Skip to content

Commit be893a6

Browse files
committed
break into 2 separate jobs: build-arm64 and build-amd64
1 parent b2df10f commit be893a6

File tree

6 files changed

+200
-17
lines changed

6 files changed

+200
-17
lines changed

.github/workflows/dd-build.yaml

+78-16
Original file line numberDiff line numberDiff line change
@@ -8,18 +8,69 @@ on:
88
- "*-dd*"
99
permissions: write-all
1010
jobs:
11-
build:
12-
runs-on: ubuntu-latest
11+
build-arm64:
12+
runs-on: ubuntu-24.04-arm
13+
strategy:
14+
matrix:
15+
platform: ["linux/arm64"]
1316
steps:
1417
- uses: actions/checkout@v4
1518
with:
1619
fetch-depth: 0
17-
- name: Set release version environment variable
18-
run: echo RELEASE_VERSION=${GITHUB_REF#refs/tags/} >> $GITHUB_ENV
20+
- name: Set environment variables
21+
id: set_env
22+
run: |
23+
echo "RELEASE_VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
24+
echo "TARGET_OS=$(echo ${{ matrix.platform }} | cut -d'/' -f1)" >> $GITHUB_ENV
25+
echo "TARGET_ARCH=$(echo ${{ matrix.platform }} | cut -d'/' -f2)" >> $GITHUB_ENV
26+
export GOEXPERIMENT=boringcrypto
1927
env:
2028
GITHUB_REF: ${{ github.ref }}
2129
- name: Build etcd
22-
run: REPOSITORY=https://github.com/${{ env.GITHUB_REPOSITORY}}.git CGO_ENABLED=1 GOEXPERIMENT=boringcrypto ./scripts/build-binary ${{ env.RELEASE_VERSION }}
30+
run: |
31+
REPOSITORY=https://github.com/${{ env.GITHUB_REPOSITORY}}.git \
32+
CGO_ENABLED=1 \
33+
GO_ADDITIONAL_VARS="GOEXPERIMENT=boringcrypto" \
34+
GO_BUILD_FLAGS="-tags=fips" \
35+
TARGET_OS=${TARGET_OS} \
36+
TARGET_ARCH=${TARGET_ARCH} \
37+
./scripts/build-release-single-target ${{ env.RELEASE_VERSION }}
38+
env:
39+
GITHUB_REPOSITORY: ${{ github.repository }}
40+
- name: Calculate checksums
41+
id: calculate_checksums
42+
shell: bash
43+
working-directory: release/
44+
run: ls . | grep -E '\.tar.gz$|\.zip$' | xargs shasum -a 256 > ./SHA256SUMS
45+
- uses: actions/upload-artifact@v4
46+
with:
47+
name: etcd_output_arm64
48+
path: release/
49+
build-amd64:
50+
strategy:
51+
matrix:
52+
platform: ["linux/amd64"]
53+
runs-on: ubuntu-latest
54+
steps:
55+
- uses: actions/checkout@v4
56+
with:
57+
fetch-depth: 0
58+
- name: Set environment variables
59+
id: set_env
60+
run: |
61+
echo "RELEASE_VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
62+
echo "TARGET_OS=$(echo ${{ matrix.platform }} | cut -d'/' -f1)" >> $GITHUB_ENV
63+
echo "TARGET_ARCH=$(echo ${{ matrix.platform }} | cut -d'/' -f2)" >> $GITHUB_ENV
64+
export GOEXPERIMENT=boringcrypto
65+
- name: Build etcd
66+
run: |
67+
REPOSITORY=https://github.com/${{ env.GITHUB_REPOSITORY}}.git \
68+
CGO_ENABLED=1 \
69+
GO_ADDITIONAL_VARS="GOEXPERIMENT=boringcrypto" \
70+
