From eeb4724774e401ca1c3cc518156e9c3975385167 Mon Sep 17 00:00:00 2001 From: fheinecke <23390735+fheinecke@users.noreply.github.com> Date: Wed, 8 Nov 2023 22:56:26 -0600 Subject: [PATCH 1/2] Update repo for Windows artifact build pipeline GHA migration (#34273) --- .drone.yml | 616 ++------------------------------- build.assets/windows/build.ps1 | 389 ++++++++++++++------- dronegen/aws.go | 2 +- dronegen/common.go | 29 +- dronegen/push.go | 4 +- dronegen/tag.go | 58 +--- dronegen/types.go | 10 - dronegen/windows.go | 338 ++---------------- 8 files changed, 343 insertions(+), 1103 deletions(-) diff --git a/.drone.yml b/.drone.yml index b57cb96a6c207..662d0faec6254 100644 --- a/.drone.yml +++ b/.drone.yml @@ -298,9 +298,8 @@ steps: commands: - cd "/go/src/github.com/gravitational/teleport/build.assets/tooling" - 'go run ./cmd/gh-trigger-workflow -owner ${DRONE_REPO_OWNER} -repo teleport.e - -tag-workflow -timeout 2h30m0s -workflow release-linux.yaml -workflow-ref=${DRONE_BRANCH} - -input oss-teleport-repo=${DRONE_REPO} -input oss-teleport-ref=${DRONE_COMMIT} - -input "build-connect=false" -input "release-target=release-windows-unsigned" ' + -tag-workflow -timeout 30m0s -workflow release-windows.yaml -workflow-ref=${DRONE_BRANCH} + -input oss-teleport-repo=${DRONE_REPO} -input oss-teleport-ref=${DRONE_COMMIT} ' environment: GHA_APP_KEY: from_secret: GITHUB_WORKFLOW_APP_PRIVATE_KEY @@ -391,186 +390,6 @@ steps: image_pull_secrets: - DOCKERHUB_CREDENTIALS ---- -################################################ -# Generated using dronegen, do not edit by hand! -# Use 'make dronegen' to update. -# Generated at dronegen/windows.go (main.newWindowsPipeline) -################################################ - -kind: pipeline -type: exec -name: push-build-native-windows-amd64 -trigger: - event: - include: - - push - exclude: - - pull_request - repo: - include: - - gravitational/* - branch: - include: - - master - - branch/* -workspace: - path: C:/Drone/Workspace/push-build-native-windows-amd64 -platform: - os: windows - arch: amd64 -node: - buildbox_version: teleport13 -clone: - disable: true -steps: -- name: Check out Teleport - commands: - - $ErrorActionPreference = 'Stop' - - $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER" - - $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport" - - $TeleportRev = if ($Env:DRONE_TAG -ne $null) { $Env:DRONE_TAG } else { $Env:DRONE_COMMIT - } - - New-Item -Path $TeleportSrc -ItemType Directory | Out-Null - - cd $TeleportSrc - - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . - - git checkout $TeleportRev - environment: - WORKSPACE_DIR: C:/Drone/Workspace/push-build-native-windows-amd64 -- name: Checkout Submodules - commands: - - $ErrorActionPreference = 'Stop' - - $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER" - - $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport" - - . "$TeleportSrc/build.assets/windows/build.ps1" - - Enable-Git -Workspace $Workspace -PrivateKey $Env:GITHUB_PRIVATE_KEY - - cd $TeleportSrc - - git submodule update --init e - - Reset-Git -Workspace $Workspace - environment: - GITHUB_PRIVATE_KEY: - from_secret: GITHUB_PRIVATE_KEY - WORKSPACE_DIR: C:/Drone/Workspace/push-build-native-windows-amd64 -- name: Install Node Toolchain - commands: - - $ProgressPreference = 'SilentlyContinue' - - $ErrorActionPreference = 'Stop' - - $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER" - - $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport" - - . "$TeleportSrc/build.assets/windows/build.ps1" - - Push-Location "$TeleportSrc/build.assets" - - $NodeVersion = $(make print-node-version).Trim() - - Pop-Location - - Install-Node -NodeVersion $NodeVersion -ToolchainDir "$Workspace/toolchains" - environment: - WORKSPACE_DIR: C:/Drone/Workspace/push-build-native-windows-amd64 -- name: Install Go Toolchain - commands: - - $ProgressPreference = 'SilentlyContinue' - - $ErrorActionPreference = 'Stop' - - $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER" - - $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport" - - . "$TeleportSrc/build.assets/windows/build.ps1" - - Push-Location "$TeleportSrc/build.assets" - - $GoVersion = $(make print-go-version).TrimStart("go") - - Pop-Location - - Install-Go -GoVersion $GoVersion -ToolchainDir "$Workspace/toolchains" - environment: - WORKSPACE_DIR: C:/Drone/Workspace/push-build-native-windows-amd64 -- name: Build tsh - commands: - - $ErrorActionPreference = 'Stop' - - $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER" - - $Env:GOCACHE = "$Workspace/gocache" - - $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport" - - . "$TeleportSrc/build.assets/windows/build.ps1" - - Enable-Go -ToolchainDir "$Workspace/toolchains" - - cd $TeleportSrc - - $Env:GCO_ENABLED=1 - - go build -o build/tsh-unsigned.exe ./tool/tsh - environment: - WORKSPACE_DIR: C:/Drone/Workspace/push-build-native-windows-amd64 -- name: Sign tsh - commands: - - $ErrorActionPreference = 'Stop' - - $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER" - - $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport" - - . "$TeleportSrc/build.assets/windows/build.ps1" - - cd $TeleportSrc - - ([System.Convert]::FromBase64String($ENV:WINDOWS_SIGNING_CERT)) | Set-Content - windows-signing-cert.pfx -Encoding Byte - - '& ''C:\Program Files (x86)\Windows Kits\10\App Certification Kit\signtool.exe'' - sign /f windows-signing-cert.pfx /d Teleport /t http://timestamp.digicert.com - /du https://goteleport.com /fd sha256 build\tsh-unsigned.exe' - - mv build\tsh-unsigned.exe build\tsh.exe - - rm -r windows-signing-cert.pfx - environment: - WINDOWS_SIGNING_CERT: - from_secret: WINDOWS_SIGNING_CERT - WORKSPACE_DIR: C:/Drone/Workspace/push-build-native-windows-amd64 -- name: Build Teleport Connect - commands: - - $ErrorActionPreference = 'Stop' - - $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER" - - $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport" - - . "$TeleportSrc/build.assets/windows/build.ps1" - - Enable-Node -ToolchainDir "$Workspace/toolchains" - - Push-Location $TeleportSrc - - $TeleportVersion=$(make print-version).Trim() - - $Env:CONNECT_TSH_BIN_PATH="$TeleportSrc\build\tsh.exe" - - yarn install --frozen-lockfile - - yarn build-term - - yarn package-term "-c.extraMetadata.version=$TeleportVersion" - environment: - CSC_LINK: - from_secret: WINDOWS_SIGNING_CERT - WORKSPACE_DIR: C:/Drone/Workspace/push-build-native-windows-amd64 -- name: Build Windows Authentication Package - commands: - - $ErrorActionPreference = 'Stop' - - $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER" - - $Env:GOCACHE = "$Workspace/gocache" - - $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport" - - . "$TeleportSrc/build.assets/windows/build.ps1" - - Enable-Go -ToolchainDir "$Workspace/toolchains" - - cd $TeleportSrc - - $TeleportVersion=$(make print-version).Trim() - - cd "$TeleportSrc\e\windowsauth" - - make VERSION=v$TeleportVersion all - - ([System.Convert]::FromBase64String($ENV:WINDOWS_SIGNING_CERT)) | Set-Content - windows-signing-cert.pfx -Encoding Byte - - '& ''C:\Program Files (x86)\Windows Kits\10\App Certification Kit\signtool.exe'' - sign /f windows-signing-cert.pfx /d Teleport /t http://timestamp.digicert.com - /du https://goteleport.com /fd sha256 build/teleport-windows-auth-setup-v$TeleportVersion-amd64.exe' - - rm -r windows-signing-cert.pfx - environment: - WINDOWS_SIGNING_CERT: - from_secret: WINDOWS_SIGNING_CERT - WORKSPACE_DIR: C:/Drone/Workspace/push-build-native-windows-amd64 -- name: Clean up workspace (post) - commands: - - $ErrorActionPreference = 'Continue' - - Remove-Item -Recurse -Force -Path "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER" - environment: - WORKSPACE_DIR: C:/Drone/Workspace/push-build-native-windows-amd64 - when: - status: - - success - - failure -- name: Send Slack notification (exec) - commands: - - $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER" - - $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport" - - . "$TeleportSrc/build.assets/windows/build.ps1" - - Send-ErrorMessage - environment: - SLACK_WEBHOOK_DEV_TELEPORT: - from_secret: SLACK_WEBHOOK_DEV_TELEPORT - WORKSPACE_DIR: C:/Drone/Workspace/push-build-native-windows-amd64 - when: - status: - - failure - --- ################################################ # Generated using dronegen, do not edit by hand! @@ -703,235 +522,6 @@ volumes: image_pull_secrets: - DOCKERHUB_CREDENTIALS ---- -################################################ -# Generated using dronegen, do not edit by hand! -# Use 'make dronegen' to update. -# Generated at dronegen/windows.go (main.newWindowsPipeline) -################################################ - -kind: pipeline -type: exec -name: build-native-windows-amd64 -trigger: - event: - include: - - tag - ref: - include: - - refs/tags/v* - repo: - include: - - gravitational/* -workspace: - path: C:/Drone/Workspace/build-native-windows-amd64 -platform: - os: windows - arch: amd64 -node: - buildbox_version: teleport13 -clone: - disable: true -depends_on: -- clean-up-previous-build -concurrency: - limit: 1 -steps: -- name: Check out Teleport - commands: - - $ErrorActionPreference = 'Stop' - - $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER" - - $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport" - - $TeleportRev = if ($Env:DRONE_TAG -ne $null) { $Env:DRONE_TAG } else { $Env:DRONE_COMMIT - } - - New-Item -Path $TeleportSrc -ItemType Directory | Out-Null - - cd $TeleportSrc - - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . - - git checkout $TeleportRev - environment: - WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64 -- name: Checkout Submodules - commands: - - $ErrorActionPreference = 'Stop' - - $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER" - - $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport" - - . "$TeleportSrc/build.assets/windows/build.ps1" - - Enable-Git -Workspace $Workspace -PrivateKey $Env:GITHUB_PRIVATE_KEY - - cd $TeleportSrc - - git submodule update --init e - - Reset-Git -Workspace $Workspace - environment: - GITHUB_PRIVATE_KEY: - from_secret: GITHUB_PRIVATE_KEY - WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64 -- name: Install Node Toolchain - commands: - - $ProgressPreference = 'SilentlyContinue' - - $ErrorActionPreference = 'Stop' - - $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER" - - $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport" - - . "$TeleportSrc/build.assets/windows/build.ps1" - - Push-Location "$TeleportSrc/build.assets" - - $NodeVersion = $(make print-node-version).Trim() - - Pop-Location - - Install-Node -NodeVersion $NodeVersion -ToolchainDir "$Workspace/toolchains" - environment: - WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64 -- name: Install Go Toolchain - commands: - - $ProgressPreference = 'SilentlyContinue' - - $ErrorActionPreference = 'Stop' - - $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER" - - $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport" - - . "$TeleportSrc/build.assets/windows/build.ps1" - - Push-Location "$TeleportSrc/build.assets" - - $GoVersion = $(make print-go-version).TrimStart("go") - - Pop-Location - - Install-Go -GoVersion $GoVersion -ToolchainDir "$Workspace/toolchains" - environment: - WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64 -- name: Build Windows Authentication Package - commands: - - $ErrorActionPreference = 'Stop' - - $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER" - - $Env:GOCACHE = "$Workspace/gocache" - - $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport" - - . "$TeleportSrc/build.assets/windows/build.ps1" - - Enable-Go -ToolchainDir "$Workspace/toolchains" - - cd $TeleportSrc - - $TeleportVersion=$(make print-version).Trim() - - cd "$TeleportSrc\e\windowsauth" - - make VERSION=v$TeleportVersion all - - ([System.Convert]::FromBase64String($ENV:WINDOWS_SIGNING_CERT)) | Set-Content - windows-signing-cert.pfx -Encoding Byte - - '& ''C:\Program Files (x86)\Windows Kits\10\App Certification Kit\signtool.exe'' - sign /f windows-signing-cert.pfx /d Teleport /t http://timestamp.digicert.com - /du https://goteleport.com /fd sha256 build/teleport-windows-auth-setup-v$TeleportVersion-amd64.exe' - - rm -r windows-signing-cert.pfx - environment: - WINDOWS_SIGNING_CERT: - from_secret: WINDOWS_SIGNING_CERT - WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64 -- name: Build tsh - commands: - - $ErrorActionPreference = 'Stop' - - $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER" - - $Env:GOCACHE = "$Workspace/gocache" - - $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport" - - . "$TeleportSrc/build.assets/windows/build.ps1" - - Enable-Go -ToolchainDir "$Workspace/toolchains" - - cd $TeleportSrc - - $Env:GCO_ENABLED=1 - - go build -o build/tsh-unsigned.exe ./tool/tsh - environment: - WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64 -- name: Sign tsh - commands: - - $ErrorActionPreference = 'Stop' - - $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER" - - $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport" - - . "$TeleportSrc/build.assets/windows/build.ps1" - - cd $TeleportSrc - - ([System.Convert]::FromBase64String($ENV:WINDOWS_SIGNING_CERT)) | Set-Content - windows-signing-cert.pfx -Encoding Byte - - '& ''C:\Program Files (x86)\Windows Kits\10\App Certification Kit\signtool.exe'' - sign /f windows-signing-cert.pfx /d Teleport /t http://timestamp.digicert.com - /du https://goteleport.com /fd sha256 build\tsh-unsigned.exe' - - mv build\tsh-unsigned.exe build\tsh.exe - - rm -r windows-signing-cert.pfx - environment: - WINDOWS_SIGNING_CERT: - from_secret: WINDOWS_SIGNING_CERT - WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64 -- name: Build Teleport Connect - commands: - - $ErrorActionPreference = 'Stop' - - $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER" - - $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport" - - . "$TeleportSrc/build.assets/windows/build.ps1" - - Enable-Node -ToolchainDir "$Workspace/toolchains" - - Push-Location $TeleportSrc - - $TeleportVersion=$(make print-version).Trim() - - $Env:CONNECT_TSH_BIN_PATH="$TeleportSrc\build\tsh.exe" - - yarn install --frozen-lockfile - - yarn build-term - - yarn package-term "-c.extraMetadata.version=$TeleportVersion" - environment: - CSC_LINK: - from_secret: WINDOWS_SIGNING_CERT - WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64 -- name: Assume AWS Role - commands: - - $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER" - - $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport" - - $AwsSharedCredentialsFile = "$Workspace/credentials" - - $SessionName = "drone-$Env:DRONE_REPO-$Env:DRONE_BUILD_NUMBER".replace("/", "-") - - . "$TeleportSrc/build.assets/windows/build.ps1" - - Get-STSCallerIdentity - - Save-Role -RoleArn $Env:AWS_ROLE -RoleSessionName $SessionName -FilePath $AwsSharedCredentialsFile - - 'Get-ChildItem -Path Env: | Where-Object {($_.Name -Like "AWS_SECRET_ACCESS_KEY") - -or ($_.Name -Like "AWS_ACCESS_KEY_ID") } | Remove-Item' - - Get-STSCallerIdentity -ProfileLocation $AwsSharedCredentialsFile - environment: - AWS_ACCESS_KEY_ID: - from_secret: AWS_ACCESS_KEY_ID - AWS_ROLE: - from_secret: AWS_ROLE - AWS_SECRET_ACCESS_KEY: - from_secret: AWS_SECRET_ACCESS_KEY - WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64 -- name: Upload Artifacts - commands: - - $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER" - - $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport" - - $TeleportVersion=$Env:DRONE_TAG.TrimStart('v') - - $AwsSharedCredentialsFile = "$Workspace/credentials" - - $OutputsDir="$Workspace/outputs" - - New-Item -Path "$OutputsDir" -ItemType 'Directory' | Out-Null - - Get-ChildItem "$TeleportSrc/web/packages/teleterm/build/release - - Copy-Item -Path "$TeleportSrc/web/packages/teleterm/build/release/Teleport Connect - Setup*.exe" -Destination $OutputsDir - - Copy-Item -Path "$TeleportSrc/e/windowsauth/build/teleport-windows-auth-setup-*.exe" - -Destination $OutputsDir - - . "$TeleportSrc/build.assets/windows/build.ps1" - - Format-FileHashes -PathGlob "$OutputsDir/*.exe" - - Copy-Artifacts -ProfileLocation $AwsSharedCredentialsFile -Path $OutputsDir -Bucket - $Env:AWS_S3_BUCKET -DstRoot "/teleport/tag/$TeleportVersion" - environment: - AWS_REGION: us-west-2 - AWS_S3_BUCKET: - from_secret: AWS_S3_BUCKET - WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64 -- name: Register artifacts - commands: - - $ErrorActionPreference = 'Stop' - - $ProgressPreference = 'SilentlyContinue' - - $Workspace = "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER" - - $TeleportSrc = "$Workspace/go/src/github.com/gravitational/teleport" - - $OutputsDir = "$Workspace/outputs" - - $relcliUrl = 'https://cdn.teleport.dev/relcli-master-93a9f40-20230504T2005101-windows.exe' - - $relcliSha256 = '22d32a57a4b999e619162bebb96d0adf4b3df2596ef4c89b77154e7f96abbf30' - - . "$TeleportSrc/build.assets/windows/build.ps1" - - Get-Relcli -Url $relcliUrl -Sha256 $relcliSha256 -Workspace $Workspace - - Register-Artifacts -Workspace $Workspace -Outputs $OutputsDir - environment: - RELCLI_BASE_URL: https://releases-prod.platform.teleport.sh - RELEASES_CERT: - from_secret: RELEASES_CERT - RELEASES_KEY: - from_secret: RELEASES_KEY - WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64 -- name: Clean up workspace (post) - commands: - - $ErrorActionPreference = 'Continue' - - Remove-Item -Recurse -Force -Path "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER" - environment: - WORKSPACE_DIR: C:/Drone/Workspace/build-native-windows-amd64 - when: - status: - - success - - failure - --- ################################################ # Generated using dronegen, do not edit by hand! @@ -5420,15 +5010,12 @@ image_pull_secrets: ################################################ # Generated using dronegen, do not edit by hand! # Use 'make dronegen' to update. -# Generated at dronegen/tag.go (main.tagPipeline) +# Generated at dronegen/gha.go (main.ghaMultiBuildPipeline) ################################################ kind: pipeline type: kubernetes -name: build-windows-amd64 -environment: - BUILDBOX_VERSION: teleport13 - RUNTIME: go1.20.11 +name: tag-build-windows-amd64 trigger: event: include: @@ -5443,185 +5030,48 @@ workspace: path: /go clone: disable: true -depends_on: -- clean-up-previous-build steps: - name: Check out code image: docker:git pull: if-not-exists commands: - - mkdir -p /go/src/github.com/gravitational/teleport - - cd /go/src/github.com/gravitational/teleport - - git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git . - - git checkout ${DRONE_TAG:-$DRONE_COMMIT} - - mkdir -m 0700 /root/.ssh && echo -n "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa - && chmod 600 /root/.ssh/id_rsa + - mkdir -pv "/go/src/github.com/gravitational/teleport" + - cd "/go/src/github.com/gravitational/teleport" + - git init + - git remote add origin ${DRONE_REMOTE_URL} + - git fetch origin --tags + - git checkout -qf "${DRONE_COMMIT_SHA}" + - mkdir -m 0700 /root/.ssh && echo "$GITHUB_PRIVATE_KEY" > /root/.ssh/id_rsa && + chmod 600 /root/.ssh/id_rsa - ssh-keyscan -H github.com > /root/.ssh/known_hosts 2>/dev/null && chmod 600 /root/.ssh/known_hosts - git submodule update --init e + - mkdir -pv /go/cache - rm -f /root/.ssh/id_rsa - - mkdir -p /go/cache /go/artifacts - - |- - VERSION=$(egrep ^VERSION Makefile | cut -d= -f2) - if [ "$$VERSION" != "${DRONE_TAG##v}" ]; then - echo "Mismatch between Makefile version: $$VERSION and git tag: $DRONE_TAG" - exit 1 - fi - echo "$$VERSION" > /go/.version.txt environment: GITHUB_PRIVATE_KEY: from_secret: GITHUB_PRIVATE_KEY -- name: Wait for docker - image: docker - pull: if-not-exists - commands: - - timeout 30s /bin/sh -c 'while [ ! -S /var/run/docker.sock ]; do sleep 1; done' - - printenv DOCKERHUB_PASSWORD | docker login -u="$DOCKERHUB_USERNAME" --password-stdin - environment: - DOCKERHUB_PASSWORD: - from_secret: DOCKERHUB_READONLY_TOKEN - DOCKERHUB_USERNAME: - from_secret: DOCKERHUB_USERNAME - volumes: - - name: dockersock - path: /var/run - - name: dockerconfig - path: /root/.docker -- name: Build artifacts - image: docker - pull: if-not-exists - commands: - - apk add --no-cache make - - chown -R $UID:$GID /go - - cd /go/src/github.com/gravitational/teleport - - echo -n "$WINDOWS_SIGNING_CERT" | base64 -d > windows-signing-cert.pfx - - make -C build.assets release-windows - - rm -f windows-signing-cert.pfx - environment: - ARCH: amd64 - GID: "1000" - GOCACHE: /go/cache - GOPATH: /go - OS: windows - UID: "1000" - WINDOWS_SIGNING_CERT: - from_secret: WINDOWS_SIGNING_CERT - volumes: - - name: dockersock - path: /var/run - - name: dockerconfig - path: /root/.docker -- name: Copy artifacts - image: docker - pull: if-not-exists - commands: - - cd /go/src/github.com/gravitational/teleport - - find . -maxdepth 1 -iname "teleport*.zip" -print -exec cp {} /go/artifacts \; - - export VERSION=$(cat /go/.version.txt) - - cp /go/artifacts/teleport-v$${VERSION}-windows-amd64-bin.zip /go/artifacts/teleport-ent-v$${VERSION}-windows-amd64-bin.zip - - cd /go/artifacts && for FILE in teleport*.zip; do sha256sum $FILE > $FILE.sha256; - done && ls -l -- name: Assume AWS Role - image: amazon/aws-cli - pull: if-not-exists - commands: - - aws sts get-caller-identity - - |- - printf "[default]\naws_access_key_id = %s\naws_secret_access_key = %s\naws_session_token = %s\n" \ - $(aws sts assume-role \ - --role-arn "$AWS_ROLE" \ - --role-session-name $(echo "drone-${DRONE_REPO}-${DRONE_BUILD_NUMBER}" | sed "s|/|-|g") \ - --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \ - --output text) \ - > /root/.aws/credentials - - unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY - - aws sts get-caller-identity --profile default - environment: - AWS_ACCESS_KEY_ID: - from_secret: AWS_ACCESS_KEY_ID - AWS_ROLE: - from_secret: AWS_ROLE - AWS_SECRET_ACCESS_KEY: - from_secret: AWS_SECRET_ACCESS_KEY - volumes: - - name: awsconfig - path: /root/.aws -- name: Upload to S3 - image: amazon/aws-cli - pull: if-not-exists - commands: - - cd /go/artifacts/ - - aws s3 sync . s3://$AWS_S3_BUCKET/teleport/tag/${DRONE_TAG##v} - environment: - AWS_REGION: us-west-2 - AWS_S3_BUCKET: - from_secret: AWS_S3_BUCKET - volumes: - - name: awsconfig - path: /root/.aws -- name: Register artifacts - image: docker +- name: Delegate build to GitHub + image: golang:1.18-alpine pull: if-not-exists commands: - - WORKSPACE_DIR=$${WORKSPACE_DIR:-/} - - VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt") - - RELEASES_HOST='https://releases-prod.platform.teleport.sh' - - echo "$RELEASES_CERT" | base64 -d > "$WORKSPACE_DIR/releases.crt" - - echo "$RELEASES_KEY" | base64 -d > "$WORKSPACE_DIR/releases.key" - - trap "rm -f '$WORKSPACE_DIR/releases.crt' '$WORKSPACE_DIR/releases.key'" EXIT - - CREDENTIALS="--cert $WORKSPACE_DIR/releases.crt --key $WORKSPACE_DIR/releases.key" - - which curl || apk add --no-cache curl - - |- - cd "$WORKSPACE_DIR/go/artifacts" - find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r file; do - # Skip files that are not results of this build - # (e.g. tarballs from which OS packages are made) - [ -f "$file.sha256" ] || continue - - name="$(basename "$file" | sed -E 's/(-|_)v?[0-9].