Merge branch 'main' into jm/rmv-go-tests

.circleci/config.yml

@@ -804,12 +804,6 @@ jobs:
       - run: "echo ok"
 
 workflows:
-  version: 2
-  # verify-ci is a no-op workflow that must run on every PR. It is used in a
-  # branch protection rule to detect when CI workflows are not running.
-  verify-ci:
-    jobs: [noop]
-
   build-distros:
     jobs:
       - check-go-mod: &filter-ignore-non-go-branches

.github/scripts/get_runner_classes.sh

@@ -13,7 +13,8 @@ case "$GITHUB_REPOSITORY" in
         echo "compute-small=['self-hosted', 'linux', 'small']" >> "$GITHUB_OUTPUT"
         echo "compute-medium=['self-hosted', 'linux', 'medium']" >> "$GITHUB_OUTPUT"
         echo "compute-large=['self-hosted', 'linux', 'large']" >> "$GITHUB_OUTPUT"
-        echo "compute-xl=['self-hosted', 'ondemand', 'linux', 'type=m5.2xlarge']" >> "$GITHUB_OUTPUT"
+        # m5d.8xlarge is equivalent to our xl custom runner in OSS
+        echo "compute-xl=['self-hosted', 'ondemand', 'linux', 'type=m5d.8xlarge']" >> "$GITHUB_OUTPUT"
         ;;
     *)
         # shellcheck disable=SC2129

.github/workflows/build-artifacts.yml

@@ -32,7 +32,7 @@ jobs:
 
   dev-build-push:
     needs: setup
-    runs-on: ${{ fromJSON(needs.setup.outputs.compute-medium) }}
+    runs-on: ${{ fromJSON(needs.setup.outputs.compute-large) }}
     permissions:
       id-token: write # NOTE: this permission is explicitly required for Vault auth.
       contents: read
@@ -95,3 +95,29 @@ jobs:
         tags: |
           hashicorpdev/${{ github.event.repository.name }}:${{ env.SHORT_SHA }}
           hashicorpdev/${{ github.event.repository.name }}:latest
+
+  # This is job is required for branch protection as a required gihub check
+  # because GitHub actions show up as checks at the job level and not the
+  # workflow level.  This is currently a feature request:
+  # https://github.com/orgs/community/discussions/12395
+  #
+  # This job must:
+  # - be placed after the fanout of a workflow so that everything fans back in
+  #   to this job.
+  # - "need" any job that is part of the fan out / fan in
+  # - implement the if logic because we have conditional jobs 
+  #   (go-test-enteprise) that this job needs and this would potentially get 
+  #   skipped if a previous job got skipped.  So we use the if clause to make 
+  # sure it does not get skipped.
+
+  build-artifacts-success:
+    needs: 
+    - setup
+    - dev-build-push
+    runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }}
+    if: |
+      (always() && ! cancelled()) &&
+      !contains(needs.*.result, 'failure') &&
+      !contains(needs.*.result, 'cancelled')
+    steps:
+      - run: echo "build-artifacts succeeded"

.github/workflows/build-distros.yml

@@ -2,11 +2,20 @@
 # It is aimed at checking new commits don't introduce any breaking build changes.
 name: build-distros
 
-on: [pull_request]
+on: 
+  pull_request:
+  push:
+    branches:
+      # Push events on the main branch
+      - main
+      - release/**
 
 permissions:
   contents: read
 
+env:
+  GOTAGS: ${{ endsWith(github.repository, '-enterprise') && 'consulent' || '' }}
+
 jobs:
   setup:
     name: Setup
@@ -38,7 +47,7 @@ jobs:
     - check-go-mod
     env:
       XC_OS: "freebsd linux windows"
-    runs-on: ${{ fromJSON(needs.setup.outputs.compute-medium) }}
+    runs-on: ${{ fromJSON(needs.setup.outputs.compute-xl) }}
     steps:
     - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # [email protected]
 
@@ -53,7 +62,7 @@ jobs:
     - name: Build
       run: |
         for os in $XC_OS; do
-          GOOS="$os" GOARCH=386 CGO_ENABLED=0 go build
+          GOOS="$os" GOARCH=386 CGO_ENABLED=0 go build -tags "${{ env.GOTAGS }}"
         done
 
   build-amd64:
@@ -62,7 +71,7 @@ jobs:
     - check-go-mod
     env:
       XC_OS: "darwin freebsd linux solaris windows"
-    runs-on: ${{ fromJSON(needs.setup.outputs.compute-medium) }}
+    runs-on: ${{ fromJSON(needs.setup.outputs.compute-xl) }}
     steps:
     - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # [email protected]
 
@@ -77,14 +86,14 @@ jobs:
     - name: Build
       run: |
         for os in $XC_OS; do
-          GOOS="$os" GOARCH=amd64 CGO_ENABLED=0 go build
+          GOOS="$os" GOARCH=amd64 CGO_ENABLED=0 go build -tags "${{ env.GOTAGS }}"
         done
 
   build-arm:
     needs:
     - setup 
     - check-go-mod
-    runs-on: ${{ fromJSON(needs.setup.outputs.compute-medium) }}
+    runs-on: ${{ fromJSON(needs.setup.outputs.compute-xl) }}
     env:
       CGO_ENABLED: 1
       GOOS: linux
@@ -103,6 +112,35 @@ jobs:
     - run: |
         sudo apt-get update --allow-releaseinfo-change-suite --allow-releaseinfo-change-version && sudo apt-get install -y gcc-arm-linux-gnueabi gcc-arm-linux-gnueabihf gcc-aarch64-linux-gnu
 
