ci: build Terraform binaries action (#2684)

Co-authored-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
2024-10-01 01:36:09 -04:00 · 2023-12-07 16:32:03 +01:00 · 2023-12-07 16:32:03 +01:00 · 37cff42bfe
commit 37cff42bfe
parent ac056ae010
4 changed files with 133 additions and 1 deletions
--- a/.github/actions/build_tf_provider/action.yml
+++ b/.github/actions/build_tf_provider/action.yml
@ -0,0 +1,43 @@
+name: Build Terraform provider
+description: |
+  Builds Terraform provider binaries cross platform.
+inputs:
+  targetOS:
+    description: "Build for this OS. [linux, darwin, windows]"
+    required: true
+    default: "linux"
+  targetArch:
+    description: "Build for this architecture. [amd64, arm64]"
+    required: true
+    default: "amd64"
+  outputPath:
+    description: "Output path of the binary"
+    required: false
+runs:
+  using: "composite"
+  steps:
+    # https://github.blog/2022-04-12-git-security-vulnerability-announced/
+    - name: Mark repository safe
+      shell: bash
+      run: |
+        git config --global --add safe.directory /__w/constellation/constellation
+
+    - name: Build Binaries
+      shell: bash
+      env:
+        TARGET_GOOS: ${{ inputs.targetOS }}
+        TARGET_GOARCH: ${{ inputs.targetArch }}
+        OUTPUT_PATH: ${{ inputs.outputPath || format('./build/terraform-provider-constellation-{0}-{1}', inputs.targetOS, inputs.targetArch) }}${{ inputs.targetOS == 'windows' && '.exe' || '' }}
+      run: |
+        echo "::group::Build Terraform provider"
+        mkdir -p "$(dirname "${OUTPUT_PATH}")"
+        label="//terraform-provider-constellation:tf_provider_${TARGET_GOOS}_${TARGET_GOARCH}"
+        bazel build "${label}"
+        repository_root=$(git rev-parse --show-toplevel)
+        out_rel=$(bazel cquery --output=files "${label}")
+        out_loc="$(realpath "${repository_root}/${out_rel}")"
+        cp "${out_loc}" "${OUTPUT_PATH}"
+        chmod +w "${OUTPUT_PATH}"
+        export PATH="$PATH:$(realpath $(dirname "${OUTPUT_PATH}"))"
+        echo "$(realpath $(dirname "${OUTPUT_PATH}"))" >> $GITHUB_PATH
+        echo "::endgroup::"
--- a/.github/workflows/build-binaries.yml
+++ b/.github/workflows/build-binaries.yml
@ -52,3 +52,6 @@ jobs:
            "${disk_mapper}" \
            "${measurement_reader}" \
            "${cli}"
+
+      - name: Build Terraform Provider Binary
+        uses: ./.github/actions/build_tf_provider
--- a/.github/workflows/release-tf-provider.yml
+++ b/.github/workflows/release-tf-provider.yml
@ -0,0 +1,70 @@
+name: Build Terraform provider and prepare release
+
+on:
+  workflow_dispatch:
+    inputs:
+      ref:
+        type: string
+        description: "Git ref to checkout"
+        required: false
+  workflow_call:
+    inputs:
+      ref:
+        type: string
+        description: "Git ref to checkout"
+        required: true
+
+jobs:
+  build-tf-provider:
+    runs-on: ubuntu-22.04
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - arch: amd64
+            os: linux
+
+          - arch: amd64
+            os: darwin
+
+          - arch: amd64
+            os: windows
+
+          - arch: arm64
+            os: linux
+
+          - arch: arm64
+            os: darwin
+    steps:
+      - name: Checkout
+        id: checkout
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+        with:
+          ref: ${{ inputs.ref || github.head_ref }}
+
+      - name: Setup bazel
+        uses: ./.github/actions/setup_bazel_nix
+        with:
+          useCache: "false"
+
+      - name: Build Terraform Provider Binary
+        uses: ./.github/actions/build_tf_provider
+        with:
+          targetOS: ${{ matrix.os }}
+          targetArch: ${{ matrix.arch }}
+
+      - name: Upload Terraform Provider Binary as artifact (unix)
+        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
+        if : ${{ matrix.os != 'windows' }}
+        with:
+          name: terraform-provider-constellation-${{ matrix.os }}-${{ matrix.arch }}
+          path: |
+            build/terraform-provider-constellation-${{ matrix.os }}-${{ matrix.arch }}
+
+      - name: Upload Terraform Provider Binary as artifact (windows)
+        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
+        if : ${{ matrix.os == 'windows' }}
+        with:
+          name: terraform-provider-constellation-${{ matrix.os }}-${{ matrix.arch }}
+          path: |
+            build/terraform-provider-constellation-${{ matrix.os }}-${{ matrix.arch }}.exe
--- a/terraform-provider-constellation/BUILD.bazel
+++ b/terraform-provider-constellation/BUILD.bazel
@ -1,5 +1,5 @@
 load("@aspect_bazel_lib//lib:copy_file.bzl", "copy_file")
-load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
+load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_cross_binary", "go_library")

 # keep
 go_binary(
@ -10,6 +10,22 @@ go_binary(
    visibility = ["//visibility:public"],
 )

+[
+    go_cross_binary(
+        name = "tf_provider_%s" % platform,
+        platform = "@io_bazel_rules_go//go/toolchain:" + platform,
+        target = ":tf_provider",
+        visibility = ["//visibility:public"],
+    )
+    for platform in [
+        "darwin_amd64",
+        "darwin_arm64",
+        "linux_amd64",
+        "linux_arm64",
+        "windows_amd64",
+    ]
+]
+
 go_library(
    name = "terraform-provider-constellation_lib",
    srcs = ["main.go"],