diff --git a/.github/actions/prepare-workspace/action.yml b/.github/actions/prepare-workspace/action.yml new file mode 100644 index 0000000000000..06598c29c1e8e --- /dev/null +++ b/.github/actions/prepare-workspace/action.yml @@ -0,0 +1,47 @@ +name: Prepare Teleport workspace +description: Prepares Teleport workspace folder +inputs: + cache_key: + description: Cache infix used in cache actions + required: false + default: ${{ github.workflow }} + +runs: + using: "composite" + steps: + - name: Mark workspace as git safe.directory + shell: bash + run: | + git config --global --add safe.directory ${GITHUB_WORKSPACE} + git config --global --add safe.directory ${GITHUB_WORKSPACE}/webassets + + - name: Fetch go cache paths + id: go-cache-paths + shell: bash + run: | + echo "go-build=$(go env GOCACHE)" >> $GITHUB_OUTPUT + echo "go-mod=$(go env GOMODCACHE)" >> $GITHUB_OUTPUT + + - name: Go build cache + uses: actions/cache@v3 + with: + path: ${{ steps.go-cache-paths.outputs.go-build }} + key: ${{ runner.os }}-go-build-${{ inputs.cache_key }}-${{ hashFiles('**/go.sum') }} + restore-keys: ${{ runner.os }}-go-build-${{ inputs.cache_key }}- + + - name: Go mod cache + uses: actions/cache@v3 + with: + path: ${{ steps.go-cache-paths.outputs.go-mod }} + key: ${{ runner.os }}-go-mod-${{ inputs.cache_key }}-${{ hashFiles('**/go.sum') }} + restore-keys: ${{ runner.os }}-go-mod-${{ inputs.cache_key }}- + + - name: Rust cargo cache + uses: actions/cache@v3 + with: + path: | + ${{ github.workspace }}/target + /usr/local/cargo/registry + /usr/local/cargo/git + key: ${{ runner.os }}-cargo-${{ inputs.cache_key }}-${{ hashFiles('**/Cargo.lock') }} + restore-keys: ${{ runner.os }}-cargo-${{ inputs.cache_key }}- diff --git a/.github/services/Dockerfile.etcd b/.github/services/Dockerfile.etcd new file mode 100644 index 0000000000000..22e7d49e9b383 --- /dev/null +++ b/.github/services/Dockerfile.etcd @@ -0,0 +1,20 @@ +ARG BUILDARCH +ARG ETCD_VERSION + +FROM bitnami/etcd:${ETCD_VERSION} + +COPY examples/etcd/certs /certs + +HEALTHCHECK CMD etcdctl --insecure-discovery --endpoint=https://etcd0:2379 --key-file /certs/client-key.pem --cert-file /certs/client-cert.pem --ca-file /certs/ca-cert.pem cluster-health + +EXPOSE 2379 2380 + +ENTRYPOINT /opt/bitnami/etcd/bin/etcd --name teleportstorage \ + --initial-cluster-state new \ + --cert-file /certs/server-cert.pem \ + --key-file /certs/server-key.pem \ + --trusted-ca-file /certs/ca-cert.pem \ + --advertise-client-urls=https://127.0.0.1:2379 \ + --listen-client-urls=https://0.0.0.0:2379 \ + --client-cert-auth \ + --debug diff --git a/.github/workflows/build-ci-service-images.yaml b/.github/workflows/build-ci-service-images.yaml new file mode 100644 index 0000000000000..bd0d058854334 --- /dev/null +++ b/.github/workflows/build-ci-service-images.yaml @@ -0,0 +1,64 @@ +name: Build CI Service Images +run-name: Build CI Service Images +on: + push: + paths: + - .github/services/Dockerfile.* + - examples/etcd/certs/*.pem + branches: + - master + pull_request: + paths: + - .github/services/Dockerfile.