krd/vault-redux
1
0
Fork 0
Code

Remove CircleCI Configuration (#19751)

Browse Source 
* modify pre-commit hook to not look for circleci

* remove circleci configuration
This commit is contained in:
Marc Boudreau 2023-03-24 14:24:06 -04:00 committed by GitHub
parent 58bbcad74b
commit 1361932d91
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
28 changed files with 1 additions and 2180 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.circleci/.gitattributes vendored
View File

@ -1 +0,0 @@
config.yml linguist-generated

1
.circleci/.gitignore vendored
View File

@ -1 +0,0 @@
.tmp/

100
.circleci/Makefile
View File

@ -1,100 +0,0 @@
# Set SHELL to 'strict mode' without using .SHELLFLAGS for max compatibility.
# See https://fieldnotes.tech/how-to-shell-for-compatible-makefiles/
SHELL := /usr/bin/env bash -euo pipefail -c
# CONFIG is the name of the make target someone
# would invoke to update the main config file (config.yml).
CONFIG ?= ci-config
# VERIFY is the name of the make target someone
# would invoke to verify the config file.
VERIFY ?= ci-verify
CIRCLECI := circleci --skip-update-check
ifeq ($(DEBUG_CIRCLECI_CLI),YES)
CIRCLECI += --debug
endif
# For config processing, always refer to circleci.com not self-hosted circleci,
# because self-hosted does not currently support the necessary API.
CIRCLECI_CLI_HOST := https://circleci.com
export CIRCLECI_CLI_HOST
# Set up some documentation/help message variables.
# We do not attempt to install the CircleCI CLI from this Makefile.
CCI_INSTALL_LINK := https://circleci.com/docs/2.0/local-cli/\#installation
CCI_INSTALL_MSG := Please install CircleCI CLI. See $(CCI_INSTALL_LINK)
CCI_VERSION := $(shell $(CIRCLECI) version 2> /dev/null)
ifeq ($(CCI_VERSION),)
# Attempting to use the CLI fails with installation instructions.
CIRCLECI := echo '$(CCI_INSTALL_MSG)'; exit 1; \#
endif
SOURCE_DIR := config
SOURCE_YML := $(shell [ ! -d $(SOURCE_DIR) ] || find $(SOURCE_DIR) -name '*.yml')
CONFIG_SOURCE := Makefile $(SOURCE_YML) | $(SOURCE_DIR)
OUT := config.yml
TMP := .tmp/config-processed
CONFIG_PACKED := .tmp/config-packed
GO_VERSION_FILE := ../.go-version
GO_VERSION := $(shell cat $(GO_VERSION_FILE))
default: help
help:
@echo "Usage:"
@echo " make $(CONFIG): recompile config.yml from $(SOURCE_DIR)/"
@echo " make $(VERIFY): verify that config.yml is a true mapping from $(SOURCE_DIR)/"
@echo
@echo "Diagnostics:"
@[ -z "$(CCI_VERSION)" ] || echo " circleci-cli version $(CCI_VERSION)"
@[ -n "$(CCI_VERSION)" ] || echo " $(CCI_INSTALL_MSG)"
$(SOURCE_DIR):
@echo No source directory $(SOURCE_DIR) found.; exit 1
# Make sure our .tmp dir exists.
$(shell [ -d .tmp ] || mkdir .tmp)
.PHONY: $(CONFIG)
$(CONFIG): $(OUT) $(GO_VERSION_FILE)
.PHONY: $(VERIFY)
$(VERIFY): config-up-to-date
@$(CIRCLECI) config validate $(OUT)
define GENERATED_FILE_HEADER
### ***
### WARNING: DO NOT manually EDIT or MERGE this file, it is generated by 'make $(CONFIG)'.
### INSTEAD: Edit or merge the source in $(SOURCE_DIR)/ then run 'make $(CONFIG)'.
### ***
endef
export GENERATED_FILE_HEADER
# GEN_CONFIG writes the config to a temporary file. If the whole process succeeds,
# it them moves that file to $@. This makes is an atomic operation, so if it fails
# make doesn't consider a half-baked file up to date.
define GEN_CONFIG
@yq -i ".references.environment.GO_IMAGE = \"docker.mirror.hashicorp.services/cimg/go:$(GO_VERSION)\"" $(SOURCE_DIR)/executors/\@executors.yml
@$(CIRCLECI) config pack $(SOURCE_DIR) > $(CONFIG_PACKED)
@echo "$$GENERATED_FILE_HEADER" > $@.tmp || { rm -f $@; exit 1; }
@$(CIRCLECI) config process $(CONFIG_PACKED) >> $@.tmp || { rm -f $@.tmp; exit 1; }
@mv -f $@.tmp $@
endef
.PHONY: $(OUT)
$(OUT): $(CONFIG_SOURCE)
$(GEN_CONFIG)
@echo "$@ updated"
$(TMP): $(CONFIG_SOURCE)
$(GEN_CONFIG)
.PHONY: config-up-to-date
config-up-to-date: $(TMP) # Note this must not depend on $(OUT)!
@if diff -w $(OUT) $<; then \
echo "Generated $(OUT) is up to date!"; \
else \
echo "Generated $(OUT) is out of date, run make $(CONFIG) to update."; \
exit 1; \
fi

