Add new steps to the workflows to update the helm release on the canaries and tf

Author: alvarocabanas

.github/workflows/component_k8s_canaries.yml

@@ -0,0 +1,59 @@
+name: 📞 k8s canaries helm update
+
+on:
+  workflow_call:
+    secrets:
+      AWS_ROLE_ARN:
+        required: true
+      AWS_VPC_SUBNET:
+        required: true
+
+    inputs:
+      image-tag:
+        required: true
+        type: string
+      cluster_name:
+        required: true
+        type: string
+
+permissions:
+  contents: read
+
+jobs:
+  infra:
+    name: Prepare infra
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
+          aws-region: us-east-2
+
+      - name: Set branch name
+        run: |
+          # Short name for current branch. For PRs, use target branch (base ref)
+          GIT_BRANCH=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}
+          # Is the ref a tag? If so, remove refs/tags/ prefix
+          GIT_BRANCH=${GIT_BRANCH#refs/tags/}
+          echo "GIT_BRANCH=$GIT_BRANCH" >> $GITHUB_ENV
+
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Upgrade helm release
+        uses: newrelic/fargate-runner-action@main
+        with:
+          aws_region: us-east-2
+          container_make_target: "IMAGE_TAG=${{ inputs.image-tag }} CLUSTER_NAME=${{ inputs.cluster_name }} HELM_DIR=test/k8s-canaries/helm test/k8s-canaries/helm"
+          ecs_cluster_name: caos_super_agent_releases
+          task_definition_name: super_agent-releases
+          cloud_watch_logs_group_name: /ecs/test-prerelease-super_agent-releases
+          cloud_watch_logs_stream_name: ecs/test-super_agent-releases
+          aws_vpc_subnet: ${{ secrets.AWS_VPC_SUBNET }}
+          repo_name: "newrelic/newrelic-super-agent"
+          git_clone_url: "ssh://git@github.com/newrelic/newrelic-super-agent.git"
+          ref: "${{ env.GIT_BRANCH }}"

.github/workflows/nightly.yml

@@ -91,6 +91,16 @@ jobs:
       AWS_ROLE_ARN: ${{ secrets.TMP_AWS_ROLE_ARN }}
       AWS_VPC_SUBNET: ${{ secrets.TMP_AWS_VPC_SUBNET }}
 
+  k8s_canaries:
+    uses: ./.github/workflows/component_k8s_canaries.yml
+    needs: [ build-image ]
+    with:
+      image-tag: nightly
+      cluster_name: Agent_Control_Canaries_Staging-Cluster
+    secrets:
+      AWS_ROLE_ARN: ${{ secrets.TMP_AWS_ROLE_ARN }}
+      AWS_VPC_SUBNET: ${{ secrets.TMP_AWS_VPC_SUBNET }}
+
   notify-failure:
     if: ${{ always() && failure() }}
     needs: [ build-image ]

.github/workflows/prerelease.yml

@@ -131,6 +131,16 @@ jobs:
   #      AWS_ROLE_ARN: ${{ secrets.TMP_AWS_ROLE_ARN }}
   #      AWS_VPC_SUBNET: ${{ secrets.TMP_AWS_VPC_SUBNET }}
 
+  k8s_canaries:
+    uses: ./.github/workflows/component_k8s_canaries.yml
+    needs: [ build-image ]
+    with:
+      image-tag: ${{ github.event.release.tag_name }}-rc
+      cluster_name: Agent_Control_Canaries_Production-Cluster
+    secrets:
+      AWS_ROLE_ARN: ${{ secrets.TMP_AWS_ROLE_ARN }}
+      AWS_VPC_SUBNET: ${{ secrets.TMP_AWS_VPC_SUBNET }}
+
   get_previous_tag:
     runs-on: ubuntu-latest
     outputs:

.github/workflows/push_pr_canaries_plan.yml

@@ -0,0 +1,60 @@
+permissions:
+  id-token: write
+  contents: read
+on:
+  pull_request:
+    paths:
+      - test/k8s-canaries/terraform/**
+concurrency:
+  group: "${{ github.workflow }}-${{ github.head_ref || github.run_id }}"
+  cancel-in-progress: false
+name: plan k8s canaries changes
+
+jobs:
+  infra:
+    name: Prepare infra
+    runs-on: ubuntu-latest
+    steps:
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
+          aws-region: us-east-2
+
+      - uses: actions/checkout@v4
+
+      - name: Set branch name
+        run: |
+          # Short name for current branch. For PRs, use target branch (base ref)
+          GIT_BRANCH="${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}"
+          # Is the ref a tag? If so, remove refs/tags/ prefix
+          GIT_BRANCH="${GIT_BRANCH#refs/tags/}"
+          echo "GIT_BRANCH=$GIT_BRANCH" >> "$GITHUB_ENV"
+
+      - name: Plan k8s staging canary changes
+        uses: newrelic/fargate-runner-action@main
+        with:
+          aws_region: us-east-2
+          container_make_target: "TERRAFORM_DIR=test/k8s-canaries/terraform CANARY_DIR=staging test/k8s-canaries/plan"
+          ecs_cluster_name: agent_control
+          task_definition_name: agent_control
+          cloud_watch_logs_group_name: /ecs/test-prerelease-agent_control
+          cloud_watch_logs_stream_name: ecs/test-agent_control
+          aws_vpc_subnet: ${{ secrets.AWS_VPC_SUBNET }}
+          repo_name: "newrelic/newrelic-super-agent"
+          git_clone_url: "ssh://git@github.com/newrelic/newrelic-super-agent.git"
+          ref: "${{ env.GIT_BRANCH }}"
+
+      - name: Plan k8s production canary changes
+        uses: newrelic/fargate-runner-action@main
+        with:
+          aws_region: us-east-2
+          container_make_target: "TERRAFORM_DIR=test/k8s-canaries/terraform CANARY_DIR=production test/k8s-canaries/plan"
+          ecs_cluster_name: agent_control
+          task_definition_name: agent_control
+          cloud_watch_logs_group_name: /ecs/test-prerelease-agent_control
+          cloud_watch_logs_stream_name: ecs/test-agent_control
+          aws_vpc_subnet: ${{ secrets.AWS_VPC_SUBNET }}
+          repo_name: "newrelic/newrelic-super-agent"
+          git_clone_url: "ssh://git@github.com/newrelic/newrelic-super-agent.git"
+          ref: "${{ env.GIT_BRANCH }}"

.github/workflows/push_pr_canaries_sync.yml

@@ -0,0 +1,62 @@
+permissions:
+  id-token: write
+  contents: read
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - test/k8s-canaries/terraform/**
+concurrency:
+  group: "${{ github.workflow }}-${{ github.head_ref || github.run_id }}"
+  cancel-in-progress: false
+name: sync k8s canaries
+
+jobs:
+  infra:
+    name: Prepare infra
+    runs-on: ubuntu-latest
+    steps:
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
+          aws-region: us-east-2
+
+      - uses: actions/checkout@v4
+
+      - name: Set branch name
+        run: |
+          # Short name for current branch. For PRs, use target branch (base ref)
+          GIT_BRANCH="${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}"
+          # Is the ref a tag? If so, remove refs/tags/ prefix
+          GIT_BRANCH="${GIT_BRANCH#refs/tags/}"
+          echo "GIT_BRANCH=$GIT_BRANCH" >> "$GITHUB_ENV"
+
+      - name: Sync k8s staging canary
+        uses: newrelic/fargate-runner-action@main
+        with:
+          aws_region: us-east-2
+          container_make_target: "TERRAFORM_DIR=test/k8s-canaries/terraform CANARY_DIR=staging test/k8s-canaries/sync"
+          ecs_cluster_name: caos_super_agent_releases
+          task_definition_name: super_agent-releases
+          cloud_watch_logs_group_name: /ecs/test-prerelease-super_agent-releases
+          cloud_watch_logs_stream_name: ecs/test-super_agent-releases
+          aws_vpc_subnet: ${{ secrets.AWS_VPC_SUBNET }}
+          repo_name: "newrelic/newrelic-super-agent"
+          git_clone_url: "ssh://git@github.com/newrelic/newrelic-super-agent.git"
+          ref: "${{ env.GIT_BRANCH }}"
+
+      - name: Sync k8s production canary
+        uses: newrelic/fargate-runner-action@main
+        with:
+          aws_region: us-east-2
+          container_make_target: "TERRAFORM_DIR=test/k8s-canaries/terraform CANARY_DIR=production test/k8s-canaries/sync"
+          ecs_cluster_name: caos_super_agent_releases
+          task_definition_name: super_agent-releases
+          cloud_watch_logs_group_name: /ecs/test-prerelease-super_agent-releases
+          cloud_watch_logs_stream_name: ecs/test-super_agent-releases
+          aws_vpc_subnet: ${{ secrets.AWS_VPC_SUBNET }}
+          repo_name: "newrelic/newrelic-super-agent"
+          git_clone_url: "ssh://git@github.com/newrelic/newrelic-super-agent.git"
+          ref: "${{ env.GIT_BRANCH }}"