* + - examples/etcd/certs/*.pem + branches: + - master + +env: + REGISTRY: ghcr.io + IMAGE_NAME: gravitational/ci-etcd + ETCD_VERSION: 3.3.9 + +jobs: + build: + name: Build CI Services Images + runs-on: ubuntu-latest + + permissions: + contents: read + packages: write + + steps: + - name: Checkout Teleport + uses: actions/checkout@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Login to registry + uses: docker/login-action@v2 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v4 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + + - name: Build etcd image + id: docker_build + uses: docker/build-push-action@v2 + with: + context: ${{ github.workspace }} + file: .github/services/Dockerfile.etcd + tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.ETCD_VERSION }} + labels: ${{ steps.meta.outputs.labels }} + build-args: | + ETCD_VERSION=${{ env.ETCD_VERSION }} + push: true + + - name: Image digest + run: echo ${{ steps.docker_build.outputs.digest }} diff --git a/.github/workflows/doc-tests.yaml b/.github/workflows/doc-tests.yaml new file mode 100644 index 0000000000000..24f72c479d86e --- /dev/null +++ b/.github/workflows/doc-tests.yaml @@ -0,0 +1,24 @@ +name: Lint (Docs) +run-name: Lint (Docs) +on: + push: + branches: + - master + pull_request: + +jobs: + doc-tests: + name: Lint (Docs) + runs-on: ubuntu-latest + + container: + image: public.ecr.aws/gravitational/docs:latest + volumes: + - ${{ github.workspace }}:/src/content + + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Run tests + run: cd /src/content && yarn markdown-lint diff --git a/.github/workflows/integration-tests-non-root.yaml b/.github/workflows/integration-tests-non-root.yaml new file mode 100644 index 0000000000000..18a324faec516 --- /dev/null +++ b/.github/workflows/integration-tests-non-root.yaml @@ -0,0 +1,60 @@ +name: Integration Tests (Non-root) +run-name: Integration Tests (Non-root) - ${{ github.run_id }} - @${{ github.actor }} + +on: + push: + branches: + - master + pull_request: + paths: + - '**.go' + - 'go.mod' + - 'go.sum' + +jobs: + test: + name: Integration Tests (Non-root) + runs-on: ubuntu-22.04-16core + + permissions: + contents: read + id-token: write + packages: read + + container: + image: public.ecr.aws/gravitational/teleport-buildbox:teleport12 + env: + TELEPORT_ETCD_TEST: yes + TELEPORT_ETCD_TEST_ENDPOINT: https://etcd0:2379 + options: --cap-add=SYS_ADMIN --privileged + + services: + etcd0: + image: ghcr.io/gravitational/ci-etcd:3.3.9 + options: >- + --health-interval 10s + --health-timeout 5s + --health-retries 5 + --add-host etcd0:127.0.0.1 + ports: + - 2379:2379 + - 2380:2380 + - 3379:3379 + + steps: + - name: Checkout Teleport + uses: actions/checkout@v3 + + - name: Prepare workspace + uses: ./.github/actions/prepare-workspace + + - name: Chown + run: | + mkdir -p $(go env GOMODCACHE) + mkdir -p $(go env GOCACHE) + chown -Rf ci:ci ${GITHUB_WORKSPACE} $(go env GOMODCACHE) $(go env GOCACHE) + continue-on-error: true + + - name: Run tests + timeout-minutes: 40 + run: runuser -u ci -g ci make rdpclient integration diff --git a/.github/workflows/integration-tests-root.yaml b/.github/workflows/integration-tests-root.yaml new file mode 100644 index 0000000000000..c3e5f0e1504a1 --- /dev/null +++ b/.github/workflows/integration-tests-root.yaml @@ -0,0 +1,37 @@ +name: Integration Tests (Root) +run-name: Integration Tests (Root) - ${{ github.run_id }} - @${{ github.actor }} + +on: + push: + branches: + - master + pull_request: + paths: + - '**.go' + - 'go.mod' + - 'go.sum' + +jobs: + test: + name: Integration Tests (Root) + runs-on: ubuntu-22.04-16core + + permissions: + contents: read + id-token: write + + container: + image: public.ecr.aws/gravitational/teleport-buildbox:teleport12 + options: --cap-add=SYS_ADMIN --privileged + + steps: + - name: Checkout Teleport + uses: actions/checkout@v3 + + - name: Prepare workspace + uses: ./.github/actions/prepare-workspace + + - name: Run tests + timeout-minutes: 40 + run: | + make rdpclient integration-root diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml new file mode 100644 index 0000000000000..49a64572b99c0 --- /dev/null +++ b/.github/workflows/lint.yaml @@ -0,0 +1,24 @@ +name: Lint (Go) +run-name: make lint +on: + push: + branches: + - master + pull_request: + +jobs: + lint: + name: Lint (Go) + runs-on: ubuntu-22.04-16core + + container: + image: public.ecr.aws/gravitational/teleport-buildbox:teleport12 + env: + GO_LINT_FLAGS: --timeout=15m + + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Run linter + run: make lint diff --git a/.github/workflows/os-compatibility-test.yaml b/.github/workflows/os-compatibility-test.yaml new file mode 100644 index 0000000000000..b42e4c72de76b --- /dev/null +++ b/.github/workflows/os-compatibility-test.yaml @@ -0,0 +1,55 @@ +name: OS Compatibility Test +run-name: OS Compatibility Test +on: + push: + branches: + - master + pull_request: + +jobs: + build: + name: Build Artifacts + runs-on: ubuntu-22.04-16core + container: + image: public.ecr.aws/gravitational/teleport-buildbox-centos7:teleport12 + env: + GOCACHE: /tmp/gocache + + steps: + - name: Checkout Teleport + uses: actions/checkout@v3 + + - name: Prepare workspace + uses: ./.github/actions/prepare-workspace + + - name: Run make + run: | + make build/tctl build/tsh build/tbot build/teleport + + - name: Upload binaries + uses: actions/upload-artifact@v3 + with: + name: build + path: ${{ github.workspace }}/build/ + + test-compat: + needs: build + name: Run Compatibility Test + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Download binaries + uses: actions/download-artifact@v3 + with: + name: build + path: ${{ github.workspace }}/build + + - name: chmod +x + run: chmod +x ${GITHUB_WORKSPACE}/build/* + + - name: Run compat matrix + timeout-minutes: 10 + run: | + cd ${GITHUB_WORKSPACE} && ./build.assets/build-test-compat.sh diff --git a/.github/workflows/unit-tests-code-bypass.yaml b/.github/workflows/unit-tests-code-bypass.yaml new file mode 100644 index 0000000000000..196fb3177f883 --- /dev/null +++ b/.github/workflows/unit-tests-code-bypass.yaml @@ -0,0 +1,14 @@ +name: Unit Tests (Go) +run-name: Unit Tests (Go) - ${{ github.run_id }} - @${{ github.actor }} + +on: + pull_request: + paths-ignore: + - '**.go' + +jobs: + test: + name: Unit Tests (Go) + runs-on: ubuntu-latest + steps: + - run: 'echo "No changes to verify"' diff --git a/.github/workflows/unit-tests-code.yaml b/.github/workflows/unit-tests-code.yaml new file mode 100644 index 0000000000000..3d8bad9ff6b7c --- /dev/null +++ b/.github/workflows/unit-tests-code.yaml @@ -0,0 +1,58 @@ +name: Unit Tests (Go) +run-name: Unit Tests (Go) - ${{ github.run_id }} - @${{ github.actor }} + +on: + push: + branches: + - master + pull_request: + paths: + - '**.go' + - 'go.mod' + - 'go.sum' + +jobs: + test: + name: Unit Tests (Go) + runs-on: ubuntu-22.04-32core + + permissions: + contents: read + id-token: write + packages: read + + container: + image: public.ecr.aws/gravitational/teleport-buildbox:teleport12 + env: + TELEPORT_ETCD_TEST: yes + TELEPORT_ETCD_TEST_ENDPOINT: https://etcd0:2379 + TELEPORT_XAUTH_TEST: yes + TELEPORT_BPF_TEST: yes + options: --cap-add=SYS_ADMIN --privileged + + services: + etcd0: + image: ghcr.io/gravitational/ci-etcd:3.3.9 + options: >- + --health-interval 10s + --health-timeout 5s + --health-retries 5 + --add-host etcd0:127.0.0.1 + ports: + - 2379:2379 + - 2380:2380 + - 3379:3379 + + steps: + - name: Checkout Teleport + uses: actions/checkout@v3 + + - name: Prepare workspace + uses: ./.github/actions/prepare-workspace + + - name: Mount debugfs + run: mount -t debugfs none /sys/kernel/debug/ + + - name: Run tests + timeout-minutes: 40 + run: make test-go test-sh test-api diff --git a/.github/workflows/unit-tests-helm-bypass.yaml b/.github/workflows/unit-tests-helm-bypass.yaml new file mode 100644 index 0000000000000..dd7693cc950b2 --- /dev/null +++ b/.github/workflows/unit-tests-helm-bypass.yaml @@ -0,0 +1,15 @@ +# https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/defining-the-mergeability-of-pull-requests/troubleshooting-required-status-checks#handling-skipped-but-required-checks +name: Unit Tests (Helm) +run-name: Unit Tests (Helm) - ${{ github.run_id }} - @${{ github.actor }} + +on: + pull_request: + paths-ignore: + - 'examples/chart/**' + +jobs: + test: + name: Unit Tests (Helm) + runs-on: ubuntu-latest + steps: + - run: 'echo "No changes to verify"' diff --git a/.github/workflows/unit-tests-helm.yaml b/.github/workflows/unit-tests-helm.yaml new file mode 100644 index 0000000000000..15821d10e490c --- /dev/null +++ b/.github/workflows/unit-tests-helm.yaml @@ -0,0 +1,28 @@ +name: Unit Tests (Helm) +run-name: Unit Tests (Helm) - ${{ github.run_id }} - @${{ github.actor }} + +on: + push: + branches: + - master + pull_request: + paths: + - 'examples/chart/**' + +jobs: + test: + name: Unit Tests (Helm) + runs-on: ubuntu-latest + + container: + image: public.ecr.aws/gravitational/teleport-buildbox:teleport12 + env: + HELM_PLUGINS: /root/.local/share/helm/plugins + + steps: + - name: Checkout Teleport + uses: actions/checkout@v3 + + - name: Run tests + timeout-minutes: 40 + run: make test-helm diff --git a/.github/workflows/unit-tests-operator-bypass.yaml b/.github/workflows/unit-tests-operator-bypass.yaml new file mode 100644 index 0000000000000..b9f31219f7e7f --- /dev/null +++ b/.github/workflows/unit-tests-operator-bypass.yaml @@ -0,0 +1,18 @@ +name: Unit Tests (Operator) +run-name: Unit Tests (Operator) - ${{ github.run_id }} - @${{ github.actor }} + +on: + pull_request: + paths-ignore: + - /go.mod + - /go.sum + - operator/** + - api/types/** + - lib/tbot/** + +jobs: + test: + name: Unit Tests (Operator) + runs-on: ubuntu-latest + steps: + - run: 'echo "No changes to verify"' diff --git a/.github/workflows/unit-tests-operator.yaml b/.github/workflows/unit-tests-operator.yaml new file mode 100644 index 0000000000000..b02eb44478e2b --- /dev/null +++ b/.github/workflows/unit-tests-operator.yaml @@ -0,0 +1,34 @@ +name: Unit Tests (Operator) +run-name: Unit Tests (Operator) - ${{ github.run_id }} - @${{ github.actor }} + +on: + push: + branches: + - master + pull_request: + paths: + - /go.mod + - /go.sum + - operator/** + - api/types/** + - lib/tbot/** + +jobs: + test: + name: Unit Tests (Operator) + runs-on: ubuntu-latest + + container: + image: public.ecr.aws/gravitational/teleport-buildbox:teleport12 + options: --cap-add=SYS_ADMIN --privileged + + steps: + - name: Checkout Teleport + uses: actions/checkout@v3 + + - name: Prepare workspace + uses: ./.github/actions/prepare-workspace + + - name: Run tests + timeout-minutes: 40 + run: make test-operator diff --git a/.github/workflows/unit-tests-rust-bypass.yaml b/.github/workflows/unit-tests-rust-bypass.yaml new file mode 100644 index 0000000000000..43b39dd408dcf --- /dev/null +++ b/.github/workflows/unit-tests-rust-bypass.yaml @@ -0,0 +1,16 @@ +name: Unit Tests (Rust) +run-name: Unit Tests (Rust) - ${{ github.run_id }} - @${{ github.actor }} + +on: + pull_request: + paths-ignore: + - '**.rs' + - 'Cargo.toml' + - 