130
.circleci/README.md
View File

@ -1,130 +0,0 @@
# How to use CircleCI multi-file config
This README and the Makefile should be in your `.circleci` directory,
in the root of your repository.
All path references in this README assume we are in this `.circleci` directory.
The `Makefile` in this directory generates `./config.yml` in CircleCI 2.0 syntax,
from the tree rooted at `./config/`, which contains files in CircleCI 2.0 or 2.1 syntax.
## Quickstart
The basic workflow is:
- Edit source files in `./config/`
- When you are done, run `make ci-config` to update `./config.yml`
- Commit this entire `.circleci` directory, including that generated file together.
- Run `make ci-verify` to ensure the current `./config.yml` is up to date with the source.
When merging this `.circleci` directory:
- Do not merge the generated `./config.yml` file, instead:
- Merge the source files under `./config/`, and then
- Run `make ci-config` to re-generate the merged `./config.yml`
And that's it, for more detail, read on!
## How does it work, roughly?
CircleCI supports [generating a single config file from many],
using the `$ circleci config pack` command.
It also supports [expanding 2.1 syntax to 2.0 syntax]
using the `$ circleci config process` command.
We use these two commands, stitched together using the `Makefile`
to implement the workflow.
[generating a single config file from many]: https://circleci.com/docs/2.0/local-cli/#packing-a-config
[expanding 2.1 syntax to 2.0 syntax]: https://circleci.com/docs/2.0/local-cli/#processing-a-config
## Prerequisites
You will need the [CircleCI CLI tool] installed and working,
at least version `0.1.5607`.
You can [download this tool directly from GitHub Releases].
```
$ circleci version
0.1.5607+f705856
```
[CircleCI CLI tool]: https://circleci.com/docs/2.0/local-cli/
[download this tool directly from GitHub Releases]: https://github.com/CircleCI-Public/circleci-cli/releases
## Updating the config source
Before making changes, be sure to understand the layout
of the `./config/` file tree, as well as circleci 2.1 syntax.
See the [Syntax and layout] section below.
To update the config, you should edit, add or remove files
in the `./config/` directory,
and then run `make ci-config`.
If that's successful,
you should then commit every `*.yml` file in the tree rooted in this directory.
That is: you should commit both the source under `./config/`
and the generated file `./config.yml` at the same time, in the same commit.
The included git pre-commit hook will help with this.
Do not edit the `./config.yml` file directly, as you will lose your changes
next time `make ci-config` is run.
[Syntax and layout]: #syntax-and-layout
### Verifying `./config.yml`
To check whether or not the current `./config.yml` is up to date with the source
and valid, run `$ make ci-verify`.
Note that `$ make ci-verify` should be run in CI,
in case not everyone has the git pre-commit hook set up correctly.
#### Example shell session
```sh
$ make ci-config
config.yml updated
$ git add -A . # The -A makes sure to include deletions/renames etc.
$ git commit -m "ci: blah blah blah"
Changes detected in .circleci/, running 'make -C .circleci ci-verify'
--> Generated config.yml is up to date!
--> Config file at config.yml is valid.
```
### Syntax and layout
It is important to understand the layout of the config directory.
Read the documentation on [packing a config] for a full understanding
of how multiple YAML files are merged by the circleci CLI tool.
[packing a config]: https://circleci.com/docs/2.0/local-cli/#packing-a-config
Here is an example file tree (with comments added afterwards):
```sh
$ tree .
.
├── Makefile
├── README.md # This file.
├── config # The source code for config.yml is rooted here.
│   ├── @config.yml # Files beginning with @ are treated specially by `circleci config pack`
│   ├── commands # Subdirectories of config become top-level keys.
│   │   └── go_test.yml # Filenames (minus .yml) become top-level keys under
│   │   └── go_build.yml # their parent (in this case "commands").
│ │ # The contents of go_test.yml therefore are placed at: .commands.go_test:
│   └── jobs # jobs also becomes a top-level key under config...
│   ├── build.yml # ...and likewise filenames become keys under their parent.
│   └── test.yml
└── config.yml # The generated file in 2.0 syntax.
```
About those `@` files... Preceding a filename with `@`
indicates to `$ circleci config pack` that the contents of this YAML file
should be at the top-level, rather than underneath a key named after their filename.
This naming convention is unfortunate as it breaks autocompletion in bash,
but there we go.

