Skip to content

Commit 3036440

Browse files
committed
install cross-compilation toolchain
1 parent b2df10f commit 3036440

File tree

5 files changed

+193
-12
lines changed

5 files changed

+193
-12
lines changed

.github/workflows/dd-build.yaml

+75-12
Original file line numberDiff line numberDiff line change
@@ -8,18 +8,67 @@ on:
88
- "*-dd*"
99
permissions: write-all
1010
jobs:
11-
build:
12-
runs-on: ubuntu-latest
11+
build-arm64:
12+
runs-on: ubuntu-24.04-arm
13+
strategy:
14+
matrix:
15+
platform: ["linux/arm64"]
1316
steps:
1417
- uses: actions/checkout@v4
1518
with:
1619
fetch-depth: 0
17-
- name: Set release version environment variable
18-
run: echo RELEASE_VERSION=${GITHUB_REF#refs/tags/} >> $GITHUB_ENV
20+
- name: Set environment variables
21+
id: set_env
22+
run: |
23+
echo "RELEASE_VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
24+
echo "TARGET_OS=$(echo ${{ matrix.platform }} | cut -d'/' -f1)" >> $GITHUB_ENV
25+
echo "TARGET_ARCH=$(echo ${{ matrix.platform }} | cut -d'/' -f2)" >> $GITHUB_ENV
26+
export GOEXPERIMENT=boringcrypto
1927
env:
2028
GITHUB_REF: ${{ github.ref }}
2129
- name: Build etcd
22-
run: REPOSITORY=https://github.com/${{ env.GITHUB_REPOSITORY}}.git CGO_ENABLED=1 GOEXPERIMENT=boringcrypto ./scripts/build-binary ${{ env.RELEASE_VERSION }}
30+
run: |
31+
REPOSITORY=https://github.com/${{ env.GITHUB_REPOSITORY}}.git \
32+
CGO_ENABLED=1 \
33+
GO_BUILD_FLAGS="-tags=fips" \
34+
TARGET_OS=${TARGET_OS} \
35+
TARGET_ARCH=${TARGET_ARCH} \
36+
./scripts/build-release-single-target ${{ env.RELEASE_VERSION }}
37+
env:
38+
GITHUB_REPOSITORY: ${{ github.repository }}
39+
- name: Calculate checksums
40+
id: calculate_checksums
41+
shell: bash
42+
working-directory: release/
43+
run: ls . | grep -E '\.tar.gz$|\.zip$' | xargs shasum -a 256 > ./SHA256SUMS
44+
- uses: actions/upload-artifact@v4
45+
with:
46+
name: etcd_output_arm64
47+
path: release/
48+
build-amd64:
49+
strategy:
50+
matrix:
51+
platform: ["linux/amd64"]
52+
runs-on: ubuntu-latest
53+
steps:
54+
- uses: actions/checkout@v4
55+
with:
56+
fetch-depth: 0
57+
- name: Set environment variables
58+
id: set_env
59+
run: |
60+
echo "RELEASE_VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
61+
echo "TARGET_OS=$(echo ${{ matrix.platform }} | cut -d'/' -f1)" >> $GITHUB_ENV
62+
echo "TARGET_ARCH=$(echo ${{ matrix.platform }} | cut -d'/' -f2)" >> $GITHUB_ENV
63+
export GOEXPERIMENT=boringcrypto
64+
- name: Build etcd
65+
run: |
66+
REPOSITORY=https://github.com/${{ env.GITHUB_REPOSITORY}}.git \
67+
CGO_ENABLED=1 \
68+
GO_BUILD_FLAGS="-tags=fips" \
69+
TARGET_OS=${TARGET_OS} \
70+
TARGET_ARCH=${TARGET_ARCH} \
71+
./scripts/build-release-single-target ${{ env.RELEASE_VERSION }}
2372
env:
2473
GITHUB_REPOSITORY: ${{ github.repository }}
2574
- name: Calculate checksums
@@ -29,13 +78,13 @@ jobs:
2978
run: ls . | grep -E '\.tar.gz$|\.zip$' | xargs shasum -a 256 > ./SHA256SUMS
3079
- uses: actions/upload-artifact@v4
3180
with:
32-
name: etcd_output
81+
name: etcd_output_amd64
3382
path: release/
3483
release:
3584
permissions:
3685
contents: write
3786
runs-on: ubuntu-latest
38-
needs: build
87+
needs: [build-amd64, build-arm64]
3988
outputs:
4089
upload_url: ${{ steps.create_release_branch.outputs.upload_url }}${{ steps.create_release_tags.outputs.upload_url }}
4190
steps:
@@ -86,9 +135,18 @@ jobs:
86135
platform: ["linux-arm64","linux-amd64"]
87136
extension: ["tar.gz"]
88137
steps:
89-
- uses: actions/download-artifact@v4
138+
- name: Set artifact name
139+
id: set_artifact
140+
run: |
141+
if [[ "${{ matrix.platform }}" == *"arm64"* ]]; then
142+
echo "ARTIFACT_NAME=etcd_output_arm64" >> $GITHUB_ENV
143+
else
144+
echo "ARTIFACT_NAME=etcd_output_amd64" >> $GITHUB_ENV
145+
fi
146+
- name: Download artifacts
147+
uses: actions/download-artifact@v4
90148
with:
91-
name: etcd_output
149+
name: ${{ env.ARTIFACT_NAME }}
92150
path: _output/release-tars
93151
github-token: ${{ secrets.GITHUB_TOKEN }}
94152
- name: Set release version environment variable
@@ -112,11 +170,16 @@ jobs:
112170
runs-on: ubuntu-latest
113171
needs: release
114172
steps:
115-
- uses: actions/download-artifact@v4
173+
- name: Create output directory
174+
run: mkdir -p _output/checksums
175+
- name: Download all artifacts
176+
uses: actions/download-artifact@v4
116177
with:
117-
name: etcd_output
118-
path: _output/checksums
178+
path: _output/artifacts
119179
github-token: ${{ secrets.GITHUB_TOKEN }}
180+
- name: Combine checksums
181+
run: |
182+
find _output/artifacts -name "SHA256SUMS" -exec cat {} \; > _output/checksums/SHA256SUMS
120183
- name: Upload checksums
121184
id: upload-checksums
122185
uses: actions/upload-release-asset@v1

