Update repo for Windows artifact build pipeline GHA migration (#34273)

gravitational · Nov 9, 2023 · eeb4724 · eeb4724
1 parent 810c5a3
commit eeb4724
Show file tree

Hide file tree

Showing 8 changed files with 343 additions and 1,103 deletions.
diff --git a/.drone.yml b/.drone.yml
diff --git a/build.assets/windows/build.ps1 b/build.assets/windows/build.ps1
diff --git a/dronegen/aws.go b/dronegen/aws.go
@@ -21,7 +21,7 @@ import (
 
 // awsRoleSettings contains the information necessary to assume an AWS Role
 //
-// This is intended to be imbedded, please use the kubernetes/mac/windows versions
+// This is intended to be embedded, please use the kubernetes/mac versions
 // with their corresponding pipelines.
 type awsRoleSettings struct {
 	awsAccessKeyID     value

diff --git a/dronegen/common.go b/dronegen/common.go
@@ -148,20 +148,18 @@ func cloneRepoCommands(cloneDirectory, commit string) []string {
 }
 
 type buildType struct {
-	os              string
-	arch            string
-	fips            bool
-	centos7         bool
-	windowsUnsigned bool
-	buildConnect    bool
+	os           string
+	arch         string
+	fips         bool
+	centos7      bool
+	buildConnect bool
 }
 
 // Description provides a human-facing description of the artifact, e.g.:
 //
-//	Windows 64-bit (tsh client only)
 //	Linux ARMv7 (32-bit)
 //	MacOS Intel .pkg installer
-func (b *buildType) Description(packageType string, extraQualifications ...string) string {
+func (b *buildType) Description(packageType string) string {
 	var result string
 
 	var os string
@@ -175,8 +173,6 @@ func (b *buildType) Description(packageType string, extraQualifications ...strin
 		os = "Linux"
 	case "darwin":
 		os = "MacOS"
-	case "windows":
-		os = "Windows"
 	default:
 		panic(fmt.Sprintf("unhandled OS: %s", b.os))
 	}
@@ -207,14 +203,12 @@ func (b *buildType) Description(packageType string, extraQualifications ...strin
 		qualifications = append(qualifications, "FedRAMP/FIPS")
 	}
 
-	qualifications = append(qualifications, extraQualifications...)
-
 	result = os
 
 	if b.os == "darwin" {
 		result += fmt.Sprintf(" %s", darwinArch)
 	} else {
-		// arch is implicit for Windows/Linux i386/amd64
+		// arch is implicit for Linux i386/amd64
 		if arch == "" {
 			result += fmt.Sprintf(" %d-bit", bitness)
 		} else {
@@ -268,15 +262,6 @@ func releaseMakefileTarget(b buildType) string {
 		makefileTarget += "-fips"
 	}
 
-	// Override Windows targets.
-	if b.os == "windows" {
-		if b.windowsUnsigned {
-			makefileTarget = "release-windows-unsigned"
-		} else {
-			makefileTarget = "release-windows"
-		}
-	}
-
 	return makefileTarget
 }
 

diff --git a/dronegen/push.go b/dronegen/push.go
@@ -63,11 +63,9 @@ func pushPipelines() []pipeline {
 		},
 	}))
 
-	// Only amd64 Windows is supported for now.
-	ps = append(ps, ghaLinuxPushPipeline(buildType{os: "windows", arch: "amd64", windowsUnsigned: true}))
+	ps = append(ps, ghaWindowsPushPipeline())
 
 	ps = append(ps, darwinPushPipelineGHA())
-	ps = append(ps, windowsPushPipeline())
 	return ps
 }
 

diff --git a/dronegen/tag.go b/dronegen/tag.go
@@ -71,13 +71,6 @@ func tagBuildCommands(b buildType) []string {
 		)
 	}
 
-	// For Windows builds, configure code signing.
-	if b.os == "windows" {
-		commands = append(commands,
-			`echo -n "$WINDOWS_SIGNING_CERT" | base64 -d > windows-signing-cert.pfx`,
-		)
-	}
-
 	commands = append(commands,
 		fmt.Sprintf(
 			`make -C build.assets %s`, releaseMakefileTarget(b),
@@ -92,44 +85,21 @@ func tagBuildCommands(b buildType) []string {
 		}
 	}
 
-	if b.os == "windows" {
-		commands = append(commands,
-			`rm -f windows-signing-cert.pfx`,
-		)
-	}
-
 	return commands
 }
 
 // tagCopyArtifactCommands generates a set of commands to find and copy built tarball artifacts as part of a tag build
 func tagCopyArtifactCommands(b buildType) []string {
-	extension := ".tar.gz"
-	if b.os == "windows" {
-		extension = ".zip"
-	}
-
 	commands := []string{
 		`cd /go/src/github.com/gravitational/teleport`,
 	}
 
 	// don't copy OSS artifacts for any FIPS build
 	if !b.fips {
-		commands = append(commands,
-			fmt.Sprintf(`find . -maxdepth 1 -iname "teleport*%s" -print -exec cp {} /go/artifacts \;`, extension),
-		)
+		commands = append(commands, `find . -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts \;`)
 	}
 
