Test the release binary during integration tests

.dockerignore

@@ -3,7 +3,6 @@ internal/cmd/mocks/
 Jenkinsfile
 
 dev/
-dist/
 output/
 
 **/*.sw[po]

.goreleaser.yml

@@ -7,7 +7,8 @@ before:
     # you may remove this if you don't need go generate
     - go generate ./...
 builds:
-- main: ./cmd/conjur
+- id: conjur-cli-go
+  main: ./cmd/conjur
   binary: conjur
   env:
   - CGO_ENABLED=0
@@ -21,7 +22,7 @@ builds:
   - linux
   - darwin
   - windows
-  goamd64: 
+  goamd64:
    - v1
   # The `Tag` override is there to provide the git commit information in the
   # final binary. See `Static long version tags` in the `Building` section
@@ -41,9 +42,31 @@ builds:
       # binary-windows_amd64.exe.
       - mkdir -p "{{ dir .Path }}/../binaries"
       - cp "{{ .Path }}" "{{ dir .Path }}/../binaries/conjur_{{ .Target }}{{ .Ext }}"
+- id: integration
+  command: test
+  main: ./cmd/integration
+  binary: integration
+  no_main_check: true
+  env:
+  - CGO_ENABLED=0
+  # Tag 'netgo' is a Go build tag that ensures a pure Go networking stack
+  # in the resulting binary instead of using the default host's stack to
+  # ensure a fully static artifact that has no dependencies.
+  flags:
+  - -tags=netgo,dev,integration
+  - -a
+  - -c
+  - -v
+  goos:
+  - linux
+  goarch:
+  - amd64
+  goamd64:
+  - v1
 
 archives:
   - id: conjur-cli-go-archive
+    builds: [conjur-cli-go]
     files:
       - CHANGELOG.md
       - LICENSE

CHANGELOG.md

@@ -10,7 +10,12 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - Nothing should go in this section, please add to the latest unreleased version
   (and update the corresponding date), or add a new version.
 
-## [8.0.0] - 2023-01-12
+## [8.0.0] - 2023-01-20
 
 ### Added
 - Initial release of Conjur CLI written in Golang
+
+## [0.0.0] - 2023-01-01
+
+### Added
+- Placeholder version to capture the reset of the repository

Dockerfile

@@ -0,0 +1,6 @@
+FROM alpine:3.17.1 as conjur-cli-go
+LABEL org.opencontainers.image.authors="CyberArk Software Ltd."
+
+ENTRYPOINT [ "/usr/local/bin/conjur" ]
+
+COPY dist/goreleaser/binaries/conjur_linux_amd64_v1 /usr/local/bin/conjur

Jenkinsfile

@@ -15,8 +15,13 @@ if (params.MODE == "PROMOTE") {
   release.promote(params.VERSION_TO_PROMOTE) { sourceVersion, targetVersion, assetDirectory ->
     // Any assets from sourceVersion Github release are available in assetDirectory
     // Any version number updates from sourceVersion to targetVersion occur here
-    // Any publishing of stargetVersion artifacts occur here
+    // Any publishing of targetVersion artifacts occur here
     // Anything added to assetDirectory will be attached to the Github Release
+
+    // Promote source version to target version.
+
+    // NOTE: the use of --pull to ensure source images are pulled from internal registry
+    sh "source ./bin/build_utils && ./bin/publish_container_images --promote --source ${sourceVersion}-\$(git_commit) --target ${targetVersion} --pull"
   }
   return
 }
@@ -76,34 +81,58 @@ pipeline {
       }
     }
 
