upstream/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2026-02-18 18:38:08 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
vault/.github/actions/containerize/action.yml
Vault Automation a73eca5759
Backport license: add support for publishing artifacts to IBM PAO into ce/main (#9208) 
* license: add support for publishing artifacts to IBM PAO (#8366)

Signed-off-by: Ryan Cragun <me@ryan.ec>
Co-authored-by: brian shore <bshore@hashicorp.com>
Co-authored-by: Ethel Evans <ethel.evans@hashicorp.com>
Co-authored-by: Ryan Cragun <me@ryan.ec>
2025-09-11 11:25:15 -06:00

148 lines
8.1 KiB
YAML
Raw Blame History

# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: BUSL-1.1
---
name: Containerize Binary
description: |
Containerize vault binaries and annotate them with the correct registry tags. Artifacts will be
uploaded to the Github artifact store. This action is used for both CE and Ent and thus needs to
stay compatible for both repository contexts.
inputs:
docker:
description: |
Package the binary into a Docker container suitable for the Docker and AWS registries. We'll
automatically determine the correct tags and target depending on the vault edition.
default: 'true'
goarch:
description: The Go GOARCH value environment variable to set during the build.
goos:
description: The Go GOOS value environment variable to set during the build.
redhat:
description: Package the binary into a UBI container suitable for the Redhat Quay registry.
default: 'false'
vault-binary-path:
description: The path to the vault binary.
default: dist/vault
vault-edition:
description: The edition of vault to build.
default: ce
vault-version:
description: The vault version.
outputs:
vault-binary-path:
description: The location of the binary after containerization
value: ${{ inputs.vault-binary-path }}
runs:
using: composite
steps:
- if: inputs.vault-edition != 'ce' && (inputs.docker == 'true' || inputs.redhat == 'true')
uses: hashicorp-forge/actions-pao-tool/select-license@6997f7457c338e008506005cc370e7b02f7fb421 # v1.0.3
id: build-vault-select-license
with:
arch: ${{ matrix.goarch }}
- id: vars
shell: bash
run: |
case '${{ inputs.vault-edition }}' in
"ce")
container_version='${{ inputs.vault-version }}'
docker_container_tags='docker.io/hashicorp/vault:${{ inputs.vault-version }} public.ecr.aws/hashicorp/vault:${{ inputs.vault-version }}'
docker_container_target='default'
redhat_container_tags='quay.io/redhat-isv-containers/5f89bb5e0b94cf64cfeb500a:${{ inputs.vault-version }}-ubi'
redhat_container_target='ubi'
license_source='LICENSE'
license_dest='/usr/share/doc/vault/LICENSE.txt'
;;
"ent")
container_version='${{ inputs.vault-version }}+${{ inputs.vault-edition }}'
docker_container_tags='docker.io/hashicorp/vault-enterprise:${{ inputs.vault-version }}-${{ inputs.vault-edition}} public.ecr.aws/hashicorp/vault-enterprise:${{ inputs.vault-version }}-${{ inputs.vault-edition }}'
docker_container_target='default'
redhat_container_tags='quay.io/redhat-isv-containers/5f89bb9242e382c85087dce2:${{ inputs.vault-version }}-${{ inputs.vault-edition }}-ubi'
redhat_container_target='ubi'
license_source='${{ steps.build-vault-select-license.outputs.license-path }}/Softcopy'
license_dest='/usr/share/doc/vault/Softcopy/'
;;
"ent.hsm")
container_version='${{ inputs.vault-version }}+${{ inputs.vault-edition }}'
docker_container_tags='docker.io/hashicorp/vault-enterprise:${{ inputs.vault-version }}-${{ inputs.vault-edition}} public.ecr.aws/hashicorp/vault-enterprise:${{ inputs.vault-version }}-${{ inputs.vault-edition }}'
docker_container_target='ubi-hsm'
redhat_container_tags='quay.io/redhat-isv-containers/5f89bb9242e382c85087dce2:${{ inputs.vault-version }}-${{ inputs.vault-edition }}-ubi'
redhat_container_target='ubi-hsm'
license_source='${{ steps.build-vault-select-license.outputs.license-path }}/Softcopy'
license_dest='/usr/share/doc/vault/Softcopy/'
;;