1216
.circleci/config.yml
View File

File diff suppressed because it is too large Load Diff

8
.circleci/config/@config.yml
View File

@ -1,8 +0,0 @@
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: MPL-2.0
---
version: 2.1
orbs:
slack: circleci/slack@3.2.0

62
.circleci/config/commands/@caches.yml
View File

@ -1,62 +0,0 @@
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: MPL-2.0
restore_yarn_cache:
steps:
- restore_cache:
name: Restore yarn cache
key: &YARN_LOCK_CACHE_KEY yarn-lock-v7-{{ checksum "ui/yarn.lock" }}
save_yarn_cache:
steps:
- save_cache:
name: Save yarn cache
key: *YARN_LOCK_CACHE_KEY
paths:
- ui/node_modules
# allows restoring go mod caches by incomplete prefix. This is useful when re-generating
# cache, but not when running builds and tests that require an exact match.
# TODO should we be including arch in cache key?
restore_go_mod_cache_permissive:
steps:
- restore_cache:
name: Restore closest matching go modules cache
keys:
- &gocachekey v1.5-{{checksum "go.sum"}}-{{checksum "sdk/go.sum"}}-{{checksum "api/go.sum"}}
- v1.5-{{checksum "go.sum"}}-{{checksum "sdk/go.sum"}}
- v1.5-{{checksum "go.sum"}}
restore_go_mod_cache:
steps:
- restore_cache:
name: Restore exact go modules cache
keys:
- *gocachekey
save_go_mod_cache:
steps:
- save_cache:
name: Save go modules cache
key: *gocachekey
paths:
- /home/circleci/go/pkg/mod
refresh_go_mod_cache:
steps:
- restore_go_mod_cache_permissive
- run:
name: go mod download
command: |
# set GOPATH explicitly to download to the right cache
export GOPATH=$HOME/go
# go list ./... forces downloading some additional versions of modules that 'go mod
# download' misses. We need this because we make use of go list itself during
# code generation in later builds that rely on this module cache.
go list ./...
go mod download -json
( cd sdk && go mod download -json; )
( cd api && go mod download -json; )
- run:
name: Verify downloading modules did not modify any files
command: |
git --no-pager diff --exit-code || {
echo "ERROR: Files modified by go mod download, see above."
exit 1
}
- save_go_mod_cache

10
.circleci/config/commands/configure-git.yml
View File

@ -1,10 +0,0 @@
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: MPL-2.0
steps:
- add_ssh_keys:
fingerprints:
# "CircleCI Additional SSH Key" associated with hc-github-team-secure-vault-core GitHub user
- "b8:e2:38:f8:5b:1b:82:f3:1f:23:fa:46:6e:95:e7:e9"
- run: |
git config --global url."git@github.com:".insteadOf https://github.com/

20
.circleci/config/commands/exit-if-branch-does-not-need-test-ui.yml
View File

@ -1,20 +0,0 @@
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: MPL-2.0
description: >
Check if branch name starts with ui/ or docs/ and if so, exit.
steps:
- run:
working_directory: ~/
name: Check branch name
command: |
case "$CIRCLE_BRANCH" in
main|ui/*|backport/ui/*|release/*|merge*) ;;
*) # If the branch being tested doesn't match one of the above patterns,
# we don't need to run test-ui and can abort the job.
circleci-agent step halt
;;
esac
# exit with success either way
exit 0

17
.circleci/config/commands/exit-if-ui-or-docs-branch.yml
View File

@ -1,17 +0,0 @@
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: MPL-2.0
description: >
Check if branch name starts with ui/ or docs/ and if so, exit.
steps:
- run:
working_directory: ~/
name: Check branch name
command: |
# If the branch being tested starts with ui/ or docs/ we want to exit the job without failing
[[ "$CIRCLE_BRANCH" = ui/* || "$CIRCLE_BRANCH" = docs/* || "$CIRCLE_BRANCH" = backport/docs/* ]] && {
# stop the job from this step
circleci-agent step halt
}
# exit with success either way
exit 0

