Skip to content

Commit 57dc0c7

Browse files
committed
install cross-compilation toolchain
1 parent b2df10f commit 57dc0c7

File tree

5 files changed

+197
-12
lines changed

5 files changed

+197
-12
lines changed

.github/workflows/dd-build.yaml

+79-12
Original file line numberDiff line numberDiff line change
@@ -8,18 +8,71 @@ on:
88
- "*-dd*"
99
permissions: write-all
1010
jobs:
11-
build:
12-
runs-on: ubuntu-latest
11+
build-arm64:
12+
runs-on: ubuntu-24.04-arm
13+
strategy:
14+
matrix:
15+
platform: ["linux/arm64"]
1316
steps:
1417
- uses: actions/checkout@v4
1518
with:
1619
fetch-depth: 0
17-
- name: Set release version environment variable
18-
run: echo RELEASE_VERSION=${GITHUB_REF#refs/tags/} >> $GITHUB_ENV
20+
- name: Set environment variables
21+
id: set_env
22+
run: |
23+
echo "RELEASE_VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
24+
echo "TARGET_OS=$(echo ${{ matrix.platform }} | cut -d'/' -f1)" >> $GITHUB_ENV
25+
echo "TARGET_ARCH=$(echo ${{ matrix.platform }} | cut -d'/' -f2)" >> $GITHUB_ENV
26+
export GOEXPERIMENT=boringcrypto
1927
env:
2028
GITHUB_REF: ${{ github.ref }}
2129
- name: Build etcd
22-
run: REPOSITORY=https://github.com/${{ env.GITHUB_REPOSITORY}}.git CGO_ENABLED=1 GOEXPERIMENT=boringcrypto ./scripts/build-binary ${{ env.RELEASE_VERSION }}
30+
run: |
31+
REPOSITORY=https://github.com/${{ env.GITHUB_REPOSITORY}}.git \
32+
CGO_ENABLED=1 \
33+
GO_BUILD_FLAGS="-tags=fips" \
34+
TARGET_OS=${TARGET_OS} \
35+
TARGET_ARCH=${TARGET_ARCH} \
36+
./scripts/build-release-single-target ${{ env.RELEASE_VERSION }}
37+
env:
38+
GITHUB_REPOSITORY: ${{ github.repository }}
39+
- name: Calculate checksums
40+
id: calculate_checksums
41+
shell: bash
42+
working-directory: release/
43+
run: ls . | grep -E '\.tar.gz$|\.zip$' | xargs shasum -a 256 > ./SHA256SUMS
44+
- uses: actions/upload-artifact@v4
45+
with:
46+
name: etcd_output_arm64
47+
path: release/
48+
build-amd64:
49+
strategy:
50+
matrix:
51+
platform: ["linux/amd64"]
52+
runs-on: ubuntu-latest
53+
steps:
54+
- uses: actions/checkout@v4
55+
with:
56+
fetch-depth: 0
57+
- name: Install cross-compilation toolchain
58+
run: |
59+
sudo apt-get update
60+
sudo apt-get install -y gcc-aarch64-linux-gnu
61+
- name: Set environment variables
62+
id: set_env
63+
run: |
64+
echo "RELEASE_VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
65+
echo "TARGET_OS=$(echo ${{ matrix.platform }} | cut -d'/' -f1)" >> $GITHUB_ENV
66+
echo "TARGET_ARCH=$(echo ${{ matrix.platform }} | cut -d'/' -f2)" >> $GITHUB_ENV
67+
export GOEXPERIMENT=boringcrypto
68+
- name: Build etcd
69+
run: |
70+
REPOSITORY=https://github.com/${{ env.GITHUB_REPOSITORY}}.git \
71+
CGO_ENABLED=1 \
72+
GO_BUILD_FLAGS="-tags=fips" \
73+
TARGET_OS=${TARGET_OS} \
74+
TARGET_ARCH=${TARGET_ARCH} \
75+
./scripts/build-release-single-target ${{ env.RELEASE_VERSION }}
2376
env:
2477
GITHUB_REPOSITORY: ${{ github.repository }}
2578
- name: Calculate checksums
@@ -29,13 +82,13 @@ jobs:
2982
run: ls . | grep -E '\.tar.gz$|\.zip$' | xargs shasum -a 256 > ./SHA256SUMS
3083
- uses: actions/upload-artifact@v4
3184
with:
32-
name: etcd_output
85+
name: etcd_output_amd64
3386
path: release/
3487
release:
3588
permissions:
3689
contents: write
3790
runs-on: ubuntu-latest
38-
needs: build
91+
needs: [build-amd64, build-arm64]
3992
outputs:
4093
upload_url: ${{ steps.create_release_branch.outputs.upload_url }}${{ steps.create_release_tags.outputs.upload_url }}
4194
steps:
@@ -86,9 +139,18 @@ jobs:
86139
platform: ["linux-arm64","linux-amd64"]
87140
extension: ["tar.gz"]
88141
steps:
89-
- uses: actions/download-artifact@v4
142+
- name: Set artifact name
143+
id: set_artifact
144+
run: |
145+
if [[ "${{ matrix.platform }}" == *"arm64"* ]]; then
146+
echo "ARTIFACT_NAME=etcd_output_arm64" >> $GITHUB_ENV
147+
else
148+
echo "ARTIFACT_NAME=etcd_output_amd64" >> $GITHUB_ENV
149+
fi
150+
- name: Download artifacts
151+
uses: actions/download-artifact@v4
90152
with:
91-
name: etcd_output
153+
name: ${{ env.ARTIFACT_NAME }}
92154
path: _output/release-tars
93155
github-token: ${{ secrets.GITHUB_TOKEN }}
94156
- name: Set release version environment variable
@@ -112,11 +174,16 @@ jobs:
112174
runs-on: ubuntu-latest
113175
needs: release
114176
steps:
115-
- uses: actions/download-artifact@v4
177+
- name: Create output directory
178+
run: mkdir -p _output/checksums
179+
- name: Download all artifacts
180+
uses: actions/download-artifact@v4
116181
with:
117-
name: etcd_output
118-
path: _output/checksums
182+
path: _output/artifacts
119183
github-token: ${{ secrets.GITHUB_TOKEN }}
184+
- name: Combine checksums
185+
run: |
186+
find _output/artifacts -name "SHA256SUMS" -exec cat {} \; > _output/checksums/SHA256SUMS
120187
- name: Upload checksums
121188
id: upload-checksums
122189
uses: actions/upload-release-asset@v1

