cherrypick of a9a4b0b (#22806)

.github/workflows/build-vault-oss.yml

@@ -35,7 +35,12 @@ on:
       web-ui-cache-key:
         type: string
         required: true
-
+      vault-base-version:
+        type: string
+        required: true
+      vault-prerelease-version:
+        type: string
+        required: true
 jobs:
   build:
     runs-on: custom-linux-xl-vault-latest
@@ -55,15 +60,18 @@ jobs:
           key: ${{ inputs.web-ui-cache-key }}
       - name: Build Vault
         env:
+          GO_TAGS: ${{ inputs.go-tags }}
           CGO_ENABLED: ${{ inputs.cgo-enabled }}
           GOARCH: ${{ inputs.goarch }}
           GOOS: ${{ inputs.goos }}
-          GO_TAGS: ${{ inputs.go-tags }}
-        run: make ci-build
+          VERSION: ${{ inputs.vault-version }}
+        run:
+            make ci-build
       - name: Determine artifact basename
         env:
           GOARCH: ${{ inputs.goarch }}
           GOOS: ${{ inputs.goos }}
+          VERSION: ${{ inputs.vault-version }}
         run: echo "ARTIFACT_BASENAME=$(make ci-get-artifact-basename)" >> "$GITHUB_ENV"
       - name: Bundle Vault
         env:

.github/workflows/build.yml

@@ -1,4 +1,3 @@
----
 name: build
 
 on:
@@ -38,8 +37,10 @@ jobs:
       matrix-test-group: ${{ steps.get-metadata.outputs.matrix-test-group }}
       package-name: ${{ steps.get-metadata.outputs.package-name }}
       vault-revision: ${{ steps.get-metadata.outputs.vault-revision }}
-      vault-version: ${{ steps.get-metadata.outputs.vault-version }}
-      vault-base-version: ${{ steps.get-metadata.outputs.vault-base-version }}
+      vault-version: ${{ steps.set-product-version.outputs.product-version }}
+      vault-base-version: ${{ steps.set-product-version.outputs.base-product-version }}
+      vault-prerelease-version: ${{ steps.set-product-version.outputs.prerelease-product-version }}
+      vault-minor-version: ${{ steps.set-product-version.outputs.minor-product-version }}
     steps:
       - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
       - name: Ensure Go modules are cached
@@ -48,25 +49,27 @@ jobs:
         with:
           github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
           no-restore: true # don't download them on a cache hit
+      - name: Set Product version
+        id: set-product-version
+        uses: hashicorp/actions-set-product-version@v1
       - name: Get metadata
         id: get-metadata
         env:
           # MATRIX_MAX_TEST_GROUPS is required to determine the randomly selected
           # test group. It should be set to the highest test_group used in the
           # enos-run-matrices.
           MATRIX_MAX_TEST_GROUPS: 5
+          VAULT_VERSION: ${{ steps.set-product-version.outputs.product-version }}
         run: |
           # shellcheck disable=SC2129
           echo "build-date=$(make ci-get-date)" >> "$GITHUB_OUTPUT"
           echo "matrix-test-group=$(make ci-get-matrix-group-id)" >> "$GITHUB_OUTPUT"
           echo "package-name=vault" >> "$GITHUB_OUTPUT"
-          echo "vault-base-version=$(make ci-get-version-base)" >> "$GITHUB_OUTPUT"
           echo "vault-revision=$(make ci-get-revision)" >> "$GITHUB_OUTPUT"
-          echo "vault-version=$(make ci-get-version)" >> "$GITHUB_OUTPUT"
       - uses: hashicorp/actions-generate-metadata@v1
         id: generate-metadata-file
         with:
-          version: ${{ steps.get-metadata.outputs.vault-version }}
+          version: ${{ steps.set-product-version.outputs.product-version }}
           product: ${{ steps.get-metadata.outputs.package-name }}
       - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
         with:
@@ -131,6 +134,8 @@ jobs:
       package-name: ${{ needs.product-metadata.outputs.package-name }}
       web-ui-cache-key: ${{ needs.build-ui.outputs.cache-key }}
       vault-version: ${{ needs.product-metadata.outputs.vault-version }}
+      vault-base-version: ${{ needs.product-metadata.outputs.vault-base-version }}
+      vault-prerelease-version: ${{ needs.product-metadata.outputs.vault-prerelease-version }}
     secrets: inherit
 