"ent.hsm.fips1403")
container_version='${{ inputs.vault-version }}+${{ inputs.vault-edition }}'
docker_container_tags='docker.io/hashicorp/vault-enterprise:${{ inputs.vault-version }}-${{ inputs.vault-edition}} public.ecr.aws/hashicorp/vault-enterprise:${{ inputs.vault-version }}-${{ inputs.vault-edition }}'
docker_container_target='ubi-hsm-fips'
redhat_container_tags='quay.io/redhat-isv-containers/5f89bb9242e382c85087dce2:${{ inputs.vault-version }}-${{ inputs.vault-edition }}-ubi'
redhat_container_target='ubi-hsm-fips'
license_source='${{ steps.build-vault-select-license.outputs.license-path }}/Softcopy'
license_dest='/usr/share/doc/vault/Softcopy/'
;;
"ent.fips1403")
# NOTE: For compatibility we still publish the ent.fips1403 containers to different
# namespaces. All ent, ent.hsm, and ent.hsm.fips1403 containers are released in the
# enterprise namespaces. After we've updated the upstream docker action to support
# multiple tags we can start to tag images with both namespaces, publish to both, and
# eventually sunset the fips1403 specific namespaces.
container_version='${{ inputs.vault-version }}+${{ inputs.vault-edition }}'
docker_container_tags='docker.io/hashicorp/vault-enterprise-fips:${{ inputs.vault-version }}-${{ inputs.vault-edition }} public.ecr.aws/hashicorp/vault-enterprise-fips:${{ inputs.vault-version }}-${{ inputs.vault-edition }}'
docker_container_target='ubi-fips'
redhat_container_tags='quay.io/redhat-isv-containers/6283f645d02c6b16d9caeb8e:${{ inputs.vault-version }}-${{ inputs.vault-edition }}-ubi'
redhat_container_target='ubi-fips'
license_source='${{ steps.build-vault-select-license.outputs.license-path }}/Softcopy'
license_dest='/usr/share/doc/vault/Softcopy/'
;;
*)
echo "Cannot generate container tags for unknown vault edition: ${{ inputs.vault-edition }}" 2>&1
exit 1
;;
esac
{
echo "container-version=${container_version}"
echo "docker-container-tags=${docker_container_tags}"
echo "docker-container-target=${docker_container_target}"
echo "redhat-container-tags=${redhat_container_tags}"
echo "redhat-container-target=${redhat_container_target}"
echo "license_source=${license_source}"
echo "license_dest=${license_dest}"
echo "revision=$(make ci-get-revision)"
} | tee -a "$GITHUB_OUTPUT"
- if: inputs.docker == 'true' || inputs.redhat == 'true'
id: copy-binary
shell: bash
run: |
dest_path='dist/${{ inputs.goos }}/${{ inputs.goarch }}/vault'
dest_dir=$(dirname "$dest_path")
[[ ! -d "$dest_dir" ]] && mkdir -p "$dest_dir"
[[ ! -f "$dest_path" ]] && cp ${{ inputs.vault-binary-path }} "${dest_path}"
- if: inputs.docker == 'true'
uses: hashicorp/actions-docker-build@ryan/VAULT-34830-allow-repo-configuration
with:
arch: ${{ inputs.goarch }}
do_zip_extract_step: 'false' # Don't download and extract an already present binary
extra_build_args: |
LICENSE_SOURCE=${{ steps.vars.outputs.license_source }}
LICENSE_DEST=${{ steps.vars.outputs.license_dest }}
repo_name: ${{ inputs.vault-edition == 'ce' && 'vault' || 'vault-enterprise' }}
revision: ${{ steps.vars.outputs.revision }}
tags: ${{ steps.vars.outputs.docker-container-tags }}
target: ${{ steps.vars.outputs.docker-container-target }}
version: ${{ steps.vars.outputs.container-version }}
- if: inputs.redhat == 'true'
uses: hashicorp/actions-docker-build@ryan/VAULT-34830-allow-repo-configuration
with:
arch: ${{ inputs.goarch }}
do_zip_extract_step: 'false' # Don't download and extract an already present binary
extra_build_args: |
LICENSE_SOURCE=${{ steps.vars.outputs.license_source }}
LICENSE_DEST=${{ steps.vars.outputs.license_dest }}
redhat_tag: ${{ steps.vars.outputs.redhat-container-tags }}
repo_name: ${{ inputs.vault-edition == 'ce' && 'vault' || 'vault-enterprise' }}
revision: ${{ steps.vars.outputs.revision }}
target: ${{ steps.vars.outputs.redhat-container-target }}
version: ${{ steps.vars.outputs.container-version }}
Reference in a new issue View git blame Copy permalink