Merge pull request #4 from newrelic/mvick/full-conf-def

chore: CDD updates and cleanup

Author: mvicknr

.fleetControl/agentControl/agent-schema-for-agent-control.yml

@@ -0,0 +1,57 @@
+namespace: newrelic
+name: com.newrelic.my_agent
+version: 0.1.0
+variables:
+  k8s:
+    version:
+      description: "My Agent init container version"
+      type: string
+      default: "latest"
+      required: false
+    podLabelSelector:
+      description: "Pod label selector"
+      type: yaml
+      default: { }
+      required: false
+    namespaceLabelSelector:
+      description: "Namespace label selector"
+      type: yaml
+      default: { }
+      required: false
+    env:
+      description: "environment variables to pass to My agent"
+      type: yaml
+      default: [ ]
+      required: false
+    health_env:
+      description: "environment variables to pass to health sidecar"
+      type: yaml
+      default: [ ]
+      required: false
+    health_version:
+      description: "health sidecar image version"
+      type: string
+      default: "latest"
+      required: false
+deployment:
+  k8s:
+    health:
+      interval: 30s
+      initial_delay: 30s
+    objects:
+      instrumentation:
+        apiVersion: newrelic.com/v1beta1
+        kind: Instrumentation
+        metadata:
+          name: ${nr-sub:agent_id}
+          namespace: ${nr-ac:namespace_agents}
+        spec:
+          agent:
+            language: My
+            image: newrelic/newrelic-myagent-init:${nr-var:version}
+            env: ${nr-var:env}
+          healthAgent:
+            image: newrelic/k8s-apm-agent-health-sidecar:${nr-var:health_version}
+            env: ${nr-var:health_env}
+          podLabelSelector: ${nr-var:podLabelSelector}
+          namespaceLabelSelector: ${nr-var:namespaceLabelSelector}

.github/workflows/test_action.yml

@@ -18,4 +18,6 @@ jobs:
       - name: Run Agent Metadata Action
         uses: ./
         with:
+          agent-type: 'myagent'
+          version: '1.0.0'
           cache: false

CLAUDE.md

@@ -18,13 +18,19 @@ The project follows standard Go conventions:
 │       └── main.go
 ├── internal/                      # Private application code
 │   ├── config/                    # Configuration loading and file I/O
-│   │   ├── config.go
-│   │   ├── config_test.go
-│   │   └── integration_test.go
-│   └── models/                    # Data structures
-│       └── models.go
+│   │   ├── definitions.go         # Config file reading with schema encoding
+│   │   ├── definitions_test.go    # Integration tests (33 tests)
+│   │   ├── env.go                 # Environment variable loading
+│   │   ├── env_test.go            # Environment tests
+│   │   ├── metadata.go            # Version and metadata loading
+│   │   └── metadata_test.go       # Metadata tests
+│   └── models/                    # Data structures with validation
+│       ├── models.go              # Type definitions + custom unmarshalers
+│       └── models_test.go         # Model validation tests (17 tests)
 ├── .fleetControl/                 # Configuration files
 │   ├── configurationDefinitions.yml
+│   ├── agentControl/
+│   │   └── agent-schema-for-agent-control.yml
 │   └── schemas/
 │       └── myagent-config.json
 ├── action.yml                     # GitHub Action definition
@@ -63,29 +69,69 @@ export GITHUB_WORKSPACE=/path/to/repo
 ### Package Organization
 
 **cmd/agent-metadata-action/main.go**: Application entry point
-- Loads workspace path via `config.LoadEnv()`
-- Calls `config.ReadConfigurationDefinitions()` to read and parse YAML
-- Marshals results to JSON for output
+- Loads workspace path via `config.LoadEnv()` (returns empty string if not set)
+- Loads metadata via `config.LoadMetadata()` (version, features, bugs, security)
+- If workspace is set (agent repo flow):
+  - Reads configuration definitions via `config.ReadConfigurationDefinitions()`
+  - Reads agent control via `config.LoadAndEncodeAgentControl()`
+  - Combines into `AgentMetadata` structure
+- If workspace not set (docs flow):
+  - Only outputs metadata
+- Uses `printJSON()` helper to marshal and output data
 - Uses GitHub Actions annotation format for logging (`::error::`, `::notice::`, `::debug::`)
 