229
.circleci/config/commands/go_test.yml
View File

@ -1,229 +0,0 @@
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: MPL-2.0
description: run go tests
parameters:
extra_flags:
type: string
default: ""
log_dir:
type: string
default: "/tmp/testlogs"
cache_dir:
type: string
default: /tmp/go-cache
save_cache:
type: boolean
default: false
use_docker:
type: boolean
default: false
arch:
type: string
# Only supported for use_docker=false, and only other value allowed is 386
default: amd64 # must be 386 or amd64
steps:
- configure-git
- run:
name: Compute test cache key
command: |
TZ=GMT date '+%Y%m%d' > /tmp/go-cache-key
- restore_cache:
keys:
- go-test-cache-date-v1-{{ checksum "/tmp/go-cache-key" }}
- restore_go_mod_cache
- run:
name: Run Go tests
no_output_timeout: 60m
environment:
GOPRIVATE: 'github.com/hashicorp/*'
command: |
set -exo pipefail
EXTRA_TAGS=
case "<< parameters.extra_flags >>" in
*-race*) export VAULT_CI_GO_TEST_RACE=1;;
*) EXTRA_TAGS=deadlock;;
esac
# Install CircleCI CLI
curl -sSL \
"https://github.com/CircleCI-Public/circleci-cli/releases/download/v${CIRCLECI_CLI_VERSION}/circleci-cli_${CIRCLECI_CLI_VERSION}_linux_amd64.tar.gz" \
| sudo tar --overwrite -xz \
-C /usr/local/bin \
"circleci-cli_${CIRCLECI_CLI_VERSION}_linux_amd64/circleci"
USE_DOCKER=0
<<# parameters.use_docker >>
USE_DOCKER=1
<</ parameters.use_docker >>
# Check all directories with a go.mod file
modules=("." "api" "sdk")
all_package_names=""
for dir in "${modules[@]}"
do
pushd "$dir"
# On its own line so that -e will fail the tests if we detect errors here.
go list -test -json ./... > test-list.json
# Split Go tests by prior test times. If use_docker is true, only run
# tests that depend on docker, otherwise only those that don't.
# The appended true condition ensures the command will succeed if no packages are found
if [ $USE_DOCKER == 1 ]; then
package_names=$(< test-list.json jq -r 'select(.Deps != null) |
select(any(.Deps[] ; contains("github.com/hashicorp/vault/helper/testhelpers/docker"))) |
.ForTest | select(. != null)' |
sort -u | grep -v vault/integ | circleci tests split --split-by=timings --timings-type=classname || true)
else
package_names=$(< test-list.json jq -r 'select(.Deps != null) |
select(all(.Deps[] ; contains("github.com/hashicorp/vault/helper/testhelpers/docker")|not)) |
.ForTest | select(. != null)' |
sort -u | grep -v vault/integ | circleci tests split --split-by=timings --timings-type=classname || true)
fi
# Move back into root directory
popd
# Append the test packages into the global list, if any are found
if [ -n "$package_names" ]; then
all_package_names+=" ${package_names}"
fi
done
# After running tests split step, we are now running the following steps
# in multiple different containers, each getting a different subset of
# the test packages in their package_names variable. Each container
# has its own remote docker VM.
make prep
mkdir -p test-results/go-test
# We don't want VAULT_LICENSE set when running Go tests, because that's
# not what developers have in their environments and it could break some
# tests; it would be like setting VAULT_TOKEN. However some non-Go
# CI commands, like the UI tests, shouldn't have to worry about licensing.
# So we set VAULT_LICENSE in CI, and here we unset it. Instead of
# VAULT_LICENSE, we populate VAULT_LICENSE_CI, so that tests which want
# an externally supplied license can opt-in to using it.
export VAULT_LICENSE_CI="$VAULT_LICENSE"
VAULT_LICENSE=
# Create a docker network for our test container
if [ $USE_DOCKER == 1 ]; then
# Despite the fact that we're using a circleci image (thus getting the
# version they chose for the docker cli) and that we're specifying a
# docker version to use for the remote docker instances, we occasionally
# see "client version too new, max supported version 1.39" errors for
# reasons unclear.
export DOCKER_API_VERSION=1.39
