=$RUNTIME FIPS=$FIPS
- name: Copy CentOS 6 FIPS artifacts
image: docker
commands:
- cd /go/src/github.com/gravitational/teleport
# copy release archives to artifact directory
- find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts \;
# rename artifact
- export VERSION=$(cat /go/.version.txt)
- mv /go/artifacts/teleport-v$${VERSION}-linux-amd64-bin.tar.gz /go/artifacts/teleport-ent-v$${VERSION}-linux-amd64-centos6-fips-bin.tar.gz
# generate checksums
- cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256; done && ls -l
- name: Upload to S3
image: plugins/s3
settings:
bucket:
from_secret: AWS_S3_BUCKET
access_key:
from_secret: AWS_ACCESS_KEY_ID
secret_key:
from_secret: AWS_SECRET_ACCESS_KEY
region: us-west-2
source: /go/artifacts/*
target: teleport/tag/${DRONE_TAG##v}
strip_prefix: /go/artifacts/
services:
- name: Start Docker
image: docker:dind
volumes:
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
---
kind: pipeline
type: kubernetes
name: build-linux-amd64-rpm
trigger:
event:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
depends_on:
- build-linux-amd64
workspace:
path: /go
clone:
disable: true
steps:
- name: Check out code
image: docker:git
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/teleport.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
# fetch enterprise submodules
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
# this is allowed to fail because pre-4.3 Teleport versions don't use the webassets submodule
- git submodule update --init --recursive webassets || true
- rm -f /root/.ssh/id_rsa
# create necessary directories
- mkdir -p /go/cache /go/artifacts
# set version
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
- name: Download built tarball artifacts from S3
image: amazon/aws-cli
environment:
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
AWS_REGION: us-west-2
commands:
- export VERSION=$(cat /go/.version.txt)
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else export S3_PATH="tag/"; fi
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-amd64-bin.tar.gz /go/artifacts/
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-bin.tar.gz /go/artifacts/
- name: Build RPM artifacts
image: docker
environment:
ARCH: amd64
TMPDIR: /go
OSS_TARBALL_PATH: /go/artifacts
ENT_TARBALL_PATH: /go/artifacts
GNUPG_DIR: /tmpfs/gnupg
GPG_RPM_SIGNING_ARCHIVE:
from_secret: GPG_RPM_SIGNING_ARCHIVE
volumes:
- name: dockersock
path: /var/run
- name: tmpfs
path: /tmpfs
commands:
- apk add --no-cache bash curl gzip make tar
- cd /go/src/github.com/gravitational/teleport
- export VERSION=$(cat /go/.version.txt)
- mkdir -m0700 $GNUPG_DIR
- echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPG_DIR
- chown -R root:root $GNUPG_DIR
- make rpm
- rm -rf $GNUPG_DIR
- name: Copy RPM artifacts
image: docker
commands:
- cd /go/src/github.com/gravitational/teleport
# copy release archives (and checksums) to artifact directory
- find build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts \;
- find e/build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts \;
- name: Upload to S3
image: plugins/s3
settings:
bucket:
from_secret: AWS_S3_BUCKET
access_key:
from_secret: AWS_ACCESS_KEY_ID
secret_key:
from_secret: AWS_SECRET_ACCESS_KEY
region: us-west-2
source: /go/artifacts/*
target: teleport/tag/${DRONE_TAG##v}
strip_prefix: /go/artifacts/
services:
- name: Start Docker
image: docker:dind
volumes:
- name: dockersock
path: /var/run
- name: tmpfs
path: /tmpfs
volumes:
- name: dockersock
temp: {}
- name: tmpfs
temp:
medium: memory
---
kind: pipeline
type: kubernetes
name: build-linux-amd64-fips-rpm
trigger:
event:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
depends_on:
- build-linux-amd64-fips
workspace:
path: /go
clone:
disable: true
steps:
- name: Check out code
image: docker:git
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/teleport.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
# fetch enterprise submodules
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
# this is allowed to fail because pre-4.3 Teleport versions don't use the webassets submodule
- git submodule update --init --recursive webassets || true
- rm -f /root/.ssh/id_rsa
# create necessary directories
- mkdir -p /go/cache /go/artifacts
# set version
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
- name: Download built tarball artifacts from S3
image: amazon/aws-cli
environment:
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
AWS_REGION: us-west-2
commands:
- export VERSION=$(cat /go/.version.txt)
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else export S3_PATH="tag/"; fi
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-fips-bin.tar.gz /go/artifacts/
- name: Build FIPS RPM artifacts
image: docker
environment:
ARCH: amd64
FIPS: "yes"
# weird quirk of FIPS package builds
RUNTIME: fips
TMPDIR: /go
ENT_TARBALL_PATH: /go/artifacts
GNUPG_DIR: /tmpfs/gnupg
GPG_RPM_SIGNING_ARCHIVE:
from_secret: GPG_RPM_SIGNING_ARCHIVE
volumes:
- name: dockersock
path: /var/run
- name: tmpfs
path: /tmpfs
commands:
- apk add --no-cache bash curl gzip make tar
- cd /go/src/github.com/gravitational/teleport
- export VERSION=$(cat /go/.version.txt)
- mkdir -m0700 $GNUPG_DIR
- echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPG_DIR
- chown -R root:root $GNUPG_DIR
# build enterprise only
- make -C e rpm
- rm -rf $GNUPG_DIR
- name: Copy FIPS RPM artifacts
image: docker
commands:
- cd /go/src/github.com/gravitational/teleport
# copy release archives (and checksums) to artifact directory
- find e/build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts \;
- name: Upload to S3
image: plugins/s3
settings:
bucket:
from_secret: AWS_S3_BUCKET
access_key:
from_secret: AWS_ACCESS_KEY_ID
secret_key:
from_secret: AWS_SECRET_ACCESS_KEY
region: us-west-2
source: /go/artifacts/*
target: teleport/tag/${DRONE_TAG##v}
strip_prefix: /go/artifacts/
services:
- name: Start Docker
image: docker:dind
volumes:
- name: dockersock
path: /var/run
- name: tmpfs
path: /tmpfs
volumes:
- name: dockersock
temp: {}
- name: tmpfs
temp:
medium: memory
---
kind: pipeline
type: kubernetes
name: build-linux-amd64-deb
trigger:
event:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
depends_on:
- build-linux-amd64
workspace:
path: /go
clone:
disable: true
steps:
- name: Check out code
image: docker:git
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/teleport.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
# fetch enterprise submodules
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
# this is allowed to fail because pre-4.3 Teleport versions don't use the webassets submodule
- git submodule update --init --recursive webassets || true
