fix: security scanner gh token (#22061) #8484
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright (c) HashiCorp, Inc. | |
| # SPDX-License-Identifier: MPL-2.0 | |
| name: build | |
| on: | |
| push: | |
| # Sequence of patterns matched against refs/heads | |
| branches: | |
| # Push events on the main branch | |
| - main | |
| - release/** | |
| env: | |
| PKG_NAME: consul | |
| # TODO(spatel): CE refactor | |
| METADATA: oss | |
| GOPRIVATE: github.com/hashicorp # Required for enterprise deps | |
| jobs: | |
| get-go-version: | |
| uses: ./.github/workflows/reusable-get-go-version.yml | |
| set-product-version: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| product-version: ${{ steps.set-product-version.outputs.product-version }} | |
| base-product-version: ${{ steps.set-product-version.outputs.base-product-version }} | |
| product-date: ${{ steps.get-product-version.outputs.product-date }} | |
| pre-version: ${{ steps.set-product-version.outputs.prerelease-product-version }} | |
| shared-ldflags: ${{ steps.shared-ldflags.outputs.shared-ldflags }} | |
| steps: | |
| - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
| # action-set-product-version implicitly sets fields like 'product-version' using version/VERSION | |
| # https://github.com/hashicorp/actions-set-product-version | |
| - name: set product version | |
| id: set-product-version | |
| uses: hashicorp/actions-set-product-version@v2 | |
| - name: get product version | |
| id: get-product-version | |
| run: | | |
| CONSUL_DATE=$(build-support/scripts/build-date.sh) | |
| echo "product-date=${CONSUL_DATE}" >> "$GITHUB_OUTPUT" | |
| - name: Set shared -ldflags | |
| id: shared-ldflags | |
| run: | | |
| T="github.com/hashicorp/consul/version" | |
| echo "shared-ldflags=-X ${T}.GitCommit=${GITHUB_SHA::8} \ | |
| -X ${T}.GitDescribe=${{ steps.set-product-version.outputs.product-version }} \ | |
| -X ${T}.BuildDate=${{ steps.get-product-version.outputs.product-date }} \ | |
| " >> "$GITHUB_OUTPUT" | |
| validate-outputs: | |
| needs: set-product-version | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Validate Outputs | |
| run: | | |
| echo "Product Version: ${{ needs.set-product-version.outputs.product-version }}" | |
| echo "Base Product Version: ${{ needs.set-product-version.outputs.base-product-version }}" | |
| echo "Product Metadata: ${{ env.METADATA }}" | |
| echo "Product Date: ${{ needs.set-product-version.outputs.product-date }}" | |
| echo "Prerelease Version: ${{ needs.set-product-version.outputs.pre-version }}" | |
| echo "Ldflags: ${{ needs.set-product-version.outputs.shared-ldflags }}" | |
| generate-metadata-file: | |
| needs: set-product-version | |
| runs-on: ubuntu-latest | |
| outputs: | |
| filepath: ${{ steps.generate-metadata-file.outputs.filepath }} | |
| steps: | |
| - name: 'Checkout directory' | |
| uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
| - name: Generate metadata file | |
| id: generate-metadata-file | |
| uses: hashicorp/actions-generate-metadata@v1 | |
| with: | |
| version: ${{ needs.set-product-version.outputs.product-version }} | |
| product: ${{ env.PKG_NAME }} | |
| - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | |
| with: | |
| name: metadata.json | |
| path: ${{ steps.generate-metadata-file.outputs.filepath }} | |
| build: | |
| needs: | |
| - set-product-version | |
| - get-go-version | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| include: | |
| - {goos: "linux", goarch: "386"} | |
| - {goos: "linux", goarch: "amd64"} | |
| - {goos: "linux", goarch: "arm"} | |
| - {goos: "linux", goarch: "arm64"} | |
| - {goos: "freebsd", goarch: "386"} | |
| - {goos: "freebsd", goarch: "amd64"} | |
| - {goos: "windows", goarch: "386"} | |
| - {goos: "windows", goarch: "amd64"} | |
| - {goos: "solaris", goarch: "amd64"} | |
| fail-fast: true | |