etcdctl/fips.go

+6
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
//go:build fips
2+
3+
package main
4+
5+
// enforce fips compliance if boringcrypto is enabled
6+
import _ "crypto/tls/fipsonly"

etcdutl/fips.go

+6
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
//go:build fips
2+
3+
package main
4+
5+
// enforce fips compliance if boringcrypto is enabled
6+
import _ "crypto/tls/fipsonly"

scripts/build-release-single-target

+100
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,100 @@
1+
#!/usr/bin/env bash
2+
3+
set -euo pipefail
4+
5+
source ./scripts/test_lib.sh
6+
7+
VER=${1:-}
8+
REPOSITORY="${REPOSITORY:-git@github.com:etcd-io/etcd.git}"
9+
10+
if [ -z "${VER}" ]; then
11+
echo "Usage: ${0} VERSION" >> /dev/stderr
12+
exit 255
13+
fi
14+
15+
16+
function setup_env {
17+
local ver=${1}
18+
local proj=${2}
19+
20+
if [ ! -d "${proj}" ]; then
21+
run git clone "${REPOSITORY}"
22+
fi
23+
24+
pushd "${proj}" >/dev/null
25+
run git fetch --all
26+
run git checkout "${ver}"
27+
popd >/dev/null
28+
}
29+
30+
31+
function package {
32+
local target=${1}
33+
local srcdir="${2}/bin"
34+
35+
local ccdir="${srcdir}/${GOOS}_${GOARCH}"
36+
if [ -d "${ccdir}" ]; then
37+
srcdir="${ccdir}"
38+
fi
39+
local ext=""
40+
if [ "${GOOS:-}" == "windows" ]; then
41+
ext=".exe"
42+
fi
43+
for bin in etcd etcdctl etcdutl; do
44+
cp "${srcdir}/${bin}" "${target}/${bin}${ext}"
45+
done
46+
47+
cp etcd/README.md "${target}"/README.md
48+
cp etcd/etcdctl/README.md "${target}"/README-etcdctl.md
49+
cp etcd/etcdctl/READMEv2.md "${target}"/READMEv2-etcdctl.md
50+
cp etcd/etcdutl/README.md "${target}"/README-etcdutl.md
51+
52+
cp -R etcd/Documentation "${target}"/Documentation
53+
}
54+
55+
function main {
56+
local proj="etcd"
57+
58+
mkdir -p release
59+
cd release
60+
setup_env "${VER}" "${proj}"
61+
62+
local tarcmd=tar
63+
if [[ $(go env GOOS) == "darwin" ]]; then
64+
echo "Please use linux machine for release builds."
65+
exit 1
66+
fi
67+
68+
# Check if TARGET_OS and TARGET_ARCH are set
69+
if [ -z "${TARGET_OS:-}" ]; then
70+
echo "Error: TARGET_OS environment variable is required" >&2
71+
exit 1
72+
fi
73+
74+
if [ -z "${TARGET_ARCH:-}" ]; then
75+
echo "Error: TARGET_ARCH environment variable is required" >&2
76+
exit 1
77+
fi
78+
79+
export GOOS=${TARGET_OS}
80+
export GOARCH=${TARGET_ARCH}
81+
echo "Building etcd for ${GOOS}/${GOARCH}..."
82+
83+
pushd etcd >/dev/null
84+
GO_LDFLAGS="-s -w" ./build.sh
85+
popd >/dev/null
86+
87+
TARGET="etcd-${VER}-${GOOS}-${GOARCH}"
88+
mkdir "${TARGET}"
89+
package "${TARGET}" "${proj}"
90+
91+
if [ ${GOOS} == "linux" ]; then
92+
${tarcmd} cfz "${TARGET}.tar.gz" "${TARGET}"
93+
echo "Wrote release/${TARGET}.tar.gz"
94+
else
95+
zip -qr "${TARGET}.zip" "${TARGET}"
96+
echo "Wrote release/${TARGET}.zip"
97+
fi
98+
}
99+
100+
main

server/fips.go

+6
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
//go:build fips
2+
3+
package main
4+
5+
// enforce fips compliance if boringcrypto is enabled
6+
import _ "crypto/tls/fipsonly"

0 commit comments

Comments
 (0)