diff --git a/.ci/build.sh b/.ci/build.sh new file mode 100755 index 000000000..d259356ec --- /dev/null +++ b/.ci/build.sh @@ -0,0 +1,20 @@ +#!/usr/bin/env bash + +csource="${BASH_SOURCE[0]}" +while [ -h "$csource" ] ; do csource="$(readlink "$csource")"; done +root="$( cd -P "$( dirname "$csource" )/../" && pwd )" + +. "${root}/.ci/common.sh" + +pushd "${root}" > "${output}" + +# Build our gem +wrap gem build *.gemspec \ + "Failed to build Vagrant RubyGem" + +# Get the path of our new gem +g=(vagrant*.gem) +gem=$(printf "%s" "${g}") + +wrap aws s3 cp "${gem}" "${ASSETS_PRIVATE_BUCKET}/${repository}/vagrant-master.gem" \ + "Failed to store Vagrant RubyGem master build" diff --git a/.ci/common.sh b/.ci/common.sh new file mode 100644 index 000000000..7d33a0057 --- /dev/null +++ b/.ci/common.sh @@ -0,0 +1,358 @@ +#!/usr/bin/env bash + +# Write failure message, send error to configured +# slack, and exit with non-zero status. If a +# /tmp/.ci-output file exists, the last 5 lines will be +# included in the slack message. +# +# $1: Failure message +function fail() { + (>&2 echo "ERROR: ${1}") + if [ -f "/tmp/.ci-output" ]; then + slack -s error -m "ERROR: ${1}" -f /tmp/.ci-output -T 5 + else + slack -s error -m "ERROR: ${1}" + fi + exit 1 +} + +# Write warning message, send warning to configured +# slack +# +# $1: Warning message +function warn() { + (>&2 echo "WARN: ${1}") + if [ -f "/tmp/.ci-output" ]; then + slack -s warn -m "WARNING: ${1}" -f /tmp/.ci-output + else + slack -s warn -m "WARNING: ${1}" + fi +} + +# Execute command while redirecting all output to +# a file (file is used within fail mesage on when +# command is unsuccessful). Final argument is the +# error message used when the command fails. +# +# $@{1:$#-1}: Command to execute +# $@{$#}: Failure message +function wrap() { + i=$(("${#}" - 1)) + rm -f /tmp/.ci-output + "${@:1:$i}" > /tmp/.ci-output 2>&1 + if [ $? -ne 0 ]; then + cat /tmp/.ci-output + fail "${@:$#}" + fi + rm /tmp/.ci-output +} + +# Execute command while redirecting all output to +# a file (file is used within fail mesage on when +# command is unsuccessful). Command output will be +# streamed during execution. Final argument is the +# error message used when the command fails. +# +# $@{1:$#-1}: Command to execute +# $@{$#}: Failure message +function wrap_stream() { + i=$(("${#}" - 1)) + rm -f /tmp/.ci-output + "${@:1:$i}" > /tmp/.ci-output 2>&1 & + pid=$! + until [ -f /tmp/.ci-output ]; do + sleep 0.1 + done + tail -f --quiet --pid "${pid}" /tmp/.ci-output + wait "${pid}" + if [ $? -ne 0 ]; then + fail "${@:$#}" + fi + rm /tmp/.ci-output +} + +# Send command to packet device and wrap +# execution +function pkt_wrap() { + wrap packet-exec run -quiet -- "${@}" +} + +# Send command to packet device and wrap +# execution with output streaming +function pkt_wrap_stream() { + wrap_stream packet-exec run -quiet -- "${@}" +} + +# Generates location within the asset storage +# bucket to retain built assets. +function asset_location() { + if [ "${tag}" = "" ]; then + dst="${ASSETS_PRIVATE_LONGTERM}/${repository}/${ident_ref}/${short_sha}" + else + if [[ "${tag}" = *"+"* ]]; then + dst="${ASSETS_PRIVATE_LONGTERM}/${repository}/${tag}" + else + dst="${ASSETS_PRIVATE_BUCKET}/${repository}/${tag}" + fi + fi + echo -n "${dst}" +} + +# Upload assets to the asset storage bucket. +# +# $1: Path to asset file or directory to upload +function upload_assets() { + if [ "${1}" = "" ]; then + fail "Parameter required for asset upload" + fi + if [ -d "${1}" ]; then + wrap aws s3 cp --recursive "${1}" "$(asset_location)/" \ + "Upload to asset storage failed" + else + wrap aws s3 cp "${1}" "$(asset_location)/" \ + "Upload to