-**internal/config**: Configuration file I/O
-- `LoadEnv()`: Reads `GITHUB_WORKSPACE` environment variable
-- `ReadConfigurationDefinitions()`: Reads YAML file from local filesystem and parses it
-- Tests cover environment variable validation, file reading, and YAML parsing errors
-
-**internal/models**: Data structures
-- `ConfigurationDefinition`: Represents a single configuration with fields like name, slug, platform, description, type, version, format, and schema
+**internal/config**: Configuration file I/O with three main modules:
+
+1. **env.go**: Environment variable handling
+   - `LoadEnv()`: Reads `GITHUB_WORKSPACE` (optional, returns empty string if not set)
+
+2. **definitions.go**: Configuration file reading with security
+   - `ReadConfigurationDefinitions()`: Reads and validates configuration YAML
+   - `loadAndEncodeSchema()`: Loads schema files and base64-encodes them
+     - Validates paths to prevent directory traversal attacks (rejects `..`)
+     - Ensures resolved paths stay within `.fleetControl` directory
+   - `LoadAndEncodeAgentControl()`: Reads and base64-encodes agent control YAML
+   - Validates that `configurationDefinitions` array is not empty
+
+3. **metadata.go**: Version and changelog metadata
+   - `LoadMetadata()`: Loads version and changelog info from environment variables
+   - `LoadVersion()`: Reads `INPUT_VERSION` with validation (format: X.Y.Z)
+   - `parseCommaSeparated()`: Parses comma-separated lists (features, bugs, security)
+
+**internal/models**: Data structures with validation
+- `ConfigurationDefinition`: Configuration with 8 required fields (validated via custom `UnmarshalYAML`)
+  - Fields: slug, name, version, platform, description, type, format, schema
+  - Custom unmarshaler validates all fields are present before accepting
+- `Metadata`: Version and changelog info (version required, validated via custom `UnmarshalYAML`)
+- `AgentControl`: Agent control content (platform and content required, validated via custom `UnmarshalJSON`)
 - `ConfigFile`: Root YAML structure containing `configurationDefinitions` array
-- `AgentMetadata`: (Currently unused - may be used for future service integration)
+- `AgentMetadata`: Complete metadata structure (configurationDefinitions + metadata + agentControl)
+- All validation happens at unmarshal time with clear error messages
 
 ### Data Flow
 
+**Agent Repository Workflow** (GITHUB_WORKSPACE is set):
 1. `config.LoadEnv()` reads `GITHUB_WORKSPACE` environment variable
-2. `config.ReadConfigurationDefinitions()` constructs file path: `{workspace}/.fleetControl/configurationDefinitions.yml`
-3. `os.ReadFile()` reads the YAML file from local filesystem
-4. YAML is unmarshaled into `models.ConfigFile` structure
-5. Array of `ConfigurationDefinition` is returned
-6. Main function marshals each config to JSON and prints with `::debug::` annotations
+2. `config.LoadMetadata()` reads version and changelog from environment variables
+3. `config.ReadConfigurationDefinitions()` constructs file path: `{workspace}/.fleetControl/configurationDefinitions.yml`
+   - Reads and parses YAML file
+   - Custom `UnmarshalYAML` validates all required fields on each ConfigurationDefinition
+   - Validates array is not empty
+   - For each config, loads schema file and base64-encodes it:
+     - Validates schema path (no `..`, must stay within `.fleetControl`)
+     - Reads schema file
+     - Base64-encodes content and replaces path with encoded content
+4. `config.LoadAndEncodeAgentControl()` reads `.fleetControl/agentControl/agent-schema-for-agent-control.yml`
+   - Base64-encodes entire file content
+   - Returns as single `AgentControl` entry with platform "all"
+5. Main constructs `AgentMetadata` combining configs, metadata, and agent control
+6. `printJSON()` marshals to JSON and prints with `::debug::` annotation
+
+**Documentation Workflow** (GITHUB_WORKSPACE not set):
+1. `config.LoadEnv()` returns empty string
+2. `config.LoadMetadata()` reads version and changelog from environment variables
+3. Main outputs only the `Metadata` structure
+4. `printJSON()` marshals to JSON and prints with `::debug::` annotation
 
 ### GitHub Action Integration
 
@@ -100,10 +146,38 @@ The action expects to run after `actions/checkout` which sets the `GITHUB_WORKSP
 
