Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: build windows and linux binaries with fips enabled Microsoft Go Fork #4770

Merged
merged 1 commit into from
Aug 11, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 0 additions & 1 deletion .circleci/chocolatey.config
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,5 @@
<package id="maven" version="3.8.2" />
<package id="make" version="4.4.1" />
<package id="gradle" version="8.1.1" />
<package id="go" version="1.20.6" />
<package id="python3" version="3.11.4" />
</packages>
212 changes: 150 additions & 62 deletions .circleci/config.yml
Original file line number Diff line number Diff line change
@@ -1,9 +1,28 @@
version: '2.1'

parameters:
go_download_base_url:
type: string
default: 'https://storage.googleapis.com/golang/'
fips_go_download_base_url:
type: string
default: 'https://aka.ms/golang/release/latest/'
go_version:
type: string
# https://go.dev/doc/devel/release
default: '1.20.6'
aws_version:
type: string
# https://github.com/aws/aws-cli/blob/v2/CHANGELOG.rst
default: '2.4.12'
gh_version:
type: string
# https://github.com/cli/cli/releases
default: '2.7.0'

orbs:
prodsec: snyk/prodsec-orb@1.0
snyk: snyk/snyk@1.7.0
go: circleci/go@1.7.1
win: circleci/windows@5.0
aws-cli: circleci/aws-cli@2.0.3
gh: circleci/github-cli@2.1.0
Expand All @@ -22,11 +41,6 @@ executors:
- image: bastiandoetsch209/cli-build-arm64:20230806-080507
working_directory: /mnt/ramdisk/snyk
resource_class: arm.large
linux-amd64:
machine:
image: ubuntu-2204:2023.02.1
working_directory: /mnt/ramdisk/snyk
resource_class: large
linux-ubuntu-mantic-amd64:
docker:
- image: ubuntu:mantic
Expand Down Expand Up @@ -77,8 +91,63 @@ executors:
# https://circleci.com/docs/2.0/testing-ios/#supported-xcode-versions
xcode: '14.3.1'
resource_class: macos.m1.large.gen1
win-amd64:
machine:
image: windows-server-2022-gui:2023.07.1
resource_class: windows.large
shell: powershell

commands:
install-go:
parameters:
go_os:
type: string
go_target_os:
type: string
go_arch:
type: string
base_url:
type: string
extraction_path:
type: string
cache_key_file:
type: string
default: go_cache_key.txt
steps:
- run:
name: Create Cache Key
command: |
echo << parameters.extraction_path >>-<< parameters.base_url >>-<< parameters.go_target_os >>-<< parameters.go_arch >>-<< pipeline.parameters.go_version >> > << parameters.cache_key_file >>
cat << parameters.cache_key_file >>
- restore_cache:
name: Restoring go binary cache
keys:
- go-binary-cache-{{ checksum "<< parameters.cache_key_file >>" }}
- run:
name: Download go binary
command: python ./scripts/download_go.py << pipeline.parameters.go_version >> --go_os=<< parameters.go_os >> --go_arch=<< parameters.go_arch >> --base_url=<< parameters.base_url >> --extraction_path=<< parameters.extraction_path >>
- save_cache:
name: Caching go binary
key: go-binary-cache-{{ checksum "<< parameters.cache_key_file >>" }}
paths:
- << parameters.extraction_path >>/go
- unless:
condition:
equal: ['windows', << parameters.go_os >>]
steps:
- run:
name: Add go binary to PATH
command: echo "export PATH=$(realpath << parameters.extraction_path >>/go/bin):\$PATH" >> "$BASH_ENV"
- when:
condition:
equal: ['windows', << parameters.go_os >>]
steps:
- run:
name: Add go binary to PATH
command: |
New-Item -Path $profile -ItemType File -Force
'$Env:Path = "<< parameters.extraction_path >>\go\bin;" + $Env:Path' >> $profile

install-deps-windows-full:
steps:
- restore_cache:
Expand Down Expand Up @@ -158,20 +227,6 @@ commands:
- attach_workspace:
at: .

parameters:
go_version:
type: string
# https://go.dev/doc/devel/release
default: '1.20.6'
aws_version:
type: string
# https://github.com/aws/aws-cli/blob/v2/CHANGELOG.rst
default: '2.4.12'
gh_version:
type: string
# https://github.com/cli/cli/releases
default: '2.7.0'

####################################################################################################
# WORKFLOWS
####################################################################################################
Expand Down Expand Up @@ -214,49 +269,94 @@ workflows:

- build-artifact:
name: build linux amd64
go_target_os: linux
go_os: linux
go_arch: amd64
go_download_base_url: << pipeline.parameters.go_download_base_url >>
executor: docker-amd64
artifact: snyk-linux
requires:
- prepare-build