asset storage failed" + fi +} + +# Download assets from the asset storage bucket. If +# destination is not provided, remote path will be +# used locally. +# +# $1: Path to asset or directory to download +# $2: Optional destination for downloaded assets +function download_assets() { + if [ "${1}" = "" ]; then + fail "At least one parameter required for asset download" + fi + if [ "${2}" = "" ]; then + dst="${1#/}" + else + dst="${2}" + fi + mkdir -p "${dst}" + src="$(asset_location)/${1#/}" + remote=$(aws s3 ls "${src}") + if [[ "${remote}" = *" PRE "* ]]; then + mkdir -p "${dst}" + wrap aws s3 cp --recursive "${src%/}/" "${dst}" \ + "Download from asset storage failed" + else + mkdir -p "$(dirname "${dst}")" + wrap aws s3 cp "${src}" "${dst}" \ + "Download from asset storage failed" + fi +} + +# Upload assets to the cache storage bucket. +# +# $1: Path to asset file or directory to upload +function upload_cache() { + if [ "${1}" = "" ]; then + fail "Parameter required for cache upload" + fi + if [ -d "${1}" ]; then + wrap aws s3 cp --recursive "${1}" "${asset_cache}/" \ + "Upload to cache failed" + else + wrap aws s3 cp "${1}" "${asset_cache}/" \ + "Upload to cache failed" + fi +} + +# Download assets from the cache storage bucket. If +# destination is not provided, remote path will be +# used locally. +# +# $1: Path to asset or directory to download +# $2: Optional destination for downloaded assets +function download_cache() { + if [ "${1}" = "" ]; then + fail "At least one parameter required for cache download" + fi + if [ "${2}" = "" ]; then + dst="${1#/}" + else + dst="${2}" + fi + mkdir -p "${dst}" + src="${asset_cache}/${1#/}" + remote=$(aws s3 ls "${src}") + if [[ "${remote}" = *" PRE "* ]]; then + mkdir -p "${dst}" + wrap aws s3 cp --recursive "${src%/}/" "${dst}" \ + "Download from cache storage failed" + else + mkdir -p "$(dirname "${dst}")" + wrap aws s3 cp "${src}" "${dst}" \ + "Download from cache storage failed" + fi +} + +# Validate arguments for GitHub release. Checks for +# two arguments and that second argument is an exiting +# file asset, or directory. +# +# $1: GitHub tag name +# $2: Asset file or directory of assets +function release_validate() { + if [ "${1}" = "" ]; then + fail "Missing required position 1 argument (TAG) for release" + fi + if [ "${2}" = "" ]; then + fail "Missing required position 2 argument (PATH) for release" + fi + if [ ! -e "${2}" ]; then + fail "Path provided for release (${2}) does not exist" + fi +} + +# Generate a GitHub release +# +# $1: GitHub tag name +# $2: Asset file or directory of assets +function release() { + release_validate "${@}" + wrap ghr -u "${repo_owner}" -r "${repo_name}" -c "${full_sha}" -n "${1}" -delete \ + -replace "${1}" "${2}" "Failed to create release for version ${1}" +} + +# Generate a GitHub prerelease +# +# $1: GitHub tag name +# $2: Asset file or directory of assets +function prerelease() { + release_validate "${@}" + if [[ "${1}" != *"+"* ]]; then + ptag="${1}+${short_sha}" + else + ptag="${1}" + fi + + wrap ghr -u "${repo_owner}" -r "${repo_name}" -c "${full_sha}" -n "${ptag}" \ + -delete -replace -prerelease "${ptag}" "${2}" \ + "Failed to create prerelease for version ${1}" + echo -n "${ptag}" +} + +# Check if version string is valid for release +# +# $1: Version +# Returns: 0 if valid, 1 if invalid +function valid_release_version() { + if [[ "${1}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then + return 0 + else + return 1 + fi +} + +# Validate arguments for HashiCorp release. Ensures asset +# directory exists, and checks that the SHASUMS and SHASUM.sig +# files are present. +# +# $1: Asset directory +function