Aahel/release beta5 (#94)

* bump version of setup-terraform and remove gotestsum retries

* Update SSM Set to allow for Advanced Tier Parameters (#78)

* Bump github.com/hashicorp/consul from 1.15.2 to 1.15.3 in /consul-lambda (#75)

Bumps [github.com/hashicorp/consul](https://github.com/hashicorp/consul) from 1.15.2 to 1.15.3.
- [Release notes](https://github.com/hashicorp/consul/releases)
- [Changelog](https://github.com/hashicorp/consul/blob/main/CHANGELOG.md)
- [Commits](hashicorp/consul@v1.15.2...v1.15.3)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/consul
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump google.golang.org/grpc from 1.50.1 to 1.53.0 in /test/acceptance (#79)

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.50.1 to 1.53.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.50.1...v1.53.0)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Ajsanon/ux updates (#80)

* Lambda Reg UX changes to simplify for users

* - added pull through cache
- removed all provisioners and used providers

* bumped lambda_registrator_image tag

* fixed terraform fmt

* moved providers to examples/lambda providers.tf

* fixed provider and other minor fixes

* added pull_through var in examples

* fixed terraform lint

* fix minor fmt issues

* review fixes

* minor name change

* fix tf lint

* variable name changes

* added changelog

---------

Co-authored-by: AJ Sanon <[email protected]>

* Revert "Ajsanon/ux updates (#80)" (#81)

This reverts commit db2b43a.

* Add support for pushing `consul-lambda-registrator` public image to p… (#82)

* Add support for pushing `consul-lambda-registrator` public image to private ecr repo through terraform

* fmt tf

* minor readme fix

* addressed review comments

* added fixes and fixed acceptance test

* updated aws provider version

* updated aws provider version

* added force_delete to aws_ecr_repository in test

* fmt tf

* Update modules/lambda-registrator/main.tf

Co-authored-by: Chris Thain <[email protected]>

* Update modules/lambda-registrator/main.tf

Co-authored-by: Chris Thain <[email protected]>

* Update modules/lambda-registrator/variables.tf

Co-authored-by: Chris Thain <[email protected]>

* grouped data sources together

* added review changes

* add some fixes

* test fixes

* minor test fix

* added default "" to test ecr_image_uri

* fmt tf

* Update modules/lambda-registrator/main.tf

Co-authored-by: Chris Thain <[email protected]>

* added validation test

* fixed tf fmt and made validation test parallel

* removed validation test from basic test

* added test case to validate when privateEcrReponame is set

* updated enable_auto_publish_ecr_image var description

* fixed tf fmt

* Update modules/lambda-registrator/variables.tf

Co-authored-by: Chris Thain <[email protected]>

* changed consul_image version in basic_test

---------

Co-authored-by: Chris Thain <[email protected]>

* Update to use CRT prepare workflow

This update, moves consul-dataplane to use the prepare workflow. This workflow encapsulates several previous workflows, running jobs in parallel to reduce the artifact processing time. See https://hashicorp.atlassian.net/wiki/spaces/RELENG/pages/2489712686/Dec+7th+2022+-+Introducing+the+new+Prepare+workflow for more info.

* [COMPLIANCE] Add Copyright and License Headers (#83)

Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com>

* Bump golang.org/x/net from 0.7.0 to 0.17.0 in /test/acceptance (#85)

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.7.0 to 0.17.0.
- [Commits](golang/net@v0.7.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* NET-7753 - Support for arm64 builds (#90)

* support for arm64 init

* fix runs on

* fix runs on

* fix lint-consul-retry

* removed arch

* add self hosted machine

* fix os

* fix platform

* fix -race

* session manager fix

* unzip with overwrite flag

* fix vpc issue

* arm self hosted

* remvoed -override

* using docker/setup-qemu-action (#91)

