Add ent-specific test binary build rules (#20334)

This fixes the binary building on ent, except because I ran into problems with the binary-based tests there, I've included a bunch of `github.repository != 'hashicorp/vault-enterprise'` conditions to disable the binary building. I'll fix the test problems in a future PR and remove those repo conditions.
2025-10-29 09:42:25 +00:00 · 2023-04-25 10:49:34 -04:00
parent 6f7ae8b178
commit 3a3617a735
1 changed files with 58 additions and 7 deletions
--- a/.github/workflows/test-go.yml
+++ b/.github/workflows/test-go.yml
@@ -61,29 +61,78 @@ jobs:
        INDEX_JSON="$(jq --null-input --compact-output '. |= [inputs]' <<< "${INDEX_LIST}")"
        echo "indexes=${INDEX_JSON}" >> "${GITHUB_OUTPUT}"
  build-vault:
+    permissions:
+      id-token: write  # Note: this permission is explicitly required for Vault auth
+      contents: read
    runs-on: ${{ fromJSON(inputs.runs-on) }}
    name: Build Vault dev binary
    steps:
    - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c
      if: |
        ! contains(inputs.extra-flags, '-race') &&
-        ! contains(inputs.go-build-tags, 'fips')
+        ! contains(inputs.go-build-tags, 'fips') &&
+        github.repository != 'hashicorp/vault-enterprise'
    - uses: actions/setup-go@d0a58c1c4d2b25278816e339b944508c875f3613
      if: |
        ! contains(inputs.extra-flags, '-race') &&
-        ! contains(inputs.go-build-tags, 'fips')
+        ! contains(inputs.go-build-tags, 'fips') &&
+        github.repository != 'hashicorp/vault-enterprise'
      with:
        go-version-file: ./.go-version
        cache: true
+    - name: Authenticate to Vault
+      id: vault-auth
+      if: github.repository == 'hashicorp/vault-enterprise'
+      run: vault-auth
+    - name: Fetch Secrets
+      id: secrets
+      if: github.repository == 'hashicorp/vault-enterprise'
+      uses: hashicorp/vault-action@130d1f5f4fe645bb6c83e4225c04d64cfb62de6e
+      with:
+        url: ${{ steps.vault-auth.outputs.addr }}
+        caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }}
+        token: ${{ steps.vault-auth.outputs.token }}
+        secrets: |
+          kv/data/github/${{ github.repository }}/datadog-ci DATADOG_API_KEY;
+          kv/data/github/${{ github.repository }}/github-token username-and-token | github-token;
+          kv/data/github/${{ github.repository }}/license license_1 | VAULT_LICENSE_CI;
+          kv/data/github/${{ github.repository }}/license license_2 | VAULT_LICENSE_2;
+          kv/data/github/${{ github.repository }}/hcp-link HCP_API_ADDRESS;
+          kv/data/github/${{ github.repository }}/hcp-link HCP_AUTH_URL;
+          kv/data/github/${{ github.repository }}/hcp-link HCP_CLIENT_ID;
+          kv/data/github/${{ github.repository }}/hcp-link HCP_CLIENT_SECRET;
+          kv/data/github/${{ github.repository }}/hcp-link HCP_RESOURCE_ID;
+    - id: setup-git-private
+      name: Setup Git configuration (private)
+      if: github.repository == 'hashicorp/vault-enterprise'
+      run: |
+        git config --global url."https://${{ steps.secrets.outputs.github-token }}@github.com".insteadOf https://github.com
+    - id: setup-git-public
+      name: Setup Git configuration (public)
+      if: github.repository != 'hashicorp/vault-enterprise'
+      run: |
+        git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN}}@github.com".insteadOf https://github.com
+    - id: go-mod-download
+      if: |
+        ! contains(inputs.extra-flags, '-race') &&
+        ! contains(inputs.go-build-tags, 'fips') &&
+        github.repository != 'hashicorp/vault-enterprise'
+      env:
+        GOPRIVATE: github.com/hashicorp/*
+      run: time go mod download -x
    - id: build
      if: |
        ! contains(inputs.extra-flags, '-race') &&
-        ! contains(inputs.go-build-tags, 'fips')
-      run: make ci-bootstrap dev
+        ! contains(inputs.go-build-tags, 'fips') &&
+        github.repository != 'hashicorp/vault-enterprise'
+      env:
+        GOPRIVATE: github.com/hashicorp/*
+      run: time make ci-bootstrap dev
    - name: Save dev binary
      if: |
        ! contains(inputs.extra-flags, '-race') &&
-        ! contains(inputs.go-build-tags, 'fips')
+        ! contains(inputs.go-build-tags, 'fips') &&
+        github.repository != 'hashicorp/vault-enterprise'
      uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce
      with:
        name: vault-dev
@@ -149,7 +198,8 @@ jobs:
      - name: Retrieve vault dev binary
        if: |
          ! contains(inputs.extra-flags, '-race') &&
-          ! contains(inputs.go-build-tags, 'fips')
+          ! contains(inputs.go-build-tags, 'fips') &&
+          github.repository != 'hashicorp/vault-enterprise'
        uses: actions/download-artifact@e9ef242655d12993efdcda9058dee2db83a2cb9b
        with:
          name: vault-dev
@@ -157,7 +207,8 @@ jobs:
      - name: Make vault dev binary executable
        if: |
          ! contains(inputs.extra-flags, '-race') &&
-          ! contains(inputs.go-build-tags, 'fips')
+          ! contains(inputs.go-build-tags, 'fips') &&
+          github.repository != 'hashicorp/vault-enterprise'
        run: chmod a+x bin/vault
      - id: run-go-tests
        name: Run Go tests