hashicorp_release_validate() { + directory="${1}" + + # Directory checks + if [ "${directory}" = "" ]; then + fail "No asset directory was provided for HashiCorp release" + fi + if [ ! -d "${directory}" ]; then + fail "Asset directory for HashiCorp release does not exist" + fi + + # SHASUMS checks + if [ ! -e "${directory}/"*SHASUMS ]; then + fail "Asset directory is missing SHASUMS file" + fi + if [ ! -e "${directory}/"*SHASUMS.sig ]; then + fail "Asset directory is missing SHASUMS signature file" + fi +} + +# Verify release assets by validating checksum properly match +# and that signature file is valid +# +# $1: Asset directory +function hashicorp_release_verify() { + directory="${1}" + pushd "${directory}" > "${output}" + + # First do a checksum validation + wrap shasum -a 256 -c *_SHA256SUMS \ + "Checksum validation of release assets failed" + # Next check that the signature is valid + gpghome=$(mktemp -qd) + export GNUPGHOME="${gpghome}" + wrap gpg --import "${HASHICORP_PUBLIC_GPG_KEY}" \ + "Failed to import HashiCorp public GPG key" + wrap gpg --verify *SHA256SUMS.sig *SHA256SUMS \ + "Validation of SHA256SUMS signature failed" + rm -rf "${gpghome}" > "${output}" 2>&1 + popd > "${output}" +} + +# Generate a HashiCorp release +# +# $1: Asset directory +function hashicorp_release() { + directory="${1}" + + hashicorp_release_validate "${directory}" + hashicorp_release_verify "${directory}" + + wrap_stream hc-releases upload "${directory}" \ + "Failed to upload HashiCorp release assets" + wrap_stream hc-releases publish \ + "Failed to publish HashiCorp release" +} + +# Stub cleanup method which can be redefined +# within actual script +function cleanup() { + (>&2 echo "** No cleanup tasks defined") +} + +trap cleanup EXIT + +# Enable debugging. This needs to be enabled with +# extreme caution when used on public repositories. +# Output with debugging enabled will likely include +# secret values which should not be publicly exposed. +# +# If repository is public, FORCE_PUBLIC_DEBUG environment +# variable must also be set. +if [ "${DEBUG}" != "" ]; then + is_private=$(curl -s "https://api.github.com/repos/${GITHUB_REPOSITORY}" | jq .private) + if [ "${is_private}" = "false" ]; then + if [ "${FORCE_PUBLIC_DEBUG}" != "" ]; then + set -x + output="/dev/stdout" + else + fail "Cannot enable debug mode on public repository unless forced" + fi + else + set -x + output="/dev/stdout" + fi +else + output="/dev/null" +fi + +# Common variables +full_sha="${GITHUB_SHA}" +short_sha="${full_sha:0:8}" +ident_ref="${GITHUB_REF#*/*/}" +if [[ "${GITHUB_REF}" == *"refs/tags/"* ]]; then + tag="${GITHUB_REF##*tags/}" + valid_release_version "${tag}" + if [ $? -eq 0 ]; then + release=1 + fi +fi +repository="${GITHUB_REPOSITORY}" +repo_owner="${repository%/*}" +repo_name="${repository#*/}" +asset_cache="${ASSETS_PRIVATE_SHORTTERM}/${repository}/${GITHUB_ACTION}" +job_id="$(uuidgen)" diff --git a/.ci/release.sh b/.ci/release.sh new file mode 100755 index 000000000..f0639fe19 --- /dev/null +++ b/.ci/release.sh @@ -0,0 +1,50 @@ +#!/usr/bin/env bash + +# NOTE: This release will generate a new release on the installers +# repository which in turn triggers a full package build +target_owner="hashicorp" +target_repository="vagrant-builders" + +csource="${BASH_SOURCE[0]}" +while [ -h "$csource" ] ; do csource="$(readlink "$csource")"; done +root="$( cd -P "$( dirname "$csource" )/../" && pwd )" + +. "${root}/.ci/common.sh" + +pushd "${root}" > "${output}" + +# Build our gem +wrap gem build *.gemspec \ + "Failed to build Vagrant RubyGem" + +# Get the path of our new gem +g=(vagrant*.gem) +gem=$(printf "%s" "${g}") + +# Determine the version of the release +vagrant_version="$(gem