GO_BUILD_FLAGS="-tags=fips" \
71+
TARGET_OS=${TARGET_OS} \
72+
TARGET_ARCH=${TARGET_ARCH} \
73+
./scripts/build-release-single-target ${{ env.RELEASE_VERSION }}
2374
env:
2475
GITHUB_REPOSITORY: ${{ github.repository }}
2576
- name: Calculate checksums
@@ -29,13 +80,13 @@ jobs:
2980
run: ls . | grep -E '\.tar.gz$|\.zip$' | xargs shasum -a 256 > ./SHA256SUMS
3081
- uses: actions/upload-artifact@v4
3182
with:
32-
name: etcd_output
83+
name: etcd_output_amd64
3384
path: release/
3485
release:
3586
permissions:
3687
contents: write
3788
runs-on: ubuntu-latest
38-
needs: build
89+
needs: [build-amd64, build-arm64]
3990
outputs:
4091
upload_url: ${{ steps.create_release_branch.outputs.upload_url }}${{ steps.create_release_tags.outputs.upload_url }}
4192
steps:
@@ -78,26 +129,32 @@ jobs:
78129
release_name: ${{ steps.extract_tags.outputs.tags }}
79130
draft: false
80131
prerelease: false
81-
releaseassetsarm:
132+
releaseassets:
82133
runs-on: ubuntu-latest
83134
needs: release
84135
strategy:
85136
matrix:
86137
platform: ["linux-arm64","linux-amd64"]
87138
extension: ["tar.gz"]
88139
steps:
89-
- uses: actions/download-artifact@v4
140+
- name: Set artifact name
141+
id: set_artifact
142+
run: |
143+
if [[ "${{ matrix.platform }}" == *"arm64"* ]]; then
144+
echo "ARTIFACT_NAME=etcd_output_arm64" >> $GITHUB_ENV
145+
else
146+
echo "ARTIFACT_NAME=etcd_output_amd64" >> $GITHUB_ENV
147+
fi
148+
- name: Download artifacts
149+
uses: actions/download-artifact@v4
90150
with:
91-
name: etcd_output
151+
name: ${{ env.ARTIFACT_NAME }}
92152
path: _output/release-tars
93153
github-token: ${{ secrets.GITHUB_TOKEN }}
94154
- name: Set release version environment variable
95155
run: echo RELEASE_VERSION=${GITHUB_REF#refs/tags/} >> $GITHUB_ENV
96156
env:
97157
GITHUB_REF: ${{ github.ref }}
98-
- name: Display structure of downloaded files
99-
run: ls -R
100-
working-directory: _output
101158
- name: Upload Release Asset
102159
id: upload-release-asset
103160
uses: actions/upload-release-asset@v1
@@ -112,11 +169,16 @@ jobs:
112169
runs-on: ubuntu-latest
113170
needs: release
114171
steps:
115-
- uses: actions/download-artifact@v4
172+
- name: Create output directory
173+
run: mkdir -p _output/checksums
174+
- name: Download all artifacts
175+
uses: actions/download-artifact@v4
116176
with:
117-
name: etcd_output
118-
path: _output/checksums
177+
path: _output/artifacts
119178
github-token: ${{ secrets.GITHUB_TOKEN }}
179+
- name: Combine checksums
180+
run: |
181+
find _output/artifacts -name "SHA256SUMS" -exec cat {} \; > _output/checksums/SHA256SUMS
120182
- name: Upload checksums
121183
id: upload-checksums
122184
uses: actions/upload-release-asset@v1