- rm -f /root/.ssh/id_rsa
# create necessary directories
- mkdir -p /go/cache /go/artifacts
# set version
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
- name: Download built tarball artifacts from S3
image: amazon/aws-cli
environment:
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
AWS_REGION: us-west-2
commands:
- export VERSION=$(cat /go/.version.txt)
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else export S3_PATH="tag/"; fi
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-amd64-bin.tar.gz /go/artifacts/
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-bin.tar.gz /go/artifacts/
- name: Build DEB artifacts
image: docker
environment:
ARCH: amd64
TMPDIR: /go
OSS_TARBALL_PATH: /go/artifacts
ENT_TARBALL_PATH: /go/artifacts
volumes:
- name: dockersock
path: /var/run
commands:
- apk add --no-cache bash curl make tar
- cd /go/src/github.com/gravitational/teleport
- export VERSION=$(cat /go/.version.txt)
- make deb
- name: Copy DEB artifacts
image: docker
commands:
- cd /go/src/github.com/gravitational/teleport
# copy release archives (and checksums) to artifact directory
- find build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts \;
- find e/build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts \;
- name: Upload to S3
image: plugins/s3
settings:
bucket:
from_secret: AWS_S3_BUCKET
access_key:
from_secret: AWS_ACCESS_KEY_ID
secret_key:
from_secret: AWS_SECRET_ACCESS_KEY
region: us-west-2
source: /go/artifacts/*
target: teleport/tag/${DRONE_TAG##v}
strip_prefix: /go/artifacts/
services:
- name: Start Docker
image: docker:dind
volumes:
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
---
kind: pipeline
type: kubernetes
name: build-linux-amd64-fips-deb
trigger:
event:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
depends_on:
- build-linux-amd64-fips
workspace:
path: /go
clone:
disable: true
steps:
- name: Check out code
image: docker:git
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/teleport.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
# fetch enterprise submodules
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
# this is allowed to fail because pre-4.3 Teleport versions don't use the webassets submodule
- git submodule update --init --recursive webassets || true
- rm -f /root/.ssh/id_rsa
# create necessary directories
- mkdir -p /go/cache /go/artifacts
# set version
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
- name: Download built tarball artifacts from S3
image: amazon/aws-cli
environment:
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
AWS_REGION: us-west-2
commands:
- export VERSION=$(cat /go/.version.txt)
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else export S3_PATH="tag/"; fi
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-fips-bin.tar.gz /go/artifacts/
- name: Build FIPS DEB artifacts
image: docker
environment:
ARCH: amd64
FIPS: "yes"
# weird quirk with FIPS package builds
RUNTIME: "fips"
TMPDIR: /go
ENT_TARBALL_PATH: /go/artifacts
volumes:
- name: dockersock
path: /var/run
commands:
- apk add --no-cache bash curl make tar
- cd /go/src/github.com/gravitational/teleport
- export VERSION=$(cat /go/.version.txt)
# build enterprise only
- make -C e deb
- name: Copy FIPS DEB artifacts
image: docker
commands:
- cd /go/src/github.com/gravitational/teleport
# copy release archives (and checksums) to artifact directory
- find e/build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts \;
- ls -l /go/artifacts
- name: Upload to S3
image: plugins/s3
settings:
bucket:
from_secret: AWS_S3_BUCKET
access_key:
from_secret: AWS_ACCESS_KEY_ID
secret_key:
from_secret: AWS_SECRET_ACCESS_KEY
region: us-west-2
source: /go/artifacts/*
target: teleport/tag/${DRONE_TAG##v}
strip_prefix: /go/artifacts/
services:
- name: Start Docker
image: docker:dind
volumes:
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
---
kind: pipeline
type: kubernetes
name: build-linux-i386
environment:
RUNTIME: go1.15.5
trigger:
event:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
steps:
- name: Check out code
image: docker:git
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/teleport.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
# fetch enterprise submodules
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
# this is allowed to fail because pre-4.3 Teleport versions don't use the webassets submodule
- git submodule update --init --recursive webassets || true
- rm -f /root/.ssh/id_rsa
# create necessary directories
- mkdir -p /go/cache /go/artifacts/e
# set version
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
- name: Build i386 release artifacts
image: docker
environment:
UID: 1000
GID: 1000
GOPATH: /go
OS: linux
ARCH: "386"
volumes:
- name: dockersock
path: /var/run
commands:
- apk add --no-cache make
- chown -R $UID:$GID /go
- docker pull quay.io/gravitational/teleport-buildbox:$RUNTIME || true
- cd /go/src/github.com/gravitational/teleport
- make -C build.assets release OS=$OS ARCH=$ARCH RUNTIME=$RUNTIME
- name: Copy artifacts
image: docker
commands:
- cd /go/src/github.com/gravitational/teleport
# copy release archives to artifact directory
- find . -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts \;
- find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts/e \;
# rename artifacts
- export VERSION=$(cat /go/.version.txt)
- mv /go/artifacts/e/teleport-v$${VERSION}-linux-386-bin.tar.gz /go/artifacts/teleport-ent-v$${VERSION}-linux-386-bin.tar.gz
# generate checksums
- cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256; done && ls -l
- name: Upload to S3
image: plugins/s3
settings:
bucket:
from_secret: AWS_S3_BUCKET
access_key:
from_secret: AWS_ACCESS_KEY_ID
secret_key:
from_secret: AWS_SECRET_ACCESS_KEY
region: us-west-2
source: /go/artifacts/*
target: teleport/tag/${DRONE_TAG##v}
strip_prefix: /go/artifacts/
services:
- name: Start Docker
image: docker:dind
volumes:
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
---
kind: pipeline
type: kubernetes
name: build-linux-i386-rpm
trigger:
event:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
depends_on:
- build-linux-i386
workspace:
path: /go
clone:
disable: true
steps:
- name: Check out code
image: docker:git
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/teleport.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
# fetch enterprise submodules
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
# this is allowed to fail because pre-4.3 Teleport versions don't use the webassets submodule
- git submodule update --init --recursive webassets || true