-    stage('Run unit tests') {
-      steps {
-        sh './bin/test_unit'
-      }
-      post {
-        always {
-          sh './bin/coverage'
-          junit 'junit.xml'
-
-          cobertura autoUpdateHealth: false,
-            autoUpdateStability: false,
-            coberturaReportFile: 'coverage.xml',
-            conditionalCoverageTargets: '70, 0, 0',
-            failUnhealthy: false,
-            failUnstable: false,
-            maxNumberOfBuilds: 0,
-            lineCoverageTargets: '70, 0, 0',
-            methodCoverageTargets: '70, 0, 0',
-            onlyStable: false,
-            sourceEncoding: 'ASCII',
-            zoomCoverageChart: false
-            ccCoverage("gocov", "--prefix github.com/cyberark/conjur-cli-go")
+    stage('Build while unit testing') {
+      parallel {
+        stage('Run unit tests') {
+          steps {
+            sh './bin/test_unit'
+          }
+          post {
+            always {
+              sh './bin/coverage'
+              junit 'junit.xml'
+
+              cobertura autoUpdateHealth: false,
+                autoUpdateStability: false,
+                coberturaReportFile: 'coverage.xml',
+                conditionalCoverageTargets: '70, 0, 0',
+                failUnhealthy: false,
+                failUnstable: false,
+                maxNumberOfBuilds: 0,
+                lineCoverageTargets: '70, 0, 0',
+                methodCoverageTargets: '70, 0, 0',
+                onlyStable: false,
+                sourceEncoding: 'ASCII',
+                zoomCoverageChart: false
+                ccCoverage("gocov", "--prefix github.com/cyberark/conjur-cli-go")
+            }
+          }
+        }
+
+        stage('Build release artifacts') {
+          steps {
+            dir('./pristine-checkout') {
+              // Go releaser requires a pristine checkout
+              checkout scm
+
+              // Create release artifacts without releasing to Github
+              sh "cp ../VERSION ./VERSION"
+              sh "./bin/build_release --skip-validate --rm-dist"
+
+              // Build container images
+              sh "./bin/build_container_images"
+
+              // Archive release artifacts
+              archiveArtifacts 'dist/goreleaser/'
+            }
+          }
         }
       }
     }
+
     stage('Run integration tests') {
       steps {
-        dir('ci') {
+        dir('./pristine-checkout/ci') {
           script {
             try{
               sh 'summon -f ./okta/secrets.yml ./test_integration'
@@ -115,20 +144,6 @@ pipeline {
       }
     }
 
-    stage('Build release artifacts') {
-      steps {
-        dir('./pristine-checkout') {
-          // Go releaser requires a pristine checkout
-          checkout scm
-
-          // Create release packages without releasing to Github
-          sh "cp ../VERSION ./VERSION"
-          sh "./bin/build_release --skip-validate --rm-dist"
-          archiveArtifacts 'dist/goreleaser/'
-        }
-      }
-    }
-
     stage('Release') {
       when {
         expression {
@@ -147,6 +162,9 @@ pipeline {
           sh """go-bom --tools "${toolsDirectory}" --go-mod ./go.mod --image "golang" --main "cmd/conjur/" --output "${billOfMaterialsDirectory}/go-app-bom.json" """
           // Create Go module SBOM
           sh """go-bom --tools "${toolsDirectory}" --go-mod ./go.mod --image "golang" --output "${billOfMaterialsDirectory}/go-mod-bom.json" """
+
+          // Publish container images to internal registry
+          sh './bin/publish_container_images --internal'
         }
       }
     }

bin/build_container_images

@@ -0,0 +1,26 @@
+#!/usr/bin/env bash
+
+set -eo pipefail
+
+# Navigate to the bin directory (where this script lives) to ensure we can run this script
+# from anywhere.
+cd "$(dirname "$0")"
+
+. ./build_utils
+
+function main() {
+    local REPO_ROOT="$(repo_root)"
+    local CONTAINER_IMAGE_AND_TAG="conjur-cli:$(project_version_with_commit)"
+
+    # Build container image/s by copying binaries
+    # 
+    echo "Building ${CONTAINER_IMAGE_AND_TAG} container image"
+    docker build \
+        --tag "${CONTAINER_IMAGE_AND_TAG}" \
+        --rm \
+        --file "${REPO_ROOT}/Dockerfile" \
+        "${REPO_ROOT}"
+}
+
+
+main