| name: Go ${{ needs.get-go-version.outputs.go-version }} ${{ matrix.goos }} ${{ matrix.goarch }} build | |
| steps: | |
| - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
| - name: Setup with node and yarn | |
| uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 | |
| with: | |
| node-version: '18' | |
| cache: 'yarn' | |
| cache-dependency-path: 'ui/yarn.lock' | |
| - name: Build UI | |
| run: | | |
| CONSUL_VERSION=${{ needs.set-product-version.outputs.product-version }} | |
| CONSUL_DATE=${{ needs.set-product-version.outputs.product-date }} | |
| CONSUL_BINARY_TYPE=${CONSUL_BINARY_TYPE} | |
| CONSUL_COPYRIGHT_YEAR=$(git show -s --format=%cd --date=format:%Y HEAD) | |
| echo "consul_version is ${CONSUL_VERSION}" | |
| echo "consul_date is ${CONSUL_DATE}" | |
| echo "consul binary type is ${CONSUL_BINARY_TYPE}" | |
| echo "consul copyright year is ${CONSUL_COPYRIGHT_YEAR}" | |
| cd ui && make && cd .. | |
| rm -rf agent/uiserver/dist | |
| mv ui/packages/consul-ui/dist agent/uiserver/ | |
| - name: Go Build | |
| env: | |
| PRODUCT_VERSION: ${{ needs.set-product-version.outputs.product-version }} | |
| PRERELEASE_VERSION: ${{ needs.set-product-version.outputs.pre-version }} | |
| CGO_ENABLED: "0" | |
| GOLDFLAGS: "${{needs.set-product-version.outputs.shared-ldflags}}" | |
| uses: hashicorp/actions-go-build@make-clean-flag-optional | |
| with: | |
| product_name: ${{ env.PKG_NAME }} | |
| product_version: ${{ needs.set-product-version.outputs.product-version }} | |
| go_version: ${{ needs.get-go-version.outputs.go-version }} | |
| os: ${{ matrix.goos }} | |
| arch: ${{ matrix.goarch }} | |
| reproducible: nope | |
| clean: false | |
| instructions: |- | |
| cp LICENSE $TARGET_DIR/LICENSE.txt | |
| go build -ldflags="$GOLDFLAGS" -o "$BIN_PATH" -trimpath -buildvcs=false | |
| - name: Copy license file | |
| if: ${{ !endsWith(github.repository, '-enterprise') }} | |
| env: | |
| LICENSE_DIR: ".release/linux/package/usr/share/doc/${{ env.PKG_NAME }}" | |
| run: | | |
| mkdir -p "$LICENSE_DIR" | |
| cp LICENSE "$LICENSE_DIR/LICENSE.txt" | |
| - name: Package | |
| if: ${{ matrix.goos == 'linux' }} | |
| uses: hashicorp/actions-packaging-linux@v1 | |
| with: | |
| name: ${{ github.event.repository.name }} | |
| description: "Consul is a distributed, highly available, and data center aware solution to connect and configure applications across dynamic, distributed infrastructure. " | |
| arch: ${{ matrix.goarch }} | |
| version: ${{ needs.set-product-version.outputs.product-version }} | |
| maintainer: "HashiCorp" | |
| homepage: "https://github.com/hashicorp/consul" | |
| license: "BSL-1.1" | |
| binary: "dist/${{ env.PKG_NAME }}" | |
| deb_depends: "openssl" | |
| rpm_depends: "openssl" | |
| config_dir: ".release/linux/package" | |
| preinstall: ".release/linux/preinstall" | |
| postinstall: ".release/linux/postinstall" | |
| preremove: ".release/linux/preremove" | |
| postremove: ".release/linux/postremove" | |
| - name: Set Package Names | |
| if: ${{ matrix.goos == 'linux' }} | |
| run: | | |
| echo "RPM_PACKAGE=$(basename out/*.rpm)" >> $GITHUB_ENV | |
| echo "DEB_PACKAGE=$(basename out/*.deb)" >> $GITHUB_ENV | |
| - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | |
| if: ${{ matrix.goos == 'linux' }} | |
| with: | |
| name: ${{ env.RPM_PACKAGE }} | |
| path: out/${{ env.RPM_PACKAGE }} | |
| - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | |
| if: ${{ matrix.goos == 'linux' }} | |
| with: | |
| name: ${{ env.DEB_PACKAGE }} | |
| path: out/${{ env.DEB_PACKAGE }} | |
| build-s390x: | |
| needs: | |
| - set-product-version | |
| - get-go-version | |
| if: ${{ endsWith(github.repository, '-enterprise') }} | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| include: | |
| - {goos: "linux", goarch: "s390x"} | |
| fail-fast: true | |
| name: Go ${{ needs.get-go-version.outputs.go-version }} ${{ matrix.goos }} ${{ matrix.goarch }} build | |