* using docker/setup-qemu-action

* minor fix

* minor fix

* minor fix

* refactor

* added emulation to terrafrom-ci

* remveod unused env variable

* changed working directory for unit tests

* not pushing arm image to hashicorpdev

* building arm and amd binaries for extension and lambda for acc test

* minor workflow fix

* temp change

* passing arch to lambda funcs

* fmt tf

* passing arch through preexisting lambda

* fix tf

* changed lambda runtime

* changed lambda binary name bootstrap

* fix go build

* reverted extension build changes

* increased lambda timeout

* removed timeout from lambda func

* fmt tf

* changed lambda handler

* updated aws -lambda-go lib

* minor refactor

* removed unused step matrix strategy and added some comments

* setting unique name for private ecr repo

* setting arch for buildig registrator image

* temp fix

* building arm

* docker buildx setup

* fixed docker build

* fix makefile

* fix makefile

* bumped aws-lambda-go lib version

* temp fix

* makefile change

* test

* modifief registrator tf to support arch

* added back other tc

* increased timeout

* changhed timeout

* adjusted timeout

* increased timeout

* bumped consul image version

* removed emulation from acc test

* fix tf ci

* fix tf ci

* increased lambda timeout

* increade timeout

* making registrator amd64

* temp removed arm regist

* readded emulation

* reverted some changes

* restored eralier version of consul

* added arm reg

* passed arch to reg

* tf fmt

* removed arch in ecr tf

* removed arch

* only amd

* add max paralle 1

* fix arch

* fix makefile

* added buildx

* added back emulation

* max p 1

* only arm

* increase timeout

* dummy commit to trigger CI

* using different docker tga

* fix arch in docker tag

* docker push correct arch

* fix output

* fix image tag

* fixed arch var

* added multiarch build

* fmt tf

* fix docker build

* build fix

* increased timeout

* skipped test

* removed arch unit tests

* removed specifying arch in registrator module

* removed passing arch to registrator

* readded reg arch

* fixed p[assing arch

* reenabled arm test for autopublish

* fmt tf

* fixed validation

---------

Co-authored-by: aahel <[email protected]>

* prerelease version change

* updated changelog

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: Chris Thain <[email protected]>
Co-authored-by: Ryan Eskin <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: AJ Sanon <[email protected]>
Co-authored-by: Chris Thain <[email protected]>
Co-authored-by: Sarah Thompson <[email protected]>
Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com>
Co-authored-by: Ashesh Vidyut <[email protected]>

Author: 8 people

.github/workflows/bin-ci.yml

@@ -13,26 +13,13 @@ jobs:
       - name: Lint workflow
         uses: docker://docker.mirror.hashicorp.services/rhysd/actionlint:latest
   get-go-version:
-    name: "Determine Go toolchain version"
-    defaults:
-      run:
-        working-directory: ./consul-lambda
-    runs-on: ubuntu-latest
-    needs:
-      - action-lint
-    outputs:
-      go-version: ${{ steps.get-go-version.outputs.go-version }}
-    steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
-      - name: Determine Go version
-        id: get-go-version
-        run: |
-          echo "Building with Go $(cat .go-version)"
-          echo "go-version=$(cat .go-version)" >> "$GITHUB_OUTPUT"
+    needs: action-lint
+    uses: ./.github/workflows/reusable-get-go-version.yml
   lint:
     defaults:
       run:
-        working-directory: ./consul-lambda/consul-lambda-registrator
+        # run lint inside ./consul-lambda
+        working-directory: ./consul-lambda
     runs-on: ubuntu-latest
     needs:
       - get-go-version
@@ -51,7 +38,8 @@ jobs:
         only-new-issues: false
         skip-pkg-cache: true
         skip-build-cache: true
-        working-directory: ./consul-lambda/consul-lambda-registrator
+        # run lint inside ./consul-lambda
+        working-directory: ./consul-lambda
 
   test:
     name: unit test (consul-version=${{ matrix.consul-version }})
@@ -64,7 +52,8 @@ jobs:
       - get-go-version
     defaults:
       run:
-        working-directory: ./consul-lambda/consul-lambda-registrator
+        # run all tests inside ./consul-lambda
+        working-directory: ./consul-lambda
     env:
       TEST_RESULTS_DIR: /tmp/test-results
       GOTESTSUM_VERSION: 1.8.0
@@ -110,4 +99,4 @@ jobs:
     - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
       with:
         name: test-results
-        path: ${{ env.TEST_RESULTS_DIR }}/${{ matrix.consul-version }}
+        path: ${{ env.TEST_RESULTS_DIR }}/${{ matrix.consul-version }}