test/k8s-canaries/Makefile

@@ -1,15 +1,25 @@
 TERRAFORM_DIR := ./terraform
 HELM_DIR := ./helm
+AWS_REGION := us-east-2
 .DEFAULT_GOAL := all
 
-# Generate a random key to add to the helm deployment annotation
+# Generate the linux timestamp for helm deployment annotation
 # This way, whenever there is a helm upgrade the pod will be recreated and its image pulled, even if the tag didn't change
-DEPLOYMENT_KEY := $(shell openssl rand -base64 32 | tr -dc A-Za-z0-9 | head -c 16)
+DEPLOYMENT_KEY := $(shell date +%s)
 
 .PHONY: all
 all:
 	@echo "No default target"
 
+.PHONY: test/k8s-canaries/plan
+test/k8s-canaries/sync:
+ifndef CANARY_DIR
+	@echo "CANARY_DIR variable must be provided to know which canary to plan"
+	exit 1
+endif
+	terraform -chdir=$(TERRAFORM_DIR)/$(CANARY_DIR) init && \
+	terraform -chdir=$(TERRAFORM_DIR)/$(CANARY_DIR) plan
+
 .PHONY: test/k8s-canaries/sync
 test/k8s-canaries/sync:
 ifndef CANARY_DIR
@@ -19,18 +29,27 @@ endif
 	terraform -chdir=$(TERRAFORM_DIR)/$(CANARY_DIR) init && \
 	terraform -chdir=$(TERRAFORM_DIR)/$(CANARY_DIR) apply -auto-approve
 
+
+.PHONY: test/k8s-canaries/aws-kubeconfig
+test/k8s-canaries/aws-kubeconfig:
+ifndef CLUSTER_NAME
+	@echo "CLUSTER_NAME variable must be provided for test/k8s-canaries/aws-eks"
+	exit 1
+endif
+	@aws eks update-kubeconfig --region=$(AWS_REGION) --name $(CLUSTER_NAME)
+
 .PHONY: test/k8s-canaries/helm
-test/k8s-canaries/helm:
+test/k8s-canaries/helm: test/k8s-canaries/aws-kubeconfig
 ifndef NR_LICENSE_KEY
-	@echo "NR_LICENSE_KEY variable must be provided for k8s-canaries/helm"
+	@echo "NR_LICENSE_KEY variable must be provided for test/k8s-canaries/helm"
 	exit 1
 endif
 ifndef CLUSTER_NAME
-	@echo "CLUSTER_NAME variable must be provided for k8s-canaries/helm"
+	@echo "CLUSTER_NAME variable must be provided for test/k8s-canaries/helm"
 	exit 1
 endif
 ifndef IMAGE_TAG
-	@echo "IMAGE_TAG variable must be provided for k8s-canaries/helm"
+	@echo "IMAGE_TAG variable must be provided for test/k8s-canaries/helm"
 	exit 1
 endif
 	@helm repo add newrelic https://helm-charts.newrelic.com