   build-linux:
@@ -151,6 +156,8 @@ jobs:
       package-name: ${{ needs.product-metadata.outputs.package-name }}
       web-ui-cache-key: ${{ needs.build-ui.outputs.cache-key }}
       vault-version: ${{ needs.product-metadata.outputs.vault-version }}
+      vault-base-version: ${{ needs.product-metadata.outputs.vault-base-version }}
+      vault-prerelease-version: ${{ needs.product-metadata.outputs.vault-prerelease-version }}
     secrets: inherit
 
   build-darwin:
@@ -172,6 +179,8 @@ jobs:
       package-name: ${{ needs.product-metadata.outputs.package-name }}
       web-ui-cache-key: ${{ needs.build-ui.outputs.cache-key }}
       vault-version: ${{ needs.product-metadata.outputs.vault-version }}
+      vault-base-version: ${{ needs.product-metadata.outputs.vault-base-version }}
+      vault-prerelease-version: ${{ needs.product-metadata.outputs.vault-prerelease-version }}
     secrets: inherit
 
   build-docker:
@@ -183,17 +192,20 @@ jobs:
     strategy:
       matrix:
         arch: [arm, arm64, 386, amd64]
+    env:
+      repo: ${{ github.event.repository.name }}
+      version: ${{ needs.product-metadata.outputs.vault-version }}
     steps:
       - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
       - uses: hashicorp/actions-docker-build@v1
         with:
-          version: ${{ needs.product-metadata.outputs.vault-version }}
+          version: "${{ env.version }}"
           target: default
           arch: ${{ matrix.arch }}
-          zip_artifact_name: vault_${{ needs.product-metadata.outputs.vault-version }}_linux_${{ matrix.arch }}.zip
+          zip_artifact_name: vault_${{ env.version }}_linux_${{ matrix.arch }}.zip
           tags: |
-            docker.io/hashicorp/${{ github.event.repository.name }}:${{ needs.product-metadata.outputs.vault-version }}
-            public.ecr.aws/hashicorp/${{ github.event.repository.name }}:${{ needs.product-metadata.outputs.vault-version }}
+            docker.io/hashicorp/${{ env.repo }}:${{ env.version }}
+            public.ecr.aws/hashicorp/${{ env.repo }}:${{ env.version }}
 
   build-ubi:
     name: UBI image
@@ -204,15 +216,18 @@ jobs:
     strategy:
       matrix:
         arch: [amd64]
+    env:
+      repo: ${{ github.event.repository.name }}
+      version: ${{ needs.product-metadata.outputs.vault-version }}
     steps:
       - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
       - uses: hashicorp/actions-docker-build@v1
         with:
-          version: ${{ needs.product-metadata.outputs.vault-version }}
+          version: ${{ env.version }}
           target: ubi
           arch: ${{ matrix.arch }}
-          zip_artifact_name: vault_${{ needs.product-metadata.outputs.vault-version }}_linux_${{ matrix.arch }}.zip
-          redhat_tag: quay.io/redhat-isv-containers/5f89bb5e0b94cf64cfeb500a:${{ needs.product-metadata.outputs.vault-version }}-ubi
+          zip_artifact_name: vault_${{ env.version }}_linux_${{ matrix.arch }}.zip
+          redhat_tag: quay.io/redhat-isv-containers/5f89bb5e0b94cf64cfeb500a:${{ env.version }}-ubi
 
   test:
     name: Test ${{ matrix.build-artifact-name }}
@@ -244,6 +259,8 @@ jobs:
       vault-edition: oss
       vault-revision: ${{ needs.product-metadata.outputs.vault-revision }}
       ssh-key-name: ${{ github.event.repository.name }}-ci-ssh-key
+      vault-version: ${{ needs.product-metadata.outputs.vault-version }}
+      vault-minor-version:  ${{ needs.product-metadata.outputs.vault-minor-version }}
     secrets: inherit
 
   test-docker-k8s:

.github/workflows/enos-lint.yml

@@ -17,8 +17,11 @@ jobs:
       ENOS_VAR_tfc_api_token: ${{ secrets.TF_API_TOKEN }}
     steps:
       - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+      - name: Set Product version
+        id: set-product-version
+        uses: hashicorp/actions-set-product-version@v1
       - id: get-version
-        run: echo "version=$(make ci-get-version)" >> "$GITHUB_OUTPUT"
+        run: echo "version=${{ steps.set-product-version.outputs.product-version }}" >> "$GITHUB_OUTPUT"
       - uses: hashicorp/setup-terraform@v2
         with:
           terraform_wrapper: false

