hashicorp · tvoran · Apr 8, 2022 · Mar 22, 2022 · Mar 22, 2022 · Mar 22, 2022
@@ -0,0 +1,98 @@
+name: build
+
+on:
+  push:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: "Version to build, e.g. 0.1.0"
+        type: string
+        required: false
+
+env:
+  PKG_NAME: "vault-lambda-extension"
+
+jobs:
+  get-go-version:
+    name: "Determine Go toolchain version"
+    runs-on: ubuntu-latest
+    outputs:
+      go-version: ${{ steps.get-go-version.outputs.go-version }}
+    steps:
+      - uses: actions/checkout@v2
+      - name: Determine Go version
+        id: get-go-version
+        run: |
+          echo "Building with Go $(cat .go-version)"
+          echo "::set-output name=go-version::$(cat .go-version)"
+
+  get-product-version:
+    runs-on: ubuntu-latest
+    outputs:
+      product-version: ${{ steps.get-product-version.outputs.product-version }}
+    steps:
+      - uses: actions/checkout@v2
+      - name: get product version
+        id: get-product-version
+        run: |
+          VERSION="${{ github.event.inputs.version || '0.0.0-dev' }}"
+          echo "Using version ${VERSION}"
+          echo "::set-output name=product-version::${VERSION}"
+
+  generate-metadata-file:
+    needs: get-product-version
+    runs-on: ubuntu-latest
+    outputs:
+      filepath: ${{ steps.generate-metadata-file.outputs.filepath }}
+    steps:
+      - name: "Checkout directory"
+        uses: actions/checkout@v2
+      - name: Generate metadata file
+        id: generate-metadata-file
+        uses: hashicorp/actions-generate-metadata@v1
+        with:
+          version: ${{ needs.get-product-version.outputs.product-version }}
+          product: ${{ env.PKG_NAME }}
+          repositoryOwner: "hashicorp"
+      - uses: actions/upload-artifact@v2
+        with:
+          name: metadata.json
+          path: ${{ steps.generate-metadata-file.outputs.filepath }}
+
+  build:
+    needs:
+      - get-go-version
+      - get-product-version
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        goos: [linux]
+        goarch: ["arm64", "amd64"]
+
+      fail-fast: true
+
+    name: Go ${{ needs.get-go-version.outputs.go-version }} ${{ matrix.goos }} ${{ matrix.goarch }} build
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Setup go
+        uses: actions/setup-go@v2
+        with:
+          go-version: ${{ needs.get-go-version.outputs.go-version }}
+
+      - name: Build
+        env:
+          GOOS: ${{ matrix.goos }}
+          GOARCH: ${{ matrix.goarch }}
+        run: |
+          make build
+          pushd pkg
+          mkdir out
+          zip -r out/${{ env.PKG_NAME }}_${{ needs.get-product-version.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip extensions
+          popd
+
+      - uses: actions/upload-artifact@v2
+        with:
+          name: ${{ env.PKG_NAME }}_${{ needs.get-product-version.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip
+          path: pkg/out/${{ env.PKG_NAME }}_${{ needs.get-product-version.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip
@@ -0,0 +1,84 @@
+name: test
+
+# Run this workflow on pushes and manually
+on: [push, workflow_dispatch]
+
+jobs:
+  get-go-version:
+    name: "Determine Go toolchain version"
+    runs-on: ubuntu-latest
+    outputs:
+      go-version: ${{ steps.get-go-version.outputs.go-version }}
+    steps:
+      - uses: actions/checkout@v2
+      - name: Determine Go version
+        id: get-go-version
+        run: |
+          echo "Building with Go $(cat .go-version)"
+          echo "::set-output name=go-version::$(cat .go-version)"
+
+  golangci:
+    name: lint
+    needs:
+      - get-go-version
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/setup-go@v2
+        with:
+          go-version: ${{ needs.get-go-version.outputs.go-version }}
+      - uses: actions/checkout@v2
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v2
+        with:
+          args: |
+            -v --concurrency 2 \
+            --disable-all \
+            --timeout 10m \
+            --enable gofmt \
+            --enable gosimple \
+            --enable govet
+
+  gomod:
+    needs:
+        - get-go-version
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/setup-go@v2
+        with:
+          go-version: ${{ needs.get-go-version.outputs.go-version }}
+      - uses: actions/checkout@v2
+      - name: go mod tidy
+        run: |
+          make mod
+          if ! git diff --exit-code; then
+            echo "Git directory has go.mod or go.sum changes"
+            exit 1
+          fi
+
+  test:
+    needs:
+      - get-go-version