.github/workflows/build.yml

@@ -14,22 +14,8 @@ jobs:
       - name: Lint workflow
         uses: docker://docker.mirror.hashicorp.services/rhysd/actionlint:latest
   get-go-version:
-    name: "Determine Go toolchain version"
-    defaults:
-      run:
-        working-directory: ./consul-lambda
-    runs-on: ubuntu-latest
     needs: action-lint
-    outputs:
-      go-version: ${{ steps.get-go-version.outputs.go-version }}
-    steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
-      - name: Determine Go version
-        id: get-go-version
-        run: |
-          echo "Building with Go $(cat .go-version)"
-          echo "go-version=$(cat .go-version)" >> "$GITHUB_OUTPUT"
-
+    uses: ./.github/workflows/reusable-get-go-version.yml
   get-product-version:
     defaults:
       run:
@@ -75,12 +61,19 @@ jobs:
           path: ${{ steps.generate-metadata-file.outputs.filepath }}
 
   build-linux:
+    strategy:
+      matrix:
+        goos:
+          - linux
+        goarch:
+          - amd64
+          - arm64
     defaults:
       run:
         working-directory: ./consul-lambda
     env:
-      GOOS: linux
-      GOARCH: amd64
+      GOOS: ${{ matrix.goos }}
+      GOARCH: ${{ matrix.goarch }}
       LDFLAGS: ${{ needs.get-product-version.outputs.ldflags }}
       CGO_ENABLED: 0
     needs:
@@ -122,6 +115,11 @@ jobs:
           path: ./consul-lambda/out/${{ env.EXT_NAME }}_${{ needs.get-product-version.outputs.product-version }}_${{ env.GOOS }}_${{ env.GOARCH }}.zip
 
   build-docker-default:
+    strategy:
+      matrix:
+        goarch:
+          - amd64
+          - arm64
     defaults:
       run:
         working-directory: ./consul-lambda/consul-lambda-registrator
@@ -132,7 +130,7 @@ jobs:
     runs-on: ubuntu-latest
     env:
       version: ${{ needs.get-product-version.outputs.product-version }}
-      arch: amd64
+      arch: ${{ matrix.goarch }}
 
     steps:
       - name: Checkout

.github/workflows/reusable-get-go-version.yml

@@ -0,0 +1,25 @@
+name: get-go-version
+
+on:
+  workflow_call:
+    outputs:
+      go-version:
+        description: "The Go version detected by this workflow"
+        value: ${{ jobs.get-go-version.outputs.go-version }}
+
+jobs:
+  get-go-version:
+    name: "Determine Go toolchain version"
+    defaults:
+      run:
+        working-directory: ./consul-lambda
+    runs-on: ubuntu-latest
+    outputs:
+      go-version: ${{ steps.get-go-version.outputs.go-version }}
+    steps:
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - name: Determine Go version
+        id: get-go-version
+        run: |
+          echo "Building with Go $(cat .go-version)"
+          echo "go-version=$(cat .go-version)" >> "$GITHUB_OUTPUT"