- rm -f /root/.ssh/id_rsa
# create necessary directories
- mkdir -p /go/cache /go/artifacts
# set version
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
- name: Download built tarball artifacts from S3
image: amazon/aws-cli
environment:
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
AWS_REGION: us-west-2
commands:
- export VERSION=$(cat /go/.version.txt)
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else export S3_PATH="tag/"; fi
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-386-bin.tar.gz /go/artifacts/
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-386-bin.tar.gz /go/artifacts/
- name: Build i386 RPM artifacts
image: docker
environment:
ARCH: "386"
TMPDIR: /go
OSS_TARBALL_PATH: /go/artifacts
ENT_TARBALL_PATH: /go/artifacts
GNUPG_DIR: /tmpfs/gnupg
GPG_RPM_SIGNING_ARCHIVE:
from_secret: GPG_RPM_SIGNING_ARCHIVE
volumes:
- name: dockersock
path: /var/run
- name: tmpfs
path: /tmpfs
commands:
- apk add --no-cache bash curl gzip make tar
- cd /go/src/github.com/gravitational/teleport
- export VERSION=$(cat /go/.version.txt)
- mkdir -m0700 $GNUPG_DIR
- echo "$GPG_RPM_SIGNING_ARCHIVE" | base64 -d | tar -xzf - -C $GNUPG_DIR
- chown -R root:root $GNUPG_DIR
- make rpm
- rm -rf $GNUPG_DIR
- name: Copy i386 RPM artifacts
image: docker
commands:
- cd /go/src/github.com/gravitational/teleport
# copy release archives (and checksums) to artifact directory
- find build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts \;
- find e/build -maxdepth 1 -iname "teleport*.rpm*" -print -exec cp {} /go/artifacts \;
- name: Upload to S3
image: plugins/s3
settings:
bucket:
from_secret: AWS_S3_BUCKET
access_key:
from_secret: AWS_ACCESS_KEY_ID
secret_key:
from_secret: AWS_SECRET_ACCESS_KEY
region: us-west-2
source: /go/artifacts/*
target: teleport/tag/${DRONE_TAG##v}
strip_prefix: /go/artifacts/
services:
- name: Start Docker
image: docker:dind
volumes:
- name: dockersock
path: /var/run
- name: tmpfs
path: /tmpfs
volumes:
- name: dockersock
temp: {}
- name: tmpfs
temp:
medium: memory
---
kind: pipeline
type: kubernetes
name: build-linux-i386-deb
trigger:
event:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
depends_on:
- build-linux-i386
workspace:
path: /go
clone:
disable: true
steps:
- name: Check out code
image: docker:git
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/teleport.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
# fetch enterprise submodules
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
# this is allowed to fail because pre-4.3 Teleport versions don't use the webassets submodule
- git submodule update --init --recursive webassets || true
- rm -f /root/.ssh/id_rsa
# create necessary directories
- mkdir -p /go/cache /go/artifacts
# set version
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
- name: Download built tarball artifacts from S3
image: amazon/aws-cli
environment:
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
AWS_REGION: us-west-2
commands:
- export VERSION=$(cat /go/.version.txt)
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else export S3_PATH="tag/"; fi
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-386-bin.tar.gz /go/artifacts/
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-386-bin.tar.gz /go/artifacts/
- name: Build i386 DEB artifacts
image: docker
environment:
ARCH: "386"
TMPDIR: /go
OSS_TARBALL_PATH: /go/artifacts
ENT_TARBALL_PATH: /go/artifacts
volumes:
- name: dockersock
path: /var/run
commands:
- apk add --no-cache bash curl make tar
- cd /go/src/github.com/gravitational/teleport
- export VERSION=$(cat /go/.version.txt)
- make deb
- name: Copy i386 DEB artifacts
image: docker
commands:
- cd /go/src/github.com/gravitational/teleport
# copy release archives (and checksums) to artifact directory
- find build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts \;
- find e/build -maxdepth 1 -iname "teleport*.deb*" -print -exec cp {} /go/artifacts \;
- name: Upload to S3
image: plugins/s3
settings:
bucket:
from_secret: AWS_S3_BUCKET
access_key:
from_secret: AWS_ACCESS_KEY_ID
secret_key:
from_secret: AWS_SECRET_ACCESS_KEY
region: us-west-2
source: /go/artifacts/*
target: teleport/tag/${DRONE_TAG##v}
strip_prefix: /go/artifacts/
services:
- name: Start Docker
image: docker:dind
volumes:
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
---
kind: pipeline
type: exec
name: build-darwin-amd64
concurrency:
limit: 1
platform:
os: darwin
arch: amd64
trigger:
event:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /tmp/build-darwin-amd64
clone:
disable: true
steps:
- name: Set up exec runner storage
commands:
- mkdir -p /tmp/build-darwin-amd64
- chmod -R u+rw /tmp/build-darwin-amd64
- rm -rf /tmp/build-darwin-amd64/go
- name: Check out code
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
commands:
- mkdir -p /tmp/build-darwin-amd64/go/src/github.com/gravitational/teleport
- cd /tmp/build-darwin-amd64/go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/teleport.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
# fetch enterprise submodules
- mkdir -m 0700 ~/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > ~/.ssh/id_rsa && chmod 600 ~/.ssh/id_rsa
- ssh-keyscan -H github.com > ~/.ssh/known_hosts 2>/dev/null && chmod 600 ~/.ssh/known_hosts
- git submodule update --init e
# this is allowed to fail because pre-4.3 Teleport versions don't use the webassets submodule
- git submodule update --init --recursive webassets || true
- rm -f ~/.ssh/id_rsa
- mkdir -p /tmp/build-darwin-amd64/go/artifacts /tmp/build-darwin-amd64/go/cache
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /tmp/build-darwin-amd64/go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /tmp/build-darwin-amd64/go/.version.txt; fi; cat /tmp/build-darwin-amd64/go/.version.txt
- name: Build Mac release artifacts
environment:
GOPATH: /tmp/build-darwin-amd64/go
GOCACHE: /tmp/build-darwin-amd64/go/cache
OS: darwin
ARCH: amd64
commands:
- cd /tmp/build-darwin-amd64/go/src/github.com/gravitational/teleport
- make clean release OS=$OS ARCH=$ARCH RUNTIME=$RUNTIME
- name: Copy Mac artifacts
commands:
- cd /tmp/build-darwin-amd64/go/src/github.com/gravitational/teleport
# copy release archives to artifact directory
- cp teleport*.tar.gz /tmp/build-darwin-amd64/go/artifacts
- cp e/teleport-ent*.tar.gz /tmp/build-darwin-amd64/go/artifacts
# generate checksums (for mac)
- cd /tmp/build-darwin-amd64/go/artifacts && for FILE in teleport*.tar.gz; do shasum -a 256 $FILE > $FILE.sha256; done && ls -l
- name: Upload to S3
environment:
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
AWS_REGION: us-west-2
commands:
- cd /tmp/build-darwin-amd64/go/artifacts
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
- name: Clean up exec runner storage (post)
commands:
- chmod -R u+rw /tmp/build-darwin-amd64
- rm -rf /tmp/build-darwin-amd64/go
---
kind: pipeline
type: exec
name: build-darwin-amd64-pkg
concurrency:
limit: 1
platform:
os: darwin
arch: amd64
trigger:
event:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
depends_on:
- build-darwin-amd64
workspace:
path: /tmp/build-darwin-amd64-pkg
clone:
disable: true
steps:
- name: Set up exec runner storage
commands:
- mkdir -p /tmp/build-darwin-amd64-pkg
- chmod -R u+rw /tmp/build-darwin-amd64-pkg
- rm -rf /tmp/build-darwin-amd64-pkg/go
- name: Check out code
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
commands:
- mkdir -p /tmp/build-darwin-amd64-pkg/go/src/github.com/gravitational/teleport
- cd /tmp/build-darwin-amd64-pkg/go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/teleport.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
# fetch enterprise submodules
- mkdir -m 0700 ~/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > ~/.ssh/id_rsa && chmod 600 ~/.ssh/id_rsa
- ssh-keyscan -H github.com > ~/.ssh/known_hosts 2>/dev/null && chmod 600 ~/.ssh/known_hosts
- git submodule update --init e
# this is allowed to fail because pre-4.3 Teleport versions don't use the webassets submodule
- git submodule update --init --recursive webassets || true
- rm -f ~/.ssh/id_rsa
- mkdir -p /tmp/build-darwin-amd64-pkg/go/artifacts /tmp/build-darwin-amd64-pkg/go/cache
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /tmp/build-darwin-amd64-pkg/go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /tmp/build-darwin-amd64-pkg/go/.version.txt; fi; cat /tmp/build-darwin-amd64-pkg/go/.version.txt
- name: Download built tarball artifacts from S3
environment:
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
AWS_REGION: us-west-2
commands:
- export VERSION=$(cat /tmp/build-darwin-amd64-pkg/go/.version.txt)
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else export S3_PATH="tag/"; fi
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-darwin-amd64-bin.tar.gz /tmp/build-darwin-amd64-pkg/go/artifacts/
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-darwin-amd64-bin.tar.gz /tmp/build-darwin-amd64-pkg/go/artifacts/
- name: Build Mac pkg release artifacts
environment:
OS: darwin
ARCH: amd64
OSS_TARBALL_PATH: /tmp/build-darwin-amd64-pkg/go/artifacts
ENT_TARBALL_PATH: /tmp/build-darwin-amd64-pkg/go/artifacts
commands:
- cd /tmp/build-darwin-amd64-pkg/go/src/github.com/gravitational/teleport
- export VERSION=$(cat /tmp/build-darwin-amd64-pkg/go/.version.txt)
- make pkg OS=$OS ARCH=$ARCH
- name: Copy Mac pkg artifacts
commands:
- cd /tmp/build-darwin-amd64-pkg/go/src/github.com/gravitational/teleport
# delete temporary tarball artifacts so we don't re-upload them in the next stage
- rm -rf /tmp/build-darwin-amd64-pkg/go/artifacts/*.tar.gz
# copy release archives to artifact directory
- cp build/teleport*.pkg /tmp/build-darwin-amd64-pkg/go/artifacts
- cp e/build/teleport-ent*.pkg /tmp/build-darwin-amd64-pkg/go/artifacts
# generate checksums (for mac)
- cd /tmp/build-darwin-amd64-pkg/go/artifacts && for FILE in teleport*.pkg; do shasum -a 256 $FILE > $FILE.sha256; done && ls -l
- name: Upload to S3
environment:
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
AWS_REGION: us-west-2
commands:
- cd /tmp/build-darwin-amd64-pkg/go/artifacts
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
- name: Clean up exec runner storage
commands:
- chmod -R u+rw /tmp/build-darwin-amd64-pkg
- rm -rf /tmp/build-darwin-amd64-pkg/go
---
kind: pipeline
type: exec
name: build-darwin-amd64-pkg-tsh
concurrency:
limit: 1
platform:
os: darwin
arch: amd64
trigger:
event:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
depends_on:
- build-darwin-amd64
workspace:
path: /tmp/build-darwin-amd64-pkg-tsh
clone:
disable: true
steps:
- name: Set up exec runner storage
commands:
- mkdir -p /tmp/build-darwin-amd64-pkg-tsh
- chmod -R u+rw /tmp/build-darwin-amd64-pkg-tsh
- rm -rf /tmp/build-darwin-amd64-pkg-tsh/go
- name: Check out code
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
commands:
- mkdir -p /tmp/build-darwin-amd64-pkg-tsh/go/src/github.com/gravitational/teleport
- cd /tmp/build-darwin-amd64-pkg-tsh/go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/teleport.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
# fetch enterprise submodules
- mkdir -m 0700 ~/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > ~/.ssh/id_rsa && chmod 600 ~/.ssh/id_rsa
- ssh-keyscan -H github.com > ~/.ssh/known_hosts 2>/dev/null && chmod 600 ~/.ssh/known_hosts
- git submodule update --init e
# this is allowed to fail because pre-4.3 Teleport versions don't use the webassets submodule
- git submodule update --init --recursive webassets || true
- rm -f ~/.ssh/id_rsa
- mkdir -p /tmp/build-darwin-amd64-pkg-tsh/go/artifacts /tmp/build-darwin-amd64-pkg-tsh/go/cache
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /tmp/build-darwin-amd64-pkg-tsh/go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /tmp/build-darwin-amd64-pkg-tsh/go/.version.txt; fi; cat /tmp/build-darwin-amd64-pkg-tsh/go/.version.txt
- name: Download built tarball artifact from S3
environment:
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
AWS_REGION: us-west-2
commands:
- export VERSION=$(cat /tmp/build-darwin-amd64-pkg-tsh/go/.version.txt)
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else export S3_PATH="tag/"; fi
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-darwin-amd64-bin.tar.gz /tmp/build-darwin-amd64-pkg-tsh/go/artifacts/
- name: Build Mac tsh pkg release artifacts
environment:
OS: darwin
ARCH: amd64
APPLE_USERNAME:
from_secret: APPLE_USERNAME
APPLE_PASSWORD:
from_secret: APPLE_PASSWORD
BUILDBOX_PASSWORD:
from_secret: BUILDBOX_PASSWORD
OSS_TARBALL_PATH: /tmp/build-darwin-amd64-pkg-tsh/go/artifacts
commands:
- cd /tmp/build-darwin-amd64-pkg-tsh/go/src/github.com/gravitational/teleport
- export VERSION=$(cat /tmp/build-darwin-amd64-pkg-tsh/go/.version.txt)
# set HOME explicitly (as Drone overrides it normally)
- export HOME=/Users/build
# unlock login keychain
- security unlock-keychain -p $${BUILDBOX_PASSWORD} login.keychain
# show available certificates
- security find-identity -v
# build pkg
- make pkg-tsh OS=$OS ARCH=$ARCH
- name: Copy Mac tsh pkg artifacts
commands:
- cd /tmp/build-darwin-amd64-pkg-tsh/go/src/github.com/gravitational/teleport
# delete temporary tarball artifacts so we don't re-upload them in the next stage
- rm -rf /tmp/build-darwin-amd64-pkg-tsh/go/artifacts/*.tar.gz
