@@ -39,14 +39,21 @@ jobs:
3939 runs-on : ubuntu-latest
4040 outputs :
4141 product-version : ${{ steps.get-product-version.outputs.product-version }}
42+ shared-ldflags : ${{ steps.shared-ldflags.outputs.shared-ldflags }}
4243 steps :
4344 - uses : actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
4445 - name : get product version
4546 id : get-product-version
4647 run : |
4748 make version
4849 echo "product-version=$(make version)" >> $GITHUB_OUTPUT
49-
50+ name : Set shared -ldflags
51+ id : shared-ldflags
52+ run : |
53+ T="github.com/hashicorp/consul-dataplane/pkg/version"
54+ echo "shared-ldflags=-X ${T}.GitCommit=${GITHUB_SHA::8} \
55+ -X ${T}.GitDescribe=${{ steps.get-product-version.outputs.product-version }} \
56+ " >> "$GITHUB_OUTPUT"
5057generate-metadata-file :
5158 needs : get-product-version
5259 runs-on : ubuntu-latest
9299 - uses : actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
93100
94101 - uses : hashicorp/actions-go-build@v1
102+ name : Build non-FIPS
103+ if : ${{ matrix.fips != '+fips1402' }}
95104 with :
96105 product_name : ${{ env.PKG_NAME }}
97106 product_version : ${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }}
@@ -107,6 +116,146 @@ jobs:
107116 fi
108117 ${{ matrix.env }} go build -tags=${{ matrix.gotags }} -trimpath -buildvcs=false -ldflags="-X github.com/hashicorp/consul-dataplane/pkg/version.GitCommit=${GITHUB_SHA::8}" -o $BIN_PATH ./cmd/$BIN_NAME
109118
119+ name : Build ubuntu-focal-builder image
120+ if : ${{ matrix.goos != 'windows' && matrix.fips == '+fips1402' }}
121+ uses : docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4
122+ with :
123+ platforms : linux/amd64 # we only ever build amd64 images because we always run on amd64 runners and cross-compile inside the container if needed
124+ context : .github/containers/ubuntu/
125+ build-args : |
126+ GO_VERSION=${{ needs.get-go-version.outputs.go-version }}
127+ push : true
128+ tags : localhost:5000/ubuntu-focal-builder:${{ github.sha }}
129+
130+ - uses : hashicorp/actions-go-build@v1
131+ name : Build FIPS non-windows
132+ if : ${{ matrix.goos != 'windows' && matrix.fips == '+fips1402' }}
133+ env :
134+ PRODUCT_VERSION : ${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }}
135+ GO_ENV : " ${{ matrix.env }}"
136+ GO_VERSION : ${{ needs.get-go-version.outputs.go-version }}
137+ GOLDFLAGS : " ${{needs.get-product-version.outputs.shared-ldflags}}"
138+ BINARY_PATH : " dist/${{ env.PKG_NAME }}"
139+ GOOS : ${{ matrix.goos }}
140+ GOARCH : ${{ matrix.goarch }}
141+ GOTAGS : ${{ matrix.gotags }}
142+ with :
143+ product_name : ${{ env.PKG_NAME }}
144+ product_version : ${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }}
145+ go_version : ${{ needs.get-go-version.outputs.go-version }}
146+ os : ${{ matrix.goos }}
147+ arch : ${{ matrix.goarch }}
148+ reproducible : assert
149+ instructions : |-
150+ mkdir -p /build/dist
151+ mkdir -p .release/linux/package/usr/share/doc/$PKG_NAME
152+ cp LICENSE $TARGET_DIR/LICENSE.txt
153+
154+ #### Create a script file to run inside Docker with detailed logging ####
155+
156+ cat > container_build_script.sh << 'EOF'
157+ #!/bin/bash
158+ set -x # Print each command before execution
159+
160+ echo "====== Environment inside container ======"
161+ env | sort
162+ git config --global url."https://${GITHUB_TOKEN}:@github.com/".insteadOf "https://github.com/"
163+
164+ if [ -n "$ELEVATED_GITHUB_TOKEN" ]; then
165+ echo "Configuring Git with elevated GitHub token for authentication..."
166+ git config --global url."https://${ELEVATED_GITHUB_TOKEN}:[email protected] /".insteadOf "https://github.com/" 167+ git config --global url."https://${ELEVATED_GITHUB_TOKEN}:[email protected] /".insteadOf "[email protected] :" 168+ else
169+ echo "WARNING : ELEVATED_GITHUB_TOKEN not provided. Private repository access may fail."
170+ exit 1
171+ fi
172+ echo "Configuring Git for private repositories..."
173+
174+ # Use .netrc for Git authentication - more reliable than url rewriting
175+ cat > /tmp/.netrc << EON
176+ machine github.com
177+ login oauth2
178+ password $ELEVATED_GITHUB_TOKEN
179+ EON
180+
181+ # Set permissions and tell Git where to find it
182+ chmod 600 /tmp/.netrc
183+ export HOME=/tmp
184+
185+ # Verify Git can access a private repository
186+ echo "Testing Git authentication..."