| steps: | |
| - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
| - name: Setup with node and yarn | |
| uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 | |
| with: | |
| node-version: '18' | |
| cache: 'yarn' | |
| cache-dependency-path: 'ui/yarn.lock' | |
| - name: Build UI | |
| run: | | |
| CONSUL_VERSION=${{ needs.set-product-version.outputs.product-version }} | |
| CONSUL_DATE=${{ needs.set-product-version.outputs.product-date }} | |
| CONSUL_BINARY_TYPE=${CONSUL_BINARY_TYPE} | |
| CONSUL_COPYRIGHT_YEAR=$(git show -s --format=%cd --date=format:%Y HEAD) | |
| echo "consul_version is ${CONSUL_VERSION}" | |
| echo "consul_date is ${CONSUL_DATE}" | |
| echo "consul binary type is ${CONSUL_BINARY_TYPE}" | |
| echo "consul copyright year is ${CONSUL_COPYRIGHT_YEAR}" | |
| cd ui && make && cd .. | |
| rm -rf agent/uiserver/dist | |
| mv ui/packages/consul-ui/dist agent/uiserver/ | |
| - name: Go Build | |
| env: | |
| PRODUCT_VERSION: ${{ needs.set-product-version.outputs.product-version }} | |
| PRERELEASE_VERSION: ${{ needs.set-product-version.outputs.pre-version }} | |
| CGO_ENABLED: "0" | |
| GOLDFLAGS: "${{needs.set-product-version.outputs.shared-ldflags}}" | |
| uses: hashicorp/actions-go-build@make-clean-flag-optional | |
| with: | |
| product_name: ${{ env.PKG_NAME }} | |
| product_version: ${{ needs.set-product-version.outputs.product-version }} | |
| go_version: ${{ needs.get-go-version.outputs.go-version }} | |
| os: ${{ matrix.goos }} | |
| arch: ${{ matrix.goarch }} | |
| reproducible: nope | |
| clean: false | |
| instructions: |- | |
| cp LICENSE $TARGET_DIR/LICENSE.txt | |
| go build -ldflags="$GOLDFLAGS" -o "$BIN_PATH" -trimpath -buildvcs=false | |
| build-darwin: | |
| needs: | |
| - set-product-version | |
| - get-go-version | |
| runs-on: macos-latest | |
| strategy: | |
| matrix: | |
| goos: [ darwin ] | |
| goarch: [ "amd64", "arm64" ] | |
| fail-fast: true | |
| name: Go ${{ needs.get-go-version.outputs.go-version }} ${{ matrix.goos }} ${{ matrix.goarch }} build | |
| steps: | |
| - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
| - name: Setup with node and yarn | |
| uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 | |
| with: | |
| node-version: '18' | |
| cache: 'yarn' | |
| cache-dependency-path: 'ui/yarn.lock' | |
| - name: Build UI | |
| run: | | |
| CONSUL_VERSION=${{ needs.set-product-version.outputs.product-version }} | |
| CONSUL_BINARY_TYPE=${CONSUL_BINARY_TYPE} | |
| CONSUL_COPYRIGHT_YEAR=$(git show -s --format=%cd --date=format:%Y HEAD) | |
| echo "consul_version is ${CONSUL_VERSION}" | |
| echo "consul binary type is ${CONSUL_BINARY_TYPE}" | |
| echo "consul copyright year is ${CONSUL_COPYRIGHT_YEAR}" | |
| cd ui && make && cd .. | |
| rm -rf agent/uiserver/dist | |
| mv ui/packages/consul-ui/dist agent/uiserver/ | |
| - name: Go Build | |
| env: | |
| PRODUCT_VERSION: ${{ needs.set-product-version.outputs.product-version }} | |
| PRERELEASE_VERSION: ${{ needs.set-product-version.outputs.pre-version }} | |
| CGO_ENABLED: "0" | |
| GOLDFLAGS: "${{needs.set-product-version.outputs.shared-ldflags}}" | |
| uses: hashicorp/actions-go-build@make-clean-flag-optional | |
| with: | |
| product_name: ${{ env.PKG_NAME }} | |
| product_version: ${{ needs.set-product-version.outputs.product-version }} | |
| go_version: ${{ needs.get-go-version.outputs.go-version }} | |
| os: ${{ matrix.goos }} | |
| arch: ${{ matrix.goarch }} | |
| reproducible: nope | |
| clean: false | |
| instructions: |- | |
| cp LICENSE $TARGET_DIR/LICENSE.txt | |
| go build -ldflags="$GOLDFLAGS" -tags netcgo -o "$BIN_PATH" -trimpath -buildvcs=false | |
| build-docker: | |
| name: Docker ${{ matrix.arch }} build | |
| needs: | |
| - set-product-version | |
| - build | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| include: | |
| - { arch: "386" } | |
| - { arch: "arm" } | |
| - { arch: "amd64" } | |
