Fix CI Pipelines, remove references to HashiCorp Infrastructure #168
Conversation
cipherboy
force-pushed
the
add-test-actions
branch
8 times, most recently
from
5d7be74
to
a44d498
Compare
|
Are we going to continue with a single file per change approach instead of a single CHANGELOG file? |
|
@Gabrielopesantos If I recall correctly, GH actions doesn't provision a privileged token for pull requests from forks... Wonder how other projects handle this? Upstream mostly had contributions from inside the repo, so it wasn't as much of a problem... Hmmm... And to answer your question, yes, I think we're planning on using the changelog builder still. |
Makes sense, I didn't consider that. Something like this might be what we are looking for. As far as I understood, it is possible to set workflows to only run once approved by someone with write permission. |
|
@Gabrielopesantos said:
I think this page: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token states that the token for pull requests should have write permission. But its not clear to me why it failed: Unless perhaps so I'm still suspicious of write permissions, IMO. |
This retains the original HashiCorp upstream build & test pipelines, cleaning them up for OpenBao and removing HashiCorp internal tooling references that aren't necessary for us. The CI pipeline currently fails with test errors and commenting will need to be tested on the main repository with an appropriately scoped token. However, builds pass and produce usable, unsigned artifacts. This can form the basis of a proper (signed) release pipeline eventually, taking actions from the build stage of the tagged release commit and signing and verifying them. In order to fix CI, some changes to the Go modules were done, removing redundant tooling packages and re-adding the kubernetes integration tests. This also fixes CI to correctly run api & sdk tests, fixing openbao#61 again. Removed, unnecessary actions: - actionlint was used to allow-list actions upstream, - add-hashicorp-contributed-label was used to add a label to internal PRs for visibility, - backport was the tool to automatically backport PRs, - milestone-checker was used to ensure PRs had appropriate milestones prior to merge, - oss was used to classify issues against the specified label category - remove-labels was used to clean up issues & PRs - security-scan requires internal tooling not made public - test-ci-bootstrap & test-ci-cleanup are both part of the complex Enos integration tests, which were removed in 85455fb due to resource requirements. Resolves: openbao#31 Resolves: openbao#42 Resolves: openbao#152 Related: openbao#153 Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>
naphelps
force-pushed
the
add-test-actions
branch
from
a44d498
to
37a0b1b
Compare
This fixes many pipelines and removes others that aren't necessary any more. In doing so, we had to:
I also added RISC-V 64-bit support while I was here. :-)
This pipeline can be seen in action on my fork: cipherboy#1 --> https://github.com/cipherboy/openbao/pull/1/checks
TODO:
Check that builds work-->Builds do not work as they rely onI've fixed the build pipelines as part of this. Releasing is a different story; these builds aren't signed (for obvious reasons); I'm not sure if the Linux Foundation handles this for us or not.dist/vaultandhashicorp/actions-packaging-linux-- as part of Fork - Release Pipeline #153 we should replace those.Resolves: #31
Resolves: #42
Resolves: #152
Related: #153