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+
+      # cache/restore go mod
+      - uses: actions/cache@v2
+        with:
+          path: |
+            ~/.cache/go-build
+            ~/go/pkg/mod
+          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-go-
+
+      - uses: actions/setup-go@v2
+        with:
+          go-version: ${{ needs.get-go-version.outputs.go-version }}
+
+      - name: Install gotestsum
+        run: go install gotest.tools/gotestsum@v1.7.0
+
+      - name: Test
+        run: |
+          make test
@@ -0,0 +1 @@
+1.17.8
@@ -0,0 +1,138 @@
+schema = "1"
+
+project "vault-lambda-extension" {
+  team = "vault"
+  slack {
+    notification_channel = "CRF6FFKEW"
+  }
+  github {
+    organization = "hashicorp"
+    repository = "vault-lambda-extension"
+    release_branches = ["main"]
+  }
+}
+
+event "merge" {
+  // "entrypoint" to use if build is not run automatically
+  // i.e. send "merge" complete signal to orchestrator to trigger build
+}
+
+event "build" {
+  depends = ["merge"]
+  action "build" {
+    organization = "hashicorp"
+    repository = "vault-lambda-extension"
+    workflow = "build"
+  }
+}
+
+event "upload-dev" {
+  depends = ["build"]
+  action "upload-dev" {
+    organization = "hashicorp"
+    repository = "crt-workflows-common"
+    workflow = "upload-dev"
+    depends = ["build"]
+  }
+
+  notification {
+    on = "fail"
+  }
+}
+
+event "security-scan-binaries" {
+  depends = ["upload-dev"]
+  action "security-scan-binaries" {
+    organization = "hashicorp"
+    repository = "crt-workflows-common"
+    workflow = "security-scan-binaries"
+    config = "security-scan.hcl"
+  }
+
+  notification {
+    on = "fail"
+  }
+}
+
+event "sign" {
+  depends = ["security-scan-binaries"]
+  action "sign" {
+    organization = "hashicorp"
+    repository = "crt-workflows-common"
+    workflow = "sign"
+  }
+
+  notification {
+    on = "fail"
+  }
+}
+
+event "verify" {
+  depends = ["sign"]
+  action "verify" {
+    organization = "hashicorp"
+    repository = "crt-workflows-common"
+    workflow = "verify"
+  }
+
+  notification {
+    on = "fail"
+  }
+}
+
+## These are promotion and post-publish events
+## they should be added to the end of the file after the verify event stanza.
+
+event "trigger-staging" {
+// This event is dispatched by the bob trigger-promotion command
+// and is required - do not delete.
+}
+
+event "promote-staging" {
+  depends = ["trigger-staging"]
+  action "promote-staging" {
+    organization = "hashicorp"
+    repository = "crt-workflows-common"
+    workflow = "promote-staging"
+  }
+
+  notification {
+    on = "always"
+  }
+}
+
+event "promote-layer-staging" {
+  depends = ["promote-staging"]
+  action "promote-layer-staging" {
+    organization = "hashicorp"
+    repository = "vault-lambda-extension-release"
+    workflow = "promote-layer-staging"
+  }
+}
+
+event "trigger-production" {
+// This event is dispatched by the bob trigger-promotion command
+// and is required - do not delete.
+}
+
+event "promote-production" {
+  depends = ["trigger-production"]
+  action "promote-production" {
+    organization = "hashicorp"
+    repository = "crt-workflows-common"
+    workflow = "promote-production"
+  }
+
+  notification {
+    on = "always"
+  }
+}
+
+event "promote-layer-production" {
+  depends = ["promote-production"]
+  action "promote-layer-production" {
+    organization = "hashicorp"
+    repository = "vault-lambda-extension-release"
+    workflow = "promote-layer-production"
+  }
+}
@@ -0,0 +1,7 @@
+binary {
+	secrets      = true
+	go_modules   = true
+	osv          = true
+	oss_index    = false
+	nvd          = false
+}
@@ -3,6 +3,7 @@
 CHANGES:
 
 * Static function code can now reliably read secrets written to disk, because extension registration now occurs after writing files. [[GH-61](https://github.com/hashicorp/vault-lambda-extension/pull/61)]
+* arm64 architecture now supported [[GH-67](https://github.com/hashicorp/vault-lambda-extension/pull/67)]
 
 ## 0.6.0 (March 14, 2022)
 

@@ -0,0 +1,3 @@
+# release configuration
+/.release/                              @hashicorp/release-engineering
+/.github/workflows/build.yml            @hashicorp/release-engineering
@@ -1,10 +1,6 @@
 GOOS?=linux
 GOARCH?=amd64
-GOLANG_IMAGE?=docker.mirror.hashicorp.services/golang:1.17.7
 CI_TEST_ARGS=
-ifdef CI
-override CI_TEST_ARGS:=--junitfile=$(TEST_RESULTS_DIR)/go-test/results.xml --jsonfile=$(TEST_RESULTS_DIR)/go-test/results.json
-endif
 
 .PHONY: build lint test clean mod quick-start quick-start-destroy publish-layer-version