'Cargo.lock' + +jobs: + test: + name: Unit Tests (Rust) + runs-on: ubuntu-latest + steps: + - run: 'echo "No changes to verify"' diff --git a/.github/workflows/unit-tests-rust.yaml b/.github/workflows/unit-tests-rust.yaml new file mode 100644 index 0000000000000..c536ab948d28f --- /dev/null +++ b/.github/workflows/unit-tests-rust.yaml @@ -0,0 +1,38 @@ +name: Unit Tests (Rust) +run-name: Unit Tests (Rust) - ${{ github.run_id }} - @${{ github.actor }} + +on: + push: + branches: + - master + pull_request: + paths: + - '**.rs' + - 'Cargo.toml' + - 'Cargo.lock' + +jobs: + test: + name: Unit Tests (Rust) + runs-on: ubuntu-latest + container: + image: public.ecr.aws/gravitational/teleport-buildbox:teleport12 + options: --cap-add=SYS_ADMIN --privileged + + steps: + - name: Checkout Teleport + uses: actions/checkout@v3 + + - name: Rust cargo cache + uses: actions/cache@v3 + with: + path: | + ${{ github.workspace }}/target + /usr/local/cargo/registry + /usr/local/cargo/git + key: ${{ runner.os }}-cargo-${{ github.workflow }}-${{ hashFiles('**/Cargo.lock') }} + restore-keys: ${{ runner.os }}-cargo-${{ github.workflow }}- + + - name: Run tests + timeout-minutes: 40 + run: make test-rust diff --git a/integration/hsm/hsm_test.go b/integration/hsm/hsm_test.go index d513288f2f12d..c481a9cc30977 100644 --- a/integration/hsm/hsm_test.go +++ b/integration/hsm/hsm_test.go @@ -306,7 +306,7 @@ func etcdBackendConfig(t *testing.T) *backend.Config { cfg := &backend.Config{ Type: "etcd", Params: backend.Params{ - "peers": []string{"https://127.0.0.1:2379"}, + "peers": []string{etcdTestEndpoint()}, "prefix": prefix, "tls_key_file": "../../examples/etcd/certs/client-key.pem", "tls_cert_file": "../../examples/etcd/certs/client-cert.pem", @@ -323,6 +323,15 @@ func etcdBackendConfig(t *testing.T) *backend.Config { return cfg } +// etcdTestEndpoint returns etcd host used in tests. +func etcdTestEndpoint() string { + host := os.Getenv("TELEPORT_ETCD_TEST_ENDPOINT") + if host != "" { + return host + } + return "https://127.0.0.1:2379" +} + func liteBackendConfig(t *testing.T) *backend.Config { return &backend.Config{ Type: lite.GetName(), diff --git a/lib/backend/etcdbk/etcd_test.go b/lib/backend/etcdbk/etcd_test.go index 987817796012c..79939b4636c50 100644 --- a/lib/backend/etcdbk/etcd_test.go +++ b/lib/backend/etcdbk/etcd_test.go @@ -45,7 +45,7 @@ func TestMain(m *testing.M) { // commonEtcdParams holds the common etcd configuration for all tests. var commonEtcdParams = backend.Params{ - "peers": []string{"https://127.0.0.1:2379"}, + "peers": []string{etcdTestEndpoint()}, "prefix": examplePrefix, "tls_key_file": "../../../examples/etcd/certs/client-key.pem", "tls_cert_file": "../../../examples/etcd/certs/client-cert.pem", @@ -174,7 +174,7 @@ func TestCompareAndSwapOversizedValue(t *testing.T) { // setup const maxClientMsgSize = 128 bk, err := New(context.Background(), backend.Params{ - "peers": []string{"https://127.0.0.1:2379"}, + "peers": []string{etcdTestEndpoint()}, "prefix": "/teleport", "tls_key_file": "../../../examples/etcd/certs/client-key.pem", "tls_cert_file": "../../../examples/etcd/certs/client-cert.pem", @@ -247,6 +247,15 @@ func etcdTestEnabled() bool { return os.Getenv("TELEPORT_ETCD_TEST") != "" } +// Returns etcd host used in tests +func etcdTestEndpoint() string { + host := os.Getenv("TELEPORT_ETCD_TEST_ENDPOINT") + if host != "" { + return host + } + return "https://127.0.0.1:2379" +} + func (r blockingFakeClock) Advance(d time.Duration) { if d < 0 { panic("Invalid argument, negative duration")