.github/workflows/terraform-ci.yml

@@ -24,26 +24,13 @@ jobs:
     - name: Checkout
       uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
     - name: Setup Terraform
-      uses: hashicorp/setup-terraform@v1
+      uses: hashicorp/setup-terraform@633666f66e0061ca3b725c73b2ec20cd13a8fdd1 # v2.0.3
       with:
         terraform_version: v1.3.1
     - name: Validate
       run: terraform fmt -check -recursive .
   get-go-version:
-    name: "Determine Go toolchain version"
-    defaults:
-      run:
-        working-directory: ./consul-lambda
-    runs-on: ubuntu-latest
-    outputs:
-      go-version: ${{ steps.get-go-version.outputs.go-version }}
-    steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
-      - name: Determine Go version
-        id: get-go-version
-        run: |
-          echo "Building with Go $(cat .go-version)"
-          echo "go-version=$(cat .go-version)" >> "$GITHUB_OUTPUT"
+    uses: ./.github/workflows/reusable-get-go-version.yml
   go-test-lint:
     runs-on: ubuntu-latest
     defaults:
@@ -73,13 +60,21 @@ jobs:
         skip-build-cache: true
         working-directory: ./test/acceptance
   acceptance:
+    strategy:
+      matrix:
+        platform:
+          - {goos: "linux", goarch: "amd64"}
+          - {goos: "linux", goarch: "arm64"}
     runs-on: ubuntu-latest
     defaults:
       run:
         working-directory: ./test/acceptance
     env:
       TEST_RESULTS: /tmp/test-results
       GOTESTSUM_VERSION: 1.8.0
+      OS: ${{ matrix.platform.goos }}
+      ARCH: ${{ matrix.platform.goarch }}
+      SESSION_MANAGER: ubuntu_64bit
     needs:
       - action-lint
       - go-test-lint
@@ -92,6 +87,8 @@ jobs:
       with:
         go-version: ${{ needs.get-go-version.outputs.go-version }}
         cache-dependency-path: ./test/acceptance/go.sum
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@2a1a44ac4aa01993040736bd95bb470da1a38365 # v2.9.0
     - name: Setup gotestsum
       shell: bash
       run: |
@@ -101,7 +98,7 @@ jobs:
     - name: Install dependencies
       run: |
         sudo apt-get install -y expect
-        curl "https://s3.amazonaws.com/session-manager-downloads/plugin/latest/ubuntu_64bit/session-manager-plugin.deb" -o "session-manager-plugin.deb"
+        curl "https://s3.amazonaws.com/session-manager-downloads/plugin/latest/${{ env.SESSION_MANAGER }}/session-manager-plugin.deb" -o "session-manager-plugin.deb"
         sudo dpkg -i session-manager-plugin.deb
     - name: Configure AWS
       # Environment variables for IAM roles are unsupported: https://github.com/aws/aws-cli/issues/5639
@@ -115,14 +112,11 @@ jobs:
       run: |
         cd setup-terraform
         terraform init
-        terraform apply -auto-approve
+        terraform apply -var arch="${{matrix.platform.goarch}}" -auto-approve
     - name: Run acceptance tests
       run: |
         mkdir -p "$TEST_RESULTS"
         gotestsum \
-          --rerun-fails=2 \
-          --rerun-fails-max-failures=2 \
-          --rerun-fails-report "$TEST_RESULTS/gotestsum-rerun-fails" \
           --packages "./..." \
           --junitfile "$TEST_RESULTS/gotestsum-report.xml" \
           --format standard-verbose -- \
@@ -132,13 +126,8 @@ jobs:
       with:
         name: acceptance-test-results
         path: ${{ env.TEST_RESULTS }}/gotestsum-report.xml
-    - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
-      if: always()
-      with:
-        name: acceptance-test-flakes
-        path: ${{ env.TEST_RESULTS }}/gotestsum-rerun-fails
     - name: terraform destroy
       if: always()
       run: |
         cd setup-terraform
-        terraform destroy -auto-approve
+        terraform destroy -auto-approve

.release/ci.hcl

@@ -33,97 +33,20 @@ event "build" {
   }
 }
 
-event "upload-dev" {
+event "prepare" {
   depends = ["build"]
-  action "upload-dev" {
+  action "prepare" {
     organization = "hashicorp"
-    repository = "crt-workflows-common"
-    workflow = "upload-dev"
-    depends = ["build"]
-  }
-
-  notification {
-    on = "fail"
-  }
-}
-
-event "security-scan-binaries" {
-  depends = ["upload-dev"]
-  action "security-scan-binaries" {
-    organization = "hashicorp"
-    repository = "crt-workflows-common"
-    workflow = "security-scan-binaries"
-    config = "security-scan.hcl"
-  }
-
-  notification {
-    on = "fail"
-  }
-}
-
-event "security-scan-containers" {
-  depends = ["security-scan-binaries"]
-  action "security-scan-containers" {
-    organization = "hashicorp"
-    repository = "crt-workflows-common"
-    workflow = "security-scan-containers"
-    config = "security-scan.hcl"
+    repository   = "crt-workflows-common"
+    workflow     = "prepare"
+    depends      = ["build"]
   }
 