TEST_DOCKER_NETWORK_NAME="${CIRCLE_WORKFLOW_JOB_ID}-${CIRCLE_NODE_INDEX}"
export TEST_DOCKER_NETWORK_ID=$(docker network list --quiet --no-trunc --filter="name=${TEST_DOCKER_NETWORK_NAME}")
if [ -z $TEST_DOCKER_NETWORK_ID ]; then
docker network prune -f
TEST_DOCKER_NETWORK_ID=$(docker network create "${TEST_DOCKER_NETWORK_NAME}")
fi
# Start a docker test container to run the tests in
CONTAINER_ID="$(docker run -d \
-e TEST_DOCKER_NETWORK_ID \
-e GOPRIVATE \
-e DOCKER_CERT_PATH \
-e DOCKER_HOST \
-e DOCKER_MACHINE_NAME \
-e DOCKER_TLS_VERIFY \
-e NO_PROXY \
-e VAULT_TEST_LOG_DIR=<< parameters.log_dir >> \
--network ${TEST_DOCKER_NETWORK_NAME} \
$GO_IMAGE \
tail -f /dev/null)"
mkdir workspace
echo ${CONTAINER_ID} > workspace/container_id
# Hack: Docker permissions appear to have changed; let's explicitly
# add a new user/group with the correct host uid to the docker
# container, fixing all of these permissions issues correctly. We
# then have to run with this user consistently in the future.
#
# Notably, in this shell pipeline we see:
# uid=1001(circleci) gid=1002(circleci) groups=1002(circleci)
#
# but inside the docker image below, we see:
# uid=3434(circleci) gid=3434(circleci) groups=3434(circleci)
#
# See also: https://github.com/CircleCI-Public/cimg-base/issues/122
export HOST_GID="$(id -g)"
export HOST_UID="$(id -u)"
export CONT_GID="$(docker exec ${CONTAINER_ID} sh -c 'id -g')"
export CONT_GNAME="$(docker exec ${CONTAINER_ID} sh -c 'id -g -n')"
export CONT_UID="$(docker exec ${CONTAINER_ID} sh -c 'id -u')"
if (( HOST_UID != CONT_UID )); then
# Only provision a group if necessary; otherwise reuse the
# existing one.
if (( HOST_GID != CONT_GID )); then
docker exec -e HOST_GID -e CONT_GNAME ${CONTAINER_ID} sh -c 'sudo groupmod -g $HOST_GID $CONT_GNAME'
fi
docker exec -e CONT_GNAME -e HOST_UID ${CONTAINER_ID} sh -c 'sudo usermod -a -G $CONT_GNAME -u $HOST_UID circleci'
fi
# Run tests
test -d << parameters.cache_dir >> && docker cp << parameters.cache_dir >> ${CONTAINER_ID}:/tmp/gocache
docker exec ${CONTAINER_ID} sh -c 'mkdir -p /home/circleci/go/src/github.com/hashicorp/vault'
docker cp . ${CONTAINER_ID}:/home/circleci/go/src/github.com/hashicorp/vault/
docker cp $DOCKER_CERT_PATH/ ${CONTAINER_ID}:$DOCKER_CERT_PATH
# Copy the downloaded modules inside the container.
docker exec ${CONTAINER_ID} sh -c 'mkdir -p /home/circleci/go/pkg'
docker cp "$(go env GOPATH)/pkg/mod" ${CONTAINER_ID}:/home/circleci/go/pkg/mod
docker exec -w /home/circleci/go/src/github.com/hashicorp/vault/ \
-e CIRCLECI -e VAULT_CI_GO_TEST_RACE \
-e GOCACHE=/tmp/gocache \
-e GO_TAGS \
-e GOPROXY="off" \
-e VAULT_LICENSE_CI \
-e GOARCH=<< parameters.arch >> \
${CONTAINER_ID} \
gotestsum --format=short-verbose \
--junitfile test-results/go-test/results.xml \
--jsonfile test-results/go-test/results.json \
-- \
-tags "${GO_TAGS} ${EXTRA_TAGS}" \
-timeout=60m \
-parallel=20 \
<< parameters.extra_flags >> \
${all_package_names}
else
GOARCH=<< parameters.arch >> \
GOCACHE=<< parameters.cache_dir >> \
gotestsum --format=short-verbose \
--junitfile test-results/go-test/results.xml \
--jsonfile test-results/go-test/results.json \
-- \
-tags "${GO_TAGS} ${EXTRA_TAGS}" \
-timeout=60m \
-parallel=20 \
<< parameters.extra_flags >> \
${all_package_names}
fi
- when:
condition: << parameters.use_docker >>
steps:
- run:
name: Copy test results
when: always
command: |
docker cp $(cat workspace/container_id):/home/circleci/go/src/github.com/hashicorp/vault/test-results .
docker cp $(cat workspace/container_id):/tmp/gocache << parameters.cache_dir >>
- when:
condition: << parameters.save_cache >>
steps:
- save_cache:
when: always
key: go-test-cache-date-v1-{{ checksum "/tmp/go-cache-key" }}
paths:
- << parameters.cache_dir >>

38
.circleci/config/commands/setup-go.yml
View File

@ -1,38 +0,0 @@
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: MPL-2.0
---
description: >
Ensure the right version of Go is installed and set GOPATH to $HOME/go.
parameters:
GOPROXY:
description: >
Set GOPROXY. By default this is set to "off" meaning you have to have all modules pre-downloaded.
type: string
default: "off"
GOPRIVATE:
description: Set GOPRIVATE, defaults to github.com/hashicorp/*
type: string
default: github.com/hashicorp/*
steps:
- run:
name: Setup Go
command: |
GO_VERSION=$(cat .go-version)
[ -n "$GO_VERSION" ] || { echo "You must set GO_VERSION"; exit 1; }
# Install Go
cd ~
curl -sSLO "https://dl.google.com/go/go${GO_VERSION}.linux-amd64.tar.gz"
sudo rm -rf /usr/local/go
sudo tar -C /usr/local -xzf "go${GO_VERSION}.linux-amd64.tar.gz"
rm -f "go${GO_VERSION}.linux-amd64.tar.gz"
GOPATH="/home/circleci/go"
mkdir $GOPATH 2>/dev/null || { sudo mkdir $GOPATH && sudo chmod 777 $GOPATH; }
mkdir $GOPATH/bin 2>/dev/null || { sudo mkdir $GOPATH/bin && sudo chmod 777 $GOPATH/bin; }
echo "export GOPATH='$GOPATH'" >> "$BASH_ENV"
echo "export PATH='$PATH:$GOPATH/bin:/usr/local/go/bin'" >> "$BASH_ENV"
echo "export GOPROXY=<<parameters.GOPROXY>>" >> "$BASH_ENV"
echo "export GOPRIVATE=<<parameters.GOPRIVATE>>" >> "$BASH_ENV"
echo "$ go version"
go version

51
.circleci/config/executors/@executors.yml
View File

@ -1,51 +0,0 @@
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: MPL-2.0
references:
environment: &ENVIRONMENT
CIRCLECI_CLI_VERSION: 0.1.5546 # Pin CircleCI CLI to patch version (ex: 1.2.3)
GOTESTSUM_VERSION: 0.5.2 # Pin gotestsum to patch version (ex: 1.2.3)
GOFUMPT_VERSION: 0.3.1 # Pin gofumpt to patch version (ex: 1.2.3)
GO_TAGS: ""
GO_IMAGE: &GO_IMAGE "docker.mirror.hashicorp.services/cimg/go:1.20.1"
go-machine:
machine:
image: ubuntu-2004:2022.10.1
environment: *ENVIRONMENT
shell: /usr/bin/env bash -euo pipefail -c
working_directory: /home/circleci/go/src/github.com/hashicorp/vault
node:
docker:
- image: docker.mirror.hashicorp.services/circleci/node:14-browsers
environment:
# See https://git.io/vdao3 for details.
JOBS: 2
shell: /usr/bin/env bash -euo pipefail -c
working_directory: /home/circleci/go/src/github.com/hashicorp/vault
python:
docker:
- image: docker.mirror.hashicorp.services/python:3-alpine
shell: /usr/bin/env bash -euo pipefail -c
working_directory: /home/circleci/go/src/github.com/hashicorp/vault
semgrep:
docker:
- image: docker.mirror.hashicorp.services/returntocorp/semgrep:0.113.0
shell: /bin/sh
working_directory: /home/circleci/go/src/github.com/hashicorp/vault
docker-env-go-test-remote-docker:
resource_class: medium
docker:
- image: *GO_IMAGE
environment: *ENVIRONMENT
working_directory: /home/circleci/go/src/github.com/hashicorp/vault
docker-env-go-test:
resource_class: large
docker:
- image: *GO_IMAGE
environment: *ENVIRONMENT
working_directory: /home/circleci/go/src/github.com/hashicorp/vault
docker-env-go-test-race:
resource_class: xlarge
docker:
- image: *GO_IMAGE
environment: *ENVIRONMENT
working_directory: /home/circleci/go/src/github.com/hashicorp/vault

23
.circleci/config/jobs/build-go-dev.yml
View File

@ -1,23 +0,0 @@
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: MPL-2.0
executor: go-machine
steps:
- checkout
- setup-go
- restore_go_mod_cache
- attach_workspace:
at: .
- run:
name: Build dev binary
command: |
# Move dev UI assets to expected location
rm -rf ./pkg
mkdir ./pkg
# Build dev binary
make ci-bootstrap dev
- persist_to_workspace:
root: .
paths:
- bin

20
.circleci/config/jobs/fmt.yml
View File

@ -1,20 +0,0 @@
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: MPL-2.0
description: Ensure go formatting is correct.
executor: go-machine
steps:
- checkout
# Setup Go enabling the proxy for downloading modules.
- setup-go:
GOPROXY: https://proxy.golang.org,direct
- run:
name: make fmt
command: |
echo "Using gofumpt version ${GOFUMPT_VERSION}"
go install "mvdan.cc/gofumpt@v${GOFUMPT_VERSION}"
make fmt
if ! git diff --exit-code; then
echo "Code has formatting errors. Run 'make fmt' to fix"
exit 1
fi

14
.circleci/config/jobs/install-ui-dependencies.yml
View File

@ -1,14 +0,0 @@
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: MPL-2.0
executor: node
steps:
- checkout
- restore_yarn_cache
- run:
name: Install UI dependencies
command: |
cd ui
yarn install
npm rebuild node-sass
- save_yarn_cache

37
.circleci/config/jobs/pre-flight-checks.yml
View File

@ -1,37 +0,0 @@
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: MPL-2.0
description: Ensure nothing obvious is broken, and pre-cache Go modules.
executor: go-machine
steps:
- checkout
# Setup Go enabling the proxy for downloading modules.
- setup-go:
GOPROXY: https://proxy.golang.org,direct
- run:
name: Install CircleCI CLI
environment:
ARCH: linux_amd64
BASE: https://github.com/CircleCI-Public/circleci-cli/releases/download
command: |
export CCI_PATH=/tmp/circleci-cli/$CIRCLECI_CLI_VERSION
mkdir -p $CCI_PATH
NAME=circleci-cli_${CIRCLECI_CLI_VERSION}_${ARCH}
URL=$BASE/v${CIRCLECI_CLI_VERSION}/${NAME}.tar.gz
curl -sSL $URL \
| tar --overwrite --strip-components=1 -xz -C $CCI_PATH "${NAME}/circleci"
# Add circleci to the path for subsequent steps.
echo "export PATH=$CCI_PATH:\$PATH" >> $BASH_ENV
# Done, print some debug info.
set -x
. $BASH_ENV
which circleci
circleci version
- run:
name: Verify CircleCI
command: |
set -x
. $BASH_ENV
make ci-verify
- configure-git
- refresh_go_mod_cache

18
.circleci/config/jobs/semgrep.yml
View File

@ -1,18 +0,0 @@
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: MPL-2.0
---
executor: semgrep
steps:
- checkout
- attach_workspace:
at: .
- run:
name: Run Semgrep Rules
command: |
# Alpine images can't run the make file due to a bash requirement. Run
# semgrep explicitly here.
export PATH="$HOME/.local/bin:$PATH"
echo -n 'Semgrep Version: '
semgrep --version
semgrep --error --include '*.go' --exclude 'vendor' -f tools/semgrep/ci .

17
.circleci/config/jobs/test-go-nightly.yml
View File

@ -1,17 +0,0 @@
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: MPL-2.0
executor: go-machine
steps:
- checkout
- setup-go
- restore_go_mod_cache
- go_test:
log_dir: "/tmp/testlogs"
save_cache: true
- store_artifacts:
path: test-results
- store_test_results:
path: test-results
- store_artifacts:
path: "/tmp/testlogs"

21
.circleci/config/jobs/test-go-race-remote-docker.yml
View File

@ -1,21 +0,0 @@
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: MPL-2.0
executor: docker-env-go-test-remote-docker
parallelism: 8
steps:
- exit-if-ui-or-docs-branch
- checkout
- setup_remote_docker:
version: 20.10.17
docker_layer_caching: true
- go_test:
extra_flags: "-race"
log_dir: "/tmp/testlogs"
use_docker: true
- store_artifacts:
path: test-results
- store_test_results:
path: test-results
- store_artifacts:
path: "/tmp/testlogs"

17
.circleci/config/jobs/test-go-race.yml
View File

@ -1,17 +0,0 @@
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: MPL-2.0
executor: docker-env-go-test-race
parallelism: 8
steps:
- exit-if-ui-or-docs-branch
- checkout
- go_test:
extra_flags: "-race"
log_dir: "/tmp/testlogs"
- store_artifacts:
path: test-results
- store_test_results:
path: test-results
- store_artifacts:
path: "/tmp/testlogs"

20
.circleci/config/jobs/test-go-remote-docker.yml
View File

@ -1,20 +0,0 @@
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: MPL-2.0
executor: docker-env-go-test-remote-docker
parallelism: 8
steps:
- exit-if-ui-or-docs-branch
- checkout
- setup_remote_docker:
version: 20.10.17
docker_layer_caching: true
- go_test:
log_dir: "/tmp/testlogs"
use_docker: true
- store_artifacts:
path: test-results
- store_test_results:
path: test-results
- store_artifacts:
path: "/tmp/testlogs"

16
.circleci/config/jobs/test-go.yml
View File

@ -1,16 +0,0 @@
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: MPL-2.0
executor: docker-env-go-test
parallelism: 8
steps:
- exit-if-ui-or-docs-branch
- checkout
- go_test:
log_dir: "/tmp/testlogs"
- store_artifacts:
path: test-results
- store_test_results:
path: test-results
- store_artifacts:
path: "/tmp/testlogs"

25
.circleci/config/jobs/test-ui.yml
View File

@ -1,25 +0,0 @@
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: MPL-2.0
executor: node
resource_class: xlarge
steps:
- exit-if-branch-does-not-need-test-ui
- checkout
- restore_yarn_cache
- attach_workspace:
at: .
- run:
name: Test UI
command: |
# Add ./bin to the PATH so vault binary can be run by Ember tests
export PATH="${PWD}/bin:${PATH}"
# Run Ember tests
cd ui
mkdir -p test-results/qunit
yarn test:oss
- store_artifacts:
path: ui/test-results
- store_test_results:
path: ui/test-results

38
.circleci/config/workflows/ci.yml
View File

@ -1,38 +0,0 @@
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: MPL-2.0
jobs:
- pre-flight-checks
- fmt
- install-ui-dependencies:
requires:
- pre-flight-checks
- build-go-dev:
requires:
- pre-flight-checks
- test-ui:
requires:
- install-ui-dependencies
- build-go-dev
# Only main, UI, release and merge branches need to run UI tests.
# We don't filter here however because test-ui is configured in github as
# required so it must run, instead we short-circuit within test-ui.
- test-go:
requires:
- pre-flight-checks
# We don't filter here because this is a required CI check;
# instead we short-circuit within the test command so it ends quickly.
- test-go-remote-docker:
requires:
- pre-flight-checks
# We don't filter here because this is a required CI check;
# instead we short-circuit within the test command so it ends quickly.
- test-go-race:
requires:
- pre-flight-checks
- test-go-race-remote-docker:
requires:
- pre-flight-checks
- semgrep:
requires:
- pre-flight-checks

23
.github/workflows/goversion-checker.yml vendored
View File

@ -1,23 +0,0 @@
name: Check Go version
on:
pull_request:
types: [opened, synchronize]
jobs:
go-version-check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
ref: ${{ github.event.pull_request.head.sha }}
fetch-depth: 0
- name: Verify go versions in tree are consistent with one another
run: |
GOVER=$(cat .go-version)
EXPECTED="docker.mirror.hashicorp.services/cimg/go:$GOVER"
GOT=$(yq .references.environment.GO_IMAGE .circleci/config/executors/@executors.yml)
if [ "$EXPECTED" != "$GOT" ]; then
echo "version mismatch, .go-version has '$GOVER' and circleci config uses '$GOT'"
exit 1
fi

2
.hooks/pre-commit
View File

@ -35,7 +35,7 @@ block() {
# Add all check functions to this space separated list.
# They are executed in this order (see end of file).
CHECKS="ui_lint circleci_verify"
CHECKS="ui_lint"
# Run ui linter if changes in that dir detected.
ui_lint() {

7
Makefile
View File

@ -257,13 +257,6 @@ hana-database-plugin:
mongodb-database-plugin:
@CGO_ENABLED=0 $(GO_CMD) build -o bin/mongodb-database-plugin ./plugins/database/mongodb/mongodb-database-plugin
.PHONY: ci-config
ci-config:
@$(MAKE) -C .circleci ci-config
.PHONY: ci-verify
ci-verify:
@$(MAKE) -C .circleci ci-verify
.PHONY: bin default prep test vet bootstrap ci-bootstrap fmt fmtcheck mysql-database-plugin mysql-legacy-database-plugin cassandra-database-plugin influxdb-database-plugin postgresql-database-plugin mssql-database-plugin hana-database-plugin mongodb-database-plugin ember-dist ember-dist-dev static-dist static-dist-dev assetcheck check-vault-in-path packages build build-ci semgrep semgrep-ci vet-godoctests ci-vet-godoctests
.NOTPARALLEL: ember-dist ember-dist-dev