*$//')" # extract part before -vX.Y.Z - description="Windows 64-bit (tsh client only)" - products="$name" - if [ "$name" = "tsh" ]; then - products="teleport teleport-ent" - elif [ "$name" = "Teleport Connect" -o "$name" = "teleport-connect" ]; then - description="Teleport Connect" - products="teleport teleport-ent" - fi - shasum="$(cat "$file.sha256" | cut -d ' ' -f 1)" - - release_params="" # List of "-F releaseId=XXX" parameters to curl - - for product in $products; do - status_code=$(curl $CREDENTIALS -o "$WORKSPACE_DIR/curl_out.txt" -w "%{http_code}" -F "product=$product" -F "version=$VERSION" -F notesMd="# Teleport $VERSION" -F status=draft "$RELEASES_HOST/releases") - if [ $status_code -ne 200 ] && [ $status_code -ne 409 ]; then - echo "curl HTTP status: $status_code" - cat $WORKSPACE_DIR/curl_out.txt - exit 1 - fi - - release_params="$release_params -F releaseId=$product@$VERSION" - done - - curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="windows" -F arch="amd64" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets"; - done + - cd "/go/src/github.com/gravitational/teleport/build.assets/tooling" + - 'go run ./cmd/gh-trigger-workflow -owner ${DRONE_REPO_OWNER} -repo teleport.e + -tag-workflow -timeout 30m0s -workflow release-windows.yaml -workflow-ref=${DRONE_TAG} + -input oss-teleport-repo=${DRONE_REPO} -input oss-teleport-ref=${DRONE_COMMIT} ' environment: - RELEASES_CERT: - from_secret: RELEASES_CERT - RELEASES_KEY: - from_secret: RELEASES_KEY -services: -- name: Start Docker - image: docker:23.0-dind - privileged: true - volumes: - - name: dockersock - path: /var/run -volumes: -- name: awsconfig - temp: {} -- name: dockersock - temp: {} -- name: dockerconfig - temp: {} + GHA_APP_KEY: + from_secret: GITHUB_WORKFLOW_APP_PRIVATE_KEY +- name: Send Slack notification + image: plugins/slack:1.4.1 + settings: + template: |- + *✘ Failed:* `{{ build.event }}` / `${DRONE_STAGE_NAME}` / <{{ build.link }}|Build: #{{ build.number }}> + Author: Repo: Branch: Commit: + webhook: + from_secret: SLACK_WEBHOOK_DEV_TELEPORT + when: + status: + - failure image_pull_secrets: - DOCKERHUB_CREDENTIALS @@ -17223,6 +16673,6 @@ image_pull_secrets: - DOCKERHUB_CREDENTIALS --- kind: signature -hmac: 7b00172be3875d50684ee2863bb229f8931d04abeb27da1170cc36030962fdb3 +hmac: 3ae93f49668927466ce197115ec1cf43593c23668306bb3992d18a2dafbde389 ... diff --git a/build.assets/windows/build.ps1 b/build.assets/windows/build.ps1 index c1fb066a54d2e..9a75d90aa3d69 100644 --- a/build.assets/windows/build.ps1 +++ b/build.assets/windows/build.ps1 @@ -15,23 +15,8 @@ # ############################################################################# # # This file contains PowerShell snippets used in the Teleport and/or Teleport -# Connect builds on windows native builders. These snippets exist both as -# useful abstractions, and a way to avoid Drone attempting to echo back every -# command we execute. -# -# Sometimes avoiding command echoing is important because: -# 1. The PowerShell `echo` is not a built-in command, but an alias for -# `Write-Output` -# 2. Drone's output escaping is not perfect, and so -# 3. Sometimes arguments to commands get interpreted as arguments to -# `echo` when incorrectly escaped and echoed back, which crashes -# the build. -# -# Unfortunately there is currently no way to disable command echoing in the -# Windows Drone executor, so we hide the problematic scripts behind the -# cmdlets definmed in this file. -# -# ############################################################################# +# Connect builds on Windows native builders. These snippets exist both as +# useful abstractions. # # Usage: Source this file into your active shell # @@ -39,43 +24,19 @@ # # ############################################################################# -function Enable-Git { +function New-TempDirectory { <# .SYNOPSIS - Configures git for accessing (possibly private) repos, given a - private key + Creates a uniquely-named temporary directory. + + .OUTPUTS + string #> - [CmdletBinding()] - param( - [string] $Workspace, - [string] $PrivateKey - ) - begin { - $SSHDir = "$Workspace/.ssh" - New-Item -Path "$SSHDir" -ItemType Directory | Out-Null - $PrivateKey | Out-File -Encoding ascii "$SSHDir/id_rsa" - Invoke-WebRequest "https://api.github.com/meta" -UseBasicParsing ` - | ConvertFrom-JSON ` - | Select-Object -ExpandProperty "ssh_keys" ` - | ForEach-Object {"github.com $_"} ` - | Out-File -Encoding ASCII "$SSHDir/known_hosts" - $SSHCmd = "ssh -i $SSHDir/id_rsa -o UserKnownHostsFile=$SSHDir/known_hosts -F/dev/null" - $Env:GIT_SSH_COMMAND = $SSHCmd - } -} -function Reset-Git { -[CmdletBinding()] -param( - <# - .SYNOPSIS - Cleans up private git access as configured with Enable-Git. - #> - [string] $Workspace -) - begin { - Remove-Item -Recurse -Path "$Workspace/.ssh" - } + $TempDirectoryPath = Join-Path -Path "$([System.IO.Path]::GetTempPath())" -ChildPath "$($(New-Guid).Guid)" + New-Item -ItemType Directory -Path "$TempDirectoryPath" | Out-Null + + return "$TempDirectoryPath" } function Install-Go { @@ -85,15 +46,20 @@ function Install-Go { #> [CmdletBinding()] param( + [Parameter(Mandatory)] [string] $ToolchainDir, + [Parameter(Mandatory)] [string] $GoVersion ) begin { + Write-Host "::group::Installing Go $GoVersion to $ToolchainDir..." + New-Item -Path "$ToolchainDir" -ItemType Directory -Force | Out-Null $GoDownloadUrl = "https://go.dev/dl/go$GoVersion.windows-amd64.zip" $GoInstallZip = "go$GoVersion.windows-amd64.zip" Invoke-WebRequest -Uri $GoDownloadUrl -OutFile $GoInstallZip Expand-Archive -Path $GoInstallZip -DestinationPath $ToolchainDir Enable-Go -ToolchainDir $ToolchainDir + Write-Host "::endgroup::" } } @@ -104,6 +70,7 @@ function Enable-Go { #> [CmdletBinding()] param( + [Parameter(Mandatory)] [string] $ToolchainDir ) begin { @@ -113,6 +80,48 @@ function Enable-Go { } } +function Install-Rust { + <# + .SYNOPSIS + Downloads and installs Rust into the supplied toolchain dir + #> + [CmdletBinding()] + param( + [Parameter(Mandatory)] + [string] $ToolchainDir, + [Parameter(Mandatory)] + [string] $RustVersion + ) + begin { + Write-Host "::group::Installing Rust $RustVersion to $ToolchainDir..." + New-Item -Path "$ToolchainDir" -ItemType Directory -Force | Out-Null + $RustupFile = "$ToolchainDir/rustup-init.exe" + Invoke-WebRequest -Uri https://static.rust-lang.org/rustup/dist/x86_64-pc-windows-gnu/rustup-init.exe -OutFile $RustupFile + $Env:RUSTUP_HOME = "$ToolchainDir/rustup" + $Env:CARGO_HOME = "$ToolchainDir/cargo" + & "$ToolchainDir\rustup-init.exe" --profile minimal -y --default-toolchain "$RustVersion-x86_64-pc-windows-gnu" + Enable-Rust -ToolchainDir $ToolchainDir + Write-Host "::endgroup::" + } +} + +function Enable-Rust { + <# + .SYNOPSIS + Adds the Rust toolchain to the system search path + #> + [CmdletBinding()] + param( + [Parameter(Mandatory)] + [string] $ToolchainDir + ) + begin { + $Env:RUSTUP_HOME = "$ToolchainDir/rustup" + $Env:CARGO_HOME = "$ToolchainDir/cargo" + $Env:Path = "$ToolchainDir/cargo/bin;$Env:Path" + } +} + function Install-Node { <# .SYNOPSIS @@ -120,17 +129,21 @@ function Install-Node { #> [CmdletBinding()] param( + [Parameter(Mandatory)] [string] $ToolchainDir, + [Parameter(Mandatory)] [string] $NodeVersion ) begin { - $NodeZipfile = "node-$NodeVersion-win-x64.zip" + Write-Host "::group::Installing Node $NodeVersion to $ToolchainDir..." + New-Item -Path "$ToolchainDir" -ItemType Directory -Force | Out-Null + $NodeZipfile = "$ToolchainDir/node-$NodeVersion-win-x64.zip" Invoke-WebRequest -Uri https://nodejs.org/download/release/v$NodeVersion/node-v$NodeVersion-win-x64.zip -OutFile $NodeZipfile Expand-Archive -Path $NodeZipfile -DestinationPath $ToolchainDir Rename-Item -Path "$ToolchainDir/node-v$NodeVersion-win-x64" -NewName "$ToolchainDir/node" Enable-Node -ToolchainDir $ToolchainDir - npm config set msvs_version 2022 corepack enable yarn + Write-Host "::endgroup::" } } @@ -141,6 +154,7 @@ function Enable-Node { #> [CmdletBinding()] param( + [Parameter(Mandatory)] [string] $ToolchainDir ) begin { @@ -148,7 +162,6 @@ function Enable-Node { } } - function Format-FileHashes { <# .SYNOPSIS @@ -157,6 +170,7 @@ function Format-FileHashes { #> [CmdletBinding()] param( + [Parameter(Mandatory)] [string] $PathGlob ) begin { @@ -164,118 +178,259 @@ function Format-FileHashes { Write-Output "Hashing $($file.Name)" $Hash = (Get-FileHash $file.FullName).Hash "$($Hash.ToLower()) $($file.Name)" ` - | Out-File -Encoding ASCII -FilePath "$($file.FullName).sha256" + | Out-File -Encoding ASCII -FilePath "$($file.FullName).sha256" } } } -function Save-Role { +function Get-Relcli { <# .SYNOPSIS - Assume an AWS role and save the session to the supplied file + Downloads relcli #> [CmdletBinding()] param( - [string] $RoleArn, - [string] $RoleSessionName, - [string] $FilePath + [Parameter(Mandatory)] + [string] $Url, + [Parameter(Mandatory)] + [string] $Sha256, + [Parameter(Mandatory)] + [string] $Workspace ) begin { - $RoleCreds = (Use-STSRole -RoleArn $RoleArn -RoleSessionName $RoleSessionName).Credentials - "[default]`r`naws_access_key_id = {0}`r`naws_secret_access_key = {1}`r`naws_session_token = {2}" -f $RoleCreds.AccessKeyId, $RoleCreds.SecretAccessKey, $RoleCreds.SessionToken | Out-File -FilePath $FilePath + New-Item -Path "$Workspace" -ItemType Directory -Force | Out-Null + Invoke-WebRequest $url -UseBasicParsing -OutFile "$Workspace\relcli.exe" + $gotSha256 = (Get-FileHash "$Workspace\relcli.exe").hash + if ($gotSha256 -ne $Sha256) { + Write-Output "sha256 mismatch: $gotSha256 != $Sha256" + } } } -function Copy-Artifacts { +function Register-Artifacts { <# .SYNOPSIS - Copies all files in the supplied directory into an S3 bucket + Invokes relcli to automatically upload built artifacts #> [CmdletBinding()] param( - [string] $ProfileLocation, - [string] $Path, - [string] $Bucket, - [string] $DstRoot + [Parameter(Mandatory)] + [string] $Workspace, + [Parameter(Mandatory)] + [string] $OutputsDir, + [string] $ReleaseRepo = $env:RELEASE_REPO, + [string] $ArtifactVersion = $env:ARTIFACT_VERSION ) begin { - foreach ($file in $(Get-ChildItem $Path)) { - Write-Output "Uploading $($file.Name)" - $Key = "$DstRoot/$($file.Name)" - Write-S3Object -ProfileLocation $ProfileLocation -File $file.FullName -Bucket $Bucket -Key $Key - } + $certPath = "$Workspace\releases.crt" + Out-File -FilePath $certPath -Encoding ascii -InputObject "$env:RELEASES_CERT" + $keyPath = "$Workspace\releases.key" + Out-File -FilePath $keyPath -Encoding ascii -InputObject "$env:RELEASES_KEY" + + # These must be set for the `auto_upload` command + $env:DRONE_REPO = "$ReleaseRepo" + $env:DRONE_TAG = "$ArtifactVersion" + + & "$Workspace\relcli.exe" --cert $certPath --key $keyPath auto_upload -f -v 6 $OutputsDir } } -function Convert-Base64 { +function Measure-Block { + <# + .SYNOPSIS + Measure the runtime of a provided block while streaming it's output to Out-Default. + #> [CmdletBinding()] - param( - [string] $FilePath, - [string] $Data + param ( + [Parameter(Mandatory, Position = 0)] + [scriptblock] + $Expression ) - begin { - $bytes = [Convert]::FromBase64String($Data) - Set-Content -Encoding Byte -Path $FilePath -Value $bytes + + return Measure-Command -Expression { + & $Expression | Out-Default } } -function Get-Relcli { +function Install-BuildRequirements { <# .SYNOPSIS - Downloads relcli + Installs the tools required to produce a Windows-native Teleport build #> [CmdletBinding()] param( - [string] $Url, - [string] $Sha256, - [string] $Workspace + [Parameter(Mandatory)] + [string] $InstallDirectory, + [Parameter(Mandatory)] + [string] $TeleportSourceDirectory ) - begin { - Invoke-WebRequest $url -UseBasicParsing -OutFile "$Workspace\relcli.exe" - $gotSha256 = (Get-FileHash "$Workspace\relcli.exe").hash - if ($gotSha256 -ne $Sha256) { - Write-Output "sha256 mismatch: $gotSha256 != $Sha256" - } + + Write-Host "Installing build requirements..." + + $CommandDuration = Measure-Block { + New-Item -Path "$InstallDirectory" -ItemType Directory -Force | Out-Null + + $RustVersion = $(make --no-print-directory -C "$TeleportSourceDirectory/build.assets" print-rust-version).Trim() + Install-Rust -RustVersion "$RustVersion" -ToolchainDir "$InstallDirectory" + + $NodeVersion = $(make --no-print-directory -C "$TeleportSourceDirectory/build.assets" print-node-version).Trim() + Install-Node -NodeVersion "$NodeVersion" -ToolchainDir "$InstallDirectory" + + $GoVersion = $(make --no-print-directory -C "$TeleportSourceDirectory/build.assets" print-go-version).TrimStart("go") + Install-Go -GoVersion "$GoVersion" -ToolchainDir "$InstallDirectory" } + Write-Host $("All build requirements installed in {0:g}" -f $CommandDuration) } -function Register-Artifacts { +function Invoke-SignBinary { <# .SYNOPSIS - Invokes relcli to automatically upload built artifacts + Signs the provided binary with the base64-encoded certificate listed in "$WINDOWS_SIGNING_CERT" #> [CmdletBinding()] param( - [string] $Workspace, - [string] $OutputsDir + [Parameter(Mandatory)] + [string] $UnsignedBinaryPath, + + [Parameter(Mandatory)] + [string] $SignedBinaryPath ) - begin { - $certPath = "$Workspace/releases.crt" - $keyPath = "$Workspace/releases.key" - Convert-Base64 -Data $Env:RELEASES_CERT -FilePath $certPath - Convert-Base64 -Data $Env:RELEASES_KEY -FilePath $keyPath - & "$Workspace\relcli.exe" --cert $certPath --key $keyPath auto_upload -f -v 6 $OutputsDir + + Write-Host "Signing $UnsignedBinaryPath using WSL sign-binary script:" + wsl-ubuntu-command sign-binary "$UnsignedBinaryPath" "$SignedBinaryPath" +} + +function Build-WindowsAuthenticationPackage { + [CmdletBinding()] + param( + [Parameter(Mandatory)] + [string] $TeleportSourceDirectory, + [Parameter(Mandatory)] + [string] $ArtifactDirectory, + [Parameter(Mandatory)] + [string] $TeleportVersion + ) + + $CommandDuration = Measure-Block { + # Build Windows authentication package + Write-Host "::group::Building Windows auth setup..." + $WindowsAuthDirectory = "$TeleportSourceDirectory\e\windowsauth" + make -C "$WindowsAuthDirectory" VERSION="v$TeleportVersion" all + Write-Host "::endgroup::" + Write-Host "::group::Signing Windows auth setup..." + $BinaryName = "teleport-windows-auth-setup-v$TeleportVersion-amd64.exe" + Invoke-SignBinary -UnsignedBinaryPath "$WindowsAuthDirectory\build\$BinaryName" -SignedBinaryPath "$ArtifactDirectory\$BinaryName" + Write-Host "::endgroup::" } + Write-Host $("Built Windows authentication package in {0:g}" -f $CommandDuration) } -function Send-ErrorMessage { - <# - .SYNOPSIS - Formats and sends a build failure message to Slack - #> +function Build-Tsh { [CmdletBinding()] - param () + param( + [Parameter(Mandatory)] + [string] $TeleportSourceDirectory, + [Parameter(Mandatory)] + [string] $ArtifactDirectory, + [Parameter(Mandatory)] + [string] $TeleportVersion + ) - begin { - $BuildUrl = "$Env:DRONE_SYSTEM_PROTO`://$Env:DRONE_SYSTEM_HOSTNAME/$Env:DRONE_REPO_OWNER/$Env:DRONE_REPO_NAME/$Env:DRONE_BUILD_NUMBER" - $GoOS = $(go env GOOS) - $GoArch = $(go env GOARCH) - $Msg = @" -Warning: ``$GoOS-$GoArch`` artifact build failed for [``$Env:DRONE_REPO_NAME``] - please investigate immediately! -Branch: ``$Env:DRONE_BRANCH`` -Commit: ``$Env:DRONE_COMMIT_SHA`` -Link: $BuildUrl -"@ - Invoke-RestMethod -Method 'Post' -Uri $Env:SLACK_WEBHOOK_DEV_TELEPORT -Body $(@{"text"=$Msg} | ConvertTo-Json) + $BinaryName = "tsh.exe" + $BuildDirectory = "$TeleportSourceDirectory\build" + $SignedBinaryPath = "$BuildDirectory\$BinaryName" + + $CommandDuration = Measure-Block { + Write-Host "::group::Building tsh..." + $UnsignedBinaryPath = "$BuildDirectory\unsigned-$BinaryName" + go build -o "$UnsignedBinaryPath" "$TeleportSourceDirectory\tool\tsh" + Write-Host "::endgroup::" + + Write-Host "::group::Signing tsh..." + Invoke-SignBinary -UnsignedBinaryPath "$UnsignedBinaryPath" -SignedBinaryPath "$SignedBinaryPath" + Write-Host "::endgroup::" + + $PackageDirectory = New-TempDirectory + Write-Host "Packaging tsh with zip directory $PackageDirectory..." + Copy-Item -Path "$SignedBinaryPath" -Destination "$PackageDirectory" + Copy-Item -Path "$TeleportSourceDirectory\CHANGELOG.md" -Destination "$PackageDirectory" + Copy-Item -Path "$TeleportSourceDirectory\README.md" -Destination "$PackageDirectory" + Out-File -FilePath "$PackageDirectory\VERSION" -InputObject "v$TeleportVersion" + Compress-Archive -Path "$PackageDirectory\*" -DestinationPath "$ArtifactDirectory\teleport-v$TeleportVersion-windows-amd64-bin.zip" + } + Write-Host $("Built TSH in {0:g}" -f $CommandDuration) + + return "$SignedBinaryPath" # This is needed for building Connect +} + +function Build-Connect { + [CmdletBinding()] + param( + [Parameter(Mandatory)] + [string] $TeleportSourceDirectory, + [Parameter(Mandatory)] + [string] $ArtifactDirectory, + [Parameter(Mandatory)] + [string] $TeleportVersion, + [Parameter(Mandatory)] + [string] $SignedTshBinaryPath + ) + + $CommandDuration = Measure-Block { + Write-Host "::group::Building Teleport Connect..." + $env:CONNECT_TSH_BIN_PATH = "$SignedTshBinaryPath" + yarn install --frozen-lockfile + yarn build-term + yarn package-term "-c.extraMetadata.version=$TeleportVersion" + $BinaryName = "Teleport Connect Setup-$TeleportVersion.exe" + Invoke-SignBinary -UnsignedBinaryPath "$TeleportSourceDirectory\web\packages\teleterm\build\release\$BinaryName" ` + -SignedBinaryPath "$ArtifactDirectory\$BinaryName" + Write-Host "::endgroup::" } + Write-Host $("Built Teleport Connect in {0:g}" -f $CommandDuration) +} + +function Build-Artifacts { + [CmdletBinding()] + param( + [Parameter(Mandatory)] + [string] $TeleportSourceDirectory, + [Parameter(Mandatory)] + [string] $TeleportVersion, + [Parameter(Mandatory)] + [string] $ArtifactDirectory + ) + Write-Host "Starting build process for Teleport $TeleportVersion..." + + # Setup for builds + Install-BuildRequirements -InstallDirectory "C:\toolchains" -TeleportSourceDirectory "$TeleportSourceDirectory" + + # Create the artifact output directory + New-Item -Path "$ArtifactDirectory" -ItemType Directory -Force | Out-Null + + # Build tsh + $SignedTshBinaryPath = Build-Tsh ` + -TeleportSourceDirectory "$TeleportSourceDirectory" ` + -ArtifactDirectory "$ArtifactDirectory" ` + -TeleportVersion "$TeleportVersion" + + # Build Teleport Connect + Build-Connect ` + -TeleportSourceDirectory "$TeleportSourceDirectory" ` + -ArtifactDirectory "$ArtifactDirectory" ` + -TeleportVersion "$TeleportVersion" ` + -SignedTshBinaryPath "$SignedTshBinaryPath" + + # Build Windows Authentication Package + Build-WindowsAuthenticationPackage ` + -TeleportSourceDirectory "$TeleportSourceDirectory" ` + -ArtifactDirectory "$ArtifactDirectory" ` + -TeleportVersion "$TeleportVersion" + + # Copy artifacts to output directory + Write-Host "::group::Generating artifact checksums..." + Format-FileHashes -PathGlob "$ArtifactDirectory\*" + Write-Host "::endgroup::" + + Write-Host "Build complete" } diff --git a/dronegen/aws.go b/dronegen/aws.go index 04176c094bf7c..d2d141deea29d 100644 --- a/dronegen/aws.go +++ b/dronegen/aws.go @@ -21,7 +21,7 @@ import ( // awsRoleSettings contains the information necessary to assume an AWS Role // -// This is intended to be imbedded, please use the kubernetes/mac/windows versions +// This is intended to be embedded, please use the kubernetes/mac versions // with their corresponding pipelines. type awsRoleSettings struct { awsAccessKeyID value diff --git a/dronegen/common.go b/dronegen/common.go index 9074cd49bdeac..7b23d29108804 100644 --- a/dronegen/common.go +++ b/dronegen/common.go @@ -148,20 +148,18 @@ func cloneRepoCommands(cloneDirectory, commit string) []string { } type buildType struct { - os string - arch string - fips bool - centos7 bool - windowsUnsigned bool - buildConnect bool + os string + arch string + fips bool + centos7 bool + buildConnect bool } // Description provides a human-facing description of the artifact, e.g.: // -// Windows 64-bit (tsh client only) // Linux ARMv7 (32-bit) // MacOS Intel .pkg installer -func (b *buildType) Description(packageType string, extraQualifications ...string) string { +func (b *buildType) Description(packageType string) string { var result string var os string @@ -175,8 +173,6 @@ func (b *buildType) Description(packageType string, extraQualifications ...strin os = "Linux" case "darwin": os = "MacOS" - case "windows": - os = "Windows" default: panic(fmt.Sprintf("unhandled OS: %s", b.os)) } @@ -207,14 +203,12 @@ func (b *buildType) Description(packageType string, extraQualifications ...strin qualifications = append(qualifications, "FedRAMP/FIPS") } - qualifications = append(qualifications, extraQualifications...) - result = os if b.os == "darwin" { result += fmt.Sprintf(" %s", darwinArch) } else { - // arch is implicit for Windows/Linux i386/amd64 + // arch is implicit for Linux i386/amd64 if arch == "" { result += fmt.Sprintf(" %d-bit", bitness) } else { @@ -268,15 +262,6 @@ func releaseMakefileTarget(b buildType) string { makefileTarget += "-fips" } - // Override Windows targets. - if b.os == "windows" { - if b.windowsUnsigned { - makefileTarget = "release-windows-unsigned" - } else { - makefileTarget = "release-windows" - } - } - return makefileTarget } diff --git a/dronegen/push.go b/dronegen/push.go index fab5ea81ebe73..868b7cabdf299 100644 --- a/dronegen/push.go +++ b/dronegen/push.go @@ -63,11 +63,9 @@ func pushPipelines() []pipeline { }, })) - // Only amd64 Windows is supported for now. - ps = append(ps, ghaLinuxPushPipeline(buildType{os: "windows", arch: "amd64", windowsUnsigned: true})) + ps = append(ps, ghaWindowsPushPipeline()) ps = append(ps, darwinPushPipelineGHA()) - ps = append(ps, windowsPushPipeline()) return ps } diff --git a/dronegen/tag.go b/dronegen/tag.go index fe440ca305b62..e74a8ba6f7d15 100644 --- a/dronegen/tag.go +++ b/dronegen/tag.go @@ -71,13 +71,6 @@ func tagBuildCommands(b buildType) []string { ) } - // For Windows builds, configure code signing. - if b.os == "windows" { - commands = append(commands, - `echo -n "$WINDOWS_SIGNING_CERT" | base64 -d > windows-signing-cert.pfx`, - ) - } - commands = append(commands, fmt.Sprintf( `make -C build.assets %s`, releaseMakefileTarget(b), @@ -92,44 +85,21 @@ func tagBuildCommands(b buildType) []string { } } - if b.os == "windows" { - commands = append(commands, - `rm -f windows-signing-cert.pfx`, - ) - } - return commands } // tagCopyArtifactCommands generates a set of commands to find and copy built tarball artifacts as part of a tag build func tagCopyArtifactCommands(b buildType) []string { - extension := ".tar.gz" - if b.os == "windows" { - extension = ".zip" - } - commands := []string{ `cd /go/src/github.com/gravitational/teleport`, } // don't copy OSS artifacts for any FIPS build if !b.fips { - commands = append(commands, - fmt.Sprintf(`find . -maxdepth 1 -iname "teleport*%s" -print -exec cp {} /go/artifacts \;`, extension), - ) + commands = append(commands, `find . -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts \;`) } - // copy enterprise artifacts - if b.os == "windows" { - commands = append(commands, - `export VERSION=$(cat /go/.version.txt)`, - `cp /go/artifacts/teleport-v$${VERSION}-windows-amd64-bin.zip /go/artifacts/teleport-ent-v$${VERSION}-windows-amd64-bin.zip`, - ) - } else { - commands = append(commands, - `find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts \;`, - ) - } + commands = append(commands, `find e/ -maxdepth 1 -iname "teleport*.tar.gz" -print -exec cp {} /go/artifacts \;`) // we need to specifically rename artifacts which are created for CentOS // these is the only special case where renaming is not handled inside the Makefile @@ -155,7 +125,7 @@ func tagCopyArtifactCommands(b buildType) []string { } // generate checksums - commands = append(commands, fmt.Sprintf(`cd /go/artifacts && for FILE in teleport*%s; do sha256sum $FILE > $FILE.sha256; done && ls -l`, extension)) + commands = append(commands, `cd /go/artifacts && for FILE in teleport*.tar.gz; do sha256sum $FILE > $FILE.sha256; done && ls -l`) if b.os == "linux" && b.hasTeleportConnect() { commands = append(commands, @@ -262,16 +232,13 @@ func tagPipelines() []pipeline { }, })) - // Only amd64 Windows is supported for now. - ps = append(ps, tagPipeline(buildType{os: "windows", arch: "amd64"})) - // Also add CentOS artifacts // CentOS 6 FIPS builds have been removed in Teleport 7.0. See https://github.com/gravitational/teleport/issues/7207 ps = append(ps, tagPipeline(buildType{os: "linux", arch: "amd64", centos7: true})) ps = append(ps, tagPipeline(buildType{os: "linux", arch: "amd64", centos7: true, fips: true})) ps = append(ps, darwinTagPipelineGHA()) - ps = append(ps, windowsTagPipeline()) + ps = append(ps, windowsTagPipelineGHA()) ps = append(ps, tagCleanupPipeline()) return ps @@ -303,15 +270,6 @@ func tagPipeline(b buildType) pipeline { tagEnvironment["FIPS"] = value{raw: "yes"} } - if b.os == "windows" { - tagEnvironment["WINDOWS_SIGNING_CERT"] = value{fromSecret: "WINDOWS_SIGNING_CERT"} - } - - var extraQualifications []string - if b.os == "windows" { - extraQualifications = []string{"tsh client only"} - } - p := newKubePipeline(pipelineName) p.Environment = map[string]value{ "BUILDBOX_VERSION": buildboxVersion, @@ -367,7 +325,7 @@ func tagPipeline(b buildType) pipeline { Name: "Register artifacts", Image: "docker", Pull: "if-not-exists", - Commands: tagCreateReleaseAssetCommands(b, "", extraQualifications), + Commands: tagCreateReleaseAssetCommands(b, ""), Environment: map[string]value{ "RELEASES_CERT": {fromSecret: "RELEASES_CERT"}, "RELEASES_KEY": {fromSecret: "RELEASES_KEY"}, @@ -419,7 +377,7 @@ func tagCopyPackageArtifactCommands(b buildType, packageType string) []string { } // createReleaseAssetCommands generates a set of commands to create release & asset in release management service -func tagCreateReleaseAssetCommands(b buildType, packageType string, extraQualifications []string) []string { +func tagCreateReleaseAssetCommands(b buildType, packageType string) []string { commands := []string{ `WORKSPACE_DIR=$${WORKSPACE_DIR:-/}`, `VERSION=$(cat "$WORKSPACE_DIR/go/.version.txt")`, @@ -461,7 +419,7 @@ find . -type f ! -iname '*.sha256' ! -iname '*-unsigned.zip*' | while read -r fi curl $CREDENTIALS --fail -o /dev/null -F description="$description" -F os="%[2]s" -F arch="%[3]s" -F "file=@$file" -F "sha256=$shasum" $release_params "$RELEASES_HOST/assets"; done`, - b.Description(packageType, extraQualifications...), b.os, b.arch), + b.Description(packageType), b.os, b.arch), } return commands } @@ -628,7 +586,7 @@ func tagPackagePipeline(packageType string, b buildType) pipeline { { Name: "Register artifacts", Image: "docker", - Commands: tagCreateReleaseAssetCommands(b, strings.ToUpper(packageType), nil), + Commands: tagCreateReleaseAssetCommands(b, strings.ToUpper(packageType)), Environment: map[string]value{ "RELEASES_CERT": {fromSecret: "RELEASES_CERT"}, "RELEASES_KEY": {fromSecret: "RELEASES_KEY"}, diff --git a/dronegen/types.go b/dronegen/types.go index 5d07fc5949b33..b562ee6857429 100644 --- a/dronegen/types.go +++ b/dronegen/types.go @@ -56,16 +56,6 @@ func newKubePipeline(name string) pipeline { } } -func newExecPipeline(name string) pipeline { - return pipeline{ - comment: generatedComment(), - Kind: "pipeline", - Type: "exec", - Name: name, - Clone: clone{Disable: true}, - } -} - func generatedComment() string { c := `################################################ # Generated using dronegen, do not edit by hand! diff --git a/dronegen/windows.go b/dronegen/windows.go index 5aa0100da71a3..448c77e80842a 100644 --- a/dronegen/windows.go +++ b/dronegen/windows.go @@ -15,329 +15,33 @@ package main import ( - "path" + "fmt" + "time" ) -const ( - perBuildWorkspace = `$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER` - toolchainDir = `/toolchains` - teleportSrc = `/go/src/github.com/gravitational/teleport` - - relcliURL = `https://cdn.teleport.dev/relcli-master-93a9f40-20230504T2005101-windows.exe` - relcliSha256 = `22d32a57a4b999e619162bebb96d0adf4b3df2596ef4c89b77154e7f96abbf30` -) - -func newWindowsPipeline(name string) pipeline { - p := newExecPipeline(name) - p.Workspace.Path = path.Join("C:/Drone/Workspace", name) - p.Platform = platform{OS: "windows", Arch: "amd64"} - p.Node = map[string]value{ - "buildbox_version": buildboxVersion, - } - return p +func ghaWindowsPushPipeline() pipeline { + return getWindowsPipeline(triggerPush, "push", "${DRONE_BRANCH}") } -func windowsTagPipeline() pipeline { - p := newWindowsPipeline("build-native-windows-amd64") - p.Concurrency.Limit = 1 - p.DependsOn = []string{tagCleanupPipelineName} - p.Trigger = triggerTag - - p.Steps = []step{ - cloneWindowsRepositoriesStep(p.Workspace.Path), - updateWindowsSubreposStep(p.Workspace.Path), - installWindowsNodeToolchainStep(p.Workspace.Path), - installWindowsGoToolchainStep(p.Workspace.Path), - buildWindowsAuthenticationPackageStep(p.Workspace.Path), - buildWindowsTshStep(p.Workspace.Path), - signTshStep(p.Workspace.Path), - buildWindowsTeleportConnectStep(p.Workspace.Path), - { - Name: "Assume AWS Role", - Environment: map[string]value{ - "WORKSPACE_DIR": {raw: p.Workspace.Path}, - "AWS_ACCESS_KEY_ID": {fromSecret: "AWS_ACCESS_KEY_ID"}, - "AWS_SECRET_ACCESS_KEY": {fromSecret: "AWS_SECRET_ACCESS_KEY"}, - "AWS_ROLE": {fromSecret: "AWS_ROLE"}, - }, - Commands: []string{ - `$Workspace = "` + perBuildWorkspace + `"`, - `$TeleportSrc = "$Workspace` + teleportSrc + `"`, - `$AwsSharedCredentialsFile = "$Workspace/credentials"`, - `$SessionName = "drone-$Env:DRONE_REPO-$Env:DRONE_BUILD_NUMBER".replace("/", "-")`, - `. "$TeleportSrc/build.assets/windows/build.ps1"`, - `Get-STSCallerIdentity`, - `Save-Role -RoleArn $Env:AWS_ROLE -RoleSessionName $SessionName -FilePath $AwsSharedCredentialsFile`, - `Get-ChildItem -Path Env: | Where-Object {($_.Name -Like "AWS_SECRET_ACCESS_KEY") -or ($_.Name -Like "AWS_ACCESS_KEY_ID") } | Remove-Item`, - `Get-STSCallerIdentity -ProfileLocation $AwsSharedCredentialsFile`, - }, - }, - { - Name: "Upload Artifacts", - Environment: map[string]value{ - "WORKSPACE_DIR": {raw: p.Workspace.Path}, - "AWS_REGION": {raw: "us-west-2"}, - "AWS_S3_BUCKET": {fromSecret: "AWS_S3_BUCKET"}, - }, - Commands: []string{ - `$Workspace = "` + perBuildWorkspace + `"`, - `$TeleportSrc = "$Workspace` + teleportSrc + `"`, - `$TeleportVersion=$Env:DRONE_TAG.TrimStart('v')`, - `$AwsSharedCredentialsFile = "$Workspace/credentials"`, - `$OutputsDir="$Workspace/outputs"`, - `New-Item -Path "$OutputsDir" -ItemType 'Directory' | Out-Null`, - `Get-ChildItem "$TeleportSrc/web/packages/teleterm/build/release`, - `Copy-Item -Path "$TeleportSrc/web/packages/teleterm/build/release/Teleport Connect Setup*.exe" -Destination $OutputsDir`, - `Copy-Item -Path "$TeleportSrc/e/windowsauth/build/teleport-windows-auth-setup-*.exe" -Destination $OutputsDir`, - `. "$TeleportSrc/build.assets/windows/build.ps1"`, - `Format-FileHashes -PathGlob "$OutputsDir/*.exe"`, - `Copy-Artifacts -ProfileLocation $AwsSharedCredentialsFile -Path $OutputsDir -Bucket $Env:AWS_S3_BUCKET -DstRoot "/teleport/tag/$TeleportVersion"`, - }, - }, - windowsRegisterArtifactsStep(p.Workspace.Path), - cleanUpWindowsWorkspaceStep(p.Workspace.Path), - } - return p +func windowsTagPipelineGHA() pipeline { + return getWindowsPipeline(triggerTag, "tag", "${DRONE_TAG}") } -func windowsPushPipeline() pipeline { - p := newWindowsPipeline("push-build-native-windows-amd64") - p.Trigger = trigger{ - Event: triggerRef{Include: []string{"push"}, Exclude: []string{"pull_request"}}, - Branch: triggerRef{Include: []string{"master", "branch/*"}}, - Repo: triggerRef{Include: []string{"gravitational/*"}}, - } - - p.Steps = []step{ - cloneWindowsRepositoriesStep(p.Workspace.Path), - updateWindowsSubreposStep(p.Workspace.Path), - installWindowsNodeToolchainStep(p.Workspace.Path), - installWindowsGoToolchainStep(p.Workspace.Path), - buildWindowsTshStep(p.Workspace.Path), - signTshStep(p.Workspace.Path), - buildWindowsTeleportConnectStep(p.Workspace.Path), - buildWindowsAuthenticationPackageStep(p.Workspace.Path), - cleanUpWindowsWorkspaceStep(p.Workspace.Path), - { - Name: "Send Slack notification (exec)", - Environment: map[string]value{ - "WORKSPACE_DIR": {raw: p.Workspace.Path}, - "SLACK_WEBHOOK_DEV_TELEPORT": {fromSecret: "SLACK_WEBHOOK_DEV_TELEPORT"}, - }, - Commands: []string{ - `$Workspace = "` + perBuildWorkspace + `"`, - `$TeleportSrc = "$Workspace` + teleportSrc + `"`, - `. "$TeleportSrc/build.assets/windows/build.ps1"`, - `Send-ErrorMessage`, +func getWindowsPipeline(pipelineTrigger trigger, triggerName, reference string) pipeline { + return ghaBuildPipeline( + ghaBuildType{ + trigger: pipelineTrigger, + pipelineName: fmt.Sprintf("%s-build-windows-amd64", triggerName), + workflows: []ghaWorkflow{ + { + name: "release-windows.yaml", + timeout: 30 * time.Minute, + slackOnError: true, + srcRefVar: "DRONE_COMMIT", + ref: reference, + shouldTagWorkflow: true, + }, }, - When: &condition{Status: []string{"failure"}}, - }, - } - - return p -} - -func cloneWindowsRepositoriesStep(workspace string) step { - return step{ - Name: "Check out Teleport", - Environment: map[string]value{ - "WORKSPACE_DIR": {raw: workspace}, - }, - Commands: []string{ - `$ErrorActionPreference = 'Stop'`, - `$Workspace = "` + perBuildWorkspace + `"`, - `$TeleportSrc = "$Workspace` + teleportSrc + `"`, - `$TeleportRev = if ($Env:DRONE_TAG -ne $null) { $Env:DRONE_TAG } else { $Env:DRONE_COMMIT }`, - `New-Item -Path $TeleportSrc -ItemType Directory | Out-Null`, - `cd $TeleportSrc`, - `git clone https://github.com/gravitational/${DRONE_REPO_NAME}.git .