fix: upgrade crypto [IAC-3169] #20
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build TF Provider | |
on: [push] | |
jobs: | |
build: | |
# we need to use the same Ubuntu version as our final Docker (base) image | |
# is using in order to match glibc versions. We need glibc because we | |
# compile a dynamically-linked binary with boringcrypto. | |
runs-on: ubuntu-20.04 | |
steps: | |
# https://github.com/orgs/community/discussions/25678#discussioncomment-5242449 | |
- name: Delete huge unnecessary tools folder | |
run: rm -rf /opt/hostedtoolcache | |
- uses: actions/checkout@v4 | |
- name: Setup Go | |
uses: actions/setup-go@v4 | |
with: | |
go-version: 1.21.3 | |
- name: Install C toolchain | |
run: | | |
sudo apt-get update | |
sudo apt install -y gcc-x86-64-linux-gnu | |
mkdir bin | |
- name: Cache Binaries | |
uses: actions/cache@v2 | |
env: | |
cache-name: cache-binaries | |
with: | |
path: bin | |
key: ${{ github.sha }} | |
restore-keys: ${{ github.sha }} | |
- name: Build Linux x86_64 binary with Boringcrypto | |
run: | | |
CC=x86_64-linux-gnu-gcc CGO_ENABLED=1 GOARCH=amd64 GOOS=linux GOEXPERIMENT=boringcrypto \ | |
go build -o bin/terraform-provider-aws.linux.amd64 . | |
- name: Verify Boringcrypto | |
run: | | |
go run rsc.io/goversion@master -crypto bin/terraform-provider-aws.linux.amd64 | grep -q '(boring crypto)' | |
# boringcrypto isn't available for darwin, so we can also disable CGO. | |
- name: Build Darwin arm64 binary without Boringcrypto | |
run: | | |
CGO_ENABLED=0 GOARCH=arm64 GOOS=darwin \ | |
go build -o bin/terraform-provider-aws.darwin.arm64 . | |
- name: Build Darwin x86_64 binary without Boringcrypto | |
run: | | |
CGO_ENABLED=0 GOARCH=amd64 GOOS=darwin \ | |
go build -o bin/terraform-provider-aws.darwin.amd64 . | |
release: | |
runs-on: ubuntu-latest | |
needs: build | |
if: github.ref == 'refs/heads/snyk' | |
permissions: | |
contents: write | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Cache Binaries | |
uses: actions/cache@v2 | |
env: | |
cache-name: cache-binaries | |
with: | |
path: bin | |
key: ${{ github.sha }} | |
restore-keys: ${{ github.sha }} | |
- name: Create Release | |
uses: ncipollo/release-action@v1 | |
with: | |
tag: v0.0.0-${{ github.sha }} | |
commit: ${{ github.sha }} | |
artifacts: bin/terraform-provider-aws.*.* | |
makeLatest: true |