specification "${gem}" version)" +vagrant_version="${vagrant_version##*version: }" + +# We want to release into the builders repository so +# update the repository variable with the desired destination +repo_owner="${target_owner}" +repo_name="${target_repository}" +export GITHUB_TOKEN="${HASHIBOT_TOKEN}" + +if [ "${tag}" = "" ]; then + echo "Generating Vagrant RubyGem pre-release... " + version="v${vagrant_version}+${short_sha}" + prerelease "${version}" "${gem}" +else + # Validate this is a proper release version + valid_release_version "${vagrant_version}" + if [ $? -ne 0 ]; then + fail "Invalid version format for Vagrant release: ${vagrant_version}" + fi + + echo "Generating Vagrant RubyGem release... " + version="v${vagrant_version}" + release "${version}" "${gem}" +fi + +slack -m "New Vagrant installers release triggered: *${version}*" diff --git a/.ci/test.sh b/.ci/test.sh new file mode 100755 index 000000000..f7ad3b2a0 --- /dev/null +++ b/.ci/test.sh @@ -0,0 +1,27 @@ +#!/usr/bin/env bash + +csource="${BASH_SOURCE[0]}" +while [ -h "$csource" ] ; do csource="$(readlink "$csource")"; done +root="$( cd -P "$( dirname "$csource" )/../" && pwd )" + +pushd "${root}" > /dev/null + +export DEBIAN_FRONTEND="noninteractive" + +# Install required dependencies +sudo apt-get update || exit 1 +sudo apt-get install -yq bsdtar || exit 1 + +# Ensure bundler is installed +gem install --no-document bundler || exit 1 + +# Install the bundle +bundle install || exit 1 + +# Run tests +bundle exec rake test:unit + +result=$? +popd > /dev/null + +exit $result diff --git a/.circleci/config.yml b/.circleci/config.yml index 737ee4c64..61c8342df 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1,127 +1,6 @@ version: 2 -reference: - environment: &ENVIRONMENT - SLACK_TITLE: Vagrant CI - RELEASE_TARGET_REPONAME: vagrant-installers - images: - ruby24: &ruby24 - docker: - - image: circleci/ruby:2.4 - ruby25: &ruby25 - docker: - - image: circleci/ruby:2.5 - ruby26: &ruby26 - docker: - - image: circleci/ruby:2.6 - builder: &builder - environment: - <<: *ENVIRONMENT - docker: - - image: $BUILDER_IMAGE - auth: - username: $BUILDER_USERNAME - password: $BUILDER_PASSWORD - workflows: - public: &PUBLIC_WORKFLOW - filters: - branches: - only: /^pull\/.*/ - master: &MASTER_WORKFLOW - filters: - branches: - only: master - private_build: &PRIVATE_WORKFLOW_BUILD - context: vagrant - filters: - branches: - only: - - /^build-.*/ - tags: - only: /.*/ - jobs: - private_failure: &PRIVATE_FAILURE - run: - name: Failure handler - command: | - if [ -f .output ]; then - slack -m "Vagrant job has failed: *${CIRCLE_JOB}*" -s error -f .output -T 5 - else - slack -m "Vagrant job has failed: *${CIRCLE_JOB}*" -s error - fi - when: on_fail - unit_tests: &unit_tests - steps: - - run: sudo apt-get update ; sudo apt-get -yq install bsdtar - - checkout - - restore_cache: - key: static-site-gems-v1-{{ checksum "Gemfile.lock" }} - - run: - command: bundle check || bundle install --path vendor/bundle - - save_cache: - key: static-site-gems-v1-{{ checksum "Gemfile.lock" }} - paths: - - ./vendor/bundle - - run: bundle exec rake test:unit + jobs: - build: - <<: *builder - steps: - - checkout - - run: gem build vagrant.gemspec - - *PRIVATE_FAILURE - - persist_to_workspace: - root: . - paths: - - ./*.gem - store: - <<: *builder - steps: - - attach_workspace: - at: . - - run: | - gem_name=(vagrant-*.gem) - if [ "${CIRCLE_TAG}" == "" ]; then - remote_gem_name="vagrant-master.gem" - else - remote_gem_name="vagrant.gem" - fi - if [[ "${CIRCLE_BRANCH}" = "build-"* ]]; then - s3_dst="${ASSETS_PRIVATE_LONGTERM}/${CIRCLE_PROJECT_USERNAME}/${CIRCLE_PROJECT_REPONAME}/${CIRCLE_BRANCH##build-}/" - else - s3_dst="${ASSETS_PRIVATE_BUCKET}/${CIRCLE_PROJECT_USERNAME}/${CIRCLE_PROJECT_REPONAME}/" - fi - aws s3 cp "${gem_name}" "${s3_dst}${remote_gem_name}" > .output 2>&1 - - *PRIVATE_FAILURE - release: - <<: *builder - steps: - - checkout - - attach_workspace: - at: . - - run: | - set +e - gem=(vagrant-*.gem) - gem_version="${gem##vagrant-}" - gem_version="${gem_version%%.gem}" - export GITHUB_TOKEN="${HASHIBOT_TOKEN}" - if [ "${CIRCLE_TAG}" = "" ]; then - version="v${gem_version}+$(git rev-parse --short "${CIRCLE_SHA1}")" - ghr -u ${CIRCLE_PROJECT_USERNAME} -r ${RELEASE_TARGET_REPONAME} -c master -prerelease -delete -replace ${version} ${gem} > .output 2>&1 - else - version="${CIRCLE_TAG}" - ghr -u ${CIRCLE_PROJECT_USERNAME} -r ${RELEASE_TARGET_REPONAME} -c master -delete -replace ${version} ${gem} > .output 2>&1 - fi - slack -m "New Vagrant installers release triggered: *${version}*" - - *PRIVATE_FAILURE - test_ruby24: - <<: *ruby24 - <<: *unit_tests - test_ruby25: - <<: *ruby25 - <<: *unit_tests - test_ruby26: - <<: *ruby26 - <<: *unit_tests build-website: # setting the working_directory along with the checkout path allows us to not have # to cd into the website/ directory for commands @@ -145,41 +24,6 @@ jobs: command: ./scripts/deploy.sh workflows: version: 2 - builds: - jobs: - - build: - <<: *PRIVATE_WORKFLOW_BUILD - - store: - <<: *PRIVATE_WORKFLOW_BUILD - requires: - - build - - release: - <<: *PRIVATE_WORKFLOW_BUILD - requires: - - build - pull_requests: - jobs: - - test_ruby24: - <<: *PUBLIC_WORKFLOW - - test_ruby25: - <<: *PUBLIC_WORKFLOW - - test_ruby26: - <<: *PUBLIC_WORKFLOW - master: - jobs: - - test_ruby24: - <<: *MASTER_WORKFLOW - - test_ruby25: - <<: *MASTER_WORKFLOW - - test_ruby26: - <<: *MASTER_WORKFLOW - - build: - <<: *MASTER_WORKFLOW - context: vagrant - requires: - - test_ruby24 - - test_ruby25 - - test_ruby26 website: jobs: - build-website: diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 000000000..9a2f38adf --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,21 @@ +on: + push: + branches: + - master + paths-ignore: + - 'CHANGELOG.md' + - 'website/**' + +jobs: + build-gem: + name: Build Vagrant RubyGem + runs-on: self-hosted + steps: + - name: Code Checkout + uses: actions/checkout@v1 + - name: Build RubyGem + run: ./.ci/build.sh + working-directory: ${{github.workspace}} + - name: Clean Workspace + if: always() + run: rm -rf ${{ github.workspace }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 000000000..92275c4ea --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,22 @@ +on: + push: + branches: + - 'build-*' + tags: '*' + paths-ignore: + - 'CHANGELOG.md' + - 'website/**' + +jobs: + trigger-release: + name: Trigger Installers Build + runs-on: self-hosted + steps: + - name: Code Checkout + uses: actions/checkout@v1 + - name: Create Builders Release + run: ./.ci/release.sh + working-directory: ${{github.workspace}} + - name: Clean Workspace + if: always() + run: rm -rf ${{ github.workspace }} diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml new file mode 100644 index 000000000..ffbde5eea --- /dev/null +++ b/.github/workflows/testing.yml @@ -0,0 +1,30 @@ +on: + push: + branches: + - master + - 'test-*' + - 'build-*' + paths-ignore: + - 'CHANGELOG.md' + - 'website/**' + pull_request: + branches: + - master + +jobs: + unit-tests: + runs-on: ubuntu-18.04 + strategy: + matrix: + ruby: [ '2.4.x', '2.5.x', '2.6.x' ] + name: Vagrant unit tests on Ruby ${{ matrix.ruby }} + steps: + - name: Code Checkout + uses: actions/checkout@v1 + - name: Setup Ruby + uses: actions/setup-ruby@v1 + with: + ruby-version: ${{matrix.ruby}} + architecture: 'x64' + - name: Run Tests + run: .ci/test.sh