- build-artifact:
name: build linux arm64
go_target_os: linux
go_os: linux
go_arch: arm64
go_download_base_url: << pipeline.parameters.go_download_base_url >>
executor: docker-arm64
artifact: snyk-linux-arm64
requires:
- prepare-build

- build-artifact:
name: build alpine amd64
go_os: alpine
go_target_os: alpine
go_os: linux
go_arch: amd64
go_download_base_url: << pipeline.parameters.go_download_base_url >>
executor: docker-amd64
artifact: snyk-alpine
c_compiler: /usr/bin/musl-gcc
requires:
- prepare-build

- build-artifact:
name: build macOS amd64
go_target_os: darwin
go_os: darwin
go_arch: amd64
go_download_base_url: << pipeline.parameters.go_download_base_url >>
executor: macos-amd64
artifact: snyk-macos
requires:
- prepare-build

- build-windows-artifact:
context: snyk-windows-signing
- build-artifact:
name: build windows amd64
go_target_os: windows
go_os: windows
go_arch: amd64
go_download_base_url: << pipeline.parameters.go_download_base_url >>
install_deps_extension: windows-full
install_path: 'C:\'
executor: win-amd64
context: snyk-windows-signing
requires:
- prepare-build

# - build-artifact:
# name: build windows amd64
# go_target_os: windows
# go_os: windows
# go_arch: amd64
# go_download_base_url: << pipeline.parameters.fips_go_download_base_url >>
# make_target: build-fips
# install_deps_extension: windows-full
# install_path: 'C:\'
# executor: win-amd64
# context: snyk-windows-signing
# requires:
# - prepare-build
#
# - build-artifact:
# name: fips build linux amd64
# go_target_os: linux
# go_os: linux
# go_arch: amd64
# go_download_base_url: << pipeline.parameters.fips_go_download_base_url >>
# make_target: build-fips
# executor: docker-amd64
# requires:
# - prepare-build
#
# - build-artifact:
# name: fips build linux arm64
# go_target_os: linux
# go_os: linux
# go_arch: arm64
# go_download_base_url: << pipeline.parameters.fips_go_download_base_url >>
# make_target: build-fips
# executor: docker-arm64
# requires:
# - prepare-build

- regression-tests:
name: regression-tests
context: nodejs-install
Expand Down Expand Up @@ -515,7 +615,7 @@ jobs:
command: |
npm run lint
pushd cliv2
make lint configure
make lint
popd
- snyk/scan:
fail-on-issues: true
Expand All @@ -540,7 +640,7 @@ jobs:
- run:
name: Running Go unit tests
working_directory: ./cliv2
command: make configure whiteboxtest
command: make whiteboxtest
- run:
name: Running Tap tests
command:
Expand All @@ -563,60 +663,48 @@ jobs:
- binary-releases/snyk-fix.tgz
- binary-releases/snyk-protect.tgz

build-windows-artifact:
parameters:
go_os:
type: string
go_arch:
type: string
executor:
name: win/default
size: large
steps:
- prepare-workspace
- install-deps-windows-full
- run:
name: Build Windows
shell: powershell
command: make build GOOS=windows GOARCH=amd64
environment:
CGO_ENABLED: 1
- store_artifacts:
path: binary-releases
- persist_to_workspace:
root: .
paths:
- binary-releases/snyk-*
- binary-releases/version

build-artifact:
parameters:
go_os:
type: string
go_target_os:
type: string
go_arch:
type: string
c_compiler:
type: string
default: ''
executor:
type: string
artifact:
go_download_base_url:
type: string
make_target:
type: string
default: 'build'
install_deps_extension:
type: string
default: 'noop'
install_path:
type: string
default: '.'
executor: << parameters.executor >>
environment:
HOSTTYPE: << parameters.go_arch >>
steps:
- prepare-workspace
- go/install:
version: << pipeline.parameters.go_version >>
- install-deps-<< parameters.install_deps_extension >>
- install-go:
go_os: << parameters.go_os >>
go_target_os: << parameters.go_target_os >>
go_arch: << parameters.go_arch >>
base_url: << parameters.go_download_base_url >>
extraction_path: << parameters.install_path >>
- restore_cache:
key: go-build-{{ arch }}-{{ checksum "cliv2/go.sum" }}
- run:
name: Build << parameters.go_os >>/<< parameters.go_arch >>
name: Build << parameters.go_target_os >>/<< parameters.go_arch >>
environment:
CC: << parameters.c_compiler >>
CGO_ENABLED: 1
command: make build GOOS=<< parameters.go_os >> GOARCH=<< parameters.go_arch >>
command: make << parameters.make_target >> GOOS=<< parameters.go_target_os >> GOARCH=<< parameters.go_arch >>
- save_cache:
key: go-build-{{ arch }}-{{ checksum "cliv2/go.sum" }}
paths: [/home/circleci/go/pkg/mod]
Expand Down
Loading