bin/build_release

@@ -2,31 +2,36 @@
 
 set -eo pipefail
 
-PROJECT_NAME=conjur-cli-go
-REPO_ROOT="$(git rev-parse --show-toplevel)"
-
-# Get the version of Go specified by the "go directive" in go.mod
-# Grep it to avoid Go binary dependency
-GO_VERSION="v$(grep "^\bgo\b" "${REPO_ROOT}/go.mod" | awk '{print $2}')"
-
-# Determine where VERSION file is based on goreleaser argument
-VERSION=$(<"${REPO_ROOT}/VERSION")
-
-# Remove Jenkins build number from VERSION
-VERSION="${VERSION/-*/}"
-
-# Use a GoReleaser Docker image containing cross-compilation tools
-# This image is recommended by the official GoReleaser docs
-# https://goreleaser.com/cookbooks/cgo-and-crosscompiling/
-GORELEASER_IMAGE="goreleaser/goreleaser-cross:latest"
-
-echo "Docker image for release build: ${GORELEASER_IMAGE}"
-
-docker run --rm \
-  --env VERSION="${VERSION}" \
-  --env GO_VERSION="${GO_VERSION}" \
-  --volume "${REPO_ROOT}:/${PROJECT_NAME}" \
-  --workdir /${PROJECT_NAME} \
-  "${GORELEASER_IMAGE}" --rm-dist "$@"
-
-echo "Releases built. Archives can be found in dist/goreleaser"
+# Navigate to the bin directory (where this script lives) to ensure we can run this script
+# from anywhere.
+cd "$(dirname "$0")"
+
+. ./build_utils
+
+function main() {
+    local REPO_ROOT="$(repo_root)"
+    local PROJECT_WD="github.com/cyberark/conjur-cli-go"
+    local VERSION="$(project_semantic_version)"
+
+    # Get the version of Go specified by the "go directive" in go.mod
+    # Grep it to avoid Go binary dependency
+    local GO_VERSION="v$(grep "^\bgo\b" "${REPO_ROOT}/go.mod" | awk '{print $2}')"
+
+    # Use a GoReleaser Docker image containing cross-compilation tools
+    # This image is recommended by the official GoReleaser docs
+    # https://goreleaser.com/cookbooks/cgo-and-crosscompiling/
+    local GORELEASER_IMAGE="goreleaser/goreleaser-cross:latest"
+
+    # Compile binaries with Go Releaser
+    #
+    echo "Docker image for release build: ${GORELEASER_IMAGE}"
+    docker run --rm \
+      --env VERSION="${VERSION}" \
+      --env GO_VERSION="${GO_VERSION}" \
+      --volume "${REPO_ROOT}:/${PROJECT_WD}" \
+      --workdir /${PROJECT_WD} \
+      "${GORELEASER_IMAGE}" --rm-dist "$@"
+    echo "Releases built. Archives can be found in dist/goreleaser"
+}
+
+main "$@"

bin/build_utils

@@ -26,6 +26,51 @@ function retrieve_cyberark_ca_cert() {
   fi
 }
 
-repo_root() {
+function repo_root() {
   git rev-parse --show-toplevel
 }
+
+function git_commit() {
+  git rev-parse --short HEAD
+}
+
+function project_version() {
+  # VERSION derived from CHANGELOG and automated release library
+  echo "$(<"$(repo_root)/VERSION")"
+}
+
+function project_semantic_version() {
+  local version=$(project_version)
+
+  # Remove Jenkins build number from VERSION
+  echo "${version/-*/}"
+}
+
+function project_semantic_version_with_commit() {
+  echo "$(project_semantic_version)-$(git_commit)"
+}
+
+function project_version_with_commit() {
+  echo "$(project_version)-$(git_commit)"
+}
+
+# generate less specific versions, eg. given 1.2.3 will print 1.2 and 1
+# (note: the argument itself is not printed, append it explicitly if needed)
+function gen_versions() {
+  local version=$1
+  while [[ $version = *.* ]]; do
+    version=${version%.*}
+    echo $version
+  done
+}
+
+function tag_and_push() {
+  local source="$1"
+  shift
+  local target="$1"
+  shift
+
+  echo "Tagging and pushing $target..."
+  docker tag "${source}" "${target}"
+  docker push "${target}"
+}