187+ git ls-remote https://github.com/hashicorp/consul-dataplane.git HEAD || {
188+ echo "Failed to authenticate with GitHub. Check token permissions."
189+ exit 1
190+ }
191+
192+ # Ensure GOPRIVATE is set in the container
193+ export GOPRIVATE=${GOPRIVATE:-github.com/hashicorp}
194+
195+ # Show Go environment (excluding sensitive info)
196+ go env | grep -v -E '(TOKEN|PASSWORD|SECRET|KEY)'
197+ echo "========================================"
198+
199+ echo "====== Starting build process ======"
200+ echo "Go Environment : $GO_ENV"
201+ echo "Go Tags : $GOTAGS"
202+ echo "Gold Flags : $GOLDFLAGS"
203+ echo "Binary will be output to : /build/$BINARY_PATH"
204+ ls -la /build
205+ ls -la /build/dist
206+ # Executing the build command with detailed output
207+ BUILD_CMD="$GO_ENV go build -tags=$GOTAGS -ldflags \"$GOLDFLAGS\" -o \"/build/$BINARY_PATH\" -trimpath -buildvcs=false ./cmd/$BIN_NAME"
208+ echo "Build command : $BUILD_CMD"
209+
210+ # Use eval to properly execute the command
211+ eval "$BUILD_CMD"
212+ BUILD_STATUS=$?
213+ echo "======Binary exists - Checking package DL dependencies======"
214+ readelf -sW /build/dist/consul-dataplane | grep GLIBC_ || echo "No GLIBC symbols found."
215+ echo "Go build exit status : $BUILD_STATUS"
216+
217+ if [ $BUILD_STATUS -ne 0 ]; then
218+ echo "ERROR : Go build failed with status $BUILD_STATUS"
219+ # Display more diagnostic information
220+ echo "Go version:"
221+ go version
222+ echo "Go environment:"
223+ go env
224+ exit $BUILD_STATUS
225+ fi
226+
227+ echo "====== Listing build output ======"
228+ ls -la /build/
229+ ls -la /build/dist/
230+ echo "====== Build process completed successfully ======"
231+ EOF
232+ # ##### end of script file #####
233+
234+
235+ # Make the script executable
236+ chmod +x container_build_script.sh
237+
238+ ESCAPED_GOLDFLAGS=$(echo "${{env.GOLDFLAGS}}" | sed 's/"/\\"/g')
239+ echo "Running Docker container..."
240+ docker run --rm \
241+ --user "$(id -u):$(id -g)" \
242+ --env HOME=/tmp \
243+ --env PRODUCT_VERSION=${{env.PRODUCT_VERSION}} \
244+ --env GOLDFLAGS="$ESCAPED_GOLDFLAGS" \
245+ --env BINARY_PATH=${{env.BINARY_PATH}} \
246+ --env GOOS=${{env.GOOS}} \
247+ --env GOARCH=${{env.GOARCH}} \
248+ --env GOTAGS=${{env.GOTAGS}} \
249+ --env GO_ENV="${{env.GO_ENV}}" \
250+ --env PKG_NAME=${{env.PKG_NAME}} \
251+ --env GOPRIVATE="github.com/hashicorp" \
252+ --env ELEVATED_GITHUB_TOKEN=${{ secrets.ELEVATED_GITHUB_TOKEN }} \
253+ -v "$(pwd)":/build \
254+ -w /build \
255+ localhost:5000/ubuntu-focal-builder:${{ github.sha }} \
256+ /build/container_build_script.sh
257+ ls -la ./dist
258+
110259 - name : Copy license file
111260 if : ${{ matrix.goos == 'linux' }}
112261 env :
@@ -178,19 +327,6 @@ jobs:
178327 echo "full_dev_tag=${{ env.version }}" >> $GITHUB_ENV
179328 echo "minor_dev_tag=$(echo ${{ env.version }}| sed -E 's/([0-9]+\.[0-9]+)\.[0-9]+(-[0-9a-zA-Z\+\.]+)?$/\1\2/')"
180329 echo "minor_dev_tag=$(echo ${{ env.version }}| sed -E 's/([0-9]+\.[0-9]+)\.[0-9]+(-[0-9a-zA-Z\+\.]+)?$/\1\2/')" >> $GITHUB_ENV
181-
182- name : Install Required glibc version
183- run : |
184- GLIBC_VERSION=2.34
185- wget http://ftp.gnu.org/gnu/libc/glibc-$GLIBC_VERSION.tar.gz
186- tar -xvzf glibc-${GLIBC_VERSION}.tar.gz
187- cd glibc-${GLIBC_VERSION}
188- mkdir build
189- cd build
190- ../configure --prefix=/opt/glibc-${GLIBC_VERSION}
191- make -j$(nproc)
192- sudo make install
193- export LD_LIBRARY_PATH=/opt/glibc-${GLIBC_VERSION}/lib:${LD_LIBRARY_PATH}
194330name : Docker Build (Action)
195331 if : ${{ !matrix.fips }}
196332 uses : hashicorp/actions-docker-build@v2
0 commit comments