.github/workflows/enos-release-testing-oss.yml

@@ -12,13 +12,17 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
+
   product-metadata:
     if: ${{ startsWith(github.event.client_payload.payload.branch, 'release/') }}
     runs-on: ubuntu-latest
     outputs:
       matrix-test-group: ${{ steps.get-metadata.outputs.matrix-test-group }}
       vault-revision: ${{ steps.get-metadata.outputs.vault-revision }}
-      vault-version: ${{ steps.get-metadata.outputs.vault-version }}
+      vault-version: ${{ steps.set-product-version.outputs.product-version }}
+      vault-base-version: ${{ steps.set-product-version.outputs.base-product-version }}
+      vault-prerelease-version: ${{ steps.set-product-version.outputs.prerelease-product-version }}
+      vault-minor-version: ${{ steps.set-product-version.outputs.minor-product-version }}
     steps:
       - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
         with:
@@ -35,7 +39,6 @@ jobs:
           # shellcheck disable=SC2129
           echo "matrix-test-group=$(make ci-get-matrix-group-id)" >> "$GITHUB_OUTPUT"
           echo "vault-revision=$(make ci-get-revision)" >> "$GITHUB_OUTPUT"
-          echo "vault-version=$(make ci-get-version)" >> "$GITHUB_OUTPUT"
         # Get the workflow summary similar to CRT workflows
       - name: Release Artifact Info
         run: |
@@ -45,6 +48,10 @@ jobs:
           echo "__Commit:__ ${{ github.event.client_payload.payload.sha }}" >> "$GITHUB_STEP_SUMMARY"
           echo "" >> "$GITHUB_STEP_SUMMARY"
           echo "[Build Workflow](https://github.com/${{github.event.client_payload.payload.org}}/${{github.event.client_payload.payload.repo}}/actions/runs/${{github.event.client_payload.payload.buildworkflowid}})" >> "$GITHUB_STEP_SUMMARY"
+      - name: Set Product version
+        id: set-product-version
+        uses: hashicorp/actions-set-product-version@v1
+
 
   test:
     name: Test ${{ matrix.build-artifact-name }}
@@ -65,6 +72,8 @@ jobs:
       matrix-test-group: ${{ needs.product-metadata.outputs.matrix-test-group }}
       vault-edition: oss
       vault-revision: ${{ needs.product-metadata.outputs.vault-revision }}
+      vault-version: ${{ needs.product-metadata.outputs.vault-version }}
+      vault-minor-version: ${{ needs.product-metadata.outputs.vault-minor-version }}
     secrets: inherit
 
   save-metadata:

.github/workflows/test-run-enos-scenario-matrix.yml

@@ -51,6 +51,12 @@ on:
       vault-edition:
         required: true
         type: string
+      vault-version:
+        required: true
+        type: string
+      vault-minor-version:
+        required: true
+        type: string
       # The Git commit SHA used as the revision when building vault
       vault-revision:
         required: true
@@ -62,12 +68,12 @@ jobs:
     outputs:
       build-date: ${{ steps.metadata.outputs.build-date }}
       matrix: ${{ steps.metadata.outputs.matrix }}
-      version: ${{ steps.metadata.outputs.version }}
-      version-minor: ${{ steps.metadata.outputs.matrix }}
     env:
       # Pass the vault edition as VAULT_METADATA so the CI make targets can create
       # values that consider the edition.
       VAULT_METADATA: ${{ inputs.vault-edition }}
+      VAULT_VERSION: ${{ inputs.vault-version }}
+      VAULT_MINOR_VERSION: ${{ inputs.vault-minor-version }}
       # Pass in the matrix and matrix group for filtering
       MATRIX_FILE: ./.github/enos-run-matrices/${{ inputs.matrix-file-name }}.json
       MATRIX_TEST_GROUP: ${{ inputs.matrix-test-group }}
@@ -77,10 +83,9 @@ jobs:
           ref: ${{ inputs.vault-revision }}
       - id: metadata
         run: |
-          # shellcheck disable=SC2129
           echo "build-date=$(make ci-get-date)" >> "$GITHUB_OUTPUT"
-          echo "version=$(make ci-get-version)" >> "$GITHUB_OUTPUT"
-          echo "matrix=$(make ci-filter-matrix)" >> "$GITHUB_OUTPUT"
+          filtered="$(make ci-filter-matrix)"
+          echo "matrix=$filtered" >> "$GITHUB_OUTPUT"
 
   # Run the Enos test scenarios
   run:
@@ -101,7 +106,7 @@ jobs:
       ENOS_VAR_terraform_plugin_cache_dir: ./support/terraform-plugin-cache
       ENOS_VAR_vault_artifact_path: ./support/downloads/${{ inputs.build-artifact-name }}
       ENOS_VAR_vault_build_date: ${{ needs.metadata.outputs.build-date }}
-      ENOS_VAR_vault_product_version: ${{ needs.metadata.outputs.version }}
+      ENOS_VAR_vault_product_version: ${{ inputs.vault-version }}
       ENOS_VAR_vault_revision: ${{ inputs.vault-revision }}
       ENOS_VAR_vault_license_path: ./support/vault.hclic
       ENOS_DEBUG_DATA_ROOT_DIR: /tmp/enos-debug-data