`, - `git checkout $TeleportRev`, - }, - } -} - -func updateWindowsSubreposStep(workspace string) step { - return step{ - Name: "Checkout Submodules", - Environment: map[string]value{ - "WORKSPACE_DIR": {raw: workspace}, - "GITHUB_PRIVATE_KEY": {fromSecret: "GITHUB_PRIVATE_KEY"}, - }, - Commands: []string{ - `$ErrorActionPreference = 'Stop'`, - `$Workspace = "` + perBuildWorkspace + `"`, - `$TeleportSrc = "$Workspace` + teleportSrc + `"`, - `. "$TeleportSrc/build.assets/windows/build.ps1"`, - `Enable-Git -Workspace $Workspace -PrivateKey $Env:GITHUB_PRIVATE_KEY`, - `cd $TeleportSrc`, - `git submodule update --init e`, - `Reset-Git -Workspace $Workspace`, - }, - } -} - -func installWindowsNodeToolchainStep(workspacePath string) step { - return step{ - Name: "Install Node Toolchain", - Environment: map[string]value{"WORKSPACE_DIR": {raw: workspacePath}}, - Commands: []string{ - `$ProgressPreference = 'SilentlyContinue'`, - `$ErrorActionPreference = 'Stop'`, - `$Workspace = "` + perBuildWorkspace + `"`, - `$TeleportSrc = "$Workspace` + teleportSrc + `"`, - `. "$TeleportSrc/build.assets/windows/build.ps1"`, - `Push-Location "$TeleportSrc/build.assets"`, - `$NodeVersion = $(make print-node-version).Trim()`, - `Pop-Location`, - `Install-Node -NodeVersion $NodeVersion -ToolchainDir "$Workspace` + toolchainDir + `"`, - }, - } -} - -func installWindowsGoToolchainStep(workspacePath string) step { - return step{ - Name: "Install Go Toolchain", - Environment: map[string]value{"WORKSPACE_DIR": {raw: workspacePath}}, - Commands: []string{ - `$ProgressPreference = 'SilentlyContinue'`, - `$ErrorActionPreference = 'Stop'`, - `$Workspace = "` + perBuildWorkspace + `"`, - `$TeleportSrc = "$Workspace` + teleportSrc + `"`, - `. "$TeleportSrc/build.assets/windows/build.ps1"`, - `Push-Location "$TeleportSrc/build.assets"`, - `$GoVersion = $(make print-go-version).TrimStart("go")`, - `Pop-Location`, - `Install-Go -GoVersion $GoVersion -ToolchainDir "$Workspace` + toolchainDir + `"`, - }, - } -} - -func buildWindowsTshStep(workspace string) step { - return step{ - Name: "Build tsh", - Environment: map[string]value{ - "WORKSPACE_DIR": {raw: workspace}, - }, - Commands: []string{ - `$ErrorActionPreference = 'Stop'`, - `$Workspace = "` + perBuildWorkspace + `"`, - `$Env:GOCACHE = "$Workspace/gocache"`, - `$TeleportSrc = "$Workspace` + teleportSrc + `"`, - `. "$TeleportSrc/build.assets/windows/build.ps1"`, - `Enable-Go -ToolchainDir "$Workspace` + toolchainDir + `"`, - `cd $TeleportSrc`, - `$Env:GCO_ENABLED=1`, - `go build -o build/tsh-unsigned.exe ./tool/tsh`, - }, - } -} - -func signTshStep(workspace string) step { - return step{ - Name: "Sign tsh", - Environment: map[string]value{ - "WORKSPACE_DIR": {raw: workspace}, - "WINDOWS_SIGNING_CERT": {fromSecret: "WINDOWS_SIGNING_CERT"}, - }, - Commands: []string{ - `$ErrorActionPreference = 'Stop'`, - `$Workspace = "` + perBuildWorkspace + `"`, - `$TeleportSrc = "$Workspace` + teleportSrc + `"`, - `. "$TeleportSrc/build.assets/windows/build.ps1"`, - `cd $TeleportSrc`, - `([System.Convert]::FromBase64String($ENV:WINDOWS_SIGNING_CERT)) | Set-Content windows-signing-cert.pfx -Encoding Byte`, - `& 'C:\Program Files (x86)\Windows Kits\10\App Certification Kit\signtool.exe' sign /f windows-signing-cert.pfx /d Teleport /t http://timestamp.digicert.com /du https://goteleport.com /fd sha256 build\tsh-unsigned.exe`, - `mv build\tsh-unsigned.exe build\tsh.exe`, - `rm -r windows-signing-cert.pfx`, - }, - } -} - -func buildWindowsTeleportConnectStep(workspace string) step { - return step{ - Name: "Build Teleport Connect", - Environment: map[string]value{ - "WORKSPACE_DIR": {raw: workspace}, - "CSC_LINK": {fromSecret: "WINDOWS_SIGNING_CERT"}, - }, - Commands: []string{ - `$ErrorActionPreference = 'Stop'`, - `$Workspace = "` + perBuildWorkspace + `"`, - `$TeleportSrc = "$Workspace` + teleportSrc + `"`, - `. "$TeleportSrc/build.assets/windows/build.ps1"`, - `Enable-Node -ToolchainDir "$Workspace` + toolchainDir + `"`, - `Push-Location $TeleportSrc`, - `$TeleportVersion=$(make print-version).Trim()`, - `$Env:CONNECT_TSH_BIN_PATH="$TeleportSrc\build\tsh.exe"`, - `yarn install --frozen-lockfile`, - `yarn build-term`, - `yarn package-term "-c.extraMetadata.version=$TeleportVersion"`, - }, - } -} - -func buildWindowsAuthenticationPackageStep(workspace string) step { - return step{ - Name: "Build Windows Authentication Package", - Environment: map[string]value{ - "WORKSPACE_DIR": {raw: workspace}, - "WINDOWS_SIGNING_CERT": {fromSecret: "WINDOWS_SIGNING_CERT"}, - }, - Commands: []string{ - `$ErrorActionPreference = 'Stop'`, - `$Workspace = "` + perBuildWorkspace + `"`, - `$Env:GOCACHE = "$Workspace/gocache"`, - `$TeleportSrc = "$Workspace` + teleportSrc + `"`, - `. "$TeleportSrc/build.assets/windows/build.ps1"`, - `Enable-Go -ToolchainDir "$Workspace` + toolchainDir + `"`, - `cd $TeleportSrc`, - `$TeleportVersion=$(make print-version).Trim()`, - `cd "$TeleportSrc\e\windowsauth"`, - `make VERSION=v$TeleportVersion all`, - `([System.Convert]::FromBase64String($ENV:WINDOWS_SIGNING_CERT)) | Set-Content windows-signing-cert.pfx -Encoding Byte`, - `& 'C:\Program Files (x86)\Windows Kits\10\App Certification Kit\signtool.exe' sign /f windows-signing-cert.pfx /d Teleport /t http://timestamp.digicert.com /du https://goteleport.com /fd sha256 build/teleport-windows-auth-setup-v$TeleportVersion-amd64.exe`, - `rm -r windows-signing-cert.pfx`, - }, - } -} - -func windowsRegisterArtifactsStep(workspace string) step { - return step{ - Name: "Register artifacts", - Environment: map[string]value{ - "WORKSPACE_DIR": {raw: workspace}, - "RELEASES_CERT": {fromSecret: "RELEASES_CERT"}, - "RELEASES_KEY": {fromSecret: "RELEASES_KEY"}, - "RELCLI_BASE_URL": {raw: releasesHost}, - }, - Commands: []string{ - `$ErrorActionPreference = 'Stop'`, - `$ProgressPreference = 'SilentlyContinue'`, - `$Workspace = "` + perBuildWorkspace + `"`, - `$TeleportSrc = "$Workspace` + teleportSrc + `"`, - `$OutputsDir = "$Workspace/outputs"`, - `$relcliUrl = '` + relcliURL + `'`, - `$relcliSha256 = '` + relcliSha256 + `'`, - `. "$TeleportSrc/build.assets/windows/build.ps1"`, - `Get-Relcli -Url $relcliUrl -Sha256 $relcliSha256 -Workspace $Workspace`, - `Register-Artifacts -Workspace $Workspace -Outputs $OutputsDir`, - }, - } -} - -func cleanUpWindowsWorkspaceStep(workspacePath string) step { - return step{ - Name: "Clean up workspace (post)", - Environment: map[string]value{"WORKSPACE_DIR": {raw: workspacePath}}, - When: &condition{ - Status: []string{"success", "failure"}, - }, - Commands: []string{ - // We don't want to break the build based on just a failed cleanup, - // so we just tell PowerShell to carry on as best it can in the - // face of an error - `$ErrorActionPreference = 'Continue'`, - `Remove-Item -Recurse -Force -Path "$Env:WORKSPACE_DIR/$Env:DRONE_BUILD_NUMBER"`, }, - } + ) } From b90bbf987ee2bfb9794388f07a43b59e243bcd89 Mon Sep 17 00:00:00 2001 From: Fred Heinecke Date: Fri, 10 Nov 2023 03:55:03 -0600 Subject: [PATCH 2/2] bump e ref --- e | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/e b/e index 8f13ccc061a27..483e1b10611b5 160000 --- a/e +++ b/e @@ -1 +1 @@ -Subproject commit 8f13ccc061a2768fa0ad8cc82c5df1baadd1a96f +Subproject commit 483e1b10611b5b32249f697166fb3db7eb4982ef