# copy release archives to artifact directory
- cp build/tsh*.pkg /tmp/build-darwin-amd64-pkg-tsh/go/artifacts
# generate checksums (for mac)
- cd /tmp/build-darwin-amd64-pkg-tsh/go/artifacts && for FILE in tsh*.pkg; do shasum -a 256 $FILE > $FILE.sha256; done && ls -l
- name: Upload to S3
environment:
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
AWS_REGION: us-west-2
commands:
- cd /tmp/build-darwin-amd64-pkg-tsh/go/artifacts
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
- name: Clean up exec runner storage
commands:
- chmod -R u+rw /tmp/build-darwin-amd64-pkg-tsh
- rm -rf /tmp/build-darwin-amd64-pkg-tsh/go
---
kind: pipeline
type: exec
name: build-arm
concurrency:
limit: 1
platform:
os: linux
arch: arm
# use ramfs for go build cache
# saves wear and tear on the SD card, plus it's faster
environment:
TMPDIR: /dev/shm
trigger:
event:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /dev/shm/tmp
clone:
disable: true
steps:
- name: Clean up exec runner storage (pre)
commands:
- chmod -R u+rw /dev/shm/tmp
- rm -rf /dev/shm/tmp/go
- name: Check out code
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
commands:
- mkdir -p /dev/shm/tmp/go/src/github.com/gravitational/teleport
- cd /dev/shm/tmp/go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/teleport.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
# fetch enterprise submodules
- mkdir -m 0700 ~/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > ~/.ssh/id_rsa && chmod 600 ~/.ssh/id_rsa
- ssh-keyscan -H github.com > ~/.ssh/known_hosts 2>/dev/null && chmod 600 ~/.ssh/known_hosts
- git submodule update --init e
# this is allowed to fail because pre-4.3 Teleport versions don't use the webassets submodule
- git submodule update --init --recursive webassets || true
- rm -f ~/.ssh/id_rsa
- mkdir -p /dev/shm/tmp/go/artifacts /dev/shm/tmp/go/cache
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /dev/shm/tmp/go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /dev/shm/tmp/go/.version.txt; fi; cat /dev/shm/tmp/go/.version.txt
- name: Build ARM release artifacts
environment:
GOPATH: /dev/shm/tmp/go
GOCACHE: /dev/shm/tmp/go/cache
OS: linux
ARCH: arm
commands:
- cd /dev/shm/tmp/go/src/github.com/gravitational/teleport
- make clean release OS=$OS ARCH=$ARCH RUNTIME=$RUNTIME
- name: Copy ARM artifacts
commands:
- cd /dev/shm/tmp/go/src/github.com/gravitational/teleport
# copy release archives to artifact directory
- cp teleport*.tar.gz /dev/shm/tmp/go/artifacts
- cp e/teleport-ent*.tar.gz /dev/shm/tmp/go/artifacts
# generate checksums
- cd /dev/shm/tmp/go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256; done && ls -l
- name: Upload to S3
environment:
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
AWS_REGION: us-west-2
commands:
- cd /dev/shm/tmp/go/artifacts
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
- name: Clean up exec runner storage (post)
commands:
- chmod -R u+rw /dev/shm/tmp
- rm -rf /dev/shm/tmp/go
---
kind: pipeline
type: exec
name: build-arm64
concurrency:
limit: 1
platform:
os: linux
arch: arm64
# use ramfs for go build cache
environment:
TMPDIR: /dev/shm
trigger:
event:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /dev/shm/tmp
clone:
disable: true
steps:
- name: Clean up exec runner storage (pre)
commands:
- chmod -R u+rw /dev/shm/tmp
- rm -rf /dev/shm/tmp/go
- name: Check out code
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
commands:
- mkdir -p /dev/shm/tmp/go/src/github.com/gravitational/teleport
- cd /dev/shm/tmp/go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/teleport.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
# fetch enterprise submodules
- mkdir -m 0700 ~/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > ~/.ssh/id_rsa && chmod 600 ~/.ssh/id_rsa
- ssh-keyscan -H github.com > ~/.ssh/known_hosts 2>/dev/null && chmod 600 ~/.ssh/known_hosts
- git submodule update --init e
# this is allowed to fail because pre-4.3 Teleport versions don't use the webassets submodule
- git submodule update --init --recursive webassets || true
- rm -f ~/.ssh/id_rsa
- mkdir -p /dev/shm/tmp/go/artifacts /dev/shm/tmp/go/cache
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /dev/shm/tmp/go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /dev/shm/tmp/go/.version.txt; fi; cat /dev/shm/tmp/go/.version.txt
- name: Build ARM64 release artifacts
environment:
GOPATH: /dev/shm/tmp/go
GOCACHE: /dev/shm/tmp/go/cache
OS: linux
ARCH: arm64
commands:
- cd /dev/shm/tmp/go/src/github.com/gravitational/teleport
- make clean release OS=$OS ARCH=$ARCH RUNTIME=$RUNTIME
- name: Copy ARM64 artifacts
commands:
- cd /dev/shm/tmp/go/src/github.com/gravitational/teleport
# copy release archives to artifact directory
- cp teleport*.tar.gz /dev/shm/tmp/go/artifacts
- cp e/teleport-ent*.tar.gz /dev/shm/tmp/go/artifacts
# generate checksums
- cd /dev/shm/tmp/go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256; done && ls -l
- name: Upload to S3
environment:
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
AWS_REGION: us-west-2
commands:
- cd /dev/shm/tmp/go/artifacts
- aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}
- name: Clean up exec runner storage (post)
commands:
- chmod -R u+rw /dev/shm/tmp
- rm -rf /dev/shm/tmp/go
---
kind: pipeline
type: kubernetes
name: build-windows
environment:
RUNTIME: go1.15.5
trigger:
event:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
steps:
- name: Check out code
image: docker:git
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/teleport.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
# fetch enterprise submodules
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
# this is allowed to fail because pre-4.3 Teleport versions don't use the webassets submodule
- git submodule update --init --recursive webassets || true
- rm -f /root/.ssh/id_rsa
# create necessary directories
- mkdir -p /go/cache /go/artifacts
# set version
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
- name: Build Windows release artifacts
image: docker
environment:
UID: 1000
GID: 1000
GOPATH: /go
OS: windows
volumes:
- name: dockersock
path: /var/run
commands:
- apk add --no-cache make
- chown -R $UID:$GID /go
- docker pull quay.io/gravitational/teleport-buildbox:$RUNTIME || true
- cd /go/src/github.com/gravitational/teleport
- make -C build.assets release-windows OS=$OS
- name: Copy Windows artifacts
image: docker
commands:
- cd /go/src/github.com/gravitational/teleport
# copy release archives to build directory
- mkdir -p /go/artifacts/windows
- find . -maxdepth 1 -iname "teleport*.zip" -print -exec cp {} /go/artifacts \;