 ## Key Behaviors
 
+### File Operations
 - Reads from **local filesystem** only (no network calls)
-- Requires `GITHUB_WORKSPACE` environment variable to be set
+- `GITHUB_WORKSPACE` is optional (enables agent repo flow when set, uses docs flow when empty)
+- Target file paths are hardcoded:
+  - `.fleetControl/configurationDefinitions.yml`
+  - `.fleetControl/agentControl/agent-schema-for-agent-control.yml`
+- Schema files are read from `.fleetControl/schemas/` (or subdirectories)
+
+### Security
+- **Directory traversal protection**: Schema paths cannot contain `..`
+- **Path validation**: Resolved absolute paths must stay within `.fleetControl` directory
+- Multiple layers of validation prevent escaping the designated directory
+
+### Validation
+- **All configuration fields are required**: name, slug, version, platform, description, type, format, schema
+- **Version format validation**: Must match `X.Y.Z` (three numeric components)
+- **Empty array rejection**: `configurationDefinitions` cannot be an empty array
+- **Validation timing**: All validation happens during YAML/JSON unmarshaling via custom unmarshalers
+- **Error messages**: Clear, contextual errors (e.g., "platform is required for config 'MyConfig'")
+
+### Schema Handling
+- Schema files are automatically loaded and **base64-encoded**
+- Original relative paths (e.g., `./schemas/config.json`) are **replaced** with base64 content
+- Empty schema files are rejected
+
+### Error Handling
 - Error output uses GitHub Actions annotation format: `::error::`, `::notice::`, `::debug::`
 - All errors result in exit code 1
-- Target file path is hardcoded: `.fleetControl/configurationDefinitions.yml`
-- YAML structure maps directly to JSON output (no transformation/filtering)
-- The `schema` field in configurations contains relative paths to JSON schema files
+- Error messages include context (file paths, config names)
+
+### Testing
+- **50 total tests** across 2 packages (33 config integration tests, 17 model unit tests)
+- Tests use table-driven patterns for comprehensive coverage
+- Unit tests (models) focus on validation logic
+- Integration tests (config) focus on file I/O and wiring

README.md

@@ -20,7 +20,7 @@ Add this action to your workflow after checking out your repository:
 
 This action reads the `.fleetControl/configurationDefinitions.yml` file from your repository and outputs the configuration definitions. The action expects the file to be present after the repository has been checked out.
 
-### Example Workflow
+### Example Workflow For Releasing a New Agent Version
 
 ```yaml
 name: Process Agent Metadata
@@ -34,10 +34,35 @@ jobs:
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
+        with:
+          ref: v1.0.0 # the release tag for the version being released
 
       - name: Read agent metadata
         uses: newrelic/agent-metadata-action@v1
         with:
+          version: 1.0.0 # only required if different from ref tag
+          cache: true  # Optional: Enable Go build cache (default: true)
+```
+
+### Example Workflow For Updating Docs Metadata on an Existing Agent Version
+
+The docs header contains things like a bug fix list, a list of features, etc for the given agent version. These
+will be updated after the initial agent version has been created so checking out the agent repo is not required.
+
+```yaml
+name: Process Agent Metadata
+on:
+  push:
+    branches: [main]
+
+jobs:
+  read-metadata:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Read agent metadata
+        uses: newrelic/agent-metadata-action@v1
+        with:
+          version: 1.0.0 # required in the docs case
           cache: true  # Optional: Enable Go build cache (default: true)
 ```
 
@@ -57,6 +82,10 @@ configurationDefinitions:
     schema: "./schemas/config-schema.json"
 ```
 
+**All fields are required.** The action validates each configuration entry and will fail with a clear error message if any required field is missing.
+
+**Schema files** are automatically base64-encoded and embedded in the output. Schema paths must be relative to the `.fleetControl` directory and cannot use directory traversal (`..`) for security.
+
 ## Building
 
 To build the action locally:

action.yml

@@ -1,6 +1,26 @@
 name: 'Agent Metadata Action'
-description: 'Fetches agent configuration metadata from a checked-out repository'
+description: 'Fetches agent configuration metadata to create/update NEGP entities in NR'
 inputs:
+  agent-type:
+    description: 'The type of agent in all lowercase eg. dotnet'
+    required: true
+    default: ''
+  version:
+    description: 'Agent version in strict semver format MAJOR.MINOR.PATCH (ex. 1.2.3)'
+    required: true
+    default: ''
+  features:
+    description: 'Comma-separated list of features to include in the agent (ex. feature1,feature2)'
+    required: false
+    default: ''
+  bugs:
+    description: 'Comma-separated list of bugs to exclude from the agent (ex. bug1,bug2)'
+    required: false
+    default: ''
+  security:
+    description: 'Comma-separated list of security fixes (ex. fix1,fix2)'
+    required: false
+    default: ''
   cache:
     description: 'Enable Go build cache'
     required: false
@@ -17,6 +37,12 @@ runs:
     - name: Build and Run
       id: run-action
       shell: bash
+      env:
+        INPUT_AGENT_TYPE: ${{ inputs.agent-type }}
+        INPUT_VERSION: ${{ inputs.version }}
+        INPUT_FEATURES: ${{ inputs.features }}
+        INPUT_BUGS: ${{ inputs.bugs }}
+        INPUT_SECURITY: ${{ inputs.security }}
       run: |
         set -e
         cd ${{ github.action_path }}