.release/ci.hcl

@@ -153,8 +153,17 @@ event "post-publish-website" {
   }
 }
 
-event "update-ironbank" {
+event "bump-version" {
   depends = ["post-publish-website"]
+  action "bump-version" {
+    organization = "hashicorp"
+    repository = "crt-workflows-common"
+    workflow = "bump-version"
+  }
+}
+
+event "update-ironbank" {
+  depends = ["bump-version"]
   action "update-ironbank" {
     organization = "hashicorp"
     repository = "crt-workflows-common"

Makefile

@@ -293,22 +293,13 @@ ci-build:
 ci-build-ui:
 	@$(CURDIR)/scripts/ci-helper.sh build-ui
 
-.PHONY: ci-bundle
-ci-bundle:
-	@$(CURDIR)/scripts/ci-helper.sh bundle
-
 .PHONY: ci-filter-matrix
 ci-filter-matrix:
 	@$(CURDIR)/scripts/ci-helper.sh matrix-filter-file
 
-.PHONY: ci-get-artifact-basename
-ci-get-artifact-basename:
-	@$(CURDIR)/scripts/ci-helper.sh artifact-basename
-
 .PHONY: ci-get-date
 ci-get-date:
 	@$(CURDIR)/scripts/ci-helper.sh date
-
 .PHONY: ci-get-matrix-group-id
 ci-get-matrix-group-id:
 	@$(CURDIR)/scripts/ci-helper.sh matrix-group-id
@@ -317,38 +308,19 @@ ci-get-matrix-group-id:
 ci-get-revision:
 	@$(CURDIR)/scripts/ci-helper.sh revision
 
-.PHONY: ci-get-version
-ci-get-version:
-	@$(CURDIR)/scripts/ci-helper.sh version
-
-.PHONY: ci-get-version-base
-ci-get-version-base:
-	@$(CURDIR)/scripts/ci-helper.sh version-base
-
-.PHONY: ci-get-version-major
-ci-get-version-major:
-	@$(CURDIR)/scripts/ci-helper.sh version-major
-
-.PHONY: ci-get-version-meta
-ci-get-version-meta:
-	@$(CURDIR)/scripts/ci-helper.sh version-meta
-
-.PHONY: ci-get-version-minor
-ci-get-version-minor:
-	@$(CURDIR)/scripts/ci-helper.sh version-minor
+.PHONY: ci-prepare-legal
+ci-prepare-legal:
+	@$(CURDIR)/scripts/ci-helper.sh prepare-legal
 
 .PHONY: ci-get-version-package
 ci-get-version-package:
 	@$(CURDIR)/scripts/ci-helper.sh version-package
 
-.PHONY: ci-get-version-patch
-ci-get-version-patch:
-	@$(CURDIR)/scripts/ci-helper.sh version-patch
+.PHONY: ci-get-artifact-basename
+ci-get-artifact-basename:
+	@$(CURDIR)/scripts/ci-helper.sh artifact-basename
 
-.PHONY: ci-get-version-pre
-ci-get-version-pre:
-	@$(CURDIR)/scripts/ci-helper.sh version-pre
+.PHONY: ci-bundle
+ci-bundle:
+	@$(CURDIR)/scripts/ci-helper.sh bundle
 
-.PHONY: ci-prepare-legal
-ci-prepare-legal:
-	@$(CURDIR)/scripts/ci-helper.sh prepare-legal

enos/enos-scenario-agent.hcl

@@ -45,11 +45,6 @@ scenario "agent" {
     vault_tag_key      = "Type" // enos_vault_start expects Type as the tag key
   }
 
-  step "get_local_metadata" {
-    skip_step = matrix.artifact_source != "local"
-    module    = module.get_local_metadata
-  }
-
   step "build_vault" {
     module = "build_${matrix.artifact_source}"
 

enos/enos-scenario-ui.hcl

@@ -42,10 +42,6 @@ scenario "ui" {
     ui_test_filter     = var.ui_test_filter != null && try(trimspace(var.ui_test_filter), "") != "" ? var.ui_test_filter : (matrix.edition == "oss") ? "!enterprise" : null
   }
 
-  step "get_local_metadata" {
-    module = module.get_local_metadata
-  }
-
   step "build_vault" {
     module = module.build_local