etcdctl/fips.go

+6
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
//go:build fips
2+
3+
package main
4+
5+
// enforce fips compliance if boringcrypto is enabled
6+
import _ "crypto/tls/fipsonly"

etcdutl/fips.go

+6
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
//go:build fips
2+
3+
package main
4+
5+
// enforce fips compliance if boringcrypto is enabled
6+
import _ "crypto/tls/fipsonly"

scripts/build-release-single-target

+100
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,100 @@
1+
#!/usr/bin/env bash
2+
3+
set -euo pipefail
4+
5+
source ./scripts/test_lib.sh
6+
7+
VER=${1:-}
8+
REPOSITORY="${REPOSITORY:-git@github.com:etcd-io/etcd.git}"
9+
10+
if [ -z "${VER}" ]; then
11+
echo "Usage: ${0} VERSION" >> /dev/stderr
12+
exit 255
13+
fi
14+
15+
16+
function setup_env {
17+
local ver=${1}
18+
local proj=${2}
19+
20+
if [ ! -d "${proj}" ]; then
21+
run git clone "${REPOSITORY}"
22+
fi
23+
24+
pushd "${proj}" >/dev/null
25+
run git fetch --all
26+
run git checkout "${ver}"
27+
popd >/dev/null
28+
}
29+
30+
31+
function package {
32+
local target=${1}
33+
local srcdir="${2}/bin"
34+
35+
local ccdir="${srcdir}/${GOOS}_${GOARCH}"
36+
if [ -d "${ccdir}" ]; then
37+
srcdir="${ccdir}"
38+
fi
39+
local ext=""
40+
if [ "${GOOS:-}" == "windows" ]; then
41+
ext=".exe"
42+
fi
43+
for bin in etcd etcdctl etcdutl; do
44+
cp "${srcdir}/${bin}" "${target}/${bin}${ext}"
45+
done
46+
47+
cp etcd/README.md "${target}"/README.md
48+
cp etcd/etcdctl/README.md "${target}"/README-etcdctl.md
49+
cp etcd/etcdctl/READMEv2.md "${target}"/READMEv2-etcdctl.md
50+
cp etcd/etcdutl/README.md "${target}"/README-etcdutl.md
51+
52+
cp -R etcd/Documentation "${target}"/Documentation
53+
}
54+
55+
function main {
56+
local proj="etcd"
57+
58+
mkdir -p release
59+
cd release
60+
setup_env "${VER}" "${proj}"
61+
62+
local tarcmd=tar
63+
if [[ $(go env GOOS) == "darwin" ]]; then
64+
echo "Please use linux machine for release builds."
65+
exit 1
66+
fi
67+
68+
# Check if TARGET_OS and TARGET_ARCH are set
69+
if [ -z "${TARGET_OS:-}" ]; then
70+
echo "Error: TARGET_OS environment variable is required" >&2
71+
exit 1
72+
fi
73+
74+
if [ -z "${TARGET_ARCH:-}" ]; then
75+
echo "Error: TARGET_ARCH environment variable is required" >&2
76+
exit 1
77+
fi
78+
79+
export GOOS=${TARGET_OS}
80+
export GOARCH=${TARGET_ARCH}
81+
echo "Building etcd for ${GOOS}/${GOARCH}..."
82+
83+
pushd etcd >/dev/null
84+
./build.sh
85+
popd >/dev/null
86+
87+
TARGET="etcd-${VER}-${GOOS}-${GOARCH}"
88+
mkdir "${TARGET}"
89+
package "${TARGET}" "${proj}"
90+
91+
if [ ${GOOS} == "linux" ]; then
92+
${tarcmd} cfz "${TARGET}.tar.gz" "${TARGET}"
93+
echo "Wrote release/${TARGET}.tar.gz"
94+
else
95+
zip -qr "${TARGET}.zip" "${TARGET}"
96+
echo "Wrote release/${TARGET}.zip"
97+
fi
98+
}
99+
100+
main

server/fips.go

+6
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
//go:build fips
2+
3+
package main
4+
5+
// enforce fips compliance if boringcrypto is enabled
6+
import _ "crypto/tls/fipsonly"

0 commit comments

Comments
 (0)