   notification {
     on = "fail"
   }
 }
 
-event "sign" {
-  depends = ["security-scan-containers"]
-  action "sign" {
-    organization = "hashicorp"
-    repository = "crt-workflows-common"
-    workflow = "sign"
-  }
-
-  notification {
-    on = "fail"
-  }
-}
-
-event "verify" {
-  depends = ["sign"]
-  action "verify" {
-    organization = "hashicorp"
-    repository = "crt-workflows-common"
-    workflow = "verify"
-  }
-
-  notification {
-    on = "fail"
-  }
-}
-
-event "promote-dev-docker" {
-  depends = ["verify"]
-  action "promote-dev-docker" {
-    organization = "hashicorp"
-    repository = "crt-workflows-common"
-    workflow = "promote-dev-docker"
-    depends = ["verify"]
-  }
-
-  notification {
-    on = "fail"
-  }
-}
-
-event "fossa-scan" {
-  depends = ["promote-dev-docker"]
-  action "fossa-scan" {
-    organization = "hashicorp"
-    repository = "crt-workflows-common"
-    workflow = "fossa-scan"
-  }
-}
-
 ## These are promotion and post-publish events
 ## they should be added to the end of the file after the verify event stanza.
 

CHANGELOG.md

@@ -1,10 +1,22 @@
+## 0.1.0-beta5 (Mar 04, 2024)
+
+FEATURES
+* Add support for storing parameter values greater than 4 KB. The `lambda-registrator` module and source code have been updated to accept a configurable value for the [SSM parameter tier](https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-advanced-parameters.html). This allows users to choose if they want to use the `Advanced` tier feature. Charges apply for the `Advanved` tier so if the tier is not expressly set to `Advanced`, then the `Standard` tier will be used. Using the `Advanced` tier allows for parameter values up to 8 KB. The Lambda-registrator Terraform module can be configured using the new `consul_extension_data_tier` variable.
+  [[GH-78]](https://github.com/hashicorp/terraform-aws-consul-lambda/pull/78)
+
+* Add support for pushing `consul-lambda-registrator` public image to private ecr repo through terraform.
+  [[GH-82]](https://github.com/hashicorp/terraform-aws-consul-lambda/pull/82)
+
+* Add  arm64 support to `consul-lambda-registrator` and `consul-lambda-extension`.
+  [[GH-90]](https://github.com/hashicorp/terraform-aws-consul-lambda/pull/90)
+
 ## 0.1.0-beta4 (Apr 28, 2023)
 
-IMPROVEMENTS:
+IMPROVEMENTS
 * Pin the version of the `terraform-aws-modules/eventbridge/aws` module to v1.17.3. This ensures the selection of the eventbridge module is deterministic when using the `lambda-registrator` Terraform module.
   [[GH-70]](https://github.com/hashicorp/terraform-aws-consul-lambda/pull/70)
 
-BUG FIXES:
+BUG FIXES
 * Disable Cgo compilation for Lambda registrator and extension. Compiling without `CGO_ENABLED=0` on Go 1.20 [causes an issue](https://github.com/hashicorp/terraform-aws-consul-lambda/issues/57) that does not allow Lambda registrator or the Lambda extension to execute within the AWS Lambda runtime.
   [[GH-68]](https://github.com/hashicorp/terraform-aws-consul-lambda/pull/68)
 
@@ -19,7 +31,7 @@ BREAKING CHANGES
 FEATURES
 * Update minimum go version for project to 1.20 [[GH-1908]](https://github.com/hashicorp/terraform-aws-consul-lambda/pull/54)
 
-BUG FIXES:
+BUG FIXES
 * Security:
     * Upgrade to use Go 1.20.1 This resolves vulnerabilities [CVE-2022-41724](https://go.dev/issue/58001) in `crypto/tls` and [CVE-2022-41723](https://go.dev/issue/57855) in `net/http`. [[GH-1908]](https://github.com/hashicorp/terraform-aws-consul-lambda/pull/54)