| - { arch: "arm64" } | |
| env: | |
| repo: ${{github.event.repository.name}} | |
| version: ${{needs.set-product-version.outputs.product-version}} | |
| steps: | |
| - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
| # Strip everything but MAJOR.MINOR from the version string and add a `-dev` suffix | |
| # This naming convention will be used ONLY for per-commit dev images | |
| - name: Set docker dev tag | |
| run: | | |
| echo "full_dev_tag=${{ env.version }}" | |
| echo "full_dev_tag=${{ env.version }}" >> $GITHUB_ENV | |
| echo "minor_dev_tag=$(echo ${{ env.version }}| sed -E 's/([0-9]+\.[0-9]+)\.[0-9]+(-[0-9a-zA-Z\+\.]+)?$/\1\2/')" | |
| echo "minor_dev_tag=$(echo ${{ env.version }}| sed -E 's/([0-9]+\.[0-9]+)\.[0-9]+(-[0-9a-zA-Z\+\.]+)?$/\1\2/')" >> $GITHUB_ENV | |
| - name: Docker Build (Action) | |
| uses: hashicorp/actions-docker-build@v2 | |
| with: | |
| version: ${{env.version}} | |
| target: default | |
| arch: ${{matrix.arch}} | |
| tags: | | |
| docker.io/hashicorp/${{env.repo}}:${{env.version}} | |
| public.ecr.aws/hashicorp/${{env.repo}}:${{env.version}} | |
| dev_tags: | | |
| docker.io/hashicorppreview/${{ env.repo }}:${{ env.full_dev_tag }} | |
| docker.io/hashicorppreview/${{ env.repo }}:${{ env.full_dev_tag }}-${{ github.sha }} | |
| docker.io/hashicorppreview/${{ env.repo }}:${{ env.minor_dev_tag }} | |
| docker.io/hashicorppreview/${{ env.repo }}:${{ env.minor_dev_tag }}-${{ github.sha }} | |
| smoke_test: .github/scripts/verify_docker.sh v${{ env.version }} | |
| build-docker-ubi-dockerhub: | |
| name: Docker Build UBI Images | |
| needs: | |
| - set-product-version | |
| - build | |
| runs-on: ubuntu-latest | |
| env: | |
| repo: ${{github.event.repository.name}} | |
| version: ${{needs.set-product-version.outputs.product-version}} | |
| steps: | |
| - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
| # Strip everything but MAJOR.MINOR from the version string and add a `-dev` suffix | |
| # This naming convention will be used ONLY for per-commit dev images | |
| - name: Set docker dev tag | |
| run: | | |
| echo "full_dev_tag=${{ env.version }}" | |
| echo "full_dev_tag=${{ env.version }}" >> $GITHUB_ENV | |
| echo "minor_dev_tag=$(echo ${{ env.version }}| sed -E 's/([0-9]+\.[0-9]+)\.[0-9]+(-[0-9a-zA-Z\+\.]+)?$/\1\2/')" | |
| echo "minor_dev_tag=$(echo ${{ env.version }}| sed -E 's/([0-9]+\.[0-9]+)\.[0-9]+(-[0-9a-zA-Z\+\.]+)?$/\1\2/')" >> $GITHUB_ENV | |
| - uses: hashicorp/actions-docker-build@v2 | |
| with: | |
| version: ${{env.version}} | |
| target: ubi | |
| arch: amd64 | |
| tags: | | |
| docker.io/hashicorp/${{env.repo}}:${{env.version}}-ubi | |
| public.ecr.aws/hashicorp/${{env.repo}}:${{env.version}}-ubi | |
| dev_tags: | | |
| docker.io/hashicorppreview/${{ env.repo }}:${{ env.full_dev_tag }}-ubi | |
| docker.io/hashicorppreview/${{ env.repo }}:${{ env.full_dev_tag }}-ubi-${{ github.sha }} | |
| docker.io/hashicorppreview/${{ env.repo }}:${{ env.minor_dev_tag }}-ubi | |
| docker.io/hashicorppreview/${{ env.repo }}:${{ env.minor_dev_tag }}-ubi-${{ github.sha }} | |
| smoke_test: .github/scripts/verify_docker.sh v${{ env.version }} | |
| redhat_tag: quay.io/redhat-isv-containers/60f9fdbec3a80eac643abedf:${{env.version}}-ubi | |
| verify-linux: | |
| needs: | |
| - set-product-version | |
| - build | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| include: | |
| - { arch: "386" } | |
| - { arch: "arm" } | |
| - { arch: "amd64" } | |
| - { arch: "arm64" } | |
| fail-fast: true | |
| env: | |
| version: ${{ needs.set-product-version.outputs.product-version }} | |
| zip_name: consul_${{ needs.set-product-version.outputs.product-version }}_linux_${{ matrix.arch }}.zip | |
| name: Verify ${{ matrix.arch }} linux binary | |
| steps: | |
| - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
| if: ${{ endsWith(github.repository, '-enterprise') || matrix.arch != 's390x' }} | |