-    - run: CC=arm-linux-gnueabi-gcc GOARCH=arm GOARM=5 go build
-    - run: CC=arm-linux-gnueabihf-gcc GOARCH=arm GOARM=6 go build
-    - run: CC=aarch64-linux-gnu-gcc GOARCH=arm64 go build
+    - run: CC=arm-linux-gnueabi-gcc GOARCH=arm GOARM=5 go build -tags "${{ env.GOTAGS }}"
+    - run: CC=arm-linux-gnueabihf-gcc GOARCH=arm GOARM=6 go build -tags "${{ env.GOTAGS }}"
+    - run: CC=aarch64-linux-gnu-gcc GOARCH=arm64 go build -tags "${{ env.GOTAGS }}"
+
+  # This is job is required for branch protection as a required gihub check
+  # because GitHub actions show up as checks at the job level and not the
+  # workflow level.  This is currently a feature request:
+  # https://github.com/orgs/community/discussions/12395
+  #
+  # This job must:
+  # - be placed after the fanout of a workflow so that everything fans back in
+  #   to this job.
+  # - "need" any job that is part of the fan out / fan in
+  # - implement the if logic because we have conditional jobs 
+  #   (go-test-enteprise) that this job needs and this would potentially get 
+  #   skipped if a previous job got skipped.  So we use the if clause to make 
+  # sure it does not get skipped.
+
+  build-distros-success:
+    needs: 
+    - setup
+    - check-go-mod
+    - build-386
+    - build-amd64
+    - build-arm
+    runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }}
+    if: |
+      (always() && ! cancelled()) &&
+      !contains(needs.*.result, 'failure') &&
+      !contains(needs.*.result, 'cancelled')
+    steps:
+      - run: echo "build-distros succeeded"

.github/workflows/frontend.yml

@@ -104,3 +104,31 @@ jobs:
 
     - working-directory: ui/packages/consul-ui
       run: make test-coverage-ci
+
+  # This is job is required for branch protection as a required gihub check
+  # because GitHub actions show up as checks at the job level and not the
+  # workflow level.  This is currently a feature request:
+  # https://github.com/orgs/community/discussions/12395
+  #
+  # This job must:
+  # - be placed after the fanout of a workflow so that everything fans back in
+  #   to this job.
+  # - "need" any job that is part of the fan out / fan in
+  # - implement the if logic because we have conditional jobs 
+  #   (go-test-enteprise) that this job needs and this would potentially get 
+  #   skipped if a previous job got skipped.  So we use the if clause to make 
+  # sure it does not get skipped.
+
+  frontend-success:
+    needs: 
+    - setup
+    - workspace-tests
+    - node-tests
+    - ember-build-test
+    runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }}
+    if: |
+      (always() && ! cancelled()) &&
+      !contains(needs.*.result, 'failure') &&
+      !contains(needs.*.result, 'cancelled')
+    steps:
+      - run: echo "frontend succeeded"

.github/workflows/go-tests.yml

@@ -10,6 +10,11 @@ on:
       - 'backport/docs/**'
       - 'backport/ui/**'
       - 'backport/mktg-**'
+  push:
+    branches:
+      # Push events on the main branch
+      - main
+      - release/**
 
 permissions:
   contents: read
@@ -227,6 +232,7 @@ jobs:
       consul-license: ${{secrets.CONSUL_LICENSE}}
 
   go-test-enterprise:
+    if: ${{ endsWith(github.repository, '-enterprise') }}
     needs: 
     - setup   
     - dev-build
@@ -361,3 +367,47 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - run: "echo ok"
+
+  # This is job is required for branch protection as a required gihub check
+  # because GitHub actions show up as checks at the job level and not the
+  # workflow level.  This is currently a feature request:
+  # https://github.com/orgs/community/discussions/12395
+  #
+  # This job must:
+  # - be placed after the fanout of a workflow so that everything fans back in
+  #   to this job.
+  # - "need" any job that is part of the fan out / fan in
+  # - implement the if logic because we have conditional jobs 
+  #   (go-test-enteprise) that this job needs and this would potentially get 
+  #   skipped if a previous job got skipped.  So we use the if clause to make 
+  # sure it does not get skipped.
+
+  go-tests-success:
+    needs: 
+    - setup
+    - check-generated-deep-copy
+    - check-generated-protobuf
+    - check-go-mod
+    - lint-consul-retry
+    - lint-container-test-deps
+    - lint-enums
+    - lint
+    - lint-32bit
+    # - go-test-arm64
+    - go-test-enterprise
+    - go-test-oss 
+    - go-test-race
+    - go-test-envoyextensions
+    - go-test-troubleshoot
+    - go-test-api-1-19
+    - go-test-api-1-20
+    - go-test-sdk-1-19
+    - go-test-sdk-1-20
+    - go-test-32bit
+    runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }}
+    if: |
+      (always() && ! cancelled()) &&
+      !contains(needs.*.result, 'failure') &&
+      !contains(needs.*.result, 'cancelled')
+    steps:
+      - run: echo "go-tests succeeded"

.github/workflows/verify-ci.yml

@@ -8,10 +8,16 @@ name: verify-ci
 permissions:
   contents: read
 
-on: [pull_request]
+on: 
+  pull_request:
+  push:
+    branches:
+      # Push events on the main branch
+      - main
+      - release/**
 
 jobs:
-  noop:
+  verify-ci-success:
     runs-on: ubuntu-latest
     steps:
-    - run: echo "ok"
+    - run: echo "verify-ci succeeded"