# make a copy of the Windows binaries named 'teleport-ent'
# our download portal looks for downloads starting with 'teleport-ent' to serve up, so
# for us to list any Windows Enterprise downloads, we need a 'teleport-ent*zip' binary
# The Windows artifacts only contain tsh.exe, which is the same for both OSS and Enterprise.
- export VERSION=$(cat /go/.version.txt)
- cp /go/artifacts/teleport-v$${VERSION}-windows-amd64-bin.zip /go/artifacts/teleport-ent-v$${VERSION}-windows-amd64-bin.zip
# generate checksums
- cd /go/artifacts && for FILE in teleport*.zip; do sha256sum $FILE > $FILE.sha256; done && ls -l
- name: Upload to S3
image: plugins/s3
settings:
bucket:
from_secret: AWS_S3_BUCKET
access_key:
from_secret: AWS_ACCESS_KEY_ID
secret_key:
from_secret: AWS_SECRET_ACCESS_KEY
region: us-west-2
source: /go/artifacts/*
target: teleport/tag/${DRONE_TAG##v}
strip_prefix: /go/artifacts/
services:
- name: Start Docker
image: docker:dind
volumes:
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
---
kind: pipeline
type: kubernetes
name: build-docker-images
environment:
RUNTIME: go1.15.5
trigger:
event:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
steps:
- name: Check out code
image: docker:git
environment:
GITHUB_PRIVATE_KEY:
from_secret: GITHUB_PRIVATE_KEY
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/teleport.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
# fetch enterprise submodules
- mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 600 /root/.ssh/id_rsa
- ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts
- git submodule update --init e
# this is allowed to fail because pre-4.3 Teleport versions don't use the webassets submodule
- git submodule update --init --recursive webassets || true
- rm -f /root/.ssh/id_rsa
# create necessary directories
- mkdir -p /go/cache /go/artifacts
# set version
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
- name: Build/push OSS/Enterprise Docker images
image: docker
environment:
UID: 1000
GID: 1000
GOPATH: /go
OS: linux
ARCH: amd64
settings:
username:
from_secret: QUAYIO_DOCKER_USERNAME
password:
from_secret: QUAYIO_DOCKER_PASSWORD
volumes:
- name: dockersock
path: /var/run
commands:
- apk add --no-cache make
- chown -R $UID:$GID /go
- docker login -u="$PLUGIN_USERNAME" -p="$PLUGIN_PASSWORD" quay.io
- docker pull quay.io/gravitational/teleport-buildbox:$RUNTIME || true
- cd /go/src/github.com/gravitational/teleport
- make image-ci publish-ci
- name: Build/push FIPS Docker image
image: docker
environment:
UID: 1000
GID: 1000
GOPATH: /go
OS: linux
ARCH: amd64
settings:
username:
from_secret: QUAYIO_DOCKER_USERNAME
password:
from_secret: QUAYIO_DOCKER_PASSWORD
volumes:
- name: dockersock
path: /var/run
commands:
- apk add --no-cache make
- chown -R $UID:$GID /go
- docker login -u="$PLUGIN_USERNAME" -p="$PLUGIN_PASSWORD" quay.io
- docker pull quay.io/gravitational/teleport-buildbox:$RUNTIME || true
- cd /go/src/github.com/gravitational/teleport
# VERSION needs to be set manually when running in the e directory.
# Normally, the version is set and exported by the root Makefile and then inherited,
# but this is not the case for FIPS builds (which only run in e/Makefile)
- export VERSION=$(cat /go/.version.txt)
- make -C e image-fips-ci publish-fips-ci
services:
- name: Start Docker
image: docker:dind
volumes:
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
---
kind: pipeline
type: kubernetes
name: build-oss-amis
trigger:
event:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
depends_on:
- build-linux-amd64
workspace:
path: /go
clone:
disable: true
steps:
- name: Check out code
image: docker:git
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/teleport.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
# set version
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
- name: Download built tarball artifacts from S3
image: amazon/aws-cli
environment:
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
AWS_REGION: us-west-2
commands:
- export VERSION=$(cat /go/.version.txt)
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else export S3_PATH="tag/"; fi
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-v$${VERSION}-linux-amd64-bin.tar.gz /go/src/github.com/gravitational/teleport/assets/aws/files
- name: Build OSS AMIs
image: hashicorp/packer
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_PACKER_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_PACKER_SECRET_ACCESS_KEY
volumes:
- name: dockersock
path: /var/run
commands:
- apk add --no-cache aws-cli jq make
- cd /go/src/github.com/gravitational/teleport/assets/aws
- export TELEPORT_VERSION=$(cat /go/.version.txt)
- export PUBLIC_AMI_NAME=gravitational-teleport-ami-oss-$TELEPORT_VERSION
- |
if [ "${DRONE_BUILD_EVENT}" = "tag" ]; then
echo "---> Building production OSS AMIs"
echo "---> Note: these AMIs will not be made public until the 'promote' step is run"
make oss-ci-build
else
echo "---> Building debug OSS AMIs"
make oss
fi
- name: Sync OSS build timestamp to S3
image: amazon/aws-cli
environment:
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
AWS_REGION: us-west-2
commands:
- export VERSION=$(cat /go/.version.txt)
- aws s3 cp /go/src/github.com/gravitational/teleport/assets/aws/files/build/oss_build_timestamp.txt s3://$AWS_S3_BUCKET/teleport/ami/$${VERSION}/
services:
- name: Start Docker
image: docker:dind
volumes:
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
---
kind: pipeline
type: kubernetes
name: build-ent-amis
trigger:
event:
- tag
ref:
include:
- refs/tags/v*
repo:
include:
- gravitational/*
depends_on:
- build-linux-amd64
- build-linux-amd64-fips
workspace:
path: /go
clone:
disable: true
steps:
- name: Check out code
image: docker:git
commands:
- mkdir -p /go/src/github.com/gravitational/teleport
- cd /go/src/github.com/gravitational/teleport
- git clone https://github.com/gravitational/teleport.git .
- git checkout ${DRONE_TAG:-$DRONE_COMMIT}
# set version
- if [[ "${DRONE_TAG}" != "" ]]; then echo "${DRONE_TAG##v}" > /go/.version.txt; else egrep ^VERSION Makefile | cut -d= -f2 > /go/.version.txt; fi; cat /go/.version.txt
- name: Download built tarball artifacts from S3
image: amazon/aws-cli
environment:
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
AWS_REGION: us-west-2
commands:
- export VERSION=$(cat /go/.version.txt)
- if [[ "${DRONE_TAG}" != "" ]]; then export S3_PATH="tag/$${DRONE_TAG##v}/"; else export S3_PATH="tag/"; fi
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-bin.tar.gz /go/src/github.com/gravitational/teleport/assets/aws/files
- aws s3 cp s3://$AWS_S3_BUCKET/teleport/$${S3_PATH}teleport-ent-v$${VERSION}-linux-amd64-fips-bin.tar.gz /go/src/github.com/gravitational/teleport/assets/aws/files
- name: Build Enterprise AMIs
image: hashicorp/packer
environment:
AWS_ACCESS_KEY_ID:
from_secret: AWS_PACKER_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_PACKER_SECRET_ACCESS_KEY
volumes:
- name: dockersock
path: /var/run
commands:
- apk add --no-cache aws-cli jq make
- cd /go/src/github.com/gravitational/teleport/assets/aws
- export TELEPORT_VERSION=$(cat /go/.version.txt)
- export PUBLIC_AMI_NAME=gravitational-teleport-ami-ent-$TELEPORT_VERSION
- export FIPS_AMI_NAME=gravitational-teleport-ami-ent-$TELEPORT_VERSION-fips
- |
if [ "${DRONE_BUILD_EVENT}" = "tag" ]; then
echo "---> Building production Enterprise AMIs"
echo "---> Note: these AMIs will not be made public until the 'promote' step is run"
make ent-ci-build
else
echo "---> Building debug Enterprise AMIs"
make ent
fi
- name: Sync Enterprise build timestamp to S3
image: amazon/aws-cli
environment:
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
AWS_REGION: us-west-2
commands:
- export VERSION=$(cat /go/.version.txt)
- aws s3 cp /go/src/github.com/gravitational/teleport/assets/aws/files/build/ent_build_timestamp.txt s3://$AWS_S3_BUCKET/teleport/ami/$${VERSION}/
services:
- name: Start Docker
image: docker:dind
volumes:
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
---
kind: pipeline
type: kubernetes
name: build-buildboxes
environment:
RUNTIME: go1.15.5
UID: 1000
GID: 1000
trigger:
branch:
- master
event:
- push
repo:
include:
- gravitational/*
workspace:
path: /go/src/github.com/gravitational/teleport
clone:
disable: true
steps:
- name: Check out code
image: docker:git
volumes:
- name: dockersock
path: /var/run
commands:
- git clone https://github.com/gravitational/teleport.git .
- git checkout ${DRONE_COMMIT}
- name: Build and push buildbox container
image: docker
environment:
QUAYIO_DOCKER_USERNAME:
from_secret: QUAYIO_DOCKER_USERNAME
QUAYIO_DOCKER_PASSWORD:
from_secret: QUAYIO_DOCKER_PASSWORD
volumes:
- name: dockersock
path: /var/run
commands:
- apk add --no-cache make
- chown -R $UID:$GID /go
- docker login -u="$QUAYIO_DOCKER_USERNAME" -p="$QUAYIO_DOCKER_PASSWORD" quay.io
- docker pull quay.io/gravitational/teleport-buildbox:$RUNTIME || true
- make -C build.assets buildbox
- docker push quay.io/gravitational/teleport-buildbox:$RUNTIME
- name: Build and push buildbox-fips container
image: docker
environment:
QUAYIO_DOCKER_USERNAME:
from_secret: QUAYIO_DOCKER_USERNAME
QUAYIO_DOCKER_PASSWORD:
from_secret: QUAYIO_DOCKER_PASSWORD
volumes:
- name: dockersock
path: /var/run
commands:
- apk add --no-cache make
- chown -R $UID:$GID /go
- docker login -u="$QUAYIO_DOCKER_USERNAME" -p="$QUAYIO_DOCKER_PASSWORD" quay.io
- docker pull quay.io/gravitational/teleport-buildbox-fips:$RUNTIME || true
- make -C build.assets buildbox-fips
- docker push quay.io/gravitational/teleport-buildbox-fips:$RUNTIME
- name: Build and push buildbox-centos6 container
image: docker
environment:
QUAYIO_DOCKER_USERNAME:
from_secret: QUAYIO_DOCKER_USERNAME
QUAYIO_DOCKER_PASSWORD:
from_secret: QUAYIO_DOCKER_PASSWORD
volumes:
- name: dockersock
path: /var/run
commands:
- apk add --no-cache make
- chown -R $UID:$GID /go
- docker login -u="$QUAYIO_DOCKER_USERNAME" -p="$QUAYIO_DOCKER_PASSWORD" quay.io
- docker pull quay.io/gravitational/teleport-buildbox-centos6:$RUNTIME || true
- make -C build.assets buildbox-centos6
- docker push quay.io/gravitational/teleport-buildbox-centos6:$RUNTIME
- name: Build and push buildbox-centos6-fips container
image: docker
environment:
QUAYIO_DOCKER_USERNAME:
from_secret: QUAYIO_DOCKER_USERNAME
QUAYIO_DOCKER_PASSWORD:
from_secret: QUAYIO_DOCKER_PASSWORD
volumes:
- name: dockersock
path: /var/run
commands:
- apk add --no-cache make
- chown -R $UID:$GID /go
- docker login -u="$QUAYIO_DOCKER_USERNAME" -p="$QUAYIO_DOCKER_PASSWORD" quay.io
- docker pull quay.io/gravitational/teleport-buildbox-centos6-fips:$RUNTIME || true
- make -C build.assets buildbox-centos6-fips
- docker push quay.io/gravitational/teleport-buildbox-centos6-fips:$RUNTIME
services:
- name: Start Docker
image: docker:dind
volumes:
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
---
kind: pipeline
type: kubernetes
name: promote-build
trigger:
event:
- promote
target:
- production
repo:
include:
- gravitational/*
workspace:
path: /go
clone:
disable: true
steps:
- name: Download artifacts from S3
image: amazon/aws-cli
environment:
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
AWS_REGION: us-west-2
commands:
- mkdir -p /go/artifacts
- aws s3 sync s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v}/ /go/artifacts/
- name: Upload artifacts to production S3
image: plugins/s3
settings:
bucket:
from_secret: PRODUCTION_AWS_S3_BUCKET
access_key:
from_secret: PRODUCTION_AWS_ACCESS_KEY_ID
secret_key:
from_secret: PRODUCTION_AWS_SECRET_ACCESS_KEY
region: us-east-1
acl: public-read
source: /go/artifacts/*
target: teleport/${DRONE_TAG##v}/
strip_prefix: /go/artifacts/
- name: Pull/retag Docker images
image: docker
settings:
docker_staging_username:
from_secret: QUAYIO_DOCKER_USERNAME
docker_staging_password:
from_secret: QUAYIO_DOCKER_PASSWORD
docker_production_username:
from_secret: PRODUCTION_QUAYIO_DOCKER_USERNAME
docker_production_password:
from_secret: PRODUCTION_QUAYIO_DOCKER_PASSWORD
volumes:
- name: dockersock
path: /var/run
commands:
# wait for docker to start
- sleep 3
- export VERSION=${DRONE_TAG##v}
# authenticate with staging credentials
- docker login -u="$PLUGIN_DOCKER_STAGING_USERNAME" -p="$PLUGIN_DOCKER_STAGING_PASSWORD" quay.io
# pull 'temporary' CI-built images
- echo "---> Pulling images for $${VERSION}"
- docker pull quay.io/gravitational/teleport-ci:$${VERSION}
- docker pull quay.io/gravitational/teleport-ent-ci:$${VERSION}
- docker pull quay.io/gravitational/teleport-ent-ci:$${VERSION}-fips
# retag images to production naming
- echo "---> Tagging images for $${VERSION}"
- docker tag quay.io/gravitational/teleport-ci:$${VERSION} quay.io/gravitational/teleport:$${VERSION}
- docker tag quay.io/gravitational/teleport-ent-ci:$${VERSION} quay.io/gravitational/teleport-ent:$${VERSION}
- docker tag quay.io/gravitational/teleport-ent-ci:$${VERSION}-fips quay.io/gravitational/teleport-ent:$${VERSION}-fips
# reauthenticate with production credentials
- docker logout quay.io
- docker login -u="$PLUGIN_DOCKER_PRODUCTION_USERNAME" -p="$PLUGIN_DOCKER_PRODUCTION_PASSWORD" quay.io
# push production images
- echo "---> Pushing images for $${VERSION}"
- docker push quay.io/gravitational/teleport:$${VERSION}
- docker push quay.io/gravitational/teleport-ent:$${VERSION}
- docker push quay.io/gravitational/teleport-ent:$${VERSION}-fips
- name: Check out code
image: docker:git
commands:
- |
mkdir -p /go/src/github.com/gravitational/teleport
cd /go/src/github.com/gravitational/teleport
git init && git remote add origin ${DRONE_REMOTE_URL}
git fetch origin +refs/tags/${DRONE_TAG}:
git checkout -qf FETCH_HEAD
- name: Download AMI timestamps
image: docker
environment:
AWS_S3_BUCKET:
from_secret: AWS_S3_BUCKET
AWS_ACCESS_KEY_ID:
from_secret: AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: AWS_SECRET_ACCESS_KEY
commands:
- apk add --no-cache aws-cli
- mkdir -p /go/src/github.com/gravitational/teleport/assets/aws/files/build
- aws s3 sync s3://$AWS_S3_BUCKET/teleport/ami/${DRONE_TAG##v}/ /go/src/github.com/gravitational/teleport/assets/aws/files/build
- name: Make AMIs public
image: docker
environment:
AWS_ACCESS_KEY_ID:
from_secret: PRODUCTION_AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: PRODUCTION_AWS_SECRET_ACCESS_KEY
commands:
- apk add --no-cache aws-cli bash jq make
- cd /go/src/github.com/gravitational/teleport/assets/aws
- |
make change-amis-to-public-oss
make change-amis-to-public-ent
make change-amis-to-public-ent-fips
# NOTE: all mandatory steps for a release promotion need to go BEFORE this
# step, as there is a chance that everything afterwards will be skipped.
#
# this step exits early and skips all remanining steps in the pipeline if the
# tag looks like a pre-release, to avoid publishing RPMs for pre-release builds.
- name: Determine whether RPMs should be published
image: docker
commands:
- |
# length will be 0 after filtering if this is a pre-release, >0 otherwise
FILTERED_TAG_LENGTH=$(echo ${DRONE_TAG} | egrep -v '(alpha|beta|dev|rc)' | wc -c)
if [ $$FILTERED_TAG_LENGTH -eq 0 ]; then
echo "---> ${DRONE_TAG} looks like a pre-release, not publishing RPMs"
# exit pipeline early with success status
exit 78
else
echo "---> Publishing RPMs for ${DRONE_TAG}"
fi
- name: Download RPM repo contents
image: amazon/aws-cli
environment:
AWS_S3_BUCKET:
from_secret: RPMREPO_AWS_S3_BUCKET
AWS_ACCESS_KEY_ID:
from_secret: RPMREPO_AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: RPMREPO_AWS_SECRET_ACCESS_KEY
volumes:
- name: rpmrepo
path: /rpmrepo
commands:
- mkdir -p /rpmrepo/teleport/cache
# we explicitly want to delete anything present locally which has been deleted
# from the upstream S3 bucket
- aws s3 sync s3://$AWS_S3_BUCKET/teleport/ /rpmrepo/teleport/ --delete
- mkdir -p /rpmrepo/teleport/${DRONE_TAG##v}
- cp -a /go/artifacts/*.rpm /rpmrepo/teleport/${DRONE_TAG##v}/
# we do this using a CentOS 7 container to make sure that the repo files are
# compatible with older versions, also there's no createrepo package in alpine main
- name: Regenerate RPM repo metadata
image: centos:7
volumes:
- name: rpmrepo
path: /rpmrepo
commands:
- yum -y install createrepo
- createrepo --cachedir /rpmrepo/teleport/cache --update /rpmrepo/teleport
- name: Sync RPM repo changes to S3
image: amazon/aws-cli
environment:
AWS_S3_BUCKET:
from_secret: RPMREPO_AWS_S3_BUCKET
AWS_ACCESS_KEY_ID:
from_secret: RPMREPO_AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY:
from_secret: RPMREPO_AWS_SECRET_ACCESS_KEY
volumes:
- name: rpmrepo
path: /rpmrepo
commands:
- aws s3 sync /rpmrepo/teleport/ s3://$AWS_S3_BUCKET/teleport/
services:
- name: Start Docker
image: docker:dind
volumes:
- name: dockersock
path: /var/run
volumes:
- name: dockersock
temp: {}
# this persistent volume caches RPMs near Drone so that we don't need to download the
# entire repo contents from S3 every time to build the repo, we just sync any differences
- name: rpmrepo
claim:
name: drone-s3-rpmrepo-pvc
---
kind: signature
hmac: 8f17b3edc11f7c493d4465bccf1e349646b3ce8234919f9af3fec974ba634800
...
Reference in a new issue View git blame Copy permalink