| - name: Download ${{ matrix.arch }} zip | |
| if: ${{ endsWith(github.repository, '-enterprise') || matrix.arch != 's390x' }} | |
| uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 | |
| with: | |
| name: ${{ env.zip_name }} | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 | |
| if: ${{ matrix.arch == 'arm' || matrix.arch == 'arm64' }} | |
| with: | |
| # this should be a comma-separated string as opposed to an array | |
| platforms: arm,arm64 | |
| - name: Run verification for ${{ matrix.arch }} binary | |
| if: ${{ endsWith(github.repository, '-enterprise') || matrix.arch != 's390x' }} | |
| run: .github/scripts/verify_artifact.sh ${{ env.zip_name }} v${{ env.version }} | |
| verify-darwin: | |
| needs: | |
| - set-product-version | |
| - build-darwin | |
| runs-on: macos-latest | |
| strategy: | |
| fail-fast: true | |
| env: | |
| version: ${{needs.set-product-version.outputs.product-version}} | |
| zip_name: consul_${{ needs.set-product-version.outputs.product-version }}_darwin_amd64.zip | |
| name: Verify amd64 darwin binary | |
| steps: | |
| - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
| - name: Download amd64 darwin zip | |
| uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 | |
| with: | |
| name: ${{ env.zip_name }} | |
| - name: Unzip amd64 darwin zip | |
| run: unzip ${{ env.zip_name }} | |
| - name: Run verification for amd64 darwin binary | |
| run: .github/scripts/verify_bin.sh ./consul v${{ env.version }} | |
| verify-linux-packages-deb: | |
| needs: | |
| - build | |
| - set-product-version | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| include: | |
| - { arch: "i386" } | |
| - { arch: "armhf" } | |
| - { arch: "amd64" } | |
| - { arch: "arm64" } | |
| # fail-fast: true | |
| env: | |
| version: ${{ needs.set-product-version.outputs.product-version }} | |
| name: Verify ${{ matrix.arch }} debian package | |
| steps: | |
| - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
| - name: Set package version | |
| run: | | |
| echo "pkg_version=$(echo ${{ needs.set-product-version.outputs.product-version }} | sed 's/\-/~/g')" >> $GITHUB_ENV | |
| - name: Set package name | |
| run: | | |
| echo "pkg_name=consul_${{ env.pkg_version }}-1_${{ matrix.arch }}.deb" >> $GITHUB_ENV | |
| - name: Download workflow artifacts | |
| uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 | |
| with: | |
| name: ${{ env.pkg_name }} | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 | |
| with: | |
| platforms: all | |
| - name: Verify ${{ matrix.arch }} debian package | |
| run: ./.github/scripts/verify_artifact.sh ${{ env.pkg_name }} v${{ env.version }} | |
| verify-linux-packages-rpm: | |
| needs: | |
| - build | |
| - set-product-version | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| include: | |
| - { arch: "i386" } | |
| - { arch: "x86_64" } | |
| # TODO(eculver): re-enable when there is a smaller verification container available | |
| # - { arch: "armv7hl" } | |
| # - { arch: "aarch64" } | |
| env: | |
| version: ${{ needs.set-product-version.outputs.product-version }} | |
| name: Verify ${{ matrix.arch }} rpm | |
| steps: | |
| - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 | |
| - name: Set package version | |
| run: | | |
| echo "pkg_version=$(echo ${{ needs.set-product-version.outputs.product-version }} | sed 's/\-/~/g')" >> $GITHUB_ENV | |
| - name: Set package name | |
| run: | | |
| echo "pkg_name=consul-${{ env.pkg_version }}-1.${{ matrix.arch }}.rpm" >> $GITHUB_ENV | |
| - name: Download workflow artifacts | |
| uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 | |
| with: | |
| name: ${{ env.pkg_name }} | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 | |
| with: | |
| platforms: all | |
| - name: Verify ${{ matrix.arch }} rpm | |
| run: ./.github/scripts/verify_artifact.sh ${{ env.pkg_name }} v${{ env.version }} |