build.sh

+4-1
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,10 @@ CGO_ENABLED="${CGO_ENABLED:-0}"
2020
# Set GO_LDFLAGS="-s" for building without symbols for debugging.
2121
# shellcheck disable=SC2206
2222
GO_LDFLAGS=(${GO_LDFLAGS:-} "-X=${VERSION_SYMBOL}=${GIT_SHA}")
23-
GO_BUILD_ENV=("CGO_ENABLED=${CGO_ENABLED}" "GO_BUILD_FLAGS=${GO_BUILD_FLAGS:-}" "GOOS=${GOOS}" "GOARCH=${GOARCH}")
23+
# shellcheck disable=SC2206
24+
GO_ADDITIONAL_VARS="${GO_ADDITIONAL_VARS:-}"
25+
IFS=' ' read -r -a GO_ADDITIONAL_VARS_ARR <<< "${GO_ADDITIONAL_VARS}"
26+
GO_BUILD_ENV=("CGO_ENABLED=${CGO_ENABLED}" "${GO_ADDITIONAL_VARS_ARR[@]}" "GO_BUILD_FLAGS=${GO_BUILD_FLAGS:-}" "GOOS=${GOOS}" "GOARCH=${GOARCH}")
2427

2528
GOFAIL_VERSION=$(cd tools/mod && go list -m -f '{{.Version}}' go.etcd.io/gofail)
2629
# enable/disable failpoints

etcdctl/fips.go

+6
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
//go:build fips
2+
3+
package main
4+
5+
// enforce fips compliance if boringcrypto is enabled
6+
import _ "crypto/tls/fipsonly"

etcdutl/fips.go

+6
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
//go:build fips
2+
3+
package main
4+
5+
// enforce fips compliance if boringcrypto is enabled
6+
import _ "crypto/tls/fipsonly"

scripts/build-release-single-target

+100
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,100 @@
1+
#!/usr/bin/env bash
2+
3+
set -euo pipefail
4+
5+
source ./scripts/test_lib.sh
6+
7+
VER=${1:-}
8+
REPOSITORY="${REPOSITORY:-git@github.com:etcd-io/etcd.git}"
9+
10+
if [ -z "${VER}" ]; then
11+
echo "Usage: ${0} VERSION" >> /dev/stderr
12+
exit 255
13+
fi
14+
15+
16+
function setup_env {
17+
local ver=${1}
18+
local proj=${2}
19+
20+
if [ ! -d "${proj}" ]; then
21+
run git clone "${REPOSITORY}"
22+
fi
23+
24+
pushd "${proj}" >/dev/null
25+
run git fetch --all
26+
run git checkout "${ver}"
27+
popd >/dev/null
28+
}
29+
30+
31+
function package {
32+
local target=${1}
33+
local srcdir="${2}/bin"
34+
35+
local ccdir="${srcdir}/${GOOS}_${GOARCH}"
36+
if [ -d "${ccdir}" ]; then
37+
srcdir="${ccdir}"
38+
fi
39+
local ext=""
40+
if [ "${GOOS:-}" == "windows" ]; then
41+
ext=".exe"
42+
fi
43+
for bin in etcd etcdctl etcdutl; do
44+
cp "${srcdir}/${bin}" "${target}/${bin}${ext}"
45+
done
46+
47+
cp etcd/README.md "${target}"/README.md
48+
cp etcd/etcdctl/README.md "${target}"/README-etcdctl.md
49+
cp etcd/etcdctl/READMEv2.md "${target}"/READMEv2-etcdctl.md
50+
cp etcd/etcdutl/README.md "${target}"/README-etcdutl.md
51+
52+
cp -R etcd/Documentation "${target}"/Documentation
53+
}
54+
55+
function main {
56+
local proj="etcd"
57+
58+
mkdir -p release
59+
cd release
60+
setup_env "${VER}" "${proj}"
61+
62+
local tarcmd=tar
63+
if [[ $(go env GOOS) == "darwin" ]]; then
64+
echo "Please use linux machine for release builds."
65+
exit 1
66+
fi
67+
68+
# Check if TARGET_OS and TARGET_ARCH are set
69+
if [ -z "${TARGET_OS:-}" ]; then
70+
echo "Error: TARGET_OS environment variable is required" >&2
71+
exit 1
72+
fi
73+
74+
if [ -z "${TARGET_ARCH:-}" ]; then
75+
echo "Error: TARGET_ARCH environment variable is required" >&2
76+
exit 1
77+
fi
78+
79+
export GOOS=${TARGET_OS}
80+
export GOARCH=${TARGET_ARCH}
81+
echo "Building etcd for ${GOOS}/${GOARCH}..."
82+
83+
pushd etcd >/dev/null
84+
./build.sh
85+
popd >/dev/null
86+
87+
TARGET="etcd-${VER}-${GOOS}-${GOARCH}"
88+
mkdir "${TARGET}"
89+
package "${TARGET}" "${proj}"
90+
91+
if [ ${GOOS} == "linux" ]; then
92+
${tarcmd} cfz "${TARGET}.tar.gz" "${TARGET}"
93+
echo "Wrote release/${TARGET}.tar.gz"
94+
else
95+
zip -qr "${TARGET}.zip" "${TARGET}"
96+
echo "Wrote release/${TARGET}.zip"
97+
fi
98+
}
99+
100+
main

server/fips.go

+6
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
//go:build fips
2+
3+
package main
4+
5+
// enforce fips compliance if boringcrypto is enabled
6+
import _ "crypto/tls/fipsonly"

0 commit comments

Comments
 (0)