-	// copy enterprise artifacts
-	if b.os == "windows" {
-		commands = append(commands,
-			`export VERSION=$(cat /go/.version.txt)`,
-			`cp /go/artifacts/teleport-v$${VERSION}-windows-amd64-bin.zip /go/artifacts/teleport-ent-v$${VERSION}-windows-amd64-bin.zip`,
-		)
-	} else {
-		commands = append(commands,
-			`find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts \;`,
-		)
-	}
+	commands = append(commands, `find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts \;`)
 
 	// we need to specifically rename artifacts which are created for CentOS
 	// these is the only special case where renaming is not handled inside the Makefile
@@ -155,7 +125,7 @@ func tagCopyArtifactCommands(b buildType) []string {
 	}
 
 	// generate checksums
-	commands = append(commands, fmt.Sprintf(`cd /go/artifacts && for FILE in teleport*%s; do sha256sum $FILE > $FILE.sha256; done && ls -l`, extension))
+	commands = append(commands, `cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256; done && ls -l`)
 
 	if b.os == "linux" && b.hasTeleportConnect() {
 		commands = append(commands,
@@ -262,16 +232,13 @@ func tagPipelines() []pipeline {
 		},
 	}))
 
-	// Only amd64 Windows is supported for now.
-	ps = append(ps, tagPipeline(buildType{os: "windows", arch: "amd64"}))
-
 	// Also add CentOS artifacts
 	// CentOS 6 FIPS builds have been removed in Teleport 7.0. See https://github.com/gravitational/teleport/issues/7207
 	ps = append(ps, tagPipeline(buildType{os: "linux", arch: "amd64", centos7: true}))
 	ps = append(ps, tagPipeline(buildType{os: "linux", arch: "amd64", centos7: true, fips: true}))
 
 	ps = append(ps, darwinTagPipelineGHA())
-	ps = append(ps, windowsTagPipeline())
+	ps = append(ps, windowsTagPipelineGHA())
 
 	ps = append(ps, tagCleanupPipeline())
 	return ps
@@ -303,15 +270,6 @@ func tagPipeline(b buildType) pipeline {
 		tagEnvironment["FIPS"] = value{raw: "yes"}
 	}
 
-	if b.os == "windows" {
-		tagEnvironment["WINDOWS_SIGNING_CERT"] = value{fromSecret: "WINDOWS_SIGNING_CERT"}
-	}
-
-	var extraQualifications []string
-	if b.os == "windows" {
-		extraQualifications = []string{"tsh client only"}
-	}
-
 	p := newKubePipeline(pipelineName)
 	p.Environment = map[string]value{
 		"BUILDBOX_VERSION": buildboxVersion,
@@ -367,7 +325,7 @@ func tagPipeline(b buildType) pipeline {
 			Name:     "Register artifacts",
 			Image:    "docker",
 			Pull:     "if-not-exists",
-			Commands: tagCreateReleaseAssetCommands(b, "", extraQualifications),
+			Commands: tagCreateReleaseAssetCommands(b, ""),
 			Environment: map[string]value{
 				"RELEASES_CERT": {fromSecret: "RELEASES_CERT"},
 				"RELEASES_KEY":  {fromSecret: "RELEASES_KEY"},
@@ -419,7 +377,7 @@ func tagCopyPackageArtifactCommands(b buildType, packageType string) []string {
 }
 
 // createReleaseAssetCommands generates a set of commands to create release & asset in release management service
-func tagCreateReleaseAssetCommands(b buildType, packageType string, extraQualifications []string) []string {
+func tagCreateReleaseAssetCommands(b buildType, packageType string) []string {
 	commands := []string{
 		`WORKSPACE_DIR=$${WORKSPACE_DIR:-/}`,
 		`VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")`,
@@ -461,7 +419,7 @@ find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r fi
 
   curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="%[2]s" -F arch="%[3]s" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets";
 done`,
-			b.Description(packageType, extraQualifications...), b.os, b.arch),
+			b.Description(packageType), b.os, b.arch),
 	}
 	return commands
 }
@@ -628,7 +586,7 @@ func tagPackagePipeline(packageType string, b buildType) pipeline {
 		{
 			Name:     "Register artifacts",
 			Image:    "docker",
-			Commands: tagCreateReleaseAssetCommands(b, strings.ToUpper(packageType), nil),
+			Commands: tagCreateReleaseAssetCommands(b, strings.ToUpper(packageType)),
 			Environment: map[string]value{
 				"RELEASES_CERT": {fromSecret: "RELEASES_CERT"},
 				"RELEASES_KEY":  {fromSecret: "RELEASES_KEY"},

diff --git a/dronegen/types.go b/dronegen/types.go
@@ -56,16 +56,6 @@ func newKubePipeline(name string) pipeline {
 	}
 }
 
-func newExecPipeline(name string) pipeline {
-	return pipeline{
-		comment: generatedComment(),
-		Kind:    "pipeline",
-		Type:    "exec",
-		Name:    name,
-		Clone:   clone{Disable: true},
-	}
-}
-
 func generatedComment() string {
 	c := `